This adds a new CheckIf operator and changes all direct uses of
DeoptimizeIf and DeoptimizeUnless on the JavaScript level to use
CheckIf (or one of the more concrete check operators) instead.
This way we do not depend on particular frame states, but the
effect/control linearizer will assign an appropriate frame
state instead.
R=jarin@chromium.org
BUG=v8:5141
Review-Url: https://codereview.chromium.org/2115513002
Cr-Commit-Position: refs/heads/master@{#37423}
The call to String::Flatten can cause garbage collection and in general adds
complexity to the code generation. It also blocks the way to run code generation on worker threads.
The call to String::Flatten in Constant::ToHeapObject() seems not to be necessary
for correctness. If removing this call affects performance negatively, we can revert
this CL.
Review-Url: https://codereview.chromium.org/2107243002
Cr-Commit-Position: refs/heads/master@{#37422}
This adds verification of bailout IDs to {PrepareFrameState} to ensure
all bailout points used for lazy deoptimization have been prepared by
full codegen. This will catch bailout ID abuse during graph building
instead of late in the deoptimizer. Similar verification for all eager
deoptimization points is already present.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2105023003
Cr-Commit-Position: refs/heads/master@{#37421}
Reason for revert:
Breaks...
Original issue's description:
> [gn] Switch linux64 debug and internal snapshot to gn
>
> BUG=chromium:474921
>
> Committed: https://crrev.com/3cfc9f209ed0c173319659114859b7e848812fd7
> Cr-Commit-Position: refs/heads/master@{#37414}
TBR=vogelheim@chromium.org,jochen@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:474921
Review-Url: https://codereview.chromium.org/2109503007
Cr-Commit-Position: refs/heads/master@{#37420}
Reason for revert:
Speculative revert to unblock roll: https://codereview.chromium.org/2107223003/
Original issue's description:
> Amend DataView, ArrayBuffer, and TypedArray methods to use ToIndex.
>
> The spec was modified to relax some requirements which implementors had not been
> enforcing. Part of this process involved introducing a new abstract operation
> ToIndex, which had partial overlap with our existing semantics as well as some
> differences (most notably treating undefined as 0). Test262 tests were introduced to
> check for the new semantics, some of which we were failing. This patch amends the
> parts of our implementation corresponding to specification algorithms which use
> ToIndex to follow its semantics precisely.
>
> BUG=v8:4784,v8:5120
>
> Committed: https://crrev.com/09720349ea058d178521ec58d0a5676443a5a132
> Cr-Commit-Position: refs/heads/master@{#37406}
TBR=littledan@chromium.org,adamk@chromium.org,bakkot@google.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4784,v8:5120
Review-Url: https://codereview.chromium.org/2113593002
Cr-Commit-Position: refs/heads/master@{#37417}
Prior to this commit, calls to C++ builtins created standard exit
frames, which are skipped when constructing JS stack traces. In order to
show these calls on traces, we introduce a new builtin exit frame type.
Builtin exit frames contain target and new.target on the stack and are
not skipped during stack trace construction.
BUG=v8:4815
R=bmeurer@chromium.org, yangguo@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel;tryserver.v8:v8_linux_nosnap_dbg
Committed: https://crrev.com/3c60c6b105f39344f93a8407f41534e5e60cf19a
Review-Url: https://codereview.chromium.org/2090723005
Cr-Original-Commit-Position: refs/heads/master@{#37384}
Cr-Commit-Position: refs/heads/master@{#37416}
Previously, any expressions inside destructuring patterns in a catch
would be parsed in the surrounding scope, instead of in the catch's
scope. This change fixes that by entering not only the catch scope,
but also the block scope inside it.
R=neis@chromium.org
BUG=v8:5106, v8:5112
Review-Url: https://codereview.chromium.org/2110193002
Cr-Commit-Position: refs/heads/master@{#37415}
Since we do negative type checks, the current shortcut might still affect
the lowering choices, possibly leading to inconsistent results.
This CL gets rid of the shortcut.
Review-Url: https://codereview.chromium.org/2101943005
Cr-Commit-Position: refs/heads/master@{#37412}
Rolling v8/build to e952e32616ec1865f9c5d28feb6030f12ebf0952
Rolling v8/tools/clang to 040101933080540f1e103cf42729147654e7bb08
Rolling v8/tools/mb to ec76395b928f16607fca76f5fa3b63233c775877
TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
Review-Url: https://codereview.chromium.org/2115443002
Cr-Commit-Position: refs/heads/master@{#37410}
- Eliminates tests for whether a fixed register needs to be preserved,
and conservatively adds a UsePosition for all fixed live ranges.
This speeds up ProcessInstructions, especially when ARM register
aliasing introduces fixed live ranges for float and SIMD 128 registers.
LOG=N
BUG=v8:4124
Review-Url: https://codereview.chromium.org/2103793003
Cr-Commit-Position: refs/heads/master@{#37408}
types of primitives, not just undefined, booleans, numbers, and strings.
(The missing cases were null and Symbol.) This is required by the
specification, and there are test262 tests which we were failing due to
this bug.
BUG=v8:5124
Committed: https://crrev.com/f788bd9cce19815cba746e47bb65abfe25c16208
Review-Url: https://codereview.chromium.org/2096873002
Cr-Original-Commit-Position: refs/heads/master@{#37234}
Cr-Commit-Position: refs/heads/master@{#37407}
The spec was modified to relax some requirements which implementors had not been
enforcing. Part of this process involved introducing a new abstract operation
ToIndex, which had partial overlap with our existing semantics as well as some
differences (most notably treating undefined as 0). Test262 tests were introduced to
check for the new semantics, some of which we were failing. This patch amends the
parts of our implementation corresponding to specification algorithms which use
ToIndex to follow its semantics precisely.
BUG=v8:4784,v8:5120
Review-Url: https://codereview.chromium.org/2090353003
Cr-Commit-Position: refs/heads/master@{#37406}
In ES2016, function declarations nested in blocks are formally allowed. This was
never a part of ECMAScript, but was a common extension. Unfortunately
implementations differed in the exact semantics. Annex B.3.3 in the spec tries
to standardize the parts which are common to different implementations, but does
so with some fairly complicated semantics.
This CL addresses three issues related to annex B.3.3:
* When the outer function had a complex parameter list, no hoisting whatsoever was
being performed.
* Hoisting was not blocked by parameters of the same name.
* Hoisting was not blocked by nested lexical declarations of the same name.
We had tests which checked for the second, but they were incorrectly passing due to
the first. This CL adds more complete tests.
BUG=v8:5151, v8:5111
Review-Url: https://codereview.chromium.org/2099623003
Cr-Commit-Position: refs/heads/master@{#37405}
Occasionally tests output characters that aren't valid unicode UTF-8
characters. This causes the --json-test-results file not to be written.
Replace these characters with the UTF-8 invalid character.
BUG=
Review-Url: https://codereview.chromium.org/2086143003
Cr-Commit-Position: refs/heads/master@{#37404}
Perform the following transformation:
| Before | After |
|------------------+---------------------|
| add w2, w0, w1 | adds w2, w0, w1 |
| cmp w2, #0x0 | b.<cond'> <addr> |
| b.<cond> <addr> | |
|------------------+---------------------|
| add w2, w0, w1 | adds w2, w0, w1 |
| cmp #0x0, w2 | b.<cond'> <addr> |
| b.<cond> <addr> | |
and the same for and instructions instead of add. When the result of the
add/and is not used, generate cmn/tst instead. We need to take care with which
conditions we can handle and what new condition we map them to.
BUG=
Review-Url: https://codereview.chromium.org/2065243005
Cr-Commit-Position: refs/heads/master@{#37400}
With the current approach we only need to track using an unordered set as we can
still access the backing store pointer and length by the time we free the
backing store.
Reland:
The issue was fixed in 67b5a501db.
BUG=chromium:619491, chromium:611688
LOG=N
R=ulan@chromium.org
This reverts commit 0e1eaec71d.
Review-Url: https://codereview.chromium.org/2109913003
Cr-Commit-Position: refs/heads/master@{#37399}
Reason for revert:
Can be cleanly relanded without any changes after a fix to redundancy elimination. Kudos go to Benedikt.
Depends on: https://codereview.chromium.org/2112463002/
Original issue's description:
> Revert of [turbofan] Implicitly emit eager checkpoint at graph building. (patchset #13 id:260001 of https://codereview.chromium.org/2074703002/ )
>
> Reason for revert:
> Causers flaky failures on the waterfall on Mac with the following error in the builtin QuickSort method:
>
> #
> # Fatal error in Zone
> # Allocation failed - process out of memory
> #
>
> Original issue's description:
> > [turbofan] Implicitly emit eager checkpoint at graph building.
> >
> > This makes preparation of eager checkpoints within the graph builder
> > implicit. Every sub-expression visitation is now guaranteed to emit
> > valid checkpoints in AstContext.
> >
> > R=jarin@chromium.org
> > BUG=v8:5021
> >
> > Committed: https://crrev.com/74e328efee7995aeee6d568f9d14f9bbc1087100
> > Cr-Commit-Position: refs/heads/master@{#37368}
>
> TBR=jarin@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:5021
>
> Committed: https://crrev.com/45190a4fbfa5199f6ddf5ed9a7e2f50be865e0db
> Cr-Commit-Position: refs/heads/master@{#37372}
TBR=jarin@chromium.org
BUG=v8:5021
Review-Url: https://codereview.chromium.org/2107163002
Cr-Commit-Position: refs/heads/master@{#37395}
Reason for revert:
Looks like this breaks on nosnap: http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap%20-%20debug/builds/7626
Original issue's description:
> [builtins] New frame type for exits to C++ builtins
>
> Prior to this commit, calls to C++ builtins created standard exit
> frames, which are skipped when constructing JS stack traces. In order to
> show these calls on traces, we introduce a new builtin exit frame type.
>
> Builtin exit frames contain target and new.target on the stack and are
> not skipped during stack trace construction.
>
> BUG=v8:4815
> R=bmeurer@chromium.org, yangguo@chromium.org
> CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
>
> Committed: https://crrev.com/3c60c6b105f39344f93a8407f41534e5e60cf19a
> Cr-Commit-Position: refs/heads/master@{#37384}
TBR=yangguo@chromium.org,jgruber@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4815
Review-Url: https://codereview.chromium.org/2106113002
Cr-Commit-Position: refs/heads/master@{#37394}
Commit d0b8e7fb introduced some functionality to allocate additional
space in the function table, filled with an "undefined" function
signature. Use -1 instead of undefined_value() as the latter can have
the top bits cleared (which happens often for arm64) and causes
intermittent test failures.
BUG=
Review-Url: https://codereview.chromium.org/2105293002
Cr-Commit-Position: refs/heads/master@{#37393}
Avoid repeatedly traversing empty kHuge empty free list categories. This is an
oversight as all other categories are already eagerly unlinked upon getting
empty (in FreeList::FindNodeIn).
R=ulan@chromium.org
Review-Url: https://codereview.chromium.org/2109473004
Cr-Commit-Position: refs/heads/master@{#37391}
The implementation of DoubleRepresentation was based on undefined
behavior, and it can be replaced by bit_casts.
BUG=chromium:623168
R=titzer@chromium.org
Review-Url: https://codereview.chromium.org/2105683006
Cr-Commit-Position: refs/heads/master@{#37390}
A pointer comparison on the effect path states is not sufficient to
guarantee termination; we really need to check the actual nodes to
make sure we terminate properly, similar to what BranchElimination
does.
R=jarin@chromium.org
BUG=v8:5161
Review-Url: https://codereview.chromium.org/2112463002
Cr-Commit-Position: refs/heads/master@{#37389}
- Changes InstructionOperand canonicalization to map all FP operands to kFloat64 on Intel and other platforms with simple aliasing.
- Bypass expensive interference calculations and fixed FP live range processing for platforms with simple aliasing.
LOG=N
BUG=v8:4124
Review-Url: https://codereview.chromium.org/2101653003
Cr-Commit-Position: refs/heads/master@{#37388}
This functionality is duplicated with the same functionality in
SimplifiedLowering, which is kinda premature and doesn't seem to
be useful.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2103323003
Cr-Commit-Position: refs/heads/master@{#37386}
Prior to this commit, calls to C++ builtins created standard exit
frames, which are skipped when constructing JS stack traces. In order to
show these calls on traces, we introduce a new builtin exit frame type.
Builtin exit frames contain target and new.target on the stack and are
not skipped during stack trace construction.
BUG=v8:4815
R=bmeurer@chromium.org, yangguo@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review-Url: https://codereview.chromium.org/2090723005
Cr-Commit-Position: refs/heads/master@{#37384}
There are no useful typing rules for Change and Checked operators, so we
better make sure we don't run them through the Typer at all.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2107783004
Cr-Commit-Position: refs/heads/master@{#37382}
This function should also be callable from a concurrent thread, so we cannot use
the scope here. Instead, provide a test that checks that no handles are created.
R=ulan@chromium.org
TEST=cctest/test-conversions/NoHandlesForTryNumberToSize
BUG=
Review-Url: https://codereview.chromium.org/2106083002
Cr-Commit-Position: refs/heads/master@{#37381}
This changes many interfaces to accept StandardFrames instead of
JavaScriptFrames, and use the StackTraceFrameIterator instead of the
JavaScriptFrameIterator.
Also, the detailed frame information array now contains the script in
addition to the function, as wasm frames are not associated to any
javascript function.
This is a rebase of (https://codereview.chromium.org/2069823003/), since clemensh's internship has ended.
R=yangguo@chromium.org,ahaas@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2109093003
Cr-Commit-Position: refs/heads/master@{#37379}
The start argument must be converted to an integer before the length argument is
converted. (Consequently, the start argument is converted even when the length
is 0.) This matters because conversion is observable.
Also rewrite the function in a way that closely resembles the spec text.
R=littledan@chromium.org
BUG=v8:5140
Review-Url: https://codereview.chromium.org/2109583002
Cr-Commit-Position: refs/heads/master@{#37378}