Port 0637f5f64c
Original commit message:
If we deoptimize from TurboFan or Crankshaft into the body of a for-in
loop and that for-in mode then switches to slow mode (i.e. has to call
%ForInFilter), we have to record that feedback, because otherwise we
might actually OSR into that loop assuming that it's fast mode still,
or even worse recompile the function later when we call it again w/o
having rerun the for-in loop in fullcodegen from the beginning (where
was previously the only place we could learn).
R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=v8:3650
LOG=n
Review URL: https://codereview.chromium.org/1644383002
Cr-Commit-Position: refs/heads/master@{#33617}
String wrappers (new String("foo")) are special objects: their string
characters are accessed like elements, and they also have an elements
backing store. This used to require a bunch of explicit checks like:
if (obj->IsJSValue() && JSValue::cast(obj)->value()->IsString()) {
/* Handle string characters */
}
// Handle regular elements (for string wrappers and other objects)
obj->GetElementsAccessor()->Whatever(...);
This CL introduces new ElementsKinds for string wrapper objects (one for
fast elements, one for dictionary elements), which allow folding the
special-casing into new StringWrapperElementsAccessors.
No observable change in behavior is intended.
Review URL: https://codereview.chromium.org/1612323003
Cr-Commit-Position: refs/heads/master@{#33616}
Previously, String.prototype.normalize constructed its ICU input
string as a null-terminated string. This creates a bug for strings
which contain a null byte, which is allowed in ECMAScript. This
patch constructs the ICU string based on its length so that the
entire string is normalized.
R=jshin@chromium.org
BUG=v8:4654
LOG=Y
Review URL: https://codereview.chromium.org/1645223003
Cr-Commit-Position: refs/heads/master@{#33614}
If we deoptimize from TurboFan or Crankshaft into the body of a for-in
loop and that for-in mode then switches to slow mode (i.e. has to call
%ForInFilter), we have to record that feedback, because otherwise we
might actually OSR into that loop assuming that it's fast mode still,
or even worse recompile the function later when we call it again w/o
having rerun the for-in loop in fullcodegen from the beginning (where
was previously the only place we could learn).
R=mstarzinger@chromium.org
BUG=v8:3650
LOG=n
Review URL: https://codereview.chromium.org/1638303008
Cr-Commit-Position: refs/heads/master@{#33612}
Port cb9b801069
Original commit message:
The previous versions of Math.max and Math.min made it difficult to
optimize those (that's why we already have custom code in Crankshaft),
and due to lack of ideas what to do about the variable number of
arguments, we will probably need to stick in special code in TurboFan
as well; so inlining those builtins is off the table, hence there's no
real advantage in having them around as "not quite JS" with extra work
necessary in the optimizing compilers to still make those builtins
somewhat fast in cases where we cannot inline them (also there's a
tricky deopt loop in Crankshaft related to Math.min and Math.max, but
that will be dealt with later).
So to sum up: Instead of trying to make Math.max and Math.min semi-fast
in the optimizing compilers with weird work-arounds support %_Arguments
%_ArgumentsLength, we do provide the optimal code as native builtins
instead and call it a day (which gives a nice performance boost on some
benchmarks).
BUG=
Review URL: https://codereview.chromium.org/1643973002
Cr-Commit-Position: refs/heads/master@{#33611}
Also remove duplicate code Disassemble, which is already done in TF pipeline.
BUG=
Review URL: https://codereview.chromium.org/1634653002
Cr-Commit-Position: refs/heads/master@{#33610}
The for-in slow mode implementation in Crankshaft unconditionally
deoptimizes when %ForInFilter returns undefined instead of just
skipping the item. Even worse, there's nothing we can learn from
that deopt, so we will eventually optimize again and hit exactly
the same problem again once we get back to optimized code.
R=mvstanton@chromium.org
BUG=v8:3650
LOG=n
Review URL: https://codereview.chromium.org/1647093002
Cr-Commit-Position: refs/heads/master@{#33609}
This refactors how the BytecodeArrayIterator is passed to visitation
methods on the BytecodeGraphBuilder. We no longer pass it explicitly,
but use the field accessor instead. Note that const-ness is still
preserved and visitation methods are still not able to mutate the
iterator. The main goal of this refactoring is increased readability.
R=rmcilroy@chromium.org
Review URL: https://codereview.chromium.org/1642893004
Cr-Commit-Position: refs/heads/master@{#33607}
This moves the definition of the Environment class into the compilation
unit because it is only used there and not needed outside, the header
doesn't need to expose it.
R=rmcilroy@chromium.org
Review URL: https://codereview.chromium.org/1644103002
Cr-Commit-Position: refs/heads/master@{#33605}
Without this change, the v8::Local<> constructor will be picked up by the
compiler as an option for an implicit cast for any pointer type. This leads
to bad error messages when accidentally passing an erroneous pointer type to
a function wanting a Local<> (complains about a pointer assignment in Local<>'s
constructor as opposed to a bad type for the parameter of the function being
called) and also causes ambiguity errors where none should exist when calling
overloaded functions (for example a function taking either a std::string or a
v8::Local<v8::Script> cannot be called with a const char * because the compiler
sees both types as being constructable with a const char *).
R=jochen@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1647833005
Cr-Commit-Position: refs/heads/master@{#33602}
Reason for revert:
problems on Mac64
Original issue's description:
> [turbofan] Add the StackSlot operator to turbofan.
>
> The StackSlot operator allows to allocate a spill slot on the stack. We
> are going to use this operator to pass floats through pointers to c
> functions, which we need for floating point rounding in the case where
> the architecture does not provide rounding instructions.
>
> R=titzer@chromium.org, v8-arm-ports@googlegroups.com, v8-ppc-ports@googlegroups.com, v8-mips-ports@googlegroups.com
>
> Committed: https://crrev.com/7a693437787090d62d937b862e29521debcc5223
> Cr-Commit-Position: refs/heads/master@{#33600}
TBR=titzer@chromium.org,v8-arm-ports@googlegroups.com,v8-mips-ports@googlegroups.com,v8-ppc-ports@googlegroups.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1644283002
Cr-Commit-Position: refs/heads/master@{#33601}
So far the for-in slow path in Crankshaft unconditionally called
%ForInFilter for every iteration of the for-in loop, without paying
attention to the possible enum cache equipped receiver map. So even
though we iterate the enum cache FixedArray associated with the map
we don't check the map, but always go to %ForInFilter. This would be
perfectly fine if the enum cache FixedArray would be immutable, but
due to some funny GC/runtime interaction kicking in, the enum cache
can be right trimmed while we are iterating it, and the only way to
detect this is to ensure that we check the map when accessing the
enum cache.
BUG=v8:3650,v8:4715
LOG=n
Review URL: https://codereview.chromium.org/1650493002
Cr-Commit-Position: refs/heads/master@{#33599}
Rolling v8/buildtools to be55b9ad86a4a5f760895984f93f76038e08e29e
Rolling v8/tools/clang to 2b2edb2dbbc5818f98972eeefd756cdcd69aa6f3
TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
Review URL: https://codereview.chromium.org/1650463002
Cr-Commit-Position: refs/heads/master@{#33598}
This is to fix a bug in the bytecode graph builder. This cl adds a new merge
node before we copy the environment on conditional/unconditional jumps. Since
these environments could be merged later, we add a place holder merge so that
the control dependencies are correctly merged. If we do not have a merge node
we may incorrectly merge the dependencies into the previous block.
For ex: test-run-variables/ContextStoreVariables in cctests.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1641143002
Cr-Commit-Position: refs/heads/master@{#33591}
avoid jump threading erasing the reconstruction of a frame, if the
frame was elided.
BUG=
Review URL: https://codereview.chromium.org/1642823002
Cr-Commit-Position: refs/heads/master@{#33590}
Compilation dependencies for O32 ABI are removed from the code and now
compilation will be done according n64 ABI only.
TEST=
BUG=
Review URL: https://codereview.chromium.org/1638303005
Cr-Commit-Position: refs/heads/master@{#33589}
Disabling it for anything else, to avoid compile time overhead.
BUG=
Review URL: https://codereview.chromium.org/1641653005
Cr-Commit-Position: refs/heads/master@{#33587}
With the new iteration strategy, sucessors of EffectPhis
are only visited once the effect phi has been processed.
BUG=v8:4586
LOG=n
Review URL: https://codereview.chromium.org/1641923003
Cr-Commit-Position: refs/heads/master@{#33586}
This adds debug code to the interpreter entry trampoline to ensure that
the called bytecode handler will never return, but instead tear down the
frame with a proper exit trampoline eventually.
R=rmcilroy@chromium.org
Review URL: https://codereview.chromium.org/1642063002
Cr-Commit-Position: refs/heads/master@{#33585}
ES2015 Annex B.1.4 specifies a restricted pattern language for unicode
mode. This change reflects that, based on some test262 test cases.
R=littledan@chromium.org
BUG=v8:2952
LOG=N
Review URL: https://codereview.chromium.org/1645573002
Cr-Commit-Position: refs/heads/master@{#33584}
Reason for revert:
Revert patch due to a number of failures appearing on the MIPS v8 simulator
Original issue's description:
> MIPS: Add FPXX support to MIPS32R2
>
> The JIT code generated by V8 is FPXX compliant
> when v8 compiled with FPXX flag. This allows the code to
> run in both FP=1 and FP=0 mode. It also alows v8 to be used
> as a library by both FP32 and FP64 binaries.
>
> BUG=
>
> Committed: https://crrev.com/95110dde666158a230a823fd50a68558ad772320
> Cr-Commit-Position: refs/heads/master@{#33576}
TBR=paul.lind@imgtec.com,gergely.kis@imgtec.com,akos.palfi@imgtec.com,ilija.pavlovic@imgtec.com,marija.antic@imgtec.com,miran.karic@imgtec.com,balazs.kilvady@imgtec.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1646813003
Cr-Commit-Position: refs/heads/master@{#33583}
The previous versions of Math.max and Math.min made it difficult to
optimize those (that's why we already have custom code in Crankshaft),
and due to lack of ideas what to do about the variable number of
arguments, we will probably need to stick in special code in TurboFan
as well; so inlining those builtins is off the table, hence there's no
real advantage in having them around as "not quite JS" with extra work
necessary in the optimizing compilers to still make those builtins
somewhat fast in cases where we cannot inline them (also there's a
tricky deopt loop in Crankshaft related to Math.min and Math.max, but
that will be dealt with later).
So to sum up: Instead of trying to make Math.max and Math.min semi-fast
in the optimizing compilers with weird work-arounds support %_Arguments
%_ArgumentsLength, we do provide the optimal code as native builtins
instead and call it a day (which gives a nice performance boost on some
benchmarks).
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1641083003
Cr-Commit-Position: refs/heads/master@{#33582}
This translates the exception handler table attached to a bytecode array
correctly into exceptional projections within the TurboFan graph. We
perform an abstract simulation of handlers that are being entered and
exited by the bytecode iteration to track the correct handler for each
node.
R=oth@chromium.org
BUG=v8:4674
LOG=n
Review URL: https://codereview.chromium.org/1641723002
Cr-Commit-Position: refs/heads/master@{#33580}
This change adds AbstractCode, which can be either Code or
BytecodeArray, and adds methods to calculate source position based
on that. Also cleans up to use code offsets instead of raw PC
where possible, and consistently uses the offset from instruction
start (as opposed to code object start).
R=rmcilroy@chromium.org, vogelheim@chromium.org
BUG=v8:4690
LOG=N
Review URL: https://codereview.chromium.org/1618343002
Cr-Commit-Position: refs/heads/master@{#33579}
BUG=
A bug in android-sync.sh, which caused the android_arm.release.check
unittests crash on device. It is fixed by adding:
sync_file "$OUTDIR/$ARCH_MODE/natives_blob.bin"
sync_file "$OUTDIR/$ARCH_MODE/snapshot_blob.bin"
Review URL: https://codereview.chromium.org/1616393002
Cr-Commit-Position: refs/heads/master@{#33578}
The JIT code generated by V8 is FPXX compliant
when v8 compiled with FPXX flag. This allows the code to
run in both FP=1 and FP=0 mode. It also alows v8 to be used
as a library by both FP32 and FP64 binaries.
BUG=
Review URL: https://codereview.chromium.org/1586223004
Cr-Commit-Position: refs/heads/master@{#33576}
This currently works since we never call set_target_cell when we have to record slots for evacuation. It would break with black allocation.
BUG=chromium:561449
LOG=n
Review URL: https://codereview.chromium.org/1643573003
Cr-Commit-Position: refs/heads/master@{#33575}
The body of a generator function can now refer to the generator's input value via a new
"function.sent" expression. We extend the proposal at
https://github.com/allenwb/ESideas/blob/master/Generator%20metaproperty.md
in the obvious way to also apply to GeneratorResumeAbrupt.
This will enable us to desugar yield*.
The new syntax is behind a new --harmony-function-sent flag.
BUG=v8:4700
LOG=n
Review URL: https://codereview.chromium.org/1620253003
Cr-Commit-Position: refs/heads/master@{#33574}
X87 TurboFan code generation convention assumes that there is always a value at the top of the X87 FPU stack for each TurboFan's float operation.
But native C++ function assumes there are 8 FPU stack slots can be used when it's called. This will lead to FPU stack overflow when TurboFan x87 code calls or returns back to native C++ function.
as there are only 7 FPU stack slots remained for this native C++ function.
This CL does:
1. Make sure X87 FPU stack depth always 1 before each TurboFan's float operation
2. Remove the top value in X87 FPU stack required by TurboFan when calling or returning from TurboFan Functions to other TurboFan or Non-TurboFan Functions.
3. Add the strict X87 FPU stack depth check for TurboFan debug code.
4. Re-initialize the X87 FPU stack and push a value at the top of the X87 FPU stack to satify the X87 TurboFan code generation convention for float operation
at the entries where the TurboFan code will be called such as: exception handler, CallCFunctions in tests,..etc
BUG=
Review URL: https://codereview.chromium.org/1636353002
Cr-Commit-Position: refs/heads/master@{#33573}
We can reduce Math.round(v) to a sequence of
let i = Float64RoundUp(v);
let r = i - v;
return r > 0.5 ? 1.0 + i : i;
if the target supports the Float64RoundUp machine operator (i.e.
roundsd with RoundUp rounding on Intel processors with SSE4.1).
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1640393002
Cr-Commit-Position: refs/heads/master@{#33572}
We already have this fast case in Crankshaft where we don't call
%ToInteger when the input is already a SMI. Add the same optimization
to JSIntrinsicLowering.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1641753002
Cr-Commit-Position: refs/heads/master@{#33571}