Also remove unused max_capcity_ field in old spaces.
BUG=chromium:518028,chromium:504854
LOG=n
Review URL: https://codereview.chromium.org/1284853003
Cr-Commit-Position: refs/heads/master@{#30114}
There's no need to have one InstanceType per SIMD primitive type (this
will not scale long-term). Also reduce the amount of code duplication
and make it more robust wrt adding new SIMD types.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1273353003
Cr-Commit-Position: refs/heads/master@{#30107}
This avoids many back-and-forth calls to the runtime.
This also slightly changes the way we avoid getters. Previously, we circumvent getting the name property of ReferenceError, SyntaxError and TypeError due to crbug/69187 (in order to avoid leaking information from those errors through a 'name' getter installed on their prototypes). Now we do that for all errors created by V8.
R=jkummerow@chromium.org, rossberg@chromium.org
BUG=crbug:513472, crbug:69187
LOG=N
Review URL: https://codereview.chromium.org/1281833002
Cr-Commit-Position: refs/heads/master@{#30105}
The following errors come up when compiling v8
with clang 3.7 on FreeBSD/amd64:
src/runtime/runtime-i18n.cc:629:37: error: reinterpret_cast from
'nullptr_t' to 'v8::internal::Smi *' is not allowed
local_object->SetInternalField(1, reinterpret_cast<Smi*>(NULL));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
test/cctest/test-heap.cc:131:20: error: reinterpret_cast from
'nullptr_t' to 'v8::internal::Object *' is not allowed
Handle<Object> n(reinterpret_cast<Object*>(NULL), isolate);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
test/cctest/test-heap.cc:1989:18: error: reinterpret_cast from
'nullptr_t' to 'Address' (aka 'unsigned char *') is not
allowed
Address base = reinterpret_cast<Address>(NULL);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+add myself to the AUTHORS file.
BUG=
Review URL: https://codereview.chromium.org/1277353002
Cr-Commit-Position: refs/heads/master@{#30103}
Moves the creation of the interpreter table early on during initialization
to ensure that even on nosnap builds it still gets allocated in the
first page.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1278413002
Cr-Commit-Position: refs/heads/master@{#30096}
TurboFan is now a requirement and supported by all backends, so we don't
need those macros (plus all the machinery on top) anymore.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1282763002
Cr-Commit-Position: refs/heads/master@{#30082}
When a (prototype) map registers as a user of its own prototype, it now remembers the index in that prototype's registry where it is listed.
This remembered index is used on un-registration to find the right slot to clear without walking the entire registry.
Compaction of the registry must update all entries' remembered indices.
BUG=chromium:517778,chromium:517406
LOG=n
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1276353004
Cr-Commit-Position: refs/heads/master@{#30079}
Also clean up variable naming in min_max and other tests. Fix class_fmt in mips64 assembler test for proper NaN checking
Review URL: https://codereview.chromium.org/1276813004
Cr-Commit-Position: refs/heads/master@{#30073}
Note that this tests performed unnecessary many iterations which led to
long runtimes in debug mode and also caused flaky GCs during that would
cause the optimized code map to be flushed and violated assumptions.
R=yangguo@chromium.org
BUG=v8:4363
LOG=N
Review URL: https://codereview.chromium.org/1280973002
Cr-Commit-Position: refs/heads/master@{#30070}
Rationale: The {kind} of a call descriptor describes what the {target} being
called is--i.e. a JSFunction, code object, or address. That kind materially
dictates the instruction(s) generated for an outgoing call.
The other flags on a call descriptor should describe specific properties
(like whether a roots register is valid or not) so that backend logic doesn't
have to switch over the kind, but is informed directly of what it wants to
know.
R=mstarzinger@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1268273003
Cr-Commit-Position: refs/heads/master@{#30065}
This fixes a corner-case where extending an optimized code map left
stale entries in the abandoned copy. This can cause havoc not only in
the heap verifier but also in the GC, because stale entries have not
been recorded when being trated weakly.
Note that this also pre-tenures all optimized code maps into old-space
because their lifetime is coupled to the SharedFunctionInfo anyways.
R=hpayer@chromium.org
TEST=cctest/test-heap/Regress514122
BUG=chromium:514122
LOG=N
Review URL: https://codereview.chromium.org/1277873002
Cr-Commit-Position: refs/heads/master@{#30047}
We missed a check whether we can actually do incremental marking when starting
it on reaching the external allocation limit.
BUG=chromium:517195
LOG=N
Review URL: https://codereview.chromium.org/1274983002
Cr-Commit-Position: refs/heads/master@{#30043}
These flags weren't doing any real work, since the decision of whether some
source code is a script or module is made outside the parser (currently,
by the V8 API).
The only behavior change in this patch is to always parse 'import' and
'export' as their Token values, which changes the error message from
"Unexpected reserved word" to "Unexpected token import" (which doesn't
seem particularly harmful).
Review URL: https://codereview.chromium.org/1262913003
Cr-Commit-Position: refs/heads/master@{#30034}
This is only an estimate since it counts objects that could be shared,
for example strings, cow arrays, heap numbers, etc.
It however ignores objects that could be shared, but may only be used
by the context to be measured, for example shared function infos,
script objects, scope infos, etc.
R=jochen@chromium.org
Review URL: https://codereview.chromium.org/1268333004
Cr-Commit-Position: refs/heads/master@{#30029}
Previously, examples like (({a = x}, x) => {})({}, 0) did not throw a ReferenceError like they should. This CL
- Splits up DeclareFormalParameters such that the formals can be recorded first and declared later.
- Declaration then takes the complete parameter list into account. If it is not simple, temporaries are introduced for all parameters.
- BuildParameterInitializationBlock desugars all parameters from non-simple lists into let-bindings.
- Refactored Pre/ParserFormalParameters, so that the arity information is no longer duplicated in Parser.
- Rest is currently handled specially, until rest-via-destructuring has landed.
R=adamk@chromium.org, littledan@chromium.org
BUG=v8:811
LOG=N
Review URL: https://codereview.chromium.org/1259283002
Cr-Commit-Position: refs/heads/master@{#30025}
To avoid tanking context startup performance, only the actual installation of the
JS-exposed API is flag-guarded. The remainder of the implementation still
resides in the snapshot.
Review URL: https://codereview.chromium.org/1257063003
Cr-Commit-Position: refs/heads/master@{#30017}
This introduces a CopyFixedArrayAndGrow method on Factory that takes
the "grow amount" instead of the "new size" as an argument. The new
interface is safer because it allows for mutations by the GC that
potentially trim the source array.
This also fixes a bug in SharedFunctionInfo::AddToOptimizedCodeMap
where the aformentioned scenario led to unused entries within the
optimized code map.
Note that FixedArray::CopySize is hereby deprecated because it is
considered unsafe and should no longer be used.
R=hpayer@chromium.org
TEST=mjsunit/regress/regress-crbug-513507
BUG=chromium:513507
LOG=n
Review URL: https://codereview.chromium.org/1255173006
Cr-Commit-Position: refs/heads/master@{#30012}
Store arity in FormalParameters; store name (instead of var) and is_rest flag in individual parameters. Ensure that the arity is always maintained consistently.
This is preparation for more parameter destructuring adjustments. In particular, a follow-up CL will separate parameter recording from declaring the variables.
R=adamk@chromium.org, littledan@chromium.org
BUG=v8:811
LOG=N
Review URL: https://codereview.chromium.org/1259013003
Cr-Commit-Position: refs/heads/master@{#30002}
Change minimum BytecodeArray frame size to zero now return value is in
the accumulator.
Fix inconsistent checks in bytecode-array-builder.cc.
Simplify bytecode disassembly by adding Bytecodes::Decode to
disassemble one bytecode and operands.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1259193004
Cr-Commit-Position: refs/heads/master@{#29988}
There is only one use case for it: String.prototype.search converts a
string argument into a RegExp. The cache is used to avoid repeating that
conversion. However, this does not make the added complexity worthwhile.
Review URL: https://codereview.chromium.org/1267493006
Cr-Commit-Position: refs/heads/master@{#29985}
The calculation now takes into account the size of the arguments object
if it is present in the optimized frame.
(Yang, many thanks for the awesome repro!)
BUG=chromium:514362
LOG=N
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1264483008
Cr-Commit-Position: refs/heads/master@{#29973}
This fixes a bug introduced by r28826 (Unify decoding of deoptimization
translations, https://codereview.chromium.org/1136223004), where we
started leaking arguments marker sentinel to the debugger, which would
then cause crashes. This change replaces the sentinel with the undefined
value in the debugger-inspectable frame.
BUG=chromium:514362
LOG=n
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1263333002
Cr-Commit-Position: refs/heads/master@{#29971}
The BytecodeArrayBuilder has responsibility for emitting the BytecodeArray. It will be used by the AST walker.
Bytecode now uses an accumulator plus registers rather being pure register based.
Update BytecodeArray::Disassemble to print operand information.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1266713004
Cr-Commit-Position: refs/heads/master@{#29970}
Since we need the notion of a dummy vector ic, we can use that to avoid
a special case of the IC constructor. Also, consolidate the two dummy
ICs into one.
BUG=
Review URL: https://codereview.chromium.org/1268783004
Cr-Commit-Position: refs/heads/master@{#29956}
Add factory methods for different types of LinkageLocations, and ensure that
accesses to the underlying data in the location are classified by type and
funneled through explicit accessors.
Also change the representation of LinkageLocation to use a BitField rather
than using a reserved section of the integer range.
Review URL: https://codereview.chromium.org/1262343002
Cr-Commit-Position: refs/heads/master@{#29938}
Adds interpreter entry and exit trampoline builtins. Also implements the
Return bytecode handler and fixes a few bugs in InterpreterAssembler
highlighted by running on other architectures.
MIPS and MIPS64 port contributed by Paul Lind (paul.lind@imgtec.com)
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1245133002
Cr-Commit-Position: refs/heads/master@{#29929}
The idle time handler should never return DONE or DO_SCAVENGE for
background tabs. Upon receiving DONE chrome will stop sending idle notifications.
BUG=chromium:515174
LOG=NO
Review URL: https://codereview.chromium.org/1269583002
Cr-Commit-Position: refs/heads/master@{#29926}
When a Property or a VariableProxy is used as the left hand side of an
assignment statement, there is no need to allocate a LOAD_IC feedback
vector slot for it. Alter the numbering phase to support this.
BUG=
Review URL: https://codereview.chromium.org/1262803002
Cr-Commit-Position: refs/heads/master@{#29924}
Moves some uncommon type checking from ToString and
NonStringToString into DefaultString. This should
speed up string operations.
LOG=N
BUG=none
Review URL: https://codereview.chromium.org/1256323004
Cr-Commit-Position: refs/heads/master@{#29913}
script_executed and last_run are read/written by multiple threads. Also
externalized_shared_contents_ is modified by multiple threads.
BUG=4306
R=jarin@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1252623003
Cr-Commit-Position: refs/heads/master@{#29912}
When the main thread terminates, it forcibly terminates all Worker threads.
When this happens, the threads objects were only half-created; they had a
JavaScript Worker object, but not a C++ worker object.
This CL fixes that bug, as well as some other fixes:
* Signatures on Worker methods
* Use SetAlignedPointerFromInternalField instead of using an External.
* Remove state_ from Worker. Simplify to atomic bool running_.
BUG=chromium:511880
R=jarin@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1255563002
Cr-Commit-Position: refs/heads/master@{#29911}
Changes the interpreter to use a BytecodeArray pointer and an offset to avoid
having an inner pointer to a BytecodeArray object in registers during dispatch.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1254293006
Cr-Commit-Position: refs/heads/master@{#29910}
This allows variants to be named on test failures (follow
up) and then to be used in the test runner for a repro.
This also speeds up variant iteration for test262 and fixes
a bug with variants for benchmarks.
BUG=chromium:511215
NOTREECHECKS=true
LOG=n
Review URL: https://codereview.chromium.org/1245623005
Cr-Commit-Position: refs/heads/master@{#29899}
When a prototype object migrates from a slow to a fast map, where the slow map
was registered as a user of its own prototype, then the registration must be
transferred to the new map (just like MigrateToMap does for all other cases).
BUG=chromium:513602
LOG=y
NOTREECHECKS=true
Review URL: https://codereview.chromium.org/1263543004
Cr-Commit-Position: refs/heads/master@{#29898}
Scoping rules are different on recompile vis-a-vis global loads.
BUG=chromium:514526
LOG=y
NOTREECHECKS=true
Review URL: https://codereview.chromium.org/1256413005
Cr-Commit-Position: refs/heads/master@{#29896}
Class bindings are mutable and lexically scoped, with TDZ semantics.
They may not overlap with var bindings in the same scope. This patch
adds tests for those properties.
R=adamk
BUG=v8:3305
LOG=N
Review URL: https://codereview.chromium.org/1254003004
Cr-Commit-Position: refs/heads/master@{#29856}
--harmony_sloppy includes behavior to turn on sloppy mode lexical
bindings. Before this patch, it also included a way to parse let
which is likely web-incompatible (let is disallowed as an
identifier). This patch splits off the let parsing from the more
general block scoping code, so that block scoping can be developed
independently.
R=adamk
LOG=N
BUG=v8:3305
Review URL: https://codereview.chromium.org/1255013002
Cr-Commit-Position: refs/heads/master@{#29855}
In ES5, dates were supposed to default to UTC if no timezone was specified. However, this changed in ES6, which specified that dates should be in the local timezone if no timezone was specified. This CL updates our behavior to match that part of the ES6 spec.
BUG=chromium:391730, v8:4242
LOG=Y
Review URL: https://codereview.chromium.org/1229903004
Cr-Commit-Position: refs/heads/master@{#29854}
- Ensure frame_size is always set during allocation.
- Add DCHECKs that frame_size is a valid value
- Remove locals_count, which we don't need yet (possibly every)
- Add a newline at the end of BytecodeArray::Dissassemble
for each bytecode.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1254873002
Cr-Commit-Position: refs/heads/master@{#29852}
$toLength is slow, causing a 3.8%-8% regression in the Octane RegExp
benchmark. Reverting this patch brings it back up. To make this change,
we'll need a faster implementation fo $toLength.
BUG=chromium:513160
LOG=Y
R=adamk
Review URL: https://codereview.chromium.org/1243053005
Cr-Commit-Position: refs/heads/master@{#29830}
According to the ECMA spec, a 24th hour is allowed if the minutes, seconds, and milliseconds are all zero (i.e. it's midnight). Previously, we parsed the date correctly, however, we failed to account in all checks for the possibility of a 24th hour. This CL changes the check to allow a 24th hour if it's exactly midnight.
BUG=chromium:174609
LOG=Y
Review URL: https://codereview.chromium.org/1240093005
Cr-Commit-Position: refs/heads/master@{#29816}
Adds basic support for generation of interpreter bytecode handler code
snippets. The InterpreterAssembler class exposes a set of low level,
interpreter specific operations which can be used to build a Turbofan
graph. The Interpreter class generates a bytecode handler snippet for
each bytecode by assembling operations using an InterpreterAssembler.
Currently only two simple bytecodes are supported: LoadLiteral0 and Return.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1239793002
Cr-Commit-Position: refs/heads/master@{#29814}
While at it, remove the notion of INTERNAL variables.
@caitp: Took some parts from your CL, since I was blocked on the temp scope bug.
R=mstarzinger@chromium.org
BUG=512574
LOG=N
Review URL: https://codereview.chromium.org/1250513004
Cr-Commit-Position: refs/heads/master@{#29812}
Previous to this CL, ICs used a slightly different code idiom
to get to C++ code from generated code than runtime intrinsics,
using an IC_Utility class that in essence provided exactly
the same functionality as Runtime::FunctionForId, but in its
own quirky way.
This CL unifies the two mechanisms, folding IC_Utility
away by making all IC entry points in C++ code, e.g. IC
miss handlers, full-fledged runtime intrinsics. This makes
it possible to eliminate a bunch of ad-hoc declarations and
adapters that the IC system had to needlessly re-invent.
As a bonus and the original reason for this yak-shave:
IC-related C++ runtime functions are now callable from
TurboFan.
Review URL: https://codereview.chromium.org/1248303002
Cr-Commit-Position: refs/heads/master@{#29811}
Using the GraphBuilder base class forces each node creation to go
through a virtual function dispatch just for the sake of saving the
duplication of the NewNode helper methods. In total that added up to
saving minus (sic!) six lines of code.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1252093002
Cr-Commit-Position: refs/heads/master@{#29799}
There is already non-throwing version FrameMirror.restart and RestartFrame in the livedit-debugger.js just adds a throwing wrapper around it.
Also NEEDS_STEP_IN_PROPERTY_NAME was removed, the client code can decide based on the stack_modified field if "step in" is required.
Chromium side was fixed in https://codereview.chromium.org/1249013002/
BUG=None
LOG=N
Review URL: https://codereview.chromium.org/1247363002
Cr-Commit-Position: refs/heads/master@{#29797}
In simulator data trace, DSLL did not print result and
BAL/BGEZAL omitted result from an instruction executed
in delay slot.
TEST=cctest/test-assembler-mips[64]
BUG=
Review URL: https://codereview.chromium.org/1245173002
Cr-Commit-Position: refs/heads/master@{#29796}
This allows the optimized code map to contain no context-dependent
entries, but still hold one context-independent entry. This is a
precursor to extending the lifetime of the context-independent entry.
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/1249543005
Cr-Commit-Position: refs/heads/master@{#29788}
The background parser checks for debugger state in its constructor. This
is not good enough, since the debugger state may change afterwards, but
before compiling takes place. As the background parser can only parse
lazily, this could mean that due to debugging, we try to eagerly compile
an inner function we have not eagerly parsed.
R=jochen@chromium.org
Review URL: https://codereview.chromium.org/1247743002
Cr-Commit-Position: refs/heads/master@{#29784}
Consolidated conflict detection and traversal logic in CoalescedLiveRanges to avoid duplication in both code and testing. In addition, this change achieves better separation between CoalescedLiveRanges and other register allocator components, improving testability and maintainability.
BUG=
Review URL: https://codereview.chromium.org/1219063017
Cr-Commit-Position: refs/heads/master@{#29783}
Many mjsunit tests (as well as the promises-aplus adapter scripts) were
using Object.observe simply for microtask-enqueueing purposes. Replaced
such uses with %EnqueueMicrotask.
Review URL: https://codereview.chromium.org/1246933002
Cr-Commit-Position: refs/heads/master@{#29779}
This reverts commit 80b3f16951.
Revert "Record code slots that may point to evacuation candidate objects after deoptimizing them."
This reverts commit 4621210cfe.
BUG=chromium:507840
LOG=n
Review URL: https://codereview.chromium.org/1239383004
Cr-Commit-Position: refs/heads/master@{#29778}
The InterpreterAssembler needs to specify a specific CallDescriptor type
instead of using the SimplifiedCDescriptor type. This CL makes it possible
to specify the CallDescriptor used by the RawMachineAssembler instead of
specifying a MachineSignature.
Also removes instruction-selector-tester.h which was erroneously resurrected
at some point.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1235313002
Cr-Commit-Position: refs/heads/master@{#29777}
In many cases, the context that TurboFan's ASTGraphBuilder or subsequent
reduction operations attaches to nodes does not need to be that exact
context, but rather only needs to be one with the same native context,
because it is used internally only to fetch the native context, e.g. for
creating and throwing exceptions.
This reducer recognizes common cases where the context that is specified
for a node can be relaxed to a canonical, less specific one. This
relaxed context can either be the enclosing function's context or a specific
Module or Script context that is explicitly created within the function.
This optimization is especially important for TurboFan-generated code stubs
which use context specialization and inlining to generate optimal code.
Without context relaxation, many extraneous moves are generated to pass
exactly the right context to internal functions like ToNumber and
AllocateHeapNumber, which only need the native context. By turning context
relaxation on, these moves disappear because all these common internal
context uses are unified to the context passed into the stub function, which
is typically already in the correct context register and remains there for
short stubs. It also eliminates the explicit use of a specialized context
constant in the code stub in these cases, which could cause memory leaks.
Review URL: https://codereview.chromium.org/1244583003
Cr-Commit-Position: refs/heads/master@{#29763}
Prior to this patch, we enter a global debug mode whenever a break point
is set. By entering this mode, all code is deoptimized and activated
frames are recompiled and redirected to newly compiled debug code.
After this patch, we only deoptimize/redirect for functions we want to
debug. Trigger for this is Debug::EnsureDebugInfo, and having DebugInfo
object attached to the SFI prevents optimization/inlining.
The result is that we can have optimized code for functions without break
points alongside functions that do have break points, which are not
optimized.
R=mstarzinger@chromium.org, ulan@chromium.org
BUG=v8:4132
LOG=Y
Review URL: https://codereview.chromium.org/1233073005
Cr-Commit-Position: refs/heads/master@{#29758}
NumberFormat previously just used a min of 0 digits after the decimal and a max of 3. This CL changes it so that we use the ICU currency data, and set the min and max to the number of numbers after the decimal point for each currency.
This CL also fixes a small bug where if the minimum fraction digits is above 3 but the maximum fraction digits isn't set, then it returns with only three numbers after the decimal point.
BUG=435465,473104,304722
LOG=Y
Review URL: https://codereview.chromium.org/1231613006
Cr-Commit-Position: refs/heads/master@{#29734}
Additionally, push the allocation site or undefined independently of creating a memento to preserve a fixed size for the construct frames.
BUG=
Review URL: https://codereview.chromium.org/1239593003
Cr-Commit-Position: refs/heads/master@{#29719}
- Test that TypedArray properties cannot be set in strict mode
Properties like %TypedArray%.prototype.length have a getter and no
setter. This test verifies that property, which was apparently not
true in the past or had no test ensuring throwing in this case.
- Test that TypedArray integer indexed properties (array elements)
are not configurable
Both of these have passed for some time, but there are open bugs against
them and apparently no tests verifying that they are fixed.
BUG=v8:3048, v8:3799
LOG=N
R=adamk
Review URL: https://codereview.chromium.org/1232843005
Cr-Commit-Position: refs/heads/master@{#29717}
This is a change from ES5 to ES6: When reversing an array, first it is checked
whether the element exists, before the element is looked up. The order in ES6
is
[[HasElement]] lower
[[Get]] lower (if present)
[[HasElement]] upper
[[Get]] upper (if present)
In ES5, on the other hand, the order was
[[Get]] lower
[[Get]] upper
[[HasElement]] lower
[[HasElement]] upper
To mitigate the performance impact, this patch implements a new, third copy
of reversing arrays if %_HasPackedElements. This allows us to skip all
membership tests, and a quick and dirty benchmark shows that the new version
is faster:
Over 4 runs, the slowest for the new version:
d8> var start = Date.now(); for (var i = 0; i < 100000000; i++) [1, 2, 3, 4, 5].reverse(); Date.now() - start
4658
Over 3 runs, the fastest for the old version:
d8> var start = Date.now(); for (var i = 0; i < 100000000; i++) [1, 2, 3, 4, 5].reverse(); Date.now() - start
5176
BUG=v8:4223
R=adamk
LOG=Y
Review URL: https://codereview.chromium.org/1238593003
Cr-Commit-Position: refs/heads/master@{#29716}
ES2015 made a change vs ES5, where the "lastIndex" property of a
RegExp (which can be modified by a user to start the next search at
a different location) is cast to an integer with ToLength rather
than ToInteger. The main difference is on negative numbers, and
this is tested by test262. This patch implements that change on
RegExps and enables the test262 test now that it passes.
R=adamk
LOG=Y
BUG=v8:4244
Review URL: https://codereview.chromium.org/1241713004
Cr-Commit-Position: refs/heads/master@{#29715}
This CL exposes the constructor function, defines type related
information, and implements value type semantics.
It also refactors test/mjsunit/samevalue.js to test SameValue and SameValueZero.
TEST=test/mjsunit/harmony/simd.js, test/cctest/test-simd.cc
LOG=Y
BUG=v8:4124
Committed: https://crrev.com/e5ed3bee99807c502fa7d7a367ec401e16d3f773
Cr-Commit-Position: refs/heads/master@{#29689}
Review URL: https://codereview.chromium.org/1219943002
Cr-Commit-Position: refs/heads/master@{#29712}
This makes the implicit initializing assignment to 'this' performed
after a super constructor call explicit in the AST. It removes the
need to handle the special case where a CallExpression behaves like a
AssignmentExpression from various AstVisitor implementations.
R=rossberg@chromium.org
Review URL: https://codereview.chromium.org/1226123010
Cr-Commit-Position: refs/heads/master@{#29705}
Improved checking target ranges for J and JAL instructions.
Adapted disassembler test for J and JAL instructions.
TEST=cctest/test-disasm-mips[64]
BUG=
Review URL: https://codereview.chromium.org/1237083003
Cr-Commit-Position: refs/heads/master@{#29693}
These were added when I thought they would be useful in Blink, but as
it turned out they were not. They could likely be deleted immediately,
but to play it safe I'll go through the usual deprecation process.
Review URL: https://codereview.chromium.org/1236263004
Cr-Commit-Position: refs/heads/master@{#29690}
This CL exposes the constructor function, defines type related
information, and implements value type semantics.
It also refactors test/mjsunit/samevalue.js to test SameValue and SameValueZero.
TEST=test/mjsunit/harmony/simd.js, test/cctest/test-simd.cc
LOG=Y
BUG=v8:4124
Review URL: https://codereview.chromium.org/1219943002
Cr-Commit-Position: refs/heads/master@{#29689}
During parsing, we now keep track of the first spread seen in an array
literal (if any), and make use of that information when creating the
FixedArray backing store representing the constant elements for array
literal materialization.
The old code tried to do this by setting the generated JSArray's length
in ArrayLiteral::BuildConstantElements(), but that Array length is never
read by the rest of the literal materialization code (it always uses
the length of the FixedArray backing store).
BUG=v8:4298
LOG=n
Review URL: https://codereview.chromium.org/1225223004
Cr-Commit-Position: refs/heads/master@{#29684}
By not having to patch the return sequence (we patch the debug
break slot right before it), we don't overwrite it and therefore
don't have to keep the original copy of the code around.
R=ulan@chromium.org
BUG=v8:4269
LOG=N
Review URL: https://codereview.chromium.org/1234833003
Cr-Commit-Position: refs/heads/master@{#29672}
A sloppy mode eval call that establishes strict mode will leak that strictness
into the sloppy surrounding scope on recompile. This changes the structure
of the type feedback vector for the function and crashes follow.
The fix is straightforward.
BUG=491536, 503565
LOG=N
Review URL: https://codereview.chromium.org/1231343003
Cr-Commit-Position: refs/heads/master@{#29671}
Duplicate parameters are banned both overall in strict mode and also
in arrow functions. Our error message for both cases blamed strict
mode, which is confusing. This patch fixes the message to point to
arrow functions as a possible source as well.
R=wingo, adamk
LOG=N
Review URL: https://codereview.chromium.org/1236863008
Cr-Commit-Position: refs/heads/master@{#29662}
For destructuring bind, the parser needs to complain about things
which are inappropriate to have on the left-hand side.
Previously, regexp literals and template literals were let through
the parser inappropriately. This patch turns those into errors.
This patch also fixes off-by-one errors in reporting the location
of this type of error for strings and numbers. Before the patch,
the error would look like:
d8> var {x: 3} = {x: 4}
(d8):1: SyntaxError: Unexpected number
var {x: 3} = {x: 4}
^
SyntaxError: Unexpected number
And with the patch, the error is
d8> var {x: 3} = {x: 4}
(d8):1: SyntaxError: Unexpected number
var {x: 3} = {x: 4}
^
SyntaxError: Unexpected number
R=rossberg
Review URL: https://codereview.chromium.org/1236803003
Cr-Commit-Position: refs/heads/master@{#29661}
Note: the previous try was reverted for occasional flaky tests. This continued
after the revert, and should be fixed by
https://codereview.chromium.org/1226143003.
Previously, the serialization code would call Externalize for every transferred
ArrayBuffer or SharedArrayBuffer, but that function can only be called once. If
the buffer is already externalized, we should call GetContents instead.
Also fix use-after-free bug when transferring ArrayBuffers. The transferred
ArrayBuffer must be internalized in the new isolate, or be managed by the
Shell. The current code gives it to the isolate externalized and frees it
immediately afterward when the SerializationData object is destroyed.
BUG=chromium:497295
R=jarin@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1223813008
Cr-Commit-Position: refs/heads/master@{#29658}
--debug-code causes full-codegen on arm64 to emit different number
of calls, which confuses the debugger when on-stack replacing code
with recompiled debug version on-stack.
BUG=chromium:507070
TBR=mstarzinger@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/1228353004
Cr-Commit-Position: refs/heads/master@{#29638}
The new implemtation counts the number of calls (or continuations)
before the PC to find the corresponding PC in the new code.
R=mstarzinger@chromium.org
BUG=chromium:507070
LOG=N
Review URL: https://codereview.chromium.org/1235603002
Cr-Commit-Position: refs/heads/master@{#29636}
The CL addes convenienve method that allows to write code like the following
v8::Local<v8::Object> local = v8::Local<v8::Object>::New(global, isolate);
in a more readable way:
v8::Local<v8::Object> local = global.Get(isolate);
There is already v8::Eternal::Get that does similar thing.
BUG=None
LOG=Y
Review URL: https://codereview.chromium.org/1237603003
Cr-Commit-Position: refs/heads/master@{#29616}
Until now, TF-generated code stubs piggy-backed off of the builtin
context. Since generation of code stubs is lazy, stubs generated at
different times in different native contexts would contain embedded
pointers different builtin contexts, leading to cross-context references
and memory leaks.
After this CL, all TF-generated code stubs are generated inside a
internal thinned-out, native context that lives solely for the
purpose of hosting generated code stubs.
Review URL: https://codereview.chromium.org/1213203007
Cr-Commit-Position: refs/heads/master@{#29593}
This CL also adds hydrogen stubs for global loads and global stores, full-codegen and TurboFan now uses this machinery.
Review URL: https://codereview.chromium.org/1224793002
Cr-Commit-Position: refs/heads/master@{#29592}
Note that there are currently no objects that require a pre-allocated
properties backing store, all such slots are in-object properties from
the begining. Hence {unused + pre_allocated - inobject == 0} holds.
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/1226203011
Cr-Commit-Position: refs/heads/master@{#29590}
Reduce Float64 comparison to Float32 when both inputs are conversions from
Float32.
Review URL: https://codereview.chromium.org/1235663002
Cr-Commit-Position: refs/heads/master@{#29586}
For now it uses a pretty slow path for accessing strings by wrapping it into a new temporary wrapper.
BUG=v8:4042, v8:3088
LOG=y
Review URL: https://codereview.chromium.org/1221303019
Cr-Commit-Position: refs/heads/master@{#29576}
EnumtSet has been deprecated for quite some time, and replaced with the
more general and type safe base::Flags template class.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1229233002
Cr-Commit-Position: refs/heads/master@{#29564}
Break point at calls are currently set via IC. To change this, we
need to set debug break slots instead. We also need to distinguish
those debug break slots as calls to support step-in.
To implement this, we add a data field to debug break reloc info to
indicate non-call debug breaks or in case of call debug breaks, the
number of arguments. We can later use this to find the callee on the
evaluation stack in Debug::PrepareStep.
BUG=v8:4269
R=ulan@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/1222093007
Cr-Commit-Position: refs/heads/master@{#29561}
When running without a snapshot, the GlobalEval function gets lazy compiled.
By the time we compile it, its name is "eval", which causes the parser to
choke (functions named "eval" aren't allowed in strict mode!).
Instead, we now always skip checking the function name when lazy-parsing,
as the name has already been checked appropriately by the preparser.
Also cleaned up other cases that don't require name checking by introducing
FunctionNameValidity enum and passing appropriate values throughout the
parser and preparser.
This lets us pass an additional 18 test262 tests.
BUG=v8:4198
LOG=n
Review URL: https://codereview.chromium.org/1227093005
Cr-Commit-Position: refs/heads/master@{#29559}
Instead of updating the SharedFuntionInfo set the name property on
the function directly.
BUG=v8:4278
LOG=N
R=verwaest@chromium.org, littledan@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1227523003
Cr-Commit-Position: refs/heads/master@{#29558}
When quit() is called, d8 shell exits without cleanup. If a worker is running,
it might be holding the context_mutex_, which if destroyed will DCHECK.
BUG=4279
R=jarin@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1231473002
Cr-Commit-Position: refs/heads/master@{#29557}
The function returned from Function.prototype.bind should have the same
[[Prototype]] as the receiver.
BUG=v8:3889
LOG=N
R=adamk@chromium.org, verwaest@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1217603005
Cr-Commit-Position: refs/heads/master@{#29556}
This basically means that we must not use the b(Label*) version here,
but the b(int) version instead to jump over the constant pool.
BUG=v8:4292
LOG=y
Review URL: https://codereview.chromium.org/1224243002
Cr-Commit-Position: refs/heads/master@{#29552}
The b, bl and blx methods that take labels basically ignore the constant
pool check and just block the constant pool for the next instruction.
This way a long enough sequence of those instructions will block can
potentially block the constant pool emission for too long.
BUG=v8:4292
LOG=y
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1223093004
Cr-Commit-Position: refs/heads/master@{#29550}
The breakage to Chrome seems to be based on @@isConcatSpreadable
and turning that part off with this patch fixes the Maps Tips & Tricks
test case.
BUG=chromium:507553
LOG=Y
R=adamk
Review URL: https://codereview.chromium.org/1226063002
Cr-Commit-Position: refs/heads/master@{#29545}
Optimize string "length" property access based on static type
information if possible, but also optimistically optimize the access
based on type feedback from the LoadIC.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1216593003
Cr-Commit-Position: refs/heads/master@{#29543}
This one occurred when serializing an object. When the property getter threw an
exception, that value was skipped, but the property count wasn't updated. The
deserializer then tried to deserialize the wrong value.
BUG=chromium:506549
R=jarin@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1220193004
Cr-Commit-Position: refs/heads/master@{#29541}
- Add a TurboFanIC class, derived from TurboFanCodeStub, that
automatically distinguishes between versions of the IC called from
optimized and unoptimized code.
- Add appropriate InterfaceDescriptors for both the versions of the
stub called from unoptimized and optimized code
- Change the MathFloor TF stub generator to output either the
for-optimized or for-unoptimized version based on the minor_key
parameter.
Committed: https://crrev.com/8f13b655b8a10dae2116dd18b32f09337bb2d410
Cr-Commit-Position: refs/heads/master@{#29534}
Review URL: https://codereview.chromium.org/1225943002
Cr-Commit-Position: refs/heads/master@{#29539}
Reason for revert:
Failure on compiling runtime.js on windows
Original issue's description:
> Add unoptimized/optimized variants of MathFloor TF code stub
>
> - Add a TurboFanIC class, derived from TurboFanCodeStub, that
> automatically distinguishes between versions of the IC called from
> optimized and unoptimized code.
> - Add appropriate InterfaceDescriptors for both the versions of the
> stub called from unoptimized and optimized code
> - Change the MathFloor TF stub generator to output either the
> for-optimized or for-unoptimized version based on the minor_key
> parameter.
>
> Committed: https://crrev.com/8f13b655b8a10dae2116dd18b32f09337bb2d410
> Cr-Commit-Position: refs/heads/master@{#29534}
TBR=mvstanton@chromium.org,bmeurer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1220783006
Cr-Commit-Position: refs/heads/master@{#29535}
- Add a TurboFanIC class, derived from TurboFanCodeStub, that
automatically distinguishes between versions of the IC called from
optimized and unoptimized code.
- Add appropriate InterfaceDescriptors for both the versions of the
stub called from unoptimized and optimized code
- Change the MathFloor TF stub generator to output either the
for-optimized or for-unoptimized version based on the minor_key
parameter.
Review URL: https://codereview.chromium.org/1225943002
Cr-Commit-Position: refs/heads/master@{#29534}
Smi immediates are not supported, so instructions with Smi representations need their constants in a register. LAddI has already been doing this. The manifestation of the bug was that an operation would compute 0 instead of the correct result.
BUG=chromium:478612
LOG=y
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/1224623017
Cr-Commit-Position: refs/heads/master@{#29529}
We actually need round to zero truncation to implement the counterpart
of LDoubleToI in TurboFan, which tries to convert a double to an integer
as required for keyed load/store optimizations.
Drive-by-cleanup: Reduce some code duplication in the InstructionSelector
implementations.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1225993002
Cr-Commit-Position: refs/heads/master@{#29527}
The RawMachineAssembler will be used to build the interpreter, so it needs
to move back to src/compiler.
This reverts commit b5b00cc031.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1221303014
Cr-Commit-Position: refs/heads/master@{#29519}
If we compile handlers to call accessors, Debug::HandleStepIn won't get
called. Therefore we need to clear ICs each time. This has not been
necessary before because we used to patch ICs for breaking, and restored
them with cleared ICs. This is no longer the case. We do not use ICs
for breaking anymore, so they are not implicitly cleared any longer.
R=mvstanton@chromium.org
BUG=v8:4269
LOG=N
Review URL: https://codereview.chromium.org/1212253009
Cr-Commit-Position: refs/heads/master@{#29518}
Reason for revert:
[Sheriff] Test hangs sometimes and times out flakily. E.g.: http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosse3/builds/4551/steps/Check%20%28flakes%29/logs/d8-worker-sharedarray..
Original issue's description:
> Fix bug when transferring SharedArrayBuffer to multiple Workers.
>
> Previously, the serialization code would call Externalize for every transferred
> ArrayBuffer or SharedArrayBuffer, but that function can only be called once. If
> the buffer is already externalized, we should call GetContents instead.
>
> Also fix use-after-free bug when transferring ArrayBuffers. The transferred
> ArrayBuffer must be internalized in the new isolate, or be managed by the
> Shell. The current code gives it to the isolate externalized and frees it
> immediately afterward when the SerializationData object is destroyed.
>
> BUG=chromium:497295
> R=jarin@chromium.org
> LOG=n
>
> Committed: https://crrev.com/dd7962bf7838f8379ba776ee6b7b0e4d3bec2140
> Cr-Commit-Position: refs/heads/master@{#29499}
TBR=jarin@chromium.org,jochen@chromium.org,binji@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:497295
Review URL: https://codereview.chromium.org/1224843008
Cr-Commit-Position: refs/heads/master@{#29506}
Previously, the serialization code would call Externalize for every transferred
ArrayBuffer or SharedArrayBuffer, but that function can only be called once. If
the buffer is already externalized, we should call GetContents instead.
Also fix use-after-free bug when transferring ArrayBuffers. The transferred
ArrayBuffer must be internalized in the new isolate, or be managed by the
Shell. The current code gives it to the isolate externalized and frees it
immediately afterward when the SerializationData object is destroyed.
BUG=chromium:497295
R=jarin@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1215233004
Cr-Commit-Position: refs/heads/master@{#29499}
Remove the context specialization hack from the AstGraphBuilder, and
properly specialize to the function context in the context specialization.
And replace the correct context in the JSInliner.
R=mstarzinger@chromium.org
BUG=v8:4273
LOG=n
Review URL: https://codereview.chromium.org/1218873005
Cr-Commit-Position: refs/heads/master@{#29493}
We have to reland these two commits at once, because the first breaks
some asm.js benchmarks without the second. The change was reverted
because of bogus checks in the verifier, which will not work in the
presence of OSR (and where hidden because of the type back propagation
hack in OSR so far). Original messages are below:
[turbofan] Add new JSFrameSpecialization reducer.
The JSFrameSpecialization specializes an OSR graph to the current
unoptimized frame on which we will perform the on-stack replacement.
This is used for asm.js functions, where we cannot reuse the OSR
code object anyway because of context specialization, and so we could as
well specialize to the max instead.
It works by replacing all OsrValues in the graph with their values
in the JavaScriptFrame.
The idea is that using this trick we get better performance without
doing the unsound backpropagation of types to OsrValues later. This
is the first step towards fixing OSR for TurboFan.
[turbofan] Perform OSR deconstruction early and remove type propagation.
This way we don't have to deal with dead pre-OSR code in the graph
and risk optimizing the wrong code, especially we don't make
optimistic assumptions in the dead code that leaks into the OSR code
(i.e. deopt guards are in dead code, but the types propagate to OSR
code via the OsrValue type back propagation).
BUG=v8:4273
LOG=n
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1226673005
Cr-Commit-Position: refs/heads/master@{#29486}
`WriteUtf16Slow` should not assume that the output buffer has enough
bytes to hold both words of surrogate pair. It should pass the number of
remaining bytes to the `Utf8::ValueOf` instead, just as we already do in
`Utf8DecoderBase::Reset`. Otherwise it will attempt to write the trail
uint16_t past the buffer boundary, leading to memory corruption and
possible crash.
Originally reported by: Kris Reeves <kris.re@bbhmedia.com>
BUG=v8:4274
R=danno
R=svenpanne
LOG=y
Review URL: https://codereview.chromium.org/1226493003
Cr-Commit-Position: refs/heads/master@{#29485}
This way we don't have to deal with dead pre-OSR code in the graph and
risk optimizing the wrong code, especially we don't make optimistic
assumptions in the dead code that leaks into the OSR code (i.e. deopt
guards are in dead code, but the types propagate to OSR code via the
OsrValue type back propagation).
BUG=v8:4273
LOG=n
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1215333005
Cr-Commit-Position: refs/heads/master@{#29478}
The context constant cannot be materialized from the frame when we are
compiling for OSR, because the context spill slot contains the current
instead of the outermost context in full-codegen.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1220013003
Cr-Commit-Position: refs/heads/master@{#29472}
Currently we lower shifts directly to machine operators, and add an
appropriate Word32And to implement the & 0x1F operation on the right
hand side required by the specification. However for Word32And we assume
Int32 in simplified lowering, which is basically changes the right hand
side bit interpretation for the shifts from Uint32 to Int32, which is
obviously wrong. So now we represent that explicitly by proper
simplified operators for the shifts, which are lowered to machine in
simplified lowering.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1213803008
Cr-Commit-Position: refs/heads/master@{#29465}
Keeping this CL separate in case there are more GC-stress problems.
BUG=v8:3956
LOG=N
Review URL: https://codereview.chromium.org/1217543006
Cr-Commit-Position: refs/heads/master@{#29449}
This is an adaptation of test-profile-generator/BailoutReason to when
try-catch statements are optimizable. They will no longer cause any
bailout reason to be reported.
R=yangguo@chromium.org
TEST=cctest/test-profile-generator/BailoutReason
Review URL: https://codereview.chromium.org/1213113007
Cr-Commit-Position: refs/heads/master@{#29440}
The only right way to enable access checks is to install access check callbacks on an object template via v8::ObjectTemplate::SetAccessCheckCallbacks(). It does not make sense to enable access checks on an arbitrary object.
Review URL: https://codereview.chromium.org/1217893012
Cr-Commit-Position: refs/heads/master@{#29439}
This involves:
- Enabling the tail call optimization reducer in all cases.
- Adding an addition flag to CallFunctionParameters to mark call sites
that can be tail-called enabled.
- Only set the tail-call flag for %_CallFunction.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1216933011
Cr-Commit-Position: refs/heads/master@{#29436}
Support 32-bit cmp with shift/extend by reusing the existing add/sub shift and
extend code.
Review URL: https://codereview.chromium.org/1218103005
Cr-Commit-Position: refs/heads/master@{#29435}
Conditionally including Array and TypedArray methods seems to cause
a slowdown in V8 context creation, possibly due to the new code added.
BUG=chromium:504629
R=adamk@chromium.org
LOG=Y
Review URL: https://codereview.chromium.org/1215863003
Cr-Commit-Position: refs/heads/master@{#29430}
This is more consistent with the DOM API, and is clearer w.r.t. which values
are available in the lexical environment of the Worker.
BUG=chromium:497295
R=jarin@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1218553004
Cr-Commit-Position: refs/heads/master@{#29426}
Disabling rsqrt and recip for mips32r1 in assembler, disassembler and simulator
Review URL: https://codereview.chromium.org/1221663006
Cr-Commit-Position: refs/heads/master@{#29425}
This change changes bootstrapping semantics for intercepted global objects. Unlike before, we'll now also call into the interceptor during bootstrapping. This affects properties loaded from within the runtime, such as global.Array and global.Symbol. The embedder will need to make sure that those values are the expected values during bootstrapping.
BUG=chromium:505998
LOG=n
Review URL: https://codereview.chromium.org/1220813005
Cr-Commit-Position: refs/heads/master@{#29414}
The enumerable expression in a for-in/of loop is supposed to have a TDZ for any
lexically bound names in that loop (there can be more than one with destructuring).
This patch accomplishes this with an almost-correct desugaring. The only thing missing
is proper debugger support (the let declarations added by the desugaring, while invisible
to code due to shadowing, are visible to the debugger).
BUG=v8:4210
LOG=n
Review URL: https://codereview.chromium.org/1218543003
Cr-Commit-Position: refs/heads/master@{#29396}