Instead of limiting the number of used spill slots and bailing out if
the limit is exceeded, we now store the number of spill slots used and
patch the stack frame size after generating all code.
This removes a lot of checks and bailouts.
Drive-by: Fix a bug with spilling f64 caller frame slots which was
uncovered by the additional test coverage after this CL.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: I25d856f99451642cc15239c0461402e51487d0a1
Reviewed-on: https://chromium-review.googlesource.com/929162
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51500}
During builtins generation, parts of the builtins table may be filled
with placeholder code objects.
This CL ensures that such placeholders are replaced by the real
builtin object during finalization of the builtins constants table.
Bug: v8:6666
Change-Id: I3a2635b29b37690fd7e950b9f38d500704671afb
Reviewed-on: https://chromium-review.googlesource.com/934241
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51498}
Also a small drive-by cleanup to ToSmiLength to make the two functions
more consistent.
Bug: v8:7310
Change-Id: Ied01b72c2d30445eebac2bdab33d96e2df994274
Reviewed-on: https://chromium-review.googlesource.com/931545
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51497}
Moves the decision whether to embed the constant or perform a lookup
through the builtins constants table to
CodeAssembler::UntypedHeapConstant.
Root constants continue to be embedded (and are later turned into
loads through root-register by the backend); non-root constants are
added to the constants table at generation-time and loaded from there
at runtime.
This allows us to remove the recently added boilerplate around
CallStub and CallRuntime in a follow-up.
Bug: v8:6666
Change-Id: Id981088e4b9d665c678acc9718383179f681f063
Reviewed-on: https://chromium-review.googlesource.com/931122
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51495}
and use it more often.
Bug: v8:7310
Change-Id: I7773f35415a0bb529cdaac380c9068f4ed5010ae
Reviewed-on: https://chromium-review.googlesource.com/930236
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51493}
Originally reviewed at https://chromium-review.googlesource.com/929429
and landed as r51486 / d50c7731e8.
Update in reland: whitelisted new builtins as side effect free.
Bug: v8:6791
Change-Id: Iff45700c8a4eca23f3ee6fc9c0cb340dc027cbc6
Reviewed-on: https://chromium-review.googlesource.com/932802
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51491}
Without --harmony-function-tostring, anything other than a JSFunction
or JSBoundFunction throw when Function.prototype.toString is called on
them. But with the toString revision, anything callable allows toString
(and for non-Functions returns the good old "function () { [native code] }"
string).
Bug: v8:7484
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I3540e213a40992151761b59666fe36e0510da908
Reviewed-on: https://chromium-review.googlesource.com/932825
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51489}
When calling a function through a function table, check whether the
instance of the called function differs from the current instance, and
in that case call the other function via a c-wasm-entry instead of
interpreting it.
The c-wasm-entry needs to pass the wasm context, so this CL changes
this to receive the wasm context as parameter instead of embedding the
context of the calling instance.
R=titzer@chromium.org
Bug: chromium:814562, v8:7400
Change-Id: Iea93f270542169f8aac4f8c81aacec559c716368
Reviewed-on: https://chromium-review.googlesource.com/930966
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51485}
Creates a macro that in debug builds generates case statements for
unused bytes codes (marked UNREACHABLE). This will catch the case where
a byte code declared to be unused is actually used. Should be easier to
maintain than the existing comments.
Change-Id: I0b5d830be88b7ef747975657283c1b1e98182360
Reviewed-on: https://chromium-review.googlesource.com/928650
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51482}
This migrates harness adjustments, to be loaded after mjsunit.js on
fuzzers for correctness fuzzing.
This is the first step adding deeper pretty printing. Other
adjustments will be added in follow ups.
Bug: chromium:813833
Change-Id: I51168a31e733d54808cb8853a1c90e897acf3791
Reviewed-on: https://chromium-review.googlesource.com/930565
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51481}
We'll soon also host other configurations for general fuzzing, not only
correctness fuzzing in the new tools/clusterfuzz folder.
TBR=yangguo@chromium.org
Bug: chromium:813833
Change-Id: Icd966bfec91cc547522bad5d1a842500b554754f
Reviewed-on: https://chromium-review.googlesource.com/930331
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51480}
This reverts commit eac4b59fd9.
Reason for revert:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/21829
See:
https://github.com/v8/v8/wiki/Blink-layout-tests
Original change's description:
> [Compiler] Use CompilationCache for StreamedScript compilation.
>
> Previously GetSharedFunctionInfoForStreamedScript didn't either check the
> compilation cache or put the result of compilation into the compilation
> cache. This would mean future compiles would need to re-parse / compile
> the same script even if the isolate had already seen it. This CL
> fixes this.
>
> BUG=v8:5203
>
> Change-Id: I421627b80848feb9884e2440c4ee66556e05b3c9
> Reviewed-on: https://chromium-review.googlesource.com/924285
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Mythri Alle <mythria@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51469}
TBR=rmcilroy@chromium.org,mythria@chromium.org
Change-Id: Id822b55bd162b74f098160a11e6a3bda6924c1e4
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:5203
Reviewed-on: https://chromium-review.googlesource.com/931821
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51477}
AddCode and AddOwnedCode (from NativeModule), as well as the WasmCode
constructor are using a default value (false) for determining whether
the code is liftoff-compiled or not. This CL removes the default
value and requires each call to these functions/constructors to explicitly
set the value.
Change-Id: Icd4187d1710c774826c9134078ec65845bc98dd7
Reviewed-on: https://chromium-review.googlesource.com/928921
Commit-Queue: Kim-Anh Tran <kimanh@google.com>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51475}
This is preparatory cleanup work for eventually tracking the functions
(rather than concrete closures) in the CALL_IC, also for builtins like
the default PromiseCapability [[Resolve]] and [[Reject]] functions. It
adds a new FeedbackCell type, which is used by JSFunctions consistently
now to reference the feedback vector (or undefined if not the function
is not compiled yet or is a native/asm.js function).
This also changes the calling convention for FastNewClosure builtin and
the JSCreateClosure operator in TurboFan to carry the FeedbackCell here
instead of the parent FeedbackVector and the slot index. In addition we
eliminate the now unused %InterpreterNewClosure runtime function.
Bug: v8:2206, v8:7253, v8:7310
Change-Id: Ib4ce456e276e0273e57c163dcdd0b33abf863656
Reviewed-on: https://chromium-review.googlesource.com/928403
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51474}
This is an unfortunate restriction imposed by Worklist::kMaxNumTasks
for now.
This CL unbreaks tests for developers. The CQ didn't catch this breakage
because bots have 8 cores and concurrent marking uses num_cores-1.
R=hpayer@chromium.org
TEST=All tests passed on dev machine (was super broken without this change)
NOTRY=True (to unbreak devs)
Bug: v8:7477,chromium:812178
Change-Id: I644613857c74d1ae00965f3e6d1d7692a4303062
Reviewed-on: https://chromium-review.googlesource.com/931461
Commit-Queue: Gabriel Charette <gab@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51473}
This avoids generation of duplicate strings. Especially debug builds
suffer from this and generate 16000+ strings, mostly for CSA_ASSERT
and CAST statements. Deduplicating these trims that down to roughly
1000 strings.
Release builds are affected at a smaller scale. There, we have roughly
100 duplicate strings in the snapshot.
Bug: v8:6666
Change-Id: I688d3b97431b8cea1e98983eab5f07278dae91a0
Reviewed-on: https://chromium-review.googlesource.com/931041
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51472}
Perf-sheriffs please revert if this causes any performance regressions.
BUG=
Change-Id: I39075482f3c85d69407d6d8e5643d94c1a4425c2
Reviewed-on: https://chromium-review.googlesource.com/461117
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51470}
Previously GetSharedFunctionInfoForStreamedScript didn't either check the
compilation cache or put the result of compilation into the compilation
cache. This would mean future compiles would need to re-parse / compile
the same script even if the isolate had already seen it. This CL
fixes this.
BUG=v8:5203
Change-Id: I421627b80848feb9884e2440c4ee66556e05b3c9
Reviewed-on: https://chromium-review.googlesource.com/924285
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51469}
This patch adds EmbedderGraph::Node::NamePrefix method that will be used
by Chrome for detached DOM nodes.
Bug: chromium:811925
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I89d3b88a3b90ed85addb1d34f08dd15e0559aa9a
Reviewed-on: https://chromium-review.googlesource.com/926362
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51464}
On ia32, we can encode the address of the stack limit in the operand
directly, saving one mov instruction and reducing register pressure.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: I2742efbfea16d56d648c233a2dba1d8672dc489d
Reviewed-on: https://chromium-review.googlesource.com/930961
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51463}
IterableToListCanBeElided checked that the input was always a HeapObject
but this is not true when an iterator symbol is defined on the Number
prototype, meaning Smi and HeapNumber can also be passed in.
Added a regression test for the crash and some correctness tests for
smi and double input to TA.from.
Also factored out the tests in typedarray-from.js that modify global
state e.g. protector cells, so that one iteration of the top level
loop does not interfere with the next.
Bug: chromium:814643
Change-Id: I364d11f011faf8370446f905a35a945d47e4477f
Reviewed-on: https://chromium-review.googlesource.com/930962
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51461}
For builtin and stub code targets, we can be a bit more descriptive and
print their name along with the code kind.
Before:
0x1fafde09c5cf code target (BUILTIN) (0x1fafde088280)
0x1fafde09c5f0 code target (STUB) (0x1fafde084060)
After:
0x1fafde09c5cf code target (BUILTIN Abort) (0x1fafde088280)
0x1fafde09c5f0 code target (STUB CEntryStub) (0x1fafde084060)
Bug: v8:6666
Change-Id: I27d205361748c6bae5e69e14f65efb7f85f23da7
Reviewed-on: https://chromium-review.googlesource.com/928766
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51459}
The crash happens while adding an embedder edge. The |from| heap entry
can be invalidated when the |to| heap entry is added to the snapshot.
This happens because heap entries are pointers into the std::vector
backing store.
Bug: chromium:813515
Change-Id: I6a61bb3fc383a272887925c5da163766d23a0606
Reviewed-on: https://chromium-review.googlesource.com/926525
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51455}
Private fields should not return undefined on access miss, but instead
should throw a TypeError.
This patch uses a bit on v8::Symbol to mark if this symbol is a
private field or not.
This patch also changes the LookupIterator code path that deals with
LookupIterator::State::DATA to deal with JSReceiver instead of
JSObject.
Note: the error message doesn't output the field name, but that's a
WIP.
Bug: v8:5368
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I8ae960b478eb6ae1ebf9bc90658ce3654d687977
Reviewed-on: https://chromium-review.googlesource.com/905627
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51452}
