Skip to content

V
V8
Switch branch/tag
  1. 12 Jun, 2019 4 commits
    • Sigurd Schneider's avatar
      [arm64,test] Generate code object in assembler tests · 4c0bf17e
      Sigurd Schneider authored 
      This is pre-work for a refactoring that changes how heap objects
are handled in the assembler: Currently, we put the handle location in
the constant pool, and replace these with the actual heap object when
we copy the code from the assembler's buffer to the heap.

In the future, we will put a small index in the constant pool, which
will ultimately enable 32bit constant pool slots for compressed heap
objects. This small index will be fixed up when we copy the code to
the heap.

This CL makes the assembler tests copy the code to the heap, which
ensures that the fix-up phase is actually run.

Change-Id: I80cd69dc57414a3bd0a27f8d558616aadcae05a2
Bug: v8:7703
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1647166
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62112}
      4c0bf17e
    • Mike Stanton's avatar
      [turbofan] JSHeapBroker logging respects --trace-turbo-filter · 648ff562
      Mike Stanton authored 
      As a component of the wider Turbofan logging scheme, it makes sense
for JSHeapBroker logging to come through flags specified in the
OptimizedCompilationInfo class, which uses --trace-turbo-filter
to control which functions are logged.

Bug: v8:7790
Change-Id: I3b068d8be78867ab0bd9607dda9eca4123b9d7b1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1655297Reviewed-by: 's avatarMaya Lekova <mslekova@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62111}
      648ff562
    • Benedikt Meurer's avatar
      [counters] Introduce proper bottleneck for FunctionCallback. · ea420655
      Benedikt Meurer authored 
      API calls made via the CallApiCallback builtin, which is used from the
ICs and optimized code, are currently misattributed to the wrong counter
InvokeFunctionCallback instead of FunctionCallback. In addition we don't
use the C trampoline when only runtime call stats are enabled, but the
Chrome DevTools profiler is not active, which means that these calls
will not be attrituted properly at all, and that had to be worked around
using all kinds of tricks (i.e. disabling fast-paths in ICs when RCS is
active and not inlining calls/property accesses into optimized code
depending on the state of RCS).

All of this was really brittle and only due to the fact that the central
builtin didn't properly check for RCS (in addition to checking for the
CDT profiler). With this fix it's now handled in a central place and
attributed to the correct category, so user code doesn't need to worry
about RCS anymore and can just call straight into the fast-path.

Drive-by-fix: Do the same for AccessorInfo getter calls, which share the
core hand-written native code with the API callback logic.

Bug: v8:9183
Change-Id: Id0cd99d3dd676635fe3272b67cd76a19a9a9cea4
Cq-Include-Trybots: luci.chromium.try:linux-rel,win7-rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1651470
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: 's avatarToon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62109}
      ea420655
    • Frank Tang's avatar
      [Intl] Fix RegExp [\W] with i flag · 1945392a
      Frank Tang authored 
      Add special condiction in
ecma262 #sec-runtime-semantics-canonicalize-ch Step 3.g-h.

Bug: chromium:971636
Change-Id: Id533beb66749af6e38ee114cf79f995a1156df20
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1652795Reviewed-by: 's avatarYang Guo <yangguo@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62105}
      1945392a
  3. 11 Jun, 2019 14 commits
  5. 10 Jun, 2019 1 commit
  7. 08 Jun, 2019 3 commits
    • Benedikt Meurer's avatar
      [interpreter] Do ToObject implicitly as part of CloneObject. · 92c6af8a
      Benedikt Meurer authored 
      The CloneObject bytecode was only able to handle objects, null and
undefined, and explicit bytecode had to be generated to perform the
ToObject outside the bytecode (unlike the other IC bytecodes that
just perform the ToObject implicitly). That means the simplest possible
object cloning would also generate a sequence of 5 bytecodes (at least):

```
   Mov <register>, a0
   JumpIfNull @1
   JumpIfUndefined @1
   ToObject <register>
1: CloneObject <register>
```

That is quite wasteful and unnecessary, since the core logic in the
runtime already does the ToObject properly anyways. This change
refactors the CloneObjectIC slightly to behave more like the other ICs
and do the ToObject implicitly when necessary.

Bug: v8:7611, v8:9114, v8:9183, v8:9343
Change-Id: I11973e90bf875f154a5a7739287bee17041e4a7a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1649554Reviewed-by: 's avatarMythri Alle <mythria@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62064}
      92c6af8a
    • Ben Smith's avatar
      [wasm] Add unittest for PrintWasmText · 8bf9ba4e
      Ben Smith authored 
      PrintWasmText is used for disassembling wasm code in DevTools, but many
instructions are not implemented. This test should make it easier to
remember to implement this when adding new instructions.

Change-Id: I6030a70113320f11a1ac0436bf0d220b5c41e6d1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1647475
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: 's avatarAndreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62063}
      8bf9ba4e
    • Jakob Kummerow's avatar
      [ubsan] Fix a few double-to-float casts · 05e3b641
      Jakob Kummerow authored 
      The DoubleToFloat32 helper takes care of everything, so use it
consistently.

Bug: chromium:969498
Change-Id: If71e5374684b89615006548cb0329f4d4cb7fd6d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1648253
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: 's avatarBen Smith <binji@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62062}
      05e3b641
  9. 07 Jun, 2019 4 commits
    • Darius Mercadier's avatar
      Makes sure FreeListCategories never contain empty elements · 303ca9ac
      Darius Mercadier authored 
      The linked lists of FreeLists could contain empty elements
(FreeListCategories whose `top()` is null). The code is carefuly
written so that this case won't break anything (probably just slow
things a little bit).  When `FreeList::FindNodeIn` (the fast path of
`FreeList::Allocate`) found such an empty `FreeListCategory`, it
removed it by calling `FreeList::RemoveCategory`, and looked in the
next `FreeListCategory` of the same size. However, on the slow path of
`FreeList::Allocate`, the functions that iterates the
`FreeListCategory` are `FreeList::TryFindNodeIn` and
`FreeListCategory::PickNodeFromList`, none of which removed empty
elements. Therefore, it could happen that a `FreeListCategory` "real"
first element could be used, but was never considered due to the top of
the linked list being empty. The behavior for the slow path should be
the same as for the fast path on that regard.

The problem was actually deeper than that: FreeListCategories were not
always in a consistent state, since they could have empty members. The
removal of those empty elements should be done as soon as they are
created, ie when allocating the last element.

This CL ensures that empty FreeListCategories are removed as soon as
they become empty.

Bug: v8:9329
Change-Id: Idda8096dc5978745894854a0405da59f7e8691a6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1648476
Commit-Queue: Darius Mercadier <dmercadier@google.com>
Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62058}
      303ca9ac
    • Darius Mercadier's avatar
      Fix allocation of tiniest object in the tiny freelist · 05e98e56
      Darius Mercadier authored 
      When trying to find a spot in the freelists for a tiniest object,
the tiny freelist was never searched.

This was fixed by modifying FreeList::Allocate in order to handle
that special case.
A test was added in cctest/heap/test-spaces.cc. It allocates a
Tiny object on a new page, then fills up the page, then frees the
first object, and finally tries to allocate a Tiniest
object. Before, this Tiniest object would go on a different page;
now it goes on the same one (which is what the test checks for).

Bug: v8:9329
Change-Id: Ia810726d1bfe1dae4ef2055a7f5b314b1514ee9c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1647162
Commit-Queue: Darius Mercadier <dmercadier@google.com>
Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62055}
      05e98e56
    • Georg Schmid's avatar
      [ptr-compr] Revisit transformed Phis in Decompression Elimination · 94ae207b
      Georg Schmid authored 
      Currently, decompression elimination may reduce phis by pushing decompressions in the value inputs of the phi "down" and replacing it by a single decompression following the phi node. Because of the way that the replacement is currently done, other reducers in the same phase will not generally get a chance to revisit the modified phi.

In the specific case of v8:9335 this blocked an additional optimization in CommonOperatorReducer from being applied, causing the overall load elimination test to fail.

This CL fixes the replacement behavior in decompression elimination to also allow for revisitations of the modified phi node.

Bug: v8:9335 v8:9336
Change-Id: I3ca5686dacb41a525160b08456905ba77cf28b39

Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Change-Id: I3ca5686dacb41a525160b08456905ba77cf28b39
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1648238Reviewed-by: 's avatarSantiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
Commit-Queue: Georg Schmid <gsps@google.com>
Cr-Commit-Position: refs/heads/master@{#62054}
      94ae207b
    • Yang Guo's avatar
      Fix character ranges in case insensitive regexp · 9bcacf60
      Yang Guo authored 
      R=jgruber@chromium.org

Bug: chromium:971383
Change-Id: I39d26a63c0735f595a809959c06cb2ac1c141451
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1648098
Commit-Queue: Frank Tang <ftang@chromium.org>
Auto-Submit: Yang Guo <yangguo@chromium.org>
Reviewed-by: 's avatarFrank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62044}
      9bcacf60
  11. 06 Jun, 2019 14 commits