This adds a dedicated flag for enabling the BytecodeGraphBuilder. The
intention is to be explicit when this variant is being tested and to
avoid unnecessary overhead in production code for a configuration that
is not yet shipping.
R=rmcilroy@chromium.org
Review-Url: https://codereview.chromium.org/1925123002
Cr-Commit-Position: refs/heads/master@{#35892}
I introduced a new flag, --wasm-parallel-compilation, which turns on
parallel compilation of wasm modules. If parallel compilation is turned
on, then the compilation of wasm functions is split into three phases,
initialization, execution, and finalization. The execution phase is the
phase which is going to contain all the code that can be executed in
parallel. At the moment the execution phase is still empty.
R=titzer@chromium.org
Review-Url: https://codereview.chromium.org/1928933002
Cr-Commit-Position: refs/heads/master@{#35875}
Trace-opt/trace-deopt output is ambiguous if multiple functions share
the same name. This change adds file names to this output behind the
--trace-file-names flag to reduce this ambiguity.
R=ofrobots@google.com
BUG=
Review URL: https://codereview.chromium.org/1920873003
Cr-Commit-Position: refs/heads/master@{#35824}
The feature was deprecated in M49 and flagged off in M50.
This patch removes it entirely from the codebase.
Review URL: https://codereview.chromium.org/1909433003
Cr-Commit-Position: refs/heads/master@{#35714}
In a full mark-compact GC, instead of copying memory to old space for
pages that have more than X% live bytes, we just move the whole page over to old
space.
X=70 (default value)
BUG=chromium:581412
LOG=N
TBR=hpayer@chromium.org
This reverts commit 8b3337278f.
Review URL: https://codereview.chromium.org/1901093002
Cr-Commit-Position: refs/heads/master@{#35649}
In a full mark-compact GC, instead of copying memory to old space for
pages that have more than X% live bytes, we just move the whole page over to old
space.
X=70 (default value)
BUG=chromium:581412
LOG=N
Review URL: https://codereview.chromium.org/1863983002
Cr-Commit-Position: refs/heads/master@{#35610}
This prefixes the escape analysis flag with "experimental", thereby
making sure the flag in question is not being fuzzed. It will reduce
noise levels on ClusterFuzz again.
R=jarin@chromium.org
BUG=chromium:603653
LOG=n
Review URL: https://codereview.chromium.org/1894513002
Cr-Commit-Position: refs/heads/master@{#35521}
We had exactly one test case for --noturbo-types, so it's likely that
the generic pipeline (without types) was already broken for quite some
time, plus no one expressed interest in maintaining it, plus it
complicates the JSGenericLowering integration. So decision is to kill
it.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1872333002
Cr-Commit-Position: refs/heads/master@{#35387}
When FLAG_trace_ignition_dispatches is enabled, a dispatch counter is
kept for each pair of source-destination bytecode handlers.
Each counter saturates at max uintptr_t value.
Counters are dumped as a JSON-encoded object of objects, such that
each key on the top level object is a source bytecode name, and each key
on the corresponding value is a destination bytecode name, with the
associated counter as value. The output file name can be controlled
with the FLAG_trace_ignition_dispatches_output_file flag.
The JSON file may be written by calling
Interpreter::WriteDispatchCounters(), which is done for d8 in
Shell::OnExit, if FLAG_trace_ignition_dispatches is enabled.
BUG=v8:4899
LOG=N
Review URL: https://codereview.chromium.org/1828633003
Cr-Commit-Position: refs/heads/master@{#35380}
Reason for revert:
breaks some chromium browser_tests: https://codereview.chromium.org/1848233002/
Original issue's description:
> Ship --harmony-regexp-exec
>
> There are still spec compliance fixes to be made, but this patch
> turns the flag to shipping to make sure we get more canary coverage
> and performance data from the bots.
>
> BUG=v8:4602
> LOG=y
>
> Committed: https://crrev.com/84492bb66b340f4e0df36758e98fddbb10b5d1dc
> Cr-Commit-Position: refs/heads/master@{#35181}
TBR=littledan@chromium.org,adamk@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4602
Review URL: https://codereview.chromium.org/1852673003
Cr-Commit-Position: refs/heads/master@{#35198}
There are still spec compliance fixes to be made, but this patch
turns the flag to shipping to make sure we get more canary coverage
and performance data from the bots.
BUG=v8:4602
LOG=y
Review URL: https://codereview.chromium.org/1847103002
Cr-Commit-Position: refs/heads/master@{#35181}
Embedders that rely on unmodified wrappers to survive should pass the command-line flag --noscavenge_reclaim_unmodified_objects
BUG=4880
LOG=yes
Review URL: https://codereview.chromium.org/1839243005
Cr-Commit-Position: refs/heads/master@{#35164}
Difference from --perf-basic-prof:
- correctly attributes samples when code space gets reused (when unused code object dies and a new code objects is allocated at the same place).
- outputs compiled machine code for instruction-level profile.
Just like --perf-basic-prof, the file writer is not synchronized (even worse, there is a per-isolate file handle), so we will run into trouble with multiple isolates. However, this patch is still an improvement on --perf-basic-prof, and it should be fine to replace ll-prof.
The patch also introduces experimental support for debug info, but it does not seem to be picked by the perf tool.
Usage:
You need the perf tool from Linux kernel >4.5. Then run:
$ perf record -k mono d8 --perf-prof <your JS file>
$ perf inject -j -i perf.data -o perf.data.jitted
$ perf report -i perf.data.jitted
Some explanations:
The "-k mono" switch from "perf record" tells the perf tool to use the monotonic clock for perf sample timestamping. The "perf inject -j" command injects the collected code events into the perf data file, writing the output into perf.data.jitted. The perf report command then creates the report.
Review URL: https://codereview.chromium.org/1809203007
Cr-Commit-Position: refs/heads/master@{#35091}
It's been on since M49. Also moved tests from harmony -> es6,
one of which was merged with another test of the same name.
While moving stuff over to regexp.js, I also noticed that there
were unused calls to %FunctionSetName and %SetNativeFlag (those
calls are already handled by InstallGetter()).
Review URL: https://codereview.chromium.org/1838563003
Cr-Commit-Position: refs/heads/master@{#35076}
This patch implements ES2015 RegExp subclassing semantics, namely the
hardest part where RegExp.prototype.exec and certain flag getters can
be overridden in order to provide different behavior. This change is
hidden behind a new flag, --harmony-regexp-exec. The flag guards the
behavior by installing entirely different implementations of the
methods which follow the new semantics.
Preliminary performance tests show a 3-4x regression in the Octane
RegExp benchmark. The new code doesn't call out into several fast
paths that the old code supported, so this is expected.
The patch is tested mostly by test262, where most RegExp tests are fixed,
with the exception of deliberate spec violations for web compatibility,
and for the 'sticky' flag, which is not dynamically read by this patch
in all cases but rather statically compiled into the RegExp. The latter
will require a follow-on patch to implement. A small additional set of
tests verifies one particular case, mostly to check whether the flag
mechanism works.
R=adamk,yangguo@chromium.org
LOG=Y
BUG=v8:4602
Review URL: https://codereview.chromium.org/1596483005
Cr-Commit-Position: refs/heads/master@{#35068}
Makes --ignition cause eager compilation if we aren't building the startup
snapshot.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1811553003
Cr-Commit-Position: refs/heads/master@{#35066}
Now that ES2015 const has shipped, in Chrome 49, legacy const declarations
are no more. This lets us remove a bunch of code from many parts of the
codebase.
In this patch, I remove parser support for generating legacy const variables
from const declarations. This also removes the special "illegal declaration"
bit from Scope, which has ripples into all compiler backends.
Also gone are any tests which relied on legacy const declarations.
Note that we do still generate a Variable in mode CONST_LEGACY in one case:
function name bindings in sloppy mode. The likely fix there is to add a new
Variable::Kind for this case and handle it appropriately for stores in each
backend, but I leave that for a later patch to make this one completely
subtractive.
Review URL: https://codereview.chromium.org/1819123002
Cr-Commit-Position: refs/heads/master@{#35002}
Flags --dump_wasm_module and --dump_wasm_module_path=/path/to/folder allow us to run a bunch of tests and capture all of the wasm module files including the ones that come from the .js and .cc tests which are built on the fly, as well as the asm2wasm tests.
The files are all uniquely named `HASH.{ok,failed}.wasm`.
This will be especilly useful for fuzz testing, but could also be used for other tests including non-V8 tests.
For now I manually hacked tools/testrunner/local/execution.py so that tools/run-tests.py can output the modules. We may want to ad a flag to run-tests.py proper if this turns out to be useful.
R=bradnelson@chromium.org, titzer@chromium.org, kcc@chromium.org
Review URL: https://codereview.chromium.org/1816583003
Cr-Commit-Position: refs/heads/master@{#34968}
Both of them shipped in Chrome 49 without incident.
Also move relevant tests from harmony/ to es6/.
Review URL: https://codereview.chromium.org/1815773002
Cr-Commit-Position: refs/heads/master@{#34964}
Bounds check hoisting was known to be buggy and has never been turned on.
Since Crankshaft is deprecated, nobody is going to spend time fixing it,
so let's just get rid of it.
BUG=v8:4155,v8:4849
LOG=n
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1823623002
Cr-Commit-Position: refs/heads/master@{#34948}
Note that this optimization only kicks in with --harmony-instanceof
being enabled as well. By itself this optimization itself does not
trigger.
R=bmeurer@chromium.org
BUG=v8:4447
LOG=n
Review URL: https://codereview.chromium.org/1817043002
Cr-Commit-Position: refs/heads/master@{#34947}
This CL restores special crankshaft optimizations for instance of when
--harmony-instanceof is true. Similar work has to happen for TurboFan.
I've added a flag to pile-up the optimizations to be done elsewhere, which
will follow over several CLs.
R=verwaest@chromium.org, mstarzinger@chromium.org
BUG=v8:4447
LOG=n
Review URL: https://codereview.chromium.org/1809113002
Cr-Commit-Position: refs/heads/master@{#34930}
Function declarations were previously permitted by V8 in many locations
which no ECMAScript specification allowed; the ECMAScript 2015 spec
enumerates a few locations (in blocks, as well as after labels and in
conditionals when in sloppy mode). This patch ships the flag to restrict
the usage of function declarations to those contexts.
R=adamk
LOG=Y
BUG=v8:4824
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1799233003
Cr-Commit-Position: refs/heads/master@{#34828}
Modules already have a separate entrypoint into the engine (at the moment,
this is v8::ScriptCompiler::CompileModule, though that will change to
something like ParseModule). This meant that requiring a commandline flag
simply added an extra complexity burden on embedders. By removing the v8
flag, this lets embedders use their own flagging mechanism (such as d8's
"--module", or Blink's RuntimeEnabledFeatures) to control whether
modules are to be used.
Also remove old modules tests that were being skipped (since they test
very old, pre-ES2015 modules syntax).
R=littledan@chromium.org
BUG=v8:1569, chromium:594639
LOG=y
Review URL: https://codereview.chromium.org/1804693002
Cr-Commit-Position: refs/heads/master@{#34764}
When black allocation is active, all objects allocated in old space are allocated black. Important: With that change, you cannot assume anymore that new objects are white right after their allocation. Currently, black allocation is enabled when incremental marking is started.
This feature can be turned off via flag: --noblack-allocation
BUG=chromium:561449
LOG=n
Review URL: https://codereview.chromium.org/1420423009
Cr-Commit-Position: refs/heads/master@{#34743}
Reason for revert:
Speculative revert to check if this CL is causing GC stress failures.
Original issue's description:
> Enable parallel pointer updates after evacuation.
>
> BUG=chromium:578883
> LOG=NO
>
> Committed: https://crrev.com/7217fcc0bf5b0f62947f92128ec76855d50e91da
> Cr-Commit-Position: refs/heads/master@{#34712}
TBR=mlippautz@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=chromium:578883
LOG=NO
Review URL: https://codereview.chromium.org/1803573002
Cr-Commit-Position: refs/heads/master@{#34741}
ES2015 Object.prototype.toString semantics were enabled in version 4.9,
which has been in stable Chrome for nearly two weeks at this point.
R=littledan@chromium.org
Review URL: https://codereview.chromium.org/1784033002
Cr-Commit-Position: refs/heads/master@{#34732}
These flags have been on by default since version 4.9, which has been
in stable Chrome for over a week now, demonstrating that they're
here to stay.
Also moved the tests out of harmony/ and into es6/.
Review URL: https://codereview.chromium.org/1776683003
Cr-Commit-Position: refs/heads/master@{#34692}
With the flag enables we print the keys found on each prototype and
the number of prototypes.
BUG=
Review URL: https://codereview.chromium.org/1779523002
Cr-Commit-Position: refs/heads/master@{#34680}
This flag bans illegal (and likely useless) constructs like
for (;;) function f() {}
R=adamk
BUG=v8:4824
LOG=Y
Review URL: https://codereview.chromium.org/1781653005
Cr-Commit-Position: refs/heads/master@{#34646}
ES2015 generally bans FunctionDeclarations in positions which expect a Statement,
as opposed to a StatementListItem, such as a FunctionDeclaration which constitutes
the body of a for loop. However, Annex B 3.2 and 3.4 make exceptions for labeled
function declarations and function declarations as the body of an if statement in
sloppy mode, in the latter case specifying that the semantics are as if the
function declaration occurred in a block. Chrome has historically permitted
further extensions, for the body of any flow control construct.
This patch addresses both the syntactic and semantic mismatches between V8 and
the spec. For the semantic mismatch, function declarations as the body of if
statements change from unconditionally hoisting in certain cases to acquiring
the sloppy mode function in block semantics (based on Annex B 3.3). For the
extra syntax permitted, this patch adds a flag,
--harmony-restrictive-declarations, which excludes disallowed function declaration
cases. A new UseCounter, LegacyFunctionDeclaration, is added to count how often
function declarations occur as the body of other constructs in sloppy mode. With
this patch, the code generally follows the form of the specification with respect
to parsing FunctionDeclarations, rather than allowing them in arbitrary Statement
positions, and makes it more clear where our extensions occur.
BUG=v8:4647
R=adamk
LOG=Y
Review URL: https://codereview.chromium.org/1757543003
Cr-Commit-Position: refs/heads/master@{#34470}
This patch moves iterator finalization (calling .return() when a
for-of loop exits early) to shipping. The only part of this feature
which is currently known to be missing is destructuring--.return()
should be also be called when destructuring with an array which
does not end in a rest pattern, but it currently does not. The rest
of this feature, including calling .return() from certain builtins,
is implemented.
R=adamk
BUG=v8:3566
LOG=Y
Review URL: https://codereview.chromium.org/1738463003
Cr-Commit-Position: refs/heads/master@{#34307}
This patch moves for-of closing to staging. There are a couple of
minor semantics bugs remaining in finalization along edge cases, but
we don't know of any stability issues.
BUG=v8:3566
R=rossberg
LOG=Y
Review URL: https://codereview.chromium.org/1725203002
Cr-Commit-Position: refs/heads/master@{#34254}
This patch moves the ES2015 Symbol.species feature from staging to
shipping. @@species should be good to ship now that the regression
from fast-path cases in concat, slice and splice have been addressed.
R=adamk
BUG=v8:4093
LOG=Y
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1721993002
Cr-Commit-Position: refs/heads/master@{#34226}
This implements a mechanism to track the exact depth of the operand
stack in full-codegen for every sub-expression visitation. So far we
only tracked the depth at statement level, but not at expression level.
With the introduction of do-expressions it will be possible to construct
local control flow (i.e. break, continue and friends) that target labels
at an arbitrary operand stack depth, making this tracking a prerequisite
for full do-expression support.
R=rossberg@chromium.org,jarin@chromium.org
BUG=v8:4755,v8:4488
LOG=n
Review URL: https://codereview.chromium.org/1706283002
Cr-Commit-Position: refs/heads/master@{#34211}
Until now inlining in TurboFan was staged behind --turbo, which means
that it wasn't enabled with --turbo-shipping. It seems reasonable to
ship it now, since Clusterfuzz had fun with it for a year already, and
we need to reach parity with Crankshaft with more and more things being
enabled behind --turbo-shipping.
Review URL: https://codereview.chromium.org/1721243002
Cr-Commit-Position: refs/heads/master@{#34209}
This was previously reverted due to breakage in devtools, but that has
been worked around in https://codereview.chromium.org/1666573002.
The feature has been publicly-announced as deprecated for several months,
and Chrome 49 will emit deprecation warnings in the console for
uses of the API. This CL aims to remove it from M50 (which is what the
message warns of).
BUG=chromium:552100
LOG=y
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1711863003
Cr-Commit-Position: refs/heads/master@{#34171}
Extract the logic to find out the best candidate out of the core of the
scheduler. It allows more flexibility and make it easy to change the
policy use to schedule the basic blocks.
This patch also provide a new algorithm to randomly schedule the code
in order to perform stress tests on the scheduler.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1714753004
Cr-Commit-Position: refs/heads/master@{#34156}
Implements iterator finalisation by desugaring for-of loops with an additional try-finally wrapper. See comment in parser.cc for details.
Also improved some AST printing facilities while there.
@Ross, I had to disable the bytecode generation test for for-of, because it got completely out of hand after this change (the new bytecode has 150+ lines). See the TODO that I assigned to you.
Patch set 1 is WIP patch by Georg (http://crrev.com/1695583003), patch set 2 relative changes.
@Georg, FYI, I changed the following:
- Moved try-finally out of the loop body, for performance, and in order to be able to handle `continue` correctly.
- Fixed scope management in ParseForStatement, which was the cause for the variable allocation failure.
- Fixed pre-existing zone initialisation bug in rewriter, which caused the crashes.
- Enabled all tests, adjusted a few others, added a couple more.
BUG=v8:2214
LOG=Y
Review URL: https://codereview.chromium.org/1695393003
Cr-Commit-Position: refs/heads/master@{#34111}
Reason for revert:
Tanks Mandreel-latency.
Original issue's description:
> Tweak type info threshold.
>
> Let the world know (if it cares) that this is the kind of
> silliness that JS engines have to partake in if they want
> to look good on Sunspider (this should give 5% overall).
>
> Committed: https://crrev.com/4f62af4234e8ad74abd8e4cd3e492f7727efc768
> Cr-Commit-Position: refs/heads/master@{#33866}
TBR=yangguo@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
Review URL: https://codereview.chromium.org/1699063002
Cr-Commit-Position: refs/heads/master@{#34027}
Harvesting maps from the stub cache for megamorphic ICs is both slow
(linear in the size of the stub cache) and imprecise (as it finds all
maps that have a cached handler for the given property name).
In the canonical megamorphic situation, this type feedback is useless
anyway. The interesting case is when we can filter it down to a single
map; however in these cases it is often possible to derive this map
just by looking at the HGraph, which is both faster and more reliable.
Review URL: https://codereview.chromium.org/1669213003
Cr-Commit-Position: refs/heads/master@{#33998}
This adds initial support for inline allocation of object and array
literals to the JSCreateLowering pass. It's basically identical to
what Crankshaft does.
This also unstages the TurboFan escape analysis, as the lowering seems
to trigger a bunch of bugs in it; those bugs will be fixed separately,
and we will re-enable escape analysis afterwards.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1698783002
Cr-Commit-Position: refs/heads/master@{#33972}
- Remove unused methods that we should never actually use like SetArea() or
set_size().
- Live bytes are now reported with --trace-live-bytes and not gc-verbose.
BUG=chromium:581076
LOG=N
Review URL: https://codereview.chromium.org/1686413002
Cr-Commit-Position: refs/heads/master@{#33908}
Let the world know (if it cares) that this is the kind of
silliness that JS engines have to partake in if they want
to look good on Sunspider (this should give 5% overall).
Review URL: https://codereview.chromium.org/1684093002
Cr-Commit-Position: refs/heads/master@{#33866}
This patch moves Symbol.species support to the "experimental JavaScript
features" flag. While @@species is still a performance hit, it doesn't seem
like it would make the web unusably slow; shipping would still have to
wait on fixing the performance regression, but staging this version should
yield valuable web compatibility information.
R=cbruni
BUG=v8:4093
LOG=Y
Review URL: https://codereview.chromium.org/1678143002
Cr-Commit-Position: refs/heads/master@{#33827}
The flag in question is a debug-only flag supported by full-codegen and
Crankshaft only. In it's current form there are some unresolved issues:
- The flag is defeated by inlining in Crankshaft.
- The flag is not supported by TurboFan.
- The flag is not supported by Ignition.
Instead of addressing the above issues and increasing maintenance cost
for all backends and also given the "slim" test coverage, this CL fully
removes the support from all backends.
R=bmeurer@chromium.org,jkummerow@chromium.org
Review URL: https://codereview.chromium.org/1676263002
Cr-Commit-Position: refs/heads/master@{#33817}
This is also a refactoring of the merge function in
escape analysis.
BUG=v8:4586
LOG=n
Review URL: https://codereview.chromium.org/1654163003
Cr-Commit-Position: refs/heads/master@{#33728}
This removes --harmony-completion, --harmony-concat-spreadable, and
--harmony-tolength and moves the appropriate tests from harmony/ to es6/.
Review URL: https://codereview.chromium.org/1667453002
Cr-Commit-Position: refs/heads/master@{#33712}
This patch ships the first part of RegExp subclassing--defining
Symbol.{match,replace,search,split}, but keeping their original
definitions which are restricted to a RegExp receiver and do not
call out to the core 'exec' method. This is being shipped separately
because the two sets of extension points are separate features with
separate functionality. The amount of behavior which is held behind
the flag is very small, just exposing the symbols as properties of
Symbol--the behavior that the String methods call out to these Symbol
properties has already been shipping unflagged.
R=yangguo@chromium.org
BUG=v8:4305,v8:4343,v8:4344,v8:4345
LOG=Y
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1652793002
Cr-Commit-Position: refs/heads/master@{#33629}
The body of a generator function can now refer to the generator's input value via a new
"function.sent" expression. We extend the proposal at
https://github.com/allenwb/ESideas/blob/master/Generator%20metaproperty.md
in the obvious way to also apply to GeneratorResumeAbrupt.
This will enable us to desugar yield*.
The new syntax is behind a new --harmony-function-sent flag.
BUG=v8:4700
LOG=n
Review URL: https://codereview.chromium.org/1620253003
Cr-Commit-Position: refs/heads/master@{#33574}
This patch stages the first part of RegExp subclassing--defining
Symbol.{match,replace,search,split}, but keeping their original
definitions which are restricted to a RegExp receiver and do not
call out to the core 'exec' method. This is being staged separately
because the two sets of extension points are separate features with
separate functionality. The amount of behavior which is held behind
the flag is very small, just exposing the symbols as properties of
Symbol--the behavior that the String methods call out to these Symbol
properties has already been shipping unflagged.
R=yangguo@chromium.org
BUG=v8:4305,v8:4343,v8:4344,v8:4345
LOG=Y
Review URL: https://codereview.chromium.org/1637703003
Cr-Commit-Position: refs/heads/master@{#33534}
- Remove semispace target capacity: It's unused and adds some unneeded
complexity
- Enforcing decl order for SemiSpace
- Move forward declarations in spaces.h to top
- Add all members to default constructor
BUG=chromium:581076
LOG=N
Review URL: https://codereview.chromium.org/1631713002
Cr-Commit-Position: refs/heads/master@{#33515}
This CL implements PrepareForTailCall() mentioned in ES6 spec for full codegen, Crankshaft and Turbofan.
When debugger is active tail calls are disabled.
Tail calling can be enabled by --harmony-tailcalls flag.
BUG=v8:4698
LOG=Y
TBR=rossberg@chromium.org
Review URL: https://codereview.chromium.org/1609893003
Cr-Commit-Position: refs/heads/master@{#33509}
The current support for try-catch in the interpreter can handle most of
the cases appearing in our test suite. Also the flag in question did not
detect try-finally constructs. This removes the flag and instead extends
the test expectations.
R=rmcilroy@chromium.org
BUG=v8:4674
LOG=n
Review URL: https://codereview.chromium.org/1631593003
Cr-Commit-Position: refs/heads/master@{#33494}
In d8, run with --runtime-call-stats and it will output the stats when d8 finishes.
In Chrome, run the following: (only on trusted code, this punches *massive* security hole into Chrome)
chrome --js-flags="--runtime-call-stats --allow-natives-syntax"
To get the stats in the console, just run
console.log(%GetAndResetRuntimeCallStats());
To output stats every second:
setInterval(function() { console.log(%GetAndResetRuntimeCallStats()); }, 1000)
Review URL: https://codereview.chromium.org/1615943002
Cr-Commit-Position: refs/heads/master@{#33462}
Motivated by finding a bug in a larger module, this CL adds the ability
to dump out a byte-by-byte, nested view of the decoded AST. This
byte-by-byte output uses the opcode enum to make it readable, but is
suitable for pasting into a byte[] in C or JS and thus making a regression
test.
Also fix a bug; the case of running out of registers for indirect calls.
R=ahaas@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1616973004
Cr-Commit-Position: refs/heads/master@{#33442}
This removes the above flag definition. The flag is no longer needed as
the default implementation is more than capable of faking presence of
handling of try-catch and try-finally constructs by now.
R=rmcilroy@chromium.org
BUG=v8:4674
LOG=n
Review URL: https://codereview.chromium.org/1603063003
Cr-Commit-Position: refs/heads/master@{#33402}
Now that we support eval in Ignition, remove the fallback for eval checks
and make the flag only fallback on catch blocks.
BUG=v8:4280,v8:4676
LOG=N
Review URL: https://codereview.chromium.org/1595223004
Cr-Commit-Position: refs/heads/master@{#33384}
This patch moves the semantics of 'const' in sloppy mode to match those
in strict mode, that is, const makes lexical (let-like) bindings, must
have an initializer, and does not create properties of the global object.
R=adamk
LOG=Y
BUG=v8:3305
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1571873004
Cr-Commit-Position: refs/heads/master@{#33218}
Reason for revert:
Crash fixed by https://codereview.chromium.org/1564923007
Original issue's description:
> Revert of Ship ES2015 sloppy-mode function hoisting, let, class (patchset #7 id:120001 of https://codereview.chromium.org/1551443002/ )
>
> Reason for revert:
> Causes frequent crashes in Canary: chromium:537816
>
> Original issue's description:
> > Ship ES2015 sloppy-mode function hoisting, let, class
> >
> > This patch doesn't ship all features of ES2015 variable/scoping
> > changes, notably omitting the removal of legacy const. I think
> > function hoisting, let and class in sloppy mode can stand to
> > themselves as a package, and the legacy const change is much
> > riskier and more likely to be reverted, so my intention is to
> > pursue those as a separate, follow-on patch.
> >
> > R=adamk@chromium.org
> > BUG=v8:4285,v8:3305
> > LOG=Y
> > CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
> >
> > Committed: https://crrev.com/fcff8588a5a01587643d6c2507c7b882c78a2957
> > Cr-Commit-Position: refs/heads/master@{#33133}
>
> TBR=adamk@chromium.org
> # Not skipping CQ checks because original CL landed more than 1 days ago.
> BUG=v8:4285,v8:3305,chromium:537816
> LOG=Y
>
> Committed: https://crrev.com/adac5956c6216056a211cfaa460a00ac1500d8f8
> Cr-Commit-Position: refs/heads/master@{#33162}
TBR=adamk@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4285,v8:3305,chromium:537816
Review URL: https://codereview.chromium.org/1571793002
Cr-Commit-Position: refs/heads/master@{#33189}
Reason for revert:
Causes frequent crashes in Canary: chromium:537816
Original issue's description:
> Ship ES2015 sloppy-mode function hoisting, let, class
>
> This patch doesn't ship all features of ES2015 variable/scoping
> changes, notably omitting the removal of legacy const. I think
> function hoisting, let and class in sloppy mode can stand to
> themselves as a package, and the legacy const change is much
> riskier and more likely to be reverted, so my intention is to
> pursue those as a separate, follow-on patch.
>
> R=adamk@chromium.org
> BUG=v8:4285,v8:3305
> LOG=Y
> CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
>
> Committed: https://crrev.com/fcff8588a5a01587643d6c2507c7b882c78a2957
> Cr-Commit-Position: refs/heads/master@{#33133}
TBR=adamk@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=v8:4285,v8:3305,chromium:537816
LOG=Y
Review URL: https://codereview.chromium.org/1565263002
Cr-Commit-Position: refs/heads/master@{#33162}
This patch doesn't ship all features of ES2015 variable/scoping
changes, notably omitting the removal of legacy const. I think
function hoisting, let and class in sloppy mode can stand to
themselves as a package, and the legacy const change is much
riskier and more likely to be reverted, so my intention is to
pursue those as a separate, follow-on patch.
R=adamk@chromium.org
BUG=v8:4285,v8:3305
LOG=Y
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1551443002
Cr-Commit-Position: refs/heads/master@{#33133}
This patch adds the basis for subclassing TypedArrays, Arrays and
ArrayBuffers through the @@species hook, added in ES2015. This is
the first patch in a series. This patch simply defines the
@@species Symbol and installs it on the appropriate constructors.
The behavior is guarded behind the --harmony-species flag.
R=cbruni
BUG=v8:4093
LOG=Y
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
TBR=hpayer@chromium.org
Review URL: https://codereview.chromium.org/1558543002
Cr-Commit-Position: refs/heads/master@{#33095}
Adds --turbo to the set of flags run with ignition (making the
configuration pure Ignition+TurboFan except for fallbacks to
full-codegen for catch / eval). Also changes the default
--ignition-filter to allow everything, rather than omit everything.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1537433003
Cr-Commit-Position: refs/heads/master@{#33090}
Essentially a revert of https://codereview.chromium.org/1346013005 but
preserving the refactorings in elements.cc which happened in the mean time.
drive-by-fix: pass isolate as argument to more functions in elements.cc.
BUG=v8:4606
LOG=y
Review URL: https://codereview.chromium.org/1543563002
Cr-Commit-Position: refs/heads/master@{#33023}
Add an internal field to each wasm function to keep a reference to the module. (So the GC can do the right thing when you only hold references to wasm functions but not the module).
Use Realloc carefully, to avoid copying from out of bounds.
Make snprintf use platform independent.
Don't disconnect external arraybuffers provided for the heap.
R=ahaas@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1531243003
Cr-Commit-Position: refs/heads/master@{#32951}
Debug evaluate no longer writes back changes to the replicated
context chain to the original after execution. Changes to the
global object or script contexts still stick. Calling functions
that bind to the original context chain also have their expected
side effects.
As far as I can tell, DevTools is not interested in modifying
local variable values. Modifying global variable values still
works as expected. However, I have not yet removed the old
implementation, but merely keep it behind a flag.
R=mstarzinger@chromium.org, rossberg@chromium.org
Committed: https://crrev.com/92caa9b85eefffbef51c67428397951bd2e2c330
Cr-Commit-Position: refs/heads/master@{#32841}
Review URL: https://codereview.chromium.org/1513183003
Cr-Commit-Position: refs/heads/master@{#32857}
Turning it off broke both the trace viewer and using the devtools
to connect to an earlier version of Chrome running on another device.
BUG=chromium:552100, chromium:569417, chromium:569647
TBR=rossberg@chromium.org
LOG=y
Review URL: https://codereview.chromium.org/1521993004 .
Cr-Commit-Position: refs/heads/master@{#32850}
Reason for revert:
[Sheriff] Layout test changes.
Original issue's description:
> [debugger] debug-evaluate should not not modify local values.
>
> Debug evaluate no longer writes back changes to the replicated
> context chain to the original after execution. Changes to the
> global object or script contexts still stick. Calling functions
> that bind to the original context chain also have their expected
> side effects.
>
> As far as I can tell, DevTools is not interested in modifying
> local variable values. Modifying global variable values still
> works as expected. However, I have not yet removed the old
> implementation, but merely keep it behind a flag.
>
> R=mstarzinger@chromium.org, rossberg@chromium.org
>
> Committed: https://crrev.com/92caa9b85eefffbef51c67428397951bd2e2c330
> Cr-Commit-Position: refs/heads/master@{#32841}
TBR=mstarzinger@chromium.org,rossberg@chromium.org,yangguo@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1526553003
Cr-Commit-Position: refs/heads/master@{#32845}
Debug evaluate no longer writes back changes to the replicated
context chain to the original after execution. Changes to the
global object or script contexts still stick. Calling functions
that bind to the original context chain also have their expected
side effects.
As far as I can tell, DevTools is not interested in modifying
local variable values. Modifying global variable values still
works as expected. However, I have not yet removed the old
implementation, but merely keep it behind a flag.
R=mstarzinger@chromium.org, rossberg@chromium.org
Review URL: https://codereview.chromium.org/1513183003
Cr-Commit-Position: refs/heads/master@{#32841}
This is behind the --harmony-function-name flag, currently disabled.
With the flag enabled, we now pass the relevant tests in
language/statements/*/fn-name-*.
BUG=v8:3699
LOG=y
Review URL: https://codereview.chromium.org/1518873004
Cr-Commit-Position: refs/heads/master@{#32817}
This patch removes Promise functions and methods which are absent
from the ES2015 specification when the --es-staging flag is on.
The patch is being relanded after being reverted due to an
unrelated bug. This version is slightly different as promise_chain
is installed on the context regardless of the flag value, so that
the Promise::Chain API continues to work until it is deprecated.
BUG=v8:3237
R=rossberg
LOG=Y
Review URL: https://codereview.chromium.org/1513873002
Cr-Commit-Position: refs/heads/master@{#32772}
This adds a runtime flag that controls whether the WASM object is
exposed to JavaScript. While currently guarded by the V8_WASM build-time
flag, after landing in V8 the build-time flag will be removed, leaving
only this new runtime flag.
R=mstarzinger@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1507623002
Cr-Commit-Position: refs/heads/master@{#32657}
Attempt #<really big number>
Parses, and lazily rewrites Destructuring Assignment expressions. The rewriting strategy involves inserting a placeholder RewritableAssignmentExpression into the AST, whose content expression can be completely rewritten at a later time.
Lazy rewriting ensures that errors do not occur due to eagerly rewriting nodes which form part of a binding pattern, thus breaking the meaning of the pattern --- or by eagerly rewriting ambiguous constructs that are not immediately known
BUG=v8:811
LOG=Y
R=adamk@chromium.org, bmeurer@chromium.org, rossberg@chromium.org
Review URL: https://codereview.chromium.org/1309813007
Cr-Commit-Position: refs/heads/master@{#32623}
This is the first part of escape analysis for turbofan.
At the moment, there is no deopt support, and support
for loops is partial (only binary Phis are handled).
The CL includes 4 unittests.
There are also 8 new mjsunit tests, some of which are
skiped as they require features not yet implemented.
BUG=v8:4586
LOG=n
Review URL: https://codereview.chromium.org/1457683003
Cr-Commit-Position: refs/heads/master@{#32498}
Also fix CheckConflictingVarDeclarations() to properly handle
legacy const bindings. Without that change enabling the flag
causes code like:
function f() { const x; var x; }
to throw an early error, rather than wait to throw the error
until f is invoked.
The previous patch ran into problems with the fuzzer; that crash was fixed
(with test coverage added) in https://crrev.com/ceb92ebfdfb561d71038793c02b42aa973f55ec4
BUG=v8:811
LOG=y
TBR=rossberg@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1473243006
Cr-Commit-Position: refs/heads/master@{#32306}
Some highlights of this CL:
* Refactor the mutable state out of Frame into FrameAccessState,
which is maintained and updated during code generation to
record whether sp- or fp-based frame access is currently active
and how deep the stack on top of the frame is.
* The operand resultion in linkage.cc now uses FrameAccessState
to determine how to generate frame-accessing operands.
* Update all platforms to accurately track additionally pushed
stack slots (e.g. arguments for calls) in the FrameAccessState.
* Add a flag, --turbo_sp_frame_access, which forces all frame
access to be sp-based whenever possible. This will likely never
be used in production, but for testing it's useful in verifying
that the stack-tracking of each platform maintained in the
FrameAccessState is correct.
* Use sp-based frame access for gap resolving before tail
calls. This will allow for slightly more efficient restoration
of the frame pointer in the tail call in a later CL.
* Remove most ad hoc groping into CallDescriptors to
determine if a frame is needed, instead consistently use
predicates like needs_frame(), IsCFunctionCall() and
IsJSFunctionCall().
BUG=v8:4076
LOG=n
Review URL: https://codereview.chromium.org/1460183002
Cr-Commit-Position: refs/heads/master@{#32234}
Reason for revert:
Fails on V8 Fuzzer: https://build.chromium.org/p/client.v8/builders/V8%20Fuzzer/builds/6028
Original issue's description:
> Move --harmony-destructuring-bind to shipping
>
> Also fix CheckConflictingVarDeclarations() to properly handle
> legacy const bindings. Without that change enabling the flag
> causes code like:
>
> function f() { const x; var x; }
>
> to throw an early error, rather than wait to throw the error
> until f is invoked.
>
> BUG=v8:811
> LOG=y
> CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
>
> Committed: https://crrev.com/515093630a4a925a66d550561e38293d49633f10
> Cr-Commit-Position: refs/heads/master@{#32222}
TBR=rossberg@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:811
Review URL: https://codereview.chromium.org/1470333002
Cr-Commit-Position: refs/heads/master@{#32226}
Also fix CheckConflictingVarDeclarations() to properly handle
legacy const bindings. Without that change enabling the flag
causes code like:
function f() { const x; var x; }
to throw an early error, rather than wait to throw the error
until f is invoked.
BUG=v8:811
LOG=y
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1451843002
Cr-Commit-Position: refs/heads/master@{#32222}
This patch removes Promise functions and methods which are absent
from the ES2015 specification when the --es-staging flag is on.
BUG=v8:3237
R=rossberg
LOG=Y
Review URL: https://codereview.chromium.org/1469543003
Cr-Commit-Position: refs/heads/master@{#32194}
Reason for revert:
Janks finalization of full GC.
Original issue's description:
> [heap] Preserve optimized code maps accross GCs.
>
> This disables the eager flushing of optimized code maps during full GCs
> and instead treats entries in those tables weakly by default. Note that
> for now entries are removed when one of its components dies.
>
> R=mvstanton@chromium.org
>
> Committed: https://crrev.com/7a1377aab2ba4e2c9a7d422b51f645cbbaec10c7
> Cr-Commit-Position: refs/heads/master@{#32045}
TBR=mvstanton@chromium.org,mstarzinger@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1467213002
Cr-Commit-Position: refs/heads/master@{#32173}
This is in preparation for the addition of --harmony-destructuring-assignment.
BUG=v8:811
LOG=n
Review URL: https://codereview.chromium.org/1450193002
Cr-Commit-Position: refs/heads/master@{#32098}
This disables the eager flushing of optimized code maps during full GCs
and instead treats entries in those tables weakly by default. Note that
for now entries are removed when one of its components dies.
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/1430293002
Cr-Commit-Position: refs/heads/master@{#32045}
This CL fixes several sources of non-predictability by making Platform::MonotonicallyIncreasingTime() the only bottleneck for all time-querying functions and providing PredictablePlatform implementation.
Review URL: https://codereview.chromium.org/1415383004
Cr-Commit-Position: refs/heads/master@{#31959}
Adds a blacklist of tests which are currently unsupported or broken in Ignition to
the mjsunit and test262 test status.
Also removes --ignition-script-filter flag, and adds a
--ignition_fallback_on_eval_and_catch flag which fallsback to fullcodegen for
functions which call eval or contain a catch block.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1420963009
Cr-Commit-Position: refs/heads/master@{#31864}
It was originally shipped in https://crrev.com/eef2b9b09723ba1dae3ec0172341e93e9030ada0,
but was reverted due to poor interaction with Blink.
That interaction seems to be fixed thanks to changes to the V8 API
and to @@toStringTag handling on access-checked objects.
BUG=v8:3502
LOG=y
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.v8:v8_linux_nosnap_rel;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1406293011
Cr-Commit-Position: refs/heads/master@{#31846}
Since enabling destructuring already implies enabling default parameters,
there's not a good way to separate these two. Luckily, they're both
feature-complete (save for destructuring assignment).
This causes us to pass an additional 24 test262 tests.
BUG=v8:811, v8:2160
LOG=y
Review URL: https://codereview.chromium.org/1407393009
Cr-Commit-Position: refs/heads/master@{#31844}
This patch moves ES2015 ToLength semantics on array operations, etc
to from staging to shipping.
R=adamk
BUG=v8:3087
LOG=Y
Review URL: https://codereview.chromium.org/1433473003
Cr-Commit-Position: refs/heads/master@{#31810}
Many places in the JavaScript standard library are changed in ES2015 from
getting an integer using ToUint32 to using ToLength. This patch stages
the flag turning on those new semantics.
BUG=v8:3087,v8:4244
LOG=Y
R=adamk
Review URL: https://codereview.chromium.org/1426673003
Cr-Commit-Position: refs/heads/master@{#31641}
Adds a scavenge GC pass that collects unmodified references instead of
processing object groups. This mode can be controlled by setting
FLAG_scavenge_reclaim_unmodified_objects. By default this is turned off.
Also, modified a test case to suit the handle the new GC pass.
BUG=v8:4421
LOG=N
Review URL: https://codereview.chromium.org/1410593005
Cr-Commit-Position: refs/heads/master@{#31599}
This patch switches sloppy-mode code from legacy const semantics
to ES2015 semantics. It is unknown how much of the web will be
broken by this; likely the patch will have to be reverted before
a branch happens.
BUG=v8:3739
LOG=Y
R=rossberg,adamk
Review URL: https://codereview.chromium.org/1420223003
Cr-Commit-Position: refs/heads/master@{#31525}
Both the JSTypeFeedbackSpecializer and the JSTypeFeedbackLowering is
dead code by now, since the more general JSNativeContextSpecialization
deals with the property/global load/store type feedback in a way that
also interacts properly with inlining.
BUG=v8:4470
LOG=n
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1407913003 .
Cr-Commit-Position: refs/heads/master@{#31462}
This stages the general purpose inlining mechanism in TurboFan and
also disables the remaining tests that still fail. We do this to get
test coverage early and to avoid regressing inlining as we go along.
R=jarin@chromium.org,mstarzinger@chromium.org
BUG=v8:4493
LOG=n
Review URL: https://codereview.chromium.org/1419623002
Cr-Commit-Position: refs/heads/master@{#31406}
This stages the general purpose inlining mechanism in TurboFan and also
disables the remaining tests that still fail. We do this to get test
coverage early and to avoid regressing inlining as we go along.
R=bmeurer@chromium.org
BUG=v8:4493
LOG=n
Review URL: https://codereview.chromium.org/1412703002
Cr-Commit-Position: refs/heads/master@{#31386}
Reason for revert:
This still breaks Inbox.
Original issue's description:
> Stage --harmony_sloppy_function
>
> This patch turns on ES2015-style function hoisting semantics in
> staging. --harmony_sloppy_function was previously staged, leading
> to a number of bugs being filed and the staging being reversed;
> important bugs have been fixed, so it is time to try again.
>
> R=adamk
> LOG=Y
> BUG=v8:4285
>
> Committed: https://crrev.com/333e27fd99f8187c97e62b9538529900f0a30668
> Cr-Commit-Position: refs/heads/master@{#31190}
TBR=adamk@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4285
Review URL: https://codereview.chromium.org/1402763003
Cr-Commit-Position: refs/heads/master@{#31206}
This patch turns on ES2015-style function hoisting semantics in
staging. --harmony_sloppy_function was previously staged, leading
to a number of bugs being filed and the staging being reversed;
important bugs have been fixed, so it is time to try again.
R=adamk
LOG=Y
BUG=v8:4285
Review URL: https://codereview.chromium.org/1393423002
Cr-Commit-Position: refs/heads/master@{#31190}
Add a flag to explicitly filter scripts in ignition and use it for the test262
variant. The previous approach of overloading ignition-filter meant that only
top-level code was getting compiled through ignition.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1396493002
Cr-Commit-Position: refs/heads/master@{#31164}
Introduce a new JSGlobalSpecialization advanced reducer that runs
during the initial inlining and context specialization, and specializes
the graph to the globals of the native context. Currently we assume
that we do not inline cross native context, but long-term we will grab
the global object from the JSLoadGlobal/JSStoreGlobal feedback (with the
new global load/store ICs that are currently in the workings), and then
this whole specialization will be fully compositional even across
cross-context inlining.
Note that we cannot really handle most of the stores to global object
property cells because TurboFan doesn't have a mechanism to enforce
certain representations. Also note that we cannot yet fully benefit
from the type feedback collected on the global object property cells,
because the type system cannot deal with maps in a reasonable way.
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_rel
R=jarin@chromium.org
BUG=v8:4470
LOG=n
Committed: https://crrev.com/6fbf7903f94924ea066af481719898bd9667b6eb
Cr-Commit-Position: refs/heads/master@{#31139}
Review URL: https://codereview.chromium.org/1387393002
Cr-Commit-Position: refs/heads/master@{#31148}
Reason for revert:
Breaks GC stress: http://build.chromium.org/p/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/1984/steps/Bisect%20c5528ac1.Retry/logs/regress-crbug-450960
Original issue's description:
> [turbofan] Add initial support for global specialization.
>
> Introduce a new JSGlobalSpecialization advanced reducer that runs
> during the initial inlining and context specialization, and specializes
> the graph to the globals of the native context. Currently we assume
> that we do not inline cross native context, but long-term we will grab
> the global object from the JSLoadGlobal/JSStoreGlobal feedback (with the
> new global load/store ICs that are currently in the workings), and then
> this whole specialization will be fully compositional even across
> cross-context inlining.
>
> Note that we cannot really handle most of the stores to global object
> property cells because TurboFan doesn't have a mechanism to enforce
> certain representations. Also note that we cannot yet fully benefit
> from the type feedback collected on the global object property cells,
> because the type system cannot deal with maps in a reasonable way.
>
> CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_rel
> R=jarin@chromium.org
> BUG=v8:4470
> LOG=n
>
> Committed: https://crrev.com/6fbf7903f94924ea066af481719898bd9667b6eb
> Cr-Commit-Position: refs/heads/master@{#31139}
TBR=jarin@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4470
Review URL: https://codereview.chromium.org/1390073004
Cr-Commit-Position: refs/heads/master@{#31144}
Introduce a new JSGlobalSpecialization advanced reducer that runs
during the initial inlining and context specialization, and specializes
the graph to the globals of the native context. Currently we assume
that we do not inline cross native context, but long-term we will grab
the global object from the JSLoadGlobal/JSStoreGlobal feedback (with the
new global load/store ICs that are currently in the workings), and then
this whole specialization will be fully compositional even across
cross-context inlining.
Note that we cannot really handle most of the stores to global object
property cells because TurboFan doesn't have a mechanism to enforce
certain representations. Also note that we cannot yet fully benefit
from the type feedback collected on the global object property cells,
because the type system cannot deal with maps in a reasonable way.
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_rel
R=jarin@chromium.org
BUG=v8:4470
LOG=n
Review URL: https://codereview.chromium.org/1387393002
Cr-Commit-Position: refs/heads/master@{#31139}
Reason for revert:
[Sheriff] Speculative revert due to crbug.com/539814
Original issue's description:
> Changed scavenge GC to collect unmodified references
>
> Added a scavenge GC pass that collects unmodified references instead of
> processing object groups. This mode can be controlled by setting
> FLAG_scavenge_remove_unmodified_objects. By default this is turned off.
> Also, modified a test case to suit the handle the new GC pass.
>
> BUG=v8:4421
> LOG=N
>
> Committed: https://crrev.com/6254019238a853c9f3c09d615ba153043f6957c7
> Cr-Commit-Position: refs/heads/master@{#31102}
TBR=jochen@chromium.org,rmcilroy@chromium.org,mythria@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4421,chromium:539814
Review URL: https://codereview.chromium.org/1388133002
Cr-Commit-Position: refs/heads/master@{#31130}
Added a scavenge GC pass that collects unmodified references instead of
processing object groups. This mode can be controlled by setting
FLAG_scavenge_remove_unmodified_objects. By default this is turned off.
Also, modified a test case to suit the handle the new GC pass.
BUG=v8:4421
LOG=N
Review URL: https://codereview.chromium.org/1358703003
Cr-Commit-Position: refs/heads/master@{#31102}
Arrow functions have been enabled by default since the 4.5 branch.
Review URL: https://codereview.chromium.org/1373633002
Cr-Commit-Position: refs/heads/master@{#31031}
The current implemention breaks sloppy mode code that uses function
declarations inside blocks at top-level. Work is ongoing on a patch
to fix this issue, but in the meantime it seems reasonable to move
the feature out of staging.
Manual revert of commit 6e07f5a75b.
R=littledan@chromium.org
BUG=chromium:535836
LOG=y
Review URL: https://codereview.chromium.org/1375213005
Cr-Commit-Position: refs/heads/master@{#31029}
This name makes it clear that the flag (also the variant in the Compiler)
is talking about specializing to the function context instead of i.e. the
native context.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1372513003
Cr-Commit-Position: refs/heads/master@{#30934}
It's been enabled since M45, which is now well into its stable period,
with no problems reported.
Review URL: https://codereview.chromium.org/1356793002
Cr-Commit-Position: refs/heads/master@{#30835}
Defines a new --harmony-tolength flag, and a ToLengthFlagged() runtime function,
that is used where ES6 requires ToLength(), but a pre-ES6 conversion existed
before. When the flag is disabled, the function uses TO_UINT32(), which is
the pre-ES6 behaviour. When the flag enabled, the ES6-compliant ToLength()
conversion is used.
Based on a patch initially from Diego Pino <dpino@igalia.com>
BUG=v8:3087
LOG=Y
Review URL: https://codereview.chromium.org/1309243003
Cr-Commit-Position: refs/heads/master@{#30772}
There isn't a plan to turn it on soon, so we'll take it out in favor of cleaner code.
BUG=
Review URL: https://codereview.chromium.org/1202173002
Cr-Commit-Position: refs/heads/master@{#30767}
Some pretty hacky code was used to carry out the tail-call
handler dispatch on ia32 vector stores due to a lack
of free registers. It really tanks performance. A better
approach is to use a virtual register on the isolate.
BUG=
Review URL: https://codereview.chromium.org/1336313002
Cr-Commit-Position: refs/heads/master@{#30718}
