Port 4490ce8520
Original commit message:
Create proper initial map for original constructor (new.target) instead of doing prototype
transition on the base constructor's initial map. This approach fixes in-object slack tracking
for subclass instances.
This CL also fixes subclassing from String.
It also fixes typed array map smashing done during typed array initialization.
R=ishell@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=v8:3101, v8:3330, v8:4419
LOG=N
Review URL: https://codereview.chromium.org/1425353002
Cr-Commit-Position: refs/heads/master@{#31720}
The calling context is the second top-most non-debugger context on the
stack, but that's not necessarily the actually calling context, e.g.,
when a tail-call was used.
BUG=chromium:541703
R=verwaest@chromium.org
LOG=y
Review URL: https://codereview.chromium.org/1431473003
Cr-Commit-Position: refs/heads/master@{#31719}
The BufferedRawMachineAssemblerTester takes care of storing and loading
parameters to and from memory for these test cases. By using the
BufferedRawMachineAssemblerTester the test cases become more readible.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1409013004
Cr-Commit-Position: refs/heads/master@{#31718}
This adds some initial support for keyed element access to fast,
non-holey JSArray objects.
Also renames PropertyAccessInfoFactory to AccessInfoFactory and
PropertyAccessMode to AccessMode.
R=jarin@chromium.org
BUG=v8:4470
LOG=n
Review URL: https://codereview.chromium.org/1418213010
Cr-Commit-Position: refs/heads/master@{#31717}
V8 zaps (writes 0xdeadbeef) over the mmapped regions when in debug mode.
This causes more resident size than displayed in tracing. So, This CL
adds an api to tell if zapping is done.
BUG=546492
LOG=Y
Review URL: https://codereview.chromium.org/1419523008
Cr-Commit-Position: refs/heads/master@{#31716}
Adds an optimization to not emit unnecessary jumps and dead code in If,
For, While, and do-while statments. When the value of condition is known
at compile time, the code is emitted only for the paths that can be taken.
For example, when the condition is known to be true in an if statmenet
only then block is generated.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1414193006
Cr-Commit-Position: refs/heads/master@{#31715}
This moves the optimization for variables loads targeting lookup slots
in DYNAMIC_GLOBAL and DYNAMIC_LOCAL mode into the AstGraphBuilder. This
way we implicitly get all optimizations that target global loads and
context loads for free.
R=bmeurer@chromium.org
BUG=v8:4513
LOG=n
Review URL: https://codereview.chromium.org/1424943008
Cr-Commit-Position: refs/heads/master@{#31713}
This ports some code from chromium for using the bundled
toolchain.
BUG=chromium:548586
LOG=n
Review URL: https://codereview.chromium.org/1237803003
Cr-Commit-Position: refs/heads/master@{#31706}
port 4490ce8520 (r31701).
original commit message:
Original issue's description:
> [es6] Better support for built-ins subclassing.
>
> Create proper initial map for original constructor (new.target) instead of doing prototype
> transition on the base constructor's initial map. This approach fixes in-object slack tracking
> for subclass instances.
> This CL also fixes subclassing from String.
>
> BUG=v8:3101, v8:3330
> LOG=Y
>
> Committed: https://crrev.com/cd5f48302a502154a0106d12e3066bd563c6340c
> Cr-Commit-Position: refs/heads/master@{#31680}
It also fixes typed array map smashing done during typed array initialization.
BUG=
Review URL: https://codereview.chromium.org/1432483003
Cr-Commit-Position: refs/heads/master@{#31704}
The compiler can generate a named access for o[x] if x is a compile time
constant that can be turned into a name using ToName (limited to
primitive x values, because other ToName invocations might be observable),
or the KeyedLoadIC/KeyedStoreIC have gather constant name feedback for x
(i.e. the access always goes to the same symbol).
R=jarin@chromium.org
BUG=v8:4470
LOG=n
Review URL: https://codereview.chromium.org/1414013004
Cr-Commit-Position: refs/heads/master@{#31703}
Original issue's description:
> [es6] Better support for built-ins subclassing.
>
> Create proper initial map for original constructor (new.target) instead of doing prototype
> transition on the base constructor's initial map. This approach fixes in-object slack tracking
> for subclass instances.
> This CL also fixes subclassing from String.
>
> BUG=v8:3101, v8:3330
> LOG=Y
>
> Committed: https://crrev.com/cd5f48302a502154a0106d12e3066bd563c6340c
> Cr-Commit-Position: refs/heads/master@{#31680}
It also fixes typed array map smashing done during typed array initialization.
BUG=v8:3101, v8:3330, v8:4419
LOG=Y
Review URL: https://codereview.chromium.org/1413033006
Cr-Commit-Position: refs/heads/master@{#31701}
Return undefined for missing properties (or throw an exception in strong
mode). Also do a bit of code cleanup.
R=jarin@chromium.org
BUG=v8:4470
LOG=n
Review URL: https://codereview.chromium.org/1427913003
Cr-Commit-Position: refs/heads/master@{#31700}
This utility makes it possible to test TF graphs that accept parameters of any machine type (even int64 and float64), which are previously problematic due to the complexity of C calling conventions.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1423133005
Cr-Commit-Position: refs/heads/master@{#31698}
Adds an optimization to emit JumpIfToBooleanTrue/False instead
of ToBoolean followed by JumpIfTrue/False if the value in the
accumulator is not boolean.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1426913002
Cr-Commit-Position: refs/heads/master@{#31697}
This introduces an AllocateMutableHeapNumberStub for the boxed double
field case, where we need to allocate a box in case of a transitioning
store first. We cannot use our inline allocations for this currently,
because mutable HeapNumber objects have certain alignment constraints,
and I don't want to mess up Allocate/AllocateInNewSpace eagerly.
Also refactor the PropertyAccessInfoFactory slightly to split the long
methods into simpler parts.
R=jarin@chromium.org
BUG=v8:4470
LOG=n
Review URL: https://codereview.chromium.org/1419173007
Cr-Commit-Position: refs/heads/master@{#31695}
This re-introduces the long lost concept of conditional builder methods
into the AstGraphBuilder that are allowed to return {nullptr} when a
certain optimization does not apply. This can be used to separate our
optimizations in the graph builder clearly from code required for
correctness.
R=bmeurer@chromium.org
BUG=v8:4513
LOG=n
Review URL: https://codereview.chromium.org/1414723004
Cr-Commit-Position: refs/heads/master@{#31694}
This makes FullCodeGenerator::VisitCall be independent of the target
architecture. Only the EmitPossiblyEvalCall case was dependent and is
hoisted into an emitter method.
R=rossberg@chromium.org
Review URL: https://codereview.chromium.org/1428953002
Cr-Commit-Position: refs/heads/master@{#31693}
Also changed the way that transitioning stores are represented in
a PropertyAccessInfo: There's no dedicated kind, but DataFields
have an optional transition map.
R=jarin@chromium.org
BUG=v8:4470
LOG=n
Review URL: https://codereview.chromium.org/1416973014
Cr-Commit-Position: refs/heads/master@{#31692}
If the CallIC collected a known target function for a callsite, add
a runtime check to ensure that the feedback remains the same and
specialize the JSCallFunction node to the known target function so that
inlining and typed lowering can pick up the feedback.
R=mstarzinger@chromium.org
BUG=v8:4470, v8:4493
LOG=n
Review URL: https://codereview.chromium.org/1428923002
Cr-Commit-Position: refs/heads/master@{#31689}
Adds support for switch statments to the interpreter.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1415093006
Cr-Commit-Position: refs/heads/master@{#31687}
This is currently hardcoded in the infra-side test runner
setup, but will be removed there, so that swarming triggers
don't need a custom environment.
BUG=chromium:535160
LOG=n
Review URL: https://codereview.chromium.org/1411733008
Cr-Commit-Position: refs/heads/master@{#31682}
This moves the cctest file for the interpreter to live in the same
namespace as the components it is testing. Hence we can avoid the
forbidden using directives pulling in entire namespaces.
From the Google C++ style guide: "You may not use a using-directive to
make all names from a namespace available". This would be covered by
presubmit linter checks if build/namespaces were not blacklisted.
R=rmcilroy@chromium.org
Review URL: https://codereview.chromium.org/1410993009
Cr-Commit-Position: refs/heads/master@{#31681}
Create proper initial map for original constructor (new.target) instead of doing prototype transition on the base constructor's initial map. This approach fixes in-object slack tracking for subclass instances.
This CL also fixes subclassing from String.
BUG=v8:3101, v8:3330
LOG=Y
Review URL: https://codereview.chromium.org/1427483002
Cr-Commit-Position: refs/heads/master@{#31680}
Reason for revert:
[Sheriff] Causes layout test failures.
Original issue's description:
> Remove RegExp.multiline accessors.
>
> This is non-standard and not even documented on MDN.
>
> On Firefox, setting RegExp.multiline to true adds the multiline flag to all
> newly created RegExp objects (both from constructor and from literal).
>
> In V8 this has no effect.
>
> Source archaelogy shows that this is from the initial commit.
>
> R=bmeurer@chromium.org
>
> Committed: https://crrev.com/e8f752ce0c2a488e88cd87fe75f3907b4303d0a0
> Cr-Commit-Position: refs/heads/master@{#31673}
TBR=bmeurer@chromium.org,yangguo@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1431433004
Cr-Commit-Position: refs/heads/master@{#31679}
This is in preparation of implementing Reflect.set.
Besides making SetSuperProperty and others return Maybe<bool>, this CL
also fixes some parts of my previous refactoring of SetProperty and
others: It doesn't make sense to take both a language_mode and a
should_throw argument. A strict language_mode should imply
THROW_ON_ERROR.
R=rossberg, verwaest@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1431443003
Cr-Commit-Position: refs/heads/master@{#31678}
This adds optimized lowering for JSConvertReceiver (in the general case)
and JSToObject in typed lowering. It also uses JSConvertReceiver for
direct calls in typed lowering.
R=mstarzinger@chromium.org
BUG=v8:4493
LOG=n
Review URL: https://codereview.chromium.org/1431543002
Cr-Commit-Position: refs/heads/master@{#31676}
Adds new Guard[Type] common operator, which takes value and control
inputs and records a guaranty that a certain value has a certain type
in that control path. This is some kind of ad-hoc SSI similar to what
we have to do in Crankshaft in some places.
Also introduces an ObjectIsNumber simplified operator, which checks
whether a certain value is a number (either a Smi or a HeapNumber).
This doesn't yet support transitioning stores to double fields, which
require support for allocating mutable heap numbers.
R=jarin@chromium.org
BUG=v8:4470
LOG=n
Review URL: https://codereview.chromium.org/1420283009
Cr-Commit-Position: refs/heads/master@{#31675}
This is non-standard and not even documented on MDN.
On Firefox, setting RegExp.multiline to true adds the multiline flag to all
newly created RegExp objects (both from constructor and from literal).
In V8 this has no effect.
Source archaelogy shows that this is from the initial commit.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1410993008
Cr-Commit-Position: refs/heads/master@{#31673}
This moves all cctest files for the compiler to live in the same
namespace as the components they are testing. Hence we can avoid the
forbidden using directives pulling in entire namespaces.
From the Google C++ style guide: "You may not use a using-directive to
make all names from a namespace available". This would be covered by
presubmit linter checks if build/namespaces were not blacklisted.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1424943004
Cr-Commit-Position: refs/heads/master@{#31671}
