Arm64 compiles "x +_64 (y >> shift)" into a single instruction if
"shift" is a constant. The code generator expects that "shift" is a
32 bit constant. however, TurboFan can also pass in a 64 bit constant,
which caused a crash in the code generator.
With this CL we cast the constant of TurboFan to an int in the
instruction selector and thereby satisfy the assumption of the code
generator. This should be correct since the code generator anyways cast
the "shift" to an int5 or int6 eventually.
R=v8-arm-ports@googlegroups.com
BUG=v8:5923
Review-Url: https://codereview.chromium.org/2669203005
Cr-Commit-Position: refs/heads/master@{#43036}
Installing a feedback vector in a closure is a multi-step process.
The closure actually points to a Cell that points to a feedback
vector or undefined if we haven't created one yet.
This happens because we often create closures before we've compiled
the code.
JSFunction::EnsureLiterals is the bottleneck in our system that
creates a feedback vector if necessary. The predicates it used to
determine what to do were arcane. This CL allows it to think it
terms of state, and clarifies the reading of that useful
bottleneck.
I also did a few renamings in parts of the code that referred
to a "literals array," which we don't have any more.
BUG=
Review-Url: https://codereview.chromium.org/2681773004
Cr-Commit-Position: refs/heads/master@{#43035}
Do not preinitialize the feedback vector slot if
the lookup iterator is an interceptor, because it is not
guaranteed that the iterator has a PropertyCell.
If the HandlerConfiguration has a non-masking
intercepting setter,
the iterator does not have a valid PropertyCell.
BUG=chromium:656648
Review-Url: https://codereview.chromium.org/2674103002
Cr-Commit-Position: refs/heads/master@{#43034}
The testb instruction requires the REX prefix when either of its
operands uses a register with the high bit set. The existing code only
considered the register operand. In the test case the REX prefix was not
emitted because the testb instruction had the register operand RAX which
does not have the high bit set. The REX prefix was necessary though
because the memory operand used R8, which has the high bit set.
R=bmeurer@chromium.org
BUG=chromium:688876
Change-Id: Ib214bebbe75965664f2aea530e29afa95a54f44f
Reviewed-on: https://chromium-review.googlesource.com/439145
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43030}
Now we can inline vector-based IC dispatchers to bytecode handlers.
BUG=v8:5917
Change-Id: Ie81750f252a730240097e514e69b348f410a48b7
Reviewed-on: https://chromium-review.googlesource.com/439265
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43028}
Previously, both type feedback vector and the shared function info
of a function points to the matching type feedback metadata. This
makes finding the shared function info of a type feedback vector
difficult.
Instead, we now point the type feeback vector to the shared function
info, and find the metadata through the shared function info.
Also remove the obsolete empty type feedback vector.
R=hpayer@chromium.org, mvstanton@chromium.org
BUG=v8:5808
Review-Url: https://codereview.chromium.org/2672363002
Cr-Commit-Position: refs/heads/master@{#43026}
The AstGraphBuilder is used for asm.js only and for-in is not allowed in
valid asm.js, so we can just disable optimization for asm.js functions
that contain for-in loops. This way we only need to support for-in via
the BytecodeGraphBuilder in TurboFan now, which will make optimizations
way easier.
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2679913004
Cr-Commit-Position: refs/heads/master@{#43024}
port 81700ddfdc579c54e03d4d26fc0331fc13f92aca(r42213)
original commit message:
and rename WasmFrame to WasmCompiledFrame.
The WasmToInterpreterFrames are not used yet; this will follow in a
follow-up CL (see tracking bug for the overall picture).
Those frames will represent frames for WASM_TO_INTERPRETER stubs, which
call from wasm code to the wasm interpreter, implemented in C++.
They will support the Summarize method to inspect the stack frames in
the wasm interpreter.
BUG=
Review-Url: https://codereview.chromium.org/2682713002
Cr-Commit-Position: refs/heads/master@{#43023}
port b29d6d4968ffc2ef602df1977c65c6b7fd8f1975(r41790)
original commit message:
This also fixes UBSAN failures due to improper OpParameter<> calls.
BUG=
Review-Url: https://codereview.chromium.org/2681763002
Cr-Commit-Position: refs/heads/master@{#43022}
In current implementation we don't support nested scheduled break at all. If one break was scheduled inside another and second one doesn't produce actual break (execution was in blackboxed code or no JavaScript was executed) then second one will clear first scheduled break even if any not blackboxed JavaScript will be executed later.
Ambiguous break reason is added for the case when we have more then one scheduled reason. "auxData" in this case contains object with array of { reason: reason, auxData: auxData } objects for each reason in 'reasons' property.
BUG=chromium:632405
Review-Url: https://codereview.chromium.org/2678313002
Cr-Commit-Position: refs/heads/master@{#43021}
Reason for revert:
Oops, looks like the patch to change the name of $ to $262 isn't merged yet. Not sure why this didn't cause a bunch of failures--need to investigate. Reverting for now.
Original issue's description:
> test262 roll
>
> This patch changes tests right up until the SharedArrayBuffer
> tests.
>
> R=adamk
>
> Review-Url: https://codereview.chromium.org/2681833003
> Cr-Commit-Position: refs/heads/master@{#43019}
> Committed: 9588a0de5aTBR=adamk@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2683753003
Cr-Commit-Position: refs/heads/master@{#43020}
This patch changes tests right up until the SharedArrayBuffer
tests.
R=adamk
Review-Url: https://codereview.chromium.org/2681833003
Cr-Commit-Position: refs/heads/master@{#43019}
- removed getGeneratorObjectLocation from debugger-script.js,
- one more step to remove all debugger context usages in inspector.
BUG=v8:5510
R=yangguo@chromium.org,jgruber@chromium.org,alph@chromium.org
Review-Url: https://codereview.chromium.org/2678143002
Cr-Commit-Position: refs/heads/master@{#43018}
In addition to Array.prototype.values() which is already exposed, Blink
needs access to entries(), forEach() and keys() to properly set the
corresponding functions in value iterators for WebIDL conformance.
Add a few new entries to NATIVE_CONTEXT_IMPORTED_FIELDS and expand
V8_INTRINSICS_LIST, as well as some API tests for all these new exposed
functions.
BUG=chromium:632935
R=caitp@igalia.com,jochen@chromium.org,verwaest@chromium.org,yukishiino@chromium.org
Review-Url: https://codereview.chromium.org/2670833008
Cr-Commit-Position: refs/heads/master@{#43017}
Reason for revert:
False alarm, bot hiccup
Original issue's description:
> Revert of Reland: [Parse] ParseInfo owns the parsing Zone. (patchset #7 id:140001 of https://codereview.chromium.org/2632123006/ )
>
> Reason for revert:
> Speculative revert because of revert needed for https://codereview.chromium.org/2632123006
>
> Original issue's description:
> > Reland: [Parse] ParseInfo owns the parsing Zone.
> >
> > Moves ownership of the parsing Zone to ParseInfo with a shared_ptr. This is
> > in preperation for enabling background compilation jobs for inner functions
> > share the AST in the outer-function's parse zone memory (read-only), with the
> > and zone being released when all compilation jobs have completed.
> >
> > BUG=v8:5203,v8:5215
> >
> > Review-Url: https://codereview.chromium.org/2632123006
> > Cr-Original-Commit-Position: refs/heads/master@{#42993}
> > Committed: 14fb337200
> > Review-Url: https://codereview.chromium.org/2632123006
> > Cr-Commit-Position: refs/heads/master@{#42996}
> > Committed: 9e7d5a6065
>
> TBR=marja@chromium.org,mstarzinger@chromium.org,ahaas@chromium.org,verwaest@chromium.org,rmcilroy@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:5203,v8:5215
>
> Review-Url: https://codereview.chromium.org/2683733002
> Cr-Commit-Position: refs/heads/master@{#43008}
> Committed: 9fe08ec067TBR=marja@chromium.org,mstarzinger@chromium.org,ahaas@chromium.org,verwaest@chromium.org,rmcilroy@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5203,v8:5215
Review-Url: https://codereview.chromium.org/2679303003
Cr-Commit-Position: refs/heads/master@{#43015}
Reason for revert:
False alarm, bot hiccup
Original issue's description:
> Revert of [parsing] Fix maybe-assigned for loop variables. (patchset #3 id:40001 of https://codereview.chromium.org/2673403003/ )
>
> Reason for revert:
> Speculative revert because of https://codereview.chromium.org/2679163002/.
>
> Original issue's description:
> > [parsing] Fix maybe-assigned for loop variables.
> >
> > Due to hoisting, the value of a 'var'-declared variable may actually change even
> > if the code contains only the "initial" assignment, namely when that assignment
> > occurs inside a loop. For example:
> >
> > let i = 10;
> > do { var x = i } while (i--):
> >
> > As a simple and very conservative approximation of this, we explicitly mark
> > as maybe-assigned any non-lexical variable whose "declaration" does not
> > syntactically occur in the function scope. (In the example above, it
> > occurs in a block scope.)
> >
> > BUG=v8:5636
> >
> > Review-Url: https://codereview.chromium.org/2673403003
> > Cr-Commit-Position: refs/heads/master@{#42989}
> > Committed: a33fcd663b
>
> TBR=marja@chromium.org,adamk@chromium.org,neis@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:5636
>
> Review-Url: https://codereview.chromium.org/2679263002
> Cr-Commit-Position: refs/heads/master@{#43010}
> Committed: f3ae5ccf57TBR=marja@chromium.org,adamk@chromium.org,neis@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5636
Review-Url: https://codereview.chromium.org/2686663002
Cr-Commit-Position: refs/heads/master@{#43013}
Reason for revert:
False alarm, bot hiccup
Original issue's description:
> Revert of Thread maybe-assigned through the bytecodes. (patchset #5 id:80001 of https://codereview.chromium.org/2655733003/ )
>
> Reason for revert:
> needed for properly reverting f3ae5ccf57
>
> Original issue's description:
> > Thread maybe-assigned through the bytecodes.
> >
> > This introduces LoadImmutableContextSlot and LoadImmutableCurrentContextSlot
> > bytecodes, which are emitted when reading from never-assigned context slot.
> >
> > There is a subtlety here: the slot are not immutable, the meaning is
> > actually undefined-or-hole-or-immutable.
> >
> > Review-Url: https://codereview.chromium.org/2655733003
> > Cr-Commit-Position: refs/heads/master@{#43000}
> > Committed: 17c2dd3886
>
> TBR=rmcilroy@chromium.org,bmeurer@chromium.org,neis@chromium.org,jarin@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
>
> Review-Url: https://codereview.chromium.org/2680923003
> Cr-Commit-Position: refs/heads/master@{#43011}
> Committed: ece4e54a31TBR=rmcilroy@chromium.org,bmeurer@chromium.org,neis@chromium.org,jarin@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2679953003
Cr-Commit-Position: refs/heads/master@{#43012}
Reason for revert:
needed for properly reverting f3ae5ccf57
Original issue's description:
> Thread maybe-assigned through the bytecodes.
>
> This introduces LoadImmutableContextSlot and LoadImmutableCurrentContextSlot
> bytecodes, which are emitted when reading from never-assigned context slot.
>
> There is a subtlety here: the slot are not immutable, the meaning is
> actually undefined-or-hole-or-immutable.
>
> Review-Url: https://codereview.chromium.org/2655733003
> Cr-Commit-Position: refs/heads/master@{#43000}
> Committed: 17c2dd3886TBR=rmcilroy@chromium.org,bmeurer@chromium.org,neis@chromium.org,jarin@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2680923003
Cr-Commit-Position: refs/heads/master@{#43011}
Reason for revert:
Speculative revert because of https://codereview.chromium.org/2679163002/.
Original issue's description:
> [parsing] Fix maybe-assigned for loop variables.
>
> Due to hoisting, the value of a 'var'-declared variable may actually change even
> if the code contains only the "initial" assignment, namely when that assignment
> occurs inside a loop. For example:
>
> let i = 10;
> do { var x = i } while (i--):
>
> As a simple and very conservative approximation of this, we explicitly mark
> as maybe-assigned any non-lexical variable whose "declaration" does not
> syntactically occur in the function scope. (In the example above, it
> occurs in a block scope.)
>
> BUG=v8:5636
>
> Review-Url: https://codereview.chromium.org/2673403003
> Cr-Commit-Position: refs/heads/master@{#42989}
> Committed: a33fcd663bTBR=marja@chromium.org,adamk@chromium.org,neis@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5636
Review-Url: https://codereview.chromium.org/2679263002
Cr-Commit-Position: refs/heads/master@{#43010}
Reason for revert:
Speculative revert because of revert needed for https://codereview.chromium.org/2632123006
Original issue's description:
> Reland: [Parse] ParseInfo owns the parsing Zone.
>
> Moves ownership of the parsing Zone to ParseInfo with a shared_ptr. This is
> in preperation for enabling background compilation jobs for inner functions
> share the AST in the outer-function's parse zone memory (read-only), with the
> and zone being released when all compilation jobs have completed.
>
> BUG=v8:5203,v8:5215
>
> Review-Url: https://codereview.chromium.org/2632123006
> Cr-Original-Commit-Position: refs/heads/master@{#42993}
> Committed: 14fb337200
> Review-Url: https://codereview.chromium.org/2632123006
> Cr-Commit-Position: refs/heads/master@{#42996}
> Committed: 9e7d5a6065TBR=marja@chromium.org,mstarzinger@chromium.org,ahaas@chromium.org,verwaest@chromium.org,rmcilroy@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5203,v8:5215
Review-Url: https://codereview.chromium.org/2683733002
Cr-Commit-Position: refs/heads/master@{#43008}
- Adds logical and arithmetic shifts for all integer types.
- Adds min and max for all integer types.
- Adds saturating add and subtract for small integer types.
- Removes lane operations from the MachineOperatorCache.
LOG=N
BUG=v8:4124
Review-Url: https://codereview.chromium.org/2668013003
Cr-Commit-Position: refs/heads/master@{#43005}
Includes the port of these three builtins: FastNewStrictArguments,
FastNewSloppyArguments and FastNewRestParameter. Also inline
the implementation of these into the corresponding interpreter
byte codes.
BUG=v8:5269
LOG=N
R=ishell@chromium.org, rmcilroy@chromium.org
Review-Url: https://codereview.chromium.org/2645743002
Cr-Commit-Position: refs/heads/master@{#43002}
This introduces LoadImmutableContextSlot and LoadImmutableCurrentContextSlot
bytecodes, which are emitted when reading from never-assigned context slot.
There is a subtlety here: the slot are not immutable, the meaning is
actually undefined-or-hole-or-immutable.
Review-Url: https://codereview.chromium.org/2655733003
Cr-Commit-Position: refs/heads/master@{#43000}
... and TypeFeedbackMetadata to FeedbackMetadata.
BUG=
Change-Id: I2556d1c2a8f37b8cf3d532cc98d973b6dc7e9e6c
Reviewed-on: https://chromium-review.googlesource.com/439244
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#42999}
port f435d6222fa194c96c6be2e2d8a753016437931a(r41735)
original commit message:
Original commit message:
[wasm] Introduce the TrapIf and TrapUnless operators to generate trap code.
Some instructions in WebAssembly trap for some inputs, which means that the
execution is terminated and (at least at the moment) a JavaScript exception is
thrown. Examples for traps are out-of-bounds memory accesses, or integer
divisions by zero.
Without the TrapIf and TrapUnless operators trap check in WebAssembly introduces 5
TurboFan nodes (branch, if_true, if_false, trap-reason constant, trap-position
constant), in addition to the trap condition itself. Additionally, each
WebAssembly function has four TurboFan nodes (merge, effect_phi, 2 phis) whose
number of inputs is linear to the number of trap checks in the function.
Especially for functions with high numbers of trap checks we observe a
significant slowdown in compilation time, down to 0.22 MiB/s in the sqlite
benchmark instead of the average of 3 MiB/s in other benchmarks. By introducing
a TrapIf common operator only a single node is necessary per trap check, in
addition to the trap condition. Also the nodes which are shared between trap
checks (merge, effect_phi, 2 phis) would disappear. First measurements suggest a
speedup of 30-50% on average.
This CL only implements TrapIf and TrapUnless on x64. The implementation is also
hidden behind the --wasm-trap-if flag.
Please take a special look at how the source position is transfered from the
instruction selector to the code generator, and at the context that is used for
the runtime call.
BUG=
Review-Url: https://codereview.chromium.org/2679853002
Cr-Commit-Position: refs/heads/master@{#42998}
Cleanup CHECK_EQ order and simplify CHECK_EQ(true/false).
Cleanup callorder for negative numbers
Cleanup callorder order for capital letter constants.
Cleanup callorder for test.x checks.
BUG=
Review-Url: https://codereview.chromium.org/2677183002
Cr-Commit-Position: refs/heads/master@{#42997}
Moves ownership of the parsing Zone to ParseInfo with a shared_ptr. This is
in preperation for enabling background compilation jobs for inner functions
share the AST in the outer-function's parse zone memory (read-only), with the
and zone being released when all compilation jobs have completed.
BUG=v8:5203,v8:5215
Review-Url: https://codereview.chromium.org/2632123006
Cr-Original-Commit-Position: refs/heads/master@{#42993}
Committed: 14fb337200
Review-Url: https://codereview.chromium.org/2632123006
Cr-Commit-Position: refs/heads/master@{#42996}
Reason for revert:
doesn't compile on ToT
Original issue's description:
> Reland: [Parse] ParseInfo owns the parsing Zone.
>
> Moves ownership of the parsing Zone to ParseInfo with a shared_ptr. This is
> in preperation for enabling background compilation jobs for inner functions
> share the AST in the outer-function's parse zone memory (read-only), with the
> and zone being released when all compilation jobs have completed.
>
> BUG=v8:5203,v8:5215
>
> Review-Url: https://codereview.chromium.org/2632123006
> Cr-Commit-Position: refs/heads/master@{#42993}
> Committed: 14fb337200TBR=marja@chromium.org,mstarzinger@chromium.org,ahaas@chromium.org,verwaest@chromium.org,rmcilroy@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5203,v8:5215
Review-Url: https://codereview.chromium.org/2685543003
Cr-Commit-Position: refs/heads/master@{#42994}
Moves ownership of the parsing Zone to ParseInfo with a shared_ptr. This is
in preperation for enabling background compilation jobs for inner functions
share the AST in the outer-function's parse zone memory (read-only), with the
and zone being released when all compilation jobs have completed.
BUG=v8:5203,v8:5215
Review-Url: https://codereview.chromium.org/2632123006
Cr-Commit-Position: refs/heads/master@{#42993}
When computing the type info for a given function, make sure to also
count generic BinaryOp and Compare IC slots. TurboFan can deal with
those, and often still generates good code.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2666323002
Cr-Commit-Position: refs/heads/master@{#42992}
Due to hoisting, the value of a 'var'-declared variable may actually change even
if the code contains only the "initial" assignment, namely when that assignment
occurs inside a loop. For example:
let i = 10;
do { var x = i } while (i--):
As a simple and very conservative approximation of this, we explicitly mark
as maybe-assigned any non-lexical variable whose "declaration" does not
syntactically occur in the function scope. (In the example above, it
occurs in a block scope.)
BUG=v8:5636
Review-Url: https://codereview.chromium.org/2673403003
Cr-Commit-Position: refs/heads/master@{#42989}
Sort experimental flags alphabetically and
add new flag for type profiling.
BUG=v8:5934
Review-Url: https://codereview.chromium.org/2675303002
Cr-Commit-Position: refs/heads/master@{#42988}
