RewritableExpression always contain Assignment until rewriting; which
we only do after parsing a function. We don't call ->Is on possibly
rewritten expressions afterwards (we'll simply visit them instead).
Change-Id: I3be91e9f6701994a571d280515c9da34257f5425
Reviewed-on: https://chromium-review.googlesource.com/c/1291071
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56821}
The atomics and compare-exchange stress tests are intended to test
code generation only anyway and can be quite slow. So skip all the
variants.
Notry: true
Change-Id: Idf443b134558990c7eac43301fa816399794b9d5
Reviewed-on: https://chromium-review.googlesource.com/c/1291077
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56820}
The atomics stress tests use shared array buffers to record
non-deterministic interleaving of execution in web workers. This
produces non-deterministic heap results even in predictable mode.
NOTRY=true
Change-Id: Ic41c53bb6f5c67393fed7b9670c13cee6bc3481b
Reviewed-on: https://chromium-review.googlesource.com/c/1290979
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56819}
Port commit a63987a41a
Original message:
>This JSAsyncFunctionObject represents the implicit generator object
>inside of async functions, and also holds the outer promise for the
>async functions. This in turn allows us to get rid of the .promise
>in the Parser / BytecodeGenerator completely, and will make it
>possible to build zero-cost async stack traces independent of the
>concrete synchronous part of the stack frame (which currently breaks
>in Node.js).
>
>In the bytecode all the async function operations now take this new
>JSAsyncFunctionObject instead of passing both the .generator_object
>and the .promise, which further simplifies and shrinks the bytecode.
>It also reduces the size of async function frames, potentially making
>the suspend/resume cheaper.
>
>This also changes `await` to use intrinsics instead of calling to
>special JSFunctions on the native context, and thus reduces the size of
>the native contexts.
>
>Drive-by-fix: Introduce a dedicated JSCreateAsyncFunctionObject operator
>to TurboFan.
>
>Bug: v8:7253, v8:7522
>Change-Id: I2305302285156aa1f71328ecac70377abdd92c80
>Ref: nodejs/node#11865
>Design-Document: http://bit.ly/v8-zero-cost-async-stack-traces
>Reviewed-on: https://chromium-review.googlesource.com/c/1273049
>Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
>Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
>Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
>Reviewed-by: Maya Lekova <mslekova@chromium.org>
>Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
>Cr-Commit-Position: refs/heads/master@{#56554}
Change-Id: I5a11bd31bf2aac2e2b94779fa03b85ee88d7dbc4
Reviewed-on: https://chromium-review.googlesource.com/c/1288811
Reviewed-by: Ivica Bogosavljevic <ibogosavljevic@wavecomp.com>
Commit-Queue: Ivica Bogosavljevic <ibogosavljevic@wavecomp.com>
Cr-Commit-Position: refs/heads/master@{#56818}
Added to crucial productions that will incur in any infinite recursion:
- In ParsePrimaryExpression
- In all ParseUnaryExpression subrules
- In ParseDoWhileStatement
- In ParseBlock
Change-Id: Iaee295eb5652e57712d029999b36078fea3b7dab
Reviewed-on: https://chromium-review.googlesource.com/c/1290794
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56816}
This reverts commit 41ba3d3eb0.
Reason for revert: Speculative revert:
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Fuzzer/27370https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20predictable/19895
Original change's description:
> [builtins] Implement Array.prototype.slice in Torque
>
> In the process:
>
> - add volatile types for FastJSArray and remove the length_fast accessor
> from JSArray with the application of more rigorous typing.
> - add micro benchmarks for testing all the interesting slice cases
>
> Also update a few assorted places in .tq code to make them more
> idiomatic.
>
> Change-Id: I76ec2bb25b65a869180af1f7288419dc1f0a9c37
> Reviewed-on: https://chromium-review.googlesource.com/c/1281603
> Commit-Queue: Daniel Clifford <danno@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#56806}
TBR=danno@chromium.org,jgruber@chromium.org,tebbi@chromium.org
Change-Id: I1f2c82b4c3ab0848857f620facacf9604d4fcd11
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/1290973
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56815}
This reverts commit 1bf6e73553.
Reason for revert: Breaks nosnap builds:
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20nosnap%20-%20debug/21209
Original change's description:
> [embedded] Share a single RelocInfo between all trampolines
>
> Creates a single RelocInfo to be used by all builtin trampolines and
> stores it as a root. All trampolines then substitute this for their
> trampoline at generation time with DCHECKs to make sure it is
> identical.
>
> Also forces all non-trampoline RelocInfo ByteArrays for builtins to be
> generated into RO_SPACE.
>
> On x64, this results in the OLD_SPACE part of the startup snapshot
> decreasing in size from 166096 to 131248 (-34848) bytes and RO_SPACE
> (in the read-only snapshot) increasing from 31176 to 31248 (+72) bytes.
>
> Bug: v8:8295
> Change-Id: I69f4a899b738f2023ed42501c2b9797d34305b06
> Reviewed-on: https://chromium-review.googlesource.com/c/1276468
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#56811}
TBR=ulan@chromium.org,jgruber@chromium.org,delphick@chromium.org
Change-Id: I57239af6f3fc9c403977da0561b8fe32c1a758e7
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8295
Reviewed-on: https://chromium-review.googlesource.com/c/1291070
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56814}
This test is modelled after the atomics-stress test but supports 64 bit
operands.
Bug: v8:6532
Change-Id: I313b1ade74a58201b3fa097ba5b1515754a685db
Reviewed-on: https://chromium-review.googlesource.com/c/1234414
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56812}
Creates a single RelocInfo to be used by all builtin trampolines and
stores it as a root. All trampolines then substitute this for their
trampoline at generation time with DCHECKs to make sure it is
identical.
Also forces all non-trampoline RelocInfo ByteArrays for builtins to be
generated into RO_SPACE.
On x64, this results in the OLD_SPACE part of the startup snapshot
decreasing in size from 166096 to 131248 (-34848) bytes and RO_SPACE
(in the read-only snapshot) increasing from 31176 to 31248 (+72) bytes.
Bug: v8:8295
Change-Id: I69f4a899b738f2023ed42501c2b9797d34305b06
Reviewed-on: https://chromium-review.googlesource.com/c/1276468
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56811}
This test runs random sequences of atomic wasm operations on multiple
threads and tries to compute an equivalent sequential interleaving that
would reproduce intermediate results.
By its nature, this test might time out and is flaky.
Bug: v8:6532
Change-Id: Iafdab4561cbf37a5c3fa9b8af9d0fbaaf5681608
Reviewed-on: https://chromium-review.googlesource.com/c/1195366
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56810}
Headers are not included in jumbo builds so excluding
them has no meaning and will cause problems in a future
version of jumbo. This patch removes two such headers.
Change-Id: I19eadf989ff69a4e1116ba265ecb37236d67efd4
Reviewed-on: https://chromium-review.googlesource.com/c/1290793
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Daniel Bratell <bratell@opera.com>
Cr-Commit-Position: refs/heads/master@{#56809}
This removes the ad-hoc ramp up period for the step size. The heuristic
was introduced before concurrent marking and is no longer useful.
The heuristic makes incremental marking progress very slow for short
running programs that do not allocate in the old generation.
Replace it with a simple cap on the step size in bytes.
Bug: v8:7253
Change-Id: If50fbd49e38135d006427f607c9a6d212c24fba7
Reviewed-on: https://chromium-review.googlesource.com/c/1288815
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56807}
In the process:
- add volatile types for FastJSArray and remove the length_fast accessor
from JSArray with the application of more rigorous typing.
- add micro benchmarks for testing all the interesting slice cases
Also update a few assorted places in .tq code to make them more
idiomatic.
Change-Id: I76ec2bb25b65a869180af1f7288419dc1f0a9c37
Reviewed-on: https://chromium-review.googlesource.com/c/1281603
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56806}
This field is redundant in that {ok_ == true} equals
{wasm_code_ != nullptr}. Thus remove it, and simplify some logic.
R=ahaas@chromium.orgCC=gdeepti@chromium.org
Bug: v8:8238
Change-Id: I3e3cfcc3a06c945d836c1a8a388bec54e1af12ea
Reviewed-on: https://chromium-review.googlesource.com/c/1290791
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56803}
When --async-stack-traces is on and there's an exception from within an
async_hook "after" handler, we will be faced with a settled promise. In
that case we cannot do anything, since the promise will not have any
reactions on it anymore, but we should also not crash of course.
Bug: chromium:896700, v8:7522
Change-Id: I6e3d212d0433da40740489ff7421c5a98cf9bff3
Reviewed-on: https://chromium-review.googlesource.com/c/1290550
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56801}
Instead of putting "Foo" as type into the list macro, and
then extending to "type*" at consumer macros, put "Foo*"
into the macro.
This is in preparation for incremental transition to ObjectPtr,
where some roots will return pointer types and others won't.
When that migration is complete, everything will be uniform
(and without "*") again.
Bug: v8:3770
Change-Id: Ib4a9900b1fc6e59f5fc924b779ed7e94dc136ad0
Reviewed-on: https://chromium-review.googlesource.com/c/1285397
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56798}
This refactors the innards of HandleBase and IdentityMap
to use Address instead of Object*, as part of the quest
to get rid of Object* entirely.
Bug: v8:3770
Change-Id: I82bd9547ef0d208b1e42636792e21c9064af4cea
Reviewed-on: https://chromium-review.googlesource.com/c/1285396
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56797}
This reverts commit 5847574eb9.
Reason for revert: Break mjsunit tests in Lite mode. You'll have to find a solution for tests using assertOptimized().
Original change's description:
> [Lite] Disable optimization for Lite mode.
>
> BUG=v8:8293
>
> Change-Id: I6b2e02420ab69fb1d2e24945d48b08d2bc24b0d0
> Reviewed-on: https://chromium-review.googlesource.com/c/1280526
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Dan Elphick <delphick@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#56795}
TBR=rmcilroy@chromium.org,delphick@chromium.org
Change-Id: I09f6c17cc325f50560329c46f06ad847f0bb021d
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8293
Reviewed-on: https://chromium-review.googlesource.com/c/1290111
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56796}
TSAN was flakily detecting a race in the Add/RemoveSampler functions.
It could also be fixed by moving the USE(atomic_->Value()); line below
the do loop in the constructor of AtomicGuard.
Given that base::AtomicValue is deprecated and std::atomic has a
compare_exchange operation with std::memory_order_seq_cst, we can just
use std::atomic_bool to fix the TSAN false-positive.
Bug: v8:7702
Change-Id: Id2038ea1ccced7339f45991263e944394e935454
Reviewed-on: https://chromium-review.googlesource.com/c/1288814
Reviewed-by: Alexei Filippov <alph@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56794}
Make heap profiler provide information about each sample currently
alive. That information can be used to build diagrams of memory
allocations over time.
BUG=chromium:889545
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ibcbe2f5302263d0b3976ee4cd3601eff11375cae
Reviewed-on: https://chromium-review.googlesource.com/c/1285130
Commit-Queue: Alexei Filippov <alph@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56793}
This is a reland of a12203c64b
Original change's description:
> [wasm] Add a new wasm-js testsuite to run js-api tests
>
> These changes were necessary to run with the new style of jsapi tests
> introduced in https://github.com/WebAssembly/spec/pull/883.
>
> Change-Id: I4629dd48d595ed97ed0607dec9e7d9808c706a7e
> Reviewed-on: https://chromium-review.googlesource.com/c/1277724
> Commit-Queue: Ben Smith <binji@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Mathias Bynens <mathias@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#56745}
Change-Id: I25fcd95bfc1aee1d21da390359423e5dfed112a4
Reviewed-on: https://chromium-review.googlesource.com/c/1286952
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56791}
When InferReceiverMaps doesn't provide us with reliable maps for the
resolution, we can still utilize the information if all the maps that
are found are stable - aka leaf - maps. But in that case we need to
make sure that we add proper dependencies on the stability of these
maps.
Bug: v8:7253
Change-Id: I6f5825583acc3f2575e83a244d55609ac64d04d3
Reviewed-on: https://chromium-review.googlesource.com/c/1288633
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56789}
By default zx_vmo_create() creates resizable VMOs, which may be
hazardous in some cases. It's safer to use ZX_VMO_NON_RESIZABLE unless
VMO needs to be resizable. It doesn't make much difference in
OS::Allocate() because it drops the VMO handle immediately after
mapping it, still it's better to use ZX_VMO_NON_RESIZABLE for
consistency.
Change-Id: I688ee44b08042a9df7e3fae0b1b3298271b53b1c
Reviewed-on: https://chromium-review.googlesource.com/c/1277605
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Sergey Ulanov <sergeyu@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56788}
Make sure we wait for the worker thread to finish compilation before removing
aborted jobs.
BUG=v8:8317,v8:8041
Change-Id: I42f30c4d430b7787ea5e724bdfda6460e5461233
Reviewed-on: https://chromium-review.googlesource.com/c/1288812
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56787}
Since ValidateExpression just throws the only queued (first) expression error,
we can delay throwing it until the latest possible moment. That's right before
the matching expression classifier dies (goes out of scope or accumulates).
Change-Id: I4538de333b789ae786278b94b76b4799ccdf4903
Reviewed-on: https://chromium-review.googlesource.com/c/1286678
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56785}
Async tail might be long. On frontend side we use only top frame so
we can report tail using id.
R=dgozman@chromium.org
Bug: chromium:873865
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ie9e6b5c4c000cc6bedce2d5fec9f3fa22ea21768
Reviewed-on: https://chromium-review.googlesource.com/c/1286959
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56784}
- Use token-range checks
- Delay ValidateExpression until after the loop
- Only queue classifier errors at the beginning
- Only inline Token-range check rather than the entire
ParseMemberExpressionContinuation to reduce binary size.
Change-Id: Ib81ce071851fe5c13b4bb405cd883df7a82c84c9
Reviewed-on: https://chromium-review.googlesource.com/c/1286677
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56783}
This also changes Consume to bypass the stackoverflow check. Otherwise the
following pattern wouldn't work:
if (peek() == expected) {
f()
}
f() {
Consume(expected);
}
since the call to f can cause the overflow.
Change-Id: If2fd3181ecdf1fd681f584b630e83e0af4e4bf9d
Reviewed-on: https://chromium-review.googlesource.com/c/1286684
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56782}
This separates the fast-non-asan path from the asan path so it can be inlined.
Additionally avoid updating allocation_size_ on each Zone::New call.
Inlining Zone::New actually reduces binary size by 50kb...
Change-Id: Ie5d58638284e5a1a5e0198c24080b0f600d79092
Reviewed-on: https://chromium-review.googlesource.com/c/1288641
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56780}
Teach TurboFan about the maps produced by JSPerformPromiseThen and
JSCreatePromise, which yields a ~1-2% improvement on the doxbee
promises benchmark by removing the redundant checks from the optimized
code with promise chaining.
Bug: v8:7253
Change-Id: If0edce8ba15917c1b7e76b9d06490cfffe911650
Reviewed-on: https://chromium-review.googlesource.com/c/1288639
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56778}
This will be rewritten soon to not use the sampling processor, we can
reenable it then.
Bug: v8:5193
Change-Id: I1d50cf39048e7b5ddeea8d333dcf808fe5c28396
Reviewed-on: https://chromium-review.googlesource.com/c/1288636
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56777}
It seems that the Promise.resolve() lowering in JSCallReducer was no
longer called.
Bug: v8:7253
Change-Id: I3c80aed085d15fb54d88245b9d71b9caed7de075
Reviewed-on: https://chromium-review.googlesource.com/c/1288452
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56773}
