This gets rid of the Star bytecodes that were always dispatched to from
ToObject.
ToObject now outputs to register instead of to the accumulator and
ForInPrepare gets the receiver object from an input register.
BUG=v8:4820
LOG=n
Review-Url: https://codereview.chromium.org/2189463006
Cr-Commit-Position: refs/heads/master@{#38177}
Drive-by fix: actually match the hint in the IsSpeculativeBinopMatcher.
Review-Url: https://codereview.chromium.org/2191883002
Cr-Commit-Position: refs/heads/master@{#38176}
Sometimes, the compiler will inline this function and unroll the loop.
Forcing this to never be inlined reduces the compiled size of the
function from a potential 170KB to around 39KB.
BUG=v8:5240
Review-Url: https://codereview.chromium.org/2194843002
Cr-Commit-Position: refs/heads/master@{#38172}
The test was calling OptimizeFunctionOnNextCall on a function before
ever executing it - crankshaft therefore didn't have any type info and
was generating a soft deoptimization bailout. Make sure we execute the
function before calling OptimizeFunctionOnNextCall to avoid this issue.
BUG=
Review-Url: https://codereview.chromium.org/2168603003
Cr-Commit-Position: refs/heads/master@{#38171}
So far we always create explicit control flow for map checks during
JSNativeContextSpecialization, or in the monomorphic case we used a
CheckIf combined with a map comparison. In either case we cannot
currently effectively utilize the map check information during load
elimination to optimize (polymorphic) map checks and elements kind
transitions.
With the introduction of CheckMaps, we can now start optimizing map
checks in a more effective fashion. This CL doesn't change anything
in that direction yet, but merely changes the fundamental mechanism.
This also removes the stable map optimization from the Typer, where
it was always a bit odd, and puts it into the typed lowering and
the native context specialization instead.
R=epertoso@chromium.org
BUG=v8:4930,v8:5141
Review-Url: https://codereview.chromium.org/2196653002
Cr-Commit-Position: refs/heads/master@{#38166}
Paritally revert standalone.gypi changes in a451bd1a68 and introduce a new separate variable for the mkpeephole.
On big-endian MIPS, qemu is used to build the snapshot,
because there's no simulator support for big-endian MIPS.
BUG=
Committed: https://crrev.com/928d2395c3fdf836cf9961cde96e6b274a6b1e20
Review-Url: https://codereview.chromium.org/2172653002
Cr-Original-Commit-Position: refs/heads/master@{#38103}
Cr-Commit-Position: refs/heads/master@{#38165}
Also make it possible to use the background parser from a character
stream. The External{One,Two}ByteStringUtf16CharacterStreams work both
on foreground and background threads.
BUG=v8:5215
R=marja@chromium.org,vogelheim@chromium.org
Review-Url: https://codereview.chromium.org/2195603002
Cr-Commit-Position: refs/heads/master@{#38162}
This adds preliminary support for on-stack replacement from Ignition to
optimized code generated by TurboFan to the runtime profiler. Involved
heuristics (e.g. code size allowance) have been taken from existing code
without any re-evaluation in the new setting.
R=rmcilroy@chromium.org
BUG=v8:4764
Review-Url: https://codereview.chromium.org/2182183005
Cr-Commit-Position: refs/heads/master@{#38159}
Previously, the stack property was set up in JS as read-only; but since
it had a JS setter, writability was ignored and writing to stack was
possible.
This is no longer the case now that stack is either an actual data
property, or is associated with C++ accessors. Explicitly set the
property as writable to preserve old behavior.
BUG=5245
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2190313002
Cr-Commit-Position: refs/heads/master@{#38158}
The keyed load/store lowering is too aggressive when it comes to element
vs. property access. If we cannot find a cached name on the IC we
automatically assume that it's an element access, i.e. we assume that
the key that is passed to the keyed access must be a valid array index
then. But this is not true for megamorphic keyed load/store ICs, which
do not have a cached name (because the IC saw different names), and thus
use a different mechanism to indicate that it's a non-element access.
Review-Url: https://codereview.chromium.org/2195583002
Cr-Commit-Position: refs/heads/master@{#38155}
In contrast to the generic stream, this character stream works without
accessing the heap, and can be used on a background thread.
BUG=v8:5215
R=vogelheim@chromium.org,marja@chromium.org
Review-Url: https://codereview.chromium.org/2184393002
Cr-Commit-Position: refs/heads/master@{#38154}
Rolling v8/build to 5240573aa6f46cfee690cdf7c6d9544e1841f502
Rolling v8/tools/mb to f2acac06c11447a7155d476d61f140f18a4a8066
TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
Review-Url: https://codereview.chromium.org/2196593002
Cr-Commit-Position: refs/heads/master@{#38153}
port 2c7efba658 (r38129)
original commit message:
Reason for revert:
Still crashing.
Original issue's description:
> [heap] Reland "Remove black pages and use black areas instead."
>
> BUG=chromium:630969,chromium:630386
> LOG=n
>
> Committed: https://crrev.com/9e37a07c8de0a20ef2681e26824ff4d329102603
> Cr-Commit-Position: refs/heads/master@{#38057}
BUG=
Review-Url: https://codereview.chromium.org/2192113002
Cr-Commit-Position: refs/heads/master@{#38152}
A "--minimal" flag turns off all optimizing compilers and activates the
interpreter. The idea is that with this flag activated, only the
platform-specific stubs and a Turbofan implementation must be complete to start
d8 and run the bulk of the tests. Note that although this flag is constructed as
a runtime flag, it must be set to true when building the snapshot and therefore
creates a compile-time dependency.
BUG=chromium:608675
Review-Url: https://codereview.chromium.org/2189663002
Cr-Commit-Position: refs/heads/master@{#38150}
This CL introduces a new fast flat instantiations cache for the first 1024 object templates.
After that we fall back to the existing slower dictionary cache.
Drive-by-fix: de-handlify and clean up some code in api-natives.cc
BUG=chromium:630217
Review-Url: https://codereview.chromium.org/2170743003
Cr-Commit-Position: refs/heads/master@{#38146}
This should fix the following errors that sometimes appear when using V8 gdb macros:
Cannot evaluate function -- may be inlined
or
No symbol "xxx" in namespace "v8::internal".
Review-Url: https://codereview.chromium.org/2186293002
Cr-Commit-Position: refs/heads/master@{#38145}
In native context specialization, we attempt to use map-based feedback to do optimized named and element loads and stores. Tragically, it could happen that any maps we encounter for a load have been deprecated. The right thing to do here is reoptimize later, let the IC subsystem update the map.
BUG=
Review-Url: https://codereview.chromium.org/2187283002
Cr-Commit-Position: refs/heads/master@{#38143}
With black allocation turned on we have no guarantee that the target array is
white and will be visited by the marker. Only execute the fast path when we are
allowed to skip the barrier.
R=hpayer@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2188713004
Cr-Commit-Position: refs/heads/master@{#38142}
The timing scopes don't come for free and in the case of wrapper creation only add
overhead. This CL removes the histogram timer for CallAs(Function|Constructor) and
Function::(NewInstance|Call).
BUG=chromium:630217
Review-Url: https://codereview.chromium.org/2188193002
Cr-Commit-Position: refs/heads/master@{#38138}
Change was meant to be in previous patch but was accidentally reverted.
README.md updated with new filename, also.
BUG=
Review-Url: https://codereview.chromium.org/2184223005
Cr-Commit-Position: refs/heads/master@{#38134}
In the process also inline the stub into the appropriate interpreter bytecode
handler and make sure that the context register is preserved in hand-written
assembly code that calls the stub and expects the context register to be
preserved.
BUG=608675
Review-Url: https://codereview.chromium.org/2188993003
Cr-Commit-Position: refs/heads/master@{#38132}