This is similar to how the native context has an empty function set up as it's closure field.
BUG=666984
Review-Url: https://codereview.chromium.org/2528603002
Cr-Commit-Position: refs/heads/master@{#41212}
Passing in the isolate to retrieve the heap constants (undefine, the_hole, null)
has a positive performance impact.
BUG=
Review-Url: https://codereview.chromium.org/2517153002
Cr-Commit-Position: refs/heads/master@{#41210}
Reason for revert:
Test crashes after an unrelated revert: https://chromegw.corp.google.com/i/client.v8/builders/V8%20Linux%20-%20gc%20stress/builds/7189
Reverting because of recommendation from WASM team.
Original issue's description:
> [wasm] WebAssembly.Memory object can be referenced by multiple Instance objects.
>
> Add support for WebAssembly.Memory objects to be simultaneously referenced by multiple Instance objects. GrowingMemory should maintain a consistent view of memory across instances.
> - Store a link to instances that share WebAssembly.Memory in the WasmMemoryObject, updated on instantiate.
> - Implement WasmInstanceWrapper as a wrapper around the instance object to keep track of previous/next instances, instance object is stored as a WeakCell that can be garbage collected.
> - MemoryInstanceFinalizer maintains a valid list of instances when an instance is garbage collected.
> - Refactor GrowInstanceMemory to GrowMemoryBuffer that allocates a new buffer, and UncheckedUpdateInstanceMemory that updates memory references for an instance.
>
> R=titzer@chromium.org, mtrofin@chromium.org, bradnelson@chromium.org
>
> Committed: https://crrev.com/30ef8e33f3a199a27ca8512bcee314c9522d03f6
> Committed: https://crrev.com/3c98e339599b068f1ed630afb7601ff942424d31
> Cr-Original-Commit-Position: refs/heads/master@{#41121}
> Cr-Commit-Position: refs/heads/master@{#41198}
TBR=bradnelson@chromium.org,mtrofin@chromium.org,titzer@chromium.org,gdeepti@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2529573002
Cr-Commit-Position: refs/heads/master@{#41208}
Reason for revert:
Blocks roll: https://codereview.chromium.org/2526573002/
Original issue's description:
> [stubs] KeyedStoreGeneric: inline dictionary property stores
>
> For dictionary-mode receivers, the KeyedStoreGeneric stub can store
> properties directly in most cases. Doing so avoids the need to have
> an entry in the stub cache for every map/property combination.
>
> Committed: https://crrev.com/af168e330e95c4460fd1bb7734f0e9a750f2e748
> Cr-Commit-Position: refs/heads/master@{#41185}
TBR=ishell@chromium.org,rmcilroy@chromium.org,jkummerow@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2528583002
Cr-Commit-Position: refs/heads/master@{#41207}
port 0925554111 (r41135)
original commit message:
This removes the deprecated generator support for resumable functions
from {FullCodeGenerator}. The existing {AstNumbering} heuristic already
triggers Ignition for most resumable functions, with this change we make
said heuristic a hard choice and remove the deprecated code. This also
has the advantage that any suspended {JSGeneratorObject} instance on the
heap is guaranteed to have code based on a bytecode array.
BUG=
Review-Url: https://codereview.chromium.org/2522653003
Cr-Commit-Position: refs/heads/master@{#41204}
port d4f01b8a65 (r41108)
original commit message:
Add fast paths for holey smi and object arrays to
Function.prototype.apply, Reflect.apply and Reflect.construct.
BUG=
Review-Url: https://codereview.chromium.org/2519303002
Cr-Commit-Position: refs/heads/master@{#41203}
The AstGraphBuilder pipeline is only used for asm.js now, so the whole
type feedback mechanism is essentially dead code currently, thus we
better nuke it.
BUG=v8:5267,v8:5657
Review-Url: https://codereview.chromium.org/2523953002
Cr-Commit-Position: refs/heads/master@{#41201}
port 93c6595200 (r40887)
original commit message:
This changes {FrameState} nodes modeling "after" states to use bytecode
offsets pointing to the deoptimizing bytecode. This is in sync with the
normal execution, as the bytecode offset is advanced after operations
complete in regular bytecode handlers.
The change is necessary to ensure lazy deoptimized frames contain an
accurate bytecode offset while they are on the stack. Such frames can be
inspected by various stack walks. The continuation builtin will advance
the bytecode offset upon return.
BUG=
Review-Url: https://codereview.chromium.org/2520203002
Cr-Commit-Position: refs/heads/master@{#41199}
Add support for WebAssembly.Memory objects to be simultaneously referenced by multiple Instance objects. GrowingMemory should maintain a consistent view of memory across instances.
- Store a link to instances that share WebAssembly.Memory in the WasmMemoryObject, updated on instantiate.
- Implement WasmInstanceWrapper as a wrapper around the instance object to keep track of previous/next instances, instance object is stored as a WeakCell that can be garbage collected.
- MemoryInstanceFinalizer maintains a valid list of instances when an instance is garbage collected.
- Refactor GrowInstanceMemory to GrowMemoryBuffer that allocates a new buffer, and UncheckedUpdateInstanceMemory that updates memory references for an instance.
R=titzer@chromium.org, mtrofin@chromium.org, bradnelson@chromium.org
Committed: https://crrev.com/30ef8e33f3a199a27ca8512bcee314c9522d03f6
Review-Url: https://codereview.chromium.org/2471883003
Cr-Original-Commit-Position: refs/heads/master@{#41121}
Cr-Commit-Position: refs/heads/master@{#41198}
Now that we have a JumpLoop bytecode, we can heavily simplify the
branch/loop analysis by assuming that only JumpLoop bytecodes are
backwards edges, and performing the loop analysis as a single
(backwards) pass.
This allows us to get rid of the branch analysis entirely, and builds a
framework to do liveness analysis in the same pass.
Review-Url: https://codereview.chromium.org/2519983002
Cr-Commit-Position: refs/heads/master@{#41194}
Previous fuzzer fix broke the case when the pending assessment came from the same
block. In that case, the assessments table does not have an entry yet for the block,
because we register only when we're done processing a block.
BUG=667745
Review-Url: https://codereview.chromium.org/2519973004
Cr-Commit-Position: refs/heads/master@{#41193}
The GetPositionInfo function only operates on WasmCompiledModule, so it
should be a method of that class.
This CL also splits the method in two, such that I can reuse the
GetContainingFunction method for breakpoint support.
R=titzer@chromium.org
BUG=chromium:613110
Review-Url: https://codereview.chromium.org/2521293002
Cr-Commit-Position: refs/heads/master@{#41191}
Wrapper creation for import functions with i64 return values on 32-bit
platforms crashed because the number of return values of the wrapper
did not match the number of input nodes of the return node.
The issue is fixed by not creating special wrappers for 32-bit platforms
in the first place. This is valid because wrappers with i64 return
values are never actually executed.
R=titzer@chromium.org
BUG=v8:5661
Review-Url: https://codereview.chromium.org/2517173003
Cr-Commit-Position: refs/heads/master@{#41190}
The tests were relying on early errors which we don't produce since we
now preparse more often.
BUG=v8:2728, v8:5501, v8:5663
Review-Url: https://codereview.chromium.org/2523683002
Cr-Commit-Position: refs/heads/master@{#41189}
The handwritten-assembly implementations of both dispatcher and
generic stub have been replaced by Turbofan-generated stubs.
Review-Url: https://codereview.chromium.org/2523473002
Cr-Commit-Position: refs/heads/master@{#41188}
For dictionary-mode receivers, the KeyedStoreGeneric stub can store
properties directly in most cases. Doing so avoids the need to have
an entry in the stub cache for every map/property combination.
Review-Url: https://codereview.chromium.org/2504403005
Cr-Commit-Position: refs/heads/master@{#41185}
... but be less pessimistic about context allocation (see below).
We might have just (pessimistically) context-allocated a variable based
on references coming from an inner function, but after that we still
need to set maybe_assigned (pessimistically).
This makes test-parsing/InnerAssignment pass with
FLAG_lazy_inner_functions.
This was undetected until now because we didn't have lazy parsing enabled
for small scripts.
Less pessimistic approach: now that inner functions laziness decisions
are stable (if we have once compiled a piece of code with lazy inner
functions, we never compile the same code with eager inner functions),
we don't need to be as pessimistic with context allocation as before.
BUG=v8:5501
Review-Url: https://codereview.chromium.org/2521513004
Cr-Commit-Position: refs/heads/master@{#41183}
Wasm frames are special in that they have a non-integer script id
in inspector. The way we treat script ids currently is a bit of a mess -
our runtime functions expected integer IDs while inspector has string
IDs (which contain integers, except for Wasm frames). This will need to
be cleaned up once more Wasm tests are added.
The meaning of line/column numbers has also changed; the old JS debug
API encoded the function index and byte offset into line/column numbers,
while inspector-based API actually translates into lines/columns in the
disassembly.
BUG=v8:5530
Review-Url: https://codereview.chromium.org/2515133003
Cr-Commit-Position: refs/heads/master@{#41182}
This makes sure the {kScratchRegister} is not used across macro
instructions (e.g. {LeaveFrame}) that would clobber its content.
Generally it is highly unsafe to use such scratch registers with a
life-range spanning macro instructions.
R=neis@chromium.org
Review-Url: https://codereview.chromium.org/2521973002
Cr-Commit-Position: refs/heads/master@{#41181}
Unfortunately, there's currently no satisfying way of accessing scopes
of suspended generator objects through inspector. This CL implements
access to such scopes through runtime functions instead.
BUG=v8:5530
Review-Url: https://codereview.chromium.org/2513343004
Cr-Commit-Position: refs/heads/master@{#41179}
This makes the test in the bug ~10x faster. It could inadvertently make other things slower, so revert eagerly if included in a range where performance tanks.
BUG=chromium:666852
Review-Url: https://codereview.chromium.org/2525573002
Cr-Commit-Position: refs/heads/master@{#41178}
StepFrame is a combination of StepIn/StepOut, e.g. it breaks to the next
frame change. This is not part of the public API, but we want to keep it
for internal tests.
BUG=v8:5530
Review-Url: https://codereview.chromium.org/2514303003
Cr-Commit-Position: refs/heads/master@{#41177}
With this CL the regexp-parser-fuzzer uses the first byte of the fuzzer
input to select the regexp flag instead of executing each input with all
possible flags. Thereby the fuzzer can explore more inputs and with its
coverage metric will explore all flags only for interesting inputs.
I updated all files in test/fuzzer/regexp and added a random byte at the beginning. This byte is used by the fuzzer to determine the flag.
BUG=chromium:664436
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2511373002
Cr-Commit-Position: refs/heads/master@{#41176}
* Fix setting script-scope variables through inspector by internalizing
their names.
* Reconstruct values of Number, String, and Boolean classes.
* Adapt a couple of tests for API restrictions.
BUG=v8:5530
Review-Url: https://codereview.chromium.org/2512963002
Cr-Commit-Position: refs/heads/master@{#41175}
When disassembling functions for the inspector, we used an internal
text representation before. This CL implements the official text
format like it is understood by the spec interpreter.
Example output:
func $main (param i32) (result i32)
block i32
get_local 0
i32.const 2
i32.lt_u
if
i32.const -2
return
end
get_local 0
call_indirect 0
end
R=rossberg@chromium.org, titzer@chromium.org
BUG=chromium:659715
Review-Url: https://codereview.chromium.org/2520943002
Cr-Commit-Position: refs/heads/master@{#41172}
This fixes stack unwinding to always recompute the stack pointer for
interpreted frames. For frames materialized by the deoptimizer we elide
the handler frame in between, hence arguments being pushed on the stack
will no longer be pushed into the handler frame but into the interpreted
frame directly.
R=jarin@chromium.org
TEST=mjsunit/regress/regress-crbug-662830
BUG=chromium:662830
Review-Url: https://codereview.chromium.org/2517203003
Cr-Commit-Position: refs/heads/master@{#41170}
The new SourcePosition class allows for precise tracking of source positions including the stack of inlinings. This CL makes the cpu profiler use this new information. Before, the cpu profiler used the deoptimization data to reconstruct the inlining stack. However, optimizing compilers (especially Turbofan) can hoist out checks such that the inlining stack of the deopt reason and the inlining stack of the position the deoptimizer jumps to can be different (the old cpu profiler tests and the ones introduced in this cl produce such situations for turbofan). In this case, relying on the deoptimization info produces paradoxical results, where the reported position is before the function responsible is called. Even worse, https://codereview.chromium.org/2451853002/ combines the precise position with the wrong inlining stack from the deopt info, leading to completely wrong results.
Other changes in this CL:
- DeoptInlinedFrame is no longer needed, because we can compute the correct inlining stack up front.
- I changed the cpu profiler tests back to test situations where deopt checks are hoisted out in Turbofan and made them robust enough to handle the differences between Crankshaft and Turbofan.
- I reversed the order of SourcePosition::InliningStack to make it match the cpu profiler convention.
- I removed CodeDeoptEvent::position, as it is no longer used.
R=alph@chromium.org
BUG=v8:5432
Review-Url: https://codereview.chromium.org/2503393002
Cr-Commit-Position: refs/heads/master@{#41168}
TurboFan can indeed comsume NumberOrOddball feedback for abstract
relational comparisons, so we should just provide it from Ignition.
Drive-by-fix: Add a DCHECK to protect against abstract/strict equality
number comparison accidentially utilizing Oddball feedback.
BUG=v8:5267,v8:5400
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2518283002
Cr-Commit-Position: refs/heads/master@{#41166}
This code should not access bytes out of the permitted range in order to check
the range of a possible UTF-8 value. Instead, the length check should occur
before such checks.
BUG=chromium:667260, chromium:662822
Review-Url: https://codereview.chromium.org/2520053003
Cr-Commit-Position: refs/heads/master@{#41165}