The CallApiCallbackStub can avoid loading undefined in case the
call_data is already undefined, which doubles the number of versions of
the stub and adds unnecessary complexity (at the benefit of saving one
stupid load). The idea is to turn the CallApiCallbackStub into a single
builtin instead, which does the right thing, so this is the first step
towards that goal.
R=yangguo@chromium.org
BUG=v8:6304
Review-Url: https://codereview.chromium.org/2838143003
Cr-Commit-Position: refs/heads/master@{#44869}
In preparation for adding another verifier that only considers a subset
of the graph.
BUG=chromium:651354
Review-Url: https://codereview.chromium.org/2844473002
Cr-Commit-Position: refs/heads/master@{#44867}
Also add more local variables to regress-v8-6077 to force
register spill on platform with 32 float registers.
BUG=
Review-Url: https://codereview.chromium.org/2822073003
Cr-Commit-Position: refs/heads/master@{#44865}
Evacuators shoud know their associated collector and thus figure out the
marking state themselves.
BUG=chromium:651354
Review-Url: https://codereview.chromium.org/2840863002
Cr-Commit-Position: refs/heads/master@{#44864}
This makes an ObjectVisitor as powerful as a StaticVisitor and allows
slots recording in ObjectVisitor.
This patch also renames VisitCell method of ObjectVisitor to
VisitCellPointer, so that VisitCell is free to be used for actually
visiting a cell.
BUG=chromium:709075
Review-Url: https://codereview.chromium.org/2810653002
Cr-Commit-Position: refs/heads/master@{#44860}
This reverts commit 56a6fda316.
Reason for revert: Makes tsan flaky:
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20TSAN/builds/15038
Original change's description:
> [parser] Inital parallel parse tasks implementation.
>
> While parsing top-level code eager functions are skipped just like lazy
> ones, but also a parse task is created for each.
>
> The parse tasks are run by the compiler dispatcher and can be executed
> either on background thread or in idle time.
> After parsing of top-level code finishes it waits for all unfinished
> parser tasks - possibly picking up and executing them on current thread.
> Afterwards parse task results are stitched together with top-level AST,
> in case of failures eager functions are treated just like lazy -
> parsing/compilation is retriggered for them in the runtime and proper
> errors are generated (performance is not optimized for error case at
> all).
>
> BUG=v8:6093
>
> Change-Id: I718dd2acc8a70ae1b09c2dea2616716605d7b05d
> Reviewed-on: https://chromium-review.googlesource.com/483439
> Commit-Queue: Wiktor Garbacz <wiktorg@google.com>
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Reviewed-by: Jochen Eisinger <jochen@chromium.org>
> Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#44849}
TBR=marja@chromium.org,vogelheim@chromium.org,jochen@chromium.org,wiktorg@google.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:6093
Change-Id: I17e689efee7d216d28a94a5c8147022ae7e830dd
Reviewed-on: https://chromium-review.googlesource.com/486883
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44859}
With this CL SloppyArguments immediately go to dictionary elements on
deletion, keeping the arguments backing store packed.
Bug: v8:6251
Change-Id: I2afa4fb5f0af9942eee0a1606942f5f289539330
Reviewed-on: https://chromium-review.googlesource.com/480379
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44857}
At the moment all tasks which are spawned during asynchronous
compilation are CancelableTasks. However, we don't ever really cancel
tasks, and in the cases where we do it actually makes no sense.
Additionally, using CancelableTasks causes problems when V8 shuts down.
Therefore this CL switches to normal v8::Tasks instead of
CancelableTasks.
R=clemensh@chromium.org, mtrofin@chromium.org
BUG=v8:6253
Change-Id: Idf972fa042e2614a3b25faa4537416a772990bd3
Reviewed-on: https://chromium-review.googlesource.com/485760
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44855}
This patch adds a new interface called RootVisitor and changes the root
iteration functions to accept a RootVisitor instead of an ObjectVisitor.
Future CLs will change ObjectVisitor to provide the host object to all
visiting functions, which will bring it in sync with static visitors.
Having separate visitors for roots and objects removes ambiguity in
VisitPointers and reduces chances of forgetting to record slots.
This is intended as pure refactoring. All places that require behavior
change are marked with TODO and will addressed in future CLs.
BUG=chromium:709075
Review-Url: https://codereview.chromium.org/2801073006
Cr-Commit-Position: refs/heads/master@{#44852}
This fixes propagation of validation failures that happen during the
validation of a heap access expression in {ValidateHeapAccess}.
R=clemensh@chromium.org
TEST=mjsunit/regress/regress-crbug-714971
BUG=chromium:714971
Change-Id: I8f91ac1da34ae50fdde2938f61b6468cdac92b6e
Reviewed-on: https://chromium-review.googlesource.com/486801
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44851}
This CL is purely refactoring, no behavior changes.
Remove InitializeBasedOnLength and combine it with a new Stub-ified
TypedArrayInitialize which now allocates the buffer in both the
on-heap and off-heap cases.
Add TypedArrayInitializeWithBuffer because this was essentially a
special case that didn't share much logic with Initialize.
Factor out the common pieces into SetupTypedArray and AttachBuffer.
We can also always pass in the elementsSize, so there is no need
to calculate this again. LoadMapAndElementsSize is changed to
LoadMapForType.
This reduces code size by ~8k.
Bug: chromium:711275,chromium:701768
Change-Id: I6ad8701e9c72f53bfd9484725fb82055be568c25
Reviewed-on: https://chromium-review.googlesource.com/483481
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44850}
While parsing top-level code eager functions are skipped just like lazy
ones, but also a parse task is created for each.
The parse tasks are run by the compiler dispatcher and can be executed
either on background thread or in idle time.
After parsing of top-level code finishes it waits for all unfinished
parser tasks - possibly picking up and executing them on current thread.
Afterwards parse task results are stitched together with top-level AST,
in case of failures eager functions are treated just like lazy -
parsing/compilation is retriggered for them in the runtime and proper
errors are generated (performance is not optimized for error case at
all).
BUG=v8:6093
Change-Id: I718dd2acc8a70ae1b09c2dea2616716605d7b05d
Reviewed-on: https://chromium-review.googlesource.com/483439
Commit-Queue: Wiktor Garbacz <wiktorg@google.com>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44849}
We collect function data for 2 purposes:
- Variable allocation data for lazy parsed functions which contain skippable functions.
- Data needed for creating FunctionLiterals for skippable functions.
In some cases, recompilation happens, and we need to make sure we're not trying
to skip a non-skippable function.
At the moment, we don't collect data for eagerly parsed scopes, since the
assumption is that they'll never get recompiled. (Fixing that will bigger design
changes.)
After this, we're down to 2 failures for mjsunit + --experimental-preparser-scope-analysis.
BUG=v8:5516
Change-Id: I704d488269f6d20a4b14596f2a0acc342ede32cb
Reviewed-on: https://chromium-review.googlesource.com/486802
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44848}
Traditionally, we had a prefix for a function name of "~" for
unoptimized code and "*" for optimized code. Restore this prefix
in v8/tools/ic-processor. It's really cool to know if an IC was
called from optimized code (often a hint of poor performance!).
NOTRY=true
R=cbruni@chromium.org
Review-Url: https://codereview.chromium.org/2835923004
Cr-Commit-Position: refs/heads/master@{#44846}
This header file is only used from tests.
Also, move the LoadStoreOpcodeOf method (only used in tests) from
wasm-opcodes.h to wasm-macro-gen.h.
R=ahaas@chromium.org
Change-Id: I8d4691be494b5c1fbe3084441329850930bad647
Reviewed-on: https://chromium-review.googlesource.com/486861
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44845}
Ideally they are already filtered on the embedder side. Sometimes
howevever, embedders end up with a Local<T> pointing to a nullptr
object. In this case the best way to filter this is right at the
beginning of the registration process.
BUG=chromium:713667
Review-Url: https://codereview.chromium.org/2836013003
Cr-Commit-Position: refs/heads/master@{#44844}
Adds a micro benchmark in js-perf-test to measure the performance of
compare bytecode handlers.
Bug:v8:4280
Change-Id: Ic86d670f8f09147076a22cfeff2e1ec052afe20c
Reviewed-on: https://chromium-review.googlesource.com/485522
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44843}
Instead of using the WASM_I32V_* macros (and other) from
wasm-macro-gen.h, use the appropriate methods to encode LEB integers.
This also saves some spaces for the wasm bytecode generated from asm.js.
Specifically, this CL
1) renames EmitVarInt to EmitI32V and EmitVarUint to EmitU32V (on
WasmFunctionBuilder).
2) introduces more methods on the WasmFunctionBuilder to emit i64v,
u64v, f32, and f64 values.
3) uses the ZoneBuffer instead of a plain ZoneVector<char> in the
WasmFunctionBuilder to build the body of the function.
4) introduces more helper functions on the ZoneBuffer to encode i64v,
u64v, f32 and f64 values.
R=ahaas@chromium.org
Change-Id: Ifa59a6a67380ecf9a3823c382daf00855f5bc61e
Reviewed-on: https://chromium-review.googlesource.com/486803
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44842}
Until now JIC and JIALC compact branches were emited without using their
offset. Here we optimize their use by using offset after addition and/or
load immediate operations.
The CL also fixes a problem with deserialization that occurs when a code
object ends with an optimized LUI/AUI and JIC/JIALC instruction pair.
Deserializer processed these instruction pairs by moving to a location
immediately after it, but when this location is the end of the object it
would finish with the current object before doing relocation. This is
fixed by moving the deserializer one instruction before the location of
the instruction pair end.
BUG=
Review-Url: https://codereview.chromium.org/2542403002
Cr-Commit-Position: refs/heads/master@{#44841}
Some of these tests pass the pattern as a string, and in this case
there's a subtle distinction between
"/\u{0041}/" // Unicode escape interpreted in string literal.
and
"/\\u{0041}/" // Unicode escape interpreted by regexp parser.
Extend these tests to check both cases.
Thanks littledan@ for pointing this out.
BUG=v8:5437
Review-Url: https://codereview.chromium.org/2839923002
Cr-Commit-Position: refs/heads/master@{#44840}
wasm-macro-gen.h is mainly used from tests, but LocalDeclEncoder is
also used from various other places.
This CL moves the LocalDeclEncoder to an own compilation unit. We want
to later move wasm-macro-gen.h to the tests folder.
It also refactors the LocalDeclEncoder to reuse the
LEBHelper::write_u32v and LEBHelper::sizeof_u32v methods instead of
reimplementing it.
R=ahaas@chromium.org
Change-Id: Ia4651436f0544578da7c1c43596d343571942e97
Reviewed-on: https://chromium-review.googlesource.com/486724
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44838}
Instead of dynamically tracking the block nesting, precompute the
information statically.
The interpreter was already using a side table to store the pc diff for
each break, conditional break and others. The information needed to
adjust the stack was tracked dynamically, however. This CL also
precomputes this information, as it is statically known.
Instead of just storing the pc diff in the side table, we now store the
pc diff, the stack height diff and the arity of the target block.
Local measurements show speedups of 5-6% on average, sometimes >10%.
R=ahaas@chromium.org
BUG=v8:5822
Change-Id: I986cfa989aabe1488f2ff79ddbfbb28aeffe1452
Reviewed-on: https://chromium-review.googlesource.com/485482
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44837}
This unifies the memory management of identifier strings passed between
the scanner, parser and module builder. The following scheme is used:
- The scanner does not create copies of identifier strings itself, it
exposes a reference to the current identifier. This reference becomes
invalid as soon as the scanner advanced.
- The parser preserves a single copy of each identifier that is stored
in any data structure. That copy is allocated in the zone, lifetime
is coupled to that of the zone.
- The module builder can use all such identifiers by reference, as long
as its lifetime is also coupled to the same zone.
Note that the module builder still creates redundant copies for some
identifiers (in order to maintain backwards compatibility with the old
AST-based parser). This can be fixed once the "old validator" has been
removed.
R=clemensh@chromium.org
BUG=v8:6127
Change-Id: I8611d162e87730045a6061d08c3fe841daae8a7d
Reviewed-on: https://chromium-review.googlesource.com/484439
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44836}
The data produced by the preparser scope analysis might be large.
ByteArrays are already allowed in the large object space.
This fixes mjsunit/asm/poppler/poppler.js with the flag on.
First version landed as https://chromium-review.googlesource.com/c/484459/
this version includes gen-postmortem-metadata fixes.
BUG=v8:5516
Change-Id: I2218c4729ba9feefd6595a93e5cc6d2e52ebda0e
Reviewed-on: https://chromium-review.googlesource.com/486641
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44835}
When looking for receiver maps, we need to account for the renaming
performed by FinishRegion, and look for the original receiver instead
from that point on.
Drive-by-fix: Abort effect chain walk as soon as the definition of the
receiver is seen on the effect chain.
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2836853002
Cr-Commit-Position: refs/heads/master@{#44833}
I think the WebAssembly format changed since the last time we updated
the corpus.
R=bradnelson@chromium.org
Change-Id: Ic4e24bade8cffbd43025d0961b805757a5e6f4d6
Reviewed-on: https://chromium-review.googlesource.com/485801
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44832}
For polymorphic loads that refer to the same underlying field, but
differ in either representation or field maps, try harder to merge
them into a simple field load by going to Tagged representation or
throwing away the field maps (this is essentially what Crankshaft
is doing).
R=jarin@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2836893002
Cr-Commit-Position: refs/heads/master@{#44831}
Avoid TransitionElementsKind when storing to objects which only differ
in holeyness of their elements kind. Instead go for polymorphic
CheckMaps, which can often by optimized and avoid the mutation of the
array map.
This generalizes the approach https://codereview.chromium.org/2836943003
which covered only element loads.
R=yangguo@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2836913004
Cr-Commit-Position: refs/heads/master@{#44828}
This patch removes JSFunction::SetInstancePrototype() from
JSFunction's public API and makes it an implementation detail
of SetPrototype().
Also clear out constructor field of JSFunction Map when
transitioning from non-instance prototype to instance
prototype.
Change-Id: If51d37bf6047b51b934d1b370fb52bb5cf5ffed4
Reviewed-on: https://chromium-review.googlesource.com/483961
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44821}
The AsyncGeneratorYield builtin just invoked the
AsyncGeneratorResolve() stub anyways, so this removes the middle-man.
Really minor refactoring, but clears out a bit of snapshot size and
another context index.
BUG=v8:5855
R=rmcilroy@chromium.org, bmeurer@chromium.org
Change-Id: I3385a5c5412e8d58493601874c2ad6b60e613012
Reviewed-on: https://chromium-review.googlesource.com/471913
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44820}