Moves the feedback vector slot allocation out of ast-numbering and into
bytecode generation directly. This has a couple of benifits, including reduced
AST size, avoid code duplication and reduced feedback vector sizes in many cases
due to only allocating slots when needed. Also removes AstProperties since
this is no longer needed.
AstNumbering is now only used to allocate suspend ids for generators.
BUG=v8:6921
Change-Id: I103e8593c94ef5b2e56c34ef4f77bd6e7d64796f
Reviewed-on: https://chromium-review.googlesource.com/722959
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48757}
Also ensure that CSA's CloneFixedArray and ExtractFixedArray correctly
transition COW to non-COW maps when doing a clone requiring copying.
Bug: chromium:775888
Change-Id: I31c97072761fdd2360d86f840c9fd6ab2d72973a
Reviewed-on: https://chromium-review.googlesource.com/727900
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48754}
This is a reland of f77d98f755.
The issue was already fixed when this got reverted.
Original change's description:
> Reland "[arm] [simulator] Do also execute tests on real hardware"
>
> This is a reland of 8bacd8486b.
> The failing test is disabled if not executing in the simulator.
>
> Original change's description:
> > [arm] [simulator] Do also execute tests on real hardware
> >
> > In order to avoid writing tests that *only* pass in the simulator, but
> > not on real hardware, do also execute the simulator tests on real
> > hardware.
> >
> > R=ahaas@chromium.org, rodolph.perfetta@arm.com
> >
> > Bug: v8:6947
> > Change-Id: Ibdf1719fff20e17620c0aaa343d7ea28e48f3837
> > Reviewed-on: https://chromium-review.googlesource.com/722961
> > Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> > Reviewed-by: Rodolph Perfetta <rodolph.perfetta@arm.com>
> > Reviewed-by: Andreas Haas <ahaas@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#48706}
>
> Bug: v8:6947, v8:6963
> Change-Id: I5733794bc5ca223c8e66afcdeb8414b1b4121314
> Reviewed-on: https://chromium-review.googlesource.com/727880
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48734}
Bug: v8:6947, v8:6963
Change-Id: I6124164ff92a2387d714ce974000b6f615b91983
Reviewed-on: https://chromium-review.googlesource.com/727207
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48752}
This revert is manual, but almost completely automatic.
It was just blocked by a single-line irrelevant refactoring change.
This reverts commit 1cee0e012e.
Reason for revert: chromium:776256
Original change's description:
> Reland^4 "[turbofan] eagerly prune None types and deadness from the graph"
>
> This fixes https://bugs.chromium.org/p/chromium/issues/detail?id=773954.
> The issue was that in the EffectControlLinearizer, the effect input of an
> {Unreachable} node was not updated, leaving a {Checkpoint} behind.
>
> This is a reland of 4cf476458f
> Original change's description:
> > Reland^3 "[turbofan] eagerly prune None types and deadness from the graph"
> >
> > This fixes the issues
> > https://bugs.chromium.org/p/chromium/issues/detail?id=772873
> > and https://bugs.chromium.org/p/chromium/issues/detail?id=772872.
> >
> > One problem was that mutating an effect node into Unreachable confused
> > the LoadElimination sidetables, so I just always create a new node now.
> >
> > The other problem was that UpdateBlockControl() was executed after
> > UpdateEffectPhi() in the lazy case. This reverted the update to the Merge input.
> > So now I make sure that UpdateEffectPhi() is always executed last.
> >
> > This is a reland of 6ddb5e7da7
> > Original change's description:
> > > Reland^2 "[turbofan] eagerly prune None types and deadness from the graph"
> > >
> > > Now, the EffectControlLinearizer connects all occurrences of Unreachable to the
> > > graph end. This fixes issues with later phases running DeadCodeElimination and
> > > introducing new DeadValue nodes when processing uses of Unreachable.
> > >
> > > This is a reland of 3c4bc27f13
> > > Original change's description:
> > > > Reland "[turbofan] eagerly prune None types and deadness from the graph"
> > > >
> > > > This is a reland of e1cdda2512
> > > > Original change's description:
> > > > > [turbofan] eagerly prune None types and deadness from the graph
> > > > >
> > > > > In addition to using the {Dead} node to prune dead control nodes and nodes that
> > > > > depend on them, we introduce a {DeadValue} node representing an impossible value
> > > > > that can occur at any position in the graph. The extended {DeadCodeElimination}
> > > > > prunes {DeadValue} and its uses, inserting a crashing {Unreachable} node into
> > > > > the effect chain when possible. The remaining uses of {DeadValue} are handled
> > > > > in {EffectControlLinearizer}, where we always have access to the effect chain.
> > > > > In addition to explicitly introduced {DeadValue} nodes, we consider any value use
> > > > > of a node with type {None} as dead.
> > > > >
> > > > > Bug: chromium:741225
> > > > > Change-Id: Icc4b636d1d018c452ba1a2fa7cd3e00e522f1655
> > > > > Reviewed-on: https://chromium-review.googlesource.com/641250
> > > > > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > > > > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > > > > Cr-Commit-Position: refs/heads/master@{#48208}
> > > >
> > > > Bug: chromium:741225
> > > > Change-Id: I21316913dae02864f7a6d7c9269405a79f054138
> > > > Reviewed-on: https://chromium-review.googlesource.com/692034
> > > > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > > > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > > > Cr-Commit-Position: refs/heads/master@{#48232}
> > >
> > > Bug: chromium:741225
> > > Change-Id: I5702ec34856c075717162153adc765774453c45f
> > > Reviewed-on: https://chromium-review.googlesource.com/702264
> > > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > > Cr-Commit-Position: refs/heads/master@{#48366}
> >
> > Bug: chromium:741225
> > Change-Id: I4054a694d2521c2e1f0c4a3ad0f3cf100b5c536f
> > Reviewed-on: https://chromium-review.googlesource.com/709214
> > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#48469}
>
> Bug: chromium:741225
> Change-Id: Id9d4f3a3ae36cb3e38f80edcdba88efa7922ca24
> Reviewed-on: https://chromium-review.googlesource.com/715716
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48660}
TBR=jarin@chromium.org,tebbi@chromium.org,bmeurer@chromium.org
Bug: chromium:741225 chromium:776256
Change-Id: Iaf2af3cb6dea5fdece43297cb9d987e7decc726d
Reviewed-on: https://chromium-review.googlesource.com/727804
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48749}
This also changes modulo to be more like others, e.g., Pow:
- have an inline Modulo
- have a modulo_double_double that we can use as FUNCTION_ADDR in assembler.cc
Bug:
Change-Id: Id360e4adcde5712ffc5ac22abd3bbaab6aec09f5
Reviewed-on: https://chromium-review.googlesource.com/728027
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48747}
This reverts commit 6f93d59d92.
Reason for revert: Breaks full-debug build:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20full%20debug/builds/2239
Original change's description:
> [test] Add nan bit patterns to uint{32,64}_vector
>
> If you just cast those patterns to float or double and pass them
> around, the quiet/signaling NaN bit might change. We had several bugs
> around this, so add these patterns to the general input vectors.
>
> This oncovers a bug in the wasm interpreter, which will be fixed in a
> separate CL.
>
> R=ahaas@chromium.org
>
> Bug: v8:6947, v8:6954
> Change-Id: I205b8ab784b087b1e4988190fa725df0b90e7ee0
> Reviewed-on: https://chromium-review.googlesource.com/725345
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48731}
TBR=ahaas@chromium.org,clemensh@chromium.org
Change-Id: I4ceb82eab5d4cbf1f335bf6f358178a17a2fd0ba
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6947, v8:6954
Reviewed-on: https://chromium-review.googlesource.com/728101
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48745}
This reverts commit f77d98f755.
Reason for revert: Still fails:
https://build.chromium.org/p/client.v8.ports/builders/V8%20Arm/builds/4978
Original change's description:
> Reland "[arm] [simulator] Do also execute tests on real hardware"
>
> This is a reland of 8bacd8486b.
> The failing test is disabled if not executing in the simulator.
>
> Original change's description:
> > [arm] [simulator] Do also execute tests on real hardware
> >
> > In order to avoid writing tests that *only* pass in the simulator, but
> > not on real hardware, do also execute the simulator tests on real
> > hardware.
> >
> > R=ahaas@chromium.org, rodolph.perfetta@arm.com
> >
> > Bug: v8:6947
> > Change-Id: Ibdf1719fff20e17620c0aaa343d7ea28e48f3837
> > Reviewed-on: https://chromium-review.googlesource.com/722961
> > Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> > Reviewed-by: Rodolph Perfetta <rodolph.perfetta@arm.com>
> > Reviewed-by: Andreas Haas <ahaas@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#48706}
>
> Bug: v8:6947, v8:6963
> Change-Id: I5733794bc5ca223c8e66afcdeb8414b1b4121314
> Reviewed-on: https://chromium-review.googlesource.com/727880
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48734}
TBR=rodolph.perfetta@arm.com,ahaas@chromium.org,clemensh@chromium.org
Change-Id: I0ed35fc9e1dd5d30b0871479d17f0678fec17499
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6947, v8:6963
Reviewed-on: https://chromium-review.googlesource.com/727903
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48743}
The test was recently enabled (together with other simulator tests) to
also run on native hardware (in https://crrev.com/c/727880).
Temporarlily disable this one test again until the issue is fixed.
R=ahaas@chromium.org
Bug: v8:6963
Change-Id: Ib6bae773a1d54541c87c37fb8547413ee7deac58
Reviewed-on: https://chromium-review.googlesource.com/728021
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48739}
This allocates and populates potential deoptimization data arrays before
the underlying {Code} objects is allocated. It aims at making the field
holding said data immutable after allocation. Note that we still mutate
this field during deoptimization.
R=verwaest@chromium.org
BUG=v8:6792
Change-Id: Id0c2cfb65e782d7292d2df6bff41c54b2b8c3351
Reviewed-on: https://chromium-review.googlesource.com/725704
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48738}
- Throw a TypeError exception if a given target argument is not a typed
array before converting a given offset argument to an integer.
- Add a testcase
Bug: chromium:768775
Change-Id: Id132a0f154fcf930f211922fcbef6c66f9d6f285
Reviewed-on: https://chromium-review.googlesource.com/728120
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48736}
This is a reland of 8bacd8486b.
The failing test is disabled if not executing in the simulator.
Original change's description:
> [arm] [simulator] Do also execute tests on real hardware
>
> In order to avoid writing tests that *only* pass in the simulator, but
> not on real hardware, do also execute the simulator tests on real
> hardware.
>
> R=ahaas@chromium.org, rodolph.perfetta@arm.com
>
> Bug: v8:6947
> Change-Id: Ibdf1719fff20e17620c0aaa343d7ea28e48f3837
> Reviewed-on: https://chromium-review.googlesource.com/722961
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Rodolph Perfetta <rodolph.perfetta@arm.com>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48706}
Bug: v8:6947, v8:6963
Change-Id: I5733794bc5ca223c8e66afcdeb8414b1b4121314
Reviewed-on: https://chromium-review.googlesource.com/727880
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48734}
If you just cast those patterns to float or double and pass them
around, the quiet/signaling NaN bit might change. We had several bugs
around this, so add these patterns to the general input vectors.
This oncovers a bug in the wasm interpreter, which will be fixed in a
separate CL.
R=ahaas@chromium.org
Bug: v8:6947, v8:6954
Change-Id: I205b8ab784b087b1e4988190fa725df0b90e7ee0
Reviewed-on: https://chromium-review.googlesource.com/725345
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48731}
This adds BigInt support to JavaScript's abstract equality (== and !=),
implemented mainly via CodeStubAssembler::Equal and via Object::Equals.
Bug: v8:6791
Change-Id: I53219f2f71baa760b142cc676f18931731b87226
Reviewed-on: https://chromium-review.googlesource.com/725701
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48730}
Because the toboolean operator may lower to a builtin call (which is
effectful in turbofan parlance after effect control linearization),
it really should be encoded as a simplified operator, which can
be optimized with respect for the effect chain in linearization.
No new functionality here, rather a furniture rearrangement in
the TurboFan node structure.
Bug: v8:6929
Change-Id: I371fd22941397d5c28d13bded2738161d8da8275
Reviewed-on: https://chromium-review.googlesource.com/725721
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48727}
This is a reland of e737b4ce0d.
The issue on windows bots was fixed in https://crrev.com/c/725733.
Original change's description:
> [test] Avoid unnecessary std::vector allocations
>
> Instead of copying an array of fixed values into an std::vector for
> each usage of the FOR_INPUTS macro, just iterate the constant data
> directly.
> This also makes the <type>_vector() functions return {constexpr Vector}
> instead of {std::vector}.
>
> R=tebbi@chromium.org
>
> Change-Id: Ifc3e5509b2fbf5e383c967c2f46acf2b07f7b5b4
> Reviewed-on: https://chromium-review.googlesource.com/725427
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48688}
Change-Id: I9ad5d22803bbbf35c458965497acc603cfa01b20
Reviewed-on: https://chromium-review.googlesource.com/725979
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48726}
Replace GetElement and SetElement to Get and Set, and use CopyElements,
which reduces 4x-13x overheads.
Bug: chromium:768775
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I58534b30c2035195c5f4b8f2c04e7c459bdbebaa
Reviewed-on: https://chromium-review.googlesource.com/720661
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48723}
This addresses the odd performance cliff, where the CallIC tracks known
JSFunction targets, but goes MEGAMORPHIC when it sees a JSBoundFunction
target. With this fix in place the micro-benchmark on the bug goes from
arrowCall: 82 ms.
boundCall: 234 ms.
to
arrowCall: 81 ms.
boundCall: 80 ms.
so Function#bind doesn't cause any additional overhead anymore.
Bug: v8:5267, v8:6962
Change-Id: Iaceaf89fd3e99e2afe2ae45e96a6813a3ef8b1d2
Reviewed-on: https://chromium-review.googlesource.com/727879
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48722}
This patch provides "Abstract Comparison" functions on the BigInt
class for comparing BigInts to Numbers and Strings.
The functionality is not exposed to JavaScript yet.
Bug: v8:6791
Change-Id: I835f290203a31f363970b1edb359e19af6dabc5d
Reviewed-on: https://chromium-review.googlesource.com/722324
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48718}
This reverts commit 8bacd8486b.
Reason for revert: Fails on chromebooks:
https://build.chromium.org/p/client.v8.ports/builders/V8%20Arm%20-%20debug/builds/4820
Original change's description:
> [arm] [simulator] Do also execute tests on real hardware
>
> In order to avoid writing tests that *only* pass in the simulator, but
> not on real hardware, do also execute the simulator tests on real
> hardware.
>
> R=ahaas@chromium.org, rodolph.perfetta@arm.com
>
> Bug: v8:6947
> Change-Id: Ibdf1719fff20e17620c0aaa343d7ea28e48f3837
> Reviewed-on: https://chromium-review.googlesource.com/722961
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Rodolph Perfetta <rodolph.perfetta@arm.com>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48706}
TBR=rodolph.perfetta@arm.com,ahaas@chromium.org,clemensh@chromium.org
Change-Id: I4ec1c6ce4f6e86916a83a748819752ba00179ca2
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6947
Reviewed-on: https://chromium-review.googlesource.com/727760
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48716}
So far the JSCallReducer was only able to unfold constant
JSBoundFunction targets for JSCall nodes, which is not the
common case. With the introduction of JSCreateBoundFunction
operator earlier, we can now also recognize calls to bound
functions where the bind happens earlier in the function,
i.e. as the example of
a.map(f.bind(self))
in https://twitter.com/BenLesh/status/920700003974123520, which
is a handy way to use Function#bind. So this transformation
takes a node like
JSCall(JSCreateBoundFunction(bound_target_function,
bound_this,
a1,...,aN),
receiver, p1,...,pM)
and turns that into
JSCall(bound_target_function, bound_this, a1,...,aN,p1,...,pM)
allowing TurboFan to further inline the bound_target_function
at this call site if that's also inlinable (i.e. it's a known
constant JSFunction or the result of a JSCreateClosure call).
This improves the micro-benchmark from
arrowCall: 55 ms.
boundCall: 221 ms.
arrowMap: 181 ms.
boundMap: 806 ms.
to
arrowCall: 71 ms.
boundCall: 76 ms.
arrowMap: 188 ms.
boundMap: 186 ms.
so that Function#bind in this case is as fast as using closures,
which is an up to 4.3x improvement in the Array#map example.
Bug: v8:5257, v8:6961
Change-Id: Ibca650faad912bf9db1db6fbc48772e7551289a6
Reviewed-on: https://chromium-review.googlesource.com/727799
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48713}
The bug reference has been fixed, probably due to the new WasmContext
changes. We should keep a regression test for this anyway though.
Bug: v8:6931
Change-Id: Ie9d94690e764498d2153691d96414d0d26258794
Reviewed-on: https://chromium-review.googlesource.com/727022
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48712}
In order to avoid writing tests that *only* pass in the simulator, but
not on real hardware, do also execute the simulator tests on real
hardware.
R=ahaas@chromium.org, rodolph.perfetta@arm.com
Bug: v8:6947
Change-Id: Ibdf1719fff20e17620c0aaa343d7ea28e48f3837
Reviewed-on: https://chromium-review.googlesource.com/722961
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Rodolph Perfetta <rodolph.perfetta@arm.com>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48706}
This reverts commit d607f1e72d.
Reason for revert: Suspected cause of hanging tests:
https://bugs.chromium.org/p/v8/issues/detail?id=6927#c13
Original change's description:
> [Memory] Move GetRandomMmapAddr from base::OS platform to v8::internal.
>
> - Moves GetRandomMmapAddr from platform to v8::internal allocation
> primitives, in preparation for delegating this to the embedder.
> - Adds hint parameters to OS functions that used to use this function.
>
> Bug: chromium:756050
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: Iad72e6eac9c08a3e22c2cd2b2905623b8e514ae0
> Reviewed-on: https://chromium-review.googlesource.com/677777
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Bill Budge <bbudge@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48124}
TBR=bbudge@chromium.org,ulan@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: chromium:756050
Change-Id: I2c515934906e67b47ceea2863bc2992ac1d23ab3
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/726319
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48701}
Support inlining of Array.prototype.filter in TurboFan.
(relanding with fix for chromium:766635, visible in the
diff between patchsets 2 and 3)
Bug: v8:1956,chromium:766635
Change-Id: Ia50be6770602513e3d91d17e2b2ca9d3b0e8b42a
Reviewed-on: https://chromium-review.googlesource.com/721119
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48697}
This makes the function constexpr and implements it for arbitrary
unsigned integer types (up to 64 bits, but this can be extended if
needed).
R=mstarzinger@chromium.org
Bug: v8:6600, v8:6921
Change-Id: I86d427238fadd55abb5a27f31ed648d4b02fc358
Reviewed-on: https://chromium-review.googlesource.com/718457
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48696}
These tests are currently failing on TSAN bot with OOM when running
with the stress-incremental-marking flag.
Bug: v8:6924
Change-Id: I50b9a7142b2e8759f4bc327516f8c06ce1779777
Reviewed-on: https://chromium-review.googlesource.com/723427
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48693}
This reverts commit e737b4ce0d.
Reason for revert: On windows, V8_INFINITY is not constexpr
Original change's description:
> [test] Avoid unnecessary std::vector allocations
>
> Instead of copying an array of fixed values into an std::vector for
> each usage of the FOR_INPUTS macro, just iterate the constant data
> directly.
> This also makes the <type>_vector() functions return {constexpr Vector}
> instead of {std::vector}.
>
> R=tebbi@chromium.org
>
> Change-Id: Ifc3e5509b2fbf5e383c967c2f46acf2b07f7b5b4
> Reviewed-on: https://chromium-review.googlesource.com/725427
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48688}
TBR=clemensh@chromium.org,tebbi@chromium.org
Change-Id: Iccb52941d4efe71b49b41572c3d922a5d78bdfd2
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/725899
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48691}
We didn't correctly maintain the effect chain between the load of
the map and the load of the instance type from the map.
Bug: v8:6929
Change-Id: I970709fe74483c5cdef3d0cea36bb9e1dc98b40e
Reviewed-on: https://chromium-review.googlesource.com/725424
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48690}
TurboFan expects the offset input of a Load or Store node to be a
pointer-size input, i.e. an int32 input on 32-bit platforms, and int64
on 64-bit platforms. In WebAssembly we always provided 32-bit offset
though, which caused problems when the high word of the register which
contained the offset was not empty.
With this CL we change the offset input to int64 on 64-bit platforms.
In addition we also change the type of the memory_size_ node to int64,
so that that we do not have to adjust the type of the memory size at
every memory load.
This CL will cause performance regressions but is necessary for
correctness and to avoid crashes.
R=titzer@chromium.org
Bug: chromium:766666
Change-Id: I5301e108d05e125258d2a06d500c1b75e91697b8
Reviewed-on: https://chromium-review.googlesource.com/723379
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48689}
Instead of copying an array of fixed values into an std::vector for
each usage of the FOR_INPUTS macro, just iterate the constant data
directly.
This also makes the <type>_vector() functions return {constexpr Vector}
instead of {std::vector}.
R=tebbi@chromium.org
Change-Id: Ifc3e5509b2fbf5e383c967c2f46acf2b07f7b5b4
Reviewed-on: https://chromium-review.googlesource.com/725427
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48688}
The test does not take into account that Turbofan can force completion
of in-object slack tracking.
Bug:
Change-Id: Ic7404e8395858acaf707e65ca4b17e6b7f776594
Reviewed-on: https://chromium-review.googlesource.com/723464
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48687}
Analog to other interceptors, intercept the DefineProperty
call only after obtaining the property descriptor.
This behavior allows us to mirror calls on a sandboxed object
as it is needed in Node. See for example
https://github.com/nodejs/node/pull/13265
Bug:
Change-Id: I73b8f8908d13473939b37fb6727858d0bee6bda3
Reviewed-on: https://chromium-review.googlesource.com/725295
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Franziska Hinkelmann <franzih@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48683}
A while ago, CharacterRange::AddCaseEquivalents used to operate on a
single range (the `this` value) and add case equivalents for that to
`ranges`.
This was changed in a2baaaac to use `ranges` as a list of incoming
operands instead. When we now determine that the current range does not
have case equivalents, we need to `continue` instead of `return` to
avoid skipping the remaining ranges in the list.
Bug: v8:6940
Change-Id: I9face88a2ef8b9408f177e503f3399a25e688e06
Reviewed-on: https://chromium-review.googlesource.com/725430
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48682}
This makes sure that the lowering of {JSCreate} operator during create
lowering is only applied to operations where both target and new.target
are known to be constructors.
R=jarin@chromium.org
TEST=mjsunit/regress/regress-crbug-768080
BUG=chromium:774780,chromium:768080
Change-Id: I55a582a3453bba7e14655b594b7714a3940eeaae
Reviewed-on: https://chromium-review.googlesource.com/725332
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48680}
This allocates and populates potential exception handler tables before
the underlying {Code} objects is allocated. It essentially makes the
field holding said table immutable after allocation.
R=verwaest@chromium.org
BUG=v8:6792
Change-Id: I52ca374d40e3a72a4de022aca10faead6422db79
Reviewed-on: https://chromium-review.googlesource.com/723299
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48677}
They did not preserve the bit pattern of nans before. Now they do.
Also, add some tests for these instructions.
R=ahaas@chromium.org, rodolph.perfetta@arm.com
Bug: v8:6947
Change-Id: I189720cd47e1768194567a41371fc9586b414c45
Reviewed-on: https://chromium-review.googlesource.com/722979
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Rodolph Perfetta <rodolph.perfetta@arm.com>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48672}
The DoubleToI stub is no longer called outside of TurboFan, and always in the
same way:
- The parameter is on top of the stack.
- The stub is always called in a slow path.
- It truncates.
Therefore, we can simplify it to only support this case and remove dead
code.
On top of this, since the stub is always considered to be on a slow path for all
backends, this patch takes the opportunity to remove the `skip_fastpath`
optimisation. This would generate a stub which does not handle all inputs,
assuming that the backend already handled some of the inputs in a fast
path. Removing this allows the stub to have the same behaviour on all targets.
On Arm, this patch reworks the stub a little. We could use ip instead of saving
and restoring a register on the stack. Also, comments would mention that we
assume the exponent to be greater than 31 when the it can be 30 or higher. As
done for Arm64, let's check this at runtime in debug mode.
On Arm64, we can also implement the stub without pushing and poping off the
stack. It needs 2 general purpose and a double scratch registers which we have
reserved already (ip0, ip1 and d30). This removes the need to check that the
stack pointer is always 16-bytes aligned.
Finally, this also fixes a potential bug on Arm64, in the
`GetAllocatableRegisterThatIsNotOneOf` method which is now removed. We were
picking an allocatable double register when we meant to pick a general one.
Bug: v8:6644
Change-Id: I88d4597f377c9fc05432d5922a0d7129b6d19b47
Reviewed-on: https://chromium-review.googlesource.com/720963
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#48671}
This CL fixes all occurences that don't require special OWNER reviews,
or can be reviewed by Michi.
After this one, we should be able to reenable the readability/check
cpplint check.
R=mstarzinger@chromium.org
Bug: v8:6837, v8:6921
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng;master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: Ic81d68d5534eaa795b7197fed5c41ed158361d62
Reviewed-on: https://chromium-review.googlesource.com/721120
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48670}
The test was reading from undefined stack addresses instead of creating
a string filled with characters that look like a new space pointer.
Bug: v8:6953
Change-Id: I2c0a9034076012746bd70325a4f21c63f4c264fa
Reviewed-on: https://chromium-review.googlesource.com/725322
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48668}