This patch extends the typed lowering with a specialized version of 'instanceof' that is used if the "class", i.e. the constructor function, is a known constant.
Unittests check that replacement occurs as intended. Functional correctness is ensured by extensive unit tests covering instanceof already in the testsuite.
TESTS=unittests/JSTypedLoweringTest.{JSInstanceOfSpecializationWithSmiCheck,JSInstanceOfSpecializationWithoutSmiCheck,JSInstanceOfNoSpecialization}
Review URL: https://codereview.chromium.org/1407413014
Cr-Commit-Position: refs/heads/master@{#31916}
The body descriptor supports different visiting policies: it could visit or skip
the code entry and it could visit or skip next function field.
BUG=v8:4531
LOG=Y
Review URL: https://codereview.chromium.org/1422773007
Cr-Commit-Position: refs/heads/master@{#31915}
Avoid write barriers when storing values in the root set, and use
cheaper write barriers for storing maps or tagged pointers. Also
improve the generated code for write barriers, utilizing the out
of line code mechanism that is available to TurboFan backends,
which moves the unlikely case out of the hot path.
R=jarin@chromium.org, mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1414183006
Cr-Commit-Position: refs/heads/master@{#31914}
RegExp.prototye[@@split] is not yet implement to spec regarding creating
new RegExp object with the SpeciesConstructor.
R=littledan@chromium.org
BUG=v8:4345
LOG=N
Review URL: https://codereview.chromium.org/1427573005
Cr-Commit-Position: refs/heads/master@{#31911}
port 2b4cb2a140 (r31873)
original commit message:
The %StringCharFromCode and %CharFromCode runtime function perform
exactly the same task, so we need only one of them.
BUG=
Review URL: https://codereview.chromium.org/1432063002
Cr-Commit-Position: refs/heads/master@{#31909}
Reason for revert: failed tests on a Windows build.
TBR=rossberg,cbruni,neis
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1426943007
Cr-Commit-Position: refs/heads/master@{#31907}
Port 7c3396d01c
Original commit message:
Introduce receiver conversion mode specialization for the Call and
CallFunction builtins, so we can specialize the builtin functionality
(actually an optimization only) based on static information from the
callsite (this is basically a superset of the optimizations that were
available with the CallFunctionStub and CallICStub, except that these
optimizations are correct now).
This fixes a regression introduced by the removal of CallFunctionStub,
for programs that call a lot.
R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=chromium:552244
LOG=n
Review URL: https://codereview.chromium.org/1425083004
Cr-Commit-Position: refs/heads/master@{#31905}
This was found through a VC++ 2015 Update 1 warning about
pointer truncation. The fix is required for VC++ 2015
compatibility.
Review URL: https://codereview.chromium.org/1411403011
Cr-Commit-Position: refs/heads/master@{#31897}
I improved the tests for Word32Clz, Word32Ctz, and Word32Popcnt, and ported
some tests to the BufferedRawMachineAssemblerTester.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1437493002
Cr-Commit-Position: refs/heads/master@{#31896}
This unconditionally enables zapping of old optimized code maps and
unifies the various zapping paths. The unconditional zapping, even if
heap verification is off, is needed because slots in the code map have
not been recorded and evacuation invariants break.
R=ulan@chromium.org
Review URL: https://codereview.chromium.org/1410833009
Cr-Commit-Position: refs/heads/master@{#31895}
This makes sure that --trace-turbo or --turbo-source-positions does not
completely disable inlining. The recent introduction of a finalization
interface to the reducer borked the SourcePositionWrapper reducer.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1406113008
Cr-Commit-Position: refs/heads/master@{#31893}
1) they always own descriptors,
2) the number of own descriptors is equal to the number of descriptors in the descriptor array.
This allows an initial map of a subclass to share descriptor array with initial map of the parent class (if it already contains properties).
BUG=chromium:551430
LOG=N
Review URL: https://codereview.chromium.org/1411933005
Cr-Commit-Position: refs/heads/master@{#31892}
This moves the clearing of all optimized code maps out of the GC and
into the debugger to where it is actually required. The main goal here
is to simplify the logic in the already complex visitor for our shared
function info objects.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1423713018
Cr-Commit-Position: refs/heads/master@{#31888}
port 7c3396d01c (r31871)
original commit message:
Introduce receiver conversion mode specialization for the Call and
CallFunction builtins, so we can specialize the builtin functionality
(actually an optimization only) based on static information from the
callsite (this is basically a superset of the optimizations that were
available with the CallFunctionStub and CallICStub, except that these
optimizations are correct now).
This fixes a regression introduced by the removal of CallFunctionStub,
for programs that call a lot.
BUG=
Review URL: https://codereview.chromium.org/1431133002
Cr-Commit-Position: refs/heads/master@{#31884}
Remove some non-standard code that doesn't do anything anyways.
While FireFox uses this to set the default value for the multiline flag,
it is nonstandard and slated for removal. The matching behaviour has
never been implemented in either JSC or V8, so there is little
web-compat risk.
The only possible risk could be someone depending on the ToBoolean()
behaviour of the flag, but this seems unlikely.
BUG=v8:3870
LOG=N
R=adamk@chromium.org, littledan@chromium.org, yangguo@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1417733012
Cr-Commit-Position: refs/heads/master@{#31882}
This switches loading and storing of the message object within the
Isolate to use JavaScript operators built by the JSOperatorBuilder
instead of machine operators. This is a preparation for a stricter
representation selection for loads and stores.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1412443010
Cr-Commit-Position: refs/heads/master@{#31879}
This separates the post-processing step for optimized code maps out of
the CodeFlusher. It uses the complete SharedFunctionInfo::Iterator to
visit all candidates instead of gathering candidates during marking.
Gathering candidates during marking no longer makes sense, now that the
majority of SharedFunctionInfo objects will hold such an optimized code
map. Also it reduces complexity of the implementation. Also conflating
this mechanism with "code flushing" was confusing.
This reverts commit 7f1fb29faa.
R=ulan@chromium.org
Review URL: https://codereview.chromium.org/1418453008
Cr-Commit-Position: refs/heads/master@{#31876}
Introduce Reducer::Finalize, which get's called by the GraphReducer once
all reductions are done, and use this to implement full inlining as part
of the regular reducer fixpoint.
R=jarin@chromium.org
BUG=v8:4493
LOG=n
Review URL: https://codereview.chromium.org/1419373012
Cr-Commit-Position: refs/heads/master@{#31875}
Introduce receiver conversion mode specialization for the Call and
CallFunction builtins, so we can specialize the builtin functionality
(actually an optimization only) based on static information from the
callsite (this is basically a superset of the optimizations that were
available with the CallFunctionStub and CallICStub, except that these
optimizations are correct now).
This fixes a regression introduced by the removal of CallFunctionStub,
for programs that call a lot.
R=yangguo@chromium.org
BUG=chromium:552244
LOG=n
Review URL: https://codereview.chromium.org/1436493002
Cr-Commit-Position: refs/heads/master@{#31871}
While working on frame elision, I wanted to disassemble codegen in the
debugger, as the code generation is progressing. I discovered we had a
"Print" member on the x64 assembler, without any implementation. I
pulled it up to AssemblerBase and gave it an implementation that
should work for the other architectures.
Also checked that ia32, x87, arm and arm64 assemblers didn't have
such an implementation - free Print.
Arm64 has a naming conflict with the v8::internal::Disassembler. I
renamed the arm64 type with a more specific name.
Opportunistically fixed a bug in the name converter. This debug-time
printer doesn't provide a Code object, which should be OK with the
name converters, by the looks of other APIs there. All this means is that
when using the Print() API, we just get addresses dumped without any
context (like what this address may be - a stub maybe, etc). This seems
fine for the scenario.
There may be other places that assume a Code object. Since this is
a diagnostics-only scenario, for codegen developers, I feel it is
reasonable to fix such other places as we find them.
Review URL: https://codereview.chromium.org/1431933003
Cr-Commit-Position: refs/heads/master@{#31869}
JSRegExp's properties backing stores must not be shared.
BUG=chromium:548580
LOG=N
Review URL: https://codereview.chromium.org/1429743006
Cr-Commit-Position: refs/heads/master@{#31867}
