Instead of calling the LoadGlobalIC stub, bytecode handlers now inline
logic for LoadGlobalIC. The LoadGlobalICData case takes a fast path
which omits name loading and frame construction.
BUG=v8:5917
Review-Url: https://codereview.chromium.org/2684973002
Cr-Commit-Position: refs/heads/master@{#43210}
... and don't clear ICs during GC. The IC clearing used to prevent memory
leaks but it's not necessary anymore because all the handlers that need
to embed objects already use weak cells.
This CL unblocks inlining of IC dispatchers into bytecode handlers.
BUG=v8:5917
Change-Id: I229b9ba8dba44f431dfbe8ac5370d855e3e84dd6
Reviewed-on: https://chromium-review.googlesource.com/442127
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43209}
This allows part of typed lowering that is solely based on type-hints to
run as part of the graph construction. The lowering in question does not
inspect types and hence doesn't require the typer to have run before. We
insert the speculative simplied-level operations in favor of the generic
JavaScript-level variants.
R=bmeurer@chromium.org
Change-Id: I5f0549fc1e4ff607622ee9059e6232a32f77db2e
Reviewed-on: https://chromium-review.googlesource.com/442584
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43208}
ParserBase::is_any_identifier currently does not recognise
Token::ESCAPED_STRICT_RESERVED_WORD as an identifier. This seems different
from what ParserBase::ParseIdentifierName does, and also prevents
"l\u0065t", unlike "let", from becoming a label.
This CL extends is_any_identifier to also accept ESCAPED_STRICT_RESERVED_WORD.
BUG=v8:5692
Review-Url: https://codereview.chromium.org/2695973003
Cr-Commit-Position: refs/heads/master@{#43204}
The method ExpressionUnexpectedToken is not referenced anywhere apart from its
definition. This CL removes it.
The association with the bug below is only through discovering the dead code
when working on a fix for that bug.
BUG=v8:5692
Review-Url: https://codereview.chromium.org/2688413009
Cr-Commit-Position: refs/heads/master@{#43203}
Previously we captured the PC before calling EnsureSpace in
RecordProtectedInstruction. Sometimes EnsureSpace would resize and move
the buffer, which would invalidate the previously captured PC and trip an
assert when writing RelocInfo. With this change, we do not capture the PC
until after we've ensured there's enough space, which ensures the PC will
be valid.
BUG=
Review-Url: https://codereview.chromium.org/2690523003
Cr-Commit-Position: refs/heads/master@{#43202}
Use them to encode int32 constants properly.
This reduces the generated wasm size in the unity benchmark from
21.6 MB to 16.8 MB (-22.2%).
This hopefully also translates to increased performance especially on
mobile because of lower memory usage.
R=bradnelson@chromium.org, titzer@chromium.org
Review-Url: https://codereview.chromium.org/2692943002
Cr-Commit-Position: refs/heads/master@{#43200}
because that's what it actually does. In the next step, I will
introduce EmitVarInt again with the correct semantics, and use it in
EmitI32Const and other places where we don't do proper varint encoding
currently.
R=bradnelson@chromium.org, titzer@chromium.org
Review-Url: https://codereview.chromium.org/2694633003
Cr-Commit-Position: refs/heads/master@{#43198}
CreateNumberFormat of src/js/i18n.js implements
http://www.ecma-international.org/ecma-402/1.0/#sec-11.1.1.1, but has a typo
in step 33a. The spec says that the default value for minimumSignificantDigits
should be 1, while the script set it to 0.
This CL fixes that typo and adds a test for that.
BUG=v8:5554
Review-Url: https://codereview.chromium.org/2694673003
Cr-Commit-Position: refs/heads/master@{#43197}
It's needed by code-stubs.h and it was defined in objects-inl.h.
That cannot work without violating the include rules.
BUG=v8:5402
R=mstarzinger@chromium.org
Change-Id: Icb84b97de5622df8cf76e9fc4d117982901c99d9
Reviewed-on: https://chromium-review.googlesource.com/441845
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43195}
After https://github.com/tc39/ecma262/pull/642, Date.UTC no longer requires
the month argument to be specified. The spec provides 0 as its default value.
This CL updates the builtins-date.cc code to reflect that and drops the test
suppression for test262/built-ins/Date/UTC/return-value.
BUG=v8:5534
Review-Url: https://codereview.chromium.org/2689173003
Cr-Commit-Position: refs/heads/master@{#43193}
Add the function literal to eager_literals before recursing into the literal.
This ensures that the order of eager_literals reflects the order in which
the functions will be called, which in-turn ensures it is compiled first
by the compiler-dispatcher.
BUG=v8:5203
Change-Id: I0e334a7d1ee93cf67936adbadd2883e40acb1cc5
Reviewed-on: https://chromium-review.googlesource.com/441825
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43192}
BUG=
Change-Id: I4a5db9bc045a63e710d0115523ab23b98e7c7ae6
Reviewed-on: https://chromium-review.googlesource.com/442504
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43189}
... and revert "[runtime] Mark maps created as a result of field type or
representation generalization as migration targets." because it regresses
performance of too many map checks in optimized code.
BUG=v8:5444, chromium:680995
Change-Id: I84038d75425df3709a81e5fdcc6c0db32939060d
Reviewed-on: https://chromium-review.googlesource.com/442125
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43188}
The string will be internalized anyhow when the first object is instantiated,
and since templates are eternal, the string will be eternal anyhow even if
the template is never instantiated.
Review-Url: https://codereview.chromium.org/2697683002
Cr-Commit-Position: refs/heads/master@{#43187}
My hypothesis is that the OOM crash is caused by a loop of forgetting and reallocating a VirtualObject inside of a VirtualState.
R=mstarzinger@chromium.org
BUG=chromium:691487
Review-Url: https://codereview.chromium.org/2694723002
Cr-Commit-Position: refs/heads/master@{#43184}
CQ will only allow CL authors (owners in Gerrit) and V8 committers to trigger
CQ in Gerrit codereview. Thus, CQ voting restriction to just committers
can be lifted, letting every authenticated user attempt to trigger CQ.
R=machenbach@chromium.org,agable@chromium.org
BUG=641422,685318
NOTRY=True
Change-Id: Ied310a65277d6fefa44a9945cc780cb8fe827e03
Reviewed-on: https://chromium-review.googlesource.com/442124
Commit-Queue: Andrii Shyshkalov <tandrii@chromium.org>
Reviewed-by: Aaron Gable <agable@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43183}
If the Reflect.construct receives an argument expected to be a constructor,
and the argument is not a constructor, V8 currently declares that
Reflect.construct is not a function. It should instead say that the offending
argument is not a constructor.
This is the case for all ports of builtins
(Builtins::Generate_ReflectConstruct). All of them make an
attempt to at least pass the right argument to the TypeError parametrised
message, calling out the offending Reflect.construct argument. However,
Runtime::kThrowCalledNonCallable extracts the callsite from those arguments,
discarding the precise information.
This CL adds Runtime::kNotConstructor, which reports the arguments passed
to it, and the CL also modifies the ports of builtins to make use of
Runtime::kNotConstructor
BUG=v8:5671
Review-Url: https://codereview.chromium.org/2688393003
Cr-Commit-Position: refs/heads/master@{#43182}
I identified lots of asm.js tests that are actually not valid according
to the spec, hence they execute in default-javascript-mode.
This CL fixes most of them by adding additional type annotations.
The atomic tests are totally non-spec-compliant by expecting a fourth
argument, and infinite-loops-taken expects a function-type parameter,
so I did not fix those.
I also did not fix the regression tests.
R=titzer@chromium.org, bradnelson@chromium.org
BUG=v8:4203
Review-Url: https://codereview.chromium.org/2663243002
Cr-Commit-Position: refs/heads/master@{#43179}
Within the initialization of a WasmInstanceWrapper a WeakCell is
allocated for the wrapped instance. This allocation of the WeakCell can
cause a garbage collection. The bug happened because a pointer to the
WasmInstanceWrapper was stored in the unhandlified this pointer, which
was invalidated by the garbage collection.
R=clemensh@chromium.orgCC=gdeepti@chromium.org
BUG=chromium:691538
Change-Id: I7001ab7ad3ee30f4c87a13c42e2fd16c0c86027a
Reviewed-on: https://chromium-review.googlesource.com/441766
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43177}
Port 6ee0b6cec6
Original Commit Message:
This adds support for deoptimizing into the JSConstructStub after the
receiver instantiation but before the actual constructor invocation.
Such a deoptimization point is needed for cases where instantiation
might be observed (e.g. when new.target is a proxy) and hence might
trigger a deopt.
We use this new deoptimization point for the "after" frame-state the
inliner attaches to {JSCreate} nodes being inserted when constructor
calls are being inlined.
R=mstarzinger@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=v8:5638
LOG=N
Review-Url: https://codereview.chromium.org/2690213002
Cr-Commit-Position: refs/heads/master@{#43171}
- Renames select, swizzle, and shuffle to be consistent with the S128 and
existing S32x4 ops, and reflect that these aren't arithmetic.
e.g. I16x8Swizzle -> S16x8Swizzle.
- Implements S16x8 and S8x16 Select operations and tests.
- Implements S128And, Or, Xor, Not operations and tests.
- Implements Swizzle for 32x4 formats.
- Refactors test macros that generate SIMD code.
TEST=cctest/test-run-wasm-simd/*
LOG=N
BUG=v8:4124
Review-Url: https://codereview.chromium.org/2683713003
Cr-Commit-Position: refs/heads/master@{#43168}
Port 6c12d57ead
Original Commit Message:
This fixes the case where the index passed to {HMaybeGrowElements} used
to derive the new capacity for the elements backing store does not fit
into Smi range. Such an overflow would fail the capacity check and cause
growing to be skipped. Subsequent keyed stores would potentially go out
of bounds.
R=mstarzinger@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=chromium:686427
LOG=N
Review-Url: https://codereview.chromium.org/2697473004
Cr-Commit-Position: refs/heads/master@{#43167}
Unlike the old manually written LoadNonexistent stub, the data handler properly supports keyed loads out of the box. Simply remove the condition that disables it.
BUG=
Review-Url: https://codereview.chromium.org/2693913002
Cr-Commit-Position: refs/heads/master@{#43165}