port 7c3396d01c (r31871)
original commit message:
Introduce receiver conversion mode specialization for the Call and
CallFunction builtins, so we can specialize the builtin functionality
(actually an optimization only) based on static information from the
callsite (this is basically a superset of the optimizations that were
available with the CallFunctionStub and CallICStub, except that these
optimizations are correct now).
This fixes a regression introduced by the removal of CallFunctionStub,
for programs that call a lot.
BUG=
Review URL: https://codereview.chromium.org/1431133002
Cr-Commit-Position: refs/heads/master@{#31884}
Remove some non-standard code that doesn't do anything anyways.
While FireFox uses this to set the default value for the multiline flag,
it is nonstandard and slated for removal. The matching behaviour has
never been implemented in either JSC or V8, so there is little
web-compat risk.
The only possible risk could be someone depending on the ToBoolean()
behaviour of the flag, but this seems unlikely.
BUG=v8:3870
LOG=N
R=adamk@chromium.org, littledan@chromium.org, yangguo@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1417733012
Cr-Commit-Position: refs/heads/master@{#31882}
This switches loading and storing of the message object within the
Isolate to use JavaScript operators built by the JSOperatorBuilder
instead of machine operators. This is a preparation for a stricter
representation selection for loads and stores.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1412443010
Cr-Commit-Position: refs/heads/master@{#31879}
This separates the post-processing step for optimized code maps out of
the CodeFlusher. It uses the complete SharedFunctionInfo::Iterator to
visit all candidates instead of gathering candidates during marking.
Gathering candidates during marking no longer makes sense, now that the
majority of SharedFunctionInfo objects will hold such an optimized code
map. Also it reduces complexity of the implementation. Also conflating
this mechanism with "code flushing" was confusing.
This reverts commit 7f1fb29faa.
R=ulan@chromium.org
Review URL: https://codereview.chromium.org/1418453008
Cr-Commit-Position: refs/heads/master@{#31876}
Introduce Reducer::Finalize, which get's called by the GraphReducer once
all reductions are done, and use this to implement full inlining as part
of the regular reducer fixpoint.
R=jarin@chromium.org
BUG=v8:4493
LOG=n
Review URL: https://codereview.chromium.org/1419373012
Cr-Commit-Position: refs/heads/master@{#31875}
Introduce receiver conversion mode specialization for the Call and
CallFunction builtins, so we can specialize the builtin functionality
(actually an optimization only) based on static information from the
callsite (this is basically a superset of the optimizations that were
available with the CallFunctionStub and CallICStub, except that these
optimizations are correct now).
This fixes a regression introduced by the removal of CallFunctionStub,
for programs that call a lot.
R=yangguo@chromium.org
BUG=chromium:552244
LOG=n
Review URL: https://codereview.chromium.org/1436493002
Cr-Commit-Position: refs/heads/master@{#31871}
While working on frame elision, I wanted to disassemble codegen in the
debugger, as the code generation is progressing. I discovered we had a
"Print" member on the x64 assembler, without any implementation. I
pulled it up to AssemblerBase and gave it an implementation that
should work for the other architectures.
Also checked that ia32, x87, arm and arm64 assemblers didn't have
such an implementation - free Print.
Arm64 has a naming conflict with the v8::internal::Disassembler. I
renamed the arm64 type with a more specific name.
Opportunistically fixed a bug in the name converter. This debug-time
printer doesn't provide a Code object, which should be OK with the
name converters, by the looks of other APIs there. All this means is that
when using the Print() API, we just get addresses dumped without any
context (like what this address may be - a stub maybe, etc). This seems
fine for the scenario.
There may be other places that assume a Code object. Since this is
a diagnostics-only scenario, for codegen developers, I feel it is
reasonable to fix such other places as we find them.
Review URL: https://codereview.chromium.org/1431933003
Cr-Commit-Position: refs/heads/master@{#31869}
JSRegExp's properties backing stores must not be shared.
BUG=chromium:548580
LOG=N
Review URL: https://codereview.chromium.org/1429743006
Cr-Commit-Position: refs/heads/master@{#31867}
Use compare-negate instruction if the right-hand input to a compare is a
negate operation.
BUG=
Review URL: https://codereview.chromium.org/1410123009
Cr-Commit-Position: refs/heads/master@{#31866}
IC::GetSharedFunctionInfo get's the JS frame which called the IC. When the
function is running in the interpreter, there is a Bytecode handler stub
frame between the IC and the JS frame. Modify IC::GetSharedFunctionInfo to
handle this.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1420283020
Cr-Commit-Position: refs/heads/master@{#31865}
Adds a blacklist of tests which are currently unsupported or broken in Ignition to
the mjsunit and test262 test status.
Also removes --ignition-script-filter flag, and adds a
--ignition_fallback_on_eval_and_catch flag which fallsback to fullcodegen for
functions which call eval or contain a catch block.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1420963009
Cr-Commit-Position: refs/heads/master@{#31864}
Now that the VisitCode visitor is actually marking through to inlined
code objects (as opposed to the VisitJSFunction visitor), we can make
this helper method private again.
R=ulan@chromium.org
Review URL: https://codereview.chromium.org/1422853008
Cr-Commit-Position: refs/heads/master@{#31860}
This fixes a corner case where optimized code could still be reachable
through the optimized code map, even though unoptimized code for any
inlined function might have long been flushed.
R=ulan@chromium.org
TEST=cctest/test-heap/Regress513496
BUG=chromium:513496
LOG=n
Review URL: https://codereview.chromium.org/1415683011
Cr-Commit-Position: refs/heads/master@{#31857}
We forgot to add the number of arguments parameter in
JSFrameSpecialization, which was added before the context.
R=jarin@chromium.org
BUG=chromium:552304
LOG=n
Review URL: https://codereview.chromium.org/1429233004
Cr-Commit-Position: refs/heads/master@{#31856}
Adds a test that the receiver for sloppy mode functions is replaced with
the global proxy when called with an undefined receiever.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1410113008
Cr-Commit-Position: refs/heads/master@{#31854}
if that is responsible for memory regression in UMA.
Related CLs: crrev.com/1420363004, crrev.com/1423453003
TBR=hpayer@chromium.org
BUG=chromium:552305
LOG=NO
Review URL: https://codereview.chromium.org/1420283021
Cr-Commit-Position: refs/heads/master@{#31853}
This avoids the need to clear optimized code maps within the GC by just
preventing entries being added in the first place, whenever a snapshot
is being constructed. The main goal here is to simplify the logic in the
already complex visitor for our shared function info objects.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1411513005
Cr-Commit-Position: refs/heads/master@{#31852}
This change does not change how the BufferedRawMachineAssemblerTester is
used in tests, but it makes its construction in other constructors (e.g.
in the WasmRunner) cleaner.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1414203009
Cr-Commit-Position: refs/heads/master@{#31850}
port 44c44521ae (r31823).
original commit message:
This fixes receiver conversion since the Call builtin does it correctly.
BUG=
Review URL: https://codereview.chromium.org/1416673009
Cr-Commit-Position: refs/heads/master@{#31848}
It was originally shipped in https://crrev.com/eef2b9b09723ba1dae3ec0172341e93e9030ada0,
but was reverted due to poor interaction with Blink.
That interaction seems to be fixed thanks to changes to the V8 API
and to @@toStringTag handling on access-checked objects.
BUG=v8:3502
LOG=y
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.v8:v8_linux_nosnap_rel;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1406293011
Cr-Commit-Position: refs/heads/master@{#31846}
On MIPS arch, all memory accesses (including halfword)
must be aligned to their native size or an alignment exception occurs.
The kernel will fix this up, but with performance penalty.
TEST=test-bytecode-generator/CallRuntime
BUG=
Review URL: https://codereview.chromium.org/1423373004
Cr-Commit-Position: refs/heads/master@{#31845}
Since enabling destructuring already implies enabling default parameters,
there's not a good way to separate these two. Luckily, they're both
feature-complete (save for destructuring assignment).
This causes us to pass an additional 24 test262 tests.
BUG=v8:811, v8:2160
LOG=y
Review URL: https://codereview.chromium.org/1407393009
Cr-Commit-Position: refs/heads/master@{#31844}
The previous code had a mix of breaks, early returns, and switch/case/if
with fallthrough. Now the pattern is to either return for known errors
or break to the bottom of the switch for unhandled tokens.
Also cleaned up random other stuff in the function: removed unnecessary
local vars, shortened position-fetching calls.
Review URL: https://codereview.chromium.org/1412313009
Cr-Commit-Position: refs/heads/master@{#31843}
This patch adds UseCounters for the various language modes. This may
be useful for helping us to prioritize future optimization and
language design decisions.
R=adamk
CC=seththompson
BUG=none
Review URL: https://codereview.chromium.org/1429173002
Cr-Commit-Position: refs/heads/master@{#31841}
