Any context outer to what we're parsing already has proper context allocation, so we don't need to check those scopes.
BUG=v8:5501
Review-Url: https://codereview.chromium.org/2417643003
Cr-Commit-Position: refs/heads/master@{#40256}
In a fuzzer testcase I found locally the ast-decoder spent a lot of time
in the decoding of kExprBrTable after the decoder already found an
error. I did not add a test because the fuzzer test case did not
actually crash. It only run out of memory in the chromium fuzzer.
R=titzer@chromium.org
Review-Url: https://codereview.chromium.org/2413863003
Cr-Commit-Position: refs/heads/master@{#40254}
This moves the implementation of @@replace from regexp.js to builtins-regexp.cc
(the TurboFan fast path) and runtime-regexp.cc (slow path). The fast path
handles all cases in which the regexp itself is an unmodified JSRegExp
instance, the given 'replace' argument is not callable and does not contain any
'$' characters (i.e. we are doing a string replacement).
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2398423002
Cr-Commit-Position: refs/heads/master@{#40253}
This fixes the code-path in RegExpExec in which both the passed exec
argument and regexp.exec are not callable and regexp is a JSRegExp.
In this case, we fall back to the default RegExp.prototype.exec
implementation. The arguments for Execution::call were incorrect.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2415073002
Cr-Commit-Position: refs/heads/master@{#40249}
I don't see a reason why we can't benefit from preparsing such functions. We don't necessarily compile them, so fully parsing them when unnecessary is just additional overhead.
BUG=v8:5501
Review-Url: https://codereview.chromium.org/2413213002
Cr-Commit-Position: refs/heads/master@{#40248}
port c15c58274f (r40206)
original commit message:
This is the next step to unify the Call/Construct feedback collection
and prepare it to be able to collect SharedFunctionInfo feedback. This
also reduces the CallICStub overhead quite a bit since we only need one
stub per mode (and tail call mode), not also one per call arity.
BUG=
Review-Url: https://codereview.chromium.org/2409953005
Cr-Commit-Position: refs/heads/master@{#40244}
This incorporates recent feedback:
- simpler deserialization API by dropping the std::unique_ptr.
The only purpose there was communicating to the caller that they
own the buffer, and that the deserializer won't delete it. The new
design communicates that through a naming choice.
- renamed *UncompiledBytes to *WasmWireBytes
BUG=
Review-Url: https://codereview.chromium.org/2411263004
Cr-Commit-Position: refs/heads/master@{#40238}
The over allocated memory of fixed array type didn't equal to the sum of all
fixed array sub types previously, this patch adds over allocated memory of fixed
array sub types to fixed array type when we record fixed array sub type stats.
BUG=
LOG=N
Review-Url: https://codereview.chromium.org/2410083003
Cr-Commit-Position: refs/heads/master@{#40234}
By defining functions with namespace prefix, the compiler checks that
they were previously declared, and checks that the signature matches.
I stumbled across this several times when changing the interface of a
function in the header.
With this change you get a compile error right away instead of a linker
error in the very end.
This change also revealed two functions which could be placed in an
anonymous namespace, saving 5.5kB program size in Debug build, 2.3kB in
Optdebug and 0.3kB in Release. It's also opening more options for
compiler optimizations, as the functions now have internal linkage.
R=titzer@chromium.org
Review-Url: https://codereview.chromium.org/2415603002
Cr-Commit-Position: refs/heads/master@{#40233}
The state sampling was implemented in chrome, we had an interface for it
V8 but it was not implemented yet.
The chrome version version has been removed in
https://codereview.chromium.org/2406703002/
Therefore following up with its removal in V8 as well.
This CL can land independent of the Chromium related CL.
R=primiano@chromium.org,alph@chromium.org
Review-Url: https://codereview.chromium.org/2410523002
Cr-Commit-Position: refs/heads/master@{#40232}
This CL is in preparation for the upcoming port of
RegExp.prototype.replace, which will need use these methods in
runtime-regexp.cc. Moving them in advance makes that diff less noisy.
BUG=v8:5339
Review-Url: https://codereview.chromium.org/2398413002
Cr-Commit-Position: refs/heads/master@{#40229}
Unittests for protocol parser are located in core/inspector in blink and separate test runner for inspector tests was added.
BUG=chromium:635948
R=dgozman@chromium.org,yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2376173002
Cr-Commit-Position: refs/heads/master@{#40226}
... because the latter automatically respects the desired calling convention.
BUG=v8:5408
Review-Url: https://codereview.chromium.org/2391043005
Cr-Commit-Position: refs/heads/master@{#40223}
Thus the parameter indices defined in respective CallInterfaceDescriptor can
be used for querying parameters.
BUG=
Review-Url: https://codereview.chromium.org/2389133007
Cr-Commit-Position: refs/heads/master@{#40222}
The race can happen if:
1) Fixed array A is right before object B in new space
2) A slot in object C located in old space points to object B (old to new remembered set entry is created)
3) Object C becomes unreachable which held the only reference to object B which also becomes unreachable
4) Fixed array A gets right trimmed
5) The sweeper will sweep the last word of object A and object B. It will write the free space map into the last word of object A and a size field in the first word of object B.
6) Pointer updating may observe the size field now because the recored slot points to the start of object B and will confuse it with a forwarding pointer.
Note a similar race may happen with left trimming. Array A points to its backing store, the backing store gets left trimmed by 1 element, and array A dies.
BUG=
Review-Url: https://codereview.chromium.org/2416563002
Cr-Commit-Position: refs/heads/master@{#40218}
This should restore the codeload regression when FLAG_lazy_inner_functions is turned off
BUG=v8:5501
Review-Url: https://codereview.chromium.org/2412483005
Cr-Commit-Position: refs/heads/master@{#40217}
Because of the planned improvements of IC system it does not make sense to
keep the old platform version of the stub around.
Review-Url: https://codereview.chromium.org/2413653003
Cr-Commit-Position: refs/heads/master@{#40216}
If we're parsing a script or based on a SharedFunctionInfo marked as toplevel, we can implicitly set it. Only manually set in the background parsing task where we manually set up ParseInfo.
BUG=v8:5501
Review-Url: https://codereview.chromium.org/2405263003
Cr-Commit-Position: refs/heads/master@{#40215}
This is allocating registers in the function for all inner contexts that can be active in that function, so that nested blocks always have O(1) access to all outer contexts. However, currently it's always walking into nested functions, overallocating the number of registers, causing additional register pressure.
BUG=v8:5484
Review-Url: https://codereview.chromium.org/2408303003
Cr-Commit-Position: refs/heads/master@{#40214}
This CL also introduces a NoBarrierAtomicValue with NoBarrier accessors.
BUG=chromium:648568
Review-Url: https://codereview.chromium.org/2408233004
Cr-Commit-Position: refs/heads/master@{#40213}
Because of the planned improvements of IC system it does not make sense to
keep the old platform version of the stub around.
Review-Url: https://codereview.chromium.org/2418513002
Cr-Commit-Position: refs/heads/master@{#40211}
WordIsSmi, by itself, is not that descriptive, as it just ands a word with the heap object tag. With this change, the MachineGraphVerifier can check that the input to TaggedIsSmi actually has a tagged representation.
This CL also introduces a few bitcast operators in the Smi* macros in the CodeStubAssembler.
R=bmeurer@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2407303002
Cr-Commit-Position: refs/heads/master@{#40209}
