- 19 Aug, 2019 21 commits
-
-
Gus Caplan authored
The optional chaining bytecode in delete expressions was unconditionally jumping if the receiver was nullish, instead of just when the property was an actual optional chain link. This change adds the missing check around the jump. Change-Id: Ic7bed58be4ae62d157e63e4f77666b1abd1f802d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1755264Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#63251}
-
Dan Elphick authored
Flag off by default now since it's causing crashes in the profiler. R=rmcilroy Bug: chromium:994673 Change-Id: I92b46e1f90819c0007106d843ecae2c3974eb3c8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1760814 Commit-Queue: Dan Elphick <delphick@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#63250}
-
Santiago Aboy Solanes authored
This is a reland of 82111e22 Relanding since we now have more shards: https://chromium-review.googlesource.com/c/v8/v8/+/1760810 Original change's description: > [CSA][cleanup] TNodify some methods related to prototype and property lookup > > This is a CL in a string of CLs that aims to TNodify CSA. In particular, > there were some loads that were done in AnyTagged instead of > TaggedPointer. TNode-ifying them brings improvement in pointer > compression since we are able to decompress using the Pointer > decompression. > > TNodified: > * LoadJSFunctionPrototype > * TryPrototypeChainLookup > * OrdinaryHasInstance > > Also TNodified loads regarding: > * FeedbackCell::kValueOffset > * HeapObject::kMapOffset > * JSFunction::kSharedFunctionInfoOffset > * JSFunction::kFeedbackCellOffset > * Map::kInstanceTypeOffset > * Map::kInstanceDescriptorsOffset > * Map::kPrototypeOffset > > Drive-by cleanup: StoreJSArrayLength and StoreElements were unused. > > Bug: v8:6949, v8:9396 > Change-Id: I89697b5c02490906be1eee63cf3d9e60a1094d48 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1755844 > Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63216} Bug: v8:6949, v8:9396 Change-Id: I040aefcf8af60611f7b3c24f3bd5c661e03b6ada Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1760811Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#63249}
-
Darius Mercadier authored
Bug: v8:9329 Change-Id: Ia6592ff4d3046617fa536a6e2a9663b3dd73c5da Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1760809Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Darius Mercadier <dmercadier@google.com> Cr-Commit-Position: refs/heads/master@{#63248}
-
Jakob Kummerow authored
Change-Id: Ib28e408cb6046fd728ceff6e6bf4005a241664e2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1745340Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#63247}
-
Santiago Aboy Solanes authored
The following methods didn't need the use of context, and could be replaced by NoContextConstant(): * AllocateSeqOneByteString * AllocateSeqTwoByteString * StringBuiltinsAssembler::GenerateStringEqual * StringBuiltinsAssembler::StringEqual_Core * StringBuiltinsAssembler::GenerateStringRelationalComparison Change-Id: I98068980377450daef7c999e3d413e839f66fda9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1758321Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#63246}
-
Jakob Gruber authored
DoComputeInterpretedFrame and friends are long and complex functions. It is often not clear which variables are constants and which are later modified. This CL tries to clarify, mostly by marking variables const when possible. Bug: v8:9534 Change-Id: Ifa73402c392ad244ab5ea37262293f8d9db98be0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1752848 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Auto-Submit: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#63245}
-
Maya Lekova authored
Async related reducers in native context specialization are now heap-access free. Bug: v8:7790 Change-Id: I467b86e54cb808985343e54df71c3b8b950a61e7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1758320 Commit-Queue: Maya Lekova <mslekova@chromium.org> Auto-Submit: Maya Lekova <mslekova@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#63244}
-
Ulan Degenbaev authored
IsolateAllocator::InitReservation can fail with OOM if multiple V8 isolates are created simultaneously and race to reserve the same memory region. Now the function falls back to using overreserved region as the last resort. Bug: v8:9588 Change-Id: I9731e04181382f0c1401b2a78f3eba63a445bfc9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1758315 Auto-Submit: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#63243}
-
Georg Neis authored
- Eliminate unconditional heap reads in tracing code. - Change operator<< on ObjectRef to additionally print the Brief() output when the broker is disabled. - Print line number in TRACE_BROKER_MISSING and make some messages more consistent. - Make PrintCandidates output clearer. - Be more consistent about dereferencing optionals. Bug: v8:7790, chromium:990478 Change-Id: I2917529d5138a0d63ad476d3f8fee6a963767b23 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1758311 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#63242}
-
Georg Neis authored
This is a reland of 29585a06 after removing an incorrect DCHECK. Original change's description: > [turbofan] Various serializer/broker improvements > > They are all somewhat entangled, sorry for the big CL. > > - Brokerize remaining feedback vector slots. > - Introduce Hints::SingleConstant helper. > - Introduce SerializationPolicy enum. > - Eliminate use of nullptr for megamorphic load/store ic feedback. > Instead use the corresponding ProcessedFeedback with an empty list > of maps or the like. new class MegamorphicFeedback. > - Separate processing of feedback from serialization. This eliminates > code duplication. > - Be very careful when clearing hints not to overwrite hints that are > being processed. > - Move AccessInfos out of NamedAccessFeedback. Always store them in > property_access_infos_ map on broker. (This was actually unused > before, somewhat by mistake.) > - Support map inference in concurrent inlining. Rewrite > ElementAccessFeedback such that we can refine it with the set of > inferred maps. > > TBR: mvstanton@chromium.org > Change-Id: I05e9eb250bdffc6dff29db01742550a86a41cb31 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1752853 > Commit-Queue: Georg Neis <neis@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63232} TBR: mvstanton@chromium.org Bug: v8:7790 Change-Id: Ia4acd31b339a941ee065e1ae4835bb7b85d5685e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1758319Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#63241}
-
Patrick Thier authored
Test mjsunit/regress/regress-992389 explicitly sets the jitless flag when run. Skip this test when run on builds without embedded-builtins. Bug: v8:9632, chromium:992389 Change-Id: Ieb52a33006b1104080d8f5adb8c4f2c36e4413af Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1758317 Commit-Queue: Patrick Thier <pthier@google.com> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#63240}
-
Dominik Inführ authored
Instead of inserting "deletion" entries into the store buffer, keep a list of invalidated objects to filter out invalid old-to-new slots. The first CL https://crrev.com/c/1704109 got reverted because both the sweeper and the main task were modifying the invalidated slots data structure concurrently. This CL changes this, such that the sweeper only modifies the invalidated slots during the final atomic pause when the main thread is not running. The sweeper does not need to clean this data structure after the pause, since the "update pointers" phase already removed all invalidated slots. The second CL https://crrev.com/c/1733081 got reverted because the sweeper might find more free space than the full GC before it. If an object shrinks after the pause but before the sweep, the invalidated object might span free memory and potentially new allocated objects. Therefore shrink invalidated objects when processing swept pages on the main thread. Also clean recorded slots in the gap. TBR=petermarshall@chromium.org Bug: v8:9454 Change-Id: I80d1fa3bbc24e97f7c97a373aaad66f105456f12 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1751795 Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#63239}
-
Jakob Gruber authored
Information required for deoptimization is passed from codegen to the deoptimizer through so-called translations. Translations contain, among many other things, a 'height' field. It is used during deopts to calculate the unoptimized frame height (but note that it does not correspond exactly to the frame height itself - further calculations on the deopt side are needed to get to the real frame height). The height field has roughly the following data flow: 1. During codegen, we serialize whatever FrameStateDescriptor::GetHeight() returns. 2. During deopts, serialized translations are converted into TranslatedFrame objects in TranslatedState::CreateNextTranslatedFrame. 3. These are later used to arrive at the real frame height in multiple spots, e.g. in DoComputeInterpretedFrame and friends. Prior to this CL, we were adding and subtracting 1 in basically random spots. For example, for interpreted and construct stub frames we added 1 in step 1 and subtracted 1 in step 3. For continuation frames, we added 1 in step 2 and subtracted it in step 3. Argument adaptor frames were left untouched. This CL removes all these +-1's. The height field now contains locals_count() for interpreted frames, and parameters_count() for everything else. I also tried to make the meaning of adds/subs clearer through use of named constants like kTheReceiver. Bug: v8:9534 Change-Id: I6fd26886ff5aa63930f413d879d5480578d9dc7e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1751724Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Auto-Submit: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#63238}
-
Maya Lekova authored
This reverts commit 29585a06. Reason for revert: Breaks GC stress bots - https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20gc%20stress/24009 https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/27281 Original change's description: > [turbofan] Various serializer/broker improvements > > They are all somewhat entangled, sorry for the big CL. > > - Brokerize remaining feedback vector slots. > - Introduce Hints::SingleConstant helper. > - Introduce SerializationPolicy enum. > - Eliminate use of nullptr for megamorphic load/store ic feedback. > Instead use the corresponding ProcessedFeedback with an empty list > of maps or the like. new class MegamorphicFeedback. > - Separate processing of feedback from serialization. This eliminates > code duplication. > - Be very careful when clearing hints not to overwrite hints that are > being processed. > - Move AccessInfos out of NamedAccessFeedback. Always store them in > property_access_infos_ map on broker. (This was actually unused > before, somewhat by mistake.) > - Support map inference in concurrent inlining. Rewrite > ElementAccessFeedback such that we can refine it with the set of > inferred maps. > > TBR: mvstanton@chromium.org > Change-Id: I05e9eb250bdffc6dff29db01742550a86a41cb31 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1752853 > Commit-Queue: Georg Neis <neis@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63232} TBR=mvstanton@chromium.org,neis@chromium.org Change-Id: I88625d92fddf993db63661666c59af05a47b2b58 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1758314Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#63237}
-
Mu Tao authored
Port 0aa204fe https://chromium-review.googlesource.com/c/v8/v8/+/1738863 Port 5b2ab2f6 https://chromium-review.googlesource.com/c/v8/v8/+/1748737 Port c4d31fea https://chromium-review.googlesource.com/c/v8/v8/+/1745339 Change-Id: Iefc703a644bd28ac6503b4ae67e674f286623739 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1755604Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Auto-Submit: Mu Tao <pamilty@gmail.com> Cr-Commit-Position: refs/heads/master@{#63236}
-
Jakob Gruber authored
The --jitless and --interpreted-frames-native-stack flags are incompatible since the latter requires code generation while the former prohibits code generation. Bug: v8:9619 Change-Id: Ic954724edd6a2d28e1bf2f6a79649f86e812abcf Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1758312 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Auto-Submit: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#63235}
-
Michael Starzinger authored
This removes the last dependencies on {JSGraph} from the wasm compiler. Since the pipeline does not run appropriate lowerings, access to the simplified or the javascript operator level is disallowed. With this change that rule is statically enforced. R=thibaudm@chromium.org Change-Id: I4a97e63ffc5df1b7704477ac5c68707f5b195166 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1758305Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#63234}
-
Maya Lekova authored
This reverts commit 82111e22. Reason for revert: Speculative revert, could be causing timeouts - https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm%20-%20sim%20-%20debug/17567 Original change's description: > [CSA][cleanup] TNodify some methods related to prototype and property lookup > > This is a CL in a string of CLs that aims to TNodify CSA. In particular, > there were some loads that were done in AnyTagged instead of > TaggedPointer. TNode-ifying them brings improvement in pointer > compression since we are able to decompress using the Pointer > decompression. > > TNodified: > * LoadJSFunctionPrototype > * TryPrototypeChainLookup > * OrdinaryHasInstance > > Also TNodified loads regarding: > * FeedbackCell::kValueOffset > * HeapObject::kMapOffset > * JSFunction::kSharedFunctionInfoOffset > * JSFunction::kFeedbackCellOffset > * Map::kInstanceTypeOffset > * Map::kInstanceDescriptorsOffset > * Map::kPrototypeOffset > > Drive-by cleanup: StoreJSArrayLength and StoreElements were unused. > > Bug: v8:6949, v8:9396 > Change-Id: I89697b5c02490906be1eee63cf3d9e60a1094d48 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1755844 > Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63216} TBR=rmcilroy@chromium.org,solanes@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: v8:6949, v8:9396 Change-Id: Ib6ae8fe86a598ed1066894595565e1162cf7dd1f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1758310Reviewed-by: Maya Lekova <mslekova@chromium.org> Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#63233}
-
Georg Neis authored
They are all somewhat entangled, sorry for the big CL. - Brokerize remaining feedback vector slots. - Introduce Hints::SingleConstant helper. - Introduce SerializationPolicy enum. - Eliminate use of nullptr for megamorphic load/store ic feedback. Instead use the corresponding ProcessedFeedback with an empty list of maps or the like. new class MegamorphicFeedback. - Separate processing of feedback from serialization. This eliminates code duplication. - Be very careful when clearing hints not to overwrite hints that are being processed. - Move AccessInfos out of NamedAccessFeedback. Always store them in property_access_infos_ map on broker. (This was actually unused before, somewhat by mistake.) - Support map inference in concurrent inlining. Rewrite ElementAccessFeedback such that we can refine it with the set of inferred maps. TBR: mvstanton@chromium.org Change-Id: I05e9eb250bdffc6dff29db01742550a86a41cb31 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1752853 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#63232}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/e4c7cf0..9275a0c TBR=machenbach@chromium.org,tmrts@chromium.org Change-Id: I16f6a0650309b8e0d1ce3f25cd1159cefebf861d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1757692Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#63231}
-
- 18 Aug, 2019 1 commit
-
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/ac11835..e4c7cf0 Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/dbca9d1..ae25381 Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/2dd0798..c5d786f TBR=machenbach@chromium.org,tmrts@chromium.org Change-Id: Ib4f4c7ac25c631fe8d14a5ba6c60dc6ca0a3f2d0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1757690Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#63230}
-
- 17 Aug, 2019 1 commit
-
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/b9f7075..ac11835 Rolling v8/third_party/android_sdk/public: DLK621q5_Bga5EsOr7cp6bHWWxFKx6UHLu_Ix_m3AckC..5DL7LQQjVMLClXLzLgmGysccPGsGcjJdvH9z5-uetiIC Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/2ae52ad..dbca9d1 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/9f4b37d..72fbaf4 Rolling v8/third_party/googletest/src: https://chromium.googlesource.com/external/github.com/google/googletest/+log/e9d5f42..27e17f7 Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/4327557..2dd0798 TBR=machenbach@chromium.org,tmrts@chromium.org Change-Id: I3ebfd2a728ca0f15eaa9a2169360d46d0fb9da1a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1757688Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#63229}
-
- 16 Aug, 2019 11 commits
-
-
Ng Zhi An authored
Change-Id: Icc9a88012cd785a7676259e15da2a1bc6a6e26ba Bug: v8:9510 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1756854Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#63228}
-
Ng Zhi An authored
- Move undef closer to end of usage - Move I64x2ExtractWithF64x2 closer to Extract tests, and into ifdef scope so it runs on arm64 builds Change-Id: I7138c44097975d02e97f4b2b9bfcddd8eb9735c8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1754544Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#63227}
-
Georg Schmid authored
This CL adds additional information in PropertyAccessInfos and FieldAccesses about the map that introduced the accessed field. We use this information to prevent load elimination from incorrectly optimizing certain accesses marked const. Prior to this CL, load elimination simply stored information about eliminatable field accesses based on objects (identified by nodes in the graph) and offsets (i.e., statically known ones). In the presence of const stores and loads this is insufficient, since a single object (in the above sense) may contain distinct *const* properties at the same offset throughout its lifetime. As an example, consider the following piece of code: let obj = {}; obj.a = 0; obj[1024] = 1; // An offset of >=1024 forces an elements-kind transition delete obj.a; obj.b = 2; assertEquals(obj.b, 2); In this scenario, *both* the first ('obj.a = 0') and the second ('obj.b = 2') store to a field will be marked const by the runtime. The reason that storing to 'a' above ends up being marked const, is that 'a' before and after the elements-kind transition is encoded in separate transition trees. Removing 'a' ('delete obj.a') only invalidates const-ness in the dictionary-elements transition tree; not the holey-elements one used at the time of 'obj.a = 0'. The above situation on its own violates an invariant in load elimination. Namely, we assume that for the same object and offset, we will never encounter two const stores. One can extend the above snippet to coax load-elimination into producing incorrect results. For instance, by "hiding" 'obj.b = 2' in an unoptimized function call, the consecutive load from 'b' will incorrectly produce 0, violating the assert. R=neis@chromium.org, tebbi@chromium.org Bug: chromium:980183, chromium:983764 Change-Id: I576a9c7efd416fa9db6daff1f42d483e4bd369b4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1751346 Commit-Queue: Georg Schmid <gsps@google.com> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#63226}
-
Daryl Haresign authored
V8_EXPORT is not required for public class templates, and using it may lead to linker errors when users attempt to dllimport V8. Change-Id: I0b2db2371d0fcbf50af94ba629670486b8f2bc00 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1757284Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#63225}
-
Mike Stanton authored
GetIterator currently acts as a property load of the iterator symbol (soon it will also call it). It makes sense to apply the same early lowering logic as we do for property loads in the bytecode graph builder. This also brings our treatment of the bytecode in-line with the way it's treated in the serializer, which already respects the early-lowering semantics. Bug: v8:7790 Change-Id: Ieadc4b307b9f6d9a5aa77ca10c7c818026776f33 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1758304 Commit-Queue: Michael Stanton <mvstanton@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#63224}
-
Santiago Aboy Solanes authored
There are some accesses that we know that are pointers, and we can specialize them to have Pointer as their Machine Type and Write Barrier. Drive-by fix: ForJSGeneratorObjectParametersAndRegisters can be changed to use Pointer. Bug: v8:7703 Change-Id: I88e371746fc5f08c84795c95b1885264ef6c067c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1741658 Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#63223}
-
Tobias Tebbi authored
This removes the restriction on load elimination to only track fields of representations with kTaggedSize, and instead also allows fields with representations using multiples of kTaggedSize (that is, Float64 and Word64 on pointer-compressed or 32-bit platforms). In order not to regress JIT-compile time for the common case of kTaggedSize-sized fields, we maintain information for bigger fields multiple times, once for each kTaggedSize-multiple offset that covers it. By checking that all copies of this information are still there when reading from the load elimination state, updates to the load elimination state don't need to take special care of bigger fields. Change-Id: I9b5f3d2d6e3b4f145c20d33fbc764869bf50a365 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1752843 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#63222}
-
Sathya Gunasekaran authored
Bug: v8:9616 Change-Id: Ieca74f8df90b342672c8904beef2c2298f0ba597 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1755991Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#63221}
-
Dan Elphick authored
Create a new function NewHeapNumberForCodeAssembler used only by CodeAssembler that allocates in read_only_space whenever it is writable (e.g. when constructing builtins). This can allocate in old_space for CSA tests that run after read_only_space is sealed. This move 512 bytes from old_space to read_only_space. Bug: v8:7464 Change-Id: I3e29b38a8c062fa74feed63ecf0d07625c04347f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1752855 Commit-Queue: Dan Elphick <delphick@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#63220}
-
v8-ci-autoroll-builder authored
Rolling v8/test/wasm-js/data: https://chromium.googlesource.com/external/github.com/WebAssembly/spec/+log/ace189a..9867945 [interpreter] Tweak target (Andreas Rossberg) https://chromium.googlesource.com/external/github.com/WebAssembly/spec/+/9867945 [interpreter] Update BS support (#1058) (Andreas Rossberg) https://chromium.googlesource.com/external/github.com/WebAssembly/spec/+/ae113ed [interpreter] Make format roundtrips perfect (#1057) (Andreas Rossberg) https://chromium.googlesource.com/external/github.com/WebAssembly/spec/+/81c5f27 TBR=ahaas@chromium.org,clemensh@chromium.org Change-Id: Id626fc54563e5bd1e97403803dae6683c949d6f7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1757684Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#63219}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/1bf9025..b9f7075 Rolling v8/third_party/android_ndk: https://chromium.googlesource.com/android_ndk/+log/4e2cea4..6258275 Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/942e493..2ae52ad Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/979fa78..9f4b37d Rolling v8/third_party/googletest/src: https://chromium.googlesource.com/external/github.com/google/googletest/+log/90a443f..e9d5f42 Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/a05d5ea..4327557 TBR=machenbach@chromium.org,tmrts@chromium.org Change-Id: If6324de29ba28dda02e9d87df14864eacf640802 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1757683Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#63218}
-
- 15 Aug, 2019 4 commits
-
-
Adam Klein authored
This reverts commit f54f92dd. Reason for revert: CSA_ASSERTS failing while rolling into Chromium, see https://crbug.com/994103 for details. Original change's description: > [builtins] Port RegExpTest to Torque > > Bug: v8:8976 > Change-Id: Ia4dc120a31eb363599b47b22b749a3146a9c7c73 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1746083 > Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63211} TBR=jgruber@chromium.org,tebbi@chromium.org,duongn@microsoft.com,szuend@chromium.org Change-Id: Id3e1fe4e323826d3a48db667b032f0fddd7cb064 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:8976 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1756389Reviewed-by: Adam Klein <adamk@chromium.org> Commit-Queue: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#63217}
-
Santiago Aboy Solanes authored
This is a CL in a string of CLs that aims to TNodify CSA. In particular, there were some loads that were done in AnyTagged instead of TaggedPointer. TNode-ifying them brings improvement in pointer compression since we are able to decompress using the Pointer decompression. TNodified: * LoadJSFunctionPrototype * TryPrototypeChainLookup * OrdinaryHasInstance Also TNodified loads regarding: * FeedbackCell::kValueOffset * HeapObject::kMapOffset * JSFunction::kSharedFunctionInfoOffset * JSFunction::kFeedbackCellOffset * Map::kInstanceTypeOffset * Map::kInstanceDescriptorsOffset * Map::kPrototypeOffset Drive-by cleanup: StoreJSArrayLength and StoreElements were unused. Bug: v8:6949, v8:9396 Change-Id: I89697b5c02490906be1eee63cf3d9e60a1094d48 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1755844 Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#63216}
-
Milad Farazmand authored
Previously we allowed for only one extra parameter on the stack, this CL makes it dynamic based on the kArgCount value. Change-Id: I18cd74d0cc0ecba6fb75dcee991a0e907d423d6a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1755411Reviewed-by: Joran Siu <joransiu@ca.ibm.com> Reviewed-by: Milad Farazmand <miladfar@ca.ibm.com> Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#63215}
-
v8-ci-autoroll-builder authored
Rolling v8/test/wasm-js/data: https://chromium.googlesource.com/external/github.com/WebAssembly/spec/+log/a221f25..ace189a [spec] Terminology nits (#1053) (Andreas Rossberg) https://chromium.googlesource.com/external/github.com/WebAssembly/spec/+/ace189a TBR=ahaas@chromium.org,clemensh@chromium.org Change-Id: I0d06e838557560d07ca8d9ec2e8323d2d6658b99 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1755223Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#63214}
-
- 14 Aug, 2019 2 commits
-
-
Ng Zhi An authored
Bug: v8:8460 Change-Id: I81e48a99e34d7438c2b652a01d979bf8db4726ea Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1749666Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#63213}
-
Ng Zhi An authored
Bug: v8:9528 Change-Id: Ib1e9505686b85fa426f3f66f7d6e1e63efc48014 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1710333Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#63212}
-