port ec9bc79473 (r29949).
original commit message:
Previously these instructions tried to jump to the value at the code entry's
location, rather than jumping to this location. Also adds a test.
BUG=
Review URL: https://codereview.chromium.org/1256163003
Cr-Commit-Position: refs/heads/master@{#29964}
port 1a5751f9b3 (r29956)
original commit message:
Since we need the notion of a dummy vector ic, we can use that to avoid
a special case of the IC constructor. Also, consolidate the two dummy
ICs into one.
BUG=
Review URL: https://codereview.chromium.org/1265113002
Cr-Commit-Position: refs/heads/master@{#29963}
Introduce new mechanism for relocating j/jal.
Resolves flaky failures of mozilla regress tests.
Additionally:
- internal encoded references are not relocated during code generation phase.
- remove asserts from j and jal which are not
valid because addresses are not final and valid in code generation phase.
TEST=mozilla/js1_5/Regress/regress-280769-2, regress-367561-01,
mozilla/ecma_3/Statements/regress-444979
BUG=
R=paul.lind@imgtec.com
Review URL: https://codereview.chromium.org/1216823003 .
Patch from dusan.milosavljevic <dusan.milosavljevic@imgtec.com>.
Cr-Commit-Position: refs/heads/master@{#29962}
Since we need the notion of a dummy vector ic, we can use that to avoid
a special case of the IC constructor. Also, consolidate the two dummy
ICs into one.
BUG=
Review URL: https://codereview.chromium.org/1268783004
Cr-Commit-Position: refs/heads/master@{#29956}
This is the initial (big) step towards a more uniform implementation of
the ToObject abstract operation (ES6 7.1.13), where we have a fallback
implementation in JSReceiver::ToObject() and a fast (hydrogen) CodeStub
to deal with the fast case (we should be able to do more cleanup on this
in a followup CL). For natives we expose the abstract operation via a
%_ToObject intrinsic, also exposed via a macro TO_OBJECT, that unifies
the previous confusion with TO_OBJECT_INLINE, ToObject, TO_OBJECT,
$toObject and %$toObject. Now the whole implementation of the abstract
operation is context independent, meaning we don't need any magic in the
builtins object nor the native context.
R=mvstanton@chromium.org,yangguo@chromium.org
Review URL: https://codereview.chromium.org/1266013006
Cr-Commit-Position: refs/heads/master@{#29953}
Also, a one line fix in TurboFan to call the correct store ic.
BUG=
Review URL: https://codereview.chromium.org/1266983002
Cr-Commit-Position: refs/heads/master@{#29952}
Previously these instructions tried to jump to the value at the code entry's
location, rather than jumping to this location. Also adds a test.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1265723003
Cr-Commit-Position: refs/heads/master@{#29949}
port c5dd553cf3 (r29929).
original commit message:
Adds interpreter entry and exit trampoline builtins. Also implements the
Return bytecode handler and fixes a few bugs in InterpreterAssembler
highlighted by running on other architectures.
BUG=
Review URL: https://codereview.chromium.org/1271433002
Cr-Commit-Position: refs/heads/master@{#29943}
port 597da50322 (r29910).
original commit message:
Changes the interpreter to use a BytecodeArray pointer and an offset to avoid
having an inner pointer to a BytecodeArray object in registers during dispatch.
BUG=
Review URL: https://codereview.chromium.org/1267783002
Cr-Commit-Position: refs/heads/master@{#29942}
Add factory methods for different types of LinkageLocations, and ensure that
accesses to the underlying data in the location are classified by type and
funneled through explicit accessors.
Also change the representation of LinkageLocation to use a BitField rather
than using a reserved section of the integer range.
Review URL: https://codereview.chromium.org/1262343002
Cr-Commit-Position: refs/heads/master@{#29938}
When enabling the v8 profiler (Using the following command parameters: --js-flags=--prof)
or vtune profiling in chromium. it will break. This failure is introduced by this CL:
https://codereview.chromium.org/1218863002.
The reason is that V8 will enable the JITted code logging if --prof is set for V8. And under
this condition, the function Logger::LogCodeObjects() will be invoked and it will trigger a
mark-compact GC when deserializing the snapshot. This GC will use MemoryReducer to post a
delay task by invoking V8Platform::CallDelayedOnForegroundThread() function. But at this point
V8 isolation is still under initialization and the PerIsolationData of this isolation has not
been created. (isolation_holder.cc:39~40 line). This leads to V8Platform::CallDelayedOnForegroundThread()
failure because of segment fault.
According to my understanding, I proposed the following fix. If the heap deserialization has not
be completed, it does not post the delay task for next GC.
BUG=
Review URL: https://codereview.chromium.org/1270493002
Cr-Commit-Position: refs/heads/master@{#29937}
This forces the second pass of the pending phantom callbacks to run immediately after the first.
BUG=chromium:511294
LOG=Y
Review URL: https://codereview.chromium.org/1252993004
Cr-Commit-Position: refs/heads/master@{#29933}
This is the first step in cutting the Gordian linkage/linkage-impl knot.
This basically changes the axis along which we organize call descriptor
building logic from having platform-specific files dedicated to all call
descriptor types to having call-descriptor-type-specific files that have
The next step is to factor the JS, code stub, and runtime call descriptors
similarly, dumping them into:
compiler/js-linkage.cc
compiler/runtime-linkage.cc
compiler/code-stub-linkage.cc
or, alternatively, all of them just into compiler/js-linkage.cc.
This also anticipates a wasm-linkage.cc file in the future.
R=bmeurer@chromium.org,danno@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1266603002
Cr-Commit-Position: refs/heads/master@{#29931}
Adds interpreter entry and exit trampoline builtins. Also implements the
Return bytecode handler and fixes a few bugs in InterpreterAssembler
highlighted by running on other architectures.
MIPS and MIPS64 port contributed by Paul Lind (paul.lind@imgtec.com)
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1245133002
Cr-Commit-Position: refs/heads/master@{#29929}
The idle time handler should never return DONE or DO_SCAVENGE for
background tabs. Upon receiving DONE chrome will stop sending idle notifications.
BUG=chromium:515174
LOG=NO
Review URL: https://codereview.chromium.org/1269583002
Cr-Commit-Position: refs/heads/master@{#29926}
When a Property or a VariableProxy is used as the left hand side of an
assignment statement, there is no need to allocate a LOAD_IC feedback
vector slot for it. Alter the numbering phase to support this.
BUG=
Review URL: https://codereview.chromium.org/1262803002
Cr-Commit-Position: refs/heads/master@{#29924}
All runtime function get a context anyway, which is the same as the
explicit one in case of DeclareGlobals and DeclareLookupSlot. So
we can remove the additional parameter there.
As an additional bonus, improve the runtime interface to DeclareLookupSlot.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1261863002
Cr-Commit-Position: refs/heads/master@{#29923}
Replaces the 64-bit div instruction with 32-bit division in DivI.
Also fixes the Ddiv implementation in the simulator.
TEST=mjsunit/asm/int32div
BUG=
Review URL: https://codereview.chromium.org/1265603002
Cr-Commit-Position: refs/heads/master@{#29920}
