Deoptimizing from the stub is fairly slow, so add support for the other fast-path cases to avoid deopts. Notably, push with multi-arg is used by pdfjs.
BUG=chromium:597252
LOG=n
Review URL: https://codereview.chromium.org/1825843002
Cr-Commit-Position: refs/heads/master@{#35037}
Adding an additional timer for the GC to make the other runtime call counters
more stable.
BUG=
Review URL: https://codereview.chromium.org/1825093002
Cr-Commit-Position: refs/heads/master@{#35033}
RecordWrites is not performing black to grey transitions anymore. In a follow up CL I will clean-up the remaining sites where we do black to grey, e.g. when we overflow marking deque.
BUG=
Review URL: https://codereview.chromium.org/1823783003
Cr-Commit-Position: refs/heads/master@{#35031}
Port b6419fa229
Original commit message:
Now implemented as a builtin that delegates to the InstanceOfStub. That
stub was parameterized to fallback to either Runtime_InstanceOf or to
Runtime_OrdinaryHasInstance depending on the --harmony-instanceof flag.
Once the feature stabilizes and the flag is no longer needed, we can get
rid of this parameterization again.
R=mstarzinger@chromium.org, joransiu@ca.ibm.com, mbrandy@us.ibm.com, michael_dawson@ca.ibm.com
BUG=v8:4447
LOG=n
Review URL: https://codereview.chromium.org/1827583002
Cr-Commit-Position: refs/heads/master@{#35025}
We use the pattern "B23" to refer to RPO numbers and "id:42" when
referring to unordered block ids. This unifies printing functions to
follow that pattern throughout the system.
R=danno@chromium.org
Review URL: https://codereview.chromium.org/1824313002
Cr-Commit-Position: refs/heads/master@{#35022}
port 66e22b79e8 (r34979)
original commit message:
... because Debugger could still require them to inspect optimized frames.
BUG=
Review URL: https://codereview.chromium.org/1826673003
Cr-Commit-Position: refs/heads/master@{#35019}
port 1da4b88e82 (r34978)
original commit message:
The idiv instruction has 2 registers as output. This needs to be
modeled so that the move optimizer won't incorrectly elide away
moves.
BUG=
Review URL: https://codereview.chromium.org/1823403002
Cr-Commit-Position: refs/heads/master@{#35018}
With the recent spec change removing the [[Enumerate]] internal method, we now
have to walk the complete prototype chain. This implies that we call the
[[GetPrototypeOf]] trap on proxies.
As a secondary change we now trigger the [[GetOwnProperty]] trap for the for-in
filter step to see whether the properties are still enumerable. Before we did this
in the key-accumulation phase. This way we slightly reduce the number of traps
invoked. Whilst this is not ideal, it comes closer to the Spec's example
implementation.
BUG=v8:1543, v8:4768
LOG=n
Review URL: https://codereview.chromium.org/1748923003
Cr-Commit-Position: refs/heads/master@{#35017}
We establish spilling blocks for ranges spilling only in deferred blocks
really late - just before optimization. This means frame elision logic
should happen after all dust has settled - even after optimization, since
we may lose spills after that (this is not currently leveraged).
Also enabled the elision algo for all functions, but forcing the first frame
to construct a frame for non-code stub cases. This is preparing for a
subsequent change where we guide frame construction/destruction
solely based on the info produced by the register allocation pipeline.
BUG=
Review URL: https://codereview.chromium.org/1810333003
Cr-Commit-Position: refs/heads/master@{#35016}
Validate that the transition from deferred to hot happens through a
deferred block with one successor. This is needed for frame elision: if
we need to deconstruct the frame on the deferred path, this extra block
offers that location.
A precondition for this validation is that the sequence is in split edge
form.
BUG=
Review URL: https://codereview.chromium.org/1811213003
Cr-Commit-Position: refs/heads/master@{#35015}
This CL adds an extra pass before calculating the special RPO
order in the custom RawMachineAssembler pipeline that
walks through the schedule and inserts extra blocks to
guarantee that the control flow graph is in split edge form. It
also propagates deferred block marks forward to these new
blocks if appropriate.
Review URL: https://codereview.chromium.org/1811333002
Cr-Commit-Position: refs/heads/master@{#35014}
In the frame elider, we were propagating marks if both up and down
propagations were causing a change. We should do it until neither
changes.
BUG=
Review URL: https://codereview.chromium.org/1818503002
Cr-Commit-Position: refs/heads/master@{#35013}
The value projection of the Add/SubWithOverflow must be scheduled after
the Branch that dispatches based on overflow in order for the
instruction selector to be able to combine the addition/subtraction with
the branching.
R=epertoso@chromium.org
Review URL: https://codereview.chromium.org/1827463003
Cr-Commit-Position: refs/heads/master@{#35011}
The warning notes that we'd want a 'w' register here because the size of
the operand is 32-bit, however, the instruction only takes an 'x'
register and so force that using the 'x' modifier on the instruction.
BUG=
Review URL: https://codereview.chromium.org/1817963003
Cr-Commit-Position: refs/heads/master@{#35008}
Port b7aa4c3ab3
Original commit message:
Split ToNumberStub into the entry ToNumberStub, and two new stubs,
StringToNumberStub and NonNumberToNumberStub, which can be used when we
already know something about the input (i.e. in various branches of the
code stubs, or in TurboFan graphs).
Also introduce an appropriate StringToNumber simplified operator for
TurboFan, that is pure and is lowered to an invocation of the newly
added StringToNumberStub.
R=bmeurer@chromium.org, joransiu@ca.ibm.com, mbrandy@us.ibm.com, michael_dawson@ca.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1825593003
Cr-Commit-Position: refs/heads/master@{#35004}
Port acbb968ded
Port 66e22b79e8
Original commit messages:
In case when F inlined normal call to G which tail calls H we should not write translation for G for the tail call site.
Otherwise we will see G in a stack trace inside H.
This CL also enables all existing tests related to ES6 tail call elimination and adds more combinations.
Always generate lazy bailout points for tail calls because Debugger could still require them to inspect optimized frames.
R=ishell@chromium.org, joransiu@ca.ibm.com, mbrandy@us.ibm.com, michael_dawson@ca.ibm.com
BUG=chromium:596473, v8:4698
LOG=N
Review URL: https://codereview.chromium.org/1820373002
Cr-Commit-Position: refs/heads/master@{#35003}
Now that ES2015 const has shipped, in Chrome 49, legacy const declarations
are no more. This lets us remove a bunch of code from many parts of the
codebase.
In this patch, I remove parser support for generating legacy const variables
from const declarations. This also removes the special "illegal declaration"
bit from Scope, which has ripples into all compiler backends.
Also gone are any tests which relied on legacy const declarations.
Note that we do still generate a Variable in mode CONST_LEGACY in one case:
function name bindings in sloppy mode. The likely fix there is to add a new
Variable::Kind for this case and handle it appropriately for stores in each
backend, but I leave that for a later patch to make this one completely
subtractive.
Review URL: https://codereview.chromium.org/1819123002
Cr-Commit-Position: refs/heads/master@{#35002}
String.prototype.match is specified to call out to the current
value of RegExp.prototype[Symbol.match] when passed a string argument,
rather than the original value. This patch updates the RegExp code
to do that.
R=yangguo@chromium.org
BUG=v8:4602
LOG=Y
Review URL: https://codereview.chromium.org/1821773003
Cr-Commit-Position: refs/heads/master@{#35001}
The 'key' value being passed into an array access should
be sign-extended on 64-bit platforms before being used to
index into memory. Otherwise, garbage in the upper 32-bits
may result in a segmentation fault.
Minor fix to DoFlooringDivI to enforce 32-bit operations for calculation.
R=jyan@ca.ibm.com,michael_dawson@ca.ibm.com,mbrandy@us.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1822103002
Cr-Commit-Position: refs/heads/master@{#35000}
Port b7aa4c3ab3
Original commit message:
Split ToNumberStub into the entry ToNumberStub, and two new stubs,
StringToNumberStub and NonNumberToNumberStub, which can be used when we
already know something about the input (i.e. in various branches of the
code stubs, or in TurboFan graphs).
Also introduce an appropriate StringToNumber simplified operator for
TurboFan, that is pure and is lowered to an invocation of the newly
added StringToNumberStub.
R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1826483002
Cr-Commit-Position: refs/heads/master@{#34998}
Port b6419fa229
Original commit message:
Now implemented as a builtin that delegates to the InstanceOfStub. That
stub was parameterized to fallback to either Runtime_InstanceOf or to
Runtime_OrdinaryHasInstance depending on the --harmony-instanceof flag.
Once the feature stabilizes and the flag is no longer needed, we can get
rid of this parameterization again.
R=mstarzinger@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=v8:4447
LOG=n
Review URL: https://codereview.chromium.org/1825083002
Cr-Commit-Position: refs/heads/master@{#34997}
Port acbb968ded
Port 66e22b79e8
Original commit messages:
In case when F inlined normal call to G which tail calls H we should not write translation for G for the tail call site.
Otherwise we will see G in a stack trace inside H.
This CL also enables all existing tests related to ES6 tail call elimination and adds more combinations.
Always generate lazy bailout points for tail calls because Debugger could still require them to inspect optimized frames.
R=ishell@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=chromium:596473, v8:4698
LOG=N
Review URL: https://codereview.chromium.org/1825513002
Cr-Commit-Position: refs/heads/master@{#34996}
