Add support for internalizing an AstValueFactory using the off-thread
factory. Includes adding ConsString support to OffThreadFactory.

This introduces a Handle union wrapper, which is used in locations that
can store a Handle or an OffThreadHandle. This is used in this patch for
the internalized "string" field of AST strings, and will be able to be
used for other similar fields in other classes (e.g. the ScopeInfo
handle in Scope, object boilerplate descriptor handles, the inferred
name handle on FunctionLiterals, etc.). It has a Factory-templated
getter which returns the appropriate handle for the factory, and a
debug-only tag to make sure the right getter is used at runtime. This
union wrapper currently decomposes implicitly to a Handle if the getter
is not called, to minimise code changes, but this implicit conversion
will likely be removed for clarity.

Bug: chromium:1011762
Change-Id: I5dd3a7bbdc483b66f5ff687e0079c545b636dc13
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1993971
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65816}

Bug: v8:7790
Change-Id: Idf066adcd5c3dca3004e2eaa0d8fa389755720af
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1991490Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65671}

Remove the explicit script handle from ParseInfo, and make it either
a Handle that is passed around where needed, or one inferred from the
SharedFunctionInfo.

This will be useful for compilation finalization using the off-thread
factory, which will not generate real Handles since it has no access
to the Isolate.

Bug: chromium:1011762
Change-Id: I5d9564009ec83bb9fc74191b4aa69735d132c2f7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1977861Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65629}

Just a cleanup, should not change behavior, although we will allocate
more handles in some cases.

Also re-orders some of the implementations of the interface to try
and keep things consistent.

Included cleanup: Change CodeEventDispatcher so that it now implements
CodeEventListener, given that it had that exact interface already.
Also remove the macro dispatch to try and make things a bit easier to
read.

Bug: chromium:1033407
Change-Id: Id943b10c49f102d9783d8f4cf3a8c43e04364c77
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1976390Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65571}

This is a reland of 5bddc0e1

The original CL was speculatively reverted as it was suspected to
cause failures on the non-determinism bot. This was ultimately
confirmed to not be the case, so this CL is safe to reland as-is.

Original change's description:
> Implement top-level await for REPL mode
>
> Design doc: bit.ly/v8-repl-mode
>
> This CL allows the usage of 'await' without wrapping code in an async
> function when using REPL mode in global evaluate. REPL mode evaluate
> is changed to *always* return a Promise. The resolve value of the
> promise is the completion value of the REPL script.
>
> The implementation is based on two existing mechanisms:
>   - Similar to async functions, the content of a REPL script is
>     enclosed in a synthetic 'try' block. Any thrown error
>     is used to reject the Promise of the REPL script.
>
>   - The content of the synthetic 'try' block is also re-written the
>     same way a normal script is. This is, artificial assignments to
>     a ".result" variable are inserted to simulate a completion
>     value. The difference for REPL scripts is, that ".result" is
>     used to resolve the Promise of the REPL script.
>
>   - ".result" is not returned directly but wrapped in an object
>     literal: "{ .repl_result: .result}". This is done to prevent
>     resolved promises from being chained and resolved prematurely:
>
>     > Promse.resolve(42);
>
>     should evaluate to a promise, not 42.
>
> Bug: chromium:1021921
> Change-Id: I00a5aafd9126ca7c97d09cd8787a3aec2821a67f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1900464
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#65273}

TBR: yangguo@chromium.org,verwaest@chromium.org
Bug: chromium:1021921
Change-Id: I95c5dc17593161009a533188f91b4cd67234c32f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1954388Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65360}

This reverts commit 5bddc0e1.

Reason for revert: Possible culprit for https://bugs.chromium.org/p/chromium/issues/detail?id=1029863

Original change's description:
> Implement top-level await for REPL mode
> 
> Design doc: bit.ly/v8-repl-mode
> 
> This CL allows the usage of 'await' without wrapping code in an async
> function when using REPL mode in global evaluate. REPL mode evaluate
> is changed to *always* return a Promise. The resolve value of the
> promise is the completion value of the REPL script.
> 
> The implementation is based on two existing mechanisms:
>   - Similar to async functions, the content of a REPL script is
>     enclosed in a synthetic 'try' block. Any thrown error
>     is used to reject the Promise of the REPL script.
> 
>   - The content of the synthetic 'try' block is also re-written the
>     same way a normal script is. This is, artificial assignments to
>     a ".result" variable are inserted to simulate a completion
>     value. The difference for REPL scripts is, that ".result" is
>     used to resolve the Promise of the REPL script.
> 
>   - ".result" is not returned directly but wrapped in an object
>     literal: "{ .repl_result: .result}". This is done to prevent
>     resolved promises from being chained and resolved prematurely:
> 
>     > Promse.resolve(42);
> 
>     should evaluate to a promise, not 42.
> 
> Bug: chromium:1021921
> Change-Id: I00a5aafd9126ca7c97d09cd8787a3aec2821a67f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1900464
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#65273}

TBR=yangguo@chromium.org,leszeks@chromium.org,verwaest@chromium.org,szuend@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: chromium:1021921
Change-Id: I9eaea584e2e09f3dffcbbca3d75a3c9bcb0a1adf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1948719Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65333}

Design doc: bit.ly/v8-repl-mode

This CL allows the usage of 'await' without wrapping code in an async
function when using REPL mode in global evaluate. REPL mode evaluate
is changed to *always* return a Promise. The resolve value of the
promise is the completion value of the REPL script.

The implementation is based on two existing mechanisms:
  - Similar to async functions, the content of a REPL script is
    enclosed in a synthetic 'try' block. Any thrown error
    is used to reject the Promise of the REPL script.

  - The content of the synthetic 'try' block is also re-written the
    same way a normal script is. This is, artificial assignments to
    a ".result" variable are inserted to simulate a completion
    value. The difference for REPL scripts is, that ".result" is
    used to resolve the Promise of the REPL script.

  - ".result" is not returned directly but wrapped in an object
    literal: "{ .repl_result: .result}". This is done to prevent
    resolved promises from being chained and resolved prematurely:

    > Promse.resolve(42);

    should evaluate to a promise, not 42.

Bug: chromium:1021921
Change-Id: I00a5aafd9126ca7c97d09cd8787a3aec2821a67f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1900464Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65273}

If source positions are not required when a background compilation task
starts, but then something like profiling is started before the task
finalizes, then logging of the compilation task will crash due to a
missing source position table.

This ensures source positions are collected if source positions are
required during finalization.

R=rmcilroy@chromium.org

Bug: chromium:1022749
Change-Id: Ie83c3d88131a1c1f434274ea9ee52895c6753b49
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1942611
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65251}

First this plumbs RuntimeCallStats from the OptimizingCompileDispatcher
down through to PipelineCompilationJob which stashes the
RuntimeCallStats on the PipelineData.

Adds new RCS thread-specific counters: OptimizeAssembleCode and
OptimizeBackgroundAssembleCode which are used in
PipelineImpl::AssembleCode.

Bug: v8:10006
Change-Id: Ieef6d32afddf4b0760e204010b09a85dfec92cf3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1926030
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65221}

Adds RuntimeStats counters for HeapBrokerInitialization, Serialize,
SerializeMetadata and Finalization phases. These happen only on main thread.
In a followup cl we will also add counters for other phases that could happen
on main thread or background thread.

Earlier RecompileSynchronous was used to measure the time spent in Concurrent,
non Concurrent and Concurrent finalize phases. This cl replaces them with
OptimizeConcurrent, OptimizeNonConcurrent and OptimizeConcurrentFinalize
counters. This cl also renames RecompileConcurrent to OptimizeBackground to
make it clear this measures the background component of optimization.

This also updates names of trace events to be in-sync with RuntimeStat counters.

Bug: v8:9684
Change-Id: Ifda81ce7ab1c659c2df53bab924c51c46f46939b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1924439Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65147}

Converts and uses of RuntimeCallTimerScopes that switch the counter
based on the thread, to use kThreadSpecific and remove the counter
selection.

Also moves RuntimeCallTimerScope::CounterMode to RuntimeCallStats,
since now CorrectCurrentCounterId also takes it as a parameter.

Bug: v8:10006
Change-Id: I14a503e0b83bb69c071f9665956de094bb33c0ba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1928864Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65141}

Design doc: bit.ly/v8-repl-mode

This CL adds a new REPL mode that can be used via
DebugEvaluate::GlobalREPL. REPL mode only implements re-declaration
of 'let' bindings at the moment. Example:

REPL Input 1: let x = 21;
REPL Input 2: let x = 42;

This would normally throw a SyntaxError, but works in REPL mode.

The implementation is done by:
  - Setting a 'repl mode' bit on {Script}, {ScopeInfo}, {ParseInfo}
    and script {Scope}.
  - Each global let declaration still gets a slot reserved in the
    respective {ScriptContext}.
  - When a new REPL mode {ScriptContext} is created, name clashes
    for let bindings are not reported as errors.
  - Declarations, loads and stores for global let in REPL mode are
    now "load/store global" instead of accessing their respective
    context slot directly. This causes a lookup in the ScriptContextTable
    where the found slot for each name is guaranteed to be the same
    (the first one).

Bug: chromium:1004193, chromium:1018158
Change-Id: Ia6ab526b9f696400dbb8bfb611a4d43606119a47
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1876061
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64793}

This removes the feature that we log precise information about
functions and scripts in "v8.compile", since it comes at a
significant cost and is not going to be used anytime soon. If
we ever decide that we need this, we will have to come up with
a cheaper way of doing this.

Fixed: v8:9874
Tbr: yangguo@chromium.org
Bug: v8:8598, v8:9039, v8:9325, v8:9874
Change-Id: I3481570b6fda2a050f05d2ae84cf3e9245f67d52
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1898652Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64783}

Instead of inferring allow_codegen from the state of MaybeLocal<String>, return it separately. This allows to distinguish "could not stringify this object" from "block execution of this object", regardless of whether the object is a string or not. Currently, the hook can trigger an EvalError only if the original source was a string.

Modify the logic so that one of the three mechanisms (unconditional, non-modifying, modifying) decides alone. Before, if the non-modifying callback rejected a value, the value would be forwarded to the modifying callback, but the unconditional would not forward to the non-modifying callback. This introduces a more uniform behaviour where the three mechanisms act in decreasing priority.

Change-Id: Iaaa9873227052653d714df65f31c4de914f48b7d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1776082Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Stefano Sanfilippo <ssanfilippo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64763}

Measure finalization time for streaming JS compilation (to measure impact
of off-thread streaming finalization).

Bug: chromium:865098
Bug: chromium:1011762
Change-Id: Idc89ea18e55fec87ac7e8cca28925820e0c56b84
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1844783
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64190}

This is a reland of cfb10028
with a fix for failures in lite mode.

Original change's description:
> [compiler] Cache OSR optimized code
>
> With lazy feedback allocation, for functions that get OSRed we may
> not have feedback for the initial part of the functions since feedback
> vectors might be allocated after the function started executing. Hence
> we would not be able to optimize the function on the next call. This
> means we may have to OSR twice before we actually optimize function.
> This cl introduces OSR cache, so we could reuse the optimized code. One
> side effect of this cl is that the OSRed code won't be function context
> specialized anymore.
>
> Bug: chromium:987523
> Change-Id: Ic1e2abca85ccfa0a66a0fa83f7247392cc1e7cb2
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1796329
> Commit-Queue: Mythri Alle <mythria@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64014}

Bug: chromium:987523
Change-Id: I9c782242b07b24d15247533ab4ee044334b429ff
TBR: rmcilroy@chromium.org
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1826898
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64023}

This reverts commit cfb10028.

Reason for revert:
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm%20-%20sim%20-%20lite/6483

Original change's description:
> [compiler] Cache OSR optimized code
> 
> With lazy feedback allocation, for functions that get OSRed we may
> not have feedback for the initial part of the functions since feedback
> vectors might be allocated after the function started executing. Hence
> we would not be able to optimize the function on the next call. This
> means we may have to OSR twice before we actually optimize function.
> This cl introduces OSR cache, so we could reuse the optimized code. One
> side effect of this cl is that the OSRed code won't be function context
> specialized anymore.
> 
> Bug: chromium:987523
> Change-Id: Ic1e2abca85ccfa0a66a0fa83f7247392cc1e7cb2
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1796329
> Commit-Queue: Mythri Alle <mythria@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64014}

TBR=rmcilroy@chromium.org,neis@chromium.org,mythria@chromium.org

Change-Id: Ib3692e7570bed5d3e88ca8a0247b185d70497a04
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:987523
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1826668Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64015}

With lazy feedback allocation, for functions that get OSRed we may
not have feedback for the initial part of the functions since feedback
vectors might be allocated after the function started executing. Hence
we would not be able to optimize the function on the next call. This
means we may have to OSR twice before we actually optimize function.
This cl introduces OSR cache, so we could reuse the optimized code. One
side effect of this cl is that the OSRed code won't be function context
specialized anymore.

Bug: chromium:987523
Change-Id: Ic1e2abca85ccfa0a66a0fa83f7247392cc1e7cb2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1796329
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64014}

The inferred name in the function literal might not be as accurate as the one
already on the shared function info, so use the existing one instead.

BUG=chromium:995813

Change-Id: Ie06eb964934fc039e56ebf9452f706e1192b7ab0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1782169
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63566}

This reverts commit 352a154e.

Reason for revert: https://crbug.com/999972

Original change's description:
> [compiler] improve inlining heuristics: call frequency per executed bytecodes
> 
> TLDR: Inline less, but more where it matters. ~10% decrease in Turbofan
> compile time including off-thread, while improving Octane scores by ~2%.
> 
> How things used to work:
> 
> There is a flag FLAG_min_inlining_frequency that limits inlining by
> the callsite being sufficiently frequently executed. This call frequency
> was measured relative to invocations of the parent (= the function we
> originally optimize). At the same time, the limit was very low (0.15),
> meaning we mostly relied on the total amount of inlined code
> (FLAG_max_inlined_bytecode_size_cumulative) to limit inlining.
> 
> How things work now:
> 
> Instead of measuring call frequency relative to parent invocations, we
> should have a measure that predicts how often the callsite in question
> will be executed in the future. An obvious attempt at that would be to
> measure how often the callsite was executed in absolute numbers in the
> past. But depending on how fast feedback stabilizes, it can take more
> or less time until we optimize a function. If we just take the absolute
> call frequency up to the point in time when we optimize, we would
> inline more for functions that stabilize slowly, which doesn't make
> sense. So instead, we measure absolute call count per KB of executed
> bytecodes of the parent function.
> Since inlining big functions is more expensive, this threshold is
> additionally scaled linearly with the bytecode-size of the inlinee.
> The resulting formula is:
> call_frequency >
> FLAG_min_inlining_frequency *
>   (bytecode.length() - FLAG_max_inlined_bytecode_size_small) /
>   (FLAG_max_inlined_bytecode_size - FLAG_max_inlined_bytecode_size_small)
> 
> The new threshold is chosen in a way that it effectively limits
> inlining, which allows us to increase
> FLAG_max_inlined_bytecode_size_cumulative without increasing inlining
> in general.
> 
> The reduction in compile time (x64 build) of ~10% was observed in Octane,
> ARES-6, web-tooling-benchmark, and the standalone TypeScript benchmark.
> The hope is that this will reduce CPU-time in real-world situations
> too.
> The Octane improvements come from inlining more in places where it
> matters.
> 
> Bug: v8:6682
> 
> Change-Id: I99baa17dec85b71616a3ab3414d7e055beca39a0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1768366
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63449}

TBR=rmcilroy@chromium.org,neis@chromium.org,jgruber@chromium.org,tebbi@chromium.org,mslekova@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:6682 chromium:999972
Change-Id: Iffca63d4bef81afa0f66e34d35fb72f3b5baf517
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1784281Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63554}

Extend stress source positions to also ensure source positions for eagerly
compiled inner functions when lazily compiling the outer function.

BUG=v8:8510

Change-Id: I66d04beb789f13c15ed87cf10f606723c18f5d8f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1774725
Commit-Queue: Dan Elphick <delphick@chromium.org>
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63482}

TLDR: Inline less, but more where it matters. ~10% decrease in Turbofan
compile time including off-thread, while improving Octane scores by ~2%.

How things used to work:

There is a flag FLAG_min_inlining_frequency that limits inlining by
the callsite being sufficiently frequently executed. This call frequency
was measured relative to invocations of the parent (= the function we
originally optimize). At the same time, the limit was very low (0.15),
meaning we mostly relied on the total amount of inlined code
(FLAG_max_inlined_bytecode_size_cumulative) to limit inlining.

How things work now:

Instead of measuring call frequency relative to parent invocations, we
should have a measure that predicts how often the callsite in question
will be executed in the future. An obvious attempt at that would be to
measure how often the callsite was executed in absolute numbers in the
past. But depending on how fast feedback stabilizes, it can take more
or less time until we optimize a function. If we just take the absolute
call frequency up to the point in time when we optimize, we would
inline more for functions that stabilize slowly, which doesn't make
sense. So instead, we measure absolute call count per KB of executed
bytecodes of the parent function.
Since inlining big functions is more expensive, this threshold is
additionally scaled linearly with the bytecode-size of the inlinee.
The resulting formula is:
call_frequency >
FLAG_min_inlining_frequency *
  (bytecode.length() - FLAG_max_inlined_bytecode_size_small) /
  (FLAG_max_inlined_bytecode_size - FLAG_max_inlined_bytecode_size_small)

The new threshold is chosen in a way that it effectively limits
inlining, which allows us to increase
FLAG_max_inlined_bytecode_size_cumulative without increasing inlining
in general.

The reduction in compile time (x64 build) of ~10% was observed in Octane,
ARES-6, web-tooling-benchmark, and the standalone TypeScript benchmark.
The hope is that this will reduce CPU-time in real-world situations
too.
The Octane improvements come from inlining more in places where it
matters.

Bug: v8:6682

Change-Id: I99baa17dec85b71616a3ab3414d7e055beca39a0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1768366
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63449}

- Rename FunctionLiteral::FunctionType to FunctionSyntaxKind.

- Re-express IsWrappedBit, IsDeclarationBit, IsAnonymousExpressionBit,
  and IsNamedExpressionBit in SFI::flags as FunctionSyntaxKind. This
  frees up 1 bit in SFI::flags.

- Re-express the analogous bits in ParseInfo as FunctionSyntaxKind.

- Simplifies some logic in the back-and-forth passing of this info
  between SFI and ParseInfo.

- Drive-by fix parsing class member initializations as kAccessorOrMethod.

Bug: v8:9644
Change-Id: I6c165d5016d968f5057a32136385ddcdc4a46ef1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1767263Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63388}

This changes Compiler::CollectSourcePositions to skip finalization of
the BytecodeArray, constant table, handler table, ScopeInfos as well as
internalization of Ast values since only the source position table is
used and the others will be collected soon after by the GC.

It will also now avoid recompiling inner functions that would otherwise
be eagerly compiled.

BytecodeArrayWriter::ToBytecodeArray has been changed to never populate
the source_position_table.

Bug: v8:8510
Change-Id: I2db2f2da6b48fde11f17a20d017c1a54c0a34fc2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1763538
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63365}

Previously we only used this flag if asm_wasm instantiation failed, but
we should avoid trying asm_wasm again if we failed during the initial
parse/compile, in case we have to recompile due to bytecode flushing. This
also avoids issues if there is a tranisent reason we fail asm_wasm compilation
(e.g., stack overflow) and later recompilations succeed and cause
inconsistencies like in the linked bug.

BUG=chromium:991133

Change-Id: Id156efa9d8625ce3db2058cb279ea23aeb66052f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1751784Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63192}

Also adds a NullContextScope for code which wants to ensure it is context
independent. Removes a workaround in V8ProfilerAgentImpl::startProfiling
which created a context due to CollectSourcePositions not being context
indpendent.

BUG=chromium:992063

Change-Id: I94c7eea6416dc64bc61fb8ff9cd945449a791a77
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1748693
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63176}

This requires a native context which might not be available when
collecting source positions, and errors are cleared in any case.

BUG=chromium:992063

Change-Id: Ie0b81f60debaaf9a7810a42f56de0c005a7fbe18
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1745338
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63175}

We have already parsed a function when we call CollectSourcePositions, so we
shouldn't update the parsing statistics again otherwise we will double-count.
Also, CollectSourcePositions needs to be made native-context independent, and
Blink's CountUsage counter requires a context to have been entered when it is
called and so isn't context independent.

BUG=chromium:992063

Change-Id: Idda50b98a8308f022cb90e1a18afb43982e95298
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1746472
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63151}

If the function has been uncompiled (bytecode flushed) it will have lost any preparsed data.
When we recompile the outer function we will regenerate this PreParseData but it wasn't
being reattached to the inner function. This CL fixes this by checking for this case in
Compiler::GetSharedFunctionInfo and creating a new NewUncompiledDataWithPreparseData to
attach to the inner function.

BUG=v8:9479

Change-Id: I5c0fc8251006f8f5c7c7f5f9dd17b2ecc671b672
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1741655
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63128}

This is a reland of 159df248

Original change's description:
> [ic] Don't transition to premonomorphic state
> 
> We used to use premonomorphic state to delay initializing the ICs.
> This optimization was to avoid the cost of setting up handlers if the
> code executed only once. With lazy feedback allocation we no longer
> need this.
> 
> This cl also renames LoadIC_Uninitialized to LoadIC_Nofeedback and
> StoreIC_Uninitialized to StoreIC_Nofeedback since we now miss to
> runtime in the uninitialized state and use the builtin when there
> is no feedback.
> 
> 
> Change-Id: I1633e61ea74664da51348e362c34c47a017a264a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1683525
> Commit-Queue: Mythri Alle <mythria@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63020}

Change-Id: Ica7eb65649615c2f8410d5b815a98b55cb1cfc4d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1731000
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63082}

Wrapped functions don't recompile properly with lazy source positions so
just force them to always collect the source positions.

Fixes cctest/test-compiler/CompileFunctionInContext in the presence of
--enable-lazy-source-positions and --stress-lazy-source-positions.

Bug: v8:8510
Change-Id: I2402a441d4930be11dc037c6041cb577a63a3529
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1709427
Commit-Queue: Dan Elphick <delphick@chromium.org>
Auto-Submit: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63013}

This adds a simple counter to Turbofan that's incremented throughout the compilation, hopefully
frequently enough so we can use it to detect divergence and performance bugs.
In addition, we assert that this counter never gets too high. That's the equivalent of a simple
timeout, just more deterministic. The limitations on Turbofan input size should guarantee that
we never exceed this limit. Since we probably do exceed it rarely, this check is only a DCHECK and
intended to detect performance and divergence issues, but not supposed to be performed in release
builds.

In addition, this CL adds UMA stats to observe the real world distribution of the tick measurement.

Bug: v8:9444

Change-Id: I182dac6ecac64715e3f5885ff5c7c17549351cd0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1695475
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62754}

Make stress mode collect source positions for functions that weren't
lazily compiled.

Bug: v8:8510
Change-Id: I632f4b39746a7500ced3b7de9840601c4681856e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1700063
Auto-Submit: Dan Elphick <delphick@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62687}

With lazy feedback allocation and bytecode flushing we need to call
%PrepareFunctionForOptimize before we call %OptimizeFunctionOnNextCall/
%OptimizeOsr. This cl:
1. Adds an additional state in pending optimized table to check if the
optimization was triggered manually.
2. Changes the compilation pipeline to delete the entry from pending
optimized table only if the optimization was triggered through
%OptimizeFunctionOnNextCall / %OptimizeOsr.
3. Adds a check to enforce %PrepareFunctionForOptimize was called.
4. Adds a new run-time flag to only check in the d8 test runner. We
don't want this check enabled in other cases like clusterfuzz that doesn't
ensure %PrepareFunctionForOptimize is called.

Bug: v8:8394, v8:8801, v8:9183
Change-Id: I9ae2b2da812e313c746b6df0b2da864c2ed5de51
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664810
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62653}

If --stress-lazy-source-positions is enabled then always collect source
positions after lazy compilation to try and flush out bytecode mismatch
bugs.

Bug: v8:8510
Change-Id: I895611c9fde2c4743d62951674277973def01d3c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1679502
Commit-Queue: Dan Elphick <delphick@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Auto-Submit: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62414}

Change-Id: I8e6f10d6a5cba981134b44fda1a8ae3a4ea0fc97
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1675959
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62371}

This extends the existing Isolate::SetAllowCodeGenerationFromStringsCallback
mechanism, by adding SetModifyCodeGenerationFromStringCallback, which
can also modify the eval argument (it could e.g. add escaping).

Bug: chromium:940927
Change-Id: I2b72ec2e3b77a5a33f428a0db5cef3f9f8ed6ba2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593336Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62185}

TBR=mvstanton@chromium.org,neis@chromium.org,ahaas@chromium.org

Bug: v8:9247
Change-Id: I5433c863a54f3412d73df0d38aba3fdbcfac7ebe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627973
Commit-Queue: Yang Guo <yangguo@chromium.org>
Auto-Submit: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61830}

NOPRESUBMIT=true
TBR=mstarzinger@chromium.org

Bug: v8:9247
Change-Id: I4cd6b79a1c2cba944f6f23caed59d4f1a4ee358b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1624217
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61790}

This CL was generated by an automatic clang AST rewriter using this
matcher expression:

  callExpr(
    callee(
      cxxMethodDecl(
        hasName("operator->"),
        ofClass(isSameOrDerivedFrom("v8::internal::Object"))
      )
    ),
    argumentCountIs(1)
  )

The "->" at the expression location was then rewritten to ".".

R=jkummerow@chromium.org
TBR=mstarzinger@chromium.org,verwaest@chromium.org,yangguo@chromium.org

Bug: v8:9183, v8:3770
No-Try: true
No-Tree-Checks: true
Change-Id: I0a7ecabdeafe51d0cf427f5280af0c7cab96869e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1624209Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61764}