https://codereview.chromium.org/2694003002/ introduced
"SyntaxError: Lexical declaration cannot appear in a single-statement context"
for the case when let + desctructuring from a list happen.
As was pointed out in https://codereview.chromium.org/2694003002/#msg18, the
case without destructuring would also benefit from a better message: if a
single statement is expected and "let identifier = ..." is seen, the error is
indeed again that the lexical declaration is not a statement. However, the current
error is "Unexpected identifier", because the parser tries to accept "let" as
an identifier in an expression statement, and then gives up seeing the other
identifier after "let".
This CL ensures that the parser recognises the error properly and reports
accordingly. It also renames the existing test, which contains destructuring,
and adds the one with a non-destructuring lexical declaration.
BUG=v8:5686
Review-Url: https://codereview.chromium.org/2697193007
Cr-Commit-Position: refs/heads/master@{#43275}
https://crrev.com/2500363002 updated FunctionTemplate::HasInstance to
follow the hidden prototype chain of a global proxy to the global
object. However, remote contexts don't have a global object to check;
instead, teach the instance check knows about the conventions of
global proxy setup and have it also check the constructor's prototype.
Similarly, also teach Object::FindInstanceInPrototypeChain about the
unusual conventions for remote contexts.
BUG=527190
Review-Url: https://codereview.chromium.org/2698683003
Cr-Commit-Position: refs/heads/master@{#43263}
For functions declared in source code, the .toString() representation
will be an excerpt of the source code.
* For functions declared with the "function" keyword, the excerpt
starts at the "function" or "async" keyword and ends at the final "}".
The previous behavior would start the excerpt at the "(" of the
parameter list, and prepend a canonical `"function " + name` or
similar, which would discard comments and formatting surrounding the
function's name. Anonymous functions declared as function expressions
no longer get the name "anonymous" in their toString representation.
* For methods, the excerpt starts at the "get", "set", "*" (for
generator methods), or property name, whichever comes first.
Previously, the toString representation for methods would use a
canonical prefix before the "(" of the parameter list. Note that any
"static" keyword is omitted.
* For arrow functions and class declarations, the excerpt is unchanged.
For functions created with the Function, GeneratorFunction, or
AsyncFunction constructors:
* The string separating the parameter text and body text is now
"\n) {\n", where previously it was "\n/*``*/) {\n" or ") {\n".
* At one point, newline normalization was required by the spec here,
but that was removed from the spec, and so this CL does not do it.
Included in this CL is a fix for CreateDynamicFunction parsing. ')'
and '`' characters in the parameter string are no longer disallowed,
and Function("a=function(", "}){") is no longer allowed.
BUG=v8:4958, v8:4230
Review-Url: https://codereview.chromium.org/2156303002
Cr-Commit-Position: refs/heads/master@{#43262}
Before this patch, the registers needed for bytecode dispatch in interpreter
handlers were inconsistently stored in the interpreter frame and/or kept in
values that remained live across calls.
After this patch, these registers are explicitly reloaded after calls, making it
possible to elide the spills of those registers before the call in many cases.
Some highlights from the CL:
* Added methods to the CSA and InterpreterAssembler to efficiently store and
load Smis values and Smi interpreter registers on x64 without explicit
tagging/untagging.
* Created Variables for all of the interpreter-internal values that need to be
reloaded before bytecode dispatch at the end of an interpreter handler.
* The bytecode offset can be written out early in a handler by marking it
has having a call along it's critical path. By moving this early in a
handler, it becomes possible to use memory operands for pushes used to
marshall parameters when making calls.
Change-Id: Icf8d7798789f88a4489e06a7092616bbbb881577
Reviewed-on: https://chromium-review.googlesource.com/442566
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43260}
ES2017 forbids the sequence of tokens "let [" in in expression statements [1].
This CL makes ParserBase report those instances as SyntaxError. It also adds a
customised error message for that, because the standard "Unexpected token" is
not applicable: "let" itself is not forbidden in those context, only the
sequence of "let [".
[1] https://tc39.github.io/ecma262/#sec-expression-statement
BUG=v8:5686
Review-Url: https://codereview.chromium.org/2694003002
Cr-Commit-Position: refs/heads/master@{#43258}
We were looking at the unreachable flag or stack_depth of the target frame
instead of the current one in a couple of places (most notably BreakTo).
This change fixes these bugs and makes us pass the latest spec tests for
br_table validation. Also need to ensure that br_table targets have consistent
types, which is not implied if the stack is polymorphic.
R=titzer@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2696813002
Cr-Commit-Position: refs/heads/master@{#43250}
The serializer won't ever write a more complex object. Not validating this
allows other things to be used as keys, and converted to string when the
property set actually occurs. It turns out this gives an opportunity to trigger
OOM by giving an object a key which is a very large sparse array (whose string
representation is very large).
This case is now rejected by the deserializer.
BUG=chromium:686511
Review-Url: https://codereview.chromium.org/2697023002
Cr-Commit-Position: refs/heads/master@{#43249}
One optimization in the machine-operator-reducer did not consider that
that word32 shift left instructions only consider the last 5 bits of
the shift input.
The issue only occurs for WebAssembly because in JavaScript we always
add a "& 0xf" on the shift value to the TurboFan graph.
For additional background: The JavaScript and WebAssembly spec both
say that only the last 5 bits of the shift value are used in the
word32-shift-left operation. This means that an "x << 0x29", in the
code is actually executed as "x << 0x09". Therefore the changes in
this CL are okay because they mask the last 5 bit of the shift value.
BUG=chromium:689450
Change-Id: Id92f298ed6d7f1714b109b3f4fbcecd5ac6d30f7
Reviewed-on: https://chromium-review.googlesource.com/439312
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43245}
Map OOM breaks generated by inspector to DebugEvent.OOM.
This avoids generating unintentional DebugEvent.Break events.
Also be more future-proof in event categorization.
On a related note, this CL also fixes a DCHECK in
Runtime::GetFrameDetails.
The receiver needs to be grabbed from the inlined frame, not
the outer optimized frame. Optimized frames only provide the
receiver on a best-effort basis.
BUG=v8:5950
Review-Url: https://codereview.chromium.org/2696173002
Cr-Commit-Position: refs/heads/master@{#43244}
Reason for revert:
Please remove the file in status file too. Breaks presubmit:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20presubmit/builds/14754
Or lets call it post-submit :(
Original issue's description:
> This is a workaround for the fact that %SetCode can "lose" the script for a js native. If the js native is re-initialized (for a Realm or something), then the source SharedFunctionInfo won't have a script anymore. Nonetheless, we may want to optimize the function. If we've compiled bytecode, then we can compile optimized code without a script.
>
> Here, we carve out a special exception for this case, so that we can turn on the --mark-shared-functions-for-tier-up.
>
> BUG=v8:5946
> R=leszeks@chromium.org
>
> Review-Url: https://codereview.chromium.org/2684033007
> Cr-Commit-Position: refs/heads/master@{#43240}
> Committed: 4123a3dd79TBR=leszeks@chromium.org,mstarzinger@chromium.org,marja@chromium.org,mvstanton@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5946
Review-Url: https://codereview.chromium.org/2703553002
Cr-Commit-Position: refs/heads/master@{#43242}
Produce the same scopes / variables for parameters (part 3).
This CL fixes the ordering + variable types in PreParser when there are
simple parameters + a rest parameter. In that case, Parser declares
unnamed temporaries for the non-rest params, then the rest param, then
the named variables (which are not parameters) for the non-rest params.
BUG=v8:5516
R=vogelheim@chromium.org
Change-Id: I9b006595039c8002b0508d1d2a200aa9a0f3eae0
Reviewed-on: https://chromium-review.googlesource.com/443527
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43241}
ES2016 changed the default timezone of dates to be conditional on
whether a time is included. The semantics were a compromise approach
based on web compatibility feedback from V8, but until now, we have been
shipping ES5.1 default timezone semantics. This patch implements the
new semantics, following ChakraCore and SpiderMonkey (though JSC
implements V8's previous semantics).
BUG=chromium:589858
Review-Url: https://codereview.chromium.org/2648603002
Cr-Commit-Position: refs/heads/master@{#43239}
This handles arithmetic addition operations during the early type-hint
lowering (i.e. during graph construction). The string addition case is
still handled by {JSTypedLowering} as it needs static type information.
R=bmeurer@chromium.org
Change-Id: I9df47dfc5bf7613c51f6d803ab43d5d3f6c21be8
Reviewed-on: https://chromium-review.googlesource.com/443185
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43235}
@@replace has a pretty complex implementation, taking different paths
for various situations (e.g.: global/nonglobal regexp, functional/string
replace argument, etc.). Each of these paths must implement similar
logic for calling into the RegExpBuiltinExec spec operation, and many
paths get this subtly wrong.
This CL fixes a couple of issues related to the way @@replace handles lastIndex:
* All paths now respect lastIndex when calling into exec (some used to assume 0).
* lastIndex is now advanced after a successful match for sticky regexps.
* lastIndex is now only reset to 0 on failure for sticky regexps.
BUG=v8:5361
Review-Url: https://codereview.chromium.org/2685183003
Cr-Commit-Position: refs/heads/master@{#43234}
When --harmony-async-iteration is enabled, it is now possible to
use the for-await-of loop, which uses the Async Iteration protocol
rather than the ordinary ES6 Iteration protocol.
the Async-from-Sync Iterator object is not implemented in this CL,
and so for-await-of loops will abort execution if the iterated object
does not have a Symbol.asyncIterator() method. Async-from-Sync
Iterators are implemented seperately in https://codereview.chromium.org/2645313003/
BUG=v8:5855, v8:4483
R=neis@chromium.org, littledan@chromium.org, adamk@chromium.org
Review-Url: https://codereview.chromium.org/2637403008
Cr-Commit-Position: refs/heads/master@{#43224}
The mips64 implementation always ended up in the slowpath due to some
loads that were the wrong width, so that is also fixed here.
BUG=v8:5974
Change-Id: Ie448a1fab5b7fca87597c5a1bf75443864e30c28
Reviewed-on: https://chromium-review.googlesource.com/443247
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43222}
This handles all arithmetic binary operations except addition during the
early type-hint lowering (i.e. during graph construction). We still use
static type information to potentially further reduce the speculative
operations down to pure operations during the typed lowering phase.
R=bmeurer@chromium.org
Change-Id: I8b93fd7c46ec8e5b81234a49624d503520c3d082
Reviewed-on: https://chromium-review.googlesource.com/443105
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43218}
- Removes shared InnerArrayCopyWithin JS builtin from src/js/array.js
- Implements %TypedArray%.prototype.copyWithin as a C++ builtin, which
relies on std::memmove rather than accessing individual eleements.
- Fixes the case where copyWithin is invoked on a TypedArray with a
detached buffer.
- Add tests to ensure that +/-Infinity (for all 3 parameters) is handled
correctly by the
algorithm
The C++ version gets through the benchmark more than 25000 times as
quickly as the JS implementation.
BUG=v8:5925, v8:5929, v8:4648
R=cbruni@chromium.org, adamk@chromium.org, littledan@chromium.org
Review-Url: https://codereview.chromium.org/2697593002
Cr-Commit-Position: refs/heads/master@{#43213}
... and don't clear ICs during GC. The IC clearing used to prevent memory
leaks but it's not necessary anymore because all the handlers that need
to embed objects already use weak cells.
This CL unblocks inlining of IC dispatchers into bytecode handlers.
BUG=v8:5917
Change-Id: I229b9ba8dba44f431dfbe8ac5370d855e3e84dd6
Reviewed-on: https://chromium-review.googlesource.com/442127
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43209}
This allows part of typed lowering that is solely based on type-hints to
run as part of the graph construction. The lowering in question does not
inspect types and hence doesn't require the typer to have run before. We
insert the speculative simplied-level operations in favor of the generic
JavaScript-level variants.
R=bmeurer@chromium.org
Change-Id: I5f0549fc1e4ff607622ee9059e6232a32f77db2e
Reviewed-on: https://chromium-review.googlesource.com/442584
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43208}
ParserBase::is_any_identifier currently does not recognise
Token::ESCAPED_STRICT_RESERVED_WORD as an identifier. This seems different
from what ParserBase::ParseIdentifierName does, and also prevents
"l\u0065t", unlike "let", from becoming a label.
This CL extends is_any_identifier to also accept ESCAPED_STRICT_RESERVED_WORD.
BUG=v8:5692
Review-Url: https://codereview.chromium.org/2695973003
Cr-Commit-Position: refs/heads/master@{#43204}
CreateNumberFormat of src/js/i18n.js implements
http://www.ecma-international.org/ecma-402/1.0/#sec-11.1.1.1, but has a typo
in step 33a. The spec says that the default value for minimumSignificantDigits
should be 1, while the script set it to 0.
This CL fixes that typo and adds a test for that.
BUG=v8:5554
Review-Url: https://codereview.chromium.org/2694673003
Cr-Commit-Position: refs/heads/master@{#43197}
After https://github.com/tc39/ecma262/pull/642, Date.UTC no longer requires
the month argument to be specified. The spec provides 0 as its default value.
This CL updates the builtins-date.cc code to reflect that and drops the test
suppression for test262/built-ins/Date/UTC/return-value.
BUG=v8:5534
Review-Url: https://codereview.chromium.org/2689173003
Cr-Commit-Position: refs/heads/master@{#43193}
BUG=
Change-Id: I4a5db9bc045a63e710d0115523ab23b98e7c7ae6
Reviewed-on: https://chromium-review.googlesource.com/442504
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43189}
If the Reflect.construct receives an argument expected to be a constructor,
and the argument is not a constructor, V8 currently declares that
Reflect.construct is not a function. It should instead say that the offending
argument is not a constructor.
This is the case for all ports of builtins
(Builtins::Generate_ReflectConstruct). All of them make an
attempt to at least pass the right argument to the TypeError parametrised
message, calling out the offending Reflect.construct argument. However,
Runtime::kThrowCalledNonCallable extracts the callsite from those arguments,
discarding the precise information.
This CL adds Runtime::kNotConstructor, which reports the arguments passed
to it, and the CL also modifies the ports of builtins to make use of
Runtime::kNotConstructor
BUG=v8:5671
Review-Url: https://codereview.chromium.org/2688393003
Cr-Commit-Position: refs/heads/master@{#43182}
I identified lots of asm.js tests that are actually not valid according
to the spec, hence they execute in default-javascript-mode.
This CL fixes most of them by adding additional type annotations.
The atomic tests are totally non-spec-compliant by expecting a fourth
argument, and infinite-loops-taken expects a function-type parameter,
so I did not fix those.
I also did not fix the regression tests.
R=titzer@chromium.org, bradnelson@chromium.org
BUG=v8:4203
Review-Url: https://codereview.chromium.org/2663243002
Cr-Commit-Position: refs/heads/master@{#43179}
- Renames select, swizzle, and shuffle to be consistent with the S128 and
existing S32x4 ops, and reflect that these aren't arithmetic.
e.g. I16x8Swizzle -> S16x8Swizzle.
- Implements S16x8 and S8x16 Select operations and tests.
- Implements S128And, Or, Xor, Not operations and tests.
- Implements Swizzle for 32x4 formats.
- Refactors test macros that generate SIMD code.
TEST=cctest/test-run-wasm-simd/*
LOG=N
BUG=v8:4124
Review-Url: https://codereview.chromium.org/2683713003
Cr-Commit-Position: refs/heads/master@{#43168}
Test both cases where the interesting constructs occur at the
laziness boundary and cases where they occur deeper.
BUG=v8:5501
R=vogelheim@chromium.org
Change-Id: I99e32cb0c829616011bf7d1f389a8d309b54d67e
Reviewed-on: https://chromium-review.googlesource.com/441844
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43157}
The constructor for TypedArray in js/typedarray.js emitted
kInvalidTypedArrayAlignment if the array offset exceeded the size of the
underlying buffer. This seems like a typo introduced in
https://codereview.chromium.org/2090353003.
The error message to be emitted instead coincides with the already existing
kInvalidDataViewOffset. The message string is independent of whether the
object in question is a DataView or a typed array, so this CL:
(1) renames kInvalidDataViewOffset to just kInvalidOffset, and
(2) uses kInvalidOffset instead of kInvalidTypedArrayAlignment for cases
when the TypedArray is constructed with an offset exceeding the buffer
size.
BUG=v8:5733
TEST=Run d8, execute "new Uint8Array(new ArrayBuffer(1),2)", see the error message mention the invalid offset 2.
Review-Url: https://codereview.chromium.org/2692753002
Cr-Commit-Position: refs/heads/master@{#43151}
This CL fixes some nits in TypeError messages, unifying the form of
kDefineDisallowed and kObjectNotExtensible to match what is used by the
majority of the other messages:
* "Cannot" vs. "Can't" -> choose "Cannot"
* "property:%" -> "property %"
* omit the full-stop at the end of the message
BUG=v8:5673
Review-Url: https://codereview.chromium.org/2686233008
Cr-Commit-Position: refs/heads/master@{#43150}
This adds support for deoptimizing into the JSConstructStub after the
receiver instantiation but before the actual constructor invocation.
Such a deoptimization point is needed for cases where instantiation
might be observed (e.g. when new.target is a proxy) and hence might
trigger a deopt.
We use this new deoptimization point for the "after" frame-state the
inliner attaches to {JSCreate} nodes being inserted when constructor
calls are being inlined.
R=jarin@chromium.org
TEST=mjsunit/regress/regress-5638b
BUG=v8:5638
Change-Id: I7c72c807ee8fb76d12e0e9ccab86d970ab1a0efd
Reviewed-on: https://chromium-review.googlesource.com/440125
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43149}
We cannot skip the @@hasInstance lookup in instanceof depending on a
global protector cell, as the lookup of the property is observable
via proxies or accessors. So remove the global protector and properly
implement CSA::InstanceOf via GetPropertyStub, with an appropriate
fast-path for Function.prototype[@@hasInstance] where we call the
builtin code object directly if the function matches, skipping all
the checks from the call sequence, and also avoid the redundant
ToBoolean conversion on the result.
R=yangguo@chromium.orgTBR=ulan@chromium.org
BUG=v8:5958
Review-Url: https://codereview.chromium.org/2684033012
Cr-Commit-Position: refs/heads/master@{#43137}
Reason for revert:
Due to security issue described in review thread.
Original issue's description:
> [typedarrays] move %TypedArray%.prototype.copyWithin to C++
>
> - Removes shared InnerArrayCopyWithin JS builtin from src/js/array.js
> - Implements %TypedArray%.prototype.copyWithin as a C++ builtin, which
> relies on std::memmove rather than accessing individual eleements.
> - Fixes the case where copyWithin is invoked on a TypedArray with a
> detached buffer.
> - Add tests to ensure that +/-Infinity (for all 3 parameters) is handled correctly by the
> algorithm
>
> The C++ version gets through the benchmark more than 25000 times as
> quickly as the JS implementation.
>
> BUG=v8:5925, v8:5929, v8:4648
> R=cbruni@chromium.org, adamk@chromium.org, littledan@chromium.org
>
> Review-Url: https://codereview.chromium.org/2671233002
> Cr-Commit-Position: refs/heads/master@{#42975}
> Committed: 0f1c626d55TBR=cbruni@chromium.org,adamk@chromium.org,bmeurer@chromium.org,cwhan.tunz@gmail.com,caitp@igalia.com
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=v8:5925, v8:5929, v8:4648
Review-Url: https://codereview.chromium.org/2693753002
Cr-Commit-Position: refs/heads/master@{#43132}
Do not allow that holey properties are defined in Array sort.
Throw a type error if the array is not extensible and there are holey
properties in the middle of the array.
BUG=v8:4888
Review-Url: https://codereview.chromium.org/2664173002
Cr-Commit-Position: refs/heads/master@{#43126}
If a job was already enqueued, EnqueueAndStep would still step the job one
more step. However, since it didn't take the job out of the
pending_background_jobs pool, the job could get picked up by a background
thread which would try to step it, but it the job is now at a step which
can't be run on the background.
BUG=v8:5203,chromium:685515
Change-Id: I2cee2a33625ba455aca49a8037601be9ff8bb73f
Reviewed-on: https://chromium-review.googlesource.com/441084
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43121}
The heuristic checks for "(function", and now it also checks for
"(async function".
BUG=v8:4230
Review-Url: https://codereview.chromium.org/2682173005
Cr-Commit-Position: refs/heads/master@{#43120}
This roll includes the SharedArrayBuffer tests (skipping for now)
but doesn't include the $ renaming.
This is a reland; previously, I reverted because I was confused about why
the rename of $ to $262 didn't break tests; it now seems that the
previous patch left it as an alias. This patch does not do the renaming
yet, as the renaming usage has not landed upstream yet.
R=adamk
Review-Url: https://codereview.chromium.org/2685603003
Cr-Commit-Position: refs/heads/master@{#43118}
Don't block on inner function compilation before competing outer function
compilation. Instead wait for the compilation to complete when the function
is called.
BUG=v8:5203
Review-Url: https://codereview.chromium.org/2686673002
Cr-Commit-Position: refs/heads/master@{#43116}
Removes handles from bytecode generation, instead storing
un-internalized AstValues (and other, similar values such as Scopes and
AstRawStrings) in the constant array builder.
This will allow us in the future to generate the bytecode before
internalizing the AST.
BUG=v8:5832
Change-Id: I3b8be8f7329a484eb1e5d12808b001d3475239da
Reviewed-on: https://chromium-review.googlesource.com/439326
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43115}
When running main-thread compiler-dispatcher jobs, ensure that we enter the
correct Context. Also adds a test for compiling an extension in the compiler
dispatcher to ensure that idle tasks enter the correct context before
finalizing the compilation.
BUG=v8:5203
Review-Url: https://codereview.chromium.org/2679193004
Cr-Commit-Position: refs/heads/master@{#43111}
This introduces new maps to track whether we have created at most one
closure. If we have created just one closure, Turbofan will
specialize the code to its context.
Review-Url: https://codereview.chromium.org/2680313002
Cr-Commit-Position: refs/heads/master@{#43108}
In order to compile eager inner functions on a background thread we need to
keep the handles created during parsing and scope analysis alive until the
background compilation is complete. In order to do that, we allocate the
handles in a deferred handle scope and keep the deferred handles alive with
a shared_ptr in the ParseInfo and CompileInfo respectively.
BUG=v8:5203
Review-Url: https://codereview.chromium.org/2650883002
Cr-Commit-Position: refs/heads/master@{#43107}
Reason for revert:
Reverting due to causing Word64AndWithImmediateWithWord64Sh to fail locally (but not on the bot).
BUG=v8:5956
Original issue's description:
> [arm64] A shift of 0 is not allowed in ubfx.
>
> R=bmeurer@chromium.org, v8-arm-ports@googlegroups.com
> BUG=v8:5951
>
> Review-Url: https://codereview.chromium.org/2685943003
> Cr-Commit-Position: refs/heads/master@{#43090}
> Committed: c46ccef921TBR=bmeurer@chromium.org,v8-arm-ports@googlegroups.com,martyn.capewell@arm.com,ahaas@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5951
Review-Url: https://codereview.chromium.org/2687373002
Cr-Commit-Position: refs/heads/master@{#43105}
Alternative approach to https://codereview.chromium.org/2667983004/, which
does not depend on implicit control flow changes from
https://codereview.chromium.org/2664083002
- Remove handling for `async function` from Parser::RewriteReturn(). This functionality
is moved to BytecodeGenerator::BuildAsyncReturn(). This ensures that promise resolution
is deferred until all finally blocks are evaluated fully.
- Add a new deferred command (CMD_ASYNC_RETURN), which instructs ControlScope to
generate return code using BuildAsyncReturn rather than BuildReturn.
- Parser has a new `NewReturnStatement()` helper which determines what type of return
statement to generate based on the type of function.
BUG=v8:5896, v8:4483
R=littledan@chromium.org, neis@chromium.org, rmcilroy@chromium.org, adamk@chromium.org, gsathya@chromium.org
Review-Url: https://codereview.chromium.org/2685683002
Cr-Commit-Position: refs/heads/master@{#43104}
This fixes the case where the index passed to {HMaybeGrowElements} used
to derive the new capacity for the elements backing store does not fit
into Smi range. Such an overflow would fail the capacity check and cause
growing to be skipped. Subsequent keyed stores would potentially go out
of bounds.
R=mvstanton@chromium.org
TEST=mjsunit/regress/regress-crbug-686427
BUG=chromium:686427
Review-Url: https://codereview.chromium.org/2686263002
Cr-Commit-Position: refs/heads/master@{#43101}
Also make them use the helpers that I introduced recently.
BUG=v8:5636
Review-Url: https://codereview.chromium.org/2684343004
Cr-Commit-Position: refs/heads/master@{#43100}
Move the logic into Scope::DeclareVariable to be more robust.
BUG=v8:5636
Review-Url: https://codereview.chromium.org/2685293003
Cr-Commit-Position: refs/heads/master@{#43098}
The use of setjmp/longjmp makes the cctests in test-run-wasm and
test-run-wasm-64 flaky on Windows, and I think that it is better not
to use it. With this CL I replace it as follows:
Similar to the setjmp/longjmp implementation we still call a C
function when a trap happens. However, instead of calling longjmp in
this C function we just set a flag which indicates that a trap
happened and then return. After we return from the C function we leave
the frame of the current wasm function and return with a RET
instruction. At the end of a test the wasm test runner checks the flag
to see if a trap happened.
Please take a special look at the LeaveFrame function on arm64.
R=titzer@chromium.org, clemensh@chromium.org, v8-arm-ports@googlegroups.comCC=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2685583003
Cr-Commit-Position: refs/heads/master@{#43095}
Reason for revert:
Issue on arm64:
https://build.chromium.org/p/client.v8.ports/builders/V8%20Linux%20-%20arm64%20-%20sim/builds/5752
Original issue's description:
> [Compiler] Enable handles created during parsing and scope analysis to be deferred.
>
> In order to compile eager inner functions on a background thread we need to
> keep the handles created during parsing and scope analysis alive until the
> background compilation is complete. In order to do that, we allocate the
> handles in a deferred handle scope and keep the deferred handles alive with
> a shared_ptr in the ParseInfo and CompileInfo respectively.
>
> BUG=v8:5203
>
> Review-Url: https://codereview.chromium.org/2650883002
> Cr-Commit-Position: refs/heads/master@{#43091}
> Committed: 9346cd9b4cTBR=marja@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5203
Review-Url: https://codereview.chromium.org/2687973003
Cr-Commit-Position: refs/heads/master@{#43093}
In order to compile eager inner functions on a background thread we need to
keep the handles created during parsing and scope analysis alive until the
background compilation is complete. In order to do that, we allocate the
handles in a deferred handle scope and keep the deferred handles alive with
a shared_ptr in the ParseInfo and CompileInfo respectively.
BUG=v8:5203
Review-Url: https://codereview.chromium.org/2650883002
Cr-Commit-Position: refs/heads/master@{#43091}
In order to allow parallel compilation of eager inner functions, we need to
seperate the zone used for parsing (which will be shared between all the
parallel compile jobs) and the zone used for compilation. This CL changes
CompilationInfo to require a zone (which can be different from the zone in
ParseInfo). We then seal the ParseInfo zone after parsing and analysis is done
to prevent any further allocation in that zone, so that it can be shared
(read-only) with the parallel compile jobs.
BUG=v8:5203
Review-Url: https://codereview.chromium.org/2645403002
Cr-Commit-Position: refs/heads/master@{#43089}
Add a simple benchmark for a TypedArray constructor. Run once with the
default pipeline and once with turbofan so that we can compare the
performance.
Also fixes a typo in the Regex for the result of the CopyWithin
benchmark which stopped the results showing up in the perf
dashboard.
BUG=
Change-Id: Ic2eb0bd1e02b458c1163e97130abd0e7531c2e1c
Reviewed-on: https://chromium-review.googlesource.com/440225
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43087}
This CL covers only the very simple cases.
BUG=v8:5516
R=vogelheim@chromium.org
Change-Id: Ib6ddc90cbcf1c923a7b72493cfd029cfa835462b
Reviewed-on: https://chromium-review.googlesource.com/440246
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43086}
Collecting precise invocation counts need to be explicitly
enabled. Once enabled, we disable optimization (optimized
code does not increment invocation count, and may inline
callees), and make sure feedback vectors interesting for
code coverage is not garbage-collected.
R=hpayer@chromium.org, jgruber@chromium.org
BUG=v8:5808
Review-Url: https://codereview.chromium.org/2686063002
Cr-Commit-Position: refs/heads/master@{#43082}
This CL includes runtime and IC parts of the tracking. It is controlled by
compile-time flag FLAG_constant_field_tracking and currently disabled.
Transition from kConst to kMutable still involves map deprecation.
BUG=v8:5495
Review-Url: https://codereview.chromium.org/2598543003
Cr-Commit-Position: refs/heads/master@{#43081}
Collect code coverage from the available invocation counts.
The granularity is at function level, and invocation counts may
be lost to GC.
Coverage::Collect returns a std::vector of Coverage::ScriptData.
Each ScriptData contains a script ID and a std::vector of
Coverage::RangeEntry.
Each RangeEntry consists of a end position and the invocation
count. The start position is implicit from the end position of
the previous RangeEntry, or 0 if it's the first RangeEntry.
R=jgruber@chromium.org
BUG=v8:5808
Review-Url: https://codereview.chromium.org/2689493002
Cr-Commit-Position: refs/heads/master@{#43072}
arguments.h is one of the headers including objects-inl.h. Files needing
objects-inl.h used to innocently pull in debug.h, so that needs to be fixed now
too.
BUG=v8:5294
R=mstarzinger@chromium.org
Change-Id: I8ce671c533ed757103ef9a3b0bf0a0509230fdd8
Reviewed-on: https://chromium-review.googlesource.com/439287
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43054}
Since the empty string is canonical HeapObject now, we can use
this fact to optimize
- strict equality comparisons with the empty string to a
simple ReferenceEqual operation, and
- optimize ToBoolean to avoid instance type checks completely.
Drive-by-fix: Allow InternalizedString for Type::HeapConstant
in the type system. This is safe, since InternalizedStrings
can be compared to other heap constants by reference (except
for non-InternalizedStrings, which are excluded from the
HeapConstant type).
BUG=v8:5267
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2681273002
Cr-Commit-Position: refs/heads/master@{#43050}
E.g.,
{ function lazy_inner(b = somevar) { let somevar; } }
If we don't produce the same scopes, PreParser thinks that the unresolved
variable inside the default parameter resolves into the variable declared inside
the function. Thus, it's not correctly recorded as a free variable.
One part is already done by https://codereview.chromium.org/2638333002 . But at
the laziness boundary, we still produced different scopes.
Unlike previously thought, this is also needed for lazy inner function
correctness, not only for "preparser scope analysis" (ie., skipping inner
functions).
BUG=v8:5938
Change-Id: I047cd43ef16478bb0f18d1f114845e7d1ab8c5f2
Reviewed-on: https://chromium-review.googlesource.com/439345
Commit-Queue: Marja Hölttä <marja@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43044}
Without doing this, a JSMessageObject can be kept alive by the isolate, which
in turn keeps the context alive, until the message is cleared.
BUG=v8:5941
Review-Url: https://codereview.chromium.org/2675203005
Cr-Commit-Position: refs/heads/master@{#43043}
Where the arguments have already been inlined, we can replace these
calls with a direct call. We have to make sure that the iteration over
the arguments is not observable.
Also factor out the large chunk of logic shared with
ReduceJSConstructWithSpread.
BUG=v8:5932
Change-Id: I6c4fac670028fbd8ca82c4474d4392231573bc49
Reviewed-on: https://chromium-review.googlesource.com/439329
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43039}
It used to require >1GB of memory which leads to flaky test failures on
machines with less memory when executing multiple variants in parallel
R=cbruni@chromium.org,ulan@chromium.org
BUG=v8:5706
Change-Id: Id8c6f49cbfa51f2d443991c1493f225810efb18f
Reviewed-on: https://chromium-review.googlesource.com/439310
Commit-Queue: Camillo Bruni <cbruni@google.com>
Commit-Queue: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43038}
Arm64 compiles "x +_64 (y >> shift)" into a single instruction if
"shift" is a constant. The code generator expects that "shift" is a
32 bit constant. however, TurboFan can also pass in a 64 bit constant,
which caused a crash in the code generator.
With this CL we cast the constant of TurboFan to an int in the
instruction selector and thereby satisfy the assumption of the code
generator. This should be correct since the code generator anyways cast
the "shift" to an int5 or int6 eventually.
R=v8-arm-ports@googlegroups.com
BUG=v8:5923
Review-Url: https://codereview.chromium.org/2669203005
Cr-Commit-Position: refs/heads/master@{#43036}
Do not preinitialize the feedback vector slot if
the lookup iterator is an interceptor, because it is not
guaranteed that the iterator has a PropertyCell.
If the HandlerConfiguration has a non-masking
intercepting setter,
the iterator does not have a valid PropertyCell.
BUG=chromium:656648
Review-Url: https://codereview.chromium.org/2674103002
Cr-Commit-Position: refs/heads/master@{#43034}
The testb instruction requires the REX prefix when either of its
operands uses a register with the high bit set. The existing code only
considered the register operand. In the test case the REX prefix was not
emitted because the testb instruction had the register operand RAX which
does not have the high bit set. The REX prefix was necessary though
because the memory operand used R8, which has the high bit set.
R=bmeurer@chromium.org
BUG=chromium:688876
Change-Id: Ib214bebbe75965664f2aea530e29afa95a54f44f
Reviewed-on: https://chromium-review.googlesource.com/439145
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43030}
Previously, both type feedback vector and the shared function info
of a function points to the matching type feedback metadata. This
makes finding the shared function info of a type feedback vector
difficult.
Instead, we now point the type feeback vector to the shared function
info, and find the metadata through the shared function info.
Also remove the obsolete empty type feedback vector.
R=hpayer@chromium.org, mvstanton@chromium.org
BUG=v8:5808
Review-Url: https://codereview.chromium.org/2672363002
Cr-Commit-Position: refs/heads/master@{#43026}
The AstGraphBuilder is used for asm.js only and for-in is not allowed in
valid asm.js, so we can just disable optimization for asm.js functions
that contain for-in loops. This way we only need to support for-in via
the BytecodeGraphBuilder in TurboFan now, which will make optimizations
way easier.
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2679913004
Cr-Commit-Position: refs/heads/master@{#43024}
In current implementation we don't support nested scheduled break at all. If one break was scheduled inside another and second one doesn't produce actual break (execution was in blackboxed code or no JavaScript was executed) then second one will clear first scheduled break even if any not blackboxed JavaScript will be executed later.
Ambiguous break reason is added for the case when we have more then one scheduled reason. "auxData" in this case contains object with array of { reason: reason, auxData: auxData } objects for each reason in 'reasons' property.
BUG=chromium:632405
Review-Url: https://codereview.chromium.org/2678313002
Cr-Commit-Position: refs/heads/master@{#43021}
Reason for revert:
Oops, looks like the patch to change the name of $ to $262 isn't merged yet. Not sure why this didn't cause a bunch of failures--need to investigate. Reverting for now.
Original issue's description:
> test262 roll
>
> This patch changes tests right up until the SharedArrayBuffer
> tests.
>
> R=adamk
>
> Review-Url: https://codereview.chromium.org/2681833003
> Cr-Commit-Position: refs/heads/master@{#43019}
> Committed: 9588a0de5aTBR=adamk@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2683753003
Cr-Commit-Position: refs/heads/master@{#43020}
This patch changes tests right up until the SharedArrayBuffer
tests.
R=adamk
Review-Url: https://codereview.chromium.org/2681833003
Cr-Commit-Position: refs/heads/master@{#43019}
- removed getGeneratorObjectLocation from debugger-script.js,
- one more step to remove all debugger context usages in inspector.
BUG=v8:5510
R=yangguo@chromium.org,jgruber@chromium.org,alph@chromium.org
Review-Url: https://codereview.chromium.org/2678143002
Cr-Commit-Position: refs/heads/master@{#43018}
In addition to Array.prototype.values() which is already exposed, Blink
needs access to entries(), forEach() and keys() to properly set the
corresponding functions in value iterators for WebIDL conformance.
Add a few new entries to NATIVE_CONTEXT_IMPORTED_FIELDS and expand
V8_INTRINSICS_LIST, as well as some API tests for all these new exposed
functions.
BUG=chromium:632935
R=caitp@igalia.com,jochen@chromium.org,verwaest@chromium.org,yukishiino@chromium.org
Review-Url: https://codereview.chromium.org/2670833008
Cr-Commit-Position: refs/heads/master@{#43017}
Reason for revert:
False alarm, bot hiccup
Original issue's description:
> Revert of Reland: [Parse] ParseInfo owns the parsing Zone. (patchset #7 id:140001 of https://codereview.chromium.org/2632123006/ )
>
> Reason for revert:
> Speculative revert because of revert needed for https://codereview.chromium.org/2632123006
>
> Original issue's description:
> > Reland: [Parse] ParseInfo owns the parsing Zone.
> >
> > Moves ownership of the parsing Zone to ParseInfo with a shared_ptr. This is
> > in preperation for enabling background compilation jobs for inner functions
> > share the AST in the outer-function's parse zone memory (read-only), with the
> > and zone being released when all compilation jobs have completed.
> >
> > BUG=v8:5203,v8:5215
> >
> > Review-Url: https://codereview.chromium.org/2632123006
> > Cr-Original-Commit-Position: refs/heads/master@{#42993}
> > Committed: 14fb337200
> > Review-Url: https://codereview.chromium.org/2632123006
> > Cr-Commit-Position: refs/heads/master@{#42996}
> > Committed: 9e7d5a6065
>
> TBR=marja@chromium.org,mstarzinger@chromium.org,ahaas@chromium.org,verwaest@chromium.org,rmcilroy@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:5203,v8:5215
>
> Review-Url: https://codereview.chromium.org/2683733002
> Cr-Commit-Position: refs/heads/master@{#43008}
> Committed: 9fe08ec067TBR=marja@chromium.org,mstarzinger@chromium.org,ahaas@chromium.org,verwaest@chromium.org,rmcilroy@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5203,v8:5215
Review-Url: https://codereview.chromium.org/2679303003
Cr-Commit-Position: refs/heads/master@{#43015}
Reason for revert:
False alarm, bot hiccup
Original issue's description:
> Revert of [parsing] Fix maybe-assigned for loop variables. (patchset #3 id:40001 of https://codereview.chromium.org/2673403003/ )
>
> Reason for revert:
> Speculative revert because of https://codereview.chromium.org/2679163002/.
>
> Original issue's description:
> > [parsing] Fix maybe-assigned for loop variables.
> >
> > Due to hoisting, the value of a 'var'-declared variable may actually change even
> > if the code contains only the "initial" assignment, namely when that assignment
> > occurs inside a loop. For example:
> >
> > let i = 10;
> > do { var x = i } while (i--):
> >
> > As a simple and very conservative approximation of this, we explicitly mark
> > as maybe-assigned any non-lexical variable whose "declaration" does not
> > syntactically occur in the function scope. (In the example above, it
> > occurs in a block scope.)
> >
> > BUG=v8:5636
> >
> > Review-Url: https://codereview.chromium.org/2673403003
> > Cr-Commit-Position: refs/heads/master@{#42989}
> > Committed: a33fcd663b
>
> TBR=marja@chromium.org,adamk@chromium.org,neis@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:5636
>
> Review-Url: https://codereview.chromium.org/2679263002
> Cr-Commit-Position: refs/heads/master@{#43010}
> Committed: f3ae5ccf57TBR=marja@chromium.org,adamk@chromium.org,neis@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5636
Review-Url: https://codereview.chromium.org/2686663002
Cr-Commit-Position: refs/heads/master@{#43013}
Reason for revert:
False alarm, bot hiccup
Original issue's description:
> Revert of Thread maybe-assigned through the bytecodes. (patchset #5 id:80001 of https://codereview.chromium.org/2655733003/ )
>
> Reason for revert:
> needed for properly reverting f3ae5ccf57
>
> Original issue's description:
> > Thread maybe-assigned through the bytecodes.
> >
> > This introduces LoadImmutableContextSlot and LoadImmutableCurrentContextSlot
> > bytecodes, which are emitted when reading from never-assigned context slot.
> >
> > There is a subtlety here: the slot are not immutable, the meaning is
> > actually undefined-or-hole-or-immutable.
> >
> > Review-Url: https://codereview.chromium.org/2655733003
> > Cr-Commit-Position: refs/heads/master@{#43000}
> > Committed: 17c2dd3886
>
> TBR=rmcilroy@chromium.org,bmeurer@chromium.org,neis@chromium.org,jarin@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
>
> Review-Url: https://codereview.chromium.org/2680923003
> Cr-Commit-Position: refs/heads/master@{#43011}
> Committed: ece4e54a31TBR=rmcilroy@chromium.org,bmeurer@chromium.org,neis@chromium.org,jarin@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2679953003
Cr-Commit-Position: refs/heads/master@{#43012}
Reason for revert:
needed for properly reverting f3ae5ccf57
Original issue's description:
> Thread maybe-assigned through the bytecodes.
>
> This introduces LoadImmutableContextSlot and LoadImmutableCurrentContextSlot
> bytecodes, which are emitted when reading from never-assigned context slot.
>
> There is a subtlety here: the slot are not immutable, the meaning is
> actually undefined-or-hole-or-immutable.
>
> Review-Url: https://codereview.chromium.org/2655733003
> Cr-Commit-Position: refs/heads/master@{#43000}
> Committed: 17c2dd3886TBR=rmcilroy@chromium.org,bmeurer@chromium.org,neis@chromium.org,jarin@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2680923003
Cr-Commit-Position: refs/heads/master@{#43011}
Reason for revert:
Speculative revert because of https://codereview.chromium.org/2679163002/.
Original issue's description:
> [parsing] Fix maybe-assigned for loop variables.
>
> Due to hoisting, the value of a 'var'-declared variable may actually change even
> if the code contains only the "initial" assignment, namely when that assignment
> occurs inside a loop. For example:
>
> let i = 10;
> do { var x = i } while (i--):
>
> As a simple and very conservative approximation of this, we explicitly mark
> as maybe-assigned any non-lexical variable whose "declaration" does not
> syntactically occur in the function scope. (In the example above, it
> occurs in a block scope.)
>
> BUG=v8:5636
>
> Review-Url: https://codereview.chromium.org/2673403003
> Cr-Commit-Position: refs/heads/master@{#42989}
> Committed: a33fcd663bTBR=marja@chromium.org,adamk@chromium.org,neis@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5636
Review-Url: https://codereview.chromium.org/2679263002
Cr-Commit-Position: refs/heads/master@{#43010}
Reason for revert:
Speculative revert because of revert needed for https://codereview.chromium.org/2632123006
Original issue's description:
> Reland: [Parse] ParseInfo owns the parsing Zone.
>
> Moves ownership of the parsing Zone to ParseInfo with a shared_ptr. This is
> in preperation for enabling background compilation jobs for inner functions
> share the AST in the outer-function's parse zone memory (read-only), with the
> and zone being released when all compilation jobs have completed.
>
> BUG=v8:5203,v8:5215
>
> Review-Url: https://codereview.chromium.org/2632123006
> Cr-Original-Commit-Position: refs/heads/master@{#42993}
> Committed: 14fb337200
> Review-Url: https://codereview.chromium.org/2632123006
> Cr-Commit-Position: refs/heads/master@{#42996}
> Committed: 9e7d5a6065TBR=marja@chromium.org,mstarzinger@chromium.org,ahaas@chromium.org,verwaest@chromium.org,rmcilroy@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5203,v8:5215
Review-Url: https://codereview.chromium.org/2683733002
Cr-Commit-Position: refs/heads/master@{#43008}
- Adds logical and arithmetic shifts for all integer types.
- Adds min and max for all integer types.
- Adds saturating add and subtract for small integer types.
- Removes lane operations from the MachineOperatorCache.
LOG=N
BUG=v8:4124
Review-Url: https://codereview.chromium.org/2668013003
Cr-Commit-Position: refs/heads/master@{#43005}
This introduces LoadImmutableContextSlot and LoadImmutableCurrentContextSlot
bytecodes, which are emitted when reading from never-assigned context slot.
There is a subtlety here: the slot are not immutable, the meaning is
actually undefined-or-hole-or-immutable.
Review-Url: https://codereview.chromium.org/2655733003
Cr-Commit-Position: refs/heads/master@{#43000}
... and TypeFeedbackMetadata to FeedbackMetadata.
BUG=
Change-Id: I2556d1c2a8f37b8cf3d532cc98d973b6dc7e9e6c
Reviewed-on: https://chromium-review.googlesource.com/439244
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#42999}
Cleanup CHECK_EQ order and simplify CHECK_EQ(true/false).
Cleanup callorder for negative numbers
Cleanup callorder order for capital letter constants.
Cleanup callorder for test.x checks.
BUG=
Review-Url: https://codereview.chromium.org/2677183002
Cr-Commit-Position: refs/heads/master@{#42997}
Moves ownership of the parsing Zone to ParseInfo with a shared_ptr. This is
in preperation for enabling background compilation jobs for inner functions
share the AST in the outer-function's parse zone memory (read-only), with the
and zone being released when all compilation jobs have completed.
BUG=v8:5203,v8:5215
Review-Url: https://codereview.chromium.org/2632123006
Cr-Original-Commit-Position: refs/heads/master@{#42993}
Committed: 14fb337200
Review-Url: https://codereview.chromium.org/2632123006
Cr-Commit-Position: refs/heads/master@{#42996}
Reason for revert:
doesn't compile on ToT
Original issue's description:
> Reland: [Parse] ParseInfo owns the parsing Zone.
>
> Moves ownership of the parsing Zone to ParseInfo with a shared_ptr. This is
> in preperation for enabling background compilation jobs for inner functions
> share the AST in the outer-function's parse zone memory (read-only), with the
> and zone being released when all compilation jobs have completed.
>
> BUG=v8:5203,v8:5215
>
> Review-Url: https://codereview.chromium.org/2632123006
> Cr-Commit-Position: refs/heads/master@{#42993}
> Committed: 14fb337200TBR=marja@chromium.org,mstarzinger@chromium.org,ahaas@chromium.org,verwaest@chromium.org,rmcilroy@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5203,v8:5215
Review-Url: https://codereview.chromium.org/2685543003
Cr-Commit-Position: refs/heads/master@{#42994}
Moves ownership of the parsing Zone to ParseInfo with a shared_ptr. This is
in preperation for enabling background compilation jobs for inner functions
share the AST in the outer-function's parse zone memory (read-only), with the
and zone being released when all compilation jobs have completed.
BUG=v8:5203,v8:5215
Review-Url: https://codereview.chromium.org/2632123006
Cr-Commit-Position: refs/heads/master@{#42993}
Due to hoisting, the value of a 'var'-declared variable may actually change even
if the code contains only the "initial" assignment, namely when that assignment
occurs inside a loop. For example:
let i = 10;
do { var x = i } while (i--):
As a simple and very conservative approximation of this, we explicitly mark
as maybe-assigned any non-lexical variable whose "declaration" does not
syntactically occur in the function scope. (In the example above, it
occurs in a block scope.)
BUG=v8:5636
Review-Url: https://codereview.chromium.org/2673403003
Cr-Commit-Position: refs/heads/master@{#42989}
For x64, ia32 and x87 we would pop the return address before the stack
overflow check. This meant the stack couldn't be unwound properly if
it was going to overflow. This CL moves the pop of the return address
to after the stack overflow check.
Also adds a regression test to check that a RangeError is thrown.
BUG=689016
Review-Url: https://codereview.chromium.org/2681643004
Cr-Commit-Position: refs/heads/master@{#42984}
This correctly marks the {JSCreate} operator as potentially throwing,
since it might trigger a property access of the 'prototype' property
during instantiation. This is observable, can throw (not kNoThrow),
might have side-effects (not kNoWrite), or even trigger a lazy deopt
event (not kNoDeopt). The inlining logic has been adapted to wire up
control projections accordingly.
Note that this does not yet take care of the "after" frame-state which
is associated with the {JSCreate} node introduced by the inliner. We
still might re-evaluate the property access upon lazy deoptimization.
R=bmeurer@chromium.org
TEST=mjsunit/regress/regress-5638
BUG=v8:5638
Review-Url: https://codereview.chromium.org/2671203003
Cr-Commit-Position: refs/heads/master@{#42981}
- entries preview available even if debugger agent is disabled,
- less deprecated mirrors usage in debugger-script.js
- no usage of debugger context - zero probability of leaking it.
- better test coverage.
BUG=v8:5510
R=yangguo@chromium.org,jgruber@chromium.org,alph@chromium.org,luoe@chromium.org
Review-Url: https://codereview.chromium.org/2672213002
Cr-Commit-Position: refs/heads/master@{#42978}
- Removes shared InnerArrayCopyWithin JS builtin from src/js/array.js
- Implements %TypedArray%.prototype.copyWithin as a C++ builtin, which
relies on std::memmove rather than accessing individual eleements.
- Fixes the case where copyWithin is invoked on a TypedArray with a
detached buffer.
- Add tests to ensure that +/-Infinity (for all 3 parameters) is handled correctly by the
algorithm
The C++ version gets through the benchmark more than 25000 times as
quickly as the JS implementation.
BUG=v8:5925, v8:5929, v8:4648
R=cbruni@chromium.org, adamk@chromium.org, littledan@chromium.org
Review-Url: https://codereview.chromium.org/2671233002
Cr-Commit-Position: refs/heads/master@{#42975}
Keep the order in CHECK_EQ calls consistent as
(expected, actual).
Simplify CHECK_EQ(true, expected) to CHECK(expected) and
CHECK_EQ(false, expected) to CHECK(!expected).
BUG=
Review-Url: https://codereview.chromium.org/2677133002
Cr-Commit-Position: refs/heads/master@{#42964}
The results are unreliable as-is, because es5 and es6 run in the same d8
process consecutively. The graph also shows a huge amount of noise,
which seems to be mostly resolved with this change.
Review-Url: https://codereview.chromium.org/2675263002
Cr-Commit-Position: refs/heads/master@{#42961}
In preparation for more perf work in turbofan, so that we can actually
see the results on the graph.
BUG=v8:5932
Review-Url: https://codereview.chromium.org/2676263002
Cr-Commit-Position: refs/heads/master@{#42960}
TypeFeedbackVectors are strongly rooted by a closure. However, in modern
JavaScript closures are created and abandoned more freely. An important
closure may not be present in the root-set at time of garbage collection,
even though we've cached optimized code and use it regularly. For
example, consider leaf functions in an event dispatching system. They may
well be "hot," but tragically non-present when we collect the heap.
Until now, we've relied on a weak root to cache the feedback vector in
this case. Since there is no way to signal intent or relative importance,
this weak root is as susceptible to clearing as any other weak root at
garbage collection time.
Meanwhile, the feedback vector has become more important. All of our
ICs store their data there. Literal and regex boilerplates are stored there.
If we lose the vector, then we not only lose optimized code built from
it, we also lose the very feedback which allowed us to create that optimized
code. Therefore it's vital to express that dependency through the root
set.
This CL does this by creating a strong link to a feedback
vector at the instantiation site of the function closure.
This instantiation site is in the code and feedback vector
of the outer closure.
BUG=v8:5456
Review-Url: https://codereview.chromium.org/2674593003
Cr-Commit-Position: refs/heads/master@{#42953}
TailCallRuntime currently does not seem to handle adaptor frames
correctly.
BUG=chromium:688690
Review-Url: https://codereview.chromium.org/2675133003
Cr-Commit-Position: refs/heads/master@{#42950}
The property details of a LookupIterator are not accessible,
if the iterator state is interceptor. Instead, use the
property attributes.
Fixes a crash in Node.js tests in Debug mode, see
c2c6ae52ea
BUG=
Review-Url: https://codereview.chromium.org/2675993002
Cr-Commit-Position: refs/heads/master@{#42941}
Blink uses access checks to be sure that objects from one context doesn't access objects in another. Heap profiler uses current context to call this checks, we need to be sure that current context is empty to allow heap profiler collect all objects without crash.
BUG=chromium:661223
R=alph@chromium.org,ulan@chromium.org
Review-Url: https://codereview.chromium.org/2669393002
Cr-Commit-Position: refs/heads/master@{#42939}
Apparently it happens quite easily that different NaNs are produced in
the interpreter than in the execution of the compiled code. This
non-determinism caused problems for the fuzzer which compares the
equality of the results of the interpreter and the compiled code.
I decided therefore to refactor the detection of non-determinism in the
interpreter. Instead of tracking whether potentially non-deterministic
NaNs were produced, I track now whether potentially non-deterministic
NaNs could have been observed. The only way the NaN non-determinism can
be observed is by observing the non-deterministic bit pattern of the
NaN. AFAICT the only way to observe the bit pattern is with a
I(32|64)_REINTERPRET_F(32|64) instruction or with a F(32|64)_STORE
followed by a load. Therefore I flag an execution as potentially
non-deterministic when either a NaN is reinterpreted to an int, or when
a NaN is stored to memory.
R=titzer@chromium.org, eholk@chromium.org
BUG=682180
Review-Url: https://codereview.chromium.org/2671803002
Cr-Commit-Position: refs/heads/master@{#42917}
The wasm module we generate for the test case actually has an initial
memory size of 16. In the mjsunit test we generate, however, we set the
initial memory size to 32. This CL changes the initial memory size in
the mjsunit test now to 16.
R=eholk@chromium.org
Change-Id: I5d3a30a97c3b0ba3105a8cf17d4c088a8fb9c8b7
Reviewed-on: https://chromium-review.googlesource.com/436544
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#42915}
Turns out is_hidden is not the right condition for "scope should be present in
the preparse data". For now, replaced it with "is hidden leaf scope" (i.e.,
doesn't contain any non-hidden scopes). That's probably not the right condition
either; will be fixed once there's more data to decide what the right condition
is.
BUG=v8:5516
R=vogelheim@chromium.org
Review-Url: https://codereview.chromium.org/2669163002
Cr-Commit-Position: refs/heads/master@{#42909}
V8DebuggerAgentImpl::m_skipAllPaused is moved to V8Debugger.
V8DebuggerAgentImpl::didPaused doesn't return shouldBreak flag and called only when break is required and stack trace presented.
V8DebuggerAgentImpl doesn't store paused context.
Logic of conversion step-next at return into step-in is moved to debug.cc.
BUG=none
R=dgozman@chromium.org,yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2668763003
Cr-Commit-Position: refs/heads/master@{#42907}
We don't need Code::CALL_IC for anything now that the CallICStub is
migrated and no longer hooks into the traditional IC system.
R=yangguo@chromium.org
BUG=v8:5049
Review-Url: https://codereview.chromium.org/2669193002
Cr-Commit-Position: refs/heads/master@{#42890}
First discovery by the names section fuzzer I think. During the decoding
of the names of locals only ok() of the outer decoder was checked, not
the ok() of the actual names section decoder.
R=tizer@chromium.org
BUG=chromium:684855
Review-Url: https://codereview.chromium.org/2648383007
Cr-Commit-Position: refs/heads/master@{#42880}
- Remove obsolete BreakLocatorType.
- Perform PrepareStepOnThrow after OnException event, in case stepping
was scheduled in the exception event.
- Use frame count instead of frame pointer for stepping. Frame pointer
is not reliable due to possible deopts.
- Consistently check for inlined functions in inlined frames.
- Use SharedFunctionInfo in FloodWithOneshot and EnsureDebugInfo.
R=jgruber@chromium.org
BUG=v8:5901
Review-Url: https://codereview.chromium.org/2664793002
Cr-Commit-Position: refs/heads/master@{#42878}
This avoids the need to pull in the UTF-8 encoding code from the public API,
and allows it to take advantage of any supported way that i::String can be
encoded (one- or two-byte).
Backward compatibility is maintained, but this is the behavior beginning
with this version.
BUG=chromium:686159
Review-Url: https://codereview.chromium.org/2665653004
Cr-Commit-Position: refs/heads/master@{#42872}
Also if the count is not specified, it should wake all waiters.
BUG=v8:4777
Review-Url: https://codereview.chromium.org/2659083004
Cr-Commit-Position: refs/heads/master@{#42871}
- Adds vqadd.s/u, vqsub.s/u for all integer lane sizes.
- Refactors disassembler and simulator, using switches instead
of long if-else chains.
LOG=N
BUG=v8:4124
Review-Url: https://codereview.chromium.org/2649323012
Cr-Commit-Position: refs/heads/master@{#42865}
The int64-lowering only lowered store instructions with a word64 store
representation. For all other stores the default lowering applied. The
default lowering replaces all input nodes with both their replacement
nodes, which can change the number of input nodes of the lowered node.
In WebAssembly there exist stores which take an I64 input and store it
with a different representation, e.g. I32. In TurboFan this translates
to a store node with word32 store representation and a word64 value
input. The default lowering replaces the word64 value input to become
two word32 value inputs, which makes the number of inputs of the store
node invalid. This CL discards the high word replacement of the value
input so that the number of input nodes of a store node does not change
in the default lowering.
R=titzer@chromium.orgCC=rossberg@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2668023004
Cr-Commit-Position: refs/heads/master@{#42860}
This is a step towards encoding all the necessary information in
the feedback slot kind instead of storing it in the IC dispatcher's
code object flags.
BUG=v8:5849, v8:5917
Review-Url: https://codereview.chromium.org/2662113005
Cr-Commit-Position: refs/heads/master@{#42859}
Using .caller, one can get access to the internal function that invokes the
handler passed to Promise.prototype.then. This internal function is a TF
builtin that was set up as non-native and without an argument adaptor. As a
consequence of this, when accessing .arguments on it, the frame-walking logic in
the .arguments accessor thinks the number of arguments is -1 and we try to
allocate an array of size -1.
This CL marks the builtin function as native (making its .arguments be null),
along with a few others that may have been incorrect in the same way.
BUG=chromium:682349
Review-Url: https://codereview.chromium.org/2672453002
Cr-Commit-Position: refs/heads/master@{#42855}
I removed some constant folding optimizations for float instruction in
https://codereview.chromium.org/2647353007 because they were incorrect
if the input was a signalling NaN. Removing these optimizations, however
had an unexpectedly big impact on asm.js performance. With this CL I
restore the optimizations again when the source origin is not wasm. In
JavaScript signalling NaNs are not observable and therefore the
optimizations are correct.
R=titzer@chromium.org
BUG=chromium:686654
Review-Url: https://codereview.chromium.org/2666903002
Cr-Commit-Position: refs/heads/master@{#42850}
The function being tested is forced to go through Turbofan anyway (since it references a module variable).
Adding --turbo explicitly just to make a check happy.
BUG=
Review-Url: https://codereview.chromium.org/2664393003
Cr-Commit-Position: refs/heads/master@{#42844}
The String.prototype was altered after snapshot time (during
experimental natives setup), invalidating the stored map used for
fast-path checks.
BUG=
Review-Url: https://codereview.chromium.org/2663303003
Cr-Commit-Position: refs/heads/master@{#42842}
Rename to Construct and ConstructWithSpread, to match the names of
the JSOperators used.
Unfortunately, I can't find a way for auto-formatting to stay happy unless we
change the indentation for the whole BYTECODE_LIST macro.
Review-Url: https://codereview.chromium.org/2663963003
Cr-Commit-Position: refs/heads/master@{#42840}
Throw a syntax error on "new import(1)" expression. Adds a new error msg as well.
BUG=v8:5785
Review-Url: https://codereview.chromium.org/2661113002
Cr-Commit-Position: refs/heads/master@{#42827}
Also updated some tests due to the change. The general pattern is when a
trailing comma is expected to cause a SyntaxError, an additional comma was
added.
BUG=v8:5051
CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_trusty_blink_rel
Review-Url: https://codereview.chromium.org/2638513002
Cr-Commit-Position: refs/heads/master@{#42826}
If hidden scopes are ignored, the scopes and variable produced by the PreParser
already matched the scopes and variables produced by the Parser.
BUG=v8:5516
R=vogelheim@chromium.org
Review-Url: https://codereview.chromium.org/2663043003
Cr-Commit-Position: refs/heads/master@{#42824}
Rewrites import expression into a runtime call. Uses peekahead to
determine if parsing an import declaration or import expression.
The runtime call doesn't actually do the import yet, will be added in
follow on patch.
Adds a new --harmony-dynamic-import flag.
Adds a ignore_error_msg parameter to the test runner to ignore the
discrepancy in the error messages while parsing import expression with
parser and pre parser. This discrepancy will actually never happen in
real code.
BUG=v8:5785
Review-Url: https://codereview.chromium.org/2661933003
Cr-Commit-Position: refs/heads/master@{#42820}
Reason for revert:
Causes test timeouts.
Original issue's description:
> [Test] Do a set number of runs to trigger optimisation for SuperSpread.
>
> BUG=v8:5895
>
> Review-Url: https://codereview.chromium.org/2669523002
> Cr-Commit-Position: refs/heads/master@{#42811}
> Committed: d4c22c3084TBR=bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5895
Review-Url: https://codereview.chromium.org/2669553002
Cr-Commit-Position: refs/heads/master@{#42812}
The KeyedStoreMode that we get out of the FeedbackNexus doesn't
necessarily need to apply when we have "static knowledge" about
the receiver, i.e. when the receiver is a known JSTypedArray, but
the KEYED_STORE_IC has seen only JSArray instances so far. The
DCHECK was too restrictive in this case, since we can just ignore
the KEYED_STORE_IC mode (like we ignore the maps).
BUG=chromium:685050
R=ishell@chromium.org
Review-Url: https://codereview.chromium.org/2668643002
Cr-Commit-Position: refs/heads/master@{#42810}
We were missing a case for Tagged->TaggedSigned conversions when the
input type is known to be Type::SignedSmall.
BUG=chromium:687029
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2666863002
Cr-Commit-Position: refs/heads/master@{#42809}
We cannot eliminate unused CheckFloat64Hole nodes, since loading from a
holey array can have side-effects, i.e. triggering getters in the
prototype chain.
R=mvstanton@chromium.org
BUG=chromium:686737
Review-Url: https://codereview.chromium.org/2665123002
Cr-Commit-Position: refs/heads/master@{#42806}
Dealing with this case requires a wire format change. It is possible that an
element can be absent even in an array where the dense format was chosen
(because the array initially had no holes), if the elements are modified while
they are being serialized. In this case, a new tag for the "hole" is emitted.
The logic to treat undefined in dense arrays as an absent property is restricted
to versions of the wire format that this tag did not exist.
BUG=chromium:686159,chromium:665820
Review-Url: https://codereview.chromium.org/2660093002
Cr-Original-Commit-Position: refs/heads/master@{#42784}
Committed: dc85f4c833
Review-Url: https://codereview.chromium.org/2660093002
Cr-Commit-Position: refs/heads/master@{#42800}
The existing unit test explicitly checked for this case, but was - under
the right circumstances - defeated by the optimization to not re-run the
whole position search if we were close enough.
BUG=chromium:685618
Review-Url: https://codereview.chromium.org/2663883002
Cr-Commit-Position: refs/heads/master@{#42794}
Reason for revert:
Seems to break layout tests:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/13146https://github.com/v8/v8/wiki/Blink-layout-tests
Original issue's description:
> ValueSerializer: Distinguish between 'undefined' and an absent property.
>
> Dealing with this case requires a wire format change. It is possible that an
> element can be absent even in an array where the dense format was chosen
> (because the array initially had no holes), if the elements are modified while
> they are being serialized. In this case, a new tag for the "hole" is emitted.
>
> The logic to treat undefined in dense arrays as an absent property is restricted
> to versions of the wire format that this tag did not exist.
>
> BUG=chromium:686159,chromium:665820
>
> Review-Url: https://codereview.chromium.org/2660093002
> Cr-Commit-Position: refs/heads/master@{#42784}
> Committed: dc85f4c833TBR=jkummerow@chromium.org,jbroman@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:686159,chromium:665820
Review-Url: https://codereview.chromium.org/2667553003
Cr-Commit-Position: refs/heads/master@{#42788}
Dealing with this case requires a wire format change. It is possible that an
element can be absent even in an array where the dense format was chosen
(because the array initially had no holes), if the elements are modified while
they are being serialized. In this case, a new tag for the "hole" is emitted.
The logic to treat undefined in dense arrays as an absent property is restricted
to versions of the wire format that this tag did not exist.
BUG=chromium:686159,chromium:665820
Review-Url: https://codereview.chromium.org/2660093002
Cr-Commit-Position: refs/heads/master@{#42784}
When WebAssembly.Table initial size is greater than the declared initial size, table size references should be updated on instantiate for functions to be called at indices greater than the declared initial size.
R=bradnelson@chromium.org, titzer@chromium.org
Review-Url: https://codereview.chromium.org/2661773002
Cr-Commit-Position: refs/heads/master@{#42781}
Without this CL we have only limit for amount of console messages and if user are dumping a huge messages we pretty soon run out of memory.
So let's introduce limit for memory consumption it would help chromium and Node.js as well.
BUG=chromium:671489
R=dgozman@chomium.org,alph@chromium.org, hpayer@chromium.org, ulan@chromium.org
Review-Url: https://codereview.chromium.org/2653293003
Cr-Commit-Position: refs/heads/master@{#42780}
The graphs don't show any performance bump for
https://codereview.chromium.org/2659623002, which I do see a much better result for
locally. I suspect the function isn't being optimized in turbofan when the
benchmarks run. Maybe this warmup flag will trigger that.
BUG=v8:5895
Review-Url: https://codereview.chromium.org/2664783002
Cr-Commit-Position: refs/heads/master@{#42776}
They have the same lifetime. It's a match!
Both structures are native context dependent and dealt with (creation,
clearing, gathering feedback) at the same time. By treating the spaces used
for literal boilerplates as feedback vector slots, we no longer have to keep
track of the materialized literal count elsewhere.
A follow-on CL removes even more parser infrastructure related to this count.
BUG=v8:5456
Review-Url: https://codereview.chromium.org/2655853010
Cr-Commit-Position: refs/heads/master@{#42771}
Where the arguments have already been inlined, we can replace these calls with a
direct call to construct. We have to make sure that the iteration over the arguments is not observable.
BUG=v8:5895
Review-Url: https://codereview.chromium.org/2659623002
Cr-Commit-Position: refs/heads/master@{#42765}
This avoids using kTaggedSigned and kTaggedPointer because the
semantic information of those type could be invalid in unreachable
code.
For example, SmiCheck(0.1) has representation TaggedSigned, but it is
later compiled to DeoptimizeUnless(ObjectIsSmi(0.1)) with the constant
0.1 directly connected to the uses. If the use is state-values, which
recorded the TaggedSigned representation of CheckSmi, the code
generator will be confused because it will see constant 0.1 that
claims to be TaggedSigned value.
BUG=chromium:675704
Review-Url: https://codereview.chromium.org/2656243004
Cr-Commit-Position: refs/heads/master@{#42756}
memcpy is faster than UTF-8 encoding/decoding. This yields 10-20% wins on
serializing and deserializing long ASCII strings, according to
blink_perf.bindings -- and these are already in a fast path where the entire
string is known to be ASCII (but this has to be checked). The win may be
larger for strings in Latin-1 but not ASCII (though I suspect this is an
uncommon case).
A change is also made to make ValueSerializerTest.EncodeTwoByteStringUsesPadding
survive wire format version number changes.
This is the first of a series of wire format changes from the previous Blink
format. The deserializer continues to be able to read the old format, but
Chromium M56 will no longer be able to read the messages written by this, in M58.
BUG=chromium:686159
Review-Url: https://codereview.chromium.org/2658793004
Cr-Commit-Position: refs/heads/master@{#42753}
