Our implementation of the spec got one comparison wrong, at
step 19.d.iii (we were comparing against 'q' instead of 'p').
R=littledan@chromium.org
BUG=chromium:607566
LOG=n
Review-Url: https://codereview.chromium.org/1940643002
Cr-Commit-Position: refs/heads/master@{#35947}
It truned out we can enter nested message loop and call
SetIdle from inside the compilation in some obscure
situations. To not whitelist all the possible StateTag values,
we'd better ignore this call when not profiling as it has
no effect anyway.
This patch also reverts DCHECK change from https://codereview.chromium.org/1922703005/.
BUG=none
LOG=N
Review-Url: https://codereview.chromium.org/1936703002
Cr-Commit-Position: refs/heads/master@{#35946}
Currently GetStackSample doesn't support simulator, thus sampler is aware of
simulator, but since we are moving it out, it shouldn't have knowledge of
simulator. This patch moves the logic using simulator accessible
to Isolate::GetStackSample, so that it supports simulator.
BUG=v8:4956
LOG=n
Review-Url: https://codereview.chromium.org/1926863003
Cr-Commit-Position: refs/heads/master@{#35944}
gn builds are missing Windows manifests for d8.exe and
mksnapshot.exe. These manifests are necessary in order to get
predictable behavior on Windows.
LOG=N
BUG=602505
Review-Url: https://codereview.chromium.org/1941433002
Cr-Commit-Position: refs/heads/master@{#35943}
This avoids weird control flow when the bytecode generator skips dead code containing yields.
BUG=v8:4907
LOG=n
Review-Url: https://codereview.chromium.org/1927943003
Cr-Commit-Position: refs/heads/master@{#35940}
Port d1b3d426ce
Original commit message:
Further refactor the pipeline to even run the first scheduler (part of
the effect control linearization) concurrently. This temporarily
disables most of the write barrier elimination, but we will get back to
that later.
Drive-by-fix: Remove the dead code from ChangeLowering, and stack
allocate the Typer in the pipeline. Also migrate the AllocateStub to a
native code builtin, so that we have the code object + a handle to it
available all the time.
R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com
BUG=v8:4969
LOG=N
Review-Url: https://codereview.chromium.org/1941613002
Cr-Commit-Position: refs/heads/master@{#35938}
This removes the CompilationInfoWithZone class, which was used to
allocate a CompilationInfo on the C-heap. By now the CompilationJob is
the single object being allocated on the C-heap and passed between the
main thread and the compilation thread. Structs requiring destruction
can be embedded within that CompilationJob. This simplifies involved
lifetimes by coupling all lifetimes to one single object.
R=bmeurer@chromium.org
Review-Url: https://codereview.chromium.org/1930773003
Cr-Commit-Position: refs/heads/master@{#35936}
The Wasm suite reports both compile time and code size, however,
perf-to-html.py elides one of the results (compile time, in this case).
This affects the effectiveness of results reported by perf try bot runs.
This CL addresses that.
BUG=
Review-Url: https://codereview.chromium.org/1941573002
Cr-Commit-Position: refs/heads/master@{#35935}
The compilation pipeline is correctly guarding against accidental
tier-ups by now, the tests in question should no longer fail.
R=yangguo@chromium.org
BUG=v8:4961
LOG=n
Review-Url: https://codereview.chromium.org/1938983002
Cr-Commit-Position: refs/heads/master@{#35934}
For LoadElimination we must not replace LoadField nodes with other nodes
whose types are not a subtype of the original LoadField type, as that
breaks the verifier. We already fixed that earlier for store to load
forwarding, but the fix didn't cover LoadField forwarding.
This actually still generates the correct code even w/o the fix, but
since recently fails due to stronger checking in representation
selection. So this makes clusterfuzz happy again.
R=mvstanton@chromium.org
BUG=chromium:607899
LOG=n
Review-Url: https://codereview.chromium.org/1934973002
Cr-Commit-Position: refs/heads/master@{#35930}
Now ChangeLowering is only concerned with lowering memory access and
allocation operations, and all changes are consistently lowered during
the effect/control linearization pass. The next step is to move the
left over lowerings to a pass dedicated to eliminate redundant loads and
stores, eliminate write barriers, fold and inline allocations.
Drive-by-fix: Rename ChangeBitToBool to ChangeBitToTagged,
ChangeBoolToBit to ChangeTaggedToBit, and ChangeInt31ToTagged to
ChangeInt31ToTaggedSigned for consistency.
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux64_tsan_rel
Committed: https://crrev.com/ceca5ae308bddda166651c654f96d71d74f617d0
Cr-Commit-Position: refs/heads/master@{#35924}
Review-Url: https://codereview.chromium.org/1941673002
Cr-Commit-Position: refs/heads/master@{#35929}
Reason for revert:
[Sheriff] Breaks mac gc stress:
https://build.chromium.org/p/client.v8/builders/V8%20Mac%20GC%20Stress/builds/5821
Original issue's description:
> [turbofan] Remove left-over change bits from ChangeLowering.
>
> Now ChangeLowering is only concerned with lowering memory access and
> allocation operations, and all changes are consistently lowered during
> the effect/control linearization pass. The next step is to move the
> left over lowerings to a pass dedicated to eliminate redundant loads and
> stores, eliminate write barriers, fold and inline allocations.
>
> Also remove the atomic regions now that we wire everything into the
> effect chain properly. This is an important step towards allocation
> inlining.
>
> Drive-by-fix: Rename ChangeBitToBool to ChangeBitToTagged,
> ChangeBoolToBit to ChangeTaggedToBit, and ChangeInt31ToTagged to
> ChangeInt31ToTaggedSigned for consistency.
>
> CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux64_tsan_rel
>
> Committed: https://crrev.com/ceca5ae308bddda166651c654f96d71d74f617d0
> Cr-Commit-Position: refs/heads/master@{#35924}
TBR=ishell@chromium.org,bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/1942733002
Cr-Commit-Position: refs/heads/master@{#35927}
This adds ignition to the testing variants that are run on all
bots.
Failing tests can only be skipped with the NO_IGNITION
keyword in status files. Existing expectations for the
ignition_turbofan variant are all duplicated and use the
NO_IGNITION keyword as well now.
BUG=v8:4280
LOG=N
Committed: https://crrev.com/132c09ed619f23fb7c6d26a4e3552c703389eabd
Cr-Commit-Position: refs/heads/master@{#35865}
Review-Url: https://codereview.chromium.org/1804003002
Cr-Commit-Position: refs/heads/master@{#35926}
During ast decoding and turbofan graph construction, we explicitely pass
the byte offset for all instructions which potentially trap.
The byte offset is finally passed to the runtime function which throws
the actual error, but it is not used there yet.
The WasmGraphBuilder::Binop and Unop methods have a default value of -1
for the position, which allows for more compact code for all the
functions which assemble bigger snippets from the primitive operations.
Whenever the position is actually used for generating a trap, we
check that it is not negative.
R=titzer@chromium.org
Review-Url: https://codereview.chromium.org/1915123006
Cr-Commit-Position: refs/heads/master@{#35925}
Now ChangeLowering is only concerned with lowering memory access and
allocation operations, and all changes are consistently lowered during
the effect/control linearization pass. The next step is to move the
left over lowerings to a pass dedicated to eliminate redundant loads and
stores, eliminate write barriers, fold and inline allocations.
Also remove the atomic regions now that we wire everything into the
effect chain properly. This is an important step towards allocation
inlining.
Drive-by-fix: Rename ChangeBitToBool to ChangeBitToTagged,
ChangeBoolToBit to ChangeTaggedToBit, and ChangeInt31ToTagged to
ChangeInt31ToTaggedSigned for consistency.
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux64_tsan_rel
Review-Url: https://codereview.chromium.org/1941673002
Cr-Commit-Position: refs/heads/master@{#35924}
This makes sure that Compiler::EnsureDeoptimizationSupport follows the
same limitations as other compilation functions that trigger a tier-up.
Specifically it prevents against tier-up while inlining when activations
are present on the stack.
R=yangguo@chromium.org
BUG=chromium:607494
LOG=n
Review-Url: https://codereview.chromium.org/1917193007
Cr-Commit-Position: refs/heads/master@{#35923}
When exporting `shared-library` in profile log, additionally export a
slide offset. This is required to parse profile logs generated on
systems with ASLR (OS X), otherwise it is impossible to assign C++
symbol names to their addresses in the log.
See: https://github.com/nodejs/node/issues/6466
BUG=
Review-Url: https://codereview.chromium.org/1934453003
Cr-Commit-Position: refs/heads/master@{#35921}
It is unsound to look at the types in the TurboFan graphs after the
representation selection (and early optimization) phases, because
(a) the remaining phases (might) run concurrently, and
(b) the types may not be accurate (or even correct) after
representation selection due to the way we deal with
truncations.
So in Debug builds we now explicitly remove all types from the nodes
right after we uninstall the Typer decorator from the Graph, so any
further attempt to access the Type of a Node will lead to a crash (again
in Debug only for now).
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux64_tsan_rel
BUG=v8:4969
LOG=n
Review-Url: https://codereview.chromium.org/1937803002
Cr-Commit-Position: refs/heads/master@{#35920}
Further refactor the pipeline to even run the first scheduler (part of
the effect control linearization) concurrently. This temporarily
disables most of the write barrier elimination, but we will get back to
that later.
Drive-by-fix: Remove the dead code from ChangeLowering, and stack
allocate the Typer in the pipeline. Also migrate the AllocateStub to a
native code builtin, so that we have the code object + a handle to it
available all the time.
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux64_tsan_rel
R=mstarzinger@chromium.org
BUG=v8:4969
LOG=n
Review-Url: https://codereview.chromium.org/1926023002
Cr-Commit-Position: refs/heads/master@{#35918}
Rolling v8/build to 5fbb07a2443f8095963594c2f365f99bad549180
Rolling v8/tools/clang to 0e474b23030b2723dfb3dd0c038746ec2c042469
TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
Review-Url: https://codereview.chromium.org/1941543002
Cr-Commit-Position: refs/heads/master@{#35915}
Restrict the use of the `await` token as an identifier when parsing
source text as module code.
From
http://www.ecma-international.org/ecma-262/6.0/#sec-future-reserved-words:
> 11.6.2.2 Future Reserved Words
>
> The following tokens are reserved for used as keywords in future
> language extensions.
>
> Syntax
>
> FutureReservedWord ::
> enum
> await
>
> await is only treated as a FutureReservedWord when Module is the goal
> symbol of the syntactic grammar.
BUG=v8:4767
LOG=N
R=adamk@chromium.org
Review-Url: https://codereview.chromium.org/1723313002
Cr-Commit-Position: refs/heads/master@{#35914}
I plan to drive these options from the infra recipe.
Raising the priority of the benchmarked process, and fixing
its affinity to some other CPU than 0 improves stability of
measurements.
BUG=
Review-Url: https://codereview.chromium.org/1915303002
Cr-Commit-Position: refs/heads/master@{#35912}
- Move the concurrent unmapping to MemoryAllocator
- Hide (private) members where possible
- MemoryAllocator:Free is now the bottleneck for freeing
- Pooled pages are either allocated from a set of pooled pages are obtained
through work stealing from the concurrent unmapper
BUG=chromium:605866, chromium:581412
LOG=N
This reverts commit 25ff296c4c.
Review-Url: https://codereview.chromium.org/1929503002
Cr-Commit-Position: refs/heads/master@{#35910}
Adapts FastCloneShallowObjectStub to enable it to be used by the
CreateObjectLiteral bytecode.
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/1922523002
Cr-Commit-Position: refs/heads/master@{#35909}
In order to have a wasm object (as JSObject), this adds a method to
instantiate the TestingModule. In order for this to work, the bytecode
and the function names of the TestingModule are stored for usage during
instantiation.
R=titzer@chromium.org
Review-Url: https://codereview.chromium.org/1916403002
Cr-Commit-Position: refs/heads/master@{#35906}
This ensures that the TurboFan pipeline is respecting the flag on the
CompilationInfo controlling whether to use the BytecodeGraphBuilder or
the AstGraphBuilder when ensuring deoptimization support.
R=rmcilroy@chromium.org
BUG=chromium:607871
LOG=n
Review-Url: https://codereview.chromium.org/1934563002
Cr-Commit-Position: refs/heads/master@{#35904}
When requesting a large allocation near the end of the address space,
the computation could overflow and erroneously *not* grow the Zone
as required.
BUG=chromium:606115
LOG=y
Review-Url: https://codereview.chromium.org/1930873002
Cr-Commit-Position: refs/heads/master@{#35903}
This will allow us to enable GC events without enabling IC events.
Telemetry currently cannot handle huge number of IC events in a trace.
BUG=
Review-Url: https://codereview.chromium.org/1924333003
Cr-Commit-Position: refs/heads/master@{#35902}
This moves __{define,lookup}{Getter,Setter}__ to builtins.cc.
Compared to the first attempt, this patch now preserves non-spec-compliant legacy behavior and does not throw on failure.
Original review: https://codereview.chromium.org/1904313004
Review-Url: https://codereview.chromium.org/1932163002
Cr-Commit-Position: refs/heads/master@{#35899}