- 20 Aug, 2019 17 commits
-
-
Santiago Aboy Solanes authored
This is a CL in a string of CLs that aims to TNodify CSA. In particular, there were some loads that were done in AnyTagged instead of TaggedPointer. TNode-ifying them brings improvement in pointer compression since we are able to decompress using the Pointer decompression. Bug: v8:6949, v8:9396 Change-Id: I368d4f85348f3560a7f71bf66ebc7c4dd978a8dd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1752854Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#63274}
-
Michael Starzinger authored
This adds type reflection support to the {WebAssembly.Module.exports} as well as {WebAssembly.Module.imports} method. It also refactors existing reflective code to use the internal instead of the public embedder API, which is slightly more efficient anyways. R=ahaas@chromium.org TEST=mjsunit/wasm/type-reflection BUG=v8:7742 Change-Id: I5f20ea57261f6433b8d86f55054216bf96b41382 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1760826 Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#63273}
-
Joshua Litt authored
Implements match indices for regexp, as specified by https://github.com/tc39/proposal-regexp-match-indices, a stage 3 TC39 proposal. This implementation is hidden behind the '--harmony-regexp-match-indices' flag. Regexp match indices extends the JSRegExpResult object with an array of indices of matches, as well as a dictionary of capture names to match indices. Bug: v8:9548 Change-Id: I9866a2d1f5af6a507de710357cb5e74c694e7558 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1734937 Commit-Queue: Joshua Litt <joshualitt@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#63272}
-
Dominik Inführ authored
Immediately remove recorded old-to-new slots when shrinking objects. This operation needs to drain the store buffer, however the store buffer is supposed to be removed anyway. Also do not remove slots when left-trimming since this isn't needed for correctness. Bug: v8:9454 Change-Id: I751baf2dcd03c87aee9cb1ebd168e05bf373a738 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1762012Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#63271}
-
Maya Lekova authored
Bug: v8:7790 Change-Id: I2b9971b7944837a5a6943e401b8c9d91f25c515e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1762016Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Auto-Submit: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#63270}
-
Georg Neis authored
This brings the graph builder in sync with the serializer (and exponentiation in sync with the other binary operators). Bug: chromium:995430, v8:7790 Change-Id: I809b6f3756f75392cdc6747f8bcee8cdf0ee0f74 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1762013 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#63269}
-
Georg Neis authored
... by making the operator have a control output, since we could deopt after my last change. Bug: chromium:995562, v8:7790 Change-Id: Ibc8c44708b4d43c4b2c3dfab2fd8fdf79c7ea671 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1762010 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#63268}
-
Santiago Aboy Solanes authored
They were timeouting, e.g https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20-%20arm64%20-%20sim%20-%20pointer%20compression/2193 Change-Id: Icf3fcde15510cbdefcd2da8e66530c589f4423f1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1762008 Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Auto-Submit: Santiago Aboy Solanes <solanes@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#63267}
-
Leszek Swirski authored
Chromium has checks which don't like static initializers in binaries, which fires on effect_control_linearizer.cc. We can remove these by making kMinusZeroBits (and family) constexpr, but to do this we have to avoid bit_cast. Instead, set the correct bit pattern manually (thankfully IEEE 754 0.0 is just zero bits, and -0.0 is 0.0 with a set sign bit). Change-Id: If1695ff715ad8f821e956757f8f9f7c850895011 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1762009 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#63266}
-
Maya Lekova authored
Bug: v8:7790 Change-Id: I6f493d994f49d84020966322d60061567b54c854 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1760808 Commit-Queue: Maya Lekova <mslekova@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#63265}
-
Sam Sebree authored
This is a very small change which must go in before https://chromium-review.googlesource.com/c/chromium/src/+/1731108 is able to land. Certain WPT tests for synthetic modules were spawning DCHECK crashes by JSObject::SetNormalizedProperty. Export names were previously failing: DCHECK(name->IsUniqueName()); This small change corrects the issue and allows Module::GetModuleNamespace to run correctly. This change aligns synthetic module behavior for export string storage with JS modules, as well as the spec. chromium: 967018 Change-Id: I151e7150290bd72d4e4753c8c5be243eafae915f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1761583Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#63264}
-
Jakob Kummerow authored
This change is very mechanical: own<Foo*> → own<Foo> vec<Foo*> → ownvec<Foo> As usual, everything in third_party/ is straight-up copied from upstream. Change-Id: If5fabda99e2b281da6f2e71ce23a2f5b68aaac86 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1760815 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#63263}
-
Tamer Tas authored
Mozilla suite acts as the bottleneck for this bot. This CL bumps the shards for the Mozilla suite. TBR=machenbach@chromium.org Bug: v8:9633 Change-Id: Ia73b2688b29a3387cc69fa8f79c008f6bf0114cd No-Try: True Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1760824Reviewed-by: Tamer Tas <tmrts@chromium.org> Commit-Queue: Tamer Tas <tmrts@chromium.org> Auto-Submit: Tamer Tas <tmrts@chromium.org> Cr-Commit-Position: refs/heads/master@{#63262}
-
Tamer Tas authored
The bot finishes close to our timeout SLO even after the speed-up attempt at crrev.com/c/1760810. Example failure: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm%20-%20sim%20-%20debug/17596 R=solanes@chromium.org,rmcilroy@chromium.org,mslekova@chromium.org,bbudge@chromium.org TBR=machenbach@chromium.org Bug: v8:9633 Change-Id: Ia6ea32e7d465466726dcf16e73b7c7f77c385813 No-Try: True Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1760822 Commit-Queue: Tamer Tas <tmrts@chromium.org> Reviewed-by: Tamer Tas <tmrts@chromium.org> Auto-Submit: Tamer Tas <tmrts@chromium.org> Cr-Commit-Position: refs/heads/master@{#63261}
-
v8-ci-autoroll-builder authored
Rolling v8/test/wasm-js/data: https://chromium.googlesource.com/external/github.com/WebAssembly/spec/+log/9867945..d22a765 [interpreter] Simplify wast.js build (Andreas Rossberg) https://chromium.googlesource.com/external/github.com/WebAssembly/spec/+/d22a765 TBR=ahaas@chromium.org,clemensh@chromium.org Change-Id: I81302f32c1aeddc1084f39bbdf715d4460ba74c0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1757701Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#63260}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/9275a0c..b05c392 Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/ae25381..939b6b1 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/72fbaf4..a44d67c Rolling v8/third_party/googletest/src: https://chromium.googlesource.com/external/github.com/google/googletest/+log/27e17f7..d5e9e0c Rolling v8/third_party/icu: https://chromium.googlesource.com/chromium/deps/icu/+log/9a5af81..2b2ee71 TBR=machenbach@chromium.org,tmrts@chromium.org Change-Id: I2747105714288f8707c0b9ea13652a74e765ab25 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1757700Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#63259}
-
Andrew Comminos authored
Adds support to the CPU profiler for scraping the incumbent contexts of V8 stack frames. While it is generally unsafe to access heap objects during a profiling interrupt, the native context is uniquely usable due to being guaranteed an alive root on the stack, as well as its slots being immutable after context creation. Change-Id: I2c3149c1302b74d2f13aa99d1fdd0cf006e0f9d1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1580020 Commit-Queue: Andrew Comminos <acomminos@fb.com> Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Alexei Filippov <alph@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#63258}
-
- 19 Aug, 2019 23 commits
-
-
Z Nguyen-Huu authored
Bug: v8:8976 Change-Id: I67b7f625b125395869ae8df06c47b58e8964911f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1754753 Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#63257}
-
Tamer Tas authored
The bot finishes close to our timeout SLO. Example failure: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm%20-%20sim%20-%20debug/17582 TBR=machenbach@chromium.org CC=solanes@chromium.org,rmcilroy@chromium.org,mslekova@chromium.org Bug: v8:9633 Change-Id: Ib855d06dce21c13119e38bba2455c5b7cc470160 No-Try: True Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1760810 Commit-Queue: Tamer Tas <tmrts@chromium.org> Reviewed-by: Tamer Tas <tmrts@chromium.org> Auto-Submit: Tamer Tas <tmrts@chromium.org> Cr-Commit-Position: refs/heads/master@{#63256}
-
Z Nguyen-Huu authored
This is a reland of f54f92dd. Fix IsFastRegExpPermissive to call BranchIfFastRegExp_Permissive. Original change's description: > [builtins] Port RegExpTest to Torque > > Bug: v8:8976 > Change-Id: Ia4dc120a31eb363599b47b22b749a3146a9c7c73 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1746083 > Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63211} Bug: v8:8976, chromium:994041 Change-Id: I86c9c66b060f47164515e29f914b95456c233d30 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1756390 Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#63255}
-
Georg Neis authored
Rewrite the reducer in terms of the ordinary keyed-store reducer and reuse the existing serializer machinery for that as well. Bug: v8:7790 Change-Id: I5909739feee1d77dca1827166bad3d2a61561784 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1760807Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#63254}
-
Dominik Inführ authored
This reverts commit 60843b42. Reason for revert: TSAN detected issue between Scavenge workers. One task could invoke RefillFreeList(), while the other task iterates the remembered set of a swept page. Original change's description: > Use list of invalidated objects for old-to-new refs > > Instead of inserting "deletion" entries into the store buffer, keep a > list of invalidated objects to filter out invalid old-to-new slots. > > The first CL https://crrev.com/c/1704109 got reverted because both the > sweeper and the main task were modifying the invalidated slots data > structure concurrently. This CL changes this, such that the sweeper > only modifies the invalidated slots during the final atomic pause when > the main thread is not running. The sweeper does not need to clean this > data structure after the pause, since the "update pointers" phase > already removed all invalidated slots. > > The second CL https://crrev.com/c/1733081 got reverted because the > sweeper might find more free space than the full GC before it. If an > object shrinks after the pause but before the sweep, the invalidated > object might span free memory and potentially new allocated objects. > Therefore shrink invalidated objects when processing swept pages on > the main thread. Also clean recorded slots in the gap. > > TBR=petermarshall@chromium.org > > Bug: v8:9454 > Change-Id: I80d1fa3bbc24e97f7c97a373aaad66f105456f12 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1751795 > Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63239} TBR=ulan@chromium.org,hpayer@chromium.org,dinfuehr@chromium.org Change-Id: I9c6a371ebe36a1873acbe0d6c6a75dd2f5a55f4e No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:9454 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1760817Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#63253}
-
Bill Budge authored
- Adds a histogram to measure time between streaming start and deserialization finished. Bug: chromium:719172 Change-Id: Ib4ce24bee05a0db7e1bbf50d3bf456af89dbd2a6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1754721Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#63252}
-
Gus Caplan authored
The optional chaining bytecode in delete expressions was unconditionally jumping if the receiver was nullish, instead of just when the property was an actual optional chain link. This change adds the missing check around the jump. Change-Id: Ic7bed58be4ae62d157e63e4f77666b1abd1f802d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1755264Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#63251}
-
Dan Elphick authored
Flag off by default now since it's causing crashes in the profiler. R=rmcilroy Bug: chromium:994673 Change-Id: I92b46e1f90819c0007106d843ecae2c3974eb3c8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1760814 Commit-Queue: Dan Elphick <delphick@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#63250}
-
Santiago Aboy Solanes authored
This is a reland of 82111e22 Relanding since we now have more shards: https://chromium-review.googlesource.com/c/v8/v8/+/1760810 Original change's description: > [CSA][cleanup] TNodify some methods related to prototype and property lookup > > This is a CL in a string of CLs that aims to TNodify CSA. In particular, > there were some loads that were done in AnyTagged instead of > TaggedPointer. TNode-ifying them brings improvement in pointer > compression since we are able to decompress using the Pointer > decompression. > > TNodified: > * LoadJSFunctionPrototype > * TryPrototypeChainLookup > * OrdinaryHasInstance > > Also TNodified loads regarding: > * FeedbackCell::kValueOffset > * HeapObject::kMapOffset > * JSFunction::kSharedFunctionInfoOffset > * JSFunction::kFeedbackCellOffset > * Map::kInstanceTypeOffset > * Map::kInstanceDescriptorsOffset > * Map::kPrototypeOffset > > Drive-by cleanup: StoreJSArrayLength and StoreElements were unused. > > Bug: v8:6949, v8:9396 > Change-Id: I89697b5c02490906be1eee63cf3d9e60a1094d48 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1755844 > Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63216} Bug: v8:6949, v8:9396 Change-Id: I040aefcf8af60611f7b3c24f3bd5c661e03b6ada Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1760811Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#63249}
-
Darius Mercadier authored
Bug: v8:9329 Change-Id: Ia6592ff4d3046617fa536a6e2a9663b3dd73c5da Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1760809Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Darius Mercadier <dmercadier@google.com> Cr-Commit-Position: refs/heads/master@{#63248}
-
Jakob Kummerow authored
Change-Id: Ib28e408cb6046fd728ceff6e6bf4005a241664e2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1745340Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#63247}
-
Santiago Aboy Solanes authored
The following methods didn't need the use of context, and could be replaced by NoContextConstant(): * AllocateSeqOneByteString * AllocateSeqTwoByteString * StringBuiltinsAssembler::GenerateStringEqual * StringBuiltinsAssembler::StringEqual_Core * StringBuiltinsAssembler::GenerateStringRelationalComparison Change-Id: I98068980377450daef7c999e3d413e839f66fda9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1758321Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#63246}
-
Jakob Gruber authored
DoComputeInterpretedFrame and friends are long and complex functions. It is often not clear which variables are constants and which are later modified. This CL tries to clarify, mostly by marking variables const when possible. Bug: v8:9534 Change-Id: Ifa73402c392ad244ab5ea37262293f8d9db98be0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1752848 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Auto-Submit: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#63245}
-
Maya Lekova authored
Async related reducers in native context specialization are now heap-access free. Bug: v8:7790 Change-Id: I467b86e54cb808985343e54df71c3b8b950a61e7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1758320 Commit-Queue: Maya Lekova <mslekova@chromium.org> Auto-Submit: Maya Lekova <mslekova@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#63244}
-
Ulan Degenbaev authored
IsolateAllocator::InitReservation can fail with OOM if multiple V8 isolates are created simultaneously and race to reserve the same memory region. Now the function falls back to using overreserved region as the last resort. Bug: v8:9588 Change-Id: I9731e04181382f0c1401b2a78f3eba63a445bfc9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1758315 Auto-Submit: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#63243}
-
Georg Neis authored
- Eliminate unconditional heap reads in tracing code. - Change operator<< on ObjectRef to additionally print the Brief() output when the broker is disabled. - Print line number in TRACE_BROKER_MISSING and make some messages more consistent. - Make PrintCandidates output clearer. - Be more consistent about dereferencing optionals. Bug: v8:7790, chromium:990478 Change-Id: I2917529d5138a0d63ad476d3f8fee6a963767b23 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1758311 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#63242}
-
Georg Neis authored
This is a reland of 29585a06 after removing an incorrect DCHECK. Original change's description: > [turbofan] Various serializer/broker improvements > > They are all somewhat entangled, sorry for the big CL. > > - Brokerize remaining feedback vector slots. > - Introduce Hints::SingleConstant helper. > - Introduce SerializationPolicy enum. > - Eliminate use of nullptr for megamorphic load/store ic feedback. > Instead use the corresponding ProcessedFeedback with an empty list > of maps or the like. new class MegamorphicFeedback. > - Separate processing of feedback from serialization. This eliminates > code duplication. > - Be very careful when clearing hints not to overwrite hints that are > being processed. > - Move AccessInfos out of NamedAccessFeedback. Always store them in > property_access_infos_ map on broker. (This was actually unused > before, somewhat by mistake.) > - Support map inference in concurrent inlining. Rewrite > ElementAccessFeedback such that we can refine it with the set of > inferred maps. > > TBR: mvstanton@chromium.org > Change-Id: I05e9eb250bdffc6dff29db01742550a86a41cb31 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1752853 > Commit-Queue: Georg Neis <neis@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63232} TBR: mvstanton@chromium.org Bug: v8:7790 Change-Id: Ia4acd31b339a941ee065e1ae4835bb7b85d5685e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1758319Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#63241}
-
Patrick Thier authored
Test mjsunit/regress/regress-992389 explicitly sets the jitless flag when run. Skip this test when run on builds without embedded-builtins. Bug: v8:9632, chromium:992389 Change-Id: Ieb52a33006b1104080d8f5adb8c4f2c36e4413af Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1758317 Commit-Queue: Patrick Thier <pthier@google.com> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#63240}
-
Dominik Inführ authored
Instead of inserting "deletion" entries into the store buffer, keep a list of invalidated objects to filter out invalid old-to-new slots. The first CL https://crrev.com/c/1704109 got reverted because both the sweeper and the main task were modifying the invalidated slots data structure concurrently. This CL changes this, such that the sweeper only modifies the invalidated slots during the final atomic pause when the main thread is not running. The sweeper does not need to clean this data structure after the pause, since the "update pointers" phase already removed all invalidated slots. The second CL https://crrev.com/c/1733081 got reverted because the sweeper might find more free space than the full GC before it. If an object shrinks after the pause but before the sweep, the invalidated object might span free memory and potentially new allocated objects. Therefore shrink invalidated objects when processing swept pages on the main thread. Also clean recorded slots in the gap. TBR=petermarshall@chromium.org Bug: v8:9454 Change-Id: I80d1fa3bbc24e97f7c97a373aaad66f105456f12 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1751795 Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#63239}
-
Jakob Gruber authored
Information required for deoptimization is passed from codegen to the deoptimizer through so-called translations. Translations contain, among many other things, a 'height' field. It is used during deopts to calculate the unoptimized frame height (but note that it does not correspond exactly to the frame height itself - further calculations on the deopt side are needed to get to the real frame height). The height field has roughly the following data flow: 1. During codegen, we serialize whatever FrameStateDescriptor::GetHeight() returns. 2. During deopts, serialized translations are converted into TranslatedFrame objects in TranslatedState::CreateNextTranslatedFrame. 3. These are later used to arrive at the real frame height in multiple spots, e.g. in DoComputeInterpretedFrame and friends. Prior to this CL, we were adding and subtracting 1 in basically random spots. For example, for interpreted and construct stub frames we added 1 in step 1 and subtracted 1 in step 3. For continuation frames, we added 1 in step 2 and subtracted it in step 3. Argument adaptor frames were left untouched. This CL removes all these +-1's. The height field now contains locals_count() for interpreted frames, and parameters_count() for everything else. I also tried to make the meaning of adds/subs clearer through use of named constants like kTheReceiver. Bug: v8:9534 Change-Id: I6fd26886ff5aa63930f413d879d5480578d9dc7e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1751724Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Auto-Submit: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#63238}
-
Maya Lekova authored
This reverts commit 29585a06. Reason for revert: Breaks GC stress bots - https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20gc%20stress/24009 https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/27281 Original change's description: > [turbofan] Various serializer/broker improvements > > They are all somewhat entangled, sorry for the big CL. > > - Brokerize remaining feedback vector slots. > - Introduce Hints::SingleConstant helper. > - Introduce SerializationPolicy enum. > - Eliminate use of nullptr for megamorphic load/store ic feedback. > Instead use the corresponding ProcessedFeedback with an empty list > of maps or the like. new class MegamorphicFeedback. > - Separate processing of feedback from serialization. This eliminates > code duplication. > - Be very careful when clearing hints not to overwrite hints that are > being processed. > - Move AccessInfos out of NamedAccessFeedback. Always store them in > property_access_infos_ map on broker. (This was actually unused > before, somewhat by mistake.) > - Support map inference in concurrent inlining. Rewrite > ElementAccessFeedback such that we can refine it with the set of > inferred maps. > > TBR: mvstanton@chromium.org > Change-Id: I05e9eb250bdffc6dff29db01742550a86a41cb31 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1752853 > Commit-Queue: Georg Neis <neis@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63232} TBR=mvstanton@chromium.org,neis@chromium.org Change-Id: I88625d92fddf993db63661666c59af05a47b2b58 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1758314Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#63237}
-
Mu Tao authored
Port 0aa204fe https://chromium-review.googlesource.com/c/v8/v8/+/1738863 Port 5b2ab2f6 https://chromium-review.googlesource.com/c/v8/v8/+/1748737 Port c4d31fea https://chromium-review.googlesource.com/c/v8/v8/+/1745339 Change-Id: Iefc703a644bd28ac6503b4ae67e674f286623739 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1755604Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Auto-Submit: Mu Tao <pamilty@gmail.com> Cr-Commit-Position: refs/heads/master@{#63236}
-
Jakob Gruber authored
The --jitless and --interpreted-frames-native-stack flags are incompatible since the latter requires code generation while the former prohibits code generation. Bug: v8:9619 Change-Id: Ic954724edd6a2d28e1bf2f6a79649f86e812abcf Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1758312 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Auto-Submit: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#63235}
-