- 10 Jun, 2020 18 commits
-
-
Georg Neis authored
Foozie came up with a mind-boggling example hitting a similarly mind-boggling bug: object construction (JSObject::New) wants to create the constructor's function initial map (JSFunction::GetDerivedMap -> JSFunction::EnsureHasInitialMap). To do so, it calls JSFunction::CalculateExpectedNofProperties. This harmless sounding function triggers compilation of the function. Since we're running with --always-opt, this is an optimizing compilation. Turbofan ends up depending on the function's "prototype" property, for which it wants to create the initial map so that it can install the code dependency. That is, EnsureHasInitialMap is reentered. At this point there is no further compilation attempt because the bytecode now exists. The initial map is created and installed on the function, and TF records the code dependency on that map. When CalculateExpectedNofProperties returns control to the outer EnsureHasInitialMap, yet another initial map is created and set on the function, forgetting the previous one and thus the code dependency. I'm not sure if this bug can only be observed with --always-opt. The fix is general. Bug: chromium:1092011 Change-Id: I8b972748e49b9eb8f06fa17ea9ca037de2bd7532 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2238570Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#68292}
-
Jakob Gruber authored
Before: DebugPrint: 0x2f950804030d: [String] in ReadOnlySpace: #undefined ... After: DebugPrint: 0x2f950804030d: [Oddball] in ReadOnlySpace: #undefined ... Bug: v8:10581 Change-Id: I21aebc40426fb17cea41a31195aa5cb553c07e2a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2239570 Auto-Submit: Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#68291}
-
Jakob Gruber authored
Several uc32 (= int32_t) fields were incorrectly treated as uc16 (= uint16_t): CharacterRange::from() CharacterRange::to() QuickCheckDetails::Position::mask QuickCheckDetails::Position::value Bug: v8:10568 Change-Id: I9ea7d76e4a0cbc6ee681de2136c398cdc622bca2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2230527 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by:
-
Santiago Aboy Solanes authored
List: * Create a method so Lower is encapsulated. * Rename phases methods to correspond to their own Phase name. * Move the phases methods closer to Run() and ordered them. * Simplify two for loops into one. * Remove unused method. * Clean up VisitCall. Bug: v8:10424 Change-Id: Iba41f727c79a17cb0abc165ebc3141ac736dc363 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2164786Reviewed-by:
Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#68289}
-
Jakob Gruber authored
This is a reland of 8748613f, fixing an issue accessing binary op's BinaryOperationHints. Original change's description: > [compiler] Hook in binary op builtins with feedback in generic lowering > > If --turbo-nci is enabled, use binary op builtins with feedback > collection during generic lowering. > > Bug: v8:8888 > Change-Id: I307dc742488982bdc68006be5bcd1da8e68768f5 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2228614 > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#68227} Bug: v8:8888,chromium:1092553 Change-Id: I1356659d65a5e46bc57bb6c0ebe2e9e86cb8be81 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2237128 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#68288}
-
Jakob Gruber authored
This adds a dedicated --turbo-collect-feedback-in-generic-lowering flag instead of piggy-backing on top of --turbo-nci in order to free that up for upcoming work. The new flag is temporary and can be removed once we've collected enough data and made a decision on whether to enable it unconditionally. Bug: v8:8888 Change-Id: I5c0fd35e46b4c0237c266ba6253b9c5cb4cd7995 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2237137 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by:
-
Anton Bikineev authored
This fixes two issues: - labs resetting didn't account bytes as beeing freed; - large object were not accounted. The CL introduces a single bottleneck for labs resetting in ObjectAllocator, which is aware of StatsCollector. This way NormalSpace is treated as a value object and all invariants are maintained by ObjectAllocator (and Sweeper). Bug: chromium:1056170 Change-Id: I027cc01fe5028a3dfa81905d7ea53dd12d1c1f20 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2237629 Commit-Queue: Anton Bikineev <bikineev@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Reviewed-by:
Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/master@{#68286}
-
Leszek Swirski authored
Previously, for the various customisation points of String builtins (like String.prototype.replace), we skipped the customisation symbol lookup (like for Symbol.replace) for Smis. But, we do need to do the lookup for Smis in case Number.prototype or Object.prototype have the Symbol. This missing lookup was creating an observable difference between Smis and HeapNumbers. Bug: chromium:1092896 Change-Id: I8928d237fa74abeaa2aa81318b8903087c507f0d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2238030 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Shu-yu Guo <syg@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#68285}
-
Dominik Inführ authored
Move expansion of the new space into the safepoint. Otherwise background threads race with the main thread when accessing the new space capacity. This will most likely also be required to allow the allocation of new space objects from background threads. Reland of https://crrev.com/c/2235539, the timeouts were unrelated to this CL. Bug: v8:10315 Change-Id: I134b4f27ec666cf036c346b847d164255e0fe7d7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2237626Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#68284}
-
Manos Koukoutos authored
As per the latest update to the 'reference types' wasm proposal, the nullref type is removed. Following that, all its uses in V8 were also removed. This CL: - Removes now dead code referencing nullref. - Changes names of functions/exceptions containing 'nullref' to 'null'. - Changes nullref to the corresponding nullable type in some tests. Bug: v8:7748 Change-Id: I5b4606671d7b24dd48a45a3341e8a1c056fcd1d0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2238026 Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by:
Andreas Haas <ahaas@chromium.org> Reviewed-by:
-
Jakob Gruber authored
Prior to this change, uc16 was typedef'd to (unsigned) uint16_t while uc32 was typedef'd to (signed) int32_t. For consistency, and to avoid unexpected behavior around signed/unsigned comparisons, this changes uc32 to the unsigned uint32_t type. As part of this change, old-style error passing (return -1, check for negative return values) was updated to use named error values. Bug: v8:10568 Change-Id: I8524e66ee20e8738749cd34c4fe82c14e885dcb3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2235533Reviewed-by:
Clemens Backes <clemensb@chromium.org> Reviewed-by:
-
Leszek Swirski authored
Remove error reporting from parsing::Parse*, since in most cases we didn't actually want them (clear errors afterward), and there was an issue where Compiler::Compile would try to report errors already reported in ParseAny, which ended up triggering unreachable code. As a drive-by, move some one-off parse exception handling in test-parsing into a CHECKED_PARSE_PROGRAM macro which replaces all the "necessarily positive" calls to parsing::ParseProgram. Bug: chromium:1091656 Change-Id: I4d463ec363312aea36ab92f1322cf66a416b9888 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2237134Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Reviewed-by:
-
Clemens Backes authored
{PopToRegister} will most likely find that the stack slot is already holding a register (89% of cases on epic). Thus put the fast path for this in the header, so it can be inlined. Also, {GetUnusedRegister} will mostly find an unused register (95% on epic). Hence, make sure that the code for spilling a register is not inlined. Drive-by: Avoid the call to {LoadToRegister} if we already checked before if the slot is holding a register. R=thibaudm@chromium.org Bug: v8:10576 Change-Id: I13797fa5c12c5359f2578a4dbebb63aa50c00e60 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2237144 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by:Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/heads/master@{#68280}
-
Clemens Backes authored
This changes the return type of {CompileCWasmEntry} from a {MaybeHandle} to {Handle}. All call sites used {ToHandleChecked} anyway, and if compiling a c-wasm-entry failed, something seriously went wrong. Hence fail immediately during compilation, instead of returning an empty handle and then failing later. R=jkummerow@chromium.org Change-Id: I19d85e907670c92da74c9a7ab2d9b646682a02cd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2237133 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: -
Camillo Bruni authored
Change-Id: I4e9a70339a59845c33432fe6a8dcaacebd2046a6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2237631Reviewed-by:
Yang Guo <yangguo@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#68278}
-
Kim-Anh Tran authored
Pulling out common functionality related to dumping scope properties. Bug: chromium:1093165 Change-Id: I7de377b8812b6181bac21fc0d90c416568b0d640 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2237126 Commit-Queue: Kim-Anh Tran <kimanh@chromium.org> Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
-
Ng Zhi An authored
This destructor is declared virtual, but the class is not subclassed anywhere. The empty body can be replaced by a =default. But since the destructor doesn't do anything interesting, we can remove it. Bug: v8:10488 Change-Id: Ie9c5f2c2742f644a99d85111dec208b01ad13fba Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2219397 Commit-Queue: Frank Tang <ftang@chromium.org> Reviewed-by:
Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/master@{#68276}
-
Frank Tang authored
Roll ICU to 46f53dfc chromium/src/DEPS already roll in https://chromium-review.googlesource.com/c/chromium/src/+/2235734 Bug: v8:10448 Change-Id: I147189527e57282c6cc7a1e92f832275d5ef55c6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2237353Reviewed-by:
-
- 09 Jun, 2020 22 commits
-
-
Ng Zhi An authored
This constructor can be default, and since it isn't doing anything, can be removed. See https://chromium.googlesource.com/chromium/src/+/HEAD/styleguide/c++/c++-dos-and-donts.md#prefer-to-use. Bug: v8:10488 Change-Id: I5da7d78063c57d318f6cec578185bad6f83a1a3b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2233980 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by:
Anton Bikineev <bikineev@chromium.org> Cr-Commit-Position: refs/heads/master@{#68274}
-
Ng Zhi An authored
Making them private was a way to hide the functions, we can explicitly delete them, which give a better compilation error message as well. Also see: https://stackoverflow.com/q/55205874 Bug: v8:10488 Change-Id: I27cb7b9aa3d2b90e1c05c1f12585f94c746cbdb1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2233981 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by:
-
Ng Zhi An authored
The constructor of AbstractState isn't doing anything interesting, so can be removed. See https://chromium.googlesource.com/chromium/src/+/HEAD/styleguide/c++/c++-dos-and-donts.md#prefer-to-use. Bug: v8:10488 Change-Id: If413a69aa83689f55a51e48179b75287a4620d5e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2233857Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#68272}
-
Clemens Backes authored
The interpreter is only used for testing, and is now instantiated and invoked directly instead of via the {WasmDebugInfo}, holding the {InterpreterHandle}. This CL removes both classes. R=ahaas@chromium.org Bug: v8:10389 Change-Id: Iede3feea413decae1edc28146b871a819e204768 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2237132Reviewed-by: -
Manos Koukoutos authored
The reference types wasm proposal dropped all subtyping. Subsequently, the 'anyref' type was renamed to externref. This changes all references of the *type* anyref to externref. Additionally, the flag that permits this extension is renamed to "reftypes" to mirror the proposal name. Bug: v8:7748 Change-Id: Icf323f13b9660fd10540e65125af053fca3a03f9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2232941 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by:
Kim-Anh Tran <kimanh@chromium.org> Reviewed-by:
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/036a45e..7ad9ac5 Rolling v8/third_party/aemu-linux-x64: WCiGqc2IsqMVCcj8UruU8vGLvhfosP46CB3tAy6N2boC..pcue74MrtwdptQfnABqz12W-F6Br8-PlTN1pD5o_aQsC Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/69b4144..03e7ff4 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/a85d58e..dcb5c85 Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/3c04a1b..6ddf849 TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com Change-Id: I0f54772060f8f45968bcd35ab6cd8e928b00a2ac Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2235655Reviewed-by:
v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#68269}
-
Clemens Backes authored
The existing {OwnedVector::New} value-initializes all elements, which means zeroing them in case on integral types. In many cases though we know that we will overwrite the content anyway, so the initialization is redundant. In the case of assembly buffers for wasm compilation, this zeroing showed up with several percent of execution times for some benchmarks. Hence this CL introduces a new {OwnedVector::NewForOverwrite} (along the lines of {std::make_unique_for_overwrite}), which only default-initializes the values (meaning no initialization for integral values). R=thibaudm@chromium.org Bug: v8:10576 Change-Id: I8d2806088acebe8a264dea2c7ed74b0423671d4f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2237140 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: -
Milad Farazmand authored
Change-Id: I782f5b0dd8ed374df406fb615f6e74efed8b5368 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2235658Reviewed-by:
Junliang Yan <jyan@ca.ibm.com> Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#68267}
-
Zhao Jiazhong authored
This CL also fixes bitmask instructions on mips platform. Change-Id: I550daca3b6b4ece151928836f316d3960a7af437 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2230090 Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn> Reviewed-by:
Deepti Gandluri <gdeepti@chromium.org> Cr-Commit-Position: refs/heads/master@{#68266}
-
Clemens Backes authored
The test takes several minutes, because the {slice} call does thousands of runtime calls, which again call {ValidateElements} for every single added element (in debug mode). Hence this CL skips the test in the slow_path variant. R=leszeks@chromium.org Change-Id: I2fbaaf32809ecb34de1f563f34bd65ce8b7ab238 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2237628Reviewed-by: -
Manos Koukoutos authored
Reference types in function definitions signatures are not allowed to refer to function types (this will change when we fully integrate the typed function references proposal). Bug: v8:7748 Change-Id: I2456b810f85e608c48a952ef9e64d7a8ff78892b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2231352 Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by:
-
Georg Neis authored
This caused a CHECK failure after my recent CL. Bug: chromium:1084820, chromium:1092650 Change-Id: Icdc2a755c6b30ad01dccc908e0e5e137fedf8918 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2237145Reviewed-by:
-
Leszek Swirski authored
Landing this simple fix rather than reverting Tbr: rmcilroy@chromium.org No-Presubmit: true No-Tree-Checks: true No-Try: true Change-Id: I230300c32bf6a97cd82376c46461735dd34378b9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2237632 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by:
-
Ambroise Vincent authored
This includes the instruction opcode, its use in TF, its support in the simulator and the detection of the associated CPU feature. The instruction can be tested in the simulator with the new --sim-arm64-optional-features flag. Change-Id: I6047fa16696394fe0ced4535f7788d2c8716a18c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2222348Reviewed-by:
-
Marja Hölttä authored
Promise.{all,allSettled,any,race} should check resolve is a function before opening their iteratable. PR: https://github.com/tc39/ecma262/pull/1912 PR for Promise.any: https://github.com/tc39/proposal-promise-any/pull/65 This CL includes the following cleanup changes: - Made it more explicit that the constructor is a Constructor. - Removed unnecessary nested try blocks (a try can have both a catch and a label). - Moved commonly used definitions out of promise-race.tq where they don't belong. - Made the parameter order of PerformPromiseAll match the spec. Bug: v8:10578 Change-Id: I9deb5d5106db7350a0d0ad52f165ff2469e7074b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2232544 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by:Igor Sheludko <ishell@chromium.org> Reviewed-by:
-
Clemens Backes authored
The {NONE} reloc info is the one used most often, i.e. for every assembler call that takes an {Immediate} on x64 which is not relocatable. Hence assign value 0 to {NONE} such that constructing such immediates is faster and also checking for this most common case is faster. R=ishell@chromium.org Bug: v8:10576 Change-Id: I3c048710b80dd31fa5b5d3b1415d72a24d95cb90 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2237136Reviewed-by: -
Clemens Backes authored
Avoid going through the {WasmDebugInfo}, which existed for debugging in the interpreter in production. Instead, tests now instantiate the interpreter directly. This will unblock the removal of the whole {WasmDebugInfo}, and finally moving the interpreter to the test directory. R=ahaas@chromium.org Bug: v8:10389 Change-Id: I8ae76a1d5bff716c129781b11a15369a80b13603 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2235543Reviewed-by: -
Clemens Backes authored
The reference stack was set by the scope, and reset when leaving the scope, in order to avoid leaking objects via cycles in the reference tree, involving global handles which are considered strong roots. Since the interpreter cannot call out to JS any more, we cannot create such cycles any more. Hence, the ReferenceStackScope is removed, and the FixedArray for the reference stack is allocated as a global handle instead. This will unblock removing the WasmDebugInfo object, which was used by the ReferenceStackScope before this CL. R=ahaas@chromium.org Bug: v8:10389 Change-Id: I2e3c6a03750846679eecd9e6a07042db962aad9c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2235542Reviewed-by:
-
Dominik Inführ authored
Fix dcheck failure where committed was smaller than used memory. This was because of background threads allocating between calculating both stats and used memory could already be larger due to those background allocations. Avoid this first calculating used memory and committed memory afterwards. Bug: v8:10563, v8:10315 Change-Id: Ic07970f607941140e3028bddde3e365b66aa4b5f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2237138 Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by:
-
Dominik Inführ authored
Rename CreateFillerObjectFromSweeper to CreateFillerObjectAtBackground. Also use CreateFillerObjectAtBackground in PagedSpace::Free since this is used from both main and background threads. Bug: v8:10315 Change-Id: I1dc8ca2b1c81bdfd192c0ae8d8547eb577f3f8c3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2235534 Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by:
-
Nico Hartmann authored
A previous CL removed the kNoThrow flags from both SpeculativeBigIntAdd and SpeculativeBigIntSubtract. This introduced a bug, because the JSTypeHintLowering phase, where these operators are introduced during inlining, does not support the generation of throwing operators. Since these operators always deoptimize in case of an error, instead of throwing the exception directly, it is safe to mark them as kNoThrow. Bug: chromium:1091461 No-Try: true No-Tree-Checks: true Change-Id: I551616b0c462647574e5af8824d9ed7b3252659d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2235113 Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> Reviewed-by:
-
Arnaud Robin authored
Added wasm tracing support for turbofan with the flag --trace-wasm. The test suite was updated accordingly. R=clemensb@chromium.org Bug: v8:10559 Change-Id: Ie6ee2a05142081416d8572d4d72dcd315e0bf285 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2235536Reviewed-by:
-
