This avoids a whole range traversal each time we encounter a deferred
block (or a succession of them). The traversal (in the removed
IsIntervalAlreadyExcluded) is unnecessary - an interval with a hole
where deferred blocks are shouldn't be listed in the in/out sets of
those blocks in the first place.
It turns out the root cause (that appeared like we had to special
case ranges with holes, as the comment described) was deferred
blocks with a deoptimization call. That would place the live range
in the in_set of the block, but then splitting would fail because the start
and split position would be the same - this is because everywhere else,
the deferred block would have at least a second instruction, other
than the use - like a jump - ahead of which we'd perform the lower
part of the splintering. In the usual case, this choice of a position
avoids moves on the hot path (because any moves will be before the
jump, but still in the deferred block).
With deoptimization calls, that's not the case, there is just one
instruction, the deoptimization call. So we perform the second cut of
the splintering right after the block. Since there is no control flow from
the deoptimization block to any functional block - the control flow
goes to the exit block - the range connector won't insert moves on the
hot path - although we may want to see what happens for the exit
block, and maybe teach the range connector to ignore control flow
appearing to come from blocks with deoptimization calls.
Review URL: https://codereview.chromium.org/1323473003
Cr-Commit-Position: refs/heads/master@{#30447}
We can set the property in the MISS handler before organizing our handlers
for element-based keyed stores. Since the property set may fail with an
exception, this saves work.
BUG=
Review URL: https://codereview.chromium.org/1308073010
Cr-Commit-Position: refs/heads/master@{#30444}
This data structure uses the public heap API only and is not specific
to any heap internals. It should be usable throughout V8 and inclusion
of the header file should not be restricted.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1320503004
Cr-Commit-Position: refs/heads/master@{#30443}
This adds a new ToString runtime function and a fast-path ToStringStub
(which is just a simple dispatcher for existing functionality), and also
implements %_ToName using the ToStringStub.
R=mstarzinger@chromium.org, yangguo@chromium.org
BUG=v8:4307
LOG=n
Review URL: https://codereview.chromium.org/1319973007
Cr-Commit-Position: refs/heads/master@{#30442}
port 5d975694e4 (r30403)
original commit message:
Adds support for parameters to the BytecodeArrayBuilder and BytecodeGenerator.
Parameters are accessed as negative interpreter registers.
R=weiliang.lin@intel.com
BUG=
Review URL: https://codereview.chromium.org/1324453003
Cr-Commit-Position: refs/heads/master@{#30440}
This adds a %ToName runtime entry that uses the previously introduced
Object::ToName, which is based on the new Object::ToPrimitive method.
Also removes the need to expose ToName in various way via the builtins
and/or context.
Drive-by-fix: Let %HasProperty do the ToName conversion implicitly as
required.
BUG=v8:4307
LOG=n
Review URL: https://codereview.chromium.org/1319133002
Cr-Commit-Position: refs/heads/master@{#30435}
This is the first step towards a spec compliant ToPrimitive
implementation (and therefore spec compliant ToNumber, ToString,
ToName, and friends). It adds support for the @@toPrimitive
symbol that was introduced with ES2015, and also adds the new
Symbol.prototype[@@toPrimitive] and Date.prototype[@@toPrimitive]
initial properties.
There are now runtime functions for %ToPrimitive, %ToNumber and
%ToString, which do the right thing and should be used as fallbacks
instead of the hairy runtime.js implementations. I will do the
same for the other conversion operations mentioned by the spec in
follow up CLs. Once everything is in place we can look into
optimizing things further, so that we don't always call into the
runtime.
Also fixed Date.prototype.toJSON to be spec compliant.
R=mstarzinger@chromium.org, yangguo@chromium.org
BUG=v8:4307
LOG=y
Review URL: https://codereview.chromium.org/1306303003
Cr-Commit-Position: refs/heads/master@{#30434}
Also, polymorphic element stores have a slightly different shape for the array
attached to a vector slot. It's of the form [map, map, handler], where the 2nd
map is either a transition map or undefined (the maps are actually in
WeakCells).
Review URL: https://codereview.chromium.org/1316953003
Cr-Commit-Position: refs/heads/master@{#30432}
Related to 1318893002 - another source of regressions in
benchmarks sensitive to compile time is the splintering
logic. This change addresses some, but not all, of that. In
particular, there are still some places (figuring out if a
range has a hole right where a deferred set of blocks is)
that need another look.
BUG=chromium:1318893002
LOG=n
Review URL: https://codereview.chromium.org/1319843002
Cr-Commit-Position: refs/heads/master@{#30425}
Port 5d875a57fa
Original commit message:
The previous hack with HInstanceOfKnownGlobal was not only slower,
but also very brittle and required a lot of weird hacks to support it. And
what's even more important it wasn't even correct (because a map check
on the lhs is never enough for instanceof).
The new implementation provides a sane runtime implementation
for InstanceOf plus a fast case in the InstanceOfStub, combined with
a proper specialization in the case of a known global in CrankShaft,
which does only the prototype chain walk (coupled with a code
dependency on the known global).
As a drive-by-fix: Also fix the incorrect Object.prototype.isPrototypeOf
implementation.
R=bmeurer@chromium.org, jyan@ca.ibm.com, dstence@us.ibm.com, joransiu@ca.ibm.com
BUG=v8:4376
LOG=n
Review URL: https://codereview.chromium.org/1314263002
Cr-Commit-Position: refs/heads/master@{#30419}
Port 00df60d1c6
Original commit message:
Makes the following modifications to the interpreter builtins and
InterpreterAssembler:
- Adds an accumulator register and initializes it to undefined()
- Adds a register file pointer register and use it instead of FramePointer to
access registers
- Modifies builtin to support functions with 0 regiters in the register file
- Modifies builtin to Call rather than TailCall to first bytecode handler.
R=rmcilroy@chromium.org, jyan@ca.ibm.com, dstence@us.ibm.com, joransiu@ca.ibm.com
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1309113003
Cr-Commit-Position: refs/heads/master@{#30414}
- remove the Backing-Store specific code from builtins.cc and put it in elements.cc.
- adding tests to improve coverage of the splice method
BUG=
Review URL: https://codereview.chromium.org/1312033003
Cr-Commit-Position: refs/heads/master@{#30410}
This makes it clear that only components within the "heap" directory
should be friends with the Heap class. The two notable exceptions are
Factory and Isolate which represent external interfaces into the heap.
R=mlippautz@chromium.org
Review URL: https://codereview.chromium.org/1320843002
Cr-Commit-Position: refs/heads/master@{#30408}
The CompactionSpace is temporarily used during compaction to hold migrated
objects. The payload is merged back into the corresponding space after
compaction.
Note the this is not the complete implementation and it is currently only used in a test.
BUG=chromium:524425
LOG=N
Review URL: https://codereview.chromium.org/1314493007
Cr-Commit-Position: refs/heads/master@{#30407}
Adds a (currently unused) constant_pool() field to BytecodeArray objects.
This field points to a FixedArray object which will be used to hold constants.
The BytecodeArray is now a mixed values object type, with the
kConstantPoolOffset object holding a tagged pointer, but the remainder of the
object holding raw bytes (which could look like tagged pointers but are not).
Modify the BytecodeArray GC visitors to deal with this and test that the
field is migrated properly when evacuated.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1314953004
Cr-Commit-Position: refs/heads/master@{#30404}
Adds support for parameters to the BytecodeArrayBuilder and BytecodeGenerator.
Parameters are accessed as negative interpreter registers.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1303403004
Cr-Commit-Position: refs/heads/master@{#30403}
When vector based stores are on, we don't need to do this anymore.
BUG=
Review URL: https://codereview.chromium.org/1314433004
Cr-Commit-Position: refs/heads/master@{#30401}
A few benchmarks, e.g. Massive/SQLite, turn out to be
sensitive to compile time. Upon analysis, splinter merging
and then splinter creation (splitting) appear to be the main
contributors to such regressions. This change tackles main
sources of regression in Merging. Profiling SQLite shows,
after this change, Merging as noise (down from main C++
contributor of samples)
BUG=chromium:1318893002
LOG=n
Review URL: https://codereview.chromium.org/1318893002
Cr-Commit-Position: refs/heads/master@{#30400}
While the intention is to eventually do away with
FLAG_turbo_loop_stackcheck and FLAG_turbo_preprocess_range,
they are useful for the interim we are still testing and
benchmarking the feature.
Review URL: https://codereview.chromium.org/1314163003
Cr-Commit-Position: refs/heads/master@{#30399}
