Fixes the MaybeObject->Object conversion in ObjectStats to allow Smis,
rather than just HeapObjects.
Change-Id: I845613c47bb6ca696d444a025100b471fb385980
Reviewed-on: https://chromium-review.googlesource.com/1049925
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53070}
Loading the length from a PropertyArray is currently broken.
Bug: v8:7732
Change-Id: Ia05f314f2f4822a8821801889b7a58f75b3f198c
Reviewed-on: https://chromium-review.googlesource.com/1049610
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53067}
To stay compatible with JSC, Array.p.sort did a post-processing step
that shadowed elements from the prototype chain.
Some time ago, JSC changed and no longer exhibits this behavior. To
preserve comptibility and stay consistent with RemoveArrayHoles,
this CL removes this post-processing step altogether and adjusts
tests to expect the new behavior.
R=cbruni@chromium.org, jgruber@chromium.org
Bug: v8:7382
Change-Id: Iecedc37cea25001d3768b99a3a9de3a2db90ba82
Reviewed-on: https://chromium-review.googlesource.com/1047286
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53066}
Code comments help a lot to understand the generated code. Add a
comment before each instruction, and some special comments for longer
instructions.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: Ic18974e5cc89e23533e3abc54b0389723b77ff73
Reviewed-on: https://chromium-review.googlesource.com/1049626
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53064}
This CL re-implements CopyFromPrototype, that is used during sorting,
as a runtime function, in preparation to move Array.p.sort to CSA.
CopyFromPrototype is called for sparse non-arrays, where elements
might be available on the prototype chain. For compatibility with
JSC, we copy them to the object itself and sort only own properties.
Bug: v8:7382
Change-Id: I4f5c14995cf9769c4f9f1d62b3a5bfde6d386556
Reviewed-on: https://chromium-review.googlesource.com/1044205
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53061}
This CL implements the functionality of SafeRemoveArrayHoles (JS),
which is used as a pre-processing step for sorting, in a runtime
function.
SafeRemoveArrayHoles is a generic fallback, when an existing runtime
function fails to remove holes/move undefineds to the end of an array.
This CL extends the existing runtime function to also support JSProxy
objects, and objects where indices have accessors.
R=cbruni@chromium.org, jgruber@chromium.org
Bug: v8:7382
Change-Id: I4881539cf2171caba08ff6e3e50320291f49839c
Reviewed-on: https://chromium-review.googlesource.com/1041950
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53060}
On system which required a contiguous code range, we currently limit
the committed wasm code space to the heap code space. Since
https://crrev.com/c/1044195, this was only 128MB, making bigger
benchmarks fail.
There is no need to link the two limits, thus just remove that logic.
R=titzer@chromium.org
Change-Id: Id61f5dd28c96c3d2b7fcd730751285c6fc144bc5
Reviewed-on: https://chromium-review.googlesource.com/1049648
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53059}
This shares JS-to-Wasm wrapper code across instances belonging to the
same module object. We no longer need to copy the wrappers since they
are by now independent of the concrete instance.
R=titzer@chromium.org
BUG=v8:7424
Change-Id: I54188eae6378e53cc274cd19f8e652ffdba72ee5
Reviewed-on: https://chromium-review.googlesource.com/1049607
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53058}
This changes JS-to-Wasm wrappers to no longer embed a WeakCell with the
associated instance into the code, but load the instance object from the
passed {WasmExportedFunction} object instead.
R=titzer@chromium.org
BUG=v8:7424
Change-Id: I5403f882912eb23e760fabe70207440648754a69
Reviewed-on: https://chromium-review.googlesource.com/1028053
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53057}
at register is used a lot in macro-assembler-mips[64].cc and
we should not use it as temporary register in other parts of code
Change-Id: I7ef038cdf4f8c57aa76823e7ee0ffb40b62731cd
Reviewed-on: https://chromium-review.googlesource.com/1027816
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Reviewed-by: Sreten Kovacevic <sreten.kovacevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#53055}
- Make FeedbackVector backing store a WeakFixedArray.
- "feedback" is always strong but "extra" might be weak.
- Whenever the handler stored in FeedbackVector is a WeakCell to a transition
Map, replace it with an in-place weak reference.
For a more detailed description of the changes, see the design doc
https://docs.google.com/document/d/1P8cIme2wKszdYt64ObAiuh6pXgLnrrn80Hpl1ejJbOU/edit#heading=h.ijx1oculrikp
BUG=v8:7308
Change-Id: I72c5cf6597ef24d4c22a1fe8e25b67ca196d4ec8
Reviewed-on: https://chromium-review.googlesource.com/1027855
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53051}
This CL introduces type narrowing and constant folding reducers
to constant fold code that comes out of inlined destructuring
of arrays. In particular, array iterator introduces code that
contains a phi of a temporary array that blocks escape analysis.
The phi comes from conditional that can be evaluated statically
(i.e., constant folded), so with better constant folding we
allow escape analysis to get rid of the temporary array.
On a quick micro-benchmark below, we see more than 6x improvement.
This is close to the hand-optimized version - if we replace
body of f with 'return b + a', we get 220ms (versus 218ms with
destructuring).
function f(a, b) {
[b, a] = [a, b];
return a + b;
}
function sum(count) {
let s = 0;
for (let i = 0; i < count; i++) {
s += f(1, 2);
}
return s;
}
// Warm up
sum(1e5); sum(1e5);
console.time("destructure array");
sum(1e8);
console.timeEnd("destructure array");
console.timeEnd: destructure array, 213.526000
console.timeEnd: destructure array, 1503.537000
Bug: v8:7728
Change-Id: Ib7aec1d5897989e6adb1af1eddd516d8b3866db5
Reviewed-on: https://chromium-review.googlesource.com/1047672
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53048}
We had four files in git which used CRLF. After adding a .gitattributes
file with "* text=auto", we should not get any new ones. This CL
converts the four existing files to LF.
R=mathias@chromium.org
Bug: v8:7570
Change-Id: Ia9c92f4bed14c6669de7d60390627a11de6450b8
Reviewed-on: https://chromium-review.googlesource.com/1047611
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53046}
If trap handlers cannot be installed, we printed two lines to stdout
and stderr, both not terminated by a newline. This CL adds a newline to
one output and uses the FATAL macro for the other, highlighting the
error better and showing the location where it happens.
R=eholk@chromium.org
Bug: v8:7570
Change-Id: Ic24f48f92b87528e0fd5889badf2c90d765e451a
Reviewed-on: https://chromium-review.googlesource.com/1047606
Reviewed-by: Eric Holk <eholk@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53043}
This API will be used by Node.js to provide output compatible with
Chrome devtools.
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I265495f8af39bfc78d7fdbe43ac308f0920e817d
Reviewed-on: https://chromium-review.googlesource.com/1044491
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Eugene Ostroukhov <eostroukhov@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53041}
This moves the internal fields on {WasmExportedFunction} objects from
being properties with private symbols to a separate structure instead.
The new {WasmExportedFunctionData} structure can hang off the underlying
shared function info which is created for each exported function. This
reduces the number of transitions, speeds up instantiation, and makes it
easier to reach them from generated code (in the future).
R=titzer@chromium.org
BUG=v8:7424
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Iaa733b6c9f7bea96246d6680756aa7101669a1a9
Reviewed-on: https://chromium-review.googlesource.com/1047025
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53040}
The RareData objects contain fields that often absent in CodeEntry'es.
They are created as needed when a corresponding field is added.
This reduces CodeEntry size on x64 by 40% from 136 to 80 bytes.
BUG=v8:7719
Change-Id: I1f3c6255aa2f228895e835b536c743396131db31
Reviewed-on: https://chromium-review.googlesource.com/1045885
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53039}
We lost the print functionality for stub schedules somewhere on the
way. This re-adds the appropriate call to TraceSchedule to get it
going again.
Bug: v8:7327
Change-Id: I245823b440542708410d2253f9f4e78b2e22f3c9
Reviewed-on: https://chromium-review.googlesource.com/1047270
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53038}
In preparation for cleaning up PipelineData to use a MachineGraph
where appropriate, move the dead node up to MachineGraph.
R=ahaas@chromium.org
Bug: v8:7721
Change-Id: I3f9d456aef7cf4d80adbc93ae938636ffcc3712d
Reviewed-on: https://chromium-review.googlesource.com/1046828
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53037}
Retpolines were never used for off-heap wasm code. This CL adds them.
R=titzer@chromium.org
Bug: chromium:840376, chromium:798964
Change-Id: I9f1b2150cce484f831a83663d1fb06555e7eac82
Reviewed-on: https://chromium-review.googlesource.com/1047385
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53036}
Trying to reduce use of our self-baked data structures.
Bug: v8:7570
Change-Id: I419a932b6b8904810844d40a5636e423df832197
Reviewed-on: https://chromium-review.googlesource.com/1032739
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53033}
The DCHECK was incorrect. This new API method can be called from any
debug mode since the embedder does not know which mode we are in.
It should only apply the side effect logic when the mode is
kSideEffects.
Bug: chromium:829571
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I11b0e5194b151a2b88171d6be21c3ccbba9cd408
Reviewed-on: https://chromium-review.googlesource.com/1046162
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Erik Luo <luoe@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53030}
Stubs and builtins are very similar. The main differences are that
stubs can be parameterized and may be generated at runtime, whereas
builtins are generated at mksnapshot-time and shipped with the snapshot
(or embedded into the binary).
My main motivation for these conversions is that we can generate
faster calls and jumps to (embedded) builtins callees from (embedded)
builtin callers. Instead of going through the builtins constants table
indirection, we can simply do a pc-relative call/jump.
This also unlocks other refactorings, e.g. removal of
CallRuntimeDelayed.
TBR=mlippautz@chromium.org
Bug: v8:6666
Change-Id: I4cd63477f19a330ec70bbf20e2af8a42fb05fabb
Reviewed-on: https://chromium-review.googlesource.com/1044245
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53027}
In the process, rename Boolean constants (i.e. JavaScript constants),
to 'True' and 'False'. This uncovered a bug in the internal handling
of True/False labels was fixed (they shouldn't be Values and Torque
shouldn't conflate Labels with other Declarables, throwing exceptions
when they're improperly used in the wrong context). Furthermore,
the internal labels used for True and False for if statements
have been renamed so that they can't be aliased from user Torque code.
Change-Id: I09dbd2241d2bc2f1daff53862dee1b601810060c
Reviewed-on: https://chromium-review.googlesource.com/1044370
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53026}
Define simple accessors in the header and give them lower case names.
R=mstarzinger@chromium.org
Bug: v8:7570
Change-Id: I2914013fdea2218189275bbaa9f98ea5de0ccd7c
Reviewed-on: https://chromium-review.googlesource.com/1046546
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53024}
We can save a pointer of space for each CodeEntry by removing this
field which we don't really need. Instead of concatenating the name
string on demand, concatenate the prefix eagerly.
Reduces sizeof(CodeEntry) from 136 to 128 on 64-bit.
Bug: v8:7719
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Id346a8f36794e337e8c886f8d1969431424539b0
Reviewed-on: https://chromium-review.googlesource.com/1039825
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53014}
