- 21 Jan, 2020 25 commits
-
-
Clemens Backes authored
The test was supposed to manipulate the serialized bytes to make them invalid, but the value at the manipulated position was already 0, hence the bytes stayed valid. This went unnoticed before https://crrev.com/c/2010786, since there was a fallback anyway to re-compile the module if deserialization fails. This CL fixes this by using the right offset, and checking that the value there is not already zero. R=thibaudm@chromium.org Change-Id: Ie0eaf2c8ee9e8c4c477f717f3d8aed8564b3adbf Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2007493 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/heads/master@{#65898}
-
Milad Farazmand authored
Change-Id: I6586dc2b681b93cb5401b3e990786ee407baff73 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2012520Reviewed-by: Junliang Yan <jyan@ca.ibm.com> Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#65897}
-
Andreas Haas authored
R=clemensb@chromium.org Bug: v8:10108 Change-Id: Icbb00a268c311b133195a2ffbcb66dc8f1c72a0d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1997142 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#65896}
-
Thibaud Michaud authored
Move caching logic out of the {WasmEngine} and in its own {NativeModuleCache} class, with its own mutex. R=clemensb@chromium.org Bug: v8:6847 Change-Id: I73067fd9f0556e57c28782088dcb772a14265154 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2004613Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/heads/master@{#65895}
-
Clemens Backes authored
There is not really a reason to guard the first by the latter. Just emit a hint if --trace-liftoff is used without --trace-wasm-decoder, but still make it work. Also, used DEFINE_DEBUG_BOOL instead of guarding the output by another "#ifdef DEBUG". R=ahaas@chromium.org Change-Id: Ia7d3f504df92779447877612e98b9c2a847b9f6b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2011828Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#65894}
-
Tobias Tebbi authored
Bug: chromium:1039112 Change-Id: Ia9a6a4f9c3782852bcb83dd334f5dba0c8cd74a5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2011823 Commit-Queue: Joshua Litt <joshualitt@chromium.org> Reviewed-by: Joshua Litt <joshualitt@chromium.org> Auto-Submit: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#65893}
-
Liviu Rau authored
Bug: v8:9641 Change-Id: Ia85d14677e8eb7d2d14ff7eb150a1b0b279642f4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1998078 Commit-Queue: Liviu Rau <liviurau@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#65892}
-
Clemens Backes authored
The {locals_names} in {WasmDebugInfo} was left unused after https://crrev.com/c/2002541. All uses and even all accessors are removed already. R=thibaudm@chromium.org Bug: v8:10019 Change-Id: Ib7ce61cf8c6a749b0919a8a6857664e2ab354785 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2011101Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#65891}
-
Clemens Backes authored
Lite mode implies jitless, hence we also need to skip in lite mode. TBR=thibaudm@chromium.org Bug: v8:6847 Change-Id: I0147b2604180e3801d5e939619ea00a87220f7ec No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2011830Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#65890}
-
Milad Farazmand authored
This CL enables emitting register codes that are greater than 6 bits by encoding it as a LEB128. Change-Id: I35675b5ef6a935f785035aa101ed4ca812af251e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2008305Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#65889}
-
Clemens Backes authored
This fixes a few issues: 1) It avoids using the {DeserializeOrCompile} API method, which is not used in chrome any more and will be deprecated soon. 2) It switches to the {DeserializeNativeModule} internal method, which really checks deserialization in isolation and does not fall back to compiling the wire bytes if the serialized bytes are incorrect. 3) It disables a test which tried to invalidate the number of functions, but the respective bytes were already zero, so nothing was invalidated. This still needs to be fixed in a follow-up CL. 4) It serializes the modules in a separate isolate, which then gets disposed to free references to the NativeModule and remove it from the modules cache. Otherwise we will just never deserialize, but use the cached module instead. R=thibaudm@chromium.org Bug: v8:6847, v8:10146 Change-Id: I37ef524a9c96c32fec2e7466488d67395fa5ccea Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2010786 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/heads/master@{#65888}
-
Thibaud Michaud authored
Use the native module cache for asynchronous, non-streaming compilation. R=clemensb@chromium.org Bug: v8:6847 Change-Id: Ie4c9469ee8cfdd6b987b70be6e237734a5de9733 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2002542 Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#65887}
-
Santiago Aboy Solanes authored
There is no need to truncate if we are going to extend it again. At first glance it looks like we can eliminate both steps but unfortunately the Change is still needed since it will write on the top bits. Change-Id: I06d9776384a76f7b2a4454a9176926b3bcef2f2a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2010111Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#65886}
-
Dan Elphick authored
Force source position collection when using --print-break-location. Bug: v8:10132 Change-Id: I4706d9f1e09c52ca7bfb2410485bc3ef26c2128a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2011821 Auto-Submit: Dan Elphick <delphick@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/master@{#65885}
-
Milad Farazmand authored
Compilation is failing on certain versions of gcc with: 'sort' is not a member of 'std' 'adjacent_find' is not a member of 'std' 'count' is not a member of 'std' and Bug: v8:10145 Change-Id: I0672636987c515485318d29d251c3b49a22ff374 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2008307 Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com> Reviewed-by: Milad Farazmand <miladfar@ca.ibm.com> Reviewed-by: Maya Lekova <mslekova@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#65884}
-
Ross McIlroy authored
Adds support to the register allocator verifier to keep track of which stack slots contain tagged pointers, but have not been tracked by the reference map and so could contain stale values (i.e., not traced by a garbage collection). BUG=v8:9684 Change-Id: I8dd9925f0cb71cac4ae3e49f467767454694e515 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2007488Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#65883}
-
Dan Elphick authored
Combines 2 ldrs into a single ldm (without writeback since the instruction uses fp as base and as a target). Shrinks the builtin instruction size on ARM by 2932 bytes. Change-Id: Id74e1e158a9d5db49caa2927e88df2a350adafab Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2011103Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/master@{#65882}
-
Georg Neis authored
This reverts commit 50a80c93. Reason for revert: We want to understand if this change is necessary to avoid renderer hangs. Original change's description: > [turbofan] Make hints equality cheaper using hashing > > Put the nesting limit of the serializer back to 25. > > Bug: chromium:1034768 > Change-Id: I7ea827d27241ea930bae40142069bab1962e4133 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1981156 > Commit-Queue: Maya Lekova <mslekova@chromium.org> > Reviewed-by: Michael Stanton <mvstanton@chromium.org> > Cr-Commit-Position: refs/heads/master@{#65630} TBR=mvstanton@chromium.org,mslekova@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: chromium:1034768 Change-Id: I7aaf71e665e35999ea9c1b8d2680678add17bf96 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2010115Reviewed-by: Maya Lekova <mslekova@chromium.org> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#65881}
-
Georg Neis authored
If we assume that kMaxHintsSize is at least 1, we can reduce the clutter of broker arguments somewhat. Bug: v8:7790 Change-Id: I6c6607f694e420ef50a07202d0c98cbff7471af9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2011084 Auto-Submit: Georg Neis <neis@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#65880}
-
Andreas Haas authored
This CL introduces the xadd instruction to the x64 assembler so it can be used to implement WebAssembly's AtomicAdd. This is done in a separate CL though. R=clemensb@chromium.org Bug: v8:10108 Change-Id: I36dcb900ed4c39b23c4996328774780afd8b816a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2011105 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#65879}
-
Bill Ticehurst authored
The interpreted-frames-native-stack flag has been broken since pointer compression was enabled. This fixes the load of the field. Bug: v8:10138 Change-Id: I746407a7a5680c5d3e9a3b190371af00818282b7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2011206 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#65878}
-
Jakob Gruber authored
To improve ergonomics, graph generation is now triggered by the IfBuilder0 destructor instead of requiring an implicit call to Build(). This will be more expected for gasm users, since no other builders require such a Build() call. Drive-by: Rename 'ForSmiZeroUntil' methods to 'ForZeroUntil' since 'Smi' doesn't make sense in this context (TF only knows the Number type here). Bug: v8:9972 Change-Id: I365805e8428b35f19760e6ff155423463194b0f1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2011107 Auto-Submit: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#65877}
-
Simon Zünd authored
This fixes the DevTools console preview when using REPL mode. AsyncFunction* intriniscs are side-effect free and marking them as such is correct. Bug: chromium:1043151 Change-Id: Ie0c36507b98b0c12f3d627c34102c04c27358ff2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2010106Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#65876}
-
Tobias Nießen authored
The previous behavior failed silently if the file could not be opened in the first place, and only wrote to stderr if writing failed after opening the file successfully. Change-Id: I1d1058134efd9298b60b65191ed6334de24d3f52 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1972886Reviewed-by: Bill Budge <bbudge@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#65875}
-
Jakob Gruber authored
The most interesting part of this change is that try-catch patterns are now supported by graph assembler through TryCatchBuilder0. Bug: v8:9972 Change-Id: I6ef0d51d4a1973eb8a30a5072c630261860f0a05 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1986000 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#65874}
-
- 20 Jan, 2020 15 commits
-
-
Wez authored
Most V8 unit tests are multi-threaded, so configure GTest to use the thread-safe GTest implementation by default. This can be overridden on a per-test basis by setting: testing::FLAGS_gtest_death_test_style = "fast"; during the test's SetUp() (see the GTest documentation for details). Bug: v8:10143 Change-Id: I7414c5d8ae22eb8d9b8c4813f958ca571e1d0310 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2011085 Commit-Queue: Wez <wez@chromium.org> Auto-Submit: Wez <wez@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#65873}
-
Wez authored
The SequentialUnmapperTest replaces the process-global PageAllocator with a wrapper which tracks allocations. The suite was deleting the tracking allocator without first restoring the original PageAllocator, causing any subsequent tests which tried to use it to use-after-free. Bug: chromium:934932 Change-Id: I0f69b6a07542a3f381724afdbfb2e9b67a9f39de Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2010113 Commit-Queue: Wez <wez@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Auto-Submit: Wez <wez@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#65872}
-
Georg Neis authored
The verifier tried to assert that the context input of Create*Context nodes has type OtherInternal (all Context constants have that type). This didn't quite work because of OSR values so actually it checked something much weaker. And what it checked still doesn't work because of dead code, in which the context input might statically be known to be the undefined value. I'm removing the assertion entirely now. I suspect that there are other assertions in the verifier that don't hold in the OSR code or in dead code. We are discussing a more general solution such as inserting TypeGuards in the relevant cases. Bug: chromium:1037771 Change-Id: I6fb59c60e7120d5984ea0fe140269f2df6de8708 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2010792 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Auto-Submit: Georg Neis <neis@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#65871}
-
Georg Neis authored
Change-Id: Icc86a805d1eef8c3c805f956d805c43923e6422b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2007504 Auto-Submit: Georg Neis <neis@chromium.org> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#65870}
-
Z Nguyen-Huu authored
Existing Torque code uses bounds-checked access and it seems to hurt perf. Change to use UnsafeLoadFixedArrayElement. Bug: chromium:1028605 Change-Id: Ifcf3b9d181b4ec0ed1b757eeed466b0f76808578 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2007894 Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#65869}
-
Clemens Backes authored
I hit this issue in an unrelated CL and it took me a while to figure out what's happening. This CL will allow the creation of constant OwnedVectors via {OwnedVector<const T>::Of(collection)}. R=tebbi@chromium.org Change-Id: I337077a6c3960a2a2a8d857bec7450f664b87a3b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2010109Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#65868}
-
Santiago Aboy Solanes authored
In the case of having: * NodeA(...) * NodeB(NodeA, NodeA), with this being the only use of NodeA. this CL gives A's ownership to B. Before, we used to say that B didn't have ownership of A due to A having two uses. This brings it in line with OwnedBy with two owners check: https://source.chromium.org/chromium/_/chromium/v8/v8.git/+/abd1a0fc04476bbb27ef2dfda2e444cc1467f5f6:src/compiler/node.cc;l=291 Change-Id: I15fdf373136a21bf423e6dffd9588054fd720d72 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2007502Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#65867}
-
Mythri A authored
When bytecode is flushed we also want to flush the feedback vectors to save memory. There was a bug in this code and we flushed ClosureFeedbackCellArray too. Flushing ClosureFeedbackCellArrays causes the closures created by this function before and after the bytecode flush to have different feedback cells and hence different feedback vectors. This cl fixes it so we only flush feedback vectors on a bytecode flush. Also this cl pretenures ClosureFeedbackCellArrays. Only FeedbackCells and FeedbackVectors can contain ClosureFeedbackCellArrays which are pretenured, so it is better to pretenure ClosureFeedbackCellArrays as well. Bug: chromium:1031479 Change-Id: I7831441a95420b9e5711f4143461f1eb7fa1616a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1980582 Commit-Queue: Mythri Alle <mythria@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/heads/master@{#65866}
-
Maya Lekova authored
Rolling v8/base/trace_event/common: https://chromium.googlesource.com/chromium/src/base/trace_event/common/+log/81c050f..e327c63 Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/1bee638..fd02540 Rolling v8/buildtools: https://chromium.googlesource.com/chromium/src/buildtools/+log/1f38b43..73414d5 Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/f7d73bb..251c765 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/2a04803..05b001c Rolling v8/third_party/googletest/src: https://chromium.googlesource.com/external/github.com/google/googletest/+log/5395345..306f375 Bug: chromium:1043117 Change-Id: Iee06baa8c4caaed2a187390eeb3c8f0b61db63d5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2006669 Commit-Queue: Maya Lekova <mslekova@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#65865}
-
Sigurd Schneider authored
This CL adds a new event that enables the back-end to send coverage updates on its own initiative. This event can be triggered via the C++ method `triggerPreciseCoverageDeltaUpdate` on the agent in a way that causes coverage data to be immediatelly collected. This is useful in the back-end to collect coverage at a certain point in time, i.e. when a lifecycle event such as first contentful paint occurs. The previous interface could not support this, because it could not reasonably be triggered from C++, and if triggered through the protocol, dispatching messages added delay that invalidated the data (i.e. data might have been taken too late to be accurate). TBR=yangguo@chromium.org Change-Id: I0f7201412a8d64866e6e314e5bc850354c13a9da Bug: chromium:1022031 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1992437 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#65864}
-
Nico Hartmann authored
Bug: chromium:1043117 Change-Id: I0abb11d25852e6f9e62b790dc39a36f11a8fe12f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2007503Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/master@{#65863}
-
Emanuel Ziegler authored
This adjusts parsing of negative numbers in UnaryExpression and MultiplicativeExpression to return double if the token is -0. R=clemensb@chromium.org TEST=mjsunit/regress/regress-6838-4 BUG=v8:6838 Change-Id: I6c2113b520c3831f4a5101f0a963f49c1eb9d7d7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2007272Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Emanuel Ziegler <ecmziegler@chromium.org> Cr-Commit-Position: refs/heads/master@{#65862}
-
Jakob Gruber authored
The loop peeling optimization requires all loop exits to be marked with {LoopExit,LoopExitEffect,LoopExitValue} nodes in order to peel the first loop iteration. Previously, the graph assembler only marked the default loop exit (taken once the loop condition evaluates to false). This CL adds more general support, such that all exits taken inside the loop body passed to a ForBuilder are automatically marked. We do this by tracking the current loop nesting level and a stack of loop headers inside the graph assembler, and creating marker nodes as needed inside MergeState. Bug: v8:9972,chromium:1038297 Change-Id: I1d0196ead55d6678880f8330c7cc7b8d4f2cea06 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2000740 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#65861}
-
Daniel Clifford authored
The aggregate type finalization loop in the Type Oracle can cause new types to be added to the type list during finalization, invalidating the iterator used in the container-iterating "for" loop. To fix this, visit using an explicit index rather than using a iterator-based for loop. Change-Id: I2fb486043c946a492d972f1e942e3b5e331a1cea Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2007499 Commit-Queue: Daniel Clifford <danno@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#65860}
-
Nico Hartmann authored
Bug: chromium:1043117 Change-Id: I09faf069e787ae3c5ecc0fd38b4bb55d51f10acf Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2007501 Auto-Submit: Nico Hartmann <nicohartmann@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#65859}
-