port 6df9a22c3f
Original Commit Message:
The HandlerCompiler did not properly handle the weird edge case when a
sloppy mode function was installed as an accessor on one of the value
wrapper prototypes and then accessed via a load from a primitive value.
In this case we just passed the primitive value untouched instead of
properly wrapping it first. The CallFunction builtin properly deals with
all the funny edge cases, so we use it instead of duplicating almost all
of the logic here (the performance difference is neglible).
R=verwaest@chromium.org, bmeurer@chromium.org, joransiu@ca.ibm.com, mbrandy@us.ibm.com, michael_dawson@ca.ibm.com
BUG=chromium:599073, v8:4413
LOG=n
Review URL: https://codereview.chromium.org/1849233003
Cr-Commit-Position: refs/heads/master@{#35217}
Especially when loading and untagging SMIs within code stubs,
instances of the following pattern appear in the generated code:
ld <dst>, <offset>(<base>)
sradi <dst>,<dst>,32
This CL changes that code to:
lwa <dst>, <SmiWordOffset(offset)>(<base>)
R=joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1855533002
Cr-Commit-Position: refs/heads/master@{#35216}
Port 6df9a22c3f
Original commit message:
The HandlerCompiler did not properly handle the weird edge case when a
sloppy mode function was installed as an accessor on one of the value
wrapper prototypes and then accessed via a load from a primitive value.
In this case we just passed the primitive value untouched instead of
properly wrapping it first. The CallFunction builtin properly deals with
all the funny edge cases, so we use it instead of duplicating almost all
of the logic here (the performance difference is neglible).
R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=chromium:599073, v8:4413
LOG=n
Review URL: https://codereview.chromium.org/1846953006
Cr-Commit-Position: refs/heads/master@{#35214}
This CL implements the SLBR, subtract logical 32-bit int with borrow, instruction in the s390 simulator.
R=michael_dawson@ca.ibm.com,jyan@ca.ibm.com,mbrandy@us.ibm.com,joransiu@ca.ibm.com,
BUG=
Review URL: https://codereview.chromium.org/1850163004
Cr-Commit-Position: refs/heads/master@{#35211}
Reason for revert:
Original commit reverted.
Original issue's description:
> PPC: [compiler] Add relocatable pointer constants for wasm memory references.
>
> Port eb5fe0df64
>
> Original commit message:
> Add relocatable pointers for wasm memory references that need to
> be updated when wasm GrowMemory is used. Code generator changes to
> accept relocatable constants as immediates.
>
> R=gdeepti@google.com, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
> BUG=
>
> Committed: https://crrev.com/ba053c4620c3b91ddc540f733f8b4dd9a792bb13
> Cr-Commit-Position: refs/heads/master@{#35203}
TBR=gdeepti@google.com,joransiu@ca.ibm.com,jyan@ca.ibm.com,michael_dawson@ca.ibm.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1851823002
Cr-Commit-Position: refs/heads/master@{#35210}
IsKey is much slower compare to direct comparisons with undefined_value
and the_hole_value.
BUG=
Review URL: https://codereview.chromium.org/1847183004
Cr-Commit-Position: refs/heads/master@{#35209}
This allows us to remove the troublesome %_MathClz32 intrinsic and also
allows us to utilize the functionality that is already available in
TurboFan. Also introduce a proper NumberClz32 operator so we don't need
to introduce a machine operator at the JS level.
R=epertoso@chromium.org
Review URL: https://codereview.chromium.org/1852553003
Cr-Commit-Position: refs/heads/master@{#35208}
port ac7f0e2b61
Original Commit Message:
*) For all tests the input validation was incorrect, i.e. some values
were considered invalid although they were valid. The problem was that
values which are outside int range can get in range through truncation.
*) Removed an assertion in the x64 code generation of
TruncateFloat64ToUint32 which trapped on negative inputs.
*) Introduced a new TF operator TruncateFloat32ToUint32 which does
the same as ChangeFloat32ToUint32 but does not trap on negative inputs.
R=titzer@chromium.org, ahaas@chromium.org, joransiu@ca.ibm.com, mbrandy@us.ibm.com, michael_dawson@ca.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1844053005
Cr-Commit-Position: refs/heads/master@{#35207}
A use of risbg instruction is not guarded by the corresponding
GENERAL_INSTR_EXT facility check. This will result in an illegal
instruction when running on hardware without that facility installed
(i.e. z9).
R=jyan@ca.ibm.com,michael_dawson@ca.ibm.com,mbrandy@us.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1848533006
Cr-Commit-Position: refs/heads/master@{#35206}
Handles bytecodeArray Objects when verifying the heap and also when
collecting code statistics. The changes include:
1. BytecodeArrays could be a part of the large object space. When
verifying the large object space we should also allow BytecodeArray
objects.
2. Adds support for BytecodeArrays when collecting code statistics.
BUG=v8:4280,chromium:599001
LOG=N
Review URL: https://codereview.chromium.org/1850443006
Cr-Commit-Position: refs/heads/master@{#35202}
Improves code coverage of bytecode array builder and constant
array builder.
Fixes initial index for constant pool slice for kQuad operands.
BUG=v8:4280,chromium:599000
LOG=N
TBR=rmcilroy@chromium.org
Review URL: https://codereview.chromium.org/1845313002
Cr-Commit-Position: refs/heads/master@{#35201}
This should help speeding up Promise and RegExp instantiations substantially.
BUG=
Review URL: https://codereview.chromium.org/1850643002
Cr-Commit-Position: refs/heads/master@{#35200}
Currently, if the size of two cmp or test operands is a byte or a word, we sign-extend or zero-extend each of them into a 32-bit register before doing the comparison, even when the conditions for the use of a memory operand are met.
This CL makes it possible to load only one of them into a register and address the other as a memory operand.
The tricky bit is that, unlike as in the x64 counterpart http://crrev.com/1780193003, not all registers can be accessed as bytes.
BUG=
Review URL: https://codereview.chromium.org/1845603002
Cr-Commit-Position: refs/heads/master@{#35199}
Reason for revert:
breaks some chromium browser_tests: https://codereview.chromium.org/1848233002/
Original issue's description:
> Ship --harmony-regexp-exec
>
> There are still spec compliance fixes to be made, but this patch
> turns the flag to shipping to make sure we get more canary coverage
> and performance data from the bots.
>
> BUG=v8:4602
> LOG=y
>
> Committed: https://crrev.com/84492bb66b340f4e0df36758e98fddbb10b5d1dc
> Cr-Commit-Position: refs/heads/master@{#35181}
TBR=littledan@chromium.org,adamk@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4602
Review URL: https://codereview.chromium.org/1852673003
Cr-Commit-Position: refs/heads/master@{#35198}
These operators will be easier to optimize, and we can remove some
unnecessary clutter from the intrinsic lowering.
Drive-by-cleanup: Some alpha sorting of the type conversion operator
business.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1848243002
Cr-Commit-Position: refs/heads/master@{#35197}
We expect that the majority of malloc'd memory held by V8 is allocated
in Zone objects. Introduce an Allocator class that is used by Zones to
manage memory, and allows for querying the current usage.
BUG=none
R=titzer@chromium.org,bmeurer@chromium.org,jarin@chromium.org
LOG=n
TBR=rossberg@chromium.org
Review URL: https://codereview.chromium.org/1847543002
Cr-Commit-Position: refs/heads/master@{#35196}
Especially when loading and untagging SMIs within code stubs, instances of the following pattern appear in the generated code:
movq %rax,[%rbx+%rcx*4+0xf]
sarq %rax, 32
This CL changes that code to:
movsxlq %rax, [%ebx+%ecx*4+0x13]
BUG=
Review URL: https://codereview.chromium.org/1845043004
Cr-Commit-Position: refs/heads/master@{#35194}
This adds a new TurboFan-based ToIntegerStub, similar to the
ToLengthStub, and uses it whereever we had custom code for %_ToInteger
previously.
R=yangguo@chromium.org
BUG=v8:4587
LOG=n
Review URL: https://codereview.chromium.org/1846683006
Cr-Commit-Position: refs/heads/master@{#35190}
This CL ensures that we build environments/frame states so that tail caller frame will never become topmost.
BUG=chromium:598998, v8:4698
LOG=N
Review URL: https://codereview.chromium.org/1849503002
Cr-Commit-Position: refs/heads/master@{#35188}
The HandlerCompiler did not properly handle the weird edge case when a
sloppy mode function was installed as an accessor on one of the value
wrapper prototypes and then accessed via a load from a primitive value.
In this case we just passed the primitive value untouched instead of
properly wrapping it first. The CallFunction builtin properly deals with
all the funny edge cases, so we use it instead of duplicating almost all
of the logic here (the performance difference is neglible).
R=verwaest@chromium.org
BUG=chromium:599073, v8:4413
LOG=n
Review URL: https://codereview.chromium.org/1845243005
Cr-Commit-Position: refs/heads/master@{#35187}
This CL implements the ALCR, add logical 32-bit integer with carry, instruction in the s390 simulator.
Some 64-bit operations in the 4-byte arithmetic section of the s390 simulator have been refactored into a separate function to stay below 500 lines.
R=michael_dawson@ca.ibm.com,jyan@ca.ibm.com,mbrandy@us.ibm.com,joransiu@ca.ibm.com,
BUG=
Review URL: https://codereview.chromium.org/1846673003
Cr-Commit-Position: refs/heads/master@{#35184}
Add this define to the config used for mksnapshot. This fixes a bug
where certain applications would fail at runtime on Chromecast.
BUG=592660
LOG=Y
Bug: internal b/27495984
Test: Formerly broken Cast apps load and run as expected.
Review URL: https://codereview.chromium.org/1839763003
Cr-Commit-Position: refs/heads/master@{#35183}
There are still spec compliance fixes to be made, but this patch
turns the flag to shipping to make sure we get more canary coverage
and performance data from the bots.
BUG=v8:4602
LOG=y
Review URL: https://codereview.chromium.org/1847103002
Cr-Commit-Position: refs/heads/master@{#35181}
Reason for revert:
TC39 decided that this compatibility fix should be standardized.
Original issue's description:
> Remove RegExp.prototype.source getter compat workaround
>
> The getter RegExp.prototype.source is specified in ES2015 to throw when
> called on a non-RegExp instance, such as RegExp.prototype. We had previously
> put in a compatibility workaround for all RegExp getters to make them
> throw on access specifically with RegExp.prototype as the receiver; however,
> we only have evidence that this is needed for properties other than source.
> This patch removes the compatibility workaround for get RegExp.prototype.source
> and gives it semantics precisely as per the ES2015 specification.
>
> R=adamk
> BUG=chromium:581577,v8:4827
> LOG=Y
>
> Committed: https://crrev.com/80803aa89e31839b8f73959776fa7e1923c6b461
> Cr-Commit-Position: refs/heads/master@{#35086}
R=adamk@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=chromium:581577,v8:4827
LOG=Y
Review URL: https://codereview.chromium.org/1847783003
Cr-Commit-Position: refs/heads/master@{#35180}
*) For all tests the input validation was incorrect, i.e. some values
were considered invalid although they were valid. The problem was that
values which are outside int range can get in range through truncation.
*) Removed an assertion in the x64 code generation of
TruncateFloat64ToUint32 which trapped on negative inputs.
*) Introduced a new TF operator TruncateFloat32ToUint32 which does
the same as ChangeFloat32ToUint32 but does not trap on negative inputs.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1843983002
Cr-Commit-Position: refs/heads/master@{#35176}
53d51c52f3 (frame elision).
Turns out it was the cause of the regression in the referenced bug.
BUG=599421
LOG=N
Review URL: https://codereview.chromium.org/1847073002
Cr-Commit-Position: refs/heads/master@{#35175}
This reduces the reserved virtual memory size needed for the store buffer.
BUG=chromium:578883
LOG=NO
Review URL: https://codereview.chromium.org/1851473002
Cr-Commit-Position: refs/heads/master@{#35174}
ARM specific CONFIG_KUSER_HELPERS kernel feature for Linux can be disabled,
and in this case, we shouldn't crash. Use a __sync_synchronize() call
instead for Linux platforms.
BUG=chromium:599051
LOG=Y
Review URL: https://codereview.chromium.org/1840203004
Cr-Commit-Position: refs/heads/master@{#35170}
