Currently we do this dance between the CallConstructStub, the
CALL_* builtins and the %GetConstructorDelegate, %GetProxyTrap,
and %Apply runtime functions for every [[Construct]] operation on
non-function callables. This is complexity is unnecessary, and can
be simplified to work without any JS builtin. This will also make it
a lot easier to implement ES6 compliant [[Construct]] for proxies.
Also sanitize the invariant for CallConstructStub, which up until now
always restored the context itself, but that force us to always create
another copy of all arguments in case of proxies and other callables,
so we can relax that constraint by making the caller restore the context
(this only affects fullcodegen, since the optimizing compilers already
properly restore the context anyway).
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1335723002
Cr-Commit-Position: refs/heads/master@{#30691}
Grouping of live ranges that would be beneficial if
allocated on the same register. Currently, that means phi
outputs and inputs.
Review URL: https://codereview.chromium.org/1312473018
Cr-Commit-Position: refs/heads/master@{#30690}
Port 752b0308df
Original commit message:
The refactoring is because it's awkward and error-prone to deterimine which IC slot an
ObjectLiteralProperty uses for feedback. The fix is for each one to know it's own slot. In the
numbering pass, we allocate slots for the ObjectLiteral, then hand out those slots into the
properties.
It adds one word to the ObjectLiteralProperty expression - I'm investigating if thats a
problem.
This changes makes compiling the object literal cleaner across the three compilers. Also, the
slot allocation logic in ObjectLiteral::ComputeFeedbackRequirements() was refactoring to mimic
the style in full-codegen. This is useful since it must remain in sync with
FullCodegen::VisitObjectLiteral().
R=mvstanton@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1331893003
Cr-Commit-Position: refs/heads/master@{#30689}
When we cannot map top frame's pc to a code object and top frame is JS frame we now assume that it was a frameless invocation of a native function (e.g. __fmod) and try to resolve address on top of the stack into a JS function.
BUG=chromium:529931
LOG=Y
Review URL: https://codereview.chromium.org/1315683007
Cr-Commit-Position: refs/heads/master@{#30688}
The refactoring is because it's awkward and error-prone to deterimine which IC slot an
ObjectLiteralProperty uses for feedback. The fix is for each one to know it's own slot. In the
numbering pass, we allocate slots for the ObjectLiteral, then hand out those slots into the
properties.
It adds one word to the ObjectLiteralProperty expression - I'm investigating if thats a
problem.
This changes makes compiling the object literal cleaner across the three compilers. Also, the
slot allocation logic in ObjectLiteral::ComputeFeedbackRequirements() was refactoring to mimic
the style in full-codegen. This is useful since it must remain in sync with
FullCodegen::VisitObjectLiteral().
Review URL: https://codereview.chromium.org/1321993004
Cr-Commit-Position: refs/heads/master@{#30686}
Inner functions must be eagerly parsed for scope analysis, but the full AST is
also kept around even though it's not needed.
This CL mitigates this problem by allocating some AstNodes of the inner function
to a temporary Zone which is deallocated once the scope information has been
built. The remaining nodes (such as VariableProxy) must persist until scope
analysis actually happens, and have to be allocated to a parser-persistent Zone.
BUG=417697
LOG=N
Review URL: https://codereview.chromium.org/1304923004
Cr-Commit-Position: refs/heads/master@{#30685}
LoadICs must always return a JS-accessible value (nothing internal).
Dictionary property keys are guaranteed to be unique names.
BUG=chromium:527994
LOG=n
Review URL: https://codereview.chromium.org/1334673003
Cr-Commit-Position: refs/heads/master@{#30683}
Replace the ADD, SUB, etc. builtins with proper runtime implementations,
and expose them as runtime calls that can be used by the code stubs and
the interpreter (for now).
Also remove all the support runtime functions for ADD, SUB and friends,
namely %NumberAdd, %NumberSub, and so on.
R=mstarzinger@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg,v8_linux_nosnap_dbg
Review URL: https://codereview.chromium.org/1333843002
Cr-Commit-Position: refs/heads/master@{#30680}
This fixes the Runtime_DeclareGlobals performance regression caused by a huge number of global var declarations mentioned in chromium:517778.
BUG=chromium:517778
LOG=N
Review URL: https://codereview.chromium.org/1335633002
Cr-Commit-Position: refs/heads/master@{#30679}
When looking up a special accessor for known TypedArray fields
("length", "byteLength", "byteOffset"), consider the entire prototype
chain, not only the direct prototype.
This allows subclasses of TypedArrays to benefit from fast specialized
accesses.
Review URL: https://codereview.chromium.org/1313493005
Cr-Commit-Position: refs/heads/master@{#30678}
Narrowed the scope of the fix, to make a best effort to avoid DEOPT in
case the hole is loaded, but not to permute the choice of a consolidated
load in case that effort fails.
BUG=chromium:530005
LOG=N
Review URL: https://codereview.chromium.org/1330233004
Cr-Commit-Position: refs/heads/master@{#30677}
The two tests in question got a lot slower and started to timeout now
that the C++ fallback implementation of the %Arguments intrinsics is
composable with respect to inlining.
R=bmeurer@chromium.org,machenbach@chromium.org
Review URL: https://codereview.chromium.org/1330203003
Cr-Commit-Position: refs/heads/master@{#30674}
This removes the aforementioned flag which has been on by default for a
while now. Note that this does not control optimization decisions, only
the last-resort bailout in the graph builder.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1335543002
Cr-Commit-Position: refs/heads/master@{#30673}
port ba7b641398 (r30649)
original commit message:
This CL makes do with a single dispatcher which inlines the special handling for the Array() call case, loading the allocation site found in the vector and c
BUG=
Review URL: https://codereview.chromium.org/1330993004
Cr-Commit-Position: refs/heads/master@{#30672}
There are now two runtime entries %NewClosure and %NewClosure_Tenured,
with the same signature (one parameter, the SharedFunctionInfo, and the
context of the caller).
Also remove the HFunctionLiteral special case instruction from Crankshaft,
as HCallWithDescriptor with FastNewClosureStub or HCallRuntime with
either %NewClosure or %NewClosure_Tenured can easily do that for you.
Also remove the redundant context parameter from the JSCreateClosure
operator, because every JS operator already takes a context input.
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_dbg
Review URL: https://codereview.chromium.org/1329293003
Cr-Commit-Position: refs/heads/master@{#30671}
Fix illegal use of at register when ldc1 and sdc1 are called. Added dchecks to prevent such a usage.
TEST=mjsunit/asm/float64array-negative-offset(r6), mjsunit/asm/float64array-outofbounds(r6)
Review URL: https://codereview.chromium.org/1323763002
Cr-Commit-Position: refs/heads/master@{#30670}
port b37907ff7f (r30648).
original commit message:
The number of actual arguments should always be available, there's no
point in trying to optimize away a simple assignment of an immediate to
a register before some calls.
The main motivation is to have a consistent state at the beginning of every
function. Currently the arguments register (i.e. rax or eax) either contains
the number of arguments or some random garbage depending on whether
the callsite decided that the callee might need the information or not.
This causes trouble with runtime implementations of functions that
do not set internal_formal_parameter_count to the DontAdaptArguments
sentinel (we don't have any of those yet), but also makes it impossible
to sanity check the arguments in the callee, because the callee doesn't
know whether the caller decided to pass the number of arguments or
random garbage.
BUG=
Review URL: https://codereview.chromium.org/1335453002
Cr-Commit-Position: refs/heads/master@{#30669}
port ccbb4ff00f (r30629)
original commit message:
The new Call and CallFunction builtins supersede the current
CallFunctionStub (and CallIC magic) and will be the single bottleneck
for all calling, including the currently special Function.prototype.call
and Function.prototype.apply builtins, which had handwritten (and
not fully compliant) versions of CallFunctionStub, and also the
CallIC(s), which where also slightly different.
This also reduces the overhead for API function calls, which is still
unnecessary high, but let's do that step-by-step.
This also fixes a bunch of cases where the implicit ToObject for
sloppy receivers was done in the wrong context (in the caller
context instead of the callee context), which basically meant
that we allowed cross context access to %ObjectPrototype%.
BUG=
Review URL: https://codereview.chromium.org/1332703002
Cr-Commit-Position: refs/heads/master@{#30668}
port db2ba190db (r30634).
original commit message:
The semantics of the %_CallFunction intrinsic seem to be very unclear,
which resulted in a lot of bugs. Especially the combination with
%IsSloppyModeFunction is always a bug, because the receiver would be
wrapped in the wrong context. So the %IsSloppyModeFunction helper is
gone now, and many of the buggy uses of %_CallFunction are also
eliminated.
If you ever need to call something with a different receiver, then
%_Call is your friend now. It does what you want and implements the
call sequence fully (and correct).
Review URL: https://codereview.chromium.org/1336443002
Cr-Commit-Position: refs/heads/master@{#30667}
A LiveRange is identified by 2 integers: the vreg() of its TopLevel,
which is the virtual register (operand) ID; and a relative_id(), which has
no meaning in the program, but is valuable in debugging or tracing
scenarios.
This change ensures that relative_id is unique even in cases of splinter
ranges and their children.
Review URL: https://codereview.chromium.org/1318493005
Cr-Commit-Position: refs/heads/master@{#30665}
This desugars the loading of the super constructor function using the
%GetPrototype runtime function in the parser. The produced code remains
the same while fewer parts need to be glued together.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1321343004
Cr-Commit-Position: refs/heads/master@{#30664}
Port b37907ff7f
Original commit message:
The number of actual arguments should always be available, there's no
point in trying to optimize away a simple assignment of an immediate to
a register before some calls.
The main motivation is to have a consistent state at the beginning of every
function. Currently the arguments register (i.e. rax or eax) either contains
the number of arguments or some random garbage depending on whether
the callsite decided that the callee might need the information or not.
This causes trouble with runtime implementations of functions that
do not set internal_formal_parameter_count to the DontAdaptArguments
sentinel (we don't have any of those yet), but also makes it impossible
to sanity check the arguments in the callee, because the callee doesn't
know whether the caller decided to pass the number of arguments or
random garbage.
R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=v8:4413
LOG=n
Review URL: https://codereview.chromium.org/1314353007
Cr-Commit-Position: refs/heads/master@{#30662}
Adds support for property store operations via Store/KeyedStore ICs. Adds the
following bytecodes:
- StoreIC
- KeyedStoreIC
The --vector_store flag is now required for --ignition.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1319833004
Cr-Commit-Position: refs/heads/master@{#30660}
Update the consolidated load case to carefully chose the load mode
based on the consolidated elements kind.
BUG=v8:4380
LOG=N
Review URL: https://codereview.chromium.org/1329793003
Cr-Commit-Position: refs/heads/master@{#30659}
Port ccbb4ff00f
Original commit message:
The new Call and CallFunction builtins supersede the current
CallFunctionStub (and CallIC magic) and will be the single bottleneck
for all calling, including the currently special Function.prototype.call
and Function.prototype.apply builtins, which had handwritten (and
not fully compliant) versions of CallFunctionStub, and also the
CallIC(s), which where also slightly different.
This also reduces the overhead for API function calls, which is still
unnecessary high, but let's do that step-by-step.
This also fixes a bunch of cases where the implicit ToObject for
sloppy receivers was done in the wrong context (in the caller
context instead of the callee context), which basically meant
that we allowed cross context access to %ObjectPrototype%.
MIPS and MIPS64 ports contributed by akos.palfi@imgtec.com.
R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=v8:4413
LOG=n
Review URL: https://codereview.chromium.org/1327093002
Cr-Commit-Position: refs/heads/master@{#30656}
Port db2ba190db
Original commit message:
The semantics of the %_CallFunction intrinsic seem to be very unclear,
which resulted in a lot of bugs. Especially the combination with
%IsSloppyModeFunction is always a bug, because the receiver would be
wrapped in the wrong context. So the %IsSloppyModeFunction helper is
gone now, and many of the buggy uses of %_CallFunction are also
eliminated.
If you ever need to call something with a different receiver, then
%_Call is your friend now. It does what you want and implements the
call sequence fully (and correct).
R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=v8:4413
LOG=n
Review URL: https://codereview.chromium.org/1310303008
Cr-Commit-Position: refs/heads/master@{#30655}
This makes the C++ fallback implementations for the two intrinsics,
%Arguments and %ArgumentsLength composable with respect to inlining.
Using deoptimization information gives us accurate data here.
R=bmeurer@chromium.org
TEST=mjsunit/regress/regress-4374
BUG=v8:4374
LOG=n
Review URL: https://codereview.chromium.org/1328363002
Cr-Commit-Position: refs/heads/master@{#30654}
Port ba7b641398
Original commit message:
This CL makes do with a single dispatcher which inlines the special handling for the Array() call case, loading the allocation site found in the vector and calling the array constructor stub appropriately.
BUG=
Review URL: https://codereview.chromium.org/1324093005
Cr-Commit-Position: refs/heads/master@{#30653}
The number of actual arguments should always be available, there's no
point in trying to optimize away a simple assignment of an immediate to
a register before some calls.
The main motivation is to have a consistent state at the beginning of every
function. Currently the arguments register (i.e. rax or eax) either contains
the number of arguments or some random garbage depending on whether
the callsite decided that the callee might need the information or not.
This causes trouble with runtime implementations of functions that
do not set internal_formal_parameter_count to the DontAdaptArguments
sentinel (we don't have any of those yet), but also makes it impossible
to sanity check the arguments in the callee, because the callee doesn't
know whether the caller decided to pass the number of arguments or
random garbage.
BUG=v8:4413
LOG=n
Review URL: https://codereview.chromium.org/1330033002
Cr-Commit-Position: refs/heads/master@{#30648}
For simulator optimization we modified Instruction::InstructionType() function so a simpler but less complete InstructionType() function used by default. This fix enables the full InstructionType checking to properly decode a dd-constant label as unsupported opcode, rather than aborting.
BUG=chromium:528875
LOG=NO
Review URL: https://codereview.chromium.org/1314673010
Cr-Commit-Position: refs/heads/master@{#30644}
Porting mistake in ccbb4ff0 '[builtins] Unify the various versions of [[Call]]
with a Call builtin.', which only showed as debug assertion in later commit
db2ba190 '[runtime] Replace many buggy uses of %_CallFunction with %_Call.'
Use temporary register rather than push/pop of 'object' register.
BUG=
TEST=cctest/test-api/SetFunctionEntryHook, cctest/test-serialize/PerIsolateSnapshotBlobs, ...
Review URL: https://codereview.chromium.org/1309163006
Cr-Commit-Position: refs/heads/master@{#30643}
