A TransitionElementsKind operation is redundant if we already know that
the object has the target_map (independent of what the source_map might
be).
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2233403003
Cr-Commit-Position: refs/heads/master@{#38597}
Previously, we would both instrument the code, and add/remove
BreakPointInfo objects through BreakLocation. This is bad design and
unsuitable for having two different code kinds.
We would now add/remove BreakPointInfo objects, and use that as source
of truth when instrumenting the code. If we have both bytecode and FCG
code, we would simply apply these break points twice to either.
Notable changes:
- Removed many functionality from BreakLocation.
- Instrumentation (patching code for breaks) happens by applying break
point info onto code.
- Instrumentation (code patching) is done by the BreakIterator. For
bytecode, it's BytecodeArrayBreakIterator. For FCG code, it's
CodeBreakIterator.
- Changes to code instrumentation mostly involves clearing current
instrumentation and then (re-)applying break points.
- DebugInfo can now reference both bytecode and FCG code.
R=jgruber@chromium.org, mstarzinger@chromium.org
BUG=v8:5265
Review-Url: https://codereview.chromium.org/2238893002
Cr-Commit-Position: refs/heads/master@{#38596}
port 51e9d5ad2a (r38577)
original commit message:
Use IsPropertyName in VisitObjectLiteral to decide whether to do
a named property store or call SetProperty.
BUG=
Review-Url: https://codereview.chromium.org/2241693002
Cr-Commit-Position: refs/heads/master@{#38595}
So far we only snapshot the payload data for the deserializer, but
not the data for heap reservation or the code stub keys.
At the same time this change turns some CHECKs that fail in the wild
to DCHECKs. We can try turning them back to CHECKs some other time.
TBR=ahaas@chromium.org
BUG=chromium:636876
Review-Url: https://codereview.chromium.org/2237883002
Cr-Commit-Position: refs/heads/master@{#38594}
An invocation of the ToNumber builtin resulting from lowering the
PlainPrimitiveToNumber cannot have any observable side effects and
thus the builtin call itself is eliminatable.
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2239923004
Cr-Commit-Position: refs/heads/master@{#38593}
Rolling v8/build to 37fd368b5f9d7690eac34cd440275ae323b1dab2
Rolling v8/buildtools to f8fc76ea5ce4a60cda2fa5d7df3d4a62935b3113
Rolling v8/third_party/WebKit/Source/platform/inspector_protocol to 87a50f796882982f6ae1efbd060e4f69467db547
TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
Review-Url: https://codereview.chromium.org/2243493006
Cr-Commit-Position: refs/heads/master@{#38592}
Certain token combinations (e.g. number literal followed by semicolon) will
result in a single AST node, but require many levels of recursive descent
parsing to determine this (11 in this example). For some 'obvious'
combinations, we'll simply generate the appropriate AST node fairly far up
in the call tree.
This yields a mild but consistent parser speedup. The main con is code duplication.
[Speedup between 0..20ms in parse time among a set of 25 commonly used sites. Speedup of ~180ms for a site w/ a very large codebase (adwords.google.com). Minor slow-downs between 0..8ms for <20% of sites.]
R=marja@chromium.org
BUG=v8:4947
Review-Url: https://codereview.chromium.org/2188153002
Cr-Commit-Position: refs/heads/master@{#38591}
There's no need to check IsLexicalVariableMode since it's subsumed
by binding_needs_init.
Drive-by change: in VisitVariableLoad, move SetResultInAccumulator
out of switch cases.
BUG=
Review-Url: https://codereview.chromium.org/2232313002
Cr-Commit-Position: refs/heads/master@{#38590}
This target introduces a dependency on WebKit/platform which is not the way we want it.
Keeping the build files in src/inspector, as they are not used and will be useful later on.
BUG=none
NOPRESUBMIT=true
Review-Url: https://codereview.chromium.org/2239603002
Cr-Commit-Position: refs/heads/master@{#38587}
This optimization required access to the heap which we can't do off-thread.
There doesn't seem to be a regression without this optmization in anycase,
so just rip it out.
BUG=v8:5203
Review-Url: https://codereview.chromium.org/2238853002
Cr-Commit-Position: refs/heads/master@{#38585}
Should fix a performance regression introduced by introducing
a CanonicalHandleScope for bytecode compilation. Also fix a
missing CanonicalHandleScope in GetSharedFunctionInfo.
BUG=chromium:634953
Review-Url: https://codereview.chromium.org/2226923002
Cr-Commit-Position: refs/heads/master@{#38583}
------------------------------------------------------------------------
This CL adds support for decoding eh-related wasm opcodes:
* Throw: used for raising an exception; the thrown value lives on top of
the evaluation stack;
* TryCatch: used to start a try block that has a catch clause;
* TryFinally: used to start a try block that has a finally clause;
* TryCatchFinally: used to start a try block that has both catch and
finally clauses;
* Catch <local>: used to start the catch block of a
TryCatch/TryCatchFinally block; the thrown value is
stored in local <local>; and
* Finally: used to start a finally block of TryFinally/TryCatchFinally.
Three different opcodes are used to start a try block to simplify the
AST construction during bytecode parsing.
BUG=
Review-Url: https://codereview.chromium.org/2222193004
Cr-Commit-Position: refs/heads/master@{#38579}
This adds a very first version of inlined Array.prototype.pop into
TurboFan optimized code. We currently limit the inlining to fast
object or smi elements, until the unclear situation around hole NaNs
is resolved and we have a clear semantics inside the compiler.
It's also probably overly defensive in when it's safe to inline
the call to Array.prototype.pop, but we can always extend that
later once we have sufficient trust in the implementation and see
an actual need to extend it.
BUG=v8:2229,v8:3952,v8:5267
R=epertoso@chromium.org
Review-Url: https://codereview.chromium.org/2239703002
Cr-Commit-Position: refs/heads/master@{#38578}
Use IsPropertyName in VisitObjectLiteral to decide whether to do
a named property store or call SetProperty.
BUG=v8:5203
Review-Url: https://codereview.chromium.org/2237553004
Cr-Commit-Position: refs/heads/master@{#38577}
We can fold ConvertTaggedHoleToUndefined into CheckNumber and
CheckTaggedSigned, as they deoptimize no matter if the input
is undefined or hole.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2233393002
Cr-Commit-Position: refs/heads/master@{#38576}
These places were found by the trybots.
- regress-crbug-485410
BUG=
Review-Url: https://codereview.chromium.org/2230923002
Cr-Commit-Position: refs/heads/master@{#38572}
port f8938e5096 (r38437)
original commit message:
This CL changes the semantics of FloatXXSub to match the semantics of
the semantics of FloatXXSubPreserveNan. Therefore there is no need
anymore for the FloatXXSubPreserveNan operators.
The optimizations in VisitFloatXXSub which are removed in this CL have
already been moved to machine-operator-reducer.cc in
https://codereview.chromium.org/2226663002
BUG=
Review-Url: https://codereview.chromium.org/2236153002
Cr-Commit-Position: refs/heads/master@{#38571}
port 96c90f6c64 (r38410)
original commit message:
I had to adjust Float64Max/Min on x64 slightly to return the default
wasm NaN (0x7FF0000000000000) instead of the all-ones NaN
(0xFFFFFFFFFFFFFFFF).
BUG=
Review-Url: https://codereview.chromium.org/2233273002
Cr-Commit-Position: refs/heads/master@{#38570}
With this CL all kinds of Callable can imported into wasm. Please take a special look at the context that is used now in the WasmToJSWrapper.
BUG=633895
TEST=mjsunit/wasm/ffi.js
Review-Url: https://codereview.chromium.org/2208703002
Cr-Commit-Position: refs/heads/master@{#38569}
When we change representation from Float64 to Tagged and we know that
the input value can never be -0, we don't need to bother introducing
the check for -0 during effect/control linearization.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2231963002
Cr-Commit-Position: refs/heads/master@{#38568}
If the intersection of the types of nodes a and b is empty, then there's
no way that a and b could ever refer to the same object, so we can use
that information for alias analysis.
Drive-by-fix: Improve use of types to enable typed alias analysis to
become more effective. Also fix an ASAN issue uncovered by this CL.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2237433003
Cr-Commit-Position: refs/heads/master@{#38567}
Rolling v8/build to 01ebc7132bdd79aef8a0bdda3fa87ec4cd95d550
Rolling v8/tools/gyp to 702ac58e477214c635d9b541932e75a95d349352
Rolling v8/tools/mb to 3e296ee98914402a53413da4e48fe02623f80361
TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
Review-Url: https://codereview.chromium.org/2230213003
Cr-Commit-Position: refs/heads/master@{#38566}
Throw 'Range Error: invalid string length' when the result of
case mapping is longer than the max string length (kMaxLength in
objects.h = 1 << 28 - 16).
This is for case mapping with ICU.
BUG=v8:5271
TEST=intl/general/case-mapping.js with --icu_case_mapping
Review-Url: https://codereview.chromium.org/2236593002
Cr-Commit-Position: refs/heads/master@{#38565}
1. The third parameter of strncpy should be the length of source string.
2. Value contains " should be valid.
BUG=v8:4561
Review-Url: https://codereview.chromium.org/2232683002
Cr-Commit-Position: refs/heads/master@{#38563}
This patch adds additional tests for async functions and generators, in how
they interact with destructuring, default arguments and shadow parameter
copying.
BUG=v8:5167
Review-Url: https://codereview.chromium.org/2229243002
Cr-Commit-Position: refs/heads/master@{#38560}
Separate ConvertTaggedHoleToUndefined and CheckTaggedHole into two
separate operators, where the former is pure and just turns into
trivial control flow in the EffectControlLinearizer.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2236443004
Cr-Commit-Position: refs/heads/master@{#38559}
This changes Scope::function_ (for holding the name binding
for named function expression) from a VariableDeclaration
to a Variable. No work is done when visiting this declaration,
since it's kCreatedInitialized, so we can treat it like
other function-specific variables.
This simplifies a wide variety of code, and centralizes
the logic for constructing the variable inside scopes.cc.
This may one day make it easier to eliminate the CONST_LEGACY
VariableMode.
R=neis@chromium.org, verwaest@chromium.org
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2232633002
Cr-Commit-Position: refs/heads/master@{#38558}
In addition, make use of Variable::binding_needs_init() in addition to
VariableMode when deciding whether to do hole checking in variable assignment.
R=rmcilroy@chromium.org
Review-Url: https://codereview.chromium.org/2227203002
Cr-Commit-Position: refs/heads/master@{#38555}
This patch is based on alph's CL https://codereview.chromium.org/2128613004/.
This patch makes GetStackSample propogate the register state when using
simulator helper, and adds argument to avoid using register state from simulator
when pass the native register state.
BUG=v8:4789
LOG=N
Review-Url: https://codereview.chromium.org/2189513002
Cr-Commit-Position: refs/heads/master@{#38554}
This is to prevent a collision with Expectations class defined in test-field-type-tracking.cc, which happens in Clang under certain conditions (official build + Precise + unknown).
While the original intent was to just workaround the Clang bug, putting types into anonymous namespace seems reasonable anyway (thank you to Benedikt Meurer for the suggestion!)
BUG=630335
Review-Url: https://codereview.chromium.org/2227073002
Cr-Commit-Position: refs/heads/master@{#38552}
Port 6768456db5
Original commit message:
The old code was using VariableMode, but that signal is both
over-pessimistic (some CONST and LET variables need no hole-initialization)
and inconsistent with other uses of the InitializationFlag enum (such
as %LoadLookupSlot).
This changes no observable behavior, but removes unnecessary hole
initialization and hole checks in a few places, including
block-scoped function declarations, super property lookups,
and new.target.
R=adamk@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com
BUG=
LOG=N
Review-Url: https://codereview.chromium.org/2229383004
Cr-Commit-Position: refs/heads/master@{#38551}