This patch fixes two bugs in V8 to allow the global object to have a frozen proto:
- The immutable prototype map check is done on the map of the "real receiver",
the one that's found after the hidden prototype traversal, rather than
the object that SetPrototype is called on.
- The immutable prototype bit from the ObjectTemplate used to instantiate
the global object, as passed to Context::New, is respected when instantiating
the global object.
R=adamk
BUG=v8:5149
Review-Url: https://codereview.chromium.org/2474843003
Cr-Commit-Position: refs/heads/master@{#40778}
This patch is a follow-up patch to enable gc statistics to use
TracingCategoryObserver.
Previously we need to pass --track_gc_object_stats to v8 if we want to enable
gc statistics in tracing. In this patch, we introducce an integer flag
FLAG_gc_stats, and FLAG_track_gc_object_stats and FLAG_trace_gc_object_stats
will set it to 0x01, tracing will set it to 0x10 when we start tracing and
reset the bit when we stop tracing.
BUG=v8:5590
Review-Url: https://codereview.chromium.org/2459903003
Cr-Commit-Position: refs/heads/master@{#40777}
This removes the deprecated flag in question which has been enabled by
default a while ago. All components can by now deal with activations of
a single function being mixed between Ignition and other compilers. The
maintenance overhead to support a mode that clears bytecode is no longer
warranted.
R=rmcilroy@chromium.org
BUG=v8:4280
Review-Url: https://codereview.chromium.org/2475203003
Cr-Commit-Position: refs/heads/master@{#40776}
Compatible with the current (unshipped) Blink implementation.
BUG=chromium:148757
Review-Url: https://codereview.chromium.org/2471923002
Cr-Commit-Position: refs/heads/master@{#40775}
If a HeapObject field is 8 bytes long and 8 bytes aligned, but we use only four bytes of it
on little endian architectures we will access to lower 4 bytes of the field using the same
base address as accessing the whole eight bytes
On big-endian architectures however we use base address to access the full 8 bytes, but base
address + 4 to access to lower 4 bytes. For this reason, the assert in OffsetForFieldAccess
fails on MIPS64 big endian.
We fix the issue by removing the assert that checks that offset is pointer size aligned.
TEST=mjsunit/regress/regress-crbug-648737
BUG=
Review-Url: https://codereview.chromium.org/2453333002
Cr-Commit-Position: refs/heads/master@{#40772}
Parameters of a lazily parsed function used to be parsed eagerly, and parameter
handling was split between Parser::ParseFunctionLiteral and
ParseEagerFunctionBody, leading to inconsistencies.
After this CL, we preparse (lazy parse) the parameters of lazily parsed
functions.
(For arrow functions, we cannot do that ofc.)
This is needed for later features (PreParser with scope analysis).
-- CL adapted from marja's https://codereview.chromium.org/2411793003/
BUG=
Review-Url: https://codereview.chromium.org/2472063002
Cr-Commit-Position: refs/heads/master@{#40771}
Reason for the failure is that the test enumeration is 32-bit wide, whereas
AtomicWord is 64-bit wide on 64-bit machines. On 64-big endian, this loads the random four bytes located after the 32-bit value that is tested.
BUG=
TEST=unittests/NoBarrierAtomicValue.Construction
Review-Url: https://codereview.chromium.org/2464703003
Cr-Commit-Position: refs/heads/master@{#40767}
- Remove (one version of) InterpreterAssembler::LoadContextSlot in favor of the
identical CodeStubAssembler::LoadContextElement.
- Use CodeStubAssembler::LoadNativeContext instead of doing the load manually.
R=rmcilroy@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2470253003
Cr-Commit-Position: refs/heads/master@{#40766}
Some accessors requires little to no computation at all, its result can be
cached in a private property, avoiding the call overhead.
Calls to the getter are translated into a cheap property load.
Follow-on to crrev.com/2347523003, from peterssen@google.com
BUG=chromium:634276, v8:5548
Review-Url: https://codereview.chromium.org/2405213002
Cr-Commit-Position: refs/heads/master@{#40765}
Fix 4447405b17
A typo in the patch caused failures on MIPS64. There were no failures on MIPS32,
but I guess the same patch needs to be applied there as well.
BUG=
Review-Url: https://codereview.chromium.org/2473343002
Cr-Commit-Position: refs/heads/master@{#40763}
When checking for marking a function for optimization, we had a check if
the function is already optimized to return early. This works in non-OSR
cases. For Turbofan OSR even when the current execution of the function
has already been optimized, the function itself will not be replaced
with optimized code. Hence, we may end up checking a function that is
already marked for optimization again. A check for the frame being optimized
avoids these checks.
BUG=
Review-Url: https://codereview.chromium.org/2450233002
Cr-Commit-Position: refs/heads/master@{#40760}
Port f07d2cdd6a
Original commit message:
A load instruction will implicitely clear the top 32 bits when writing to a W
register. This patch avoids generating a `mov` instruction to zero-extend the
result in this case.
For example, this occurs in the generated code for dispatching to the next
bytecode in the interpreter:
kind = BYTECODE_HANDLER
name = LdaZero
compiler = turbofan
Instructions (size = 36)
0x32e64c60 0 add x19, x19, #0x1 (1)
0x32e64c64 4 ldrb w0, [x20, x19]
0x32e64c68 8 mov w0, w0
^^^^^^^^^^
0x32e64c6c 12 lsl x0, x0, #3
0x32e64c70 16 ldr x1, [x21, x0]
0x32e64c74 20 movz x0, #0x0
0x32e64c78 24 br x1
Review-Url: https://codereview.chromium.org/2469253002
Cr-Commit-Position: refs/heads/master@{#40758}
The value numbering reducer has collision checks for nodes that mutated,
but kept the same hash, and are now equivalent to another node. However,
it can also accidentally hit itself, if it mutated, changed hash, but
ran over the location it was previously in.
After this patch, it checks to see if it is comparing against itself,
and skips over itself. Additionally, if this check is at the end of the
collisions, it opportunistically removes the duplicate entry and reduces
the size pressure on the list. We can do the same opportunistic clean up
if we happen to find a colliding equivalent entry, since we move it from
its original position to a new one.
Drive-by change: Ensure that the collision replacement checks types in
the same way that normal replacement does.
Review-Url: https://codereview.chromium.org/2475653002
Cr-Commit-Position: refs/heads/master@{#40757}
Instead of having a MODULE variable's index be 0 or 1, let it be the index of
its cell. In this CL, we assign the indices but we continue to only use them to
distinguish imports from exports. Actually using them to directly access the
cells will be done in a later CL.
R=adamk@chromium.org
BUG=v8:1569
Review-Url: https://codereview.chromium.org/2460233003
Cr-Commit-Position: refs/heads/master@{#40752}
This patch is a follow-up patch to enable runtime statistics to use
TracingCategoryObserver.
BUG=v8:5590
Review-Url: https://codereview.chromium.org/2460973003
Cr-Commit-Position: refs/heads/master@{#40745}
Reason for revert:
Static-Initializers failed on Ubuntu-12.04
Original issue's description:
> [Tracing] Use TracingCategoryObserver in runtime statistics
>
> This patch is a follow-up patch to enable runtime statistics to use
> TracingCategoryObserver.
>
> BUG=v8:5590
TBR=cbruni@chromium.org,fmeawad@chromium.org,alph@chromium.org,bmeurer@chromium.org,mlippautz@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5590
Review-Url: https://codereview.chromium.org/2469403005
Cr-Commit-Position: refs/heads/master@{#40743}
This patch is a follow-up patch to enable runtime statistics to use
TracingCategoryObserver.
BUG=v8:5590
Review-Url: https://codereview.chromium.org/2460973003
Cr-Commit-Position: refs/heads/master@{#40742}
Use HeapConstant for string_iterator_map rather than loading it
manually. This avoids unnecessary map checks.
BUG= v8:3822,v8:5267
Review-Url: https://codereview.chromium.org/2479563003
Cr-Commit-Position: refs/heads/master@{#40741}
During instruction selection, match the pattern
Float64LessThan(#0.0, Float64Abs(x))
which TurboFan generates for NumberToBoolean in the general case,
and which evaluates to false if x is 0, -0 or NaN, and compile this
to a simple (v)ucomisd using not_equal flags condition, which avoids
the costly Float64Abs.
Also consistently generate this pattern in TurboFan and the code
stubs/interpreter for ToBoolean.
R=mstarzinger@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2473923003
Cr-Commit-Position: refs/heads/master@{#40740}
This patch removes TracingCategoryObserver API and moves the creation of
observer inside platform initialization, by assuming that either
Platform::AddTraceStateObserver is implemented correctly to add observer to
tracing controller that implemented by embedders, or default tracing controller
has already been set up and attached to platform before
v8::V8::InitializePlatform is called.
BUG=v8:5590
Review-Url: https://codereview.chromium.org/2471583004
Cr-Commit-Position: refs/heads/master@{#40739}
Since all possible data-encoded prototype chain checks are supported by LoadIC
we can remove this extra iteration.
LoadGlobalIC does not support data handlers yet.
BUG=v8:5561
Review-Url: https://codereview.chromium.org/2479523002
Cr-Commit-Position: refs/heads/master@{#40738}
Reason for revert:
Speculative revert to see impact on crbug.com/659531
Original issue's description:
> [heap] Add a guard for restarting the memory reducer after mark-compact.
>
> Currently it is possible to get into a cycle of
> mark-compact -> memory reducer -> mark-compact -> memory reducer ...
> where the memory reducer does not free memory.
>
> This patch ensures that the memory reducer restarts only if the
> committed memory increased by sufficient amount after the last run.
>
> BUG=
TBR=hpayer@chromium.org,davidroutier17@gmail.com
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=
Review-Url: https://codereview.chromium.org/2472053003
Cr-Commit-Position: refs/heads/master@{#40737}
Exchanged the ZoneList for a ZoneChunkList to avoid
unnecessary growing.
Review-Url: https://codereview.chromium.org/2468183004
Cr-Commit-Position: refs/heads/master@{#40736}
Changes the ValueNumberingReducer to grow when at 80% capacity, rather
than at 50% capacity. This matches the behaviour of base/hashmap.
Review-Url: https://codereview.chromium.org/2474873003
Cr-Commit-Position: refs/heads/master@{#40734}
This makes sure the test in question does not rely on specific lifetime
characteristics for local variables within a function. Note that these
lifetimes are not specified by JavaScript and are not observable within
JavaScript proper. The natives syntax however makes it observable.
BUG=v8:5345
TEST=mjsunit/wasm/compiled-module-management
R=mtrofin@chromium.org
Review-Url: https://codereview.chromium.org/2474053002
Cr-Commit-Position: refs/heads/master@{#40733}
