And then lower it afterwards. This is more future-proof for
multi-return values.
R=titzer@chromium.org
CC=rossberg@chromium.org
Bug: v8:6672
Change-Id: I6505b049275360c32530992c1db8765254b405c1
Reviewed-on: https://chromium-review.googlesource.com/602036
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47166}
Moves the construction of CompilationInfo for unoptimized code into
GenerateUnoptimizedCode in preparation for making it owned by the
unoptimized compilation jobs (to be done in a followup CL).
This CL also adds a new constructor for creation of unoptimized
CompilationInfos with fields correctly initialized and updates the existing
constructor to he exclusively for optimized compilation. Finally, also moves
the call to RecordFunctionCompilation with LAZY_COMPILE_TAG recording into
FinalizeUnoptimizedCompilationJob where it is called for other unoptimized
compiles.
BUG=v8:5203,v8:6659
Change-Id: Icfd7f56588073f2fc547e002db9fa99843ed2e8b
Reviewed-on: https://chromium-review.googlesource.com/598908
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47160}
This reland is after fix in [heap] Delete wrong DCHECK.
It includes moving ProxyGetProperty to its own stub to reduce
binary size.
This is a reland of 47a97aa53b
Original change's description:
> [builtins] Port getting property from Proxy to CSA
>
> Bug: v8:6559, v8:6557
> Change-Id: If6c51f5483adb73ddd2495cede5d85e887a3c298
> Reviewed-on: https://chromium-review.googlesource.com/589212
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Maya Lekova <mslekova@google.com>
> Cr-Commit-Position: refs/heads/master@{#47113}
Bug: v8:6559, v8:6557
Change-Id: I76acd97ba1acb62b7e7983db1741441d997050f0
Reviewed-on: https://chromium-review.googlesource.com/600215
Commit-Queue: Maya Lekova <mslekova@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Franziska Hinkelmann <franzih@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47159}
Calling the Array constructor is an edge case, and we don't seem to
benefit from doing the AllocationSite tracking there as well. In fact
it's a lot of complexity and somewhat blocking the more important
optimization of the subclass constructors.
This is an attempt to nuke the CallIC support for AllocationSites. If
it regresses something important, we'll have to find another way.
Bug: v8:6399
Change-Id: I56f6da29679c516f0a5c3161c2696fc2b8762176
Reviewed-on: https://chromium-review.googlesource.com/600968
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47158}
In order to limit the overall length of error message, limit the output
of string provided by the user. This is implemented by a helper class
which takes the maximum length as template argument and has simple
accessors for the start address and the length of the truncated string.
This is the compromise CL after
https://chromium-review.googlesource.com/c/566815 and
https://chromium-review.googlesource.com/c/594288.
R=titzer@chromium.org
Bug: chromium:740023, chromium:749041, v8:6634
Change-Id: I7c154eb18b3a6befd5ecabbd2f435b015ad71542
Reviewed-on: https://chromium-review.googlesource.com/600547
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47157}
This fixes a missing fast-path check in the code-stub implementation of
the {Array.prototype.filter} method. Appending to the target JSArray is
only correct if the underlying length did not change.
R=jgruber@chromium.org
TEST=mjsunit/regress/regress-6657
BUG=v8:6657
Change-Id: Ida8d3511485b649b70d9a4b161742d494ebe4dac
Reviewed-on: https://chromium-review.googlesource.com/600467
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47156}
On advancing the iterator we need to reset the current object,
so that it can be lazily reloaded later on.
TBR=mlippautz@chromium.org
Bug: chromium:694255
Change-Id: If7ddd8670df9d11837f491503312919b55b451fe
Reviewed-on: https://chromium-review.googlesource.com/600687
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47142}
Make sure to fail PrepareTransfer when the transferables array contains
a non-ArrayBuffer, otherwise the function leaks a scheduled_exception.
Bug: chromium:736565
Change-Id: I64c2e09eb92720519c7bda2dca41749ff5ac9c8d
Reviewed-on: https://chromium-review.googlesource.com/599357
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47141}
Change-Id: I42f51fd00b1a21a1ff7ef2379fbf81a42266a737
Reviewed-on: https://chromium-review.googlesource.com/599111
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47137}
An optimization in li checks if a value has all their "n" LSBs set to
one, and their "64-n" MSBs set to zero. This is done by checking
base::bits::IsPowerOfTwo(value + 1), but this doesn't cover the case
when only MSB is zero, and other bits are one. Added another check that
covers the missing case, this also fixes Dsubu test.
BUG=
TEST=cctest/test-assembler-mips/Dsubu
Change-Id: I97b8fb4984af3b7f974ba901e3a1a9c89e925805
Reviewed-on: https://chromium-review.googlesource.com/598228
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@imgtec.com>
Commit-Queue: Miran Karić <Miran.Karic@imgtec.com>
Cr-Commit-Position: refs/heads/master@{#47134}
This mitigates the problem of blocking on the main thread when the
platform is unable to execute background tasks in a timely manner.
Bug: v8:6671
Change-Id: I741d4b7594e8d62721dad32cbfb19551ffacd0c3
Reviewed-on: https://chromium-review.googlesource.com/599528
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47126}
For determining whether unaligned memory accessed is allowed, it is
actually sufficient to pass the MachineRepresentation instead of the
MachineType.
As the MachineRepresentation is an enum, this allows to store the set
of unsupported types as an EnumSet instead of std::vector.
R=mstarzinger@chromium.org
Change-Id: Ibe44717bae3a6034bae683057e80bd40d92e70ae
Reviewed-on: https://chromium-review.googlesource.com/598790
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47123}
Don't hold a pointer to parse_info in compilation_info, and instead explicitly
add the fields needed in compiation_info. The intention is to make ParseInfo
only actually needed for parsing, and eventually make it possible to compile
with only a CompileInfo.
BUG=v8:5203
Change-Id: Iecd39245e44c218874401c3991eeaf3ceef2816f
Reviewed-on: https://chromium-review.googlesource.com/595738
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47119}
The {alignment} parameter in {UnalignedLoadSupported} and
{UnalignedStoreSupported} is never being used.
This CL removes it from several interfaces and users.
R=mstarzinger@chromium.org
Change-Id: Iad5a638b7ed358beeed42f0ea7308dc04f1ed23e
Reviewed-on: https://chromium-review.googlesource.com/598788
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47115}
Since frames.h no longer defines basic register types like RegList, it
is no longer necessary to include it in the macro assemblers.
Next step: split out frame-constants.h from frames.h so that it will be
possible to get frame constants without include the stackwalking logic,
which needs objects.h.
R=mstarzinger@chromium.org
Bug:
Change-Id: Ia12d3c8a8d46a73106c3c90bcb4b470c85f1eaa7
Reviewed-on: https://chromium-review.googlesource.com/597788
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47114}
The ScheduledErrorThrower is also needed in the wasm-async fuzzer so I
moved the implementation from wasm-js.cc to wasm-api.[h|cc].
R=clemensh@chromium.org
Bug: chromium:749838
Change-Id: I49d7438d1ec0281285ce0c64ba462c22001be08e
Reviewed-on: https://chromium-review.googlesource.com/591447
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47112}
This removes the obsolete {Crankshaft} factory method as it returns the
same configuration as the {Turbofan} factory by now. We now consistently
use {RegisterConfiguration::Default} everywhere.
R=jkummerow@chromium.org
BUG=v8:6408
Change-Id: I6be25774aa6714ef4dc1ef6856bb6dbc95593a29
Reviewed-on: https://chromium-review.googlesource.com/597858
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47109}
This begins splitting up the Deserializer class into
{Object,Partial,Startup}Deserializer. For now, all functionality remains in
the Deserializer base clase, to be refactored in future CLs. Empty .cc files
are added here to avoid having to touch build files again.
Bug: v8:6624
Change-Id: If563e03492991bd55c91cd2e09312c0a26aaab2c
Reviewed-on: https://chromium-review.googlesource.com/598067
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47107}
Previously TryToName bailed out for Oddball keys (i.e. when passing true
or false as the key), which meant that for example the generic
KeyedLoadIC would always bail out to the %KeyedGetProperty runtime
function. But handling Oddball keys is fairly easy, since every oddball
value carries it's unique string representation. Adding just this case
to the CodeStubAssembler::TryToName method boosts this simple
micro-benchmark by a factor of 4x:
const n = 1e7;
const obj = {};
const key = true;
console.time('foo');
for (let i = 0; i < n; ++i) {
if (obj[key] === undefined) {
obj[key] = key;
}
}
console.timeEnd('foo');
It also shows on the ARES-6 ML benchmark and on several Speedometer
tests, where objects are being used as dictionaries and the developers
rely on the implicit ToString conversions on the property accesses.
In the ARES-6 ML benchmark, the number of calls to %KeyedGetProperty
is reduced by 137,758.
Bug: v8:6278, v8:6344, v8:6670
Change-Id: Iaa965e30be4c247682a67ec09543655df9b761d2
Reviewed-on: https://chromium-review.googlesource.com/599527
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47105}
This is a reland of 470a10015d
Original change's description:
> Start migration of try/throw/catch to match proposal.
>
> This CL does the first baby steps on moving the current (experimental)
> exception handling to match that of the WebAssembly proposal.
>
> It does the following:
>
> 1) Use exception tags instead of integers.
>
> 2) Only handle empty exception signatures (i.e. no values associated
> with the exception tag.
>
> 3) Only handle one catch clause.
>
> 4) Be sure to rethrow the exception if the exception tag does not match.
>
> Note: There are many things that need to be fixed, and are too
> numerous to list here. However, the code should have TODO's on each
> missing parts of the implementation.
>
> Also note that the code currently doesn't handle nested catch blocks,
> nor does it change the throw value being an integer. Rather, the
> integer value is still being thrown, and currently is the exception
> tag. Therefore, we don't build an exception object. This is the reason
> why this CL doesn't handle exceptions that pass values.
>
> Also, the current implementation still can't handle multiple modules
> because tag resolution (between) modules has not be implemented yet.
>
> Bug: v8:6577
> Change-Id: Id6d08b641b3c42d1eec7d4db582f2dab35406114
> Reviewed-on: https://chromium-review.googlesource.com/591910
> Reviewed-by: Brad Nelson <bradnelson@chromium.org>
> Commit-Queue: Karl Schimpf <kschimpf@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47087}
Bug: v8:6577
Change-Id: I41c3309827c292cb787681a95aaef7cf9b931835
Reviewed-on: https://chromium-review.googlesource.com/598968
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Commit-Queue: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47100}
This behavior has been staged successfully without a bug report, and
has been shipped in the latest versions of Firefox and Safari.
Bug: v8:5070
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I084cae2cc303d6a213bd6789297b91656e162d6b
Reviewed-on: https://chromium-review.googlesource.com/595129
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47098}
If objectGroup is console we should correctly save last evaluated result to expose for next console call in $_ variable.
R=dgozman@chromium.org
Bug: none
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ie0ba2d302606b1c9f096a9a3a107a51a80556c49
Reviewed-on: https://chromium-review.googlesource.com/598936
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47097}
My goal was to move breakpoint API to native with minimal changes around, so on inspector side we use v8::debug::BreakpointId instead of String16, on v8::internal::Debug we use i::BreakPoint object instead of break point object created inside of debug.js.
There are a lot of opportunities how we can improve breakpoints (at least we can avoid some of linear lookups to speedup implementation) but I think that as first step we need to remove mirrors/debug.js APIs.
Drive by: debugger-script.js and usage of debugger context in inspector code base.
R=yangguo@chromium.org,jgruber@chromium.org,clemensh@chromium.org
Bug: v8:5510,chromium:652939
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I0b17972c39053dd4989bbe26db2bb0b88ca378f7
Reviewed-on: https://chromium-review.googlesource.com/593156
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47091}
This reverts commit 470a10015d.
Reason for revert: GC stress bot failures.
https://uberchromegw.corp.google.com/i/client.v8/builders/V8%20Mac%20GC%20Stress/builds/14522
Original change's description:
> Start migration of try/throw/catch to match proposal.
>
> This CL does the first baby steps on moving the current (experimental)
> exception handling to match that of the WebAssembly proposal.
>
> It does the following:
>
> 1) Use exception tags instead of integers.
>
> 2) Only handle empty exception signatures (i.e. no values associated
> with the exception tag.
>
> 3) Only handle one catch clause.
>
> 4) Be sure to rethrow the exception if the exception tag does not match.
>
> Note: There are many things that need to be fixed, and are too
> numerous to list here. However, the code should have TODO's on each
> missing parts of the implementation.
>
> Also note that the code currently doesn't handle nested catch blocks,
> nor does it change the throw value being an integer. Rather, the
> integer value is still being thrown, and currently is the exception
> tag. Therefore, we don't build an exception object. This is the reason
> why this CL doesn't handle exceptions that pass values.
>
> Also, the current implementation still can't handle multiple modules
> because tag resolution (between) modules has not be implemented yet.
>
> Bug: v8:6577
> Change-Id: Id6d08b641b3c42d1eec7d4db582f2dab35406114
> Reviewed-on: https://chromium-review.googlesource.com/591910
> Reviewed-by: Brad Nelson <bradnelson@chromium.org>
> Commit-Queue: Karl Schimpf <kschimpf@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47087}
TBR=bradnelson@chromium.org,eholk@chromium.org,kschimpf@chromium.org
Change-Id: I01dc8c40cc1057333a988c1d275ce5f457b0cb64
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6577
Reviewed-on: https://chromium-review.googlesource.com/598847
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47090}
This CL does the first baby steps on moving the current (experimental)
exception handling to match that of the WebAssembly proposal.
It does the following:
1) Use exception tags instead of integers.
2) Only handle empty exception signatures (i.e. no values associated
with the exception tag.
3) Only handle one catch clause.
4) Be sure to rethrow the exception if the exception tag does not match.
Note: There are many things that need to be fixed, and are too
numerous to list here. However, the code should have TODO's on each
missing parts of the implementation.
Also note that the code currently doesn't handle nested catch blocks,
nor does it change the throw value being an integer. Rather, the
integer value is still being thrown, and currently is the exception
tag. Therefore, we don't build an exception object. This is the reason
why this CL doesn't handle exceptions that pass values.
Also, the current implementation still can't handle multiple modules
because tag resolution (between) modules has not be implemented yet.
Bug: v8:6577
Change-Id: Id6d08b641b3c42d1eec7d4db582f2dab35406114
Reviewed-on: https://chromium-review.googlesource.com/591910
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Commit-Queue: Karl Schimpf <kschimpf@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47087}
They were only limited to 32 bit when using the internal Hashmap. Since
this has changed alreay some time ago, we can switch to 64 bit ids and
check that we never overflow.
Bug:
Change-Id: Ia6c6d02d6b5e555c6941185a79427dc4aa2a1d62
Reviewed-on: https://chromium-review.googlesource.com/598229
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47085}
Consider:
function f() {
return;
}
This CL ensures that the closing brace is considered as covered by
introducing a special case for open-ended range rewrites when the
parent range is the function range itself.
Bug: v8:6000, v8:6661
Change-Id: I0be307759967e9f4df245a4f367326a37dda86fd
Reviewed-on: https://chromium-review.googlesource.com/597651
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47079}
This reverts commit d4a742fdf1.
Reason for revert: gc-stress failures
Original change's description:
> Reland "[heap] Add mechanism for tracking invalidated slots per memory chunk."
>
> This reverts commit c59b81d7b8.
>
> Original change's description:
> > [heap] Add mechanism for tracking invalidated slots per memory chunk.
>
> > For correct slots recording in concurrent marker, we need to resolve
> > the race that happens when
> > 1) the mutator is invalidating slots for double unboxing or string
> > conversions
> > 2) and the concurrent marker is recording these slots.
>
> > This patch adds a data-structure for tracking the invalidated objects.
> > Thus we can allow the concurrent marker to record slots without
> > worrying about clearing them. During old-to-old pointer updating phase
> > we re-check all slots that belong to the invalidated objects.
>
> BUG=chromium:694255
>
> Change-Id: Idf8927d162377a7bbdff34f81a87e52db27d6a9f
> Reviewed-on: https://chromium-review.googlesource.com/596868
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47068}
TBR=ulan@chromium.org,mlippautz@chromium.org
Change-Id: I81c6059a092cc5834acd799c51fd30dc0ecf5b27
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:694255
Reviewed-on: https://chromium-review.googlesource.com/597787
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47078}
Some bailout reasons are never referenced. Removing these allows us to
decrease the size of bailout reason bit-fields to 7 bits.
Change-Id: Ib5e884d224c12313e06493ed05a18a22b3951665
Reviewed-on: https://chromium-review.googlesource.com/596128
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47077}
