Adds a ForInPrepare Runtime function which returns a triple of
cache_type, cache_array and cache_length.
This requires adding support to CEntryStub to call runtime functions
which return a ObjectTriple - a struct containing three Object*
pointers. Also did some cleanup of the x64 CEntryStub to avoid
replicated code.
Replaces the interpreter's use of the ad-hock InterpreterForInPrepare
Runtime function with ForInPrepare in preparation for fixing deopt in
BytecodeGraphBuilder for ForIn (which will be done in a followup CL).
MIPS port contributed by Balazs Kilvady <balazs.kilvady@imgtec.com>.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1576093004
Cr-Commit-Position: refs/heads/master@{#33334}
We can return the creation context of the [[BoundTargetFunction]], and
don't need to remember the context in which the function was bound.
R=verwaest@chromium.org
BUG=chromium:535408
LOG=n
Review URL: https://codereview.chromium.org/1590273002
Cr-Commit-Position: refs/heads/master@{#33332}
This refactoring removes the dependency on the Token class from the
assembler.h header file, the utility function in question has nothing
to do with assembling in the first place.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1594443003
Cr-Commit-Position: refs/heads/master@{#33330}
That way, we don't have to implement the fast <-> slow migration logic,
and we don't allocate in-object properties anyways
BUG=chromium:571365
R=verwaest@chromium.org,neis@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1582773003
Cr-Commit-Position: refs/heads/master@{#33328}
Unify Object::ToObject and Execution::ToObject, and unify all users to
go to Object::ToObject directly. Also remove some dead code from the
frame details debug API.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1589323002
Cr-Commit-Position: refs/heads/master@{#33327}
Those counters will be incremented concurrently during parallel evacuation of
newspace. This change makes sure we do the updates atomically.
Note that actual reasoning about them happens sequentially on the main thread.
BUG=chromium:524425
LOG=N
R=ulan@chromium.org
Review URL: https://codereview.chromium.org/1585843010
Cr-Commit-Position: refs/heads/master@{#33326}
This splits out the SourcePosition class into a separate header file.
Reason for this refactoring is that said class is mostly used by the
Crankshaft compiler and not needed for all compilers. Also having the
assembler depend on the class creates a dependency cycle.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1581083009
Cr-Commit-Position: refs/heads/master@{#33325}
It is only used locally when exempting pages from the store buffer. This use
case can be replaced with a hashmap at the call site.
BUG=chromium:524425
LOG=N
R=ulan@chromium.org
Review URL: https://codereview.chromium.org/1593583002
Cr-Commit-Position: refs/heads/master@{#33324}
The Object.getOwnPropertySymbols() calls into C++ at least once on every
possible path, so no point in having the JavaScript wrapper.
Drive-by-cleanup: Also move Symbol.prototype creation to C++ as well.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1587153003
Cr-Commit-Position: refs/heads/master@{#33318}
This avoids manual, fragile assignment to Parser::scope_. And once all such
assignments are removed, BlockState might become much more valuable as
a place to reset scope-related state.
Also remove unnecessary nullptr checks after calls to FinalizeBlockScope.
Review URL: https://codereview.chromium.org/1583453003
Cr-Commit-Position: refs/heads/master@{#33313}
Previous changes with subclassable builtins and @@species were a bit
aggressive in making TypedArray.prototype.subarray act like the
ES2016 specification in terms of returning an instance of the
subclass as a result. It turns out that Node.js, and extracted
libraries for the web, subclass TypedArrays but don't expect the
subclass constructor to be called by subarray. @@species will provide
an escape hatch, but it has not shipped yet, and will take some time
for uptake by libraries.
For now, this patch makes TypedArray.prototype.subarray fall back to
constructing an instance of the parent TypedArray class, such as
Uint8Array.
R=adamk
LOG=Y
BUG=v8:4665
Review URL: https://codereview.chromium.org/1583773005
Cr-Commit-Position: refs/heads/master@{#33312}
This avoids generating different scopes on the two compilation passes, which
results in various delirious side-effects.
There's some cleanup to be done in lazy arrow function parsing, but I'd
rather do that in a separate patch, with this one targeted at fixing the
particular crash.
BUG=chromium:572589
LOG=n
Review URL: https://codereview.chromium.org/1575333004
Cr-Commit-Position: refs/heads/master@{#33311}
Respective declarations will explicitly initialise slots
with the hole anyway, so this always was unnecessary.
With varblocks it even became wrong, because block contexts
may now host var bindings, which want undefined.
Fixes the hole leaking when accessing an unitialised,
block-context-allocated var.
R=neis@chromium.org
BUG=571149
LOG=N
Review URL: https://codereview.chromium.org/1584243002
Cr-Commit-Position: refs/heads/master@{#33309}
In short, array literals containing spreads, when used as expressions,
are rewritten using do expressions. E.g.
[1, 2, 3, ...x, 4, ...y, 5]
is roughly rewritten as:
do {
$R = [1, 2, 3];
for ($i of x) %AppendElement($R, $i);
%AppendElement($R, 4);
for ($j of y) %AppendElement($R, $j);
%AppendElement($R, 5);
$R
}
where $R, $i and $j are fresh temporary variables.
R=rossberg@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1564083002
Cr-Commit-Position: refs/heads/master@{#33307}
As luck would have it, there doesn't seem to be a way to trigger
observable misbehavior currently (only with special flags).
BUG=chromium:380671
LOG=n
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/1588013002
Cr-Commit-Position: refs/heads/master@{#33305}
This is the first of several commits to contribute Linux on z Systems
(s390/s390x) port of V8. We will be breaking up the changes into several
(hopefully) logical commits.
This commit contains the changes to V8 Makefile and build toolchains to
introduce S390 macros and compiler options. Just for awareness for reviewers
is that s390 is 31-bit (not 32!) big-endian platform on Linux on z. (MSB of address
is used to distinguish between 24-bit vs 31-bit addressing!) s390x is
64-bit Linux on z. Names follow the general linux convention on the platform.
A quick roadmap on upcoming commits:
- Add \#include of S390 header files in common files
- S390 related tests + tooling changes
- printf macro for printing size_t values.
- S390 platform-specific code generation code (bulk of changes!)
R=danno@chromium.org,svenpanne@chromium.org,michael_dawson@ca.ibm.com,jyan@ca.ibm.com,mtbrandyberry@ca.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1585813002
Cr-Commit-Position: refs/heads/master@{#33304}
We were sometimes losing a splintering opportunity when a range was
ending at the beginning of a hot (==non-deferred) block, when giving
its value to some fixed range - i.e. a fixed operand of the first instruction
in that hot block.
Renamed 2 APIs to better reflect what their intent is.
Added self-checking when introducing moves connecting ranges, to
ensure we don't spill/fill in hot blocks ranges spilled only in deferred
blocks. Verified locally that these checks would have tripped in a few
cases before this change.
BUG=
Review URL: https://codereview.chromium.org/1564583002
Cr-Commit-Position: refs/heads/master@{#33301}
This patch implements eager expression rewriting when parsing. It will
be used for desugaring spreads but may have other uses in the future.
We call Traits::RewriteExpression as soon as we realise that something
parsed as an expression is actually used as an expression (and not as
a pattern). This patch adds a dummy implementation for this function,
doing no rewriting at all, and adds the trigers in the right places of
the parser.
R=rossberg@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1567603005
Cr-Commit-Position: refs/heads/master@{#33300}
When reserving a stack slot for the receiver, push an Immediate(0)
rather than a register that contains an untagged integer.
All other platforms push zero already.
Review URL: https://codereview.chromium.org/1585183002
Cr-Commit-Position: refs/heads/master@{#33299}
Split RegisterAllocationScope out of ExpressionResult and allocate one
for each statement. This ensures that we always have an outer register
allocation scope for statement code (used in CountOperation and
RegisterExecutionResult). Also refactored the register allocator code to
move it to it's own file and rename from TemporaryRegisterScope to
BytecodeRegisterAllocator.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1587033002
Cr-Commit-Position: refs/heads/master@{#33296}
CompatibleReceiverCheck used by the HandleFastApiCall builtin was terminating with failure upon encountering a hidden prototype.
It should actually stop iterating on the first non-hidden prototype.
BUG=
Review URL: https://codereview.chromium.org/1576423003
Cr-Commit-Position: refs/heads/master@{#33294}
This restores the case that was removed by
commit f0e41175fd
Author: jarin <jarin@chromium.org>
Date: Tue Jan 5 03:56:04 2016 -0800
[turbofan] Bidirectional representation inference.
BUG=v8:4667
LOG=n
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1584913003
Cr-Commit-Position: refs/heads/master@{#33292}
This solves a bug discovered with fast accessors, where a pre-age prologue
was written into a stub. Since StaticMarkingVisitor<.>::IsFlushable will
only flush Code::FUNCTION [1], we'll restrict GeneratePreagedPrologue to
functions, too, instead of adding a Code::STUB restriction.
Also, generalize api accessor test cases to --optimize-for-size.
Also, fix CompilationCacheCachingBehavior for --optimize-for-size.
[1] https://code.google.com/p/chromium/codesearch#chromium/src/v8/src/heap/objects-visiting-inl.h&l=629-632
R=epertoso
BUG=
Review URL: https://codereview.chromium.org/1580323003
Cr-Commit-Position: refs/heads/master@{#33291}
- Use valgrind from v8/third_party/valgrind fetched as custom
deps. This will make the check more portable on buildbot
slaves without the need to install valgrind.
- Build path to checked executable to be ready for swarming.
BUG=chromium:535160
LOG=n
NOTRY=true
Review URL: https://codereview.chromium.org/1585093002
Cr-Commit-Position: refs/heads/master@{#33287}
Apparently, some StateValues have other StateValues as input. This
CL makes escape analysis transformation phase aware of it.
R=mstarzinger@chromium.org
BUG=v8:4586
LOG=n
Review URL: https://codereview.chromium.org/1581183004
Cr-Commit-Position: refs/heads/master@{#33285}
