This CL primarily makes the loop peeling algorithm more robust; it no longer damages the graph if the loops are improperly closed.
R=bmeurer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1052753004
Cr-Commit-Position: refs/heads/master@{#27620}
We can use xorps/xorpd on Intel CPUs to flip the sign bit. Ideally we'd
use an absolute 128-bit constant in the code object, as OCaml/GCC
does, however that requires 128-bit alignment for code objects,
which is not yet implemented. So for now we materialize the mask
inline.
As drive-by-fix, don't hardcode xmm0 as scratch double register.
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/1064833002
Cr-Commit-Position: refs/heads/master@{#27618}
The motivation is that we prefer to avoid creating internal properties, and we have a usable field on maps ("transitions", which is not used for prototype maps).
This CL also ensures the invariant that prototype maps are never shared, even if they are in dictionary mode.
Review URL: https://codereview.chromium.org/1033653002
Cr-Commit-Position: refs/heads/master@{#27617}
Reason for revert:
this indeed drops the max major gc time considerable, so turn it back on
Original issue's description:
> Turn off overapproximation of the weak closure again
>
> As long as we still have to process global handles, the impact is not
> yet worthwhile
>
> BUG=v8:3862
> R=hpayer@chromium.org
> LOG=y
>
> Committed: https://crrev.com/294cdc6aecbd7f76be68217da4b3d35901ebce4b
> Cr-Commit-Position: refs/heads/master@{#27570}
TBR=hpayer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3862
Review URL: https://codereview.chromium.org/1068723003
Cr-Commit-Position: refs/heads/master@{#27616}
Optimistically pushing a lot of arguments can run into the stack limit of the process, at least on operating systems where this limit is close to the limit that V8 sets for itself.
BUG=chromium:469768
LOG=y
Review URL: https://codereview.chromium.org/1056913003
Cr-Commit-Position: refs/heads/master@{#27614}
We can use xorps/xorpd on Intel CPUs to flip the sign bit. Ideally we'd
use a RIP-relative 128-bit constant in the code object, as OCaml/GCC
does, however that requires 128-bit alignment for code objects, which is
not yet implemented. So for now we materialize the mask inline.
R=dcarney@chromium.org
Review URL: https://codereview.chromium.org/1046893002
Cr-Commit-Position: refs/heads/master@{#27611}
Currently we only generate addresses in the range 2GiB to 4GiB, because
of a bug, when running in 64-bit mode. With this fix we now use the full
range 2GiB to 4096GiB.
BUG=v8:3997
LOG=n
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/1051303003
Cr-Commit-Position: refs/heads/master@{#27610}
Now every FOR_EACH_INTRINSIC_FOO sub-macro corresponds to a
src/runtime/runtime-FOO.cc file, even the order of runtime functions
within that file has been preserved in the corresponding macro, thanks
to some eye-hurting for/clang/sed/grep madness. ;-)
BUG=v8:3947
LOG=n
Review URL: https://codereview.chromium.org/1056863002
Cr-Commit-Position: refs/heads/master@{#27609}
cctest/test-log/EquivalenceOfLoggingAndTraversal fails on
AIX because it does not correctly handle the full 64 bit
address space supported by AIX. SKIP until the issue
is resolved.
modified: test/cctest/cctest.status
R=danno@chromium.org, svenpanne@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1055183002
Cr-Commit-Position: refs/heads/master@{#27608}
Previously, the only optimized code path for Maps and Sets was for String keys.
This was achieved through an implementation of various complex operations
in Hydrogen. This approach was neither scalable nor forward-compatible.
This patch adds the necessary intrinsics to implement Maps and Sets almost entirely
in JS. The added intrinsics are:
%_FixedArrayGet
%_FixedArraySet
%_TheHole
%_JSCollectionGetTable
%_StringGetRawHashField
With these additions, as well as a few changes to what's exposed as runtime functions,
most of the C++ code backing Maps and Sets is gone (including both runtime code in
objects.cc and Crankshaft in hydrogen.cc).
Review URL: https://codereview.chromium.org/947683002
Cr-Commit-Position: refs/heads/master@{#27605}
From ES6 25.2.3 ("Properties of the GeneratorFunction Prototype
Object"):
> The GeneratorFunction prototype object is an ordinary object. It is
> not a function object and does not have an [[ECMAScriptCode]] internal
> slot or any other of the internal slots listed in Table 27 or Table
> 56.
Introduce one assertion for the value's type and additional tests for its
properties. Remove an invalid assertion that fails as a result of this
fix.
BUG=v8:3991
LOG=N
Review URL: https://codereview.chromium.org/1062633002
Cr-Commit-Position: refs/heads/master@{#27603}
These slots are invalid and can result in a broken offset when slot index and start of object are equal and are at the beginning of a cell.
Moreover, make DCHECKs CHECKs to catch bugs in the wild.
BUG=chromium:473174
LOG=n
Review URL: https://codereview.chromium.org/1051243004
Cr-Commit-Position: refs/heads/master@{#27602}
- Fixed single float register type instruction en[de]coding in assembler and disassembler.
- Added max and min instructions for r6 and corresponding tests.
- Fixed selection instruction for boundary cases in simulator.
- Update assembler tests to be more thorough wrt boundary cases.
TEST=cctest/test-assembler-mips64/MIPS17, MIPS18
cctest/test-disasm-mips64/Type1
cctest/test-assembler-mips/MIPS16, MIPS17
cctest/test-disasm-mips/Type1
BUG=
Review URL: https://codereview.chromium.org/1057323002
Cr-Commit-Position: refs/heads/master@{#27601}
The number of generated instructions per table entry is reduced from six to
two, or four in worst-case scenario.
TEST=
BUG=
Review URL: https://codereview.chromium.org/1059213002
Cr-Commit-Position: refs/heads/master@{#27599}
port 16ee55097a (r27536)
original commit message:
Generate common StoreFastElementStubs ahead of time
BUG=
Review URL: https://codereview.chromium.org/1052413002
Cr-Commit-Position: refs/heads/master@{#27597}
port 7c347c545e (r27511)
original commit message:
A bug allows JSObject literals with elements to have the elements in the
boilerplate modified.
BUG=
Review URL: https://codereview.chromium.org/1057883004
Cr-Commit-Position: refs/heads/master@{#27595}
Remove unused macro-asm instruction and associated address patching.
On mips64, remove unused JumpLabelToJumpRegister(). On mips, rename
it appropriately (it's still used there for JR->J optimizations).
BUG=
Review URL: https://codereview.chromium.org/1059433003
Cr-Commit-Position: refs/heads/master@{#27593}
As with TF fix 94506cc3, correctly support absurdly large stack
adjustments.
TEST=mozilla/js/tests/js1_5/Regress/regress-396684.js
BUG=
Review URL: https://codereview.chromium.org/1057763002
Cr-Commit-Position: refs/heads/master@{#27592}
This keeps the length of the context chain tracked by the environment
in sync even for local control flow commands. It removes the need to
guess the correct chain length at Environment::Merge points.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1045703003
Cr-Commit-Position: refs/heads/master@{#27588}
The original code will not update the IC info if one of parameter is SMI. It Can not handle Number + Smi.
BUG=
Review URL: https://codereview.chromium.org/1056663005
Cr-Commit-Position: refs/heads/master@{#27583}
Currently, this doesn't really help to generate better code,
nevertheless this is the right thing to do. When our type system(s)
are fixed, this should avoid falling back to floating point operations
in various cases.
Review URL: https://codereview.chromium.org/1057813002
Cr-Commit-Position: refs/heads/master@{#27578}
Could not encode the large slot number in opcode MiscField.
TEST=mozilla/js/tests/js1_5/Regress/regress-396684.js
BUG=
Review URL: https://codereview.chromium.org/1043393002
Cr-Commit-Position: refs/heads/master@{#27574}