The immediate passed to cmpw can be either a signed 16-bit or an
unsigned 16-bit integer, but the DCHECK was testing for signed 16-bit
values only.
R=mstarzinger@chromium.org
BUG=v8:6063
Review-Url: https://codereview.chromium.org/2735363002
Cr-Commit-Position: refs/heads/master@{#43671}
Reuse the last LAB's unused area for further newspace allocation.
This is relevant when we expect GCs that use evacuation to compact down
new space to just live bytes for single tasks.
BUG=chromium:651354
Change-Id: Ic418521d98f418a93d3748b824e3ddb6ff7a40c3
Reviewed-on: https://chromium-review.googlesource.com/451398
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43670}
Markbits should be verified in VerifyMarking and friends. The function
may also be used then e.g. iterating just black objects while
incremental marking is active for the fast promotion mode.
BUG=chromium:694255
Change-Id: Ia719a983fec27b2bae03f8c6c3332003a10e8823
Reviewed-on: https://chromium-review.googlesource.com/451363
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43669}
BUG=
Change-Id: I7aed8e7bd35f59196b1b178942355aef4c97bca8
Reviewed-on: https://chromium-review.googlesource.com/451379
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43667}
This introduces a new truncation bit for truncation of minus-zero to zero.
At the moment it is only used to handle the limit cases of deopt, such as the
one in the Google maps workload (see simplified version below), where the -q
(which is desugared to q * -1.0) currently deoptimizes because the result would
produce minus zero. To handle this situation, we exploit the knowledge that
righthand side of + cannot be -0, so even if lefthand side was -0, the result
would still be 0 (so the + operation cannot distinguish between left hand side
0 and -0).
function f(q) {
q -= 4;
return (-q) + q;
}
f(10);
f(10);
%OptimizeFunctionOnNextCall(f);
f(4);
Review-Url: https://codereview.chromium.org/2734253002
Cr-Commit-Position: refs/heads/master@{#43661}
For nodes
NumberMin(lhs, rhs)
NumberMax(lhs, rhs)
we might have feedback types for lhs and rhs that would allow us to
generate unsigned32 or signed32 versions of this operator, which is way
more efficient that going to the full Float64Min/Float64Max operator.
However we cannot promise word32 truncations in this case, since we
based this decision on the feedback types.
This allows us to generate better code for Math.min and Math.max when
one of the inputs is a speculative number operator that provides better
typing during representation selection. We've seen such code in the
hottest function on Google Maps for example.
BUG=v8:5267
R=jarin@chromium.org,mvstanton@chromium.org
Review-Url: https://codereview.chromium.org/2734193003
Cr-Commit-Position: refs/heads/master@{#43660}
- Implements Float32x4 Mul, Min, Max for ARM.
- Implements Float32x4 relational ops for ARM.
- Implements reciprocal, reciprocal square root estimate/refinement ops for ARM.
- Reorganizes tests to eliminate need for specialized float ref fns in tests.
- Rephrases Gt, Ge in terms of Lt, Le, and eliminates the redundant machine
operators.
- Renames test-run-wasm-simd test names to match instructions.
LOG=N
BUG=v8:6020
Review-Url: https://codereview.chromium.org/2729943002
Cr-Commit-Position: refs/heads/master@{#43658}
Once we enabled --turbo by default we need to turn all the implications
off with --no-turbo as well. Chrome sets flags in V8 using SetFlagFromString,
which enforces the implications each time it is called. Therefore, if --turbo
is enabled by default, and an unrelated flag is set, the turbo implications are
enabled but not later disabled if we set --no-turbo. To fix this, add negative
implications as well.
BUG=chromium:692409
Change-Id: Iadb0ca542f49ba65c7419cda8c7a03636a8d5ba9
Reviewed-on: https://chromium-review.googlesource.com/451320
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43655}
Fix two issues in the interpreter entry for 64 bit return values on
32 bit platforms. First, the effect chain was slightly incorrect, second
the order of the returned values was wrong.
Also add a test case for this.
Tested on x64, ia32 and s390.
Plus drive-by fix in Int64Lowering to reuse global constants for
big-endian/little-endian disambiguation.
R=titzer@chromium.org
BUG=v8:5822
Review-Url: https://codereview.chromium.org/2731713002
Cr-Commit-Position: refs/heads/master@{#43654}
Issue 6051 description: "Blink blindly assumes that it can get an
aligned pointer from the 0-th internal field of any object that has two
internal fields."
R=titzer@chromium.org, jochen@chromium.org
BUG=v8:6051
Change-Id: I814b76e508ffd9fe2326bd0e728129f2a013b807
Reviewed-on: https://chromium-review.googlesource.com/451319
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43653}
Polymorphic IC feedback can contain up to four (map, handler) pairs.
HandlePolymorphicCase already unrolled checks for the first two pairs; these
are guaranteed to exist and can omit bound checks.
This CL unrolls checks against the final two pairs as well.
BUG=v8:5917
Review-Url: https://codereview.chromium.org/2728293005
Cr-Commit-Position: refs/heads/master@{#43650}
This requires serialized data to track the number of API-provided
external references separately.
And it flushes out a case of serialized data corruption (stored "length"
field too large) that we didn't handle without crashing.
BUG=v8:6055
Review-Url: https://codereview.chromium.org/2736923002
Cr-Commit-Position: refs/heads/master@{#43649}
The receiver in the case of Promise.resolve is the promise
constructor, not an instance of Promise.
BUG=chromium:691875
Change-Id: I43e914aac51077b28c7954c8023780b9174df825
Reviewed-on: https://chromium-review.googlesource.com/450884
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43648}
malloc(0) returning 0 is expected behavior on AIX but
compiling with -D_LINUX_SOURCE_COMPAT, malloc(0) should
return a valid pointer (which we do define for AIX). However,
including cstdlib resets the behaviour of _LINUX_SOURCE_COMPAT.
GCC bug: 79839
R=jochen@chromium.org, titzer@chromium.org
BUG=
LOG=N
Review-Url: https://codereview.chromium.org/2732743002
Cr-Commit-Position: refs/heads/master@{#43647}
So far we only recognize the special
NumberFloor(NumberDivide(lhs, rhs))
subgraph when both lhs and rhs are in the Unsigned32 range, and the
result is a PlainNumber. Extend this pattern matching to also cover
NumberFloor(SpeculativeNumberDivide(lhs, rhs))
and to replace the NumberFloor with NumberToInt32 truncation if the
lhs value is in Signed32 range and the rhs is in Unsigned32 range.
R=jarin@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2739573004
Cr-Commit-Position: refs/heads/master@{#43642}
This pretty much rewrites the preparsed scope data collection. We used to store
the allocation result, but it's faster to just store the raw data which is
needed for deciding it later. (This way we don't need to run the allocation
algorithm for just getting this data.)
For each variable: is_used, maybe_assigned,
has_forced_context_allocation, and for each scope:
inner_scope_calls_eval_.
In addition, this CL moves data handling out of Scope and into
PreParsedScopeData where it belongs and simplifies the API for
PreParsedScopeData.
BUG=v8:5516
R=vogelheim@chromium.org
Change-Id: Ia5a4fa52f585cd4f483ce9a92f2dd7d9754f34ed
Reviewed-on: https://chromium-review.googlesource.com/451273
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43641}
I originally needed this for the initialization of a constexpr array in
the wasm lazy compile builtin, but since it's a bigger change, I now
split it off as this separate CL.
The style guide recommends constexpr over const. I thus apply the
constexprificaton over all headers that I touched anyway.
I also remove the ARM64_DEFINE_REG_STATICS hack. It was introduced when
merging in arm64 support more than three years ago, and I don't see the
purpose for this.
Also, some #defines can now be constexpr definitions, which was not
possible before according to the comment.
R=bmeurer@chromium.org, mstarzinger@chromium.org, ishell@chromium.org
Change-Id: I6d743b4462c347d363f99e28007bc9e8c84ae617
Reviewed-on: https://chromium-review.googlesource.com/451277
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43637}
Several code patching paths actually flushed the icache twice.
This CL removes all icache flushing on wasm updates from
assembler.cc and pushes it into the platform specific
unchecked_update_wasm_size and
unchecked_update_wasm_memory_reference methods. They were already
receiving the ICacheFlushMode, and on some platforms would already
perform the flush.
R=ahaas@chromium.org
Change-Id: I388701f13d733cb5387d5bed4dbed33879179a91
Reviewed-on: https://chromium-review.googlesource.com/450246
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43635}
Otherwise, v8 embedders need to depend on targets in src.
BUG=chromium:688155
Change-Id: Idea90d8f550cd4d0141b92a7bdd18f4df664d11b
Reviewed-on: https://chromium-review.googlesource.com/447845
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Daniel Cheng <dcheng@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43631}
This inlines common LoadIC cases into the LdaNamedProperty bytecode
handler. Smi handlers resulting in constant/field loads for
monomorphic ICs omit frame construction. The same counts for the
polymorphic case as long as the target handler is in the first two
vector slots.
Other cases (megamorphic, uninitialized) call the new
LoadIC_Noninlined stub.
Local benchmarks show up to 6% improvement on Sunspider with --future.
BUG=v8:5917
Review-Url: https://codereview.chromium.org/2733563002
Cr-Commit-Position: refs/heads/master@{#43630}
Oftentimes we can avoid the Smi check for ToBoolean truncations, since
we already know that the input is always going to be a HeapObject. So
introduce a dedicated TruncateTaggedPointerToBit operator, which uses
the fact that the input is known to be a HeapObject.
BUG=v8:5267
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2738483002
Cr-Commit-Position: refs/heads/master@{#43629}
The parser already changes all negative equality comparison operations
to their positive pendants in {ParserBase::ParseBinaryExpression}. No
other source of the Token::NE exists in the system. We can remove all
handling from the compiler and interpreter backends.
R=bmeurer@chromium.org
Change-Id: I58722c08dd8e498f20c65886fce86b8172737b10
Reviewed-on: https://chromium-review.googlesource.com/449716
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43627}
Part of the performance and refactoring work to move the TypedArray
constructors into CSA. This CL moves ConstructByLength from JS
to CSA.
There are still other callers to typed_array_initialize in
typedarray.js, so we share the implementation using DoInitialize.
In a later CL we can split apart DoInitialize once we have more
TA constructors written in CSA, so that we can reuse specific
parts more easily.
BUG=v8:5977
Change-Id: Ia51e8363970e9a025a82933e56a7baaf82cb1eec
Reviewed-on: https://chromium-review.googlesource.com/448220
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43626}
- Remove TypedArrayIncludes in src/js/typedarray.js
- Implement it to C++ using the IncludesValue implementation
in ElementsAccessor
BUG=v8:5929
Review-Url: https://codereview.chromium.org/2732823002
Cr-Commit-Position: refs/heads/master@{#43625}
