Skip to content

V
V8
Switch branch/tag
  1. 24 Jul, 2018 3 commits
  3. 23 Jul, 2018 3 commits
  5. 20 Jul, 2018 5 commits
    • Sigurd Schneider's avatar
      Speculatively revert "[turboassembler] Introduce hard-abort mode" · 039c18e1
      Sigurd Schneider authored 
      This reverts commit a462a785.

Reason for revert: Breaks a TurboAssembler test:
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Arm/7726

Original change's description:
> [turboassembler] Introduce hard-abort mode
> 
> For checks and assertions (mostly for debug code, like stack alignment
> or zero extension), we had two modes: Emit a call to the {Abort}
> runtime function (the default), and emit a debug break (used for
> testing, enabled via --trap-on-abort).
> In wasm, where we cannot just call a runtime function because code must
> be isolate independent, we always used the trap-on-abort behaviour.
> This causes problems for our fuzzers, which do not catch SIGTRAP, and
> hence do not detect debug code failures.
> 
> This CL introduces a third mode ("hard abort"), which calls a C
> function via {ExternalReference}. The C function still outputs the
> abort reason, but does not print the stack trace. It then aborts via
> "OS::Abort", just like the runtime function.
> This will allow fuzzers to detect the crash and even find a nice error
> message.
> 
> Even though this looks like a lot of code churn, it is actually not.
> Most added lines are new tests, and other changes are minimal.
> 
> R=​mstarzinger@chromium.org
> 
> Bug: chromium:863799
> Change-Id: I77c58ff72db552d49014614436259ccfb49ba87b
> Reviewed-on: https://chromium-review.googlesource.com/1142163
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54592}

TBR=mstarzinger@chromium.org,clemensh@chromium.org

Change-Id: I60c011cfe262ccebbb9abf32699a9fe17e72a3c8
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:863799
Reviewed-on: https://chromium-review.googlesource.com/1145431
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: 's avatarSigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54597}
      039c18e1
    • Caitlin Potter's avatar
      [runtime] use new CloneObject bytecode for some ObjectLiteralSpread cases · b6f7ea58
      Caitlin Potter authored 
      As discussed in
https://docs.google.com/document/d/1sBdGe8RHgeYP850cKSSgGABTyfMdvaEWLy-vertuTCo/edit?ts=5b3ba5cc#,

this CL introduces a new bytecode (CloneObject), and a new IC type.

In this prototype implementation, the type feedback looks like the
following:

Uninitialized case:
  { uninitialized_sentinel, uninitialized_sentinel }
Monomorphic case:
  { weak 'source' map, strong 'result' map }
Polymorphic case:
  { WeakFixedArray with { weak 'source' map, strong 'result' map }, cleared value }
Megamorphic case:
  { megamorphic_sentinel, cleared_Value }

In the fast case, Object cloning is done by allocating an object with
the saved result map, and a shallow clone of the fast properties from
the source object, as well as cloned fast elements from the source object.
If at any point the fast case can't be taken, the IC transitions to the
slow case and remains there.

This prototype CL does not include any TurboFan optimization, and the
CloneObject operation is merely reduced to a stub call.

It may still be possible to get some further improvements by somehow
incorporating compile-time boilerplate elements into the cloned object,
or simplifying how the boilerplate elements are inserted into the
object.

In terms of performance, we improve the ObjectSpread score in JSTests/ObjectLiteralSpread/
by about 8x, with substantial improvements over the Babel and ObjectAssign scores.

R=gsathya@chromium.org, mvstanton@chromium.org, rmcilroy@chromium.org, neis@chromium.org, bmeurer@chromium.org
BUG=v8:7611

Change-Id: I79e1796eb77016fb4feba0e1d3bb9abb348c183e
Reviewed-on: https://chromium-review.googlesource.com/1127472
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
Reviewed-by: 's avatarMichael Stanton <mvstanton@chromium.org>
Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
Reviewed-by: 's avatarJakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54595}
      b6f7ea58
    • Clemens Hammacher's avatar
      [turboassembler] Introduce hard-abort mode · a462a785
      Clemens Hammacher authored 
      For checks and assertions (mostly for debug code, like stack alignment
or zero extension), we had two modes: Emit a call to the {Abort}
runtime function (the default), and emit a debug break (used for
testing, enabled via --trap-on-abort).
In wasm, where we cannot just call a runtime function because code must
be isolate independent, we always used the trap-on-abort behaviour.
This causes problems for our fuzzers, which do not catch SIGTRAP, and
hence do not detect debug code failures.

This CL introduces a third mode ("hard abort"), which calls a C
function via {ExternalReference}. The C function still outputs the
abort reason, but does not print the stack trace. It then aborts via
"OS::Abort", just like the runtime function.
This will allow fuzzers to detect the crash and even find a nice error
message.

Even though this looks like a lot of code churn, it is actually not.
Most added lines are new tests, and other changes are minimal.

R=mstarzinger@chromium.org

Bug: chromium:863799
Change-Id: I77c58ff72db552d49014614436259ccfb49ba87b
Reviewed-on: https://chromium-review.googlesource.com/1142163
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54592}
      a462a785
    • Michael Starzinger's avatar
      [wasm] Remove some dead module decoder entry points. · bced36d2
      Michael Starzinger authored 
      R=clemensh@chromium.org
BUG=v8:7754

Change-Id: Ia4c2fb2d87c8a5de96fa9f1f0621d21ae3eda611
Reviewed-on: https://chromium-review.googlesource.com/1145181Reviewed-by: 's avatarClemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54591}
      bced36d2
    • Marja Hölttä's avatar
      [iwyu] api.h iwyu · ff5cafd0
      Marja Hölttä authored 
      This reduces the build steps from touching api.h: 269 -> 156

BUG=v8:7754,v8:7490

Change-Id: I75abaeea4cc78027a47304ff9b9f6b12bdb2b75e
Reviewed-on: https://chromium-review.googlesource.com/1144929Reviewed-by: 's avatarClemens Hammacher <clemensh@chromium.org>
Reviewed-by: 's avatarYang Guo <yangguo@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54583}
      ff5cafd0
  7. 19 Jul, 2018 1 commit
    • Leszek Swirski's avatar
      [sfi] Remove SFI function identifier field · c941f11a
      Leszek Swirski authored 
      Remove the function identifier field from SharedFunctionInfo. This field
would store one of a) the function's inferred name, b) the "builtin
function id", or c) debug info. We remove these in turn:

a) The function's inferred name is available on the ScopeInfo, so like
   the start/end position we read it off either the ScopeInfo (for
   compiled functions) or the UncompiledData (for uncompiled functions).

   As a side-effect, now both UncompiledData and its subclass,
   UncompiledDataWithPreparsedScope, contain a pointer field. To keep
   BodyDescriptors manageable, we introduce a SubclassBodyDescriptor
   which effectively appends two BodyDescriptors together.

b) The builtin function id is < 255, so we can steal a byte from
   expected no. of properies (also <255) and store these together.
   Eventually we want to get rid of this field and use the builtin ID,
   but this is pending JS builtin removal.

   As a side-effect, BuiltinFunctionId becomes an enum class (for better
   storage size guarantees).

c) The debug info can hang off anything (since it stores the field it
   replaces), so we can attach it to the script field instead.

This saves a word on compiled function (uncompiled functions
unfortunately still have to store it in UncompiledData).

Bug: chromium:818642
Change-Id: I8b4b3a070f0fe328aafcaeac58842d144d12d996
Reviewed-on: https://chromium-review.googlesource.com/1138328Reviewed-by: 's avatarYang Guo <yangguo@chromium.org>
Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
Reviewed-by: 's avatarBenedikt Meurer <bmeurer@chromium.org>
Reviewed-by: 's avatarCamillo Bruni <cbruni@chromium.org>
Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54543}
      c941f11a
  9. 17 Jul, 2018 1 commit
  11. 16 Jul, 2018 4 commits
  13. 13 Jul, 2018 1 commit
  15. 12 Jul, 2018 4 commits
  17. 11 Jul, 2018 1 commit
  19. 10 Jul, 2018 3 commits
  21. 09 Jul, 2018 5 commits
  23. 06 Jul, 2018 3 commits
    • Bill Budge's avatar
      [wasm simd] Rework CanonicalizeShuffle for testing · 16de08ea
      Bill Budge authored 
      - Refactors most of the logic into a helper CanonicalizeShuffle
  overload that is more easily tested.
- Reorders these methods to be in the order they're used.
- Adds unit tests for this helper.

Bug: v8:6020
Change-Id: Ia7e08bd2ff3ae62b13c9283c6de04e0e1e85086b
Reviewed-on: https://chromium-review.googlesource.com/1118706Reviewed-by: 's avatarJaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54303}
      16de08ea
    • Georg Neis's avatar
      Move CompilationDependencies into compiler. · cf87e94c
      Georg Neis authored 
      - Move the CompilationDependencies member of OptimizedCompilationInfo
  to Turbofan's PipelineData (and thus into the compiler namespace).
- Move compilation-dependencies.{cc,h} to the compiler directory.

Bug: v8:7902
Change-Id: I5471d0923daf83abe975357325db5bc5ad0a8571
Reviewed-on: https://chromium-review.googlesource.com/1127793
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54295}
      cf87e94c
    • Georg Neis's avatar
      Reland^2 "[turbofan] Rewrite CompilationDependencies" · a1cb1eb9
      Georg Neis authored 
      This is a reland of 4b9b9b68, which
accidentally disabled optimization after dependency changes (instead
of retrying).

TBR=jarin@chromium.org
TBR=mstarzinger@chromium.org

Original change's description:
> Reland "[turbofan] Rewrite CompilationDependencies"
>
> This is a reland of 52a10e50, after
> eliminating an invalid assumption about maps.
>
> TBR=jarin@chromium.org
> TBR=mstarzinger@chromium.org
>
> Original change's description:
> > [turbofan] Rewrite CompilationDependencies
> >
> > Instead of installing code dependencies during graph reduction,
> > install them after code generation.
> >
> > Bug: v8:7902, v8:7790
> > Change-Id: I8a3798254abb5b9ec7c295a1592aeb6b51f24c7a
> > Reviewed-on: https://chromium-review.googlesource.com/1119913
> > Commit-Queue: Georg Neis <neis@chromium.org>
> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#54170}
>
> Bug: v8:7902, v8:7790
> Change-Id: I9cbaf98980379b9b17464af5952ec0c47e1cdc6f
> Reviewed-on: https://chromium-review.googlesource.com/1126999
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54254}

Bug: v8:7902, v8:7790
Change-Id: I2b7a7d186e03990350e375470569177e3309683c
Reviewed-on: https://chromium-review.googlesource.com/1127579
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54280}
      a1cb1eb9
  25. 05 Jul, 2018 4 commits
  27. 04 Jul, 2018 2 commits
    • Rodrigo Bruno's avatar
      [heap] Forcing external strings to be registered in the external string table. · c5c4b588
      Rodrigo Bruno authored 
      Bug: chromium:845409
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I2ab1ca18a900828e4e116f1b087925319d41bf97
Reviewed-on: https://chromium-review.googlesource.com/1124845Reviewed-by: 's avatarHannes Payer <hpayer@chromium.org>
Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
Commit-Queue: Rodrigo Bruno <rfbpb@google.com>
Cr-Commit-Position: refs/heads/master@{#54203}
      c5c4b588
    • Yang Guo's avatar
      Revert "[turbofan] Rewrite CompilationDependencies" · b1cf1e1e
      Yang Guo authored 
      This reverts commit 52a10e50.

Reason for revert: https://test-results.appspot.com/data/layout_results/V8-Blink_Linux_64__dbg_/12434/layout-test-results/results.html

Crash e.g. in http/tests/devtools/oopif/oopif-performance-cpu-profiles.js

crash log for devtools (pid <unknown>):
STDOUT: <empty>
STDERR: 
STDERR: 
STDERR: #
STDERR: # Fatal error in ../../v8/src/compilation-dependencies.cc, line 281
STDERR: # Debug check failed: descriptor == owner->LastAdded() (10 vs. 22).
STDERR: #
STDERR: #
STDERR: #
STDERR: #FailureMessage Object: 0x7fff86878630#0 0x0000031c642c base::debug::StackTrace::StackTrace()
STDERR: #1 0x0000046a56bb gin::(anonymous namespace)::PrintStackTrace()
STDERR: #2 0x00000469c528 V8_Fatal()
STDERR: #3 0x00000469c285 v8::base::(anonymous namespace)::DefaultDcheckHandler()
STDERR: #4 0x000001cc5253 v8::internal::CompilationDependencies::DependOnFieldType()
STDERR: #5 0x000001cdcc46 v8::internal::compiler::AccessInfoFactory::ComputePropertyAccessInfo()
STDERR: #6 0x000001cde661 v8::internal::compiler::AccessInfoFactory::ComputePropertyAccessInfos()
STDERR: #7 0x000001dd982b v8::internal::compiler::JSNativeContextSpecialization::ReduceNamedAccess()
STDERR: #8 0x000001ddb715 v8::internal::compiler::JSNativeContextSpecialization::ReduceNamedAccessFromNexus()
STDERR: #9 0x000001dd656d v8::internal::compiler::JSNativeContextSpecialization::ReduceJSLoadNamed()
STDERR: #10 0x000001d53872 v8::internal::compiler::GraphReducer::Reduce()
STDERR: #11 0x000001d534a5 v8::internal::compiler::GraphReducer::ReduceTop()
STDERR: #12 0x000001d52e58 v8::internal::compiler::GraphReducer::ReduceNode()
STDERR: #13 0x000001e4c201 v8::internal::compiler::InliningPhase::Run()
STDERR: #14 0x000001e44f79 v8::internal::compiler::PipelineImpl::Run<>()
STDERR: #15 0x000001e41058 v8::internal::compiler::PipelineImpl::CreateGraph()
STDERR: #16 0x000001e40c75 v8::internal::compiler::PipelineCompilationJob::PrepareJobImpl()
STDERR: #17 0x000001ccd437 v8::internal::OptimizedCompilationJob::PrepareJob()
STDERR: #18 0x000001cd071e v8::internal::(anonymous namespace)::GetOptimizedCode()
STDERR: #19 0x000001cd0c6f v8::internal::Compiler::CompileOptimized()
STDERR: #20 0x00000231fb62 v8::internal::__RT_impl_Runtime_CompileOptimized_Concurrent()
STDERR: #21 0x00000288e535 <unknown>

Original change's description:
> [turbofan] Rewrite CompilationDependencies
> 
> Instead of installing code dependencies during graph reduction,
> install them after code generation.
> 
> Bug: v8:7902, v8:7790
> Change-Id: I8a3798254abb5b9ec7c295a1592aeb6b51f24c7a
> Reviewed-on: https://chromium-review.googlesource.com/1119913
> Commit-Queue: Georg Neis <neis@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54170}

TBR=mstarzinger@chromium.org,jarin@chromium.org,neis@chromium.org

Change-Id: Ic58c2bfadbd34bb6ba7dc0d2b74871cc90b0a74f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7902, v8:7790
Reviewed-on: https://chromium-review.googlesource.com/1125680Reviewed-by: 's avatarYang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54192}
      b1cf1e1e