The bug was that we didn't track using await as a class name inside
arrow function formal parameters, and hence didn't recognize the error
in this case:
async(x = class await {}) => {}
BUG=v8:6714
Change-Id: Iabe6c947a4f621fb72361671d77f4765ba1a9578
Reviewed-on: https://chromium-review.googlesource.com/616776
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47407}
Move the desugaring into BytecodeGenerator per TODOs.
BUG=v8:6472
R=tebbi@chromium.org, rmcilroy@chromium.org, jgruber@chromium.org
Change-Id: Ic482bee18d6e6fe73de4c5f9abaf4feda7be2dd5
Reviewed-on: https://chromium-review.googlesource.com/550396
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Cr-Commit-Position: refs/heads/master@{#47403}
Make it consistent so that registers in all architecture have a member
function called `bit()`.
Bug:
Change-Id: Ie6323f81d4ecab1557259a43a30100d8da8b35f1
Reviewed-on: https://chromium-review.googlesource.com/618872
Commit-Queue: Albert Mingkun Yang <albertnetymk@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47401}
This is a reland of 21da12a983
Original change's description:
> [Compiler] Remove CompileDebugCode and EnsureBytecode and replace with Compile
>
> Removes the Compiler::CompileDebugCode and Compiler::EnsureBytecode functions
> and replaces them with a Compiler::Compile(Handle<SharedFunctionInfo> shared)
> function. The code in compiler.cc is refactored to use this function to compile
> the SharedFunctionInfo when compiling a JSFunction.
>
> Also does some other cleanup:
> - Removes CompileUnoptimizedFunction and inlines into new Compiler function
> - Moves code to create top level SharedFunctionInfo into CompilerTopLevel and
> out of FinalizeUnoptimizedCompile.
>
> BUG=v8:6409
>
> Change-Id: Ic54afcd8eb005c17f3ae6b2355060846e3091ca3
> Reviewed-on: https://chromium-review.googlesource.com/613760
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47394}
TBR=yangguo@chromium.orgTBR=jarin@chromium.org
Bug: v8:6409
Change-Id: If2eae66a85f129e746a5ca5c04935540f3f86b04
Reviewed-on: https://chromium-review.googlesource.com/618886
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47399}
This reverts commit 21da12a983.
Reason for revert: Failing on arm64 simulator
Original change's description:
> [Compiler] Remove CompileDebugCode and EnsureBytecode and replace with Compile
>
> Removes the Compiler::CompileDebugCode and Compiler::EnsureBytecode functions
> and replaces them with a Compiler::Compile(Handle<SharedFunctionInfo> shared)
> function. The code in compiler.cc is refactored to use this function to compile
> the SharedFunctionInfo when compiling a JSFunction.
>
> Also does some other cleanup:
> - Removes CompileUnoptimizedFunction and inlines into new Compiler function
> - Moves code to create top level SharedFunctionInfo into CompilerTopLevel and
> out of FinalizeUnoptimizedCompile.
>
> BUG=v8:6409
>
> Change-Id: Ic54afcd8eb005c17f3ae6b2355060846e3091ca3
> Reviewed-on: https://chromium-review.googlesource.com/613760
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47394}
TBR=rmcilroy@chromium.org,yangguo@chromium.org,jarin@chromium.org,leszeks@chromium.org
Change-Id: I4ba63e82417a185f1528ff2633eb6c8872fbbfe5
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6409
Reviewed-on: https://chromium-review.googlesource.com/618687
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47397}
Removes the Compiler::CompileDebugCode and Compiler::EnsureBytecode functions
and replaces them with a Compiler::Compile(Handle<SharedFunctionInfo> shared)
function. The code in compiler.cc is refactored to use this function to compile
the SharedFunctionInfo when compiling a JSFunction.
Also does some other cleanup:
- Removes CompileUnoptimizedFunction and inlines into new Compiler function
- Moves code to create top level SharedFunctionInfo into CompilerTopLevel and
out of FinalizeUnoptimizedCompile.
BUG=v8:6409
Change-Id: Ic54afcd8eb005c17f3ae6b2355060846e3091ca3
Reviewed-on: https://chromium-review.googlesource.com/613760
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47394}
This removes brittle Scope walking in FinalizeForOfStatement()
by making ParserBase call InitializeForEachStatement() while
in the proper Scope.
Bug: v8:6724
Change-Id: I6e828ccb3a5e4d98633a95a2bfb8d255ad0fc0eb
Reviewed-on: https://chromium-review.googlesource.com/614654
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47376}
Makes ClusterFuzz start fuzzing with the flag on.
BUG=v8:5516
Change-Id: Ia80f7d22f12fe25efb226102a896e8b0e3537947
Reviewed-on: https://chromium-review.googlesource.com/610000
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47366}
This removes:
- CodeBreakIterator for FCG code.
- RelocModes for debug breaks.
- Code generator for debug break slots.
- GC support for debug break slots.
- Code flag to indicate code with debug break slots.
- Builtin type DBG.
- Mechanisms to replace FCG code in the debugger and LiveEdit.
- Runtime entry to the debugger from debug break slots.
R=bmeurer@chromium.org, rmcilroy@chromium.org, ulan@chromium.org
Bug: v8:6409
Change-Id: I5662c8800e3ef1b1584ad107bfe0aae26c9d8abb
Reviewed-on: https://chromium-review.googlesource.com/613263
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47364}
* Avoid "using namespace" statements, which trigger clang's -Wheader-hygiene
warnings in jumbo builds.
* Undefine created macros at the end of source files.
BUG=chromium:746958
Change-Id: I5d25432c314437f607b0e1be22765a6764267ba6
Reviewed-on: https://chromium-review.googlesource.com/610962
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Mostyn Bramley-Moore <mostynb@opera.com>
Cr-Commit-Position: refs/heads/master@{#47347}
This follows up 4af9cfcc by separating incremental marking state
from the full MC marking state. Runtime and tests now use only
the incremental marking state. The full MC marking state used
by MC during atomic pause.
This separation decouples atomicity of markbit accesses
during incremental marking and during full MC.
Bug: chromium:694255
TBR: mlippautz@chromium.org
Change-Id: Ia409ab06515cd0d1403a272a016633295c0d6692
Reviewed-on: https://chromium-review.googlesource.com/612350
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47336}
This reverts commit 01cae9efe4.
Reason for revert: Seeing several flaky crashes on windows associated to this change:
https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20debug/builds/18407https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20debug/builds/18408
Original change's description:
> [Memory] Improve OOM callback tests.
>
> - Changes OOM tests to keep allocating more and more, starting from a
> large amount, until we exhaust address space and get a failure.
>
> Bug: v8:6635
> Change-Id: I007927c5f639ed395d90198272c93b6ee0e58249
> Reviewed-on: https://chromium-review.googlesource.com/609264
> Commit-Queue: Bill Budge <bbudge@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47328}
TBR=bbudge@chromium.org,mlippautz@chromium.org
Change-Id: Ibe49f99040e1a3c595ed836d1d40dbd0c7247d1c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6635
Reviewed-on: https://chromium-review.googlesource.com/612288
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47332}
- Changes OOM tests to keep allocating more and more, starting from a
large amount, until we exhaust address space and get a failure.
Bug: v8:6635
Change-Id: I007927c5f639ed395d90198272c93b6ee0e58249
Reviewed-on: https://chromium-review.googlesource.com/609264
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47328}
- See bug for the reduced test case.
- Not adding a regression test here: I don't want to assert that PreParser
doesn't detect the redeclaration error, OTOH I don't want to make it detect
the error either (in order to not couple detecting the error with
FLAG_experimental_preparser_analysis).
BUG=chromium:753896, v8:5516
Change-Id: I0f1beffe30e5cb48d6dbec35181980864e6df153
Reviewed-on: https://chromium-review.googlesource.com/608976
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47326}
These operators were only used by the old asm.js pipeline (with
fullcodegen and the AstGraphBuilder). When going through the new
pipeline, accesses to TypedArrays are handled by the native
context specialization during inlining.
Bug: v8:6409
Change-Id: Ib9b888c0b96f297a335580ee42dfa951bde566be
Reviewed-on: https://chromium-review.googlesource.com/612347
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47322}
Removes the new.target slot from the interpreter's fixed frame. Instead
adds a field to BytecodeArray to get the bytecode's incoming
new.target or generator object register. The InterpreterEntryTrampoline
then sets this register with the incoming new.target (or generator object)
when the function is called. This register can be directly the new.target
or generator object variable if they are LOCAL location, otherwise it is a
temporary register which is then moved to the variable's location during the
function prologue.
This fixes a hack in the deoptimizer where we would set the new.target fixed
slot to undefined in order to avoid extending it's lifetime through the
optimized code - now it's just a standard register and can be optimized away
as normal.
Bug=v8:6644
Change-Id: Ieb8cc34cccefd9fb6634a90cbc77c6002a54f2ae
Reviewed-on: https://chromium-review.googlesource.com/608966
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47320}
Bytecode array visitor has a side-effect of incrementing the age counter.
This patch makes the increment atomic and thus safe for the concurrent
marker.
Bug: chromium:694255
Change-Id: I36c65b02ace8d366206bd8295e72aaa19742ed56
Reviewed-on: https://chromium-review.googlesource.com/610001
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47317}
Deletes the now unused Full-codegen compiler. Also removes some macro
assembler instructions which are no longer used.
Note: there is still additional cleanup work to do after this lands
(e.g., remove support for FCG frames support and FCG
debugger support, etc.), but this will be done in followup CLs to keep
this patch managable.
BUG=v8:6409
Change-Id: I8d828fe7a64d29f2c1252d5fda968a630a2e9ef2
Reviewed-on: https://chromium-review.googlesource.com/584773
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47307}
For Divide operations like
r = a / b
where r has only truncated uses (i.e. only used in bitwise operations),
we used to generate a Float64Div unless we statically knew something
about a and b, even if a and b have always been integers so far.
Crankshaft was able to generate an integer division here, because
Fullcodegen collected feedback independently for inputs and outputs of
binary operations.
This adds new BinaryOperationFeedback::kSignedSmallInputs, which is used
specifically for Divide to state that we have seen only SignedSmall
inputs thus far, but the outputs weren't always in the SignedSmall
range.
The issue was discovered in a WebGL Triangulation library and reported
via https://twitter.com/mourner/status/895708603117518848 after Node
8.3.0 was released with I+TF.
R=jarin@chromium.org
Bug: v8:6698
Change-Id: I830e421a3bf91fc8fa3665cbb706bc13675a6d2b
Reviewed-on: https://chromium-review.googlesource.com/612063
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47302}
This patch merges ObjectMarking and MarkingState. The new marking state
encapsulates object marking, live byte tracking, and access atomicity.
The old ObjectMarking calls are now replaced with calls to marking
state. For example:
ObjectMarking::WhiteToGrey<kAtomicity>(obj, marking_state(obj)
becomes
marking_state()->WhiteToGrey(obj)
This simplifies custom handling of live bytes and allows to chose
atomicity of markbit accesses depending on collector's state.
This also decouples marking bitmap from the marking code, which will
allows in future to use different data-structure for mark-bits.
Bug: chromium:694255
Change-Id: Ifb4bc0144187bac1c08f6bc74a9d5c618fe77740
Reviewed-on: https://chromium-review.googlesource.com/602132
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47288}
Deletes AstGraphBuilder and associated classes now that it is
unreachable. The following classes are also removed:
- ControlBuilders
- JSFrameSpecialization
- AstLoopAssignmentAnalysis
Also removes flags from compilation-info which are no longer used, and removes
the no-deoptimization paths from TypedOptimization, JsTypedLowering,
JSIntrinsicLowering and JSBuiltinLowering.
BUG=v8:6409
Change-Id: I63986e8e3497bf63c4a27ea8ae827b8a633d4a26
Reviewed-on: https://chromium-review.googlesource.com/583652
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47284}
This is a pure renaming CL; no functionality changes.
R=mtrofin@chromium.org
Bug:
Change-Id: I2f8262bdb17b9256d5b66fad56a7e51063f6f0d9
Reviewed-on: https://chromium-review.googlesource.com/610007
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47282}
Removes the pathways to use Full-Codegen from compiler.cc. Also removes all
paths to optimize using AstGraphBuilder, which relies on Full-codegen.
Cleans up ast-numbering, runtime-profiler and some runtime functions to
remove now dead code.
This makes Full-codegen and AstGraphBuilder dead, but doesn't remove their
code yet, that will be done in a followup CL to keep things reviewable.
BUG=v8:6409
Change-Id: I3901ff17d960b2bb084cef0cb39fa16cb8419881
Reviewed-on: https://chromium-review.googlesource.com/583328
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47277}
This is in preparation to the removal of the FullCodeGenerator, we no
longer need the ability to stress the underlying implementation.
R=rmcilroy@chromium.org
BUG=v8:6409
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: Iad3177d6de4a68b57c12a770b6e85ed7a9710254
Reviewed-on: https://chromium-review.googlesource.com/584747
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47276}
This test started failing on arm64-debug-nosnap builds since we'd have
leftover NEVER_EVACUATE code-space pages from Isolate initialization.
Ensure that we exhaust all such pages and overflow into LO_SPACE before
continuing into the real test, and simply generate dummy code instead of
copying a fake CEntryStub.
Bug: v8:6690
Change-Id: I3889b5818e2467dcdce3485f1372f3b7383478f4
Reviewed-on: https://chromium-review.googlesource.com/608139
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47273}
Previously we could not support these due to their unique memory layout
including off-heap backing store allocations. We now serialize these
allocations and then fix-up references to them in the PostProcess step
of deserialization.
Bug: v8:6691
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ic215049c06e6ee655bd17c11dfab0d8630568a84
Reviewed-on: https://chromium-review.googlesource.com/597709
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47271}
This reverts commit b35a0789bc.
Reason for revert: Roll blocker for https://chromium-review.googlesource.com/c/607193
Original change's description:
> [heap, runtime] Fix conversion of large strings to thin strings.
>
> This patch removes creation of fillers in the middle of a large page and
> fixes assert in Heap::NotifyObjectLayoutChange.
>
> The fillers in large pages are useless since we do not sweep large
> object space.
>
> Bug: chromium:752426
> Change-Id: I01c230223f28d6d54b7362ee70e9d83de50678fd
> Reviewed-on: https://chromium-review.googlesource.com/601994
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47221}
TBR=ulan@chromium.org,jkummerow@chromium.org,mlippautz@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: chromium:752426
Change-Id: I58a632af37fa018d82693099a7a395ca5db5af0f
Reviewed-on: https://chromium-review.googlesource.com/609404
Reviewed-by: Michael Hablich <hablich@chromium.org>
Commit-Queue: Michael Hablich <hablich@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47262}
This reverts commit decf5750c6.
Reason for revert: broken layout tests
Original change's description:
> [runtime] Store hash code in length field
>
> Store the hash code in 21 bits of the length field.
>
> Change the GetIdentityHash API to be unhandlified, since there's no
> property lookup anymore.
>
> Update js/ and test/ to match new API and expections.
>
> Bug:
> Change-Id: I8dc75de4021f59e79b45f3f38ec997c3b3687b24
> Reviewed-on: https://chromium-review.googlesource.com/589688
> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47259}
TBR=ulan@chromium.org,jkummerow@chromium.org,mstarzinger@chromium.org,cbruni@chromium.org,gsathya@chromium.org
Change-Id: I32db9c20a51b2401464924cafea502628a0d0b92
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/609322
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47260}
Store the hash code in 21 bits of the length field.
Change the GetIdentityHash API to be unhandlified, since there's no
property lookup anymore.
Update js/ and test/ to match new API and expections.
Bug:
Change-Id: I8dc75de4021f59e79b45f3f38ec997c3b3687b24
Reviewed-on: https://chromium-review.googlesource.com/589688
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47259}
There are two reasons for Scopes to need information about eval calls
inside them:
- Eval in a scope, or any of its inner scopes, turns off a bunch of
scope analysis optimizations (e.g., all variables have to be treated
as "used" and context-allocated).
- Eval in a sloppy declaration scope means allows runtime addition
of var declarations.
This patch aims to make the code better-reflect this reality.
It's meant as a pure cleanup, with no expected change in behavior.
Change-Id: I744c5051bb7a90b11420930e9596e5d6c35eb440
Reviewed-on: https://chromium-review.googlesource.com/602848
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47257}
AsyncGenerators, when resumed with a "return" completion, Await the sent
value to provide consistency with syntactic return statements. This
moves the await to during AsyncGeneratorResumeNext, shrinking the number
of bytecodes.
There's a minor change to BytecodeGenerator which removes a
%_GeneratorClose() call, since it's inserted implicitly by the parser.
BUG=v8:5855
TBR=neis@chromium.org
Change-Id: I2965c610e5985ac24c713b481e62f6b97f96a3d8
Reviewed-on: https://chromium-review.googlesource.com/582218
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47253}
Splits out AttachOuterScopeInfo from DeclarationScope::Analyze and attaches
the outer scope info after parsing has completed (when parsing on the main
thread, which is the only time we have an outer scope info) instead of
during Compiler::Analyse().
BUG=v8:5203
TBR=yangguo@chromium.org
Change-Id: Idd8d2409fb20f09a9f6bbf5cff7e6edcf90077d7
Reviewed-on: https://chromium-review.googlesource.com/605889
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47243}
- Previous fix is https://chromium-review.googlesource.com/c/583531 but it
diverges Scopes created by PreParser from Scopes created by Parser.
- This CL creates the inner block scope a bit earlier and (temporarily) pushes
it into the scope chain for parsing the variable declarations in a for
loop. The previous approach was to first parse the variable declarations and
then reparent the AST nodes / Scopes created while parsing it afterwards.
- This CL partially reverts https://chromium-review.googlesource.com/c/583531;
the new fix only touches parser-base.h (diff between patch sets 2 and 3 is the
fix).
- The Ignition golden changes are basically undoing the changes done in that CL
too.
Bug: chromium:740591
Change-Id: Iceff1383ef066317e754942bb5ff0c70a91bc937
Reviewed-on: https://chromium-review.googlesource.com/603787
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47241}
This reverts commit 649b1e70e7.
Reason for revert: A1 Jetstream bots are still failing.
Original change's description:
> [wasm] Reland "[wasm] redirect wasm calls to js functions through a GCed table"
>
> This reverts commit 25f03308a7.
>
> Reason for revert: Fix the cause of bot failure and reland
>
> Original change's description:
> > Revert "[wasm] redirect wasm calls to js functions through a GCed table"
> >
> > This reverts commit eb65f35e96.
> >
> > Reason for revert: Broke jetstream benchmark on android.
> >
> > BUG=chromium:750828
> >
> > Original change's description:
> > > [wasm] redirect wasm calls to js functions through a GCed table
> > >
> > > With this patch, rather than embedding the JSReceiver address directly
> > > in the WasmToJS wrappers, we put that in a fixed array with global handle
> > > scope and instead embed the location of the handle and the index in the
> > > wrapper. This ensures that the wrapper doesn't need to be patched if the
> > > GC kicks in. This is needed to get the WASM code off the GCed heap.
> > >
> > > R=mtrofin@chromium.org
> > >
> > > Bug:
> > > Change-Id: Ie5a77a78cdecec51b04f702c63b8e4285e6a2d8d
> > > Reviewed-on: https://chromium-review.googlesource.com/581682
> > > Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
> > > Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
> > > Cr-Commit-Position: refs/heads/master@{#46884}
> >
> > TBR=mtrofin@chromium.org,aseemgarg@google.com,aseemgarg@chromium.org,clemensh@chromium.org
> >
> > # Not skipping CQ checks because original CL landed > 1 day ago.
> >
> > Change-Id: I26f49ee0a1fe73cc5d8852ded87b56638be39ebf
> > Reviewed-on: https://chromium-review.googlesource.com/596268
> > Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
> > Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#47059}
>
> R=mtrofin@chromium.org,aseemgarg@google.com,aseemgarg@chromium.org,clemensh@chromium.org,sullivan@chromium.org
>
> Change-Id: I29ef35f6e612a706d9f571da3e7beb1da8b5052b
> Bug: chromium:750828
> Reviewed-on: https://chromium-review.googlesource.com/597010
> Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47177}
TBR=bradnelson@chromium.org,sullivan@chromium.org,mtrofin@chromium.org,aseemgarg@google.com,aseemgarg@chromium.org,clemensh@chromium.org
Bug: chromium:750828
Change-Id: I04b12c0eb0705ad809822a7d7461423be77d942a
Reviewed-on: https://chromium-review.googlesource.com/606867
Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
Reviewed-by: Aseem Garg <aseemgarg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47231}
This CL consolidates ownership of parameters used to compile code (which
we always specialize) in 2 places:
- ModuleEnv for compile-time data
- WasmCompiledModule for runtime data
The parameters in question are: memory size and start; globals start;
address of indirect function tables (and their signatures, respectively);
and address to be used for wasm call sites.
Ideally, we'd collapse this down to one place, however, we need
specialization data to survive serialization. We can achieve this we get off
the GC heap and use a different wasm code serializer.
The CL:
- removes aliasing of parts of the specialization data, and moves
to using ModuleEnv as a token of passing around compile-time data, instead
of a mixture of ModuleEnv, WasmInstance, and some other structures. ModuleEnv
is responsible for providing a consistent view of the specialization data,
e.g. valid memory sizes (multiples of page size), and matching sized function
tables and signatures.
- removes WasmInstance, as its data is now contained by ModuleEnv.
- removes ModuleBytesEnv. We now pass the wire bytes explicitly. They can't
always be assumed as present (e.g. streaming compilation), and probably more
refactoring may need to happen once streaming compilation lands and we
better understand our dependencies.
Change-Id: Id7e6f2cf29e51b5756eee8b6f8827fb1f375e5c3
Reviewed-on: https://chromium-review.googlesource.com/592531
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47229}
Add support for the simulation of MIPS SIMD MI10 instruction group,
which included Load Vector and Store Vector instructions. Add
corresponding test for these instructions.
Bug:
Change-Id: I7cbc9d8dff2a779d9a716f539cd9a2bbb8ac694a
Reviewed-on: https://chromium-review.googlesource.com/595567
Reviewed-by: Miran Karić <Miran.Karic@imgtec.com>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@imgtec.com>
Cr-Commit-Position: refs/heads/master@{#47226}
A spec change (a0dfeba1a8) introduced a number of Await operations to the spec. In turn, this caused generated bytecode for async generators to grow drastically.
This commit moves the Await within AsyncGeneratorYield (https://tc39.github.io/proposal-async-iteration/#sec-asyncgeneratoryield step 5) into a new TFJ builtin, similar in structure to AsyncGeneratorAwait, but instead of resuming the generator on resolution of the Promise, the current generator request's Promise is fulfilled instead.
This results in a reduction in generated bytecode without losing any statically available information.
BUG=v8:5855
Change-Id: Ib5bcf06132d221beffdea30639a7b4437030143b
Reviewed-on: https://chromium-review.googlesource.com/582487
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47224}
This patch removes creation of fillers in the middle of a large page and
fixes assert in Heap::NotifyObjectLayoutChange.
The fillers in large pages are useless since we do not sweep large
object space.
Bug: chromium:752426
Change-Id: I01c230223f28d6d54b7362ee70e9d83de50678fd
Reviewed-on: https://chromium-review.googlesource.com/601994
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47221}
This moves deserializer setup boilerplate inside the deserializers, and
makes improper usage less likely. For instance:
ObjectDeserializer deserializer(&scd);
/* ... deserializer setup ... */
MaybeHandle<HeapObject> obj = deserializer.Deserialize(isolate);
/* ... result checks and casts ... */
has now become:
/* All setup and casts inside deserializer, impossible to illegally
use the same instance multiple times. */
MaybeHandle<SharedFunctionInfo> maybe_result =
ObjectDeserializer::DeserializeSharedFunctionInfo(
isolate, &scd, source);
Bug: v8:6624
Change-Id: Id5a1848e024e89cf86e5292389ba7c89f31d8e6b
Reviewed-on: https://chromium-review.googlesource.com/604791
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47219}
This makes sure we perform a proper holder lookup when trying to inline
API accessors calls in TurboFan. Inlining is completely disabled in case
the holder is not found, otherwise the appropriate holder is passed via
the {PropertyAccessInfo} structure (if different from the receiver).
R=bmeurer@chromium.org
TEST=cctest/test-api/ReceiverSignature
BUG=chromium:752149
Change-Id: I7b192724afd99d651b6477b2f2c8b403a10efb9d
Reviewed-on: https://chromium-review.googlesource.com/603615
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47216}
This code appears to have been wrong forever, as it only
threw in strict mode (presumably predating ES2015 const).
In order to get exactly the right behavior, special
handling of sloppy named function expressions is required.
Rather than polluting PropertyAttributes with another
dummy value, this CL simply adds a bool output argument
to Context::Lookup to indicate that case.
Bug: v8:6677
Change-Id: I34daa5080d291808f10cbaefc91d716f0b22963b
Reviewed-on: https://chromium-review.googlesource.com/602690
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47207}
This is part of the effort to consolidate the ownership of
wasm instantiation/specialization parameters.
This change is focused solely on the interpreter part of that effort, to
verify we're not regressing performance in interpreter benchmarks.
There are two aspects being addressed:
- dataflow-wise, we always fetch the interpreter's memory view from the
runtime objects (i.e. WasmInstanceObject/WasmCompiledModule). This is
consistent with how other instance-specific information is obtained
(e.g. code, indirect functions).
- representation-wise, we do not reuse ModuleEnv/WasmInstance just for
the memory view, because it is surprising that other instance info isn't
accessed from there.
Bug:
Change-Id: I536fbffd8e1f142a315fa1770ba9b08319f56a8e
Reviewed-on: https://chromium-review.googlesource.com/602083
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47205}
The interpreter was not able to call imported wasm functions (hitting
UNIMPLEMENTED). This CL fixes this by creating a "CWasmEntry", which is
signature-specific. It has JS linkage and receives the wasm code object
to call and a buffer containing all arguments (similar to the
interpreter entry). It loads all arguments from the buffer and calls the
given code object.
The c-wasm-entry code objects are cached per instance, such that we
only create them once per signature.
These wasm entry stubs will also allow us to call back to compiled code
from the interpreter, which we might want to do to reduce the slowdown
of executing wasm for debugging.
R=titzer@chromium.org
Bug: chromium:735792
Change-Id: I7fecec3a7bec62a9de40fff115b684759b12a28b
Reviewed-on: https://chromium-review.googlesource.com/600308
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47195}
This reverts commit 25f03308a7.
Reason for revert: Fix the cause of bot failure and reland
Original change's description:
> Revert "[wasm] redirect wasm calls to js functions through a GCed table"
>
> This reverts commit eb65f35e96.
>
> Reason for revert: Broke jetstream benchmark on android.
>
> BUG=chromium:750828
>
> Original change's description:
> > [wasm] redirect wasm calls to js functions through a GCed table
> >
> > With this patch, rather than embedding the JSReceiver address directly
> > in the WasmToJS wrappers, we put that in a fixed array with global handle
> > scope and instead embed the location of the handle and the index in the
> > wrapper. This ensures that the wrapper doesn't need to be patched if the
> > GC kicks in. This is needed to get the WASM code off the GCed heap.
> >
> > R=mtrofin@chromium.org
> >
> > Bug:
> > Change-Id: Ie5a77a78cdecec51b04f702c63b8e4285e6a2d8d
> > Reviewed-on: https://chromium-review.googlesource.com/581682
> > Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
> > Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#46884}
>
> TBR=mtrofin@chromium.org,aseemgarg@google.com,aseemgarg@chromium.org,clemensh@chromium.org
>
> # Not skipping CQ checks because original CL landed > 1 day ago.
>
> Change-Id: I26f49ee0a1fe73cc5d8852ded87b56638be39ebf
> Reviewed-on: https://chromium-review.googlesource.com/596268
> Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47059}
R=mtrofin@chromium.org,aseemgarg@google.com,aseemgarg@chromium.org,clemensh@chromium.org,sullivan@chromium.org
Change-Id: I29ef35f6e612a706d9f571da3e7beb1da8b5052b
Bug: chromium:750828
Reviewed-on: https://chromium-review.googlesource.com/597010
Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47177}
This was suggested by bmeurer after running into the confusing
example of:
x => {x:x}
which might appear to be an arrow function that returns an object
literal containing its argument, but instead is an arrow function
that does nothing.
While it's unclear whether the language would change to make this
probable programmer error an actual syntax error, we can at least
gather some data on the question of whether we see any such code
in the wild.
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I08202039ecf7a7a4c71ad95ecd839436b4ec2af8
Reviewed-on: https://chromium-review.googlesource.com/600888
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47171}
In some cases, PreParser cannot replicate the Scope structure created by
Parser. It happens esp. with arrow function parameters, since the relevant
information is already lost by the time we figure out it's an arrow function.
In these cases, PreParser should bail out of trying to create data for skipping
inner functions.
Implementation notes:
- The arrow function case is more fundamental; the non-arrow case could be
hacked together somehow if we implemented tracking is_simple for each param
separately; but now that it's possible to bail out consistently from both
cases, I don't think the is_simple complication is worth it.
- The added mjsunit test cases are based on the test262 test cases which exposed
the problem.
- cctest/preparser/PreParserScopeAnalysis was exercising similar cases, but the
problem didn't show up because the function parameters didn't contain
skippable functions. Those test cases have been repurposed for testing the
bailout.
- Extra precaution: the bailout tests are in a separate file, to guard from the
bug that a bailout case results in bailing out of *all* data creation, which
would make all skipping tests in the same file useless.
BUG=v8:5516
Change-Id: I4324749a5ec602fa5d7dc27647ade0284a6842fe
Reviewed-on: https://chromium-review.googlesource.com/599849
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47170}
And then lower it afterwards. This is more future-proof for
multi-return values.
R=titzer@chromium.org
CC=rossberg@chromium.org
Bug: v8:6672
Change-Id: I6505b049275360c32530992c1db8765254b405c1
Reviewed-on: https://chromium-review.googlesource.com/602036
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47166}
Moves the construction of CompilationInfo for unoptimized code into
GenerateUnoptimizedCode in preparation for making it owned by the
unoptimized compilation jobs (to be done in a followup CL).
This CL also adds a new constructor for creation of unoptimized
CompilationInfos with fields correctly initialized and updates the existing
constructor to he exclusively for optimized compilation. Finally, also moves
the call to RecordFunctionCompilation with LAZY_COMPILE_TAG recording into
FinalizeUnoptimizedCompilationJob where it is called for other unoptimized
compiles.
BUG=v8:5203,v8:6659
Change-Id: Icfd7f56588073f2fc547e002db9fa99843ed2e8b
Reviewed-on: https://chromium-review.googlesource.com/598908
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47160}
Calling the Array constructor is an edge case, and we don't seem to
benefit from doing the AllocationSite tracking there as well. In fact
it's a lot of complexity and somewhat blocking the more important
optimization of the subclass constructors.
This is an attempt to nuke the CallIC support for AllocationSites. If
it regresses something important, we'll have to find another way.
Bug: v8:6399
Change-Id: I56f6da29679c516f0a5c3161c2696fc2b8762176
Reviewed-on: https://chromium-review.googlesource.com/600968
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47158}
On advancing the iterator we need to reset the current object,
so that it can be lazily reloaded later on.
TBR=mlippautz@chromium.org
Bug: chromium:694255
Change-Id: If7ddd8670df9d11837f491503312919b55b451fe
Reviewed-on: https://chromium-review.googlesource.com/600687
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47142}
An optimization in li checks if a value has all their "n" LSBs set to
one, and their "64-n" MSBs set to zero. This is done by checking
base::bits::IsPowerOfTwo(value + 1), but this doesn't cover the case
when only MSB is zero, and other bits are one. Added another check that
covers the missing case, this also fixes Dsubu test.
BUG=
TEST=cctest/test-assembler-mips/Dsubu
Change-Id: I97b8fb4984af3b7f974ba901e3a1a9c89e925805
Reviewed-on: https://chromium-review.googlesource.com/598228
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@imgtec.com>
Commit-Queue: Miran Karić <Miran.Karic@imgtec.com>
Cr-Commit-Position: refs/heads/master@{#47134}
This mitigates the problem of blocking on the main thread when the
platform is unable to execute background tasks in a timely manner.
Bug: v8:6671
Change-Id: I741d4b7594e8d62721dad32cbfb19551ffacd0c3
Reviewed-on: https://chromium-review.googlesource.com/599528
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47126}
Don't hold a pointer to parse_info in compilation_info, and instead explicitly
add the fields needed in compiation_info. The intention is to make ParseInfo
only actually needed for parsing, and eventually make it possible to compile
with only a CompileInfo.
BUG=v8:5203
Change-Id: Iecd39245e44c218874401c3991eeaf3ceef2816f
Reviewed-on: https://chromium-review.googlesource.com/595738
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47119}
Since frames.h no longer defines basic register types like RegList, it
is no longer necessary to include it in the macro assemblers.
Next step: split out frame-constants.h from frames.h so that it will be
possible to get frame constants without include the stackwalking logic,
which needs objects.h.
R=mstarzinger@chromium.org
Bug:
Change-Id: Ia12d3c8a8d46a73106c3c90bcb4b470c85f1eaa7
Reviewed-on: https://chromium-review.googlesource.com/597788
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47114}
This removes the obsolete {Crankshaft} factory method as it returns the
same configuration as the {Turbofan} factory by now. We now consistently
use {RegisterConfiguration::Default} everywhere.
R=jkummerow@chromium.org
BUG=v8:6408
Change-Id: I6be25774aa6714ef4dc1ef6856bb6dbc95593a29
Reviewed-on: https://chromium-review.googlesource.com/597858
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47109}
This begins splitting up the Deserializer class into
{Object,Partial,Startup}Deserializer. For now, all functionality remains in
the Deserializer base clase, to be refactored in future CLs. Empty .cc files
are added here to avoid having to touch build files again.
Bug: v8:6624
Change-Id: If563e03492991bd55c91cd2e09312c0a26aaab2c
Reviewed-on: https://chromium-review.googlesource.com/598067
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47107}
Previously TryToName bailed out for Oddball keys (i.e. when passing true
or false as the key), which meant that for example the generic
KeyedLoadIC would always bail out to the %KeyedGetProperty runtime
function. But handling Oddball keys is fairly easy, since every oddball
value carries it's unique string representation. Adding just this case
to the CodeStubAssembler::TryToName method boosts this simple
micro-benchmark by a factor of 4x:
const n = 1e7;
const obj = {};
const key = true;
console.time('foo');
for (let i = 0; i < n; ++i) {
if (obj[key] === undefined) {
obj[key] = key;
}
}
console.timeEnd('foo');
It also shows on the ARES-6 ML benchmark and on several Speedometer
tests, where objects are being used as dictionaries and the developers
rely on the implicit ToString conversions on the property accesses.
In the ARES-6 ML benchmark, the number of calls to %KeyedGetProperty
is reduced by 137,758.
Bug: v8:6278, v8:6344, v8:6670
Change-Id: Iaa965e30be4c247682a67ec09543655df9b761d2
Reviewed-on: https://chromium-review.googlesource.com/599527
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47105}
This behavior has been staged successfully without a bug report, and
has been shipped in the latest versions of Firefox and Safari.
Bug: v8:5070
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I084cae2cc303d6a213bd6789297b91656e162d6b
Reviewed-on: https://chromium-review.googlesource.com/595129
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47098}
My goal was to move breakpoint API to native with minimal changes around, so on inspector side we use v8::debug::BreakpointId instead of String16, on v8::internal::Debug we use i::BreakPoint object instead of break point object created inside of debug.js.
There are a lot of opportunities how we can improve breakpoints (at least we can avoid some of linear lookups to speedup implementation) but I think that as first step we need to remove mirrors/debug.js APIs.
Drive by: debugger-script.js and usage of debugger context in inspector code base.
R=yangguo@chromium.org,jgruber@chromium.org,clemensh@chromium.org
Bug: v8:5510,chromium:652939
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I0b17972c39053dd4989bbe26db2bb0b88ca378f7
Reviewed-on: https://chromium-review.googlesource.com/593156
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47091}
This reverts commit d4a742fdf1.
Reason for revert: gc-stress failures
Original change's description:
> Reland "[heap] Add mechanism for tracking invalidated slots per memory chunk."
>
> This reverts commit c59b81d7b8.
>
> Original change's description:
> > [heap] Add mechanism for tracking invalidated slots per memory chunk.
>
> > For correct slots recording in concurrent marker, we need to resolve
> > the race that happens when
> > 1) the mutator is invalidating slots for double unboxing or string
> > conversions
> > 2) and the concurrent marker is recording these slots.
>
> > This patch adds a data-structure for tracking the invalidated objects.
> > Thus we can allow the concurrent marker to record slots without
> > worrying about clearing them. During old-to-old pointer updating phase
> > we re-check all slots that belong to the invalidated objects.
>
> BUG=chromium:694255
>
> Change-Id: Idf8927d162377a7bbdff34f81a87e52db27d6a9f
> Reviewed-on: https://chromium-review.googlesource.com/596868
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47068}
TBR=ulan@chromium.org,mlippautz@chromium.org
Change-Id: I81c6059a092cc5834acd799c51fd30dc0ecf5b27
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:694255
Reviewed-on: https://chromium-review.googlesource.com/597787
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47078}
Some bailout reasons are never referenced. Removing these allows us to
decrease the size of bailout reason bit-fields to 7 bits.
Change-Id: Ib5e884d224c12313e06493ed05a18a22b3951665
Reviewed-on: https://chromium-review.googlesource.com/596128
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47077}
These tests perform GC manually which does not work well with concurrent
marking and stress incremental marking flags.
BUG=chromium:694255
Change-Id: I43e32957bf37053e0d3af07afa00b8bb40935ebd
Reviewed-on: https://chromium-review.googlesource.com/596887
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47070}
This reverts commit c59b81d7b8.
Original change's description:
> [heap] Add mechanism for tracking invalidated slots per memory chunk.
> For correct slots recording in concurrent marker, we need to resolve
> the race that happens when
> 1) the mutator is invalidating slots for double unboxing or string
> conversions
> 2) and the concurrent marker is recording these slots.
> This patch adds a data-structure for tracking the invalidated objects.
> Thus we can allow the concurrent marker to record slots without
> worrying about clearing them. During old-to-old pointer updating phase
> we re-check all slots that belong to the invalidated objects.
BUG=chromium:694255
Change-Id: Idf8927d162377a7bbdff34f81a87e52db27d6a9f
Reviewed-on: https://chromium-review.googlesource.com/596868
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47068}
This reverts commit eb65f35e96.
Reason for revert: Broke jetstream benchmark on android.
BUG=chromium:750828
Original change's description:
> [wasm] redirect wasm calls to js functions through a GCed table
>
> With this patch, rather than embedding the JSReceiver address directly
> in the WasmToJS wrappers, we put that in a fixed array with global handle
> scope and instead embed the location of the handle and the index in the
> wrapper. This ensures that the wrapper doesn't need to be patched if the
> GC kicks in. This is needed to get the WASM code off the GCed heap.
>
> R=mtrofin@chromium.org
>
> Bug:
> Change-Id: Ie5a77a78cdecec51b04f702c63b8e4285e6a2d8d
> Reviewed-on: https://chromium-review.googlesource.com/581682
> Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
> Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#46884}
TBR=mtrofin@chromium.org,aseemgarg@google.com,aseemgarg@chromium.org,clemensh@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Change-Id: I26f49ee0a1fe73cc5d8852ded87b56638be39ebf
Reviewed-on: https://chromium-review.googlesource.com/596268
Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47059}
Per https://github.com/tc39/proposal-async-iteration/pull/102/files:
AsyncGeneratorResolve no longer unwraps a value component. Instead, the value is
unwrapped before the builtin call via Await, allowing Promise rejections to
affect the generator control flow.
Thus, all `yield <expr>` implicitly become `yield await <expr>`.
Additionally, `return <expr>` becomes `return await <expr>`. Finally, when the
generator is resumed with `.return()`, the parameter passed to .return() is
awaited before generator execution properly continues).
BUG=v8:6187, v8:5855
R=littledan@chromium.org, neis@chromium.org, adamk@chromium.orgTBR=rmcilroy@chromium.org, neis@chromium.org
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: Id7718028fd555481f9f4ca0dbecfa788e3057c48
Reviewed-on: https://chromium-review.googlesource.com/594500
Reviewed-by: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Cr-Commit-Position: refs/heads/master@{#47058}
This reverts commit 7a5a777c97.
Reason for revert: crashing in test-api
Original change's description:
> [heap] Add mechanism for tracking invalidated slots per memory chunk.
>
> For correct slots recording in concurrent marker, we need to resolve
> the race that happens when
> 1) the mutator is invalidating slots for double unboxing or string
> conversions
> 2) and the concurrent marker is recording these slots.
>
> This patch adds a data-structure for tracking the invalidated objects.
> Thus we can allow the concurrent marker to record slots without
> worrying about clearing them. During old-to-old pointer updating phase
> we re-check all slots that belong to the invalidated objects.
>
> BUG=chromium:694255
>
> Change-Id: Ifc3d82918cd3b96e5a5fb7125691626a56f4ab83
> Reviewed-on: https://chromium-review.googlesource.com/591810
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47049}
TBR=ulan@chromium.org,mlippautz@chromium.org
Change-Id: I7f4f8e8cb027b921a82e9c0a0623536af02581fb
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:694255
Reviewed-on: https://chromium-review.googlesource.com/595994
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47052}
Adds a base class TestPlatform which implements the most common defaults
for v8::Platform methods.
Reworks existing cctests and unittests to use TestPlatform.
Bug:
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ifeb28a5a190529697d5bcac227e80b10d454d9bd
Reviewed-on: https://chromium-review.googlesource.com/590194
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47050}
For correct slots recording in concurrent marker, we need to resolve
the race that happens when
1) the mutator is invalidating slots for double unboxing or string
conversions
2) and the concurrent marker is recording these slots.
This patch adds a data-structure for tracking the invalidated objects.
Thus we can allow the concurrent marker to record slots without
worrying about clearing them. During old-to-old pointer updating phase
we re-check all slots that belong to the invalidated objects.
BUG=chromium:694255
Change-Id: Ifc3d82918cd3b96e5a5fb7125691626a56f4ab83
Reviewed-on: https://chromium-review.googlesource.com/591810
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47049}
Also fix one apparently-harmless bug in the Parser where we failed
to Finalize an empty scope. Without this fix, the DCHECK fails
on any C-style for-loop with a lexical binding that hits the
fast path (this is well-covered by many existing tests in mjsunit).
Thanks to Georg Neis for the suggestion of this DCHECK.
Change-Id: Ie1a8f8809f4d152c87f2da08209c610514645827
Reviewed-on: https://chromium-review.googlesource.com/587750
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47046}
Remove the concept of IC age from the heap and SFI, since it no
longer does anything useful.
Change-Id: I4ce466efc77c007c09c0889bae09ec6a0c907e33
Reviewed-on: https://chromium-review.googlesource.com/593623
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47041}
The @@toStringTag lookup in Object.prototype.toString causes quite a
lot of overhead and oftentimes dominates the builtin performance. These
lookups are almost always negative, especially for primitive values,
and Object.prototype.toString is often used to implement predicates
(like in Node core or in AngularJS), so having a way to skip the
negative lookup yields big performance gains.
This CL introduces a "MayHaveInterestingSymbols" bit on every map,
which says whether instances with this map may have an interesting
symbol. Currently only @@toStringTag is considered an interesting
symbol, but we can extend that in the future.
In the Object.prototype.toString we can use the interesting symbols
bit to do a quick check on the prototype chain to see if there are
any maps that might have the @@toStringTag, and if not, we can just
immediately return the result, which is very fast because it's derived
from the instance type. This also avoids the ToObject conversions for
primitive values, which is important, since this causes unnecessary
GC traffic and in for example AngularJS, strings are also often probed
via the Object.prototype.toString based predicates.
This boosts Speedometer/AngularJS by over 3% and Speedometer overall
by up to 1%. On the microbenchmark from the similar SpiderMonkey bug
(https://bugzilla.mozilla.org/show_bug.cgi?id=1369042), we go from
roughly 450ms to 70ms, which corresponds to a 6.5x improvement.
```
function f() {
var res = "";
var a = [1, 2, 3];
var toString = Object.prototype.toString;
var t = new Date;
for (var i = 0; i < 5000000; i++)
res = toString.call(a);
print(new Date - t);
return res;
}
f();
```
The design document at https://goo.gl/e8CruQ has some additional
data points.
TBR=ulan@chromium.org
Bug: v8:6654
Change-Id: I31932cf41ecddad079d294e2c322a852af0ed244
Reviewed-on: https://chromium-review.googlesource.com/593620
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47034}