Async generator yield* is still desugared in the parser, to be moved to the BytecodeGenerator in a future CL.
Bug: v8:6472
Change-Id: I8b33e2f9e931949f7375540099cd8ec3a6b27cf1
Reviewed-on: https://chromium-review.googlesource.com/539335
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46165}
Currently LdaNamedProperty bytecode for expressions like a.b has position before dot. This CL moves this location after dot.
It's important for later removing of Nop bytecodes in expressions like a.b() where a is local variable, property call and property load should have the same position.
R=jgruber@chromium.org
Bug: v8:6425
Change-Id: I528c5007de52215beba80851ab04693ecec038e2
Reviewed-on: https://chromium-review.googlesource.com/543047
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46163}
HistoryTimer's can't run in the background because they use a timer
with a simple api of Start() and Stop(). This CL fixes this problem
by building a base class TimedHistogram that doesn't have a timer.
The class HistoryTimer is modified to use this base class so that
uses that run on the foreground thread do not need to be modified.
It also adds a new class TimedHistogramScope that defines the timer
in this class. This allows the corresopnding TimedHistogram class to
be type safe.
BUG=v8:6361
Review-Url: https://codereview.chromium.org/2929853003
Cr-Commit-Position: refs/heads/master@{#46150}
In most cases, I'm using ENTER_V8 which is due to the fact that the
respective methods might end up executing script, either because they
invoke some callback, or because they might trigger a proxy trap.
Also add microtask suppression scopes in the debugger to all the places
that need one according to tests.
BUG=v8:5830
R=marja@chromium.org,jgruber@chromium.org
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I24cc3de37fc0d8156acfe86b290568e5f8f662b4
Reviewed-on: https://chromium-review.googlesource.com/519262
Commit-Queue: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46146}
let f = function g() { ... } declares "g" inside the function. This
CL makes the preparser declare it too, and saves + restores the scope data for
it.
BUG=v8:5516
Change-Id: Id4c64f446d30f5252038cfb0f0f473b85ba24a9b
Reviewed-on: https://chromium-review.googlesource.com/544816
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46133}
The test setup was as follows:
- Preparse function test() { ... }, get scope allocation data.
- Apply the scope allocation data to (function test() { ... })();
- Compare against normal scope allocation for (function test() { ... })();
But the IIFE is unnecessary - we already disable lazy parsing.
Cleaning this up is needed because in the next CL, I want to fix the Scopes
produced by PreParser in this case:
let f = function g() {
// Here we should declare g!
}
And that fix will make the variables in
function test() {
// Here we don't declare test
}
and
(function test() {
// Here we do declare test
})();
not match any more, so it doesn't make sense to compare them against each other.
BUG=v8:5516
Change-Id: I93d154c6977bb3cbe405b6ca193cf6283df297bc
Reviewed-on: https://chromium-review.googlesource.com/543341
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46128}
This switches all uses of the patching {BinaryOpICStub} over to the
respective existing and non-patching CSA-builtins, and removes some
supporting code. It also removes the inlined SMI handling.
R=verwaest@chromium.org
BUG=v8:6408
Change-Id: If547c0127bfcafbd01ccb33b702b1868006ebcb1
Reviewed-on: https://chromium-review.googlesource.com/541398
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46122}
This will allow for embedders to easily implement their own Platform
without duplicating the tracing controller code.
BUG=v8:6511
R=fmeawad@chromium.org
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I7c64933d12b2cf53f0636fbc87f6ad5d22019f5c
Reviewed-on: https://chromium-review.googlesource.com/543015
Commit-Queue: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Fadi Meawad <fmeawad@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46118}
In edge cases such as the following, sloppy-mode block-scoped function
hoisting is expected to occur:
eval(`
with({a: 1}) {
function a() {}
}
`)
In this case, there should be the equivalent of a var declaration
outside of the eval, which gets set to the value of the local function
a when the body of the with is executed.
Previously, the way that var declarations are hoisted out of eval
meant that the assignment to that var was an ordinary DYNAMIC_GLOBAL
assignment. However, such a lookup mode meant that the object in the
with scope received the assignment!
This patch fixes that error by marking the assignments produced by
the sloppy mode block scoped function hoisting desugaring so as to
generate a different runtime call which skips with scopes.
Bug: chromium:720247, v8:5135
Change-Id: Ie36322ddc9ca848bf680163e8c016f50d4597748
Reviewed-on: https://chromium-review.googlesource.com/529230
Commit-Queue: Daniel Ehrenberg <littledan@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46116}
(Reland: NeedsManualRebaseline'd newly-fixed layout test in Chromium.)
This was never legal; the spec only allows '\0' in strict-mode strings
or templates when not followed by a decimal digit. Previously we were
only enforcing that it not be followed by an _octal_ digit.
This was already fixed for numeric literals, but not for escape
sequences in strings.
BUG=v8:6504
Review-Url: https://codereview.chromium.org/2948903002
Cr-Commit-Position: refs/heads/master@{#46106}
This method returns position of importing stmt in module source.
R=neis@chromium.org
Bug: chromium:721589
Change-Id: I8639796a001fdfec7cf5aa1bf1a27493f7a757a9
Reviewed-on: https://chromium-review.googlesource.com/541322
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46105}
Allows BitVector to resize, updating its own data and data length to
match the new length. We can fast-path resizes which fit into the same
data length (since high bits are already zero), and replace the pattern
where a BitVector is cloned using CopyFrom.
Change-Id: If79ca782c516e93b2a27c5e335e263554d522e88
Reviewed-on: https://chromium-review.googlesource.com/539522
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46101}
- Iterator advancing is kept mainly unchanged.
- The iterator stores the size of the object which is to be used by the
caller in follow ups. This way we might be able to avoid further out
of line loads.
- The iteartor follows the regular std conventions allowing range based
loops.
Bug: chromium:651354
Change-Id: I8928224a62d3a48a48145a2d00279a28608bc634
Reviewed-on: https://chromium-review.googlesource.com/543335
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46085}
The fuzzer has already been removed from chromium. In addition I removed
code which was only used by this fuzzer.
BUG=chromium:734550
R=clemensh@chromium.orgCC=mstarzinger@chromium.org
Change-Id: I2ff4614e4d64131412ead759318e5c38e38f5d3d
Reviewed-on: https://chromium-review.googlesource.com/542816
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46078}
- Now that there are no boolean vector types, we can directly test the
results of relational ops.
Bug: v8:6020
Change-Id: Id2139133ae3a548a9985a26a3427cbeddc6272a6
Reviewed-on: https://chromium-review.googlesource.com/536176
Reviewed-by: Aseem Garg <aseemgarg@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46075}
This was never legal; the spec only allows '\0' in strict-mode strings or templates
when not followed by a decimal digit. Previously we were only enforcing that it
not be followed by an _octal_ digit.
This was already fixed for numeric literals, but not for escape sequences in strings.
BUG=v8:6504
Review-Url: https://codereview.chromium.org/2950633002
Cr-Commit-Position: refs/heads/master@{#46046}
For each Managed<T> (which is a Foreign), we create a weak global handle
with a finalizer which deletes the referenced C++ object once the
Foreign is dead.
Before calling this finalizer, the garbage collector needs to mark the
referenced object black (i.e. live), because the finalizer might
resurrect it.
Since this is never done for managed objects, we can use the more
lightweight phantom handle semantics, which allows the referenced
object to be garbage collected right away.
However, we can't access the global handle via the WeakCallbackInfo,
because the global handle will already be garbage collected. So we need
to store it explicitly. This is solved by storing the global handle
together with the finalizer.
In order to implement this, ownership of the ManagedObjectFinalizer
is moved from the isolate to the managed object.
R=ulan@chromium.org, mtrofin@chromium.org
BUG=v8:6505, chromium:734345
Change-Id: I94a245df601f70e19355d82439d30099e159231b
Reviewed-on: https://chromium-review.googlesource.com/539578
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46036}
- Use correct prefixes for SIMD/Atomics ops
- S128 LoadMem/StoreMem should not use 0xc0/0xc1 opcodes, these are now
being used for sign extension
- S128 LoadMem/StoreMem should use prefixed opcodes
BUG=v8:6020
Review-Url: https://codereview.chromium.org/2943773002
Cr-Commit-Position: refs/heads/master@{#46016}
Here we optimize Dsubu by instead of loading imm and subtracting, we
load -imm and perform addition when loading -imm takes less instructions
than loading imm. Similarily li is optimized by loading -imm and
performing addition or loading ~imm and inverting bits using nor when
one of these loads takes two instructions less than loading imm, saving
at least one instruction. Tests are adjusted to cover these
optimizations.
BUG=
TEST=cctest/test-assembler-mips/li_macro
cctest/test-assembler-mips/Dsubu
Review-Url: https://codereview.chromium.org/2909913002
Cr-Commit-Position: refs/heads/master@{#46001}
For interpreted functions, use the optimized code slot in the feedback
vector to store an optimization marker (optimize/in optimization queue)
rather than changing the JSFunction's code object. Then, adapt the
self-healing mechanism to also dispatch based on this optimization
marker. Similarly, replace SFI marking with optimization marker checks
in CompileLazy.
This allows JSFunctions to share optimization information (replacing
shared function marking) without leaking this information across native
contexts. Non I+TF functions (asm.js or --no-turbo) use a
CheckOptimizationMarker shim which generalises the old
CompileOptimized/InOptimizationQueue builtins and also checks the same
optimization marker as CompileLazy and InterpreterEntryTrampoline.
This is a reland of https://chromium-review.googlesource.com/c/509716
Change-Id: I02b790544596562373da4c9c9f6afde5fb3bcffe
Reviewed-on: https://chromium-review.googlesource.com/535460
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45997}
Unify, simplify logic, reduce UTF8 specific handling.
Intend of this is also to have stream views.
Stream views can be used concurrently by multiple threads, but
only one thread may fetch new data from the underlying source.
This together with unified stream view creation is intended to be
used for parse tasks.
BUG=v8:6093
Change-Id: I83c6f1e6ad280c28da690da41c466dfcbb7915e6
Reviewed-on: https://chromium-review.googlesource.com/535474
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45994}
This CL also reduces the minimum semi-space size to 512K.
BUG=chromium:716032
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_rel_ng
Review-Url: https://codereview.chromium.org/2942543002
Cr-Commit-Position: refs/heads/master@{#45992}
Storing the boilerplate on the first run leads to memory ovehead for code
that is run only once. Hence we directly return the creating literal on the
first run and only start creating copies from the second run on.
Bug: v8:6211
Change-Id: I69b96d124a5b594b991fdbcc76dbf935d973ffad
Reviewed-on: https://chromium-review.googlesource.com/530688
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45975}
This reverts commit 8196e10265.
Reason for revert: Performance regression due to hashcode lookup.
Original change's description:
> [builtins] Move most WeakMap/WeakSet code from JS to C++ builtins
>
> They were already implemented mostly in C++ (only error/negative
> cases were handled in script), so this is mostly just a cleanup.
> Only the constructors remain in script after this CL.
>
> Bug: v8:6354
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: I5b3579337a8e33dc30d49c2da5cfd42baec697bb
> Reviewed-on: https://chromium-review.googlesource.com/531670
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Commit-Queue: Adam Klein <adamk@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#45924}
TBR=adamk@chromium.org,cbruni@chromium.org,gsathya@chromium.org
Bug: v8:6354, chromium:733238
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ia5a741b9587886298f3ca057f6a6adeba556b8e0
Reviewed-on: https://chromium-review.googlesource.com/537207
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45966}
Previously, when destructuring against null or undefined we would
print:
d8> var { x } = null
(d8):1: TypeError: Cannot match against 'undefined' or 'null'.
var { x } = null
^
TypeError: Cannot match against 'undefined' or 'null'.
at (d8):1:1
The above message uses the term "match" which isn't a common term in
JavaScript to describe destructuring. This message also doesn't
provide the name of the property that fails destructuring.
This patch changes the error message to be:
d8> var { x } = null;
(d8):1: TypeError: Cannot destructure property `x` of 'undefined' or 'null'.
var { x } = null;
^
TypeError: Cannot destructure property `x` of 'undefined' or 'null'.
at (d8):1:1
This patch changes the message to say "destructure" instead of "match".
This patch adds support for printing property names that are string
literals. We iterate through every property and pick the first string
literal property name if it exists. This provides at least some
feedback to the developer.
This patch also makes the pointer point to the position of the
property name that fails destructuring.
For computed and numeric property names, we print a generic error:
d8> var { 1: x } = null
(d8):1: TypeError: Cannot destructure against 'undefined' or 'null'.
var { 1: x } = null
^
TypeError: Cannot destructure against 'undefined' or 'null'.
at (d8):1:1
Bug: v8:6499
Change-Id: I35b1ac749489828686f042975294b9926e2dfc53
Reviewed-on: https://chromium-review.googlesource.com/537341
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45965}
This removes the ability to prepare bailout points in code generated by
the {FullCodeGenerator}. Such code is no longer used as the target of
deoptimization attempts, hence storing deoptimization data is obsolete.
R=jarin@chromium.org
BUG=v8:6409
Change-Id: I3200182a6e88014ce953881fa0d1ac0bc65ee424
Reviewed-on: https://chromium-review.googlesource.com/533153
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45939}
- Eliminates S32x4Shuffle, S16x8Shuffle opcodes. All shuffles are subsumed
by S8x16Shuffle. This aligns us with the latest WASM SIMD spec.
LOG=N
BUG=v8:6020
Review-Url: https://codereview.chromium.org/2923103003
Cr-Commit-Position: refs/heads/master@{#45929}
They were already implemented mostly in C++ (only error/negative
cases were handled in script), so this is mostly just a cleanup.
Only the constructors remain in script after this CL.
Bug: v8:6354
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I5b3579337a8e33dc30d49c2da5cfd42baec697bb
Reviewed-on: https://chromium-review.googlesource.com/531670
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45924}
This patch also fixes several cctests that require manual GC.
BUG=chromium:694255
Change-Id: Ida93ed2498a6c5b0187ee78d2b1da27d2ff1906a
Reviewed-on: https://chromium-review.googlesource.com/533233
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45913}
The function that generated a pre-shifted immediate didn't account for the
instruction with post-shift being unencodable. Fix this by passing
information about the target instruction, and use it to limit the application
of pre-shift.
BUG=chromium:725858
Change-Id: Ia0f70b2ea057975d90162aa6889f15b553acd321
Review-Url: https://codereview.chromium.org/2922173004
Cr-Commit-Position: refs/heads/master@{#45911}
This gives the embedder more context for deciding whether code
generation should be allowed or not, or they can chose to include the
code in a report.
BUG=chromium:732736
R=ahaas@chromium.org
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ibbaa3d0574319d290f15565be3eed2ee4d3dda36
Reviewed-on: https://chromium-review.googlesource.com/532875
Commit-Queue: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45905}
This reverts commit e39c9e020f.
Reason for revert: Breaks https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20debug/builds/15561
Original change's description:
> [compiler] Drive optimizations with feedback vector
>
> For interpreted functions, use the optimized code slot in the feedback vector
> to store an optimization marker (optimize/in optimization queue) rather than
> changing the JSFunction's code object. Then, adapt the self-healing mechanism
> to also dispatch based on this optimization marker. Similarly, replace SFI
> marking with optimization marker checks in CompileLazy.
>
> This allows JSFunctions to share optimization information (replacing shared
> function marking) without leaking this information across native contexts. Non
> I+TF functions (asm.js or --no-turbo) use a CheckOptimizationMarker shim which
> generalises the old CompileOptimized/InOptimizationQueue builtins and also
> checks the same optimization marker as CompileLazy and
> InterpreterEntryTrampoline.
>
> Change-Id: I6826bdde7ab9a919cdb6b69bc0ebc6174bcb91ae
> Reviewed-on: https://chromium-review.googlesource.com/509716
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#45901}
TBR=rmcilroy@chromium.org,mstarzinger@chromium.org,leszeks@chromium.org
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Change-Id: Ib6c2b4d90fc5f659a6dcaf3fd30321507ca9cb94
Reviewed-on: https://chromium-review.googlesource.com/532916
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45903}
For interpreted functions, use the optimized code slot in the feedback vector
to store an optimization marker (optimize/in optimization queue) rather than
changing the JSFunction's code object. Then, adapt the self-healing mechanism
to also dispatch based on this optimization marker. Similarly, replace SFI
marking with optimization marker checks in CompileLazy.
This allows JSFunctions to share optimization information (replacing shared
function marking) without leaking this information across native contexts. Non
I+TF functions (asm.js or --no-turbo) use a CheckOptimizationMarker shim which
generalises the old CompileOptimized/InOptimizationQueue builtins and also
checks the same optimization marker as CompileLazy and
InterpreterEntryTrampoline.
Change-Id: I6826bdde7ab9a919cdb6b69bc0ebc6174bcb91ae
Reviewed-on: https://chromium-review.googlesource.com/509716
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45901}
With the deprecation of Crankshaft, it's no longer necessary for
FullCodeGen to keep track of its runtime profiler ticks on the code
object, and we can instead unify the behaviour of FCG and Ignition to
both increment the SFI counter instead.
Bug: v8:6408
Change-Id: Idcdd673aa39af06fe15a0fc14dfda2afafb5e417
Reviewed-on: https://chromium-review.googlesource.com/528117
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45892}
The AST-based graph builder is by now only used for asm.js code. This
change hard-codes this assumption into the compilation pipeline and
hence allows us to remove support pertaining to deoptimization from
optimized code that was not derived from bytecode.
R=jarin@chromium.org
BUG=v8:6409
Change-Id: I1138f16f663db5b9ee34e3110184067b8fcffc8b
Reviewed-on: https://chromium-review.googlesource.com/531026
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45887}
Once a buffer has been externalized, V8 is no longer responsible for managing
the memory. The fact that V8 was freeing was leading to double free errors once
Blink's GC got around to freeing the buffer too.
Bug: chromium:730171, chromium:731046
Change-Id: Ib18a7e37cafd51bce0c5a983d5cf8f3e64eb2c13
Reviewed-on: https://chromium-review.googlesource.com/530132
Commit-Queue: Brad Nelson <bradnelson@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45882}
This feature has been on by default without incident
since V8 5.8.
Bug: v8:5051
Change-Id: I1baf81922efd87e07448955147c50a5ba5a0aa42
Reviewed-on: https://chromium-review.googlesource.com/532214
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45881}
Avoid constructing zones and large zone objects when initializing
WasmCompilationUnit. The main reason we did that is so we can cache
the CEntryStub node, which requires a code object, obtainable only
on the main thread. We need that value, however, on background threads,
which is also where we need the aforementioned large objects. We only
need that for the WasmCompilationUnits being currently compiled, which
is a number proportional to the number of background threads provided
by the embedder. Specifically, one zone is needed only for the duration
of the background compilation, while the second zone needs to survive
past that, so the compilation results may be committed to the GC heap
as Code objects.
The problem with these large objects is that the first allocation
in a Zone is at minimum 8KB. We used to allocate 2 zones. For
modules with 200K functions, that means 3.2GB of memory pre-allocated
before any of it is actually needed.
This change attaches a Handle to the CEntryStub on the WasmCompilationUnits,
and delays zone creation to when needed. The change also adds a way to
cache CEntryStubs in a JSGraph from a given Code handle - limited to the
scenario needed by wasm (and removable once we get wasm off the GC heap,
which subsumes removing this dependency on CEntryStubs)
An additional constraint for this change is that we want it to be easily
back-mergeable to address chromium:723899.
For the wasm payload in question, collecting the max memory used by d8
using /usr/bin/time --format='(%Xtext+%Ddata %Mmax)', we get the
following numbers (in KB):
- unchanged: 3307480
- patch 1: 1807140 (45% reduction)
- patch 3: 1230320 (62% reduction from first)
- patch 5/6: 519368 (84% reduction from first)
Bug: chomium:732010, chromium:723899
Change-Id: I45b96792daf8a9c8dc47d45fb52da75945a41401
Reviewed-on: https://chromium-review.googlesource.com/530193
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45880}
- Remove commented out line
- Simulate full space properly, independently of flags set
Bug:
Change-Id: I6013caae43eb40dd568fbd872eb0ee78288c61bf
Reviewed-on: https://chromium-review.googlesource.com/531084
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45874}
Distinguish the compilation caches instead by the shape of the key (cow fixed
array map meaning eval or script cache). This allows us to remove the odd "key"
argument from Shrink, EnsureCapacity and Rehash.
Bug: v8:6474
Change-Id: Ibcad22813063c3a9050da13dc51359f5b59e1254
Reviewed-on: https://chromium-review.googlesource.com/531184
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45873}
In many places in WasmModule and contained structs we store references
into the wire bytes as pairs of offset and length.
This CL introduces a WireBytesRef struct which encapsulates these two
connected fields. This makes it easier to pass them and assign them as
one unit.
R=ahaas@chromium.org, mtrofin@chromium.org
BUG=v8:6474
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I4f2a40d848a51dc6f6f599f9253c3c6ed6e51627
Reviewed-on: https://chromium-review.googlesource.com/530687
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45859}
This is a testing-only function, which is semantically equivalent to a
SyncCompile followed by SyncInstantiate.
We add a new SyncCompileAndInstantiate function to do those two steps
in one go, and use this method instead.
For AsmJs modules, a new testing function CompileAndRunAsmWasmModule is
introduced.
This is part of our effort to reduce the number of special paths for
testing. It is connected with
https://chromium-review.googlesource.com/529210, but should not
conflict with it.
After landing both CLs, we can later also get rid of
InstantiateModuleForTesting.
R=ahaas@chromium.org, mtrofin@chromium.org
BUG=v8:6474
Change-Id: I7891e968370d5eb68803076ce2639c65a2799dcc
Reviewed-on: https://chromium-review.googlesource.com/529844
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45852}
Callables for TF builtins are autogenerated and accessible through
Builtins::CallableFor. This removes the manually written accessors from
CodeFactory.
Bug: v8:6474,v8:5737
Change-Id: I9d8dec97995471c1bb258147220c190bf72e5de8
Reviewed-on: https://chromium-review.googlesource.com/530745
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45839}
This CL removes most occurences of "WASM" from outputs and comments in
the code. They are replaced either by "WebAssembly" or (especially in
comments) "wasm". These are the spellings officially proposed on
http://webassembly.org/.
R=ahaas@chromium.org
BUG=v8:6474
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Id39fa5e25591678263745a4eab266db546e65983
Reviewed-on: https://chromium-review.googlesource.com/529085
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45824}
In some [1] cases where a lexical declaration is not allowed, ASI will
cause a `let` at the end of a line to be interpreted as an
identifier. A recent patch [2] to fix up the error messages from
misplaced `let` usage was a little overzealous in triggering
the error, throwing a SyntaxError in this edge case. This patch
restores the ASI behavior, which is permitted in JSC and
SpiderMonkey as well. Thanks to a test262 test from Andre Bargull
for raising this issue.
[1] https://tc39.github.io/ecma262/#sec-expression-statement
[2] https://codereview.chromium.org/2697193007
Bug: v8:3305
Change-Id: I80ae8ad9a8a93389ff1003323f0d3f003e7a8c8e
Reviewed-on: https://chromium-review.googlesource.com/529225
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Daniel Ehrenberg <littledan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45817}
Also, as this is hard to track down, always DCHECK position after ReadBlock().
Change-Id: Ie32c3a311dd8df91f651b6d82ccacc7c95e6fde0
Reviewed-on: https://chromium-review.googlesource.com/528196
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45811}
In some codes flushing the registers was costly: we processed each
register whereas all the registers alone in their equivalence class need
not to be processed. We now overapproximate easily which classes are of
size 2 so as to save many iterations in the Flush() loop in some cases.
Bug: v8:6432
Change-Id: I945e151736e8a515263ac76312127d930fd20d74
Reviewed-on: https://chromium-review.googlesource.com/525795
Commit-Queue: Alexandre Talon <alexandret@google.com>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45805}
This removes the ability of the compilation pipeline to invoke the
Crankshaft optimizing compiler for JavaScript functions. Note that in
this state Crankshaft can still be used to compile code stubs.
R=rmcilroy@chromium.org
BUG=v8:6408
Change-Id: I0bec7c8ec7c705c13257df43796403a228ea631c
Reviewed-on: https://chromium-review.googlesource.com/527443
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45803}
In sloppy mode, allow multiply labelled function declarations, such as
a: b: function c() {}
Such a form is allowed by the specification, as well as ChakraCore,
SpiderMonkey and JSC (though ChakraCore because it doesn't enforce
any lexical label restrictions.)
Thanks to Andre Bargull for adding the test262 test which caught the bug.
Change-Id: I2d3f172830c2e63252f00afa03177a7d17d79a27
Reviewed-on: https://chromium-review.googlesource.com/527639
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Daniel Ehrenberg <littledan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45802}
Both Ignition and TurboFan have been enabled by default for a while.
This just disentangles the implication between those two flags and sets
the --ignition individually. They can now be controlled individually.
R=rmcilroy@chromium.org
BUG=v8:6408
Change-Id: I08eca85120160efa5868b5ca36d1613964ed82eb
Reviewed-on: https://chromium-review.googlesource.com/527637
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45800}
- Eliminates b1x4, b1x8, and b1x16 as distinct WASM types.
- All vector comparisons return v128 type.
- Eliminates b1xN and, or, xor, not.
- Selects take a v128 mask vector and are now bit-wise.
- Adds a new test for Select, where mask is non-canonical (not 0's and -1's).
LOG=N
BUG=v8:6020
Review-Url: https://codereview.chromium.org/2919203002
Cr-Commit-Position: refs/heads/master@{#45795}
Port 659e8f7b5c
Original Commit Message:
Instead of allocating and embedding certain heap numbers into the code
during code assembly, emit dummies but record the allocation requests.
Later then, in Assembler::GetCode, allocate the heap numbers and patch
the code by replacing the dummies with the actual objects. The
RelocInfos for the embedded objects are already recorded correctly when
emitting the dummies.
R=neis@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, bjaideep@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=v8:6048
LOG=N
Review-Url: https://codereview.chromium.org/2929843002
Cr-Commit-Position: refs/heads/master@{#45793}
Add the ability for the typer to track whether a string could be the empty
string. This is needed for typed lowering of JSStringConcat since we can't
create cons string chain with the empty string in arbitrary positions.
The ToPrimitiveToString bytecode handler is modified to collect feedback on
whether it has ever seen the empty string, which is used by
SpeculativeToPrimitiveToString to ensure that the output is non-empty (or
depot) which will subsiquently be used to enable inline cons-string creation
for the JSStringConcat operator in typed lowering in a subsiquent CL.
BUG=v8:6243
Change-Id: I41b99b59798993f756aada8cff90fb137d65ea52
Reviewed-on: https://chromium-review.googlesource.com/522122
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45786}
The variant in question was intended to test Crankshaft, which is being
deprecated. Note that the variants 'nooptimization' and 'fullcode' still
test configuration where TurboFan is not active.
R=machenbach@chromium.org
BUG=v8:6408
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I587c3eee7ba511dfc270aab66b546d2532bc635f
Reviewed-on: https://chromium-review.googlesource.com/528133
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45785}
Don't treat new prototypes differently depending on how they become a
prototype. This is work towards always keeping prototypes in slow-mode.
Bug: v8:6471
Change-Id: I62de1018e21d91fda3a5da044615f32c718910b1
Reviewed-on: https://chromium-review.googlesource.com/526596
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45781}
Array buffers can now have an allocation that is larger than the actual
buffer, such as when WebAssembly guard regions are enabled. Embedders
need to know the actual allocation start and length when externalizing
a buffer so they can deallocate it properly.
Bug: chromium:720302, v8:5277
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ifc184fdd59d77af01c07a64d2c0229ca859a01b0
Reviewed-on: https://chromium-review.googlesource.com/523271
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45777}
The two variants "turbofan" and "turbofan_opt" are not part of any of
the default sets of variants that run-tests.py uses. The only way to
trigger execution would be via the --variants flag directly, which our
infrastructure is not doing.
R=machenbach@chromium.org
Change-Id: Ifa58cb4a83a3760ffba73e8b40b417a845f53506
Reviewed-on: https://chromium-review.googlesource.com/526637
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45772}
Adds support for Speculatively lower ToPrimitiveToString to CheckString
where the type hint shows the value has always been a string.
BUG=v8:6243
Change-Id: I7f36deb8c2bc309e6d0546e099c76ac518c6be09
Reviewed-on: https://chromium-review.googlesource.com/521123
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45760}
Adds support for lowering of ToPrimitiveToString and StringConcat bytecodes
to the corresponding builtins. As part of this, moves the interpreter
implementation of these operations into the appropriate builtin generators
and add builtin support for them.
Also adds TailCallRuntimeN operator to code-assembler which enables tail calling
a runtime function when the arguments have already been pushed onto the stack.
BUG=v8:6243
Change-Id: Id5c851bc42e4ff490d9a23a8990ae331c7eac73e
Reviewed-on: https://chromium-review.googlesource.com/515362
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45756}
This reverts commit 7fa071a48b.
Reason for revert: https://bugs.chromium.org/p/chromium/issues/detail?id=729482
Original change's description:
> Reland [parser] Refactor streaming scanner streams.
>
> Unify, simplify logic, reduce UTF8 specific handling.
>
> Intend of this is also to have stream views.
> Stream views can be used concurrently by multiple threads, but
> only one thread may fetch new data from the underlying source.
> This together with unified stream view creation is intended to be
> used for parse tasks.
>
> BUG=v8:6093
>
> Change-Id: I3bce48185fa2c986d16619a9a8ece3ff4c4f5e60
> Reviewed-on: https://chromium-review.googlesource.com/509489
> Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Commit-Queue: Wiktor Garbacz <wiktorg@google.com>
> Cr-Commit-Position: refs/heads/master@{#45688}
TBR=marja@chromium.org,vogelheim@chromium.org,wiktorg@google.com
# Not skipping CQ checks because original CL landed > 1 day ago.
BUG=v8:6093
Change-Id: Iefa7c43a2f6ae3a7f3ef0f77d87b6ae36ae4be99
Reviewed-on: https://chromium-review.googlesource.com/525712
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45725}
For now skip WASM SIMD tests that fail when MIPS SIMD extension
is not available. Turn on these tests again when simd scalar lowering
mechanism supports all WASM SIMD operations.
Bug:
Change-Id: I4589680147c04716ed66680aaa06639f4f2452d0
Reviewed-on: https://chromium-review.googlesource.com/524082
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@imgtec.com>
Reviewed-by: Miran Karić <Miran.Karic@imgtec.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@imgtec.com>
Cr-Commit-Position: refs/heads/master@{#45721}
Introduces ThrowReferenceErrorIfHole / ThrowSuperNotCalledIfHole
/ ThrowSuperAlreadyCalledIfNotHole bytecodes to handle hole checks.
In the bytecode-graph builder they are handled by introducing a deopt point
instead of adding explicit control flow. JumpIfNotHole / JumpIfNotHoleConstant
bytecodes are removed since they are no longer required.
Bug: v8:4280, v8:6383
Change-Id: I58b70c556b0ffa30e41a0cd44016874c3e9c5fe1
Reviewed-on: https://chromium-review.googlesource.com/509613
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45720}
The change also moves creation of the iterator result from the parser to the bytecode generator.
Unfortunately, async generators will stay on the old scheme (try-finally around generator body) because I am not exactly sure how they work.
Review-Url: https://codereview.chromium.org/2917263002
Cr-Commit-Position: refs/heads/master@{#45713}
Now that the BytecodeGenerator has a dedicated register holding
the generator object, BytecodeGenerator::VisitSuspend can
access the generator directly from that register. This reduces
by one the number of live registers at each suspend point.
Bug: v8:6351, v8:6460
Change-Id: I380a9d2bd8ca7eec6720e5392c1ca07dd0df0e2d
Reviewed-on: https://chromium-review.googlesource.com/522982
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45710}
Unify, simplify logic, reduce UTF8 specific handling.
Intend of this is also to have stream views.
Stream views can be used concurrently by multiple threads, but
only one thread may fetch new data from the underlying source.
This together with unified stream view creation is intended to be
used for parse tasks.
BUG=v8:6093
Change-Id: I3bce48185fa2c986d16619a9a8ece3ff4c4f5e60
Reviewed-on: https://chromium-review.googlesource.com/509489
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Wiktor Garbacz <wiktorg@google.com>
Cr-Commit-Position: refs/heads/master@{#45688}
Based on past discussions I'm going to try to reland this change. This makes window.document and document behave the same after navigation, which is a change from what the spec says. If this works out though, it would greatly simplify the spec; and fix the fact that currently it's leaking the underlying global object, which we don't want for security and object-identity reasons.
Bug: chromium:713732
Change-Id: I5ce89afb46349ff92b7f5a884a7c388fcff887bf
Reviewed-on: https://chromium-review.googlesource.com/522605
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45678}
Unfortunately, even for an empty generator, we still use 8 register for various things (try-finally, copies of generator object, parser-introduced temporaries). I will try to get rid of these in separate CLs.
Changes:
- SuspendGenerator bytecode now takes register list to save.
- ResumeGenerator was split into two bytecodes:
* Resume generator reads the state out and marks the generator as
'executing'.
* RestoreGeneratorRegisters reloads the registers from
the generator.
+ this required adding support for output register list.
- Introduced generator_object_ register in the bytecode generator.
* in subsequent CLs, I will make better use of it, the goal is
to get rid if the .generator_object local variable.
- Taught register optimizer to flush unassigned registers.
BUG=v8:6379
Review-Url: https://codereview.chromium.org/2894293003
Cr-Commit-Position: refs/heads/master@{#45675}
This reverts commit ba8a753947.
Reason for revert: A layout test is unhappy:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/16010
Original change's description:
> Reland "[runtime] Pass global proxy as receiver to native accessors in case of contextual access"
>
> Based on past discussions I'm going to try to reland this change. This makes window.document and document behave the same after navigation, which is a change from what the spec says. If this works out though, it would greatly simplify the spec; and fix the fact that currently it's leaking the underlying global object, which we don't want for security and object-identity reasons.
>
> Bug: chromium:713732
> Change-Id: I835ef510fc78f04c602434a7cec6420e027c4012
> Reviewed-on: https://chromium-review.googlesource.com/520764
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Kentaro Hara <haraken@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#45654}
TBR=haraken@chromium.org,verwaest@chromium.org
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:713732
Change-Id: Iecde1cd855c21efa73939bbfbff0c26540ee2d98
Reviewed-on: https://chromium-review.googlesource.com/521045
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45659}
Based on past discussions I'm going to try to reland this change. This makes window.document and document behave the same after navigation, which is a change from what the spec says. If this works out though, it would greatly simplify the spec; and fix the fact that currently it's leaking the underlying global object, which we don't want for security and object-identity reasons.
Bug: chromium:713732
Change-Id: I835ef510fc78f04c602434a7cec6420e027c4012
Reviewed-on: https://chromium-review.googlesource.com/520764
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45654}
DebugInfo was very closely tied to break point support:
* It contained only information relevant to break points.
* It was created and freed by break point implementation.
* Existence of a DebugInfo on the shared function info implied existence of
break points.
This CL is a step towards making DebugInfo usable by other debugging
functionality such as block coverage by decoupling it from break point support,
which is now only one kind of information stored on the DebugInfo object.
BUG=v8:6000
Review-Url: https://codereview.chromium.org/2909893002
Cr-Commit-Position: refs/heads/master@{#45640}
Most prototype implementations are not fully supported in the
interpreter. This is the case at least for exception handling, simd, and
atomics. Any function can be redirected to the interpreter though,
either by passing --wasm-interpret-all, or by dynamically redirecting to
the interpreter for debugging.
Making the flags experimental keeps the fuzzer from playing around with
these flags.
Drive-by: Refactor tests which explicitly set the prototype flag to use
a new scope for that.
R=ahaas@chromium.org
BUG=chromium:727584
Change-Id: I67da79f579f1ac93c67189afef40c6524bdd4430
Reviewed-on: https://chromium-review.googlesource.com/519402
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45639}
Instead of allocating and embedding certain heap numbers into the code
during code assembly, emit dummies but record the allocation requests.
Later then, in Assembler::GetCode, allocate the heap numbers and patch
the code by replacing the dummies with the actual objects. The
RelocInfos for the embedded objects are already recorded correctly when
emitting the dummies.
R=jarin@chromium.org
BUG=v8:6048
Review-Url: https://codereview.chromium.org/2900683002
Cr-Commit-Position: refs/heads/master@{#45635}
This reverts commit c5aad5f284
The CL was reverted due to missing Chromium dependencies.
This commit removes the simulator trace-based tests, and the associated header file dependencies, previously pulled in by DEPS. The NEON support now has only hand-written tests, in test-assembler-arm64.cc. The remaining tests can be added in a later patch.
BUG=chromium:718439
Original issue's description:
> Reland "ARM64: Add NEON support"
>
> This reverts commit cc047635ff.
> The CL was reverted due to a missing DEPS mirror.
>
> Original issue's description:
> > ARM64: Add NEON support
> >
> > Add assembler, disassembler and simulator support for NEON in the ARM64 backend.
> >
> > BUG=
> >
> > Review-Url: https://codereview.chromium.org/2622643005
> > Cr-Commit-Position: refs/heads/master@{#44306}
>
> BUG=
>
> Review-Url: https://codereview.chromium.org/2812573003
> Cr-Commit-Position: refs/heads/master@{#44652}
Review-Url: https://codereview.chromium.org/2896303003
Cr-Commit-Position: refs/heads/master@{#45633}
In current implementation in expressions like await foo() we have break location right after foo call and before actual await.
And we additionally have a lot of other statement locations because of do scope.
Let's move async debugging closer to sync debugging and introduce only one break location for await - before awaited function call.
Bug: v8:6425,v8:6162
Change-Id: I7568767856022c49101e7f3b7e39a2e401d21644
Reviewed-on: https://chromium-review.googlesource.com/514046
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45625}
- Enable aggressive lazy inner funcs (make non-declaration funcs lazy, ie let f =
function() { ... } when --experimental-preparser-scope-analysis is on.
- Turn on variable tracking for lazy top level functions: this makes their inner
functions skippable.
- Test fix for an testing bug uncovered by this work: when restoring the data
for the relevant scope, don't assume it's the outermost scope for which we
have data.
- Fix: if we abort lazy parsing a function, we shouldn't produce any data for
it.
BUG=v8:5516
Change-Id: I0606fbabb5886dc57dbb53ab5f3fb894ff5d032e
Reviewed-on: https://chromium-review.googlesource.com/518165
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45615}
This CL improves break locations for expressions like 'var a = <expr>'. Without CL we use <expr> position as break location for initialization statement, with this CL we use position of first character after '=' as position.
Benefits (see test for details):
- only one break in expressions which includes mix of property lookup and calls, e.g. var p = Promise.resolve().then(x => x * 2),
- removed redundant break location for expressions like: let { x, y } = { x: 1, y: 2}.
TBR=dgozman@chromium.org,rmcilroy@chromium.org,machenbach@chromium.org,marja@chromium.org,kozyatinskiy@chromium.org,devtools-reviews@chromium.org,v8-reviews@googlegroups.com
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:5909
Change-Id: Ie84fa79afeed09e28cf8478ba610a0cfbfdfc294
Reviewed-on: https://chromium-review.googlesource.com/518116
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45598}
This is consistent with C++ memory model and avoids confusion with GC
write barrier.
BUG=
Review-Url: https://codereview.chromium.org/2912773002
Cr-Commit-Position: refs/heads/master@{#45584}
By moving StatsTable from class Isolate to class Counters, it make the
class StatsTable thead safe. This is needed because these two classes
call each other, and for background compilation, instances of the
Counters class can persist longer that the corresponding Isolate it
came from.
It also removes unnecessary hops to the the Isolate, and checks if the
StatsTable has been created, for these communications.
BUG=v8:6361
Review-Url: https://codereview.chromium.org/2906063002
Cr-Commit-Position: refs/heads/master@{#45576}
All APIs that can throw exceptions should return Maybe<> values
BUG=none
R=neis@chromium.org,gsathya@chromium.org
Change-Id: I6a6e5888cd71257bb02bdcfcc587c909d0c1d8f4
Reviewed-on: https://chromium-review.googlesource.com/517785
Commit-Queue: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45557}
Tests should instead be skipped or fixed.
Existing timeout expectations are either optimistically deleted or replaced by the SLOW keyword.
Change-Id: Ic43f52bf18d0702674c95f9263a109041a1c9cd8
Reviewed-on: https://chromium-review.googlesource.com/518122
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45552}
The test OneByteArrayJoin failed on MIPS64 in debug mode after
https://chromium-review.googlesource.com/c/489946/ with error messages
"allocation failure GC in old space requested" and
"Fatal javascript OOM in CALL_AND_RETRY_LAST". Successful test execution
is possible on two ways: with flag --max_old_space_size=7 or with
modification in the test (constraints.set_max_old_space_size(7)).
TEST=cctest/test-strings/OneByteArrayJoin
BUG=
Review-Url: https://codereview.chromium.org/2907803002
Cr-Commit-Position: refs/heads/master@{#45548}
This reverts commit 7a9cc70492.
Reason for revert: Changes layout tests:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/15882
This is about:
inspector/sources/debugger/source-frame-inline-breakpoint-decorations.html
Original change's description:
> [inspector] moved var initialization break location before init expression
>
> This CL improves break locations for expressions like 'var a = <expr>'. Without CL we use <expr> position as break location for initialization statement, with this CL we use position of first character after '=' as position.
> Benefits (see test for details):
> - only one break in expressions which includes mix of property lookup and calls, e.g. var p = Promise.resolve().then(x => x * 2),
> - removed redundant break location for expressions like: let { x, y } = { x: 1, y: 2}.
>
> Bug: v8:5909
> Change-Id: I039d911903a2826c9859710a63ab0462c992e11b
> Reviewed-on: https://chromium-review.googlesource.com/513926
> Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#45530}
TBR=dgozman@chromium.org,marja@chromium.org,kozyatinskiy@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:5909
Change-Id: Ibf84401e8050d3c84db219d983de2c6bba0f697f
Reviewed-on: https://chromium-review.googlesource.com/518102
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45547}
This CL improves break locations for expressions like 'var a = <expr>'. Without CL we use <expr> position as break location for initialization statement, with this CL we use position of first character after '=' as position.
Benefits (see test for details):
- only one break in expressions which includes mix of property lookup and calls, e.g. var p = Promise.resolve().then(x => x * 2),
- removed redundant break location for expressions like: let { x, y } = { x: 1, y: 2}.
Bug: v8:5909
Change-Id: I039d911903a2826c9859710a63ab0462c992e11b
Reviewed-on: https://chromium-review.googlesource.com/513926
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45530}
- Increase FPUregisters_[] element size to 128b in order to support MSA regs
- Add skeleton for MSA instr. decoding in mips32 and mips64 simulator
- Add support for fill.df, copy_u.df and copy_s.df MSA instructions
- Assembler test for fill.df, copy_u.df and copy_s.df
BUG=
Review-Url: https://codereview.chromium.org/2799923002
Cr-Commit-Position: refs/heads/master@{#45529}
Rather than trying to pre-calculate the number of contexts required during
scope analysis, instead just allocate context registers in the register
allocator. This reduces frame size a bit due to reusing of registers when
the context isn't pushed.
BUG=v8:6322, chromium:716265
Change-Id: I145e38fcb3797a3b86c91e90ea9326a6e55b9b89
Reviewed-on: https://chromium-review.googlesource.com/514087
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45522}
In particular, local variables should be allocated on stack (in bytecode register), and stored/loaded to the generator object on generator suspend/resume.
The CL is based on @adamk's change to scoping/parsers (https://chromium-review.googlesource.com/c/498538/), I only made the debugger cope with this change.
I should note that the CL changes the scope type of suspended generators from ScopeType.Closure to ScopeType.Local. In the future we might want to introduce ScopeType.SuspendedGenerator to make the distinction explicit.
Some of the changes in the tests have been made because the debugger functions do not return scopes of closed generators anymore. Generators should be allowed to throw away their internal state when they finish.
BUG=v8:6368
Review-Url: https://codereview.chromium.org/2898163002
Cr-Commit-Position: refs/heads/master@{#45515}
There are two break locations at the same source location by desugaring:
- call iterator.next,
- before variable assignment.
Additionally location for for..of loops is moved from before "of" to before each variable expression.
We should not report first implicit call to avoid user confusion. User still able to go into .next function with both scenarios:
- when this call is reached by stepOver or stepInto from previous line,
- when this call is reached because of breakpoint at current line.
BUG=v8:6425
R=dgozman@chromium.org,jgruber@chromium.org
Review-Url: https://codereview.chromium.org/2893313002
Cr-Commit-Position: refs/heads/master@{#45509}
Add a sequential string type to the compiler, and transform
charCodeAt on SeqString into SeqStringCharCodeAt.
SeqStringCharCodeAt can handle one and two byte strings.
Bug: v8:6391
Change-Id: I2785257522c28f3b268c9833f5313e9630cb982a
Reviewed-on: https://chromium-review.googlesource.com/509573
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45508}
This avoids emitting redundant {PopContext} bytecode instructions when
non-local control-flow leaves the method body. It also folds multiple
such {PopContext} instructions into one, in case several scoping levels
are crossed at one. Only the expected context of the target of a local
control-flow transfer matters.
R=rmcilroy@chromium.org
TEST=debugger/regress/regress-crbug-724858
BUG=chromium:724858
Change-Id: Id4a47ae9fea25e75ae1af13619720b16a3975edf
Reviewed-on: https://chromium-review.googlesource.com/512545
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45507}
A number of improvements in mips64 load immediate macro is added per
suggestions from MIPS ART team. Also fix Subu and Dsubu macro, add a
test for Subu and Dsubu and make minor code adjustments.
BUG=
TEST=cctest/test-assembler-mips/li_macro
cctest/test-assembler-mips/Subu
cctest/test-assembler-mips/Dsubu
Review-Url: https://codereview.chromium.org/2892163002
Cr-Commit-Position: refs/heads/master@{#45493}
This reverts commit bdf70aa0e2.
Reason for revert: Breaks perf testing. Comma missing in json.
Original change's description:
> [Interpreter] Improve handling of a === true / false.
>
> Add support for direct jumping on True/False for strict equals of boolean
> literals. This improves the score for such comparisons by around 75% on
> baseline code, and by around 40x on optimized code for the added performance
> test.
>
> Bug=v8:6403
>
> Change-Id: I81ea16a057e081eb6d159cd64c8e8615f65f9abb
> Reviewed-on: https://chromium-review.googlesource.com/509570
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Mythri Alle <mythria@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#45450}
TBR=rmcilroy@chromium.org,mythria@chromium.org,bmeurer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Bug=v8:6403
Change-Id: I12b1868ba22354d056f38fe36e3c1e5fae5aa1b5
Reviewed-on: https://chromium-review.googlesource.com/509577
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45459}
Most of the plumbing is already present in the non-public API. According to
ES2016, Symbols are also accepted in calls to getOwnProperty(), and taking
them is required in Blink for proper record<K,V> WebIDL conversions.
R=jochen@chromium.org,verwaest@chromium.org
Bug: chromium:724481
Change-Id: I0dfe0e57f6d811f04ecbfd8ec0c97e44c9f02c96
Reviewed-on: https://chromium-review.googlesource.com/509611
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Commit-Queue: Raphael Kubo da Costa (rakuco) <raphael.kubo.da.costa@intel.com>
Cr-Commit-Position: refs/heads/master@{#45454}
Special cases addition expressions where one of the sides is known to be a
string to enable chains of string additions to be transformed into a series
of ToPrimitiveToString operations followed by a single string concatenation
at the end of the chain of additions. This should avoid creating temporary
strings for each of the string additions (in essence this is an automated
string builder).
BUG=v8:6243
Change-Id: I44977d6dad00ee906f251c4bd9cab27e160c09d1
Reviewed-on: https://chromium-review.googlesource.com/493966
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45453}
Add support for direct jumping on True/False for strict equals of boolean
literals. This improves the score for such comparisons by around 75% on
baseline code, and by around 40x on optimized code for the added performance
test.
Bug=v8:6403
Change-Id: I81ea16a057e081eb6d159cd64c8e8615f65f9abb
Reviewed-on: https://chromium-review.googlesource.com/509570
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45450}
Only FullCodegen code ever gets flushed by code flushing. Since we are
deprecating the old pipeline, the added complexity introduced by code
flushing is no longer worth it. This CL removes it (but keeps code aging,
which is used to unlink SFIs from the compilation cache).
BUG=v8:6389,v8:6379,v8:6409
Change-Id: I90de113a101f86dbeaaf0511c61a090ef12aa365
Reviewed-on: https://chromium-review.googlesource.com/507388
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45446}
Currently SIMD integer comparison ops are implemented using Lt/Le, this is
sub-optimal on Intel, because all compares are done using pcmpgt(d/w/b) that
clobber the destination register, and will need additional instructions to
when using Lt/Le as the base implementation. This CL proposes moving to Gt/Ge
as the underlying implementation as this will only require swapping operands
on MIPS and is consistent with x86/ARM instructions.
BUG=v8:6020
R=bbudge@chromium.org, bmeurer@chromium.org, bradnelson@chromium.org
Review-Url: https://codereview.chromium.org/2874403002
Cr-Commit-Position: refs/heads/master@{#45440}
Bug:v8:6055
Change-Id: Ifeac048e5bee2d1782cdaaabe9f5257129b7be0e
Reviewed-on: https://chromium-review.googlesource.com/508528
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Loo Rong Jie <loorongjie@gmail.com>
Cr-Commit-Position: refs/heads/master@{#45437}
The WebAssembly code now uses these new APIs to allocate memory with guard
regions. Guarded array buffers are no longer always external, which eliminates
a lot of special cases around WebAssembly memory.
Bug: chromium:720302
Change-Id: I355b74ac30a05a18c8b363bd256d57458742849f
Reviewed-on: https://chromium-review.googlesource.com/505715
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45436}
All targets (at least on sanitizer builds) unconditionally depend
on //build/config/sanitizers:deps.
It is necessary for bug 593874 that all targets now also depend
on //buildtools/third_party/libc++:libcxx_proxy. This requires
adding a new "global dependency": //build/config:exe_and_shlib_deps.
This CL updates references to sanitizers:deps to instead refer to
//build/config:exe_and_shlib_deps.
BUG=chromium:723069
R=bradnelson@chromium.org
Review-Url: https://codereview.chromium.org/2894013003
Cr-Commit-Position: refs/heads/master@{#45435}
GeneratorClose is pretty simple, we can handle it in the interpreter.
BUG=v8:6351
Review-Url: https://codereview.chromium.org/2891353002
Cr-Commit-Position: refs/heads/master@{#45434}
This CL enforces passing an AssemblerDebugInfo object to Bind, most convently
acheived by the BIND macro.
Change-Id: I092714f10803f529d01d2fe716b96275b2bee806
Reviewed-on: https://chromium-review.googlesource.com/508729
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45433}
Split BytecodeGenerator::VisitSuspend into two pieces, one for
building the suspension code and one for resumption (these
are split into separate Build methods for convenience).
Each gets its own RegisterAllocationScope, which allows us to
reduce the register file size of the empty generator by 1.
For consistency, rename VisitGeneratorPrologue() to
BuildGeneratorPrologue() to match the names of the two
newly-created methods.
This relands the patch originally committed in
98927ea51b, as the test failure
due to that change was a code flushing bug. Code flushing was
disabled in de4a4095cf.
R=rmcilroy@chromium.org
Bug: v8:6379
Change-Id: Ifb4deafea99693c0a4e8646cf4e9884c7374cfc6
Reviewed-on: https://chromium-review.googlesource.com/508814
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45406}
This reverts commit ce538f70c1.
Reason for revert: breaks BOM handling (thus breaking Outlook web apps).
Original change's description:
> [parser] Refactor streaming scanner streams.
>
> Unify, simplify logic, reduce UTF8 specific handling.
>
> Intend of this is also to have stream views.
> Stream views can be used concurrently by multiple threads, but
> only one thread may fetch new data from the underlying source.
> This together with unified stream view creation is intended to be
> used for parse tasks.
>
> BUG=v8:6093
>
> Change-Id: Ied8e93090c506d4735080298f0fdaeed32043915
> Reviewed-on: https://chromium-review.googlesource.com/501789
> Commit-Queue: Wiktor Garbacz <wiktorg@google.com>
> Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#45336}
TBR=marja@chromium.org,vogelheim@chromium.org,jochen@chromium.org,wiktorg@google.com
BUG=v8:6093, chromium:724166
Change-Id: I022a23b8052d20d83a640c07b7864c622548bf90
Reviewed-on: https://chromium-review.googlesource.com/508888
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45404}
This patch adds HeapObject::set_map_after_allocation method that
initializes the map of the object without object layout checks.
All other map setters now check that transitions unsafe for
concurrent marking properly notify the GC.
BUG=chromium:694255
Review-Url: https://codereview.chromium.org/2885883004
Cr-Commit-Position: refs/heads/master@{#45403}
For a single deferred commands, using a jump table is overkill, so
instead simply test the token against the single entry.
Bug: v8:4280
Bug: v8:6218
Change-Id: I0300f640080705fb10f46ad4ed5791703fa4dd77
Reviewed-on: https://chromium-review.googlesource.com/506153
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45393}
Super calls need to refer to .this_function, .new.target and this, and super
property references need to refer to .this_function and this, so that the
is_used for those variables will be set and they will be allocated correctly.
BUG=v8:5516
Change-Id: Idc58539fccad70c995e029051b59a67ea66bff91
Reviewed-on: https://chromium-review.googlesource.com/506094
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45376}
AstNodeFactory used to get the Zone directly from AstValueFactory. But that's
generally the wrong Zone (the main Zone, instead of the temp Zone), and the
creator of AstNodeFactory had to call set_zone right after. By adding a Zone
param, we can pass the correct Zone right away.
Also made PreParserFactory have an AstNodeFactory, so that we don't need to
create temporary AstNodeFactories all the time.
Also removed AstNodeFactory::BodyScope since DiscardableZoneScope essentially
did the same thing already.
BUG=v8:5516,v8:6092
Change-Id: I189d2e6afe91c91e49d8ed7e3496a0d9c405e1c5
Reviewed-on: https://chromium-review.googlesource.com/507129
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45370}
Since deferred return/async return/rethrow commands don't have an associated
statement, we can reuse their entries in the deferred command list.
Bug: v8:4280
Bug: v8:6218
Change-Id: Ic51fb735d4ea13ebea1d5e456ec5689c0d98a4ac
Reviewed-on: https://chromium-review.googlesource.com/506077
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45344}
Reland d8bfdb7a99
Original commit message:
If alignment parameter is set, the memory returned by the
StackSlot operator will be aligned according to the parameter.
The implementation goes like this. If alignment parameter is set
we allocate a bit more memory than actually needed and so we
can move the beginning of the StackSlot in order to have it aligned.
BUG=
Review-Url: https://codereview.chromium.org/2874713003
Cr-Commit-Position: refs/heads/master@{#45339}
Unify, simplify logic, reduce UTF8 specific handling.
Intend of this is also to have stream views.
Stream views can be used concurrently by multiple threads, but
only one thread may fetch new data from the underlying source.
This together with unified stream view creation is intended to be
used for parse tasks.
BUG=v8:6093
Change-Id: Ied8e93090c506d4735080298f0fdaeed32043915
Reviewed-on: https://chromium-review.googlesource.com/501789
Commit-Queue: Wiktor Garbacz <wiktorg@google.com>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45336}
Depending on the input elements, we can allocate a FAST_{SMI_,DOUBLE_,}KIND
backing store.
BUG=v8:6398
Review-Url: https://codereview.chromium.org/2887653002
Cr-Commit-Position: refs/heads/master@{#45323}
This reverts commit 98927ea51b.
Reason for revert: Breaks Mac GC Stress bot.
https://uberchromegw.corp.google.com/i/client.v8/builders/V8%20Mac%20GC%20Stress/builds/13299/steps/Mjsunit/logs/for-await-of
Original change's description:
> [ignition] Be smarter about register allocation in VisitSuspend
>
> Split BytecodeGenerator::VisitSuspend into two pieces, one for
> building the suspension code and one for resumption (these
> are split into separate Build methods for convenience).
> Each gets its own RegisterAllocationScope, which allows us to
> reduce the register file size of the empty generator by 1.
>
> For consistency, rename VisitGeneratorPrologue() to
> BuildGeneratorPrologue() to match the names of the two
> newly-created methods.
>
> Bug: v8:6379
> Change-Id: I08a617a44f99706cfff09bf86fb0a25a9cd6e032
> Reviewed-on: https://chromium-review.googlesource.com/503593
> Commit-Queue: Adam Klein <adamk@chromium.org>
> Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#45318}
TBR=rmcilroy@chromium.org,adamk@chromium.org,neis@chromium.org,kozyatinskiy@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Bug: v8:6379
Change-Id: I787fc3811c4f33a8021cf9170d43a74ed9b55d1c
Reviewed-on: https://chromium-review.googlesource.com/506548
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45319}
Split BytecodeGenerator::VisitSuspend into two pieces, one for
building the suspension code and one for resumption (these
are split into separate Build methods for convenience).
Each gets its own RegisterAllocationScope, which allows us to
reduce the register file size of the empty generator by 1.
For consistency, rename VisitGeneratorPrologue() to
BuildGeneratorPrologue() to match the names of the two
newly-created methods.
Bug: v8:6379
Change-Id: I08a617a44f99706cfff09bf86fb0a25a9cd6e032
Reviewed-on: https://chromium-review.googlesource.com/503593
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45318}
Introduce a new SwitchSmiTable bytecode for generators, which does a
table lookup for the accumulator value in a jump table stored in the
constant array pool. This removes the if-else chains at resumable
function/loop headers.
As a drive-by, add a scoped environment saving struct to the bytecode
graph builder.
Bug: v8:6351
Bug: v8:6366
Change-Id: I63be15a8b599d6684c7df19dedb8860562678fb0
Reviewed-on: https://chromium-review.googlesource.com/500271
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45314}
- Default constructor scopes won't need the scope data for deciding the scope
allocation of variables inside them. Also, PreParser doesn't construct them. So
they should be just skipped when applying the scope data.
- PreParser needs to declare the class name + have a proper end position for
the class scope.
- This makes all mjsunit tests pass with --experimental-preparser-scope-analysis.
- Also added several DCHECKs which were useful for debugging.
BUG=v8:5516
Change-Id: I5b3e6c60ed79efe25f33576a3547d707c700c6dd
Reviewed-on: https://chromium-review.googlesource.com/503208
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45303}
Crankshaft flag and opt flag mostly serve the same purpose. Using
crankshaft to mean use optimizing compiler is a bit confusing.
This cl: https://chromium-review.googlesource.com/c/490206/ fixes
the tests to use opt instead of crankshaft flag.
One difference between --no-crankshaft and --no-opt would be that
--no-opt would mean no optimizations at all where as with --no-crankshaft
would mean we can force optimizations using %OptimizeFunctionOnNextCall.
Bug: v8:6325
Change-Id: If17393ac5b6af4ea6e9a98e092f0261c2e0899c5
Reviewed-on: https://chromium-review.googlesource.com/490307
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45298}
This is almost identical to V8's default array buffer allocator. The only
difference is that 0 byte allocations are changed into 1 byte allocations. We
do not seem to need this behavior, so it does not seem worth maintaining yet
another allocator.
Bug:
Change-Id: I94f45f1276958791be9a6f2405fcfba8fa6eaa38
Reviewed-on: https://chromium-review.googlesource.com/505199
Reviewed-by: Ben Smith <binji@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45282}
This lets us avoid allocating the "this" variable for every
generator, since the BytecodeGenerator can directly read
the receiver via BytecodeArrayBuilder::Receive() when passing
it into %_CreateJSGeneratorObject.
Bug: v8:6351
Change-Id: Ib5e1f3303b6b5d5fc051ce76ea62129fd6afac65
Reviewed-on: https://chromium-review.googlesource.com/500507
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Caitlin Potter <caitp@igalia.com>
Cr-Commit-Position: refs/heads/master@{#45281}
This makes sure that the order of exports as they appear in asm.js
modules is maintained globally (not just per function) while being
translated to a WASM module.
R=clemensh@chromium.org
TEST=mjsunit/asm/asm-validation
BUG=chromium:720586
Change-Id: I8b26d717ae2f88467d41670bced901f196c7b3fc
Reviewed-on: https://chromium-review.googlesource.com/503708
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45277}
This removes logic tracking whether a number literal in the source
contained a "dot" character or not. The tracking was only needed for
validation of asm.js modules on the AST, it is obsolete now.
R=marja@chromium.org
Change-Id: Ib474e2281db80fe56d43e1af52221a7c66261e01
Reviewed-on: https://chromium-review.googlesource.com/503228
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45255}
- Currently if GrowMemory is called with pages = 0, an attempt is made to
unregister the ArrayBuffer even if it is external. Cleanup so all Detaching
of ArrayBuffer is centralized to one method, and can only be called fromJS.
- Gate creating WeakHandles to the memory on the buffer having guard pages
enabled. Currently creating a WeakHandle is gated only on if the buffer
is_external true. If a buffer is marked is_external = true to begin with,
the WeakHandle is created and the Finalizer is run causing the program to
crash.
BUG=chromium:717647
Review-Url: https://codereview.chromium.org/2867233002
Cr-Commit-Position: refs/heads/master@{#45238}
Since the feedback vector is itself a native context structure, why
not store optimized code for a function in there rather than in
a map from native context to code? This allows us to get rid of
the optimized code map in the SharedFunctionInfo, saving a pointer,
and making lookup of any optimized code quicker.
Original patch by Michael Stanton <mvstanton@chromium.org>
BUG=v8:6246,chromium:718891
TBR=yangguo@chromium.org,ulan@chromium.org
Change-Id: I3bb9ec0cfff32e667cca0e1403f964f33a6958a6
Reviewed-on: https://chromium-review.googlesource.com/500134
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45234}
When black allocation is turned on at deserialization time, then
slots in deserialized objects have to be visited by the incremental
marker. For spaces with reservations, this has always been done; for
large object space with its special handling, this patch adds it.
Additionally, we must ensure that no incremental steps that might
cause incremental marking to finish are performed while there is an
AlwaysAllocateScope around.
BUG=chromium:718859
Review-Url: https://codereview.chromium.org/2868103002
Cr-Commit-Position: refs/heads/master@{#45231}
Added support for DINSM and DINSU bit insertion instructions. Also fixed
errors with bit extraction instructions, added disassembler tests and
adjusted the code to make it more compact.
BUG=
TEST=cctest/test-assembler-mips/Dins
cctest/test-disasm-mips/Type0
Review-Url: https://codereview.chromium.org/2871663002
Cr-Commit-Position: refs/heads/master@{#45226}
This CL introduces a new type, MapHandles, which is a STL vector of Handle<Map>.
It is now used everywhere where lists of Handle<Maps> are required, replacing
usages of V8's internal List type.
Also-By: franzih@chromium.org
BUG=v8:6333,v8:6325
LOG=N
Review-Url: https://codereview.chromium.org/2809923002
Cr-Commit-Position: refs/heads/master@{#45211}
- S32x4Shuffle by decomposing into s-register moves if no patterns match.
- S16x8Shuffle, S8x16Shuffle implemented with vtbl if no patterns match.
LOG=N
BUG=v8:6020
Review-Url: https://codereview.chromium.org/2856363003
Cr-Commit-Position: refs/heads/master@{#45210}
Bug: v8:6351
Change-Id: I6a5b44486bac87e2b3cb9aa93808b2c7964d6202
Reviewed-on: https://chromium-review.googlesource.com/499508
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45205}
Reason for revert:
Seems to break cfi:
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20-%20cfi/builds/9989
Original issue's description:
> [turbofan] Add alignment parameter to StackSlot operator
>
> If alignment parameter is set, the memory returned by the
> StackSlot operator will be aligned according to the parameter.
>
> The implementation goes like this. If alignment parameter is set
> we allocate a bit more memory than actually needed and so we
> can move the beginning of the StackSlot in order to have it aligned.
>
>
> BUG=
>
> Review-Url: https://codereview.chromium.org/2816743003
> Cr-Commit-Position: refs/heads/master@{#45197}
> Committed: d8bfdb7a99TBR=ahaas@chromium.org,clemensh@chromium.org,titzer@chromium.org,bmeurer@chromium.org,ivica.bogosavljevic@imgtec.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review-Url: https://codereview.chromium.org/2867403002
Cr-Commit-Position: refs/heads/master@{#45203}
If alignment parameter is set, the memory returned by the
StackSlot operator will be aligned according to the parameter.
The implementation goes like this. If alignment parameter is set
we allocate a bit more memory than actually needed and so we
can move the beginning of the StackSlot in order to have it aligned.
BUG=
Review-Url: https://codereview.chromium.org/2816743003
Cr-Commit-Position: refs/heads/master@{#45197}
This reverts commit 662aa425ba.
Reason for revert: Crashing on Canary
BUG=chromium:718891
Original change's description:
> Reland: [TypeFeedbackVector] Store optimized code in the vector
>
> Since the feedback vector is itself a native context structure, why
> not store optimized code for a function in there rather than in
> a map from native context to code? This allows us to get rid of
> the optimized code map in the SharedFunctionInfo, saving a pointer,
> and making lookup of any optimized code quicker.
>
> Original patch by Michael Stanton <mvstanton@chromium.org>
>
> BUG=v8:6246
> TBR=yangguo@chromium.org,ulan@chromium.org
>
> Change-Id: Ic83e4011148164ef080c63215a0c77f1dfb7f327
> Reviewed-on: https://chromium-review.googlesource.com/494487
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#45084}
TBR=ulan@chromium.org,rmcilroy@chromium.org,yangguo@chromium.org,jarin@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
BUG=v8:6246
Change-Id: Idab648d6fe260862c2a0e35366df19dcecf13a82
Reviewed-on: https://chromium-review.googlesource.com/498633
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45174}
This patch expands scope analysis to skip hole initialization
when it can be determined statically that no hole checks will
be generated at runtime.
Two conditions must be met to safely eliminate hole initialization:
- There must not exist a VariableProxy referencing this Variable
whose HoleCheckMode is kRequired
- The Variable must be stack allocated; any other allocation implies
that it may be accessed from not-yet-analyzed scopes (other modules,
inner functions, or eval code) and that code may require
hole checks.
The new logic required removing debug code in full-codegen which is
now incorrect in some cases.
Also fixed Variable's bitfield helpers to take no more space than needed.
Bug: chromium:651637
Change-Id: Ie5ac326af4e05b7a5c3c37cd4d0afba6a51a504d
Reviewed-on: https://chromium-review.googlesource.com/494006
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45170}
As a first step towards improving generator creation, create a builtin
that can do it without a call to the runtime. Thread that builtin
into the interpreter via an intrinsic.
BUG=v8:6352
R=bmeurer@chromium.org
Review-Url: https://codereview.chromium.org/2861983002
Cr-Commit-Position: refs/heads/master@{#45145}
Instead of explicitly instantiating six copies of each function for
zero to five arguments, define them as variadic template.
This avoids the arbitrary limit to five arguments, and avoids lots of
code duplication.
Drive-by fix: [iwyu] Add missing include.
R=mstarzinger@chromium.org
Change-Id: Id7edde3611ddfade16c7afbbf4b9000cedd76468
Reviewed-on: https://chromium-review.googlesource.com/496247
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45130}
New test262 tests bring up a couple cases with async arrow functions
that V8 didn't seem to handle properly; this patch makes those cases
errors:
- async (...x,) => y -- Rest parameter must be last formal parameter
- async (...x = z) => y -- No default value for rest parameter
- async (...x, y) => z -- Rest parameter must be last formal parameter
Bug: v8:4483, v8:5051
Change-Id: I024d9ba0c854e8e5e75283df2ee53127b1be090d
Reviewed-on: https://chromium-review.googlesource.com/496057
Commit-Queue: Daniel Ehrenberg <littledan@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Caitlin Potter <caitp@igalia.com>
Cr-Commit-Position: refs/heads/master@{#45116}
Removes the do-expression wrapping, modifies BytecodeGenerator change
to enter a class literal's block scope if needed.
This does not solve the actual bug in v8:6322, but helps mitigate it in
simple cases. The bug is caused by BytecodeGenerator not allocating a
large enough array of context registers to hold its entire stack,
allowing non-context registers to be overwritten during PushContext and
PopContext bytecodes.
Nevertheless, I like the idea of not depending on do-expressions when
possible, so I think it's worth doing anyways.
BUG=v8:6322
R=rmcilroy@chromium.org, marja@chromium.org, littledan@chromium.org
Change-Id: I82b7569db2a0eead1694bd04765fc4456c2f1a0a
Reviewed-on: https://chromium-review.googlesource.com/491074
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45110}
- Removes primitive shuffle opcodes.
- Adds Shuffle opcode for S32x4, S16x8, S8x16.
- Adds code to ARM instruction selector to pick best opcodes for some
common shuffle patterns.
LOG=N
BUG=v8:6020
Review-Url: https://codereview.chromium.org/2847663005
Cr-Commit-Position: refs/heads/master@{#45104}
Since the feedback vector is itself a native context structure, why
not store optimized code for a function in there rather than in
a map from native context to code? This allows us to get rid of
the optimized code map in the SharedFunctionInfo, saving a pointer,
and making lookup of any optimized code quicker.
Original patch by Michael Stanton <mvstanton@chromium.org>
BUG=v8:6246
TBR=yangguo@chromium.org,ulan@chromium.org
Change-Id: Ic83e4011148164ef080c63215a0c77f1dfb7f327
Reviewed-on: https://chromium-review.googlesource.com/494487
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45084}
1. Generalize context specialization such that the provided context
can be any outer context of the function, not necessarily the
immediate outer context.
2. Based on this: if function specialization is disabled, then
specialize for the module context if there is one.
3. Extend typed lowering of module loads and stores such that if
the operand is a Module constant, we constant-fold the cell load.
That is, a JSLoadModule with a Module HeapConstant input becomes
a LoadField with a Cell HeapConstant input, and similarly for
JSStoreModule.
BUG=v8:1569
Review-Url: https://codereview.chromium.org/2841613002
Cr-Commit-Position: refs/heads/master@{#45083}
In the spirit of the full MC, we evacuate and update pointers in parallel for
the young generation.
The collectors are connected during incremental marking when mark bits are
transferred from the young generation bitmap to the old generation bitmap.
The evacuation phase cannot (yet) move pages and relies completely on copying
objects.
BUG=chromium:651354
Review-Url: https://codereview.chromium.org/2796233003
Cr-Commit-Position: refs/heads/master@{#45074}
Blink uses Isolate::GetEnteredContext() to implement HTML's "entry
context" concept, and thus depends on it not being changed except
explicitly (by Blink.) To support this, stop entering contexts
implicitly in all external API entry points; rather just set the
context as current. The only thing that changes the entered context
is now Context::Enter()/Context::Exit() (and Context::Scope.)
BUG=v8:6307
Review-Url: https://codereview.chromium.org/2862483003
Cr-Commit-Position: refs/heads/master@{#45064}
During computation of the side table, ignore stack effects of
instructions following any unconditional jump in the same block
(|unreachable|, |br|, |br_table| or |return| jump out of the block).
Without this fix, the current stack height might underflow, or we compute an
unnecessarily large max_stack_height_. Note that those instruction will
never get executed anyway.
Hence, we don't need to store any side table information for such
unreachable code.
R=rossberg@chromium.org
BUG=chromium:716936, chromium:715990
Change-Id: I282f7f18ba1b972a112210e692f6cd05cf32308c
Reviewed-on: https://chromium-review.googlesource.com/493266
Reviewed-by: Andreas Rossberg <rossberg@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45059}
We only need to materialize the existing output register for a given
register transfer if it is in a different equivalence set, otherwise we
already have the value we want in the output register.
BUG=v8:4280
Change-Id: Ic4966590ac10445180aff353940d2c93e6a818aa
Reviewed-on: https://chromium-review.googlesource.com/493168
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45051}
Adds tests for Heap::IsUnmodifiedHeapObject that is used during
scavenge.
Bug:
Change-Id: Ide549a6616101cbd6ed17372ed1ed168c7a76fbd
Reviewed-on: https://chromium-review.googlesource.com/484539
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45046}
This patch adds a concurrent marking deque that exposes the same interface
for the main thread as the existing marking deque.
The matching interface makes the concurrent marking deque a drop-in
replacement for the sequential marking deque without any change in
mark-compactor and incremental marker.
BUG=chromium:694255
Review-Url: https://codereview.chromium.org/2810893002
Cr-Commit-Position: refs/heads/master@{#45042}
Executing the |end| opcode of a loop assumed that the stack height was
being reset to the height at start of the loop. Hence we were ignoring
the arity of the loop.
During computation of the side table, the arity of the label associated
with the loop was explicitly set to 0, such that a |br| instruction to
that label would not transfer any values.
It turns out though that we need to remember the arity in order to
precompute the correct stack height when executing the |end| opcode of
a loop.
Also, add a regression test.
R=rossberg@chromium.org
BUG=chromium:716936
Change-Id: Ib3a559998f1ce5f8fcd7b94af1426637b3e48f86
Reviewed-on: https://chromium-review.googlesource.com/493286
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Rossberg <rossberg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45041}
BytecodeRegisterOptimizer had special handling for the case when parameters
is 0. This is not possible from valid javascript. It exists because some
tests do not take this into account. Fixed tests and removed the special
handling.
Also removed a TODO, which is already done here:
https://codereview.chromium.org/2227203002/
Bug: v8:4280,v8:6325
Change-Id: Idc17af12ad9292c13a6677aa4c8b88d21f4adf81
Reviewed-on: https://chromium-review.googlesource.com/490308
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45036}
This reverts commit c5ad9c6d8e.
Reason for revert: Fails on gc stress:
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/12661
Original change's description:
> [TypeFeedbackVector] Store optimized code in the vector
>
> Since the feedback vector is itself a native context structure, why
> not store optimized code for a function in there rather than in
> a map from native context to code? This allows us to get rid of
> the optimized code map in the SharedFunctionInfo, saving a pointer,
> and making lookup of any optimized code quicker.
>
> Original patch by Michael Stanton <mvstanton@chromium.org>
>
> BUG=v8:6246
>
> Change-Id: I60ff8c408c3001bc272b4b198c9cbaea2872a9e5
> Reviewed-on: https://chromium-review.googlesource.com/476891
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Michael Stanton <mvstanton@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#45022}
TBR=ulan@chromium.org,rmcilroy@chromium.org,yangguo@chromium.org,mvstanton@chromium.org,jarin@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:6246
Change-Id: I9cd5735b03898cae6ae7adea0f19d32fceb31619
Reviewed-on: https://chromium-review.googlesource.com/493287
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45027}
Since the feedback vector is itself a native context structure, why
not store optimized code for a function in there rather than in
a map from native context to code? This allows us to get rid of
the optimized code map in the SharedFunctionInfo, saving a pointer,
and making lookup of any optimized code quicker.
Original patch by Michael Stanton <mvstanton@chromium.org>
BUG=v8:6246
Change-Id: I60ff8c408c3001bc272b4b198c9cbaea2872a9e5
Reviewed-on: https://chromium-review.googlesource.com/476891
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45022}
1. Replaces --crankshaft with --opt in tests.
2. Also fixes presubmit to check for --opt flag when
assertOptimized is used.
3. Updates testrunner/local/variants.py and
v8_foozie.py to use --opt flag.
This would mean, nooptimize variant means there are
no optimizations. Not even with %OptimizeFunctionOnNextCall.
Bug:v8:6325
Change-Id: I638e743d0773a6729c6b9749e2ca1e2537f12ce6
Reviewed-on: https://chromium-review.googlesource.com/490206
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44985}
... and stop checking that the native contexts of maps recorded in feedback vector
match function's native context - the feedback vector machinery already guarantees
that.
BUG=v8:6325
Change-Id: Iacd3f3a5f703694ff57b774b9658e186ad66641b
Reviewed-on: https://chromium-review.googlesource.com/490084
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44982}
This avoids generating redundant code for different template
instantiations.
I also introduce getters instead of accessing the fields directly.
R=ahaas@chromium.org
BUG=v8:6325
Change-Id: I3e0eca9ef6a01e0a3ebb73f4f357bcb59e120f43
Reviewed-on: https://chromium-review.googlesource.com/490166
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44976}
When a FunctionTemplate-based function is used as a constructor
and returns a JSProxy, we incorrectly treated that result the same
as a non-object result. Now it is treated like any other object
result, i.e., it becomes the result of the constructor call.
R=verwaest@chromium.org
BUG=v8:6294
Review-Url: https://codereview.chromium.org/2845123002
Cr-Commit-Position: refs/heads/master@{#44970}
This reduces the amount of special paths for testing.
Setup the memory used for testing exactly the same way as in real world.
Also, always connect the interpreter to the instance being executed,
and to the existing WasmInstance struct. This keeps information
synchronized between interpreter and test runner.
These changes allow us to execute e.g. GrowMemory from cctests either
in the interpreter or in compiled code.
R=ahaas@chromium.org
Change-Id: Id4726d061f3cdba789275350f500d769d27d2d63
Reviewed-on: https://chromium-review.googlesource.com/488561
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44966}
It now passes on both 32-bit and 64-bit nosnap bots.
TBR=ulan@chromium.org
NOTREECHECKS=true
Change-Id: Id797c88f1eb32868433e112883c2c64b8640eb2c
Reviewed-on: https://chromium-review.googlesource.com/489682
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44953}
These tests assume that a newly-created Isolate is pristine, but that's
not true for nosnap builds.
TBR=ulan@chromium.org
Change-Id: Ie5d0fb0450f285c8eeb8e088feef6729102c0f14
Reviewed-on: https://chromium-review.googlesource.com/489063
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44952}
Most callers passed kFinalizeIncrementalMarkingMask, so use that as
a default argument (not using default argument syntax to avoid including
heap.h in cctest.h).
Change-Id: I904f1eb3a0f5fdbe63eab16f6a6f01d04618645d
Reviewed-on: https://chromium-review.googlesource.com/488104
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44950}
When branching to a loop header, we were trying to copy over {arity}
values from the value stack. This is correct for block labels, but not
for loops. When branching back to a loop header, no values need to be
transferred.
R=ahaas@chromium.org
BUG=chromium:715454
Change-Id: I90d806de63d039abf8dcac1abec057860c8f69ca
Reviewed-on: https://chromium-review.googlesource.com/488146
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44949}
With this CL we reduce the difference between directly using a null prototype
in a literal or using Object.create(null).
- The EmitFastCloneShallowObject builtin now supports cloning slow
object boilerplates.
- Unified behavior to find the matching Map and instantiating it for
Object.create(null) and literals with a null prototype.
- Cleanup of literal type parameter of CompileTimeValue, now in sync with
ObjectLiteral flags.
Review-Url: https://codereview.chromium.org/2445333002
Cr-Commit-Position: refs/heads/master@{#44941}
For int16 imm values Subu would emit addiu with -imm value, but doing
this with min_int16 would overflow and produce incorrect result. This is
fixed by checking if -imm is int16. A test for this case is created.
An optimization is also added for values imm where we cannot just emit
addiu and loading -imm to a register takes one instruction using ori.
Then instead of loading imm with lui;ori and subtracting with subu, we
can load -imm with ori and add with addu.
BUG=
TEST=cctest/test-assembler-mips/Subu
Review-Url: https://codereview.chromium.org/2845043002
Cr-Commit-Position: refs/heads/master@{#44932}
This reverts commit d7cdea6fa2.
Reason for revert: Flakiness on bots
Original change's description:
> [wasm] Add guard pages before Wasm Memory
>
> Although Wasm memory indices are all unsigned, they sometimes get assembled
> as 32-bit signed immediates. Values in the top half of the Wasm memory space
> will then get sign extended, causing Wasm to access in front of its memory
> buffer.
>
> Usually this region is not mapped anyway, so faults still happen as they are
> supposed to. This change protects this region with guard pages so we are
> guaranteed to always fault when this happens.
>
> Bug: v8:5277
> Change-Id: Id791fbe2a5ac1b1d75460e65c72b5b9db2a47ee7
> Reviewed-on: https://chromium-review.googlesource.com/484747
> Commit-Queue: Eric Holk <eholk@chromium.org>
> Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#44905}
TBR=bradnelson@chromium.org,gdeepti@chromium.org,mtrofin@chromium.org,eholk@chromium.org,mseaborn@chromium.org,adamk@chromium.org,v8-reviews@googlegroups.com,wasm-v8@google.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Change-Id: Ia1d3e5dbf4f518815a9fd4197047077bc8e42816
Reviewed-on: https://chromium-review.googlesource.com/487828
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44907}
Although Wasm memory indices are all unsigned, they sometimes get assembled
as 32-bit signed immediates. Values in the top half of the Wasm memory space
will then get sign extended, causing Wasm to access in front of its memory
buffer.
Usually this region is not mapped anyway, so faults still happen as they are
supposed to. This change protects this region with guard pages so we are
guaranteed to always fault when this happens.
Bug: v8:5277
Change-Id: Id791fbe2a5ac1b1d75460e65c72b5b9db2a47ee7
Reviewed-on: https://chromium-review.googlesource.com/484747
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44905}
The only users of the LoadStoreOpcodeOf function were a number of
macros in wasm-macro-gen.h, and three test functions using it directly.
This CL refactors those functions to also use the macros.
In one case, this requires storing the value in a local variable first.
R=ahaas@chromium.org
Change-Id: Ia2fbf67a3831fafc9345e155eb240cf1bf6feb5d
Reviewed-on: https://chromium-review.googlesource.com/486842
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44885}
This patch adds a new interface called RootVisitor and changes the root
iteration functions to accept a RootVisitor instead of an ObjectVisitor.
Future CLs will change ObjectVisitor to provide the host object to all
visiting functions, which will bring it in sync with static visitors.
Having separate visitors for roots and objects removes ambiguity in
VisitPointers and reduces chances of forgetting to record slots.
This is intended as pure refactoring. All places that require behavior
change are marked with TODO and will addressed in future CLs.
BUG=chromium:709075
Review-Url: https://codereview.chromium.org/2801073006
Cr-Commit-Position: refs/heads/master@{#44852}
This header file is only used from tests.
Also, move the LoadStoreOpcodeOf method (only used in tests) from
wasm-opcodes.h to wasm-macro-gen.h.
R=ahaas@chromium.org
Change-Id: I8d4691be494b5c1fbe3084441329850930bad647
Reviewed-on: https://chromium-review.googlesource.com/486861
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44845}
wasm-macro-gen.h is mainly used from tests, but LocalDeclEncoder is
also used from various other places.
This CL moves the LocalDeclEncoder to an own compilation unit. We want
to later move wasm-macro-gen.h to the tests folder.
It also refactors the LocalDeclEncoder to reuse the
LEBHelper::write_u32v and LEBHelper::sizeof_u32v methods instead of
reimplementing it.
R=ahaas@chromium.org
Change-Id: Ia4651436f0544578da7c1c43596d343571942e97
Reviewed-on: https://chromium-review.googlesource.com/486724
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44838}
This makes it easier to set the value for embedders where it is
difficult to plumb through to the Isolate constructor.
BUG=chromium:711809
R=jochen@chromium.org
Review-Url: https://codereview.chromium.org/2829223002
Cr-Commit-Position: refs/heads/master@{#44813}
- Adds new F32x4AddHoriz, I32x4AddHoriz, etc. to WASM opcodes.
- Implements them for ARM.
LOG=N
BUG=v8:6020
Review-Url: https://codereview.chromium.org/2804883008
Cr-Commit-Position: refs/heads/master@{#44812}
- Split out code for Intl objects into src/objects/
- Rename i18n to intl (except for the name of the build flag)
- Use build system more broadly to turn on/off Intl code
- Delete a little bit of dead code
Bug: v8:5751
Change-Id: I41bf2825a5cb0df20824922b17c24cae637984da
Reviewed-on: https://chromium-review.googlesource.com/481284
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Daniel Ehrenberg <littledan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44801}
For now skip some WASM SIMD tests that fail when MIPS SIMD extension is
not available. Turn on these tests again when simd scalar lowering
mechanism supports all WASM SIMD operations.
BUG=
Review-Url: https://codereview.chromium.org/2829963003
Cr-Commit-Position: refs/heads/master@{#44791}
Consistently support calls to host-C-linkage functions with up to 9 arguments
from the simulator, and check that these limits aren't exceeded accidentally.
BUG=v8:6281
Review-Url: https://codereview.chromium.org/2825393003
Cr-Commit-Position: refs/heads/master@{#44790}
These can be synthesized from existing operations and scheduled for
better performance than if we have to generate blocks of instructions
that take many cycles to complete.
- Remove F32x4RecipRefine, F32x4RecipSqrtRefine. Clients are better off
synthesizing these from splats, multiplies and adds.
- Remove F32x4Div, F32x4Sqrt, F32x4MinNum, F32x4MaxNum. Clients are
better off synthesizing these or using the reciprocal approximations,
possibly with a refinement step.
LOG=N
BUG=v8:6020
Review-Url: https://codereview.chromium.org/2827143002
Cr-Commit-Position: refs/heads/master@{#44784}
For MIPS64, many load/store operations from/to memory emit more then
one instruction. This is the reason for moving them from assembler to
macro-assembler.
TEST=
BUG=
Review-Url: https://codereview.chromium.org/2829073002
Cr-Commit-Position: refs/heads/master@{#44746}
So that we can delete object properties without a runtime call.
The builtin implements a few fast paths (for now only deletion
of dictionary properties), and calls the runtime for all other
cases.
Review-Url: https://codereview.chromium.org/2810363003
Cr-Commit-Position: refs/heads/master@{#44740}
- Adds unary Reverse shuffles (swizzles): S32x2Reverse, S16x4Reverse,
S16x2Reverse, S8x8Reverse, S8x4Reverse, S8x2Reverse. Reversals are
done within the sub-vectors that prefix the opcode name, e.g. S8x2
reverses the 8 consecutive pairs in an S8x16 vector.
- Adds binary Zip (interleave) left and right half-shuffles to return a
single vector: S32x4ZipLeft, S32x4ZipRightS16x8ZipLeft, S16x8ZipRight,
S8x16ZipLeft, S8x16ZipRight.
- Adds binary Unzip (de-interleave) left and right half shuffles to return
a single vector: S32x4UnzipLeft, S32x4UnzipRight, S16x8UnzipLeft,
S16x8UnzipRight, S8x16UnzipLeft, S8x16UnzipRight.
- Adds binary Transpose left and right half shuffles to return
a single vector: S32x4TransposeLeft, S32x4TransposeRight,
S16x8TransposeLeft, S16xTransposeRight, S8x16TransposeLeft,
S8x16TransposeRight.
- Adds binary Concat (concatenate) byte shuffle: S8x16Concat #bytes to
paste two vectors together.
LOG=N
BUG=v8:6020
Review-Url: https://codereview.chromium.org/2801183002
Cr-Commit-Position: refs/heads/master@{#44734}
let/const declarations in "standard" C-style for-loops have
some complex desugaring to accommodate the case where loop
loop variables may be captured. This slows down the baseline
performance of for-loops with let variables.
This change attempts to avoid this desugaring if it's known that
the loop variable is not captured at any point. A side effect of
this change is that let/const loop variables, when not captured
within the loop body, are not necessarily shown in the debugger,
similar to other stack-allocated vars.
BUG=v8:4762, v8:5460
R=marja@chromium.org, adamk@chromium.org, yangguo@chromium.org
Change-Id: I8dbe545a12c086f675972bdba60c94998268311a
Reviewed-on: https://chromium-review.googlesource.com/472247
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44731}
When asked for a module that previously failed to compile or
instantiate, the embedder necessarily has to signal failure. In this
case, we expect an exception to be scheduled, which we will rethrow.
BUG=v8:1569
Review-Url: https://codereview.chromium.org/2827733002
Cr-Commit-Position: refs/heads/master@{#44729}
1) Function recording conditions need to be consistent (this same condition is used above)
2) byte is not wide enough for storing the backing store size.
Bugs uncovered by the existing tests with the flag on.
BUG=v8:5516
Change-Id: Iec6aff0cf1858afe1083526e4ada9a8eca08f062
Reviewed-on: https://chromium-review.googlesource.com/481320
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44724}
This new API sets a native data property on an object
directly, as Template::SetNativeDataProperty does.
It is similar to Object::SetAccessor, but properties
set by SetNativeDataProperty without kReadOnly flag
can be replaced.
Bug:chromium:617892
Change-Id: I32973f7190906d76be6802da9a0489edce0bd93e
Reviewed-on: https://chromium-review.googlesource.com/479474
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Commit-Queue: Hitoshi Yoshida <peria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44716}
The feature is not quite ready for getting ClusterFuzzed.
BUG=v8:5516
Change-Id: I90a42f950727c8ecf46cb2987c9a459b2ba1f5a7
Reviewed-on: https://chromium-review.googlesource.com/480400
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44693}
We can use TUPLE2 or TUPLE3 for structs that do not need special
handling by deoptimizer and compiler.
This frees up a few instance types, so that adding the next few
new structs will not cause ABI compatibility to break.
R=mstarzinger@chromium.org
Review-Url: https://codereview.chromium.org/2811183005
Cr-Commit-Position: refs/heads/master@{#44685}
Use Type::Array to constant-fold Array.isArray builtin based on the
value input type. Also use it to improve type based alias analysis,
where we know that stores to an object of type Array don't affect stores
to an object of type OtherObject, and vice versa.
R=jarin@chromium.org
BUG=v8:6262
Review-Url: https://codereview.chromium.org/2819583002
Cr-Commit-Position: refs/heads/master@{#44681}
No usage sites are getting the length for uncompiled functions, so we can
postpone setting the correct length until after compilation. This way we don't
need to produce and store it for skipped inner functions.
In the current implementation, getting the function length compiles it (and
users rely on it - so the feature is probably not going to go away).
BUG=v8:5516
Change-Id: Id8c9a05d2391505a6cde613841094170c9a1b808
Reviewed-on: https://chromium-review.googlesource.com/468927
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44679}
- Add I16x8 Splat, ExtractLane, ReplaceLane, shift ops, Some BinOps and compare ops
- Add pshufhw, pshuflw in the assembler, disassembler
- Fix incorrect modrm for pextrw, this bug disregards the register allocated and always makes pextrw use rax.
- Fix pextrw disasm to take the 0 - 7 bits of the immediate instead of 0 - 3.
- Pextrw, pinsrw are in the assembler use 128 bit encodings, pextrw, pinsrw in the disassembler use legacy encodings, fix inconsistencies causing weird code gen when --print-code is used.
Review-Url: https://codereview.chromium.org/2767983002
Cr-Commit-Position: refs/heads/master@{#44664}
This reverts commit cc047635ff.
The CL was reverted due to a missing DEPS mirror.
Original issue's description:
> ARM64: Add NEON support
>
> Add assembler, disassembler and simulator support for NEON in the ARM64 backend.
>
> BUG=
>
> Review-Url: https://codereview.chromium.org/2622643005
> Cr-Commit-Position: refs/heads/master@{#44306}
BUG=
Review-Url: https://codereview.chromium.org/2812573003
Cr-Commit-Position: refs/heads/master@{#44652}
Currently we count optimizations to decide to disable optimization, and
count deopts to detect this decision and allow re-enabling optimizations
after a while.
However, throwing out TurboFan OSR code and GC optimized code evictions
do not count as deopts, which means that the optimization count
increases without increasing the deopt count. This increased optimization
count disables further optimization -- which is bad, because these are
not "true" deopts -- and can stop the optimization from being re-enabled,
because the deopt count can't go high enough.
Instead, we now only ever look at deopts to disable/re-enable
optimization, and opt counts are only used for naming log files and in
tests.
Change-Id: I0c7d6be497545449a38cf952cd2f007ee51982ba
Reviewed-on: https://chromium-review.googlesource.com/468811
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44647}
The arm64 MacroAssembler expects buffer_size to be an unsigned, not a
size_t.
BUG=chromium:710913
Review-Url: https://codereview.chromium.org/2818513002
Cr-Commit-Position: refs/heads/master@{#44623}
The local variables were parsed two times, which in fact doubled the
amount of local variables allocated for each called function.
This was costing memory and performance. As the additional local
variables were never used, we did not recognize this before.
Add a test case for locals and stack values of interpreted frames.
R=ahaas@chromium.org
BUG=v8:5822
Change-Id: Ie5cb8d8f5441edee6abb46aa6bebef4a033d582b
Reviewed-on: https://chromium-review.googlesource.com/474749
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44602}
Adds a collection of call bytecodes which have an implicit undefined
receiver argument, for cases such as global calls where we know that the
receiver has to be undefined. This way we can skip an LdaUndefined,
decrease bytecode register pressure, and set a more accurate
ConvertReceiverMode on the interpreter and TurboFan call.
As a side effect, the "normal" Call bytecode now becomes a rare case
(only with calls and super property calls), so we get rid of its 0-2
argument special cases and modify CallProperty[N] to use the
NotNullOrUndefined ConvertReceiverMode.
Reland of https://chromium-review.googlesource.com/c/463287 after fixing
tests in https://codereview.chromium.org/2813873002.
Change-Id: I314d69c7643ceec6a5750ffdab60dad38dad09e5
Reviewed-on: https://chromium-review.googlesource.com/474752
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44582}
Move dead bytecode elimination from a seperate bytecode pipeline optimizer
into the BytecodeArrayWriter. This removes the last bytecode pipeline
optimizer, which means we can remove the Bytecode pipeline which,
which should increase compile speed.
BUG=v8:6194
Change-Id: I47fb3c3463b2b8a92e02cf7a6b608683fcfa5261
Reviewed-on: https://chromium-review.googlesource.com/471407
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44568}
All the optimizations have now been moved to either the BytecodeGenerator
or the BytecodeArrayWriter/Builder.
BUG=v8:6194
Change-Id: Ie5c5d55e824c94ffb503af376c72bc64ad1f6f81
Reviewed-on: https://chromium-review.googlesource.com/469349
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44564}
Moves the logic for eliding non-effectful accumulator load elision from the
peephole optimizer to the BytecodeArrayWriter.
BUG=v8:6194
Change-Id: I05fbe4ee8ac340e5c355285d0b47e4a9d52fd0a8
Reviewed-on: https://chromium-review.googlesource.com/469828
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44560}
This patch implements the runtime semantics of dynamic import.
We create a new ASTNode so that we can pass the JSFunction closure() to
the runtime function from which we get the script_url.
d8 implements the embedder logic required to load and evaluate the modules.
The API is mostly implemented as specified.
BUG=8:5785
Review-Url: https://codereview.chromium.org/2703563002
Cr-Commit-Position: refs/heads/master@{#44551}
This reverts commit 751e893591.
Reason for revert: Breaks layout tests:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/14885
See:
https://github.com/v8/v8/wiki/Blink-layout-tests
Original change's description:
> [ignition] Add call bytecodes for undefined receiver
>
> Adds a collection of call bytecodes which have an implicit undefined
> receiver argument, for cases such as global calls where we know that the
> receiver has to be undefined. This way we can skip an LdaUndefined,
> decrease bytecode register pressure, and set a more accurate
> ConvertReceiverMode on the interpreter and TurboFan call.
>
> As a side effect, the "normal" Call bytecode now becomes a rare case
> (only with calls and super property calls), so we get rid of its 0-2
> argument special cases and modify CallProperty[N] to use the
> NotNullOrUndefined ConvertReceiverMode.
>
> Change-Id: I9374a32fefd66fc0251b5193bae7a6b7dc31eefc
> Reviewed-on: https://chromium-review.googlesource.com/463287
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#44530}
TBR=rmcilroy@chromium.org,mstarzinger@chromium.org,leszeks@chromium.org,v8-reviews@googlegroups.com,v8-mips-ports@googlegroups.com,v8-ppc-ports@googlegroups.com,v8-x87-ports@googlegroups.com,bmeurer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Change-Id: I7629dec609d0ec938ce7105d6c1c74884e5f9272
Reviewed-on: https://chromium-review.googlesource.com/474744
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44548}
Before serializing an external string for a native source, we replace
its resource field with the type and index of the native source. Upon
deserialization, we restore the resource.
This change also removes the native source caches with a more straight-
forward mechanism to find the resource type and index.
R=ulan@chromium.org
Review-Url: https://codereview.chromium.org/2807023003
Cr-Commit-Position: refs/heads/master@{#44545}
- Adds WASM opcodes I32x4SConvertI16x8Low, I32x4SConvertI16x8High,
I32x4UConvertI16x8Low, I32x4UConvertI16x8High, which unpack half of
an I16x8 register into a whole I32x4 register, with signed or unsigned
extension. Having separate Low/High opcodes works around the difficulty
of having multiple output registers, which would be necessary if we unpacked
the entire I16x8 register.
- Adds WASM opcodes I16x8SConvertI8x16Low, I16x8SConvertI8x16High,
I16x8UConvertI8x16Low, I16x8UConvertI8x16High, similarly to above.
- Adds WASM opcodes I16x8SConvertI32x4, I16x8UConvertI32x4,
I8x16SConvert16x8, I8x16UConvertI16x8, which pack two source registers
into a single destination register with signed or unsigned saturation. These
could have been separated into half operations, but this is simpler to
implement with SSE, AVX, and is acceptable on ARM. It also avoids adding
operations that only modify half of their destination register.
- Implements these opcodes for ARM.
LOG=N
BUG=v8:6020
Review-Url: https://codereview.chromium.org/2800523002
Cr-Commit-Position: refs/heads/master@{#44541}
Adds a collection of call bytecodes which have an implicit undefined
receiver argument, for cases such as global calls where we know that the
receiver has to be undefined. This way we can skip an LdaUndefined,
decrease bytecode register pressure, and set a more accurate
ConvertReceiverMode on the interpreter and TurboFan call.
As a side effect, the "normal" Call bytecode now becomes a rare case
(only with calls and super property calls), so we get rid of its 0-2
argument special cases and modify CallProperty[N] to use the
NotNullOrUndefined ConvertReceiverMode.
Change-Id: I9374a32fefd66fc0251b5193bae7a6b7dc31eefc
Reviewed-on: https://chromium-review.googlesource.com/463287
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44530}
This patch hooks up concurrent marking (behind the flag) with the rest
of the GC:
1. Incremental marking spawns concurrent marking task seeded with the
root set.
2. Mark-compact waits for concurrent marking tasks to finish.
3. Scavenger does fast promotion if concurrent marking is pending.
BUG=chromium:694255
Review-Url: https://codereview.chromium.org/2735803005
Cr-Commit-Position: refs/heads/master@{#44526}
- Store std::string instead of std::unique_ptr<char[]> for the error
message.
- Remove ErrorCode, which was just kSuccess and kError anyway. Error is
now detected on whether error_msg_ is empty or not.
- Refactor constructors for perfect forwarding; this will allow us to
implement Result<std::unique_ptr<X*>>.
- Refactor Decoder::toResult for perfect forwarding.
- Remove output operators (operator<<) for Result; it was only used in
the error case anyway. Print error message directly instead.
The operator was problematic since it assumed the existence of an
output operator for every T which is used in Result<T>.
- Remove ModuleError and FunctionError, introduce general static
Result<T>::Error method instead.
R=ahaas@chromium.org
Change-Id: I1e0f602a61ee9780fee2a3ed33147d431fb092ba
Reviewed-on: https://chromium-review.googlesource.com/472748
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44518}
This relands commit d3e9aade0f. The original CL was reverted speculatively but didn't cause the buildbot failure.
Original change's description:
> [Interpreter] Move BinaryOp Smi transformation into BytecodeGenerator.
>
> Perform the transformation to <BinaryOp>Smi for Binary ops which take Smi
> literals in the BytecodeGenerator. This enables us to perform the
> transformation for literals on either side for commutative operations, and
> Avoids having to do the check on every bytecode in the peephole optimizer.
>
> In the process, adds Smi bytecode variants for all binary operations, adding
> - MulSmi
> - DivSmi
> - ModSmi
> - BitwiseXorSmi
> - ShiftRightLogical
>
> BUG=v8:6194
>
> Change-Id: If1484252f5385c16957004b9cac8bfbb1f209219
> Reviewed-on: https://chromium-review.googlesource.com/466246
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#44477}
TBR=rmcilroy@chromium.org,machenbach@chromium.org,yangguo@chromium.org,mstarzinger@chromium.org,mythria@chromium.org,v8-reviews@googlegroups.com,ishell@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
BUG=v8:6194
Change-Id: I2ccaefa1ce58d3885f5c2648755985c06f25c1d8
Reviewed-on: https://chromium-review.googlesource.com/472746
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44511}
Instead of storing {start} and {error_pc} we now store the
{error_offset}, which is anyways the only value we use.
R=clemensh@chromium.org
Change-Id: Ifd9791eff5c9efce2e7e2a1989bf3b5eaa464a02
Reviewed-on: https://chromium-review.googlesource.com/471527
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44510}
The format of the name section changed recently. It now contains
subsections of different type (currently for function names or local
variable names).
This CL changes our internal wasm module builders (in JS and C++) to
emit this new format, and changes the decoder to understand it.
We currently only parse the function name section, and ignore names of
local variables. I will later extend this to parse local variable names
when needed for debugging.
R=ahaas@chromium.org, rossberg@chromium.org
BUG=v8:6222
Change-Id: I2627160c25c9209a3f09abe0b88941ec48b24434
Reviewed-on: https://chromium-review.googlesource.com/470247
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Rossberg <rossberg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44492}
and out of the main library. This saves about 5% of binary size
(800KB on x64, 373KB on android_arm).
Only the GN build is supported; the GYP build is maintained working
but does not support the feature.
Previously landed as 4782bc0df8 / r44412.
BUG=v8:6055
CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_linux_nosnap_rel;
Review-Url: https://codereview.chromium.org/2760233005
Cr-Commit-Position: refs/heads/master@{#44489}
This reverts commit d3e9aade0f.
Reason for revert: Speculative for:
https://build.chromium.org/p/client.v8.ports/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20nosnap%20-%20debug/builds/4449
Bisect points to this CL.
Original change's description:
> [Interpreter] Move BinaryOp Smi transformation into BytecodeGenerator.
>
> Perform the transformation to <BinaryOp>Smi for Binary ops which take Smi
> literals in the BytecodeGenerator. This enables us to perform the
> transformation for literals on either side for commutative operations, and
> Avoids having to do the check on every bytecode in the peephole optimizer.
>
> In the process, adds Smi bytecode variants for all binary operations, adding
> - MulSmi
> - DivSmi
> - ModSmi
> - BitwiseXorSmi
> - ShiftRightLogical
>
> BUG=v8:6194
>
> Change-Id: If1484252f5385c16957004b9cac8bfbb1f209219
> Reviewed-on: https://chromium-review.googlesource.com/466246
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#44477}
TBR=rmcilroy@chromium.org,yangguo@chromium.org,mstarzinger@chromium.org,mythria@chromium.org,ishell@chromium.org,v8-reviews@googlegroups.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:6194
Change-Id: If57dbdbe40be77804bf437463b855d3167e2d473
Reviewed-on: https://chromium-review.googlesource.com/471308
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44488}
The spec requires truncation while ToUint32 originally rounded down.
This also adds a bunch of test cases to check edge case behavior.
BUG=v8:6212
Review-Url: https://codereview.chromium.org/2805783003
Cr-Commit-Position: refs/heads/master@{#44487}
Perform the transformation to <BinaryOp>Smi for Binary ops which take Smi
literals in the BytecodeGenerator. This enables us to perform the
transformation for literals on either side for commutative operations, and
Avoids having to do the check on every bytecode in the peephole optimizer.
In the process, adds Smi bytecode variants for all binary operations, adding
- MulSmi
- DivSmi
- ModSmi
- BitwiseXorSmi
- ShiftRightLogical
BUG=v8:6194
Change-Id: If1484252f5385c16957004b9cac8bfbb1f209219
Reviewed-on: https://chromium-review.googlesource.com/466246
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44477}
The WebIDL spec expects iterator objects from interfaces that declare pair
iterators to ultimately inherit from %IteratorPrototype%. Expose the
intrinsic object in the public API so we can use it in Blink's bindings
code.
BUG=chromium:689576
R=caitp@igalia.com,jkummerow@chromium.org,jochen@chromium.org
Review-Url: https://codereview.chromium.org/2784543004
Cr-Commit-Position: refs/heads/master@{#44472}
Make Ignition collect BinaryOperationFeedback on ToNumber, using the
shared type feedback slot with the following Inc/Dec bytecode, and use
this feedback in TurboFan to turn the ToNumber(x) operation into a
SpeculativeNumberMultiply(x,1) with the feedback hint.
R=jarin@chromium.org, mstarzinger@chromium.org, rmcilroy@chromium.org
BUG=v8:6214,v8:5267
Review-Url: https://codereview.chromium.org/2804813003
Cr-Commit-Position: refs/heads/master@{#44440}
Moves the ToName elision out of the peephole optimizer and into the
BytecodeGenerator.
BUG=v8:6194
Change-Id: Ic355adbe21f967dc5d52babdd37100a260c62c26
Reviewed-on: https://chromium-review.googlesource.com/467466
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44427}
Reason for revert:
I think that this CL breaks chromium compilation on windows with clang (). All other CLs in the list looks trivial and don't change test/unittest/BUILD.gn.
[42456/47924] CXX obj/v8/test/unittests/unittests/value-serializer-unittest.obj
[42457/47924] LINK unittests.exe unittests.exe.pdb
FAILED: unittests.exe unittests.exe.pdb
E:/b/depot_tools/python276_bin/python.exe ../../build/toolchain/win/tool_wrapper.py link-wrapper environment.x64 False link.exe /nologo /OUT:./unittests.exe /PDB:./unittests.exe.pdb @./unittests.exe.rsp
bitmap-unittest.obj : error LNK2019: unresolved external symbol "public: void __cdecl v8::internal::List<class v8::internal::AllocationObserver *,class v8::internal::FreeStoreAllocationPolicy>::Add(class v8::internal::AllocationObserver * const &,class v8::internal::FreeStoreAllocationPolicy)" (?Add@?$List@PEAVAllocationObserver@internal@v8@@VFreeStoreAllocationPolicy@23@@internal@v8@@QEAAXAEBQEAVAllocationObserver@23@VFreeStoreAllocationPolicy@23@@Z) referenced in function "public: virtual void __cdecl v8::internal::Space::AddAllocationObserver(class v8::internal::AllocationObserver *)" (?AddAllocationObserver@Space@internal@v8@@UEAAXPEAVAllocationObserver@23@@Z)
slot-set-unittest.obj : error LNK2001: unresolved external symbol "public: void __cdecl v8::internal::List<class v8::internal::AllocationObserver *,class v8::internal::FreeStoreAllocationPolicy>::Add(class v8::internal::AllocationObserver * const &,class v8::internal::FreeStoreAllocationPolicy)" (?Add@?$List@PEAVAllocationObserver@internal@v8@@VFreeStoreAllocationPolicy@23@@internal@v8@@QEAAXAEBQEAVAllocationObserver@23@VFreeStoreAllocationPolicy@23@@Z)
bitmap-unittest.obj : error LNK2019: unresolved external symbol "public: bool __cdecl v8::internal::List<class v8::internal::AllocationObserver *,class v8::internal::FreeStoreAllocationPolicy>::RemoveElement(class v8::internal::AllocationObserver * const &)" (?RemoveElement@?$List@PEAVAllocationObserver@internal@v8@@VFreeStoreAllocationPolicy@23@@internal@v8@@QEAA_NAEBQEAVAllocationObserver@23@@Z) referenced in function "public: virtual void __cdecl v8::internal::Space::RemoveAllocationObserver(class v8::internal::AllocationObserver *)" (?RemoveAllocationObserver@Space@internal@v8@@UEAAXPEAVAllocationObserver@23@@Z)
slot-set-unittest.obj : error LNK2001: unresolved external symbol "public: bool __cdecl v8::internal::List<class v8::internal::AllocationObserver *,class v8::internal::FreeStoreAllocationPolicy>::RemoveElement(class v8::internal::AllocationObserver * const &)" (?RemoveElement@?$List@PEAVAllocationObserver@internal@v8@@VFreeStoreAllocationPolicy@23@@internal@v8@@QEAA_NAEBQEAVAllocationObserver@23@@Z)
./unittests.exe : fatal error LNK1120: 2 unresolved externals
Original issue's description:
> [snapshot] Move builtins generation into mksnapshot
>
> and out of the main library. This saves about 5% of binary size
> (800KB on x64, 373KB on android_arm).
>
> Only the GN build is supported; the GYP build is maintained working
> but does not support the feature.
>
> BUG=v8:6055
> CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_linux_nosnap_rel;
>
> Review-Url: https://codereview.chromium.org/2760233005
> Cr-Commit-Position: refs/heads/master@{#44412}
> Committed: 4782bc0df8TBR=jgruber@chromium.org,rmcilroy@chromium.org,machenbach@chromium.org,jkummerow@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:6055
Review-Url: https://codereview.chromium.org/2803903002
Cr-Commit-Position: refs/heads/master@{#44422}
Move the ToBoolean elision in the BytecodeGenerator instead of the
peephole optimizer. Adds a TypeHint mechanism to the ExpressionResult
to enable passing of type hints through the ast visitor.
BUG=v8:6194
Change-Id: Ic55506ba11b213f7459250004d3f18cab04ee9b3
Reviewed-on: https://chromium-review.googlesource.com/467208
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44415}
and out of the main library. This saves about 5% of binary size
(800KB on x64, 373KB on android_arm).
Only the GN build is supported; the GYP build is maintained working
but does not support the feature.
BUG=v8:6055
CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_linux_nosnap_rel;
Review-Url: https://codereview.chromium.org/2760233005
Cr-Commit-Position: refs/heads/master@{#44412}
Both methods decoded a LEB128 encoded integer, but only consume_leb
incremented the pc pointer accordingly.
This CL implements consume_leb by using checked_read_leb.
It also refactors a few things:
1) It removes error_pt, which was only avaible in checked_read_leb.
2) It renames the error method to errorf, since it receives a format
string. This also avoids a name clash.
3) It implements sign extension directly in checked_read_leb instead of
doing this in the caller.
R=ahaas@chromium.org
BUG=v8:5822
Change-Id: I8058f57418493861e5df26d4949041f6766d5138
Reviewed-on: https://chromium-review.googlesource.com/467150
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44405}
Better demarcation between what's mutable because it is code-
specialization specific, and what is provided at initialization.
BUG=
Review-Url: https://codereview.chromium.org/2784233004
Cr-Commit-Position: refs/heads/master@{#44395}
This reflects both the contract in blink, as well as what we
plan to do in streamed compilation, where we'll want to lay out
bytes received such that each section and each function body is
contiguous, but they may all be separate - which entails a copy.
BUG=chromium:697028
Review-Url: https://codereview.chromium.org/2797653002
Cr-Commit-Position: refs/heads/master@{#44387}
Add newline at the start of the function body.
BUG=v8:6190, v8:4958
R=littledan@chromium.org, adamk@chromium.org, caitp@igalia.com
Change-Id: I10db088ac9807a503382fd5080ad955e418d8b45
Reviewed-on: https://chromium-review.googlesource.com/466566
Reviewed-by: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Josh Wolfe <jwolfe@igalia.com>
Cr-Commit-Position: refs/heads/master@{#44352}
For OOB checks on memory accesses, we first subtracted the size of the
type to load/store from the memory size, and then compared against this
effective_size. If the memory size is smaller than the size of the type,
this would lead to an integer underflow, and we would try to load the
value.
This CL fixes this, and adds a test case for this.
R=ahaas@chromium.org
BUG=v8:5822
Change-Id: I26fcba0be7343c88b8459d029b0c0af095d2466a
Reviewed-on: https://chromium-review.googlesource.com/465946
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44345}
Translates code of the form 'if (x === undefined)' into the JumpIfUndefined
bytecode, and similarly for comparisons with null. Also adds bytecodes for
JumpIfNotUndefined / Null.
Moves the peephole optimization for CompareUndefined out of the peephole
optimizer and into the BytecodeGenerator, having the side-effect of enabling
it for comparisons with undefined on both side of the compare operation.
BUG=v8:6107
Review-Url: https://codereview.chromium.org/2793923002
Cr-Commit-Position: refs/heads/master@{#44341}
With --harmony-function-tostring enabled (now enabled by --harmony),
CompileFunctionInContext would produce incorrect results whenever called
with 1 or more argument parameters, due to specifying an incorrect end
position for the parameters.
BUG=v8:6190, v8:4958
R=littledan@chromium.org, adamk@chromium.org, jwolfe@igalia.com
Change-Id: Ied2bcba44116311ebcae3967963472b4e1058fd3
Reviewed-on: https://chromium-review.googlesource.com/465515
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44340}
This reverts commit 4506382dce.
We don't allow DEPS'ing things outside googlesource. This requires a
mirror. Also .gitignore entry is missing.
NOTRY=true
NOTREECHECKS=true
NOPRESUBMIT=true
TBR=bmeurer@chromium.org
Review-Url: https://codereview.chromium.org/2785183005
Cr-Commit-Position: refs/heads/master@{#44307}
Add assembler, disassembler and simulator support for NEON in the ARM64 backend.
BUG=
Review-Url: https://codereview.chromium.org/2622643005
Cr-Commit-Position: refs/heads/master@{#44306}
This CL cleans up a few things:
- It removes two dead declarations: WasmMemoryObject::Grow and
wasm::GrowInstanceMemory.
- It removes the unneeded wasm::GetInstanceMemory function (use
instance->memory_buffer() directly).
- It moves wasm::GetInstanceMemorySize to
WasmInstanceObject::GetMemorySize.
- It moves wasm::GrowInstanceMemory to WasmInstanceObject::GrowMemory.
- It moves wasm::GrowWebAssemblyMemory to WasmMemoryObject::Grow.
R=ahaas@chromium.orgCC=gdeepti@chromium.org
Change-Id: I19781ca9784f1a8e7b60955bef82e341c4f75550
Reviewed-on: https://chromium-review.googlesource.com/463167
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44293}
This will allow V8 extra consumers to track promise state without
using a side-table. This is used by streams as of
173f9f67be.
BUG=chromium:658144
Review-Url: https://codereview.chromium.org/2784213002
Cr-Commit-Position: refs/heads/master@{#44287}
The source set only contained a header file, which caused problems
when compiling a static library with VS.
R=machenbach@chromium.org
BUG=v8:6158
Change-Id: I3eed4a888e72cf6a2917190e4a1db7b38006cd0c
Reviewed-on: https://chromium-review.googlesource.com/463027
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44263}
The parameter indices are shifted by 1 in BytecodeArrayBuilder
because the receiver is variable at index 0 and not -1.
Split BytecodeArrayBuilder::Parameter(index) method into
Receiver() (same as Parameter(-1)) and
Parameter(index).
This way we avoid confusing (index+1) counting in BytecodeGenerator().
BUG=
Change-Id: Id87ec7c708cecfc3108011994f3177f483772bcc
Reviewed-on: https://chromium-review.googlesource.com/461904
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Franziska Hinkelmann <franzih@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44262}
- Introduce new struct AsyncGeneratorRequest, which holds
information pertinent to resuming execution of an
AsyncGenerator, such as the Promise associated with the async
generator request. It is intended to be used as a singly
linked list, and holds a pointer to the next item in te queue.
- Introduce JSAsyncGeneratorObject (subclass of
JSGeneratorObject), which includes several new internal fields
(`queue` which contains a singly linked list of
AsyncGeneratorRequest objects, and `await_input` which
contains the sent value from an Await expression (This is
necessary to prevent function.sent (used by yield*) from
having the sent value observably overwritten during
execution).
- Modify SuspendGenerator to accept a set of Flags, which
indicate whether the suspend is for a Yield or Await, and
whether it takes place on an async generator or ES6
generator.
- Introduce interpreter intrinsics and TF intrinsic lowering for
accessing the await input of an async generator
- Modify the JSGeneratorStore operator to understand whether or
not it's suspending for a normal yield, or an AsyncGenerator
Await. This ensures appropriate registers are stored.
- Add versions of ResumeGeneratorTrampoline which store the
input value in a different field depending on wether it's an
AsyncGenerator Await resume, or an ordinary resume. Also modifies
whether debug code will assert that the generator object is a
JSGeneratorObject or a JSAsyncGeneratorObject depending on the
resume type.
BUG=v8:5855
R=bmeurer@chromium.org, rmcilroy@chromium.org, jgruber@chromium.org,
littledan@chromium.org, neis@chromium.orgTBR=marja@chromium.org
Change-Id: I9d58df1d344465fc937fe7eed322424204497187
Reviewed-on: https://chromium-review.googlesource.com/446961
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44240}
- Fix opcode names to be consistent with opcodes as in wasm-opcodes.h
- Fix Ordering of Ops, inconsistencies
BUG=v8:6020
Review-Url: https://codereview.chromium.org/2776753004
Cr-Commit-Position: refs/heads/master@{#44239}
Compare bytecode handlers does several checks to collect feedback and
repeats these checks when actually performing the operation. This cl
changes it perform the actual comparison for smi / number along with
collecting feedback.
BUG=v8:4280
Change-Id: If0954b68dd232461e08e94a90ccc17604c235b27
Reviewed-on: https://chromium-review.googlesource.com/458420
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44216}
A couple bugs had led code in one Context to be able to lead to
estimated memory usage in another Context, even in cases that should be
easy to detect.
- Ensure that the pointer to the next context is nulled out while
recursing over the portion of the heap. It seems like there was
previously some code to do this partway, but the nulling part
was left out.
- Skip including maps in the understanding of the Context estimated
size, as the maps are shared between Contexts and may be reachable
from other Contexts
Review-Url: https://codereview.chromium.org/2780773002
Cr-Commit-Position: refs/heads/master@{#44208}
Introduce 'contextual keyword' tokens, which are parsed as identifiers but
in some contexts are treated by the parser like proper keywords. These are
usually keywords introduced by recent ECMAScript versions, which for reasons
of backwards compatibility are still permissible as regular identifiers in
most contexts.
Current usage is to check for Token::IDENTIFIER and then do a string
compare. With this change the initial scan will scan them as usual, but
will then record the token as IDENTIFIER plus a secondary token with the
'contextual' value.
BUG=v8:6902
Change-Id: I6ae390382998cf756a23720bd481cb9c0eb78a72
Reviewed-on: https://chromium-review.googlesource.com/459479
Commit-Queue: Daniel Vogelheim <vogelheim@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44189}
Implement ASSEMBLE_ATOMIC_LOAD/STORE_INTEGER using acquire/release instructions,
to match the existing ASSEMBLE_ATOMIC_EXCHANGE_INTEGER macro.
BUG=v8:6097
Review-Url: https://codereview.chromium.org/2760963002
Cr-Commit-Position: refs/heads/master@{#44184}
This implements support for named captures in
RegExp.prototype[@@replace] for when the replaceValue is not callable.
Named captures can be referenced from replacement strings by using the
"$<name>" syntax. A couple of examples:
let re = /(?<fst>.)(?<snd>.)/u;
"abcd".replace(re, "$<snd>$<fst>") // "bacd"
"abcd".replace(re, "$2$1") // "bacd" (numbered refs work as always)
"abcd".replace(re, "$<snd") // SyntaxError (unterminated named ref)
"abcd".replace(re, "$<42$1>") // "cd" (invalid name)
"abcd".replace(re, "$<thd>") // "cd" (non-existent name)
"abcd".replace(/(?<fst>.)|(?<snd>.)/u, "$<snd>") // "cd" (non-matched capture)
Support is currently behind the --harmony-regexp-named-captures flag.
BUG=v8:5437
Review-Url: https://codereview.chromium.org/2775303002
Cr-Original-Commit-Position: refs/heads/master@{#44171}
Committed: 17f13863b6
Review-Url: https://codereview.chromium.org/2775303002
Cr-Commit-Position: refs/heads/master@{#44182}
Reason for revert:
Invalid DCHECKs for non-matched groups.
Original issue's description:
> [regexp] Named capture support for string replacements
>
> This implements support for named captures in
> RegExp.prototype[@@replace] for when the replaceValue is not callable.
>
> Named captures can be referenced from replacement strings by using the
> "$<name>" syntax. A couple of examples:
>
> let re = /(?<fst>.)(?<snd>.)/u;
> "abcd".replace(re, "$<snd>$<fst>") // "bacd"
> "abcd".replace(re, "$2$1") // "bacd" (numbered refs work as always)
> "abcd".replace(re, "$<snd") // SyntaxError (unterminated named ref)
> "abcd".replace(re, "$<42$1>") // "cd" (invalid name)
> "abcd".replace(re, "$<thd>") // "cd" (non-existent name)
> "abcd".replace(/(?<fst>.)|(?<snd>.)/u, "$<snd>") // "cd" (non-matched capture)
>
> Support is currently behind the --harmony-regexp-named-captures flag.
>
> BUG=v8:5437
>
> Review-Url: https://codereview.chromium.org/2775303002
> Cr-Commit-Position: refs/heads/master@{#44171}
> Committed: 17f13863b6TBR=yangguo@chromium.org,littledan@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5437
Review-Url: https://codereview.chromium.org/2776293003
Cr-Commit-Position: refs/heads/master@{#44180}
This CL removes code which is based on the assumption that if
WebAssembly code says that memory accesses are aligned, that they are
really aligned. On arm, memory accesses crashed when this assumption
was violated.
Most likely this CL will cause a performance regression on arm. At the
moment we plan to fix this regression eventually by using arm NEON
instructions in V8.
R=titzer@chromium.org
Change-Id: Ibb60fa1ef0173c13af813a3cb7eb26bfa2a847c2
Reviewed-on: https://chromium-review.googlesource.com/451297
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44179}
A step towards removing isolate from ParseInfo.
Removing isolate from ParseInfo will make it easier to create and
execute parse tasks on background threads.
BUG=v8:6093
Change-Id: I0a3546618d01b9232014da94cf8d0f72427a0d1d
Reviewed-on: https://chromium-review.googlesource.com/458006
Commit-Queue: Wiktor Garbacz <wiktorg@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44176}
A step towards removing isolate from ParseInfo.
Removing isolate from ParseInfo will make it easier to create and
execute parse tasks on background threads.
BUG=v8:6093
Change-Id: Ief4eb3c9873026a93338d5556985f31c9abe17e6
Reviewed-on: https://chromium-review.googlesource.com/458005
Commit-Queue: Wiktor Garbacz <wiktorg@google.com>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44173}
This implements support for named captures in
RegExp.prototype[@@replace] for when the replaceValue is not callable.
Named captures can be referenced from replacement strings by using the
"$<name>" syntax. A couple of examples:
let re = /(?<fst>.)(?<snd>.)/u;
"abcd".replace(re, "$<snd>$<fst>") // "bacd"
"abcd".replace(re, "$2$1") // "bacd" (numbered refs work as always)
"abcd".replace(re, "$<snd") // SyntaxError (unterminated named ref)
"abcd".replace(re, "$<42$1>") // "cd" (invalid name)
"abcd".replace(re, "$<thd>") // "cd" (non-existent name)
"abcd".replace(/(?<fst>.)|(?<snd>.)/u, "$<snd>") // "cd" (non-matched capture)
Support is currently behind the --harmony-regexp-named-captures flag.
BUG=v8:5437
Review-Url: https://codereview.chromium.org/2775303002
Cr-Commit-Position: refs/heads/master@{#44171}
Previously we threw a generic error meesage on failing hole check for
accessing 'this'. But 'this' can be a hole only if the super() has not
been called so we change the error message.
BUG=v8:5957
Change-Id: I2f0e3d813f16919645d8a5efa7d26e73bd2d83fe
Reviewed-on: https://chromium-review.googlesource.com/459085
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44162}
A step towards removing isolate from ParseInfo.
Removing isolate from ParseInfo will make it easier to create and
execute parse tasks on background threads.
BUG=v8:6093
Change-Id: I977eec8faecc8a112506f219994b4e4ec388b180
Reviewed-on: https://chromium-review.googlesource.com/458004
Commit-Queue: Wiktor Garbacz <wiktorg@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44160}
This patch adds support for MIPS SIMD (MSA) instructions in Assembler
and Decoder (disassembler) classes. MSA instructions are implemented for
both mips32 and mips64 architectures.
BUG=
Review-Url: https://codereview.chromium.org/2740123004
Cr-Commit-Position: refs/heads/master@{#44148}
Since we no longer support the ignition-staging configuration
any longer, we can retire the three tier pipeline and the
CompileBaseline functionallity.
We still need support for JSFunction self healing due to
liveedit (which for --no-turbo might end up replacing a
forced Ignition function with a FCG function) - we can
remove this once we remove --no-turbo support.
BUG=v8:4280
Change-Id: I5482abd17785324654e022affd6bdb555b19b181
Reviewed-on: https://chromium-review.googlesource.com/452620
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44141}
A step towards removing isolate from ParseInfo.
Removing isolate from ParseInfo will make it easier to create and
execute parse tasks on background threads.
BUG=v8:6093
Change-Id: I25b23b3bf64502f84c28ce688ad2997c9665a069
Reviewed-on: https://chromium-review.googlesource.com/458003
Reviewed-by: Daniel Clifford <danno@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Commit-Queue: Wiktor Garbacz <wiktorg@google.com>
Cr-Commit-Position: refs/heads/master@{#44140}
Besides adding accessors get_origin() and set_origin(), it creates easier test
accessors is_wasm() and is_asm_js().
This allows the possibility of caching boolean flags for is_wasm() and
is_asm_js() without having to change any code except for the files containing
the class definition for WasmModule.
BUG= v8:6152
R=bbudge@chromium.org,mtrofin@chromium.org
Review-Url: https://codereview.chromium.org/2771803005
Cr-Commit-Position: refs/heads/master@{#44130}
Require the use of MarkingState when going through ObjectMarking
and friends.
BUG=chromium:651354
Review-Url: https://codereview.chromium.org/2770253002
Cr-Commit-Position: refs/heads/master@{#44123}
A step towards removing isolate from ParseInfo.
Removing isolate from ParseInfo will make it easier to create and
execute parse tasks on background threads.
BUG=v8:6093
Change-Id: Iefd2fd01a700509f05d6f1a272cfa39cc545d39b
Reviewed-on: https://chromium-review.googlesource.com/458001
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Wiktor Garbacz <wiktorg@google.com>
Cr-Commit-Position: refs/heads/master@{#44096}
The former will handle stores to global variables, lets and undeclared
variables. The latter will handle named stores to explicit receiver.
BUG=chromium:576312, v8:5561
Change-Id: I335fa21db47c3d001da8cc79fa8cb6f8abcbb7e2
Reviewed-on: https://chromium-review.googlesource.com/458639
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44085}
This patch makes Math.random() behave deterministically when a fixed
random seed is provided. This is done by re-seeding the random number
generator the first time a script requests a random number. Doing this
ensures Math.random() returns the same sequence across page loads and
across iframes.
BUG=chromium:696001
Review-Url: https://codereview.chromium.org/2760393002
Cr-Commit-Position: refs/heads/master@{#44076}
With precise binary code coverage, the reported count is either 0 or 1.
We only report 1 the first time we collect coverage data after the
function has been executed.
Since we do not care about the accurate execution count, we can optimize
the function once it has been executed once.
Also change best effort coverage to be implicitly binary.
R=caseq@chromium.org, jgruber@chromium.org, pfeldman@chromium.org
BUG=v8:5808
Review-Url: https://codereview.chromium.org/2766573003
Cr-Commit-Position: refs/heads/master@{#44074}
This CL adds support for indirect function calls to the interpreter. It
can indirectly call other wasm function in the same instance, which are
then executed in the interpreter, or call imported functions.
Implementing this required some refactoring:
- The wasm interpreter now unwraps import wrappers on demand, instead
of unwrapping all of them on instantiation and storing a vector of
handles. This also avoids the DeferredHandleScope completely, instead
we just store two global handles in the code map.
- The interpreter gets the code table, function tables and signature
tables directly from the attached wasm instance object. This ensures
that the interpreter sees all updates to tables that might have been
performed by external code.
- There is now common functionality for calling a code object. This is
used for direct calls to imported functions and for all indirect
calls. As these code objects can also be wasm functions which should
be executed in the interpreter itself, I introduce a struct to hold
the outcome of calling the code object, or a pointer to
InterpreterCode to be called in the interpreter.
R=ahaas@chromium.org
BUG=v8:5822
Change-Id: I20fb2ea007e79e5fcff9afb4b1ca31739ebcb83f
Reviewed-on: https://chromium-review.googlesource.com/458417
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44059}
It was removed so that Parser::DeserializeScopeChain does not have
to get it from ParseInfo.
Only a small step in direction of removing isolate from ParseInfo.
BUG=v8:6093
Change-Id: Iaaf92dc6eb5ec9c4efc05ac73666fbc66e0ed8c1
Reviewed-on: https://chromium-review.googlesource.com/457999
Commit-Queue: Wiktor Garbacz <wiktorg@google.com>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44057}
APIs and trivial implementation, to unblock Chrome side dev.
BUG=chromium:697028
Review-Url: https://codereview.chromium.org/2763413003
Cr-Commit-Position: refs/heads/master@{#44053}
The AssignmentExpressions can legally contain destructuring assignments.
BUG=v8:6098
R=marja@chromium.org, adamk@chromium.org
Change-Id: I99b3a0f4c8d103edfb1dda943ec3e2ab2a5969f7
Reviewed-on: https://chromium-review.googlesource.com/455221
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44049}
Current implementation of the pextrw instruction is the legacy SSE2 instruction in the assembler (66 0F C5), and SSE4 implementation(66 0F 3A 15) in disasm-x64.cc, this causes incorrect instruction encodings to be printed when using --print-code flag for debug, in this case, causes over flow of bytes, and subsequent instructions to be incorrectly disassembled. Fixing to use SSE4 encodings in the assembler cosistent with pextrb, pextrd.
R=bbudge@chromium.org, mtrofin@chromium.org
Review-Url: https://codereview.chromium.org/2771513002
Cr-Commit-Position: refs/heads/master@{#44047}
- Skips test when expected value is very small or large.
- Renames methods to make more sense.
LOG=N
BUG=v8:4124
Review-Url: https://codereview.chromium.org/2764413003
Cr-Commit-Position: refs/heads/master@{#44045}
This adds optimization and deoptimization counts to the Web UI. Also, the function timeline
now shows optimization and deoptimization marks.
Review-Url: https://codereview.chromium.org/2753543006
Cr-Commit-Position: refs/heads/master@{#44033}
Proposed behaviour:
- StepNext at return position go into next function call (no changes with current behavior, but implemented in v8::Debug instead of hack on inspector side);
- StepOut at return position go into next non-current function call.
We need this to have better stepping in cases with native functions, blackboxed functions and/or different embedder calls (e.g. event listeners).
New behavior could be illustrated with two examples (for more see stepping-with-natives-and-frameworks test):
- let's assume that we've blackboxed callAll function, this function just takes its arguments and call one after another:
var foo = () => 1;
callAll(foo, foo, () => 2);
If we break inside of first call of function foo. Then on..
..StepNext - we're able to reach second call of function foo,
..StepOut - we're able to reach () => 2 call.
- let's consider case with native function:
[1,2,3].map(x => x * 2)
If we break inside of first callback call, then with StepNext we can iterate through all calls of callback, with StepOut we go to next statement after .map call.
Implementation details:
- when we request break we schedule step-in function call for any step action at return position and for step-in at any position,
- when we request StepOut at return position - we mark current function as needed-to-be-ignored inside of PrepareStepIn(function) call,
- when we request StepOut at not return position - we set break at return position and ask debugger to just repeat last step action on next stepping-related break.
Design doc: https://docs.google.com/document/d/1ihXHOIhP_q-fJCA0e2EiXz_Zr3B08KMjaPifcaqZ60Q/edit
BUG=v8:6118,chromium:583193
R=dgozman@chromium.org,yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2758483002
Cr-Commit-Position: refs/heads/master@{#44028}
Some of the StrictEquality comparisons do not require feedback (for ex: in
try-finally, generators). This cl introduces StrictEqualityNoFeedback bytecode
to be used in such cases. With this change, we no longer have to check if the
type feedback slot is valid in compare bytecode handlers.
This is the first step in reworking the compare bytecode handler to avoid
duplicate checks when collecting feedback and when performing the operation.
BUG=v8:4280
Change-Id: Ia650fd43c0466b8625d3ce98c39ed1073ba42a6b
Reviewed-on: https://chromium-review.googlesource.com/455778
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44020}
... when we run without code flushing.
BUG=
Change-Id: I956c53732598d805581388453010238c029fc3ba
Reviewed-on: https://chromium-review.googlesource.com/458199
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44016}
For instance, /\b\b\b\B\B\B/ is folded into the equivalent /\b\B/.
BUG=v8:6126
Review-Url: https://codereview.chromium.org/2768443003
Cr-Commit-Position: refs/heads/master@{#44004}
Reason for revert:
Temporarily disabled tests on chromium side (https://codereview.chromium.org/2764933002)
Original issue's description:
> Revert of [wasm] Transferrable modules (patchset #13 id:280001 of https://codereview.chromium.org/2748473004/ )
>
> Reason for revert:
> Breaks layout tests:
> https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/14312
>
> See https://github.com/v8/v8/wiki/Blink-layout-tests
>
> Original issue's description:
> > [wasm] Transferrable modules
> >
> > We want to restrict structured cloning in Chrome to:
> > - postMessage senders and receivers that are co-located
> > in the same process
> > - indexedDB (just https).
> >
> > For context, on the Chrome side, we will achieve the postMessage part
> > by using a mechanism similar to transferrables: the
> > SerializedScriptValue will have a list of wasm modules, separate from
> > the serialized data stream; and this list won't be copied cross
> > process boundaries. The IDB part is achieved by explicitly opting in
> > reading/writing to the serialization stream. To block attack vectors
> > in IPC cases, the default for deserialization will be to expect data
> > in the wasm transfers list.
> >
> > This change is the V8 side necessary to enabling this design. We
> > introduce TransferrableModule, an opaque datatype exposed to the
> > embedder. Internally, TransferrableModules are just serialized data,
> > because we don't have a better mechanism, at the moment, for
> > de-contextualizing/re-contextualizing wasm modules (wrt Isolate and
> > Context).
> >
> > The chrome defaults will be implemented in the
> > serialization/deserialization delegates on that side. For the v8 side
> > of things, in the absence of a serialization delegate, the V8
> > serializer will write to serialization stream. In the absence of a
> > deserialization delegate, the deserializer won't work. This asymmetry
> > is intentional - it communicates to the embedder the need to make a
> > policy decision, otherwise wasm serialization/deserialization won't
> > work "out of the box".
> >
> > BUG=v8:6079
> >
> > Review-Url: https://codereview.chromium.org/2748473004
> > Cr-Commit-Position: refs/heads/master@{#43955}
> > Committed: 99743ad460
>
> TBR=jbroman@chromium.org,bradnelson@chromium.org,mtrofin@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:6079
>
> Review-Url: https://codereview.chromium.org/2762163002
> Cr-Commit-Position: refs/heads/master@{#43981}
> Committed: e538b70e1aTBR=jbroman@chromium.org,bradnelson@chromium.org,machenbach@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:6079
Review-Url: https://codereview.chromium.org/2762273002
Cr-Commit-Position: refs/heads/master@{#43994}
Reason for revert:
Breaks layout tests:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/14312
See https://github.com/v8/v8/wiki/Blink-layout-tests
Original issue's description:
> [wasm] Transferrable modules
>
> We want to restrict structured cloning in Chrome to:
> - postMessage senders and receivers that are co-located
> in the same process
> - indexedDB (just https).
>
> For context, on the Chrome side, we will achieve the postMessage part
> by using a mechanism similar to transferrables: the
> SerializedScriptValue will have a list of wasm modules, separate from
> the serialized data stream; and this list won't be copied cross
> process boundaries. The IDB part is achieved by explicitly opting in
> reading/writing to the serialization stream. To block attack vectors
> in IPC cases, the default for deserialization will be to expect data
> in the wasm transfers list.
>
> This change is the V8 side necessary to enabling this design. We
> introduce TransferrableModule, an opaque datatype exposed to the
> embedder. Internally, TransferrableModules are just serialized data,
> because we don't have a better mechanism, at the moment, for
> de-contextualizing/re-contextualizing wasm modules (wrt Isolate and
> Context).
>
> The chrome defaults will be implemented in the
> serialization/deserialization delegates on that side. For the v8 side
> of things, in the absence of a serialization delegate, the V8
> serializer will write to serialization stream. In the absence of a
> deserialization delegate, the deserializer won't work. This asymmetry
> is intentional - it communicates to the embedder the need to make a
> policy decision, otherwise wasm serialization/deserialization won't
> work "out of the box".
>
> BUG=v8:6079
>
> Review-Url: https://codereview.chromium.org/2748473004
> Cr-Commit-Position: refs/heads/master@{#43955}
> Committed: 99743ad460TBR=jbroman@chromium.org,bradnelson@chromium.org,mtrofin@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:6079
Review-Url: https://codereview.chromium.org/2762163002
Cr-Commit-Position: refs/heads/master@{#43981}
For MIPS32, instructions ldc1 and sdc1 are moved into macro-assembler
and renamed as Ldc1 and Sdc1. The reason for placing them into
macro-assembler is that they emmit two or three instructions.
TEST=test/cctest/test-assembler-mips,
test/cctest/test-code-stubs-mips,
test/cctest/test-macro-assembler-mips
BUG=
Review-Url: https://codereview.chromium.org/2751973002
Cr-Commit-Position: refs/heads/master@{#43977}
This CL makes the interpreter reentrant by allowing different
activations to be live at the same time. The wasm interpreter keeps a
list of activations and stores the stack height at the start of each
activation. This information is used to unwind just one activation, or
show the right portion of the interpreter stack for each interpreter
entry frame.
The WasmDebugInfo object stores a mapping from frame pointer (of the
interpreter entry) to the activation id in order to identify the
activation based on the physical interpreter entry frame.
R=titzer@chromium.org, ahaas@chromium.org
BUG=v8:5822
Change-Id: Ibbf93f077f907213173a92e0a2f7f3556515e8eb
Reviewed-on: https://chromium-review.googlesource.com/453958
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43976}
We want to restrict structured cloning in Chrome to:
- postMessage senders and receivers that are co-located
in the same process
- indexedDB (just https).
For context, on the Chrome side, we will achieve the postMessage part
by using a mechanism similar to transferrables: the
SerializedScriptValue will have a list of wasm modules, separate from
the serialized data stream; and this list won't be copied cross
process boundaries. The IDB part is achieved by explicitly opting in
reading/writing to the serialization stream. To block attack vectors
in IPC cases, the default for deserialization will be to expect data
in the wasm transfers list.
This change is the V8 side necessary to enabling this design. We
introduce TransferrableModule, an opaque datatype exposed to the
embedder. Internally, TransferrableModules are just serialized data,
because we don't have a better mechanism, at the moment, for
de-contextualizing/re-contextualizing wasm modules (wrt Isolate and
Context).
The chrome defaults will be implemented in the
serialization/deserialization delegates on that side. For the v8 side
of things, in the absence of a serialization delegate, the V8
serializer will write to serialization stream. In the absence of a
deserialization delegate, the deserializer won't work. This asymmetry
is intentional - it communicates to the embedder the need to make a
policy decision, otherwise wasm serialization/deserialization won't
work "out of the box".
BUG=v8:6079
Review-Url: https://codereview.chromium.org/2748473004
Cr-Commit-Position: refs/heads/master@{#43955}
Before, we were redirecting each function to the interpreter by iterating all
code and patching all call sites using this one function. The runtime was
hence quadratic if all functions were redirected to the interpreter as
done by the --wasm-interpret-all flag.
This CL fixes this to only iterate the code once and redirecting an
arbitrary number of function.
R=ahaas@chromium.org, titzer@chromium.org
BUG=v8:5822
Change-Id: Ia4f2e94a2468f9bef3035b599e1f8a18acf309da
Reviewed-on: https://chromium-review.googlesource.com/455785
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43946}
The code-generator used i.InputInt6 to get the mask-width from the
instruction. However, thereby 64 got wrapped to 0, which is an invalid
mask width. I changed the i.InputInt6 to an i.InputInt32, which should
be okay because the mask-width comes from base::bits::CountPopulation64.
BUG=v8:6122
R=bmeurer@chromium.org, v8-arm-ports@googlegroups.com
Review-Url: https://codereview.chromium.org/2755373002
Cr-Commit-Position: refs/heads/master@{#43927}
Default to the chromium-internal build config (instead of the more
permissive no_chromium_code config).
BUG=v8:5878
Review-Url: https://codereview.chromium.org/2758563002
Cr-Commit-Position: refs/heads/master@{#43909}
Parse tasks are still WIP so there is really no benefit turning them on.
Turn off irrelevant tests.
Fix duplicate parameters inverted logic.
Fix use_counts tracking.
Fix language mode, super_property, evals.
Fix modules and stack overflow.
BUG=v8:6093
Change-Id: I8567b36eef7b9de6799789e7520810bde9c86e5b
Reviewed-on: https://chromium-review.googlesource.com/455916
Commit-Queue: Wiktor Garbacz <wiktorg@google.com>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43903}
This CL renames all occurrences of "internal field" to "embedder field"
to prevent confusion. As it turns out, these fields are not internal to
V8, but are actually embedder provided fields that should not be mucked
with by the internal implementation of V8.
Note that WASM does use these fields, and it should not.
BUG=v8:6058
Review-Url: https://codereview.chromium.org/2741683004
Cr-Commit-Position: refs/heads/master@{#43900}
This is a first stab at extending the existing early lowering approach
to property access operations. Currently we only handle the case where
named property loads are lowered to a soft deoptimize operation, due to
insufficient type feedback.
R=jarin@chromium.org
Change-Id: I779ffb99978023237da5ad9eaf0241fe74243882
Reviewed-on: https://chromium-review.googlesource.com/456316
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43899}
This is a first step towards moving Turbofan code generation off the main thread.
Summary of the changes:
- AssemblerBase no longer has a pointer to the isolate. Instead, its
constructor receives the few things that it needs from the isolate (on most
architectures this is just the serializer_enabled flag).
- RelocInfo no longer has a pointer to the isolate. Instead, the functions
that need it take it as an argument. (There are currently still a few that
implicitly access the isolate through a HeapObject.)
- The MacroAssembler now explicitly holds a pointer to the isolate (before, it
used to get it from the Assembler).
- The jit_cookie also moved from AssemblerBase to the MacroAssemblers, since
it's not used at all in the Assemblers.
- A few architectures implemented parts of the Assembler with the help
of a Codepatcher that is based on MacroAssembler. Since the Assembler no
longer has the isolate, but the MacroAssembler still needs it, this doesn't
work anymore. Instead, these Assemblers now use a new PatchingAssembler.
BUG=v8:6048
Review-Url: https://codereview.chromium.org/2732273003
Cr-Commit-Position: refs/heads/master@{#43890}
Since TrapIf has been implemented on all platforms, there is no need
anymore for the old WasmTrapHelper code. This CL also removes
TrapIf-specific tests.
R=titzer@chromium.org, clemensh@chromium.org
Change-Id: Ic069598441b7bd63bde2e66f4e536abea5ecebe6
Reviewed-on: https://chromium-review.googlesource.com/452380
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43887}
test-unboxed-doubles/WriteBarrierObjectShiftFieldsRight recently started
failing on arm64-nosnapshot builds due to a broken CHECK.
# Fatal error in ../../test/cctest/test-unboxed-doubles.cc, line 1417
# Check failed: heap->InNewSpace(*obj_value).
It expects the result of Factory::NewJSArray() to be in new
space; but NewJSArray encapsulates two allocations so the return value can
actually be in old space. Fix it by ensuring only one allocation occurs.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2759433002
Cr-Commit-Position: refs/heads/master@{#43886}
DetachArrayBuffer makes incorrect assumptions about the state of the ArrayBuffer. It assumes that that the ArrayBuffer is internal to wasm unless guard pages are enabled, this is not the case as the ArrayBuffer can be externalized outside of wasm, in this case through gin.
BUG=chromium:700384
Review-Url: https://codereview.chromium.org/2754153002
Cr-Commit-Position: refs/heads/master@{#43880}
- Change test to avoid adding denormalized numbers. This flushes to
zero on ARM hardware when using Neon.
LOG=N
BUG=v8:6020
Review-Url: https://codereview.chromium.org/2754543007
Cr-Commit-Position: refs/heads/master@{#43864}
- Adds new load/store opcodes (0xc0, 0xc1) for S128 type.
- Implements these for ARM.
- Enables more WASM SIMD tests, and adds new LoadStoreLoad test.
LOG=N
BUG=v8:6020
Review-Url: https://codereview.chromium.org/2745853002
Cr-Commit-Position: refs/heads/master@{#43841}
Adds a TestTypeof bytecode to deal with comparisons of the form:
typeof(object) === 'string';
Also adds support to Turbofan to perform these comparisons without
inserting checkpoints.
BUG=v8:4280,v8:5267
Change-Id: Ib5cc1c6816dfe70a4120838d8eada2fc0267750f
Reviewed-on: https://chromium-review.googlesource.com/454837
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43832}
Mark slow tests discovered by manual audit of reported durations.
Slow tests will run first, which will lead to higher test runner throughput.
Also some tests have flaky timeouts occasionally.
BUG=chromium:601468
Change-Id: If9aeb5422e79ff25b867b01c50386a5fdebeb494
Reviewed-on: https://chromium-review.googlesource.com/455736
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43819}
Removes the --ignition-staging flag since it is no longer used
by anything and won't be a shipping configuration. Also removes
ignition_turbo variant from testrunner, since it is now
the same as the turbofan variant.
BUG=v8:4280
Change-Id: I3b96e986879fc70b8e202fe9496334828acdd0ba
Reviewed-on: https://chromium-review.googlesource.com/452621
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43806}
- Implements vuzp, vtrn instructions for q-registers.
- Refactors vmvn, vswp to use common unary op helper fn.
LOG=N
BUG=v8:6020
Review-Url: https://codereview.chromium.org/2739033002
Cr-Commit-Position: refs/heads/master@{#43795}
This is a cleanup in preparation to implement calling imported
functions via the wasm interpreter.
For imported functions, we do not create entries in the
interpreter_code_ vector any more.
I also simplified the interface and removed unused or redundant return
values. More things are now DCHECKed instead of bailing out.
Also, we previously had two PushFrame methods: One is supposed to
initialize the interpreter from external code (i.e. adds the first
frame to the stack), the other one is used to push new frames on the
frame stack for called functions. This CL renames the first to
InitFrame, and makes it use the second one. The other remaining user is
the DoCall method.
R=titzer@chromium.org
BUG=v8:5822
Change-Id: Id09ff1e3256428fbd8c955e4664507a0c3167e53
Reviewed-on: https://chromium-review.googlesource.com/453482
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43793}
When a FunctionEntryHook parameter was passed to isolate creation,
we ignored any existing snapshots anyway. Since the ability to
bootstrap from scratch will be removed from snapshot builds, the
FunctionEntryHook feature must depend on a no-snapshot build.
BUG=v8:6055
Review-Url: https://codereview.chromium.org/2733203002
Cr-Commit-Position: refs/heads/master@{#43779}
As the code isn't used, but would have to be ported from hand-written
assembly to CodeStubAssembler anyways, I propose to remove it and
restore it if we decide that we actually need it.
R=vogelheim@chromium.org
BUG=
Change-Id: Iffd7fc6ec534b1dd7a9144da900424355c8a7a02
Reviewed-on: https://chromium-review.googlesource.com/453461
Commit-Queue: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43763}
This is basically the minimum viable signal handler for Wasm bounds checks.
It includes the TLS check and the fine grained instructions checks. These
two checks provide most of the safety for the signal handler. Future CLs will
add code range and data range checks for more robustness.
The trap handling code and data structures are all in src/trap-handler, with
the code that actually runs in the signal handler confined to
src/trap-handler/signal-handler.cc.
This changes adds a new V8 API that the embedder should call from a signal
handler that will give V8 the chance to handle the fault first. For hosts that
do not want to implement their own signal handler, we include the option to
install a simple one. This simple handler is also used for the tests.
When a Wasm module is instantiated, information about each function is passed
to the trap handler, which is used to classify faults. These are removed during
the instance finalizer.
Several future enhancements are planned before turning this on by default.
Obviously, the additional checks will be added to MaybeHandleFault. We are
also planning to add a two-level CodeObjectData table that is grouped by
isolates to make cleanup easier and also reduce potential for contending on
a single data structure.
BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277
Review-Url: https://codereview.chromium.org/2371833007
Cr-Original-Original-Commit-Position: refs/heads/master@{#43523}
Committed: a5af7fe9ee
Review-Url: https://codereview.chromium.org/2371833007
Cr-Original-Commit-Position: refs/heads/master@{#43755}
Committed: 338622d7ca
Review-Url: https://codereview.chromium.org/2371833007
Cr-Commit-Position: refs/heads/master@{#43759}
This reverts the previous revert, commit
5a04f4fd68.
Previously reverted changes:
> Revert "[SAB] Move Atomics builtins to C++"
>
> This reverts commit 2b9840d86f.
>
> Revert "[SAB] Remove unreachable Uint8Clamped atomics paths"
>
> This reverts commit d1160fb14f.
>
> Revert "Remove tiny unit test for MinSimple/MaxSimple"
>
> This reverts commit 837760ecb7.
>
> Revert "Remove infrastructure for experimental JS natives"
>
> This reverts commit 8cfe45b6f1.
These changes were reverted to improve a perf regression on a Chrome
bot. Since then, the regression has reappeared, then disappeared again
all from seemingly unrelated changes.
BUG=v8:6033
TBR=adamk@chromium.org,hpayer@chromium.org,yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2732213005
Cr-Commit-Position: refs/heads/master@{#43758}
Reason for revert:
ASAN breakage, such as https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20ASAN/builds/19111/steps/Check/logs/grow-memory
Original issue's description:
> [wasm] Initial signal handler
>
> This is basically the minimum viable signal handler for Wasm bounds checks.
> It includes the TLS check and the fine grained instructions checks. These
> two checks provide most of the safety for the signal handler. Future CLs will
> add code range and data range checks for more robustness.
>
> The trap handling code and data structures are all in src/trap-handler, with
> the code that actually runs in the signal handler confined to
> src/trap-handler/signal-handler.cc.
>
> This changes adds a new V8 API that the embedder should call from a signal
> handler that will give V8 the chance to handle the fault first. For hosts that
> do not want to implement their own signal handler, we include the option to
> install a simple one. This simple handler is also used for the tests.
>
> When a Wasm module is instantiated, information about each function is passed
> to the trap handler, which is used to classify faults. These are removed during
> the instance finalizer.
>
> Several future enhancements are planned before turning this on by default.
> Obviously, the additional checks will be added to MaybeHandleFault. We are
> also planning to add a two-level CodeObjectData table that is grouped by
> isolates to make cleanup easier and also reduce potential for contending on
> a single data structure.
>
> BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277
>
> Review-Url: https://codereview.chromium.org/2371833007
> Cr-Original-Commit-Position: refs/heads/master@{#43523}
> Committed: a5af7fe9ee
> Review-Url: https://codereview.chromium.org/2371833007
> Cr-Commit-Position: refs/heads/master@{#43755}
> Committed: 338622d7caTBR=ahaas@chromium.org,bradnelson@google.com,hpayer@chromium.org,jochen@chromium.org,mark@chromium.org,mseaborn@chromium.org,titzer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277
Review-Url: https://codereview.chromium.org/2744383002
Cr-Commit-Position: refs/heads/master@{#43757}
This is basically the minimum viable signal handler for Wasm bounds checks.
It includes the TLS check and the fine grained instructions checks. These
two checks provide most of the safety for the signal handler. Future CLs will
add code range and data range checks for more robustness.
The trap handling code and data structures are all in src/trap-handler, with
the code that actually runs in the signal handler confined to
src/trap-handler/signal-handler.cc.
This changes adds a new V8 API that the embedder should call from a signal
handler that will give V8 the chance to handle the fault first. For hosts that
do not want to implement their own signal handler, we include the option to
install a simple one. This simple handler is also used for the tests.
When a Wasm module is instantiated, information about each function is passed
to the trap handler, which is used to classify faults. These are removed during
the instance finalizer.
Several future enhancements are planned before turning this on by default.
Obviously, the additional checks will be added to MaybeHandleFault. We are
also planning to add a two-level CodeObjectData table that is grouped by
isolates to make cleanup easier and also reduce potential for contending on
a single data structure.
BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277
Review-Url: https://codereview.chromium.org/2371833007
Cr-Original-Commit-Position: refs/heads/master@{#43523}
Committed: a5af7fe9ee
Review-Url: https://codereview.chromium.org/2371833007
Cr-Commit-Position: refs/heads/master@{#43755}
This fixes the catch predictions for the following builtins --
AsyncFunctionAwaitCaught
AsyncFunctionAwaitUncaught
PromiseResolveClosure
ResolvePromise
PromiseResolve
Added tests for each.
Added whitelist for builtins behind a flag.
BUG=chromium:691875
Change-Id: I816cafdb69f0c9f1eefc440a0a44c36713d0b7dc
Reviewed-on: https://chromium-review.googlesource.com/450894
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43725}
Specifically, add bytecodes for Call0, Call1, Call2, CallProperty0, CallProperty1,
and CallProperty2. Also share the bytecode handler code between between
equivalent CallX and CallPropertyX handlers.
Review-Url: https://codereview.chromium.org/2684993002
Cr-Original-Commit-Position: refs/heads/master@{#43290}
Committed: 00d6f1f80a
Review-Url: https://codereview.chromium.org/2684993002
Cr-Commit-Position: refs/heads/master@{#43700}
It depends on constant field tracking and currently disabled.
BUG=v8:5495
Change-Id: I6202cddfc2d32b5a06c5ab00c42caa6e276a3eb1
Reviewed-on: https://chromium-review.googlesource.com/451639
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43687}
- Changes input filtering to test NaNs, but skip very large or very
small inputs, which may cause imprecision on some platforms.
- Changes expected result filtering to only skip NaNs.
LOG=N
BUG=6020
Review-Url: https://codereview.chromium.org/2738703006
Cr-Commit-Position: refs/heads/master@{#43681}
This introduces a new truncation bit for truncation of minus-zero to zero.
At the moment it is only used to handle the limit cases of deopt, such as the
one in the Google maps workload (see simplified version below), where the -q
(which is desugared to q * -1.0) currently deoptimizes because the result would
produce minus zero. To handle this situation, we exploit the knowledge that
righthand side of + cannot be -0, so even if lefthand side was -0, the result
would still be 0 (so the + operation cannot distinguish between left hand side
0 and -0).
function f(q) {
q -= 4;
return (-q) + q;
}
f(10);
f(10);
%OptimizeFunctionOnNextCall(f);
f(4);
Review-Url: https://codereview.chromium.org/2734253002
Cr-Commit-Position: refs/heads/master@{#43661}
- Implements Float32x4 Mul, Min, Max for ARM.
- Implements Float32x4 relational ops for ARM.
- Implements reciprocal, reciprocal square root estimate/refinement ops for ARM.
- Reorganizes tests to eliminate need for specialized float ref fns in tests.
- Rephrases Gt, Ge in terms of Lt, Le, and eliminates the redundant machine
operators.
- Renames test-run-wasm-simd test names to match instructions.
LOG=N
BUG=v8:6020
Review-Url: https://codereview.chromium.org/2729943002
Cr-Commit-Position: refs/heads/master@{#43658}
Fix two issues in the interpreter entry for 64 bit return values on
32 bit platforms. First, the effect chain was slightly incorrect, second
the order of the returned values was wrong.
Also add a test case for this.
Tested on x64, ia32 and s390.
Plus drive-by fix in Int64Lowering to reuse global constants for
big-endian/little-endian disambiguation.
R=titzer@chromium.org
BUG=v8:5822
Review-Url: https://codereview.chromium.org/2731713002
Cr-Commit-Position: refs/heads/master@{#43654}
This requires serialized data to track the number of API-provided
external references separately.
And it flushes out a case of serialized data corruption (stored "length"
field too large) that we didn't handle without crashing.
BUG=v8:6055
Review-Url: https://codereview.chromium.org/2736923002
Cr-Commit-Position: refs/heads/master@{#43649}
malloc(0) returning 0 is expected behavior on AIX but
compiling with -D_LINUX_SOURCE_COMPAT, malloc(0) should
return a valid pointer (which we do define for AIX). However,
including cstdlib resets the behaviour of _LINUX_SOURCE_COMPAT.
GCC bug: 79839
R=jochen@chromium.org, titzer@chromium.org
BUG=
LOG=N
Review-Url: https://codereview.chromium.org/2732743002
Cr-Commit-Position: refs/heads/master@{#43647}
This pretty much rewrites the preparsed scope data collection. We used to store
the allocation result, but it's faster to just store the raw data which is
needed for deciding it later. (This way we don't need to run the allocation
algorithm for just getting this data.)
For each variable: is_used, maybe_assigned,
has_forced_context_allocation, and for each scope:
inner_scope_calls_eval_.
In addition, this CL moves data handling out of Scope and into
PreParsedScopeData where it belongs and simplifies the API for
PreParsedScopeData.
BUG=v8:5516
R=vogelheim@chromium.org
Change-Id: Ia5a4fa52f585cd4f483ce9a92f2dd7d9754f34ed
Reviewed-on: https://chromium-review.googlesource.com/451273
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43641}
The parser already changes all negative equality comparison operations
to their positive pendants in {ParserBase::ParseBinaryExpression}. No
other source of the Token::NE exists in the system. We can remove all
handling from the compiler and interpreter backends.
R=bmeurer@chromium.org
Change-Id: I58722c08dd8e498f20c65886fce86b8172737b10
Reviewed-on: https://chromium-review.googlesource.com/449716
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43627}
Deletion can cause collisions to be moved in the map which breaks iteration.
For now just remove this support. Also add some additional collision tests
to the test.
BUG=v8:5203
Change-Id: I54a0a4af51da08b3f963dc1d7661dba291e4efea
Reviewed-on: https://chromium-review.googlesource.com/445900
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43621}
This CL provide type with each break location, type could be: call, return or debugger statement.
BUG=chromium:432469
R=yangguo@chromium.org,dgozman@chromium.org
Review-Url: https://codereview.chromium.org/2728563002
Cr-Commit-Position: refs/heads/master@{#43619}
The concurrent marker uses ObjectVisitor to iterate pointers in objects
and local marking bitmaps to keep track of visited objects.
To keep it simple for now, I removed support for multiple tasks
and canceling unfinished tasks.
BUG=chromium:694255
Review-Url: https://codereview.chromium.org/2732053002
Cr-Commit-Position: refs/heads/master@{#43618}
This patch adds a trivial ConcurrentMarking class that can start
background tasks.
BUG=chromium:694255
Review-Url: https://codereview.chromium.org/2728363002
Cr-Commit-Position: refs/heads/master@{#43615}
From asm.js code we might get an empty ArrayBuffer as heap memory. In
this case, both the old memory start and the new memory start will be
nullptr. The size however has to be patched from default_size to 0.
This CL changes code specialization to be able to either patch memory
references, or patch memory sizes or both.
R=titzer@chromium.org, ahaas@chromium.org
BUG=chromium:698587
Change-Id: I4d9d811d75cb83842f23df317e8e7fc02aeb5146
Reviewed-on: https://chromium-review.googlesource.com/450257
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43613}
A previous patch lifting the restriction on invalid escape sequences in
tagged templates had a bug when two template tokens appeared immediately
adject to each other. This moves invalid escape information from the
tokenizer state proper into the TokenDesc, preventing the overwriting
which caused this issue.
Previous CL is at
https://codereview.chromium.org/2665513002
BUG=v8:6029,v8:5546
Review-Url: https://codereview.chromium.org/2724003006
Cr-Commit-Position: refs/heads/master@{#43596}
We don't need the JSStrictNotEqual operator in the compiler, because
this is never generated by the BytecodeGraphBuilder, and the code in
the AstGraphBuilder was dead code. Also remove the backing builtin
StrictNotEqual.
R=mstarzinger@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2727003006
Cr-Commit-Position: refs/heads/master@{#43594}
In lazy compilation, we only compile one function at a time, and we
might not have the wire bytes of the whole module available.
This CL prepares the WasmCompilationUnit for this setting.
It will also be helpful for streaming compilation.
Also, the ErrorThrower (which might heap-allocate) is not stored in the
WasmCompilationUnit any more. Instead, it is passed to the
FinishCompilation method which is allowed to heap-allocate.
R=titzer@chromium.org, ahaas@chromium.org
BUG=v8:5991
Review-Url: https://codereview.chromium.org/2726553003
Cr-Commit-Position: refs/heads/master@{#43573}