1. 19 Dec, 2018 3 commits
  2. 12 Dec, 2018 1 commit
  3. 10 Dec, 2018 1 commit
  4. 06 Nov, 2018 1 commit
  5. 24 Aug, 2018 1 commit
  6. 24 Jul, 2018 1 commit
    • Clemens Hammacher's avatar
      Reland "[turboassembler] Introduce hard-abort mode" · d324382e
      Clemens Hammacher authored
      This is a reland of a462a785
      
      Original change's description:
      > [turboassembler] Introduce hard-abort mode
      > 
      > For checks and assertions (mostly for debug code, like stack alignment
      > or zero extension), we had two modes: Emit a call to the {Abort}
      > runtime function (the default), and emit a debug break (used for
      > testing, enabled via --trap-on-abort).
      > In wasm, where we cannot just call a runtime function because code must
      > be isolate independent, we always used the trap-on-abort behaviour.
      > This causes problems for our fuzzers, which do not catch SIGTRAP, and
      > hence do not detect debug code failures.
      > 
      > This CL introduces a third mode ("hard abort"), which calls a C
      > function via {ExternalReference}. The C function still outputs the
      > abort reason, but does not print the stack trace. It then aborts via
      > "OS::Abort", just like the runtime function.
      > This will allow fuzzers to detect the crash and even find a nice error
      > message.
      > 
      > Even though this looks like a lot of code churn, it is actually not.
      > Most added lines are new tests, and other changes are minimal.
      > 
      > R=mstarzinger@chromium.org
      > 
      > Bug: chromium:863799
      > Change-Id: I77c58ff72db552d49014614436259ccfb49ba87b
      > Reviewed-on: https://chromium-review.googlesource.com/1142163
      > Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
      > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#54592}
      
      Bug: chromium:863799
      Change-Id: I7729a47b4823a982a8e201df36520aa2b6ef5326
      Reviewed-on: https://chromium-review.googlesource.com/1146100Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
      Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#54656}
      d324382e
  7. 20 Jul, 2018 4 commits
    • Sigurd Schneider's avatar
      Speculatively revert "[turboassembler] Introduce hard-abort mode" · 039c18e1
      Sigurd Schneider authored
      This reverts commit a462a785.
      
      Reason for revert: Breaks a TurboAssembler test:
      https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Arm/7726
      
      Original change's description:
      > [turboassembler] Introduce hard-abort mode
      > 
      > For checks and assertions (mostly for debug code, like stack alignment
      > or zero extension), we had two modes: Emit a call to the {Abort}
      > runtime function (the default), and emit a debug break (used for
      > testing, enabled via --trap-on-abort).
      > In wasm, where we cannot just call a runtime function because code must
      > be isolate independent, we always used the trap-on-abort behaviour.
      > This causes problems for our fuzzers, which do not catch SIGTRAP, and
      > hence do not detect debug code failures.
      > 
      > This CL introduces a third mode ("hard abort"), which calls a C
      > function via {ExternalReference}. The C function still outputs the
      > abort reason, but does not print the stack trace. It then aborts via
      > "OS::Abort", just like the runtime function.
      > This will allow fuzzers to detect the crash and even find a nice error
      > message.
      > 
      > Even though this looks like a lot of code churn, it is actually not.
      > Most added lines are new tests, and other changes are minimal.
      > 
      > R=​mstarzinger@chromium.org
      > 
      > Bug: chromium:863799
      > Change-Id: I77c58ff72db552d49014614436259ccfb49ba87b
      > Reviewed-on: https://chromium-review.googlesource.com/1142163
      > Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
      > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#54592}
      
      TBR=mstarzinger@chromium.org,clemensh@chromium.org
      
      Change-Id: I60c011cfe262ccebbb9abf32699a9fe17e72a3c8
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: chromium:863799
      Reviewed-on: https://chromium-review.googlesource.com/1145431
      Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
      Reviewed-by: 's avatarSigurd Schneider <sigurds@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#54597}
      039c18e1
    • Sigurd Schneider's avatar
      Revert "[cleanup] Rename {kLastErrorMessage} to {kNumberOfReasons}" · 9741c7e3
      Sigurd Schneider authored
      This reverts commit 29379945.
      
      Reason for revert: Needed for other revert:
      https://chromium-review.googlesource.com/c/v8/v8/+/1145431
      
      Original change's description:
      > [cleanup] Rename {kLastErrorMessage} to {kNumberOfReasons}
      > 
      > The name {kLastErrorMessage} is misleading, as it's not actually the
      > index of the last message (or reason), but one more (i.e. number of
      > messages / reasons). Thus this renaming.
      > 
      > R=​mstarzinger@chromium.org
      > 
      > Bug: v8:7754
      > Change-Id: Id21edcecac84c0e6068423c6124ef2881116dc7c
      > Reviewed-on: https://chromium-review.googlesource.com/1145305
      > Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
      > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#54593}
      
      TBR=mstarzinger@chromium.org,clemensh@chromium.org
      
      Change-Id: I2af83f4a2299e05ad9bcacfe69c0b483fd1488de
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: v8:7754
      Reviewed-on: https://chromium-review.googlesource.com/1145520Reviewed-by: 's avatarSigurd Schneider <sigurds@chromium.org>
      Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#54596}
      9741c7e3
    • Clemens Hammacher's avatar
      [cleanup] Rename {kLastErrorMessage} to {kNumberOfReasons} · 29379945
      Clemens Hammacher authored
      The name {kLastErrorMessage} is misleading, as it's not actually the
      index of the last message (or reason), but one more (i.e. number of
      messages / reasons). Thus this renaming.
      
      R=mstarzinger@chromium.org
      
      Bug: v8:7754
      Change-Id: Id21edcecac84c0e6068423c6124ef2881116dc7c
      Reviewed-on: https://chromium-review.googlesource.com/1145305
      Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
      Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#54593}
      29379945
    • Clemens Hammacher's avatar
      [turboassembler] Introduce hard-abort mode · a462a785
      Clemens Hammacher authored
      For checks and assertions (mostly for debug code, like stack alignment
      or zero extension), we had two modes: Emit a call to the {Abort}
      runtime function (the default), and emit a debug break (used for
      testing, enabled via --trap-on-abort).
      In wasm, where we cannot just call a runtime function because code must
      be isolate independent, we always used the trap-on-abort behaviour.
      This causes problems for our fuzzers, which do not catch SIGTRAP, and
      hence do not detect debug code failures.
      
      This CL introduces a third mode ("hard abort"), which calls a C
      function via {ExternalReference}. The C function still outputs the
      abort reason, but does not print the stack trace. It then aborts via
      "OS::Abort", just like the runtime function.
      This will allow fuzzers to detect the crash and even find a nice error
      message.
      
      Even though this looks like a lot of code churn, it is actually not.
      Most added lines are new tests, and other changes are minimal.
      
      R=mstarzinger@chromium.org
      
      Bug: chromium:863799
      Change-Id: I77c58ff72db552d49014614436259ccfb49ba87b
      Reviewed-on: https://chromium-review.googlesource.com/1142163
      Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
      Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#54592}
      a462a785
  8. 24 May, 2018 1 commit
    • Jaroslav Sevcik's avatar
      [generators] Store parameters in the generator object. · ea7499f5
      Jaroslav Sevcik authored
      Currently, we context allocate all parameters for generators.
      
      With this CL, we keep arguments on stack (unless they escape to inner
      closure) and copy them between the stack and the generator's register
      file on suspend/resume. This will save context allocation in most cases.
      
      Note: There is an asymmetry between suspend and resume.
      - Suspend copies arguments and registers to the generator.
      - Resume copies only the registers from the generator, the arguments
        are copied by the ResumeGenerator trampoline.
      
      Bug: v8:5164
      Change-Id: I6333898c60abf461b1ab1b5c6d3dc7188fa95649
      Reviewed-on: https://chromium-review.googlesource.com/1063712
      Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
      Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
      Reviewed-by: 's avatarBenedikt Meurer <bmeurer@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#53327}
      ea7499f5
  9. 23 Mar, 2018 1 commit
  10. 22 Mar, 2018 3 commits
  11. 20 Mar, 2018 2 commits
  12. 27 Feb, 2018 1 commit
  13. 02 Feb, 2018 1 commit
  14. 29 Jan, 2018 1 commit
  15. 18 Jan, 2018 1 commit
  16. 04 Jan, 2018 1 commit
  17. 25 Oct, 2017 1 commit
    • Jaroslav Sevcik's avatar
      Revert "[turbofan] Prune control flow based on failed map checks and comparisons." · f3b4841d
      Jaroslav Sevcik authored
      This reverts commit 37b4b2f1.
      
      Reason for revert: Likely breaking canary.
      
      Original change's description:
      > [turbofan] Prune control flow based on failed map checks and comparisons.
      > 
      > This introduces unreachable state into load elimination. We mark state
      > as unreachable if we know statically that a map check would fail.
      > When processing effect phis, we disconnect unreachable state's
      > control from the effect phi's merge, and point it to RuntimeAbort.
      > The control input to the merge is then updated with Dead. Dead
      > code elimination prunes the merge, phis and effect phis.
      > 
      > Bug: v8:6396
      > Change-Id: I01874b576e548747a915c7b645b96ebaa6f6700d
      > Reviewed-on: https://chromium-review.googlesource.com/730754
      > Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
      > Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#48810}
      
      TBR=jarin@chromium.org,bmeurer@chromium.org
      
      # Not skipping CQ checks because original CL landed > 1 day ago.
      
      Bug: v8:6396, chromium:777843
      Change-Id: I6fac6f86e138f33756e688ec30424cb940690dae
      Reviewed-on: https://chromium-review.googlesource.com/737829Reviewed-by: 's avatarJaroslav Sevcik <jarin@chromium.org>
      Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#48918}
      f3b4841d
  18. 22 Oct, 2017 1 commit
  19. 19 Oct, 2017 2 commits
    • Jaroslav Sevcik's avatar
      Revert "[turbofan] Load elimination prunes control flow based on instance type." · 8f09a751
      Jaroslav Sevcik authored
      This reverts commit 71bcc1d9.
      
      Reason for revert: Regresses Octane/Box2D, among other things.
      
      Original change's description:
      > [turbofan] Load elimination prunes control flow based on instance type.
      > 
      > Changes:
      > - introduce the notion of unreachable abstract states.
      > 
      > - reconnect unreachables states to runtime abort in effect phis (so that
      >   the merged states are not polluted by unreachable branches while
      >   preserving SSA).
      > 
      > - mark states with failed map checks, unreachable map guars as unreachable.
      > 
      > - add instance type to AbstractMaps, only invalidate instance type on
      >   mismatched effect merges.
      > 
      > 
      > This results in 2-3% improvement on ARES/ML steady state.
      > 
      > Bug: v8:6396
      > Change-Id: I35b0d4482fa400ba7ee9a754f8ef1b2663ebc7dc
      > Reviewed-on: https://chromium-review.googlesource.com/727761
      > Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
      > Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#48742}
      
      TBR=jarin@chromium.org,bmeurer@chromium.org
      
      Change-Id: I6302b37dbf5ea781c64815ef1900681531ad7d71
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: v8:6396
      Reviewed-on: https://chromium-review.googlesource.com/728440Reviewed-by: 's avatarJaroslav Sevcik <jarin@chromium.org>
      Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#48763}
      8f09a751
    • Jaroslav Sevcik's avatar
      [turbofan] Load elimination prunes control flow based on instance type. · 71bcc1d9
      Jaroslav Sevcik authored
      Changes:
      - introduce the notion of unreachable abstract states.
      
      - reconnect unreachables states to runtime abort in effect phis (so that
        the merged states are not polluted by unreachable branches while
        preserving SSA).
      
      - mark states with failed map checks, unreachable map guars as unreachable.
      
      - add instance type to AbstractMaps, only invalidate instance type on
        mismatched effect merges.
      
      
      This results in 2-3% improvement on ARES/ML steady state.
      
      Bug: v8:6396
      Change-Id: I35b0d4482fa400ba7ee9a754f8ef1b2663ebc7dc
      Reviewed-on: https://chromium-review.googlesource.com/727761Reviewed-by: 's avatarBenedikt Meurer <bmeurer@chromium.org>
      Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#48742}
      71bcc1d9
  20. 13 Oct, 2017 2 commits
  21. 09 Oct, 2017 2 commits
  22. 11 Aug, 2017 1 commit
  23. 02 Aug, 2017 1 commit
  24. 31 Jul, 2017 1 commit
  25. 28 Jul, 2017 1 commit
  26. 19 Jun, 2017 1 commit
    • Leszek Swirski's avatar
      [compiler] Drive optimizations with feedback vector (reland) · 24b7026d
      Leszek Swirski authored
      For interpreted functions, use the optimized code slot in the feedback
      vector to store an optimization marker (optimize/in optimization queue)
      rather than changing the JSFunction's code object. Then, adapt the
      self-healing mechanism to also dispatch based on this optimization
      marker. Similarly, replace SFI marking with optimization marker checks
      in CompileLazy.
      
      This allows JSFunctions to share optimization information (replacing
      shared function marking) without leaking this information across native
      contexts. Non I+TF functions (asm.js or --no-turbo) use a
      CheckOptimizationMarker shim which generalises the old
      CompileOptimized/InOptimizationQueue builtins and also checks the same
      optimization marker as CompileLazy and InterpreterEntryTrampoline.
      
      This is a reland of https://chromium-review.googlesource.com/c/509716
      
      Change-Id: I02b790544596562373da4c9c9f6afde5fb3bcffe
      Reviewed-on: https://chromium-review.googlesource.com/535460Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
      Commit-Queue: Leszek Swirski <leszeks@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#45997}
      24b7026d
  27. 13 Jun, 2017 2 commits
    • Leszek Swirski's avatar
      Revert "[compiler] Drive optimizations with feedback vector" · 58978da6
      Leszek Swirski authored
      This reverts commit e39c9e02.
      
      Reason for revert: Breaks https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20debug/builds/15561
      
      Original change's description:
      > [compiler] Drive optimizations with feedback vector
      > 
      > For interpreted functions, use the optimized code slot in the feedback vector
      > to store an optimization marker (optimize/in optimization queue) rather than
      > changing the JSFunction's code object. Then, adapt the self-healing mechanism
      > to also dispatch based on this optimization marker. Similarly, replace SFI
      > marking with optimization marker checks in CompileLazy.
      > 
      > This allows JSFunctions to share optimization information (replacing shared
      > function marking) without leaking this information across native contexts. Non
      > I+TF functions (asm.js or --no-turbo) use a CheckOptimizationMarker shim which
      > generalises the old CompileOptimized/InOptimizationQueue builtins and also
      > checks the same optimization marker as CompileLazy and
      > InterpreterEntryTrampoline.
      > 
      > Change-Id: I6826bdde7ab9a919cdb6b69bc0ebc6174bcb91ae
      > Reviewed-on: https://chromium-review.googlesource.com/509716
      > Commit-Queue: Leszek Swirski <leszeks@chromium.org>
      > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#45901}
      
      TBR=rmcilroy@chromium.org,mstarzinger@chromium.org,leszeks@chromium.org
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      
      Change-Id: Ib6c2b4d90fc5f659a6dcaf3fd30321507ca9cb94
      Reviewed-on: https://chromium-review.googlesource.com/532916Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
      Commit-Queue: Leszek Swirski <leszeks@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#45903}
      58978da6
    • Leszek Swirski's avatar
      [compiler] Drive optimizations with feedback vector · e39c9e02
      Leszek Swirski authored
      For interpreted functions, use the optimized code slot in the feedback vector
      to store an optimization marker (optimize/in optimization queue) rather than
      changing the JSFunction's code object. Then, adapt the self-healing mechanism
      to also dispatch based on this optimization marker. Similarly, replace SFI
      marking with optimization marker checks in CompileLazy.
      
      This allows JSFunctions to share optimization information (replacing shared
      function marking) without leaking this information across native contexts. Non
      I+TF functions (asm.js or --no-turbo) use a CheckOptimizationMarker shim which
      generalises the old CompileOptimized/InOptimizationQueue builtins and also
      checks the same optimization marker as CompileLazy and
      InterpreterEntryTrampoline.
      
      Change-Id: I6826bdde7ab9a919cdb6b69bc0ebc6174bcb91ae
      Reviewed-on: https://chromium-review.googlesource.com/509716
      Commit-Queue: Leszek Swirski <leszeks@chromium.org>
      Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#45901}
      e39c9e02
  28. 08 Jun, 2017 1 commit
    • bmeurer's avatar
      [builtins] Start refactoring the Apply builtin. · af76779a
      bmeurer authored
      This splits the monolithic Apply builtin into several smaller builtins,
      namely CallVargargs and ConstructVarargs, which accept a length and a
      FixedArray of elements and deal with the actual stack manipulation, and
      CallWithArrayLike / ConstructWithArrayLike that deal with getting the
      elements from the receiver (for Function.prototype.apply, Reflect.apply
      and Reflect.construct), which can now be written using the CSA.
      
      The idea is that these builtins can be reused by TurboFan directly in
      the future when we optimize apply better, and that we can also reuse the
      core logic in the handling of spread calls/constructs.
      
      R=petermarshall@chromium.org
      BUG=v8:4587,v8:5269
      
      Review-Url: https://codereview.chromium.org/2930623002
      Cr-Commit-Position: refs/heads/master@{#45794}
      af76779a