We can use xorps/xorpd on Intel CPUs to flip the sign bit. Ideally we'd
use a RIP-relative 128-bit constant in the code object, as OCaml/GCC
does, however that requires 128-bit alignment for code objects, which is
not yet implemented. So for now we materialize the mask inline.
R=dcarney@chromium.org
Review URL: https://codereview.chromium.org/1046893002
Cr-Commit-Position: refs/heads/master@{#27611}
Currently we only generate addresses in the range 2GiB to 4GiB, because
of a bug, when running in 64-bit mode. With this fix we now use the full
range 2GiB to 4096GiB.
BUG=v8:3997
LOG=n
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/1051303003
Cr-Commit-Position: refs/heads/master@{#27610}
Now every FOR_EACH_INTRINSIC_FOO sub-macro corresponds to a
src/runtime/runtime-FOO.cc file, even the order of runtime functions
within that file has been preserved in the corresponding macro, thanks
to some eye-hurting for/clang/sed/grep madness. ;-)
BUG=v8:3947
LOG=n
Review URL: https://codereview.chromium.org/1056863002
Cr-Commit-Position: refs/heads/master@{#27609}
cctest/test-log/EquivalenceOfLoggingAndTraversal fails on
AIX because it does not correctly handle the full 64 bit
address space supported by AIX. SKIP until the issue
is resolved.
modified: test/cctest/cctest.status
R=danno@chromium.org, svenpanne@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1055183002
Cr-Commit-Position: refs/heads/master@{#27608}
Previously, the only optimized code path for Maps and Sets was for String keys.
This was achieved through an implementation of various complex operations
in Hydrogen. This approach was neither scalable nor forward-compatible.
This patch adds the necessary intrinsics to implement Maps and Sets almost entirely
in JS. The added intrinsics are:
%_FixedArrayGet
%_FixedArraySet
%_TheHole
%_JSCollectionGetTable
%_StringGetRawHashField
With these additions, as well as a few changes to what's exposed as runtime functions,
most of the C++ code backing Maps and Sets is gone (including both runtime code in
objects.cc and Crankshaft in hydrogen.cc).
Review URL: https://codereview.chromium.org/947683002
Cr-Commit-Position: refs/heads/master@{#27605}
From ES6 25.2.3 ("Properties of the GeneratorFunction Prototype
Object"):
> The GeneratorFunction prototype object is an ordinary object. It is
> not a function object and does not have an [[ECMAScriptCode]] internal
> slot or any other of the internal slots listed in Table 27 or Table
> 56.
Introduce one assertion for the value's type and additional tests for its
properties. Remove an invalid assertion that fails as a result of this
fix.
BUG=v8:3991
LOG=N
Review URL: https://codereview.chromium.org/1062633002
Cr-Commit-Position: refs/heads/master@{#27603}
These slots are invalid and can result in a broken offset when slot index and start of object are equal and are at the beginning of a cell.
Moreover, make DCHECKs CHECKs to catch bugs in the wild.
BUG=chromium:473174
LOG=n
Review URL: https://codereview.chromium.org/1051243004
Cr-Commit-Position: refs/heads/master@{#27602}
- Fixed single float register type instruction en[de]coding in assembler and disassembler.
- Added max and min instructions for r6 and corresponding tests.
- Fixed selection instruction for boundary cases in simulator.
- Update assembler tests to be more thorough wrt boundary cases.
TEST=cctest/test-assembler-mips64/MIPS17, MIPS18
cctest/test-disasm-mips64/Type1
cctest/test-assembler-mips/MIPS16, MIPS17
cctest/test-disasm-mips/Type1
BUG=
Review URL: https://codereview.chromium.org/1057323002
Cr-Commit-Position: refs/heads/master@{#27601}
The number of generated instructions per table entry is reduced from six to
two, or four in worst-case scenario.
TEST=
BUG=
Review URL: https://codereview.chromium.org/1059213002
Cr-Commit-Position: refs/heads/master@{#27599}
port 16ee55097a (r27536)
original commit message:
Generate common StoreFastElementStubs ahead of time
BUG=
Review URL: https://codereview.chromium.org/1052413002
Cr-Commit-Position: refs/heads/master@{#27597}
port 7c347c545e (r27511)
original commit message:
A bug allows JSObject literals with elements to have the elements in the
boilerplate modified.
BUG=
Review URL: https://codereview.chromium.org/1057883004
Cr-Commit-Position: refs/heads/master@{#27595}
Remove unused macro-asm instruction and associated address patching.
On mips64, remove unused JumpLabelToJumpRegister(). On mips, rename
it appropriately (it's still used there for JR->J optimizations).
BUG=
Review URL: https://codereview.chromium.org/1059433003
Cr-Commit-Position: refs/heads/master@{#27593}
As with TF fix 94506cc3, correctly support absurdly large stack
adjustments.
TEST=mozilla/js/tests/js1_5/Regress/regress-396684.js
BUG=
Review URL: https://codereview.chromium.org/1057763002
Cr-Commit-Position: refs/heads/master@{#27592}
This keeps the length of the context chain tracked by the environment
in sync even for local control flow commands. It removes the need to
guess the correct chain length at Environment::Merge points.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1045703003
Cr-Commit-Position: refs/heads/master@{#27588}
The original code will not update the IC info if one of parameter is SMI. It Can not handle Number + Smi.
BUG=
Review URL: https://codereview.chromium.org/1056663005
Cr-Commit-Position: refs/heads/master@{#27583}
Currently, this doesn't really help to generate better code,
nevertheless this is the right thing to do. When our type system(s)
are fixed, this should avoid falling back to floating point operations
in various cases.
Review URL: https://codereview.chromium.org/1057813002
Cr-Commit-Position: refs/heads/master@{#27578}
Could not encode the large slot number in opcode MiscField.
TEST=mozilla/js/tests/js1_5/Regress/regress-396684.js
BUG=
Review URL: https://codereview.chromium.org/1043393002
Cr-Commit-Position: refs/heads/master@{#27574}
In ES6 Object.getOwnPropertyDescriptor should call ToObject, which
means that primitive values will return descriptors from the wrapper.
BUG=v8:3964
LOG=N
R=adamk, rossberg@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/998163004
Cr-Commit-Position: refs/heads/master@{#27569}
Reason for revert:
Spike in OOM crashes: crbug.com/403113
Original issue's description:
> Remove promotion backup case and report OOM instead.
>
> There are no test cases for this piece of code and it is really hard to test. If this rare case triggers, we are anyway in an OOM situation and would crash probably soon afterwards.
>
> BUG=
>
> Committed: https://crrev.com/e813afaf127ab80290153ab676dc07212bdc8946
> Cr-Commit-Position: refs/heads/master@{#27026}
TBR=mstarzinger@chromium.org,hpayer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1050113002
Cr-Commit-Position: refs/heads/master@{#27568}
The removed assertion consistently passes not because the invoked
`close` method internally throws a `TypeError` but because the `close`
method does not exist. The ES6 specification does not define a `close`
method on the GeneratorPrototype, so this test is a tautology.
BUG=None
LOG=N
R=arv
Review URL: https://codereview.chromium.org/1046963002
Cr-Commit-Position: refs/heads/master@{#27567}
The modified assertions targeted the property descriptor for the
template object's first "cooked" value. The code immediately preceeding
these statements asserts these values.
Update the assertions to instead target the property descriptor for the
template object's first "raw" value (which are otherwise untested).
BUG=
Review URL: https://codereview.chromium.org/1049523003
Cr-Commit-Position: refs/heads/master@{#27566}
Reason for revert:
Got one dev-channel with this. Should be enough.
Original issue's description:
> Add CHECKs when updating pointers from the slots and store buffers
>
> We want to verify that we always overwrite heap objects with heap
> objects, and non-heap objects with non-heap objects
>
> BUG=chromium:452095
> R=hpayer@chromium.org
> LOG=n
>
> Committed: https://crrev.com/58fbcfac8ae82b1241f07e1b8ea81a5973514c11
> Cr-Commit-Position: refs/heads/master@{#27479}
TBR=hpayer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:452095
Review URL: https://codereview.chromium.org/1052713002
Cr-Commit-Position: refs/heads/master@{#27565}