We have to preserve control flow so that the liveness analysis is less
confused. This CL fixes loops to preserve teh original control flow.
BUG=chromium:599710
LOG=n
Review URL: https://codereview.chromium.org/1863123002
Cr-Commit-Position: refs/heads/master@{#35318}
Port 974721c661
Original commit message:
Introduce a ResumeGeneratorTrampoline, which does the actual stack state
reconstruction (currently always restores a fullcodegen frame), and
introduce appropriate TurboFan builtins for %GeneratorPrototype%.next,
%GeneratorPrototype%.return and %GeneratorPrototype%.throw based on
this native builtin.
Also unify the flooding in case of step-in to always work based on
JSFunction and remove the special casing for JSGeneratorObject.
R=bmeurer@chromium.org, joransiu@ca.ibm.com, mbrandy@us.ibm.com, michael_dawson@ca.ibm.com, bjaideep@ca.ibm.com
BUG=chromium:513471
LOG=n
Review URL: https://codereview.chromium.org/1870483002
Cr-Commit-Position: refs/heads/master@{#35316}
This reduced fragmentation in spaces where black pages are not a requirement. The only spaces where we need black pages is old space, because of allocation folding and fast inline allocation in generated code.
BUG=chromium:599174
LOG=n
Review URL: https://codereview.chromium.org/1862063002
Cr-Commit-Position: refs/heads/master@{#35315}
Port 974721c661
Original commit message:
Introduce a ResumeGeneratorTrampoline, which does the actual stack state
reconstruction (currently always restores a fullcodegen frame), and
introduce appropriate TurboFan builtins for %GeneratorPrototype%.next,
%GeneratorPrototype%.return and %GeneratorPrototype%.throw based on
this native builtin.
Also unify the flooding in case of step-in to always work based on
JSFunction and remove the special casing for JSGeneratorObject.
R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, bjaideep@ca.ibm.com
BUG=chromium:513471
LOG=n
Review URL: https://codereview.chromium.org/1868683002
Cr-Commit-Position: refs/heads/master@{#35314}
This field duplicates information from the SharedFunctionInfo. Now that
backends are guaranteed to have a SharedFunctionInfo around, we drop it.
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/1860123003
Cr-Commit-Position: refs/heads/master@{#35312}
Debug asserts in code-generator-s390.cc are in place to ensure that overflow is only set when dealing with a sub or add opcode. However, the check only looked for kS390_Add/SubWithOverflow32, not kS390_Add/Sub which also sets overflow. This CL adds the second case to this assert check.
R=michael_dawson@ca.ibm.com,jyan@ca.ibm.com,mtbrandyberry@ca.ibm.com,joransiu@ca.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1863983003
Cr-Commit-Position: refs/heads/master@{#35310}
All the counters, trace events and runtime call stats roughly create a 30%
overhead when calling into the runtime. This CL factors out the counters into
separate non-inlined functions. This way we can reduce the overhead to a
minimum and still have some useful stats without a compile-time flag.
BUG=chromium:596055
LOG=n
Review URL: https://codereview.chromium.org/1868513002
Cr-Commit-Position: refs/heads/master@{#35308}
If no objects allocated at a location are live when a profile is
collected we report a zero count sample. This is confusing to those
looking at the profiles and will leak memory.
We now delete allocations once the number of sampled live objects for
that location reaches zero.
R=ofrobots@google.com
BUG=
Review URL: https://codereview.chromium.org/1828333002
Cr-Commit-Position: refs/heads/master@{#35305}
- MemoryAllocator is now part of Heap
- CodeRange is now part of MemoryAllocator
BUG=chromium:581076
LOG=N
Review URL: https://codereview.chromium.org/1862653002
Cr-Commit-Position: refs/heads/master@{#35294}
This particularly changes the StackTraceFrameIterator such that is not
only returs JavaScriptFrames, but also WasmFrames. Because of that,
some methods (Summarize, function, receiver) were pulled up to the
StandardFrame, with specializations in JavaScriptFrame and WasmFrame.
R=jfb@chromium.org, titzer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1861283002
Cr-Commit-Position: refs/heads/master@{#35293}
The previous code cache system required stubs to be marked with a StubType, causing them to be inserted either into a fixed array or into a dictionary-mode code cache. This could cause names to be in both cases, and lookup would just find the "fast" one first. Given that we clear out the caches on each GC, the memory overhead shouldn't be too bad. Additionally, the dictionary itself should just stay linear for small arrays; that's faster anyway.
This CL additionally deletes some dead IC code.
BUG=
Review URL: https://codereview.chromium.org/1846963002
Cr-Commit-Position: refs/heads/master@{#35291}
1) I moved the implementations of the wrapper functions into a new cc
file so that I can use these wrapper functions in tests.
2) I made a generic test for all tests in
test-run-calls-to-external-references.cc. In the new test we only
compare the result of a function call through an external reference with
the result of a direct function call. This is sufficient because we only
want to test function calls through external references work here.
The implementation of these functions are tested somewhere else.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1853123002
Cr-Commit-Position: refs/heads/master@{#35289}
Adds a MultiplyStub for the multiplication operator and hooks it with TurboFan and Ignition.
Currently, the SMI times SMI case is handled by converting both the operands to double precision floating points, we may consider adding a fast path later.
Review URL: https://codereview.chromium.org/1860043002
Cr-Commit-Position: refs/heads/master@{#35287}
SingletonFor(type, state) returns NULL and does nothing whenever SingletonFor(type) also return NULL. So checking this beforehand is redundant.
This is my first CL, so I also use it to get familiar with the system.
R=titzer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1862753003
Cr-Commit-Position: refs/heads/master@{#35285}
Introduce a ResumeGeneratorTrampoline, which does the actual stack state
reconstruction (currently always restores a fullcodegen frame), and
introduce appropriate TurboFan builtins for %GeneratorPrototype%.next,
%GeneratorPrototype%.return and %GeneratorPrototype%.throw based on
this native builtin.
Also unify the flooding in case of step-in to always work based on
JSFunction and remove the special casing for JSGeneratorObject.
R=mstarzinger@chromium.org, neis@chromium.orgTBR=rossberg@chromium.org
BUG=chromium:513471
LOG=n
Review URL: https://codereview.chromium.org/1865833002
Cr-Commit-Position: refs/heads/master@{#35283}
Anotates bytecodes with a description of how each uses the accumulator.
Validates annotations and uses of accumulator when generating bytecode
handlers.
Only prints the accumulator during tracing where used.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1852213002
Cr-Commit-Position: refs/heads/master@{#35281}
The parser eagerly rewrites destructuring assignments occuring
in formal parameter initializers, because not doing so would
cause the BindingPattern rewriting to be confused and do the
wrong thing.
This change prevents this rewriting from descending into the
bodies of lazily parsed functions.
In general, it's a mistake to descend into the bodies of function
literals anyways, since they are rewritten separately on their
own time, so there is no distinction made between lazily
"throw away" eagerly parsed functions in the temporary parser
arena, or "real" eagerly parsed functions that will be compiled.
BUG=chromium:594084, v8:811
LOG=N
R=adamk@chromium.org, littledan@chromium.org
Review URL: https://codereview.chromium.org/1864553002
Cr-Commit-Position: refs/heads/master@{#35277}
Previously, CreateDataProperty would fail a DCHECK when used to create
an integer indexed property on a TypedArray. This patch makes it throw
a TypeError instead. The issue came up when Array.prototype.concat
was repaired to use CreateDataProperty rather than SetElement; concat
can be tricked into making a new TypedArray if it is given an Array
whose prototype is a TypedArray. This patch prevents the issue.
R=adamk
LOG=Y
BUG=chromium:596394
Review URL: https://codereview.chromium.org/1821723004
Cr-Commit-Position: refs/heads/master@{#35271}