The old code was not ready for properly initialize objects with non standard headers and non zero in-object properties number.
MacroAssembler::Allocate() implementations now return both start and end addresses of the new object (done by parameter renaming).
Review URL: https://codereview.chromium.org/1459083003
Cr-Commit-Position: refs/heads/master@{#32144}
This change introduces register re-mapping to avoid assignment hazards
in binary expressions. Expressions that cause problems typically have
the form y = x + (x = 4);. The problem occurs because the lhs value
evaluates to the register holding x. The rhs updates that register and
then applying the operation would use the new value as the lhs.
By tracking loads and stores in binary expressions the generator is now
able to detect when condition occurs and uses a temporary register for
the rhs value. When the binary expression evaluation is complete the
variable is updated with the latest temporary.
A new bytecode Mov performs this update without touching the
accumulator.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1412683011
Cr-Commit-Position: refs/heads/master@{#32141}
Argument allocation in typed lowering was producing
dangling effect chains. This patch fixes three sources
of dangling effect chains.
BUG=
Review URL: https://codereview.chromium.org/1447323005
Cr-Commit-Position: refs/heads/master@{#32140}
Adds support for the New, CallRuntime and CallJSRuntime bytecodes in
BytecodeGraphBuilder. Also adds BuildLoadObjectField,
BuildLoadGlobalObject and BuildLoadNativeContextField helpers.
Landed on behalf of rmcilroy.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1456483002
Cr-Commit-Position: refs/heads/master@{#32136}
If Math.random is called when creating the snapshot, we need seeds to
work with. Those seeds are going to be overwritten after deserializing
from the snapshot.
NOTRY=true
NOTREECHECKS=true
TBR=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1458003005
Cr-Commit-Position: refs/heads/master@{#32134}
This adds a new %NewArray runtime entry, which constructs a new JSArray
and does the subclassing correctly (to the same degree that %NewObject
does currently), and also deals properly with the AllocationSite
feedback mechanism. This runtime entry will be used by TurboFan and is
also used as a fallback in the subclassing case in the stub currently.
BUG=v8:3101, v8:3330
LOG=n
Review URL: https://codereview.chromium.org/1456423003
Cr-Commit-Position: refs/heads/master@{#32131}
The TruncateFloat64ToUint64 operator converts a float64 to an uint64 using
round-to-zero rounding mode (truncate). If the input value is outside uint64
range, then the result depends on the architecture. I provide an implementation for x64 and arm64.
@v8-ppc-ports and @v8-mips-ports, can you do the implementations for ppc64 and mips64?
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1457373002
Cr-Commit-Position: refs/heads/master@{#32127}
This removes some dead code from the function invocation code when the
arguments adaptor trampoline is called. This seems to be leftover code
from when we used to support calling code objects directly.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1455293004
Cr-Commit-Position: refs/heads/master@{#32126}
This changes all direct function calls in Crankshaft to pass undefined
via the register expected to hold the new.target value. Note that the
register is still ignored by all callees for now.
This is a preparatory CL to allows us passing new.target in a register
instead of via a side-channel through the construct stub frame.
R=bmeurer@chromium.org
BUG=v8:4544
LOG=n
Review URL: https://codereview.chromium.org/1459183002
Cr-Commit-Position: refs/heads/master@{#32125}
Following logic is using for getting function name in JSFunction::GetDebugName:
1. if function has displayName and its type is string then use it
2. if function has defined property Function.name as value and its type string then use it
3. otherwise use SharedFunctionInfo::DebugName as functionName.
JSFunction::GetDebugName is exposed in V8 API and in FunctionMirror interface.
BUG=chromium:17356
R=yangguo@chromium.org,mstarzinger@chromium.org
LOG=Y
Review URL: https://codereview.chromium.org/1449473005
Cr-Commit-Position: refs/heads/master@{#32124}
Fixing failures in cctest/test-assembler-mips/CVT on Mips32R2 without
FP64 support
BUG=
Review URL: https://codereview.chromium.org/1459763003
Cr-Commit-Position: refs/heads/master@{#32121}
This CL should be reverted after investigating the size chrasher.
BUG=chromium:556912
LOG=n
Review URL: https://codereview.chromium.org/1455273003
Cr-Commit-Position: refs/heads/master@{#32119}
Since {CancelAndWait} blocks on the tasks that are still present in the internal
hashmap, we are not allowed to remove the task upon trying to cancel it using
{TryAbort}.
The previous implementation suffered from a bug where:
1) The task was created and handed over to the platform.
2) The task was started by the platform, setting it to running state.
3) We called {TryAbort}, effectively removing it from the manager, but failing
to cancel (as it was already running)
4) All tasks finished running, indicating this with their own semaphore.
5) The platform was stuck (scheduling) before destroying the task.
6) Main thread finished its work, waiting for all the necessary tasks, and the
isolate terminated.
7) The platform destroyed the task, calling the destructor, calling into an
already freed isolate.
BUG=chromium:524425
LOG=N
Review URL: https://codereview.chromium.org/1460763004
Cr-Commit-Position: refs/heads/master@{#32118}
This changes the interface descriptor for the arguments adaptor to also
contain an explicit register for the new.target value. Note that the
stub still clobbers the register for now.
This is a preparatory CL to allows us passing new.target in a register
instead of via a side-channel through the construct stub frame.
R=bmeurer@chromium.org
BUG=v8:4544
LOG=n
Review URL: https://codereview.chromium.org/1457313002
Cr-Commit-Position: refs/heads/master@{#32117}
This adds an explicit parameter to the call descriptor having kind
kJSCallFunction representing the new.target value. Note that for now
this parameter is not yet passed in and hence cannot be used yet. Also
contains some refactoring of how parameter index value are calculated,
establishing Linkage as the central point for such index computations.
This is a preparatory CL to allows us passing new.target in a register
instead of via a side-channel through the construct stub frame.
R=bmeurer@chromium.org
BUG=v8:4544
LOG=n
Review URL: https://codereview.chromium.org/1461973002
Cr-Commit-Position: refs/heads/master@{#32112}
A64 loads and stores can have much larger positive than negative
immediate offsets, and since most frame slots are below fp, we can
significantly improve accesses by basing them on sp instead. Typical
example:
Before After
mov x16, #-416
str x20, [fp, x16] str x20, [jssp, #32]
Notable benchmark results include lua_binarytrees, which improves by
about 7.5% on A57 and 5% on A53. Several other asm.js benchmarks gain
2-4%.
Review URL: https://codereview.chromium.org/1376173003
Cr-Commit-Position: refs/heads/master@{#32111}
This CL introduces a concept of UseInfo (but internally it still
uses machine types). The idea of UseInfo is to separate the concept
of truncation (what information is actually used by the user node)
and the concept of preferred representation. At the moment, the
truncation is (clumsily) represented by the type part of the
underlying machine type (UseInfo::type_).
Moreover, in this CL, we never specify the signedness of the use
because use signedness does not really make sense:
- if we care about the sign, it should be in the input's type
(this is DCHECKed).
- if we do not care (e.g., trunctaing word32), then it should not
be necessary. (And it is upto the user how it interprets the bits.)
Review URL: https://codereview.chromium.org/1462503005
Cr-Commit-Position: refs/heads/master@{#32110}
Port 1389b9f53c
Port dffecf31fc
Implementation of two optional turbofan operators Float64RoundUp and
Float64RoundTiesEven on MIPS32. On MIPS32R2 with FP64 and MIPS32R6 with FP64
we can support these two operators directly using MIPS instructions. This
code implements these two operators. Also, added some DCHECKs for instructions
which are supported on MIPS32R2 with FP64 and MIPS32R6 with FP64 to detect
wrong usage on unsupported architectures.
BUG=
Review URL: https://codereview.chromium.org/1448383002
Cr-Commit-Position: refs/heads/master@{#32108}
If the shared function info is newly compiled when looking for
it in the script (Debug::FindSharedFunctionInfoInScript), then
we can bypass iterating the heap to find JSFunctions referencing
it (Debug::PrepareFunctionForBreakpoints).
BUG=v8:4553
LOG=N
Review URL: https://codereview.chromium.org/1454673002
Cr-Commit-Position: refs/heads/master@{#32107}
The ChangeFloat64ToInt64 operator changes the representation of a
float64 input value to int64 if the input value can be represented
exactly on int64. Otherwise the result is currently undefined.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1455983002
Cr-Commit-Position: refs/heads/master@{#32102}
We currently assume that all prototype maps are stable, which is
not guaranteed for certain keyed access patterns. So we explicitly
disallow optimizing the element access there for now.
BUG=chromium:557807, v8:4470
R=jarin@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1456973004
Cr-Commit-Position: refs/heads/master@{#32101}
Rolling v8/build/gyp to e1133480da78cd4a23a8cec604d1d6d46dab35d6
Rolling v8/buildtools to 818123dac34899ec230840936fc15b8b2b5556f9
Rolling v8/tools/clang to 650a79a0bd9b486fa688d8a71ce00674e9e2c096
TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
Review URL: https://codereview.chromium.org/1456323002
Cr-Commit-Position: refs/heads/master@{#32100}
This is in preparation for the addition of --harmony-destructuring-assignment.
BUG=v8:811
LOG=n
Review URL: https://codereview.chromium.org/1450193002
Cr-Commit-Position: refs/heads/master@{#32098}
