port dbd8640813 (r33744)
original commit message:
Note: This is currently only used by yield*, we still need to support it in
other places (such as for-of loops). It can be used manually of course.
(This CL does not touch the full-codegen implementation of yield* because that
code is already dead. The yield* desugaring already supports return and doesn't
need to be touched.)
BUG=
Review URL: https://codereview.chromium.org/1671783002
Cr-Commit-Position: refs/heads/master@{#33760}
port bb31db3ad6 (r33741)
original commit message:
(RELAND: the problem before was a missing write barrier for adding the code
entry to the new closure. It's been addressed with a new macro instruction
and test. The only change to this CL is the addition of two calls to
__ RecordWriteCodeEntryField() in the platform CompileLazy builtin.)
We get less "pollution" of type feedback if we have one vector per native
context, rather than one for the whole system. This CL moves the vector
appropriately.
We rely more heavily on the Optimized Code Map in the SharedFunctionInfo. The
vector actually lives in the first slot of the literals array (indeed there is
great commonality between those arrays, they can be thought of as the same
thing). So we make greater effort to ensure there is a valid literals array
after compilation.
This meant, for performance reasons, that we needed to extend
FastNewClosureStub to support creating closures with literals. And ultimately,
it drove us to move the optimized code map lookup out of FastNewClosureStub
and into the compile lazy builtin.
The heap change is trivial so I TBR Hannes for it...
Also, Yang has had a look at the debugger changes already and approved 'em. So he is TBR style too.
And Benedikt reviewed it as well.
BUG=
Review URL: https://codereview.chromium.org/1672643002
Cr-Commit-Position: refs/heads/master@{#33759}
Adds a new runtime function, %DefineDataPropertyInLiteral, which
takes a fifth argument specifying whether the property and value
are syntactically such that the value is a function (or class)
literal that should have its name set at runtime.
The new runtime call also allows us to eliminate the now-redundant
%DefineClassMethod runtime function.
This should get much less ugly once we can desugar the "dynamic"
part of object literals in the parser (but that work is currently
blocked on having a performant way of desugaring literals).
BUG=v8:3699, v8:3761
LOG=n
Review URL: https://codereview.chromium.org/1626423003
Cr-Commit-Position: refs/heads/master@{#33756}
Port dbd8640813
Original commit message:
Note: This is currently only used by yield*, we still need to support it in
other places (such as for-of loops). It can be used manually of course.
(This CL does not touch the full-codegen implementation of yield* because that
code is already dead. The yield* desugaring already supports return and doesn't
need to be touched.)
R=neis@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=v8:3566
LOG=y
Review URL: https://codereview.chromium.org/1664413002
Cr-Commit-Position: refs/heads/master@{#33754}
Port bb31db3ad6
Original commit message:
(RELAND: the problem before was a missing write barrier for adding the code
entry to the new closure. It's been addressed with a new macro instruction
and test. The only change to this CL is the addition of two calls to
__ RecordWriteCodeEntryField() in the platform CompileLazy builtin.)
We get less "pollution" of type feedback if we have one vector per native
context, rather than one for the whole system. This CL moves the vector
appropriately.
We rely more heavily on the Optimized Code Map in the SharedFunctionInfo. The
vector actually lives in the first slot of the literals array (indeed there is
great commonality between those arrays, they can be thought of as the same
thing). So we make greater effort to ensure there is a valid literals array
after compilation.
This meant, for performance reasons, that we needed to extend
FastNewClosureStub to support creating closures with literals. And ultimately,
it drove us to move the optimized code map lookup out of FastNewClosureStub
and into the compile lazy builtin.
The heap change is trivial so I TBR Hannes for it...
Also, Yang has had a look at the debugger changes already and approved 'em. So he is TBR style too.
And Benedikt reviewed it as well.
R=mvstanton@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1671553002
Cr-Commit-Position: refs/heads/master@{#33753}
There might be several ExternalCallbackScope's created
during the native callback. Remove the assert that is not
aligned with that.
Moreover this iterator must work for any kind of
stacks including corrupted ones.
BUG=v8:4705
LOG=N
Review URL: https://codereview.chromium.org/1663193003
Cr-Commit-Position: refs/heads/master@{#33751}
This bit was ostensibly being used to provide appropriate syntax
errors for invalid destructuring assignment patterns, but adding a
single call to RecordPatternError() (in place of
BindingPatternUnexpectedToken()) seems to have replaced the need for it.
Review URL: https://codereview.chromium.org/1665043002
Cr-Commit-Position: refs/heads/master@{#33750}
Also various related cleanup in ParseVariableDeclarations(). The only
changes in logic are explained below:
- We were redundantly checking for parenthesized binding patterns;
these are already ruled out by BindingPatternUnexpectedToken()
calls in the places where we hit an LPAREN.
- There's no need to default-initialize a LET-mode variable in a
for-each loop, just as there isn't for CONST or CONST_LEGACY
(ParseForStatement will take care of properly initializing all
of the above).
Review URL: https://codereview.chromium.org/1661193002
Cr-Commit-Position: refs/heads/master@{#33749}
Note: This is currently only used by yield*, we still need to support it in
other places (such as for-of loops). It can be used manually of course.
(This CL does not touch the full-codegen implementation of yield* because that
code is already dead. The yield* desugaring already supports return and doesn't
need to be touched.)
BUG=v8:3566
LOG=y
Review URL: https://codereview.chromium.org/1639343005
Cr-Commit-Position: refs/heads/master@{#33744}
(RELAND: the problem before was a missing write barrier for adding the code
entry to the new closure. It's been addressed with a new macro instruction
and test. The only change to this CL is the addition of two calls to
__ RecordWriteCodeEntryField() in the platform CompileLazy builtin.)
We get less "pollution" of type feedback if we have one vector per native
context, rather than one for the whole system. This CL moves the vector
appropriately.
We rely more heavily on the Optimized Code Map in the SharedFunctionInfo. The
vector actually lives in the first slot of the literals array (indeed there is
great commonality between those arrays, they can be thought of as the same
thing). So we make greater effort to ensure there is a valid literals array
after compilation.
This meant, for performance reasons, that we needed to extend
FastNewClosureStub to support creating closures with literals. And ultimately,
it drove us to move the optimized code map lookup out of FastNewClosureStub
and into the compile lazy builtin.
The heap change is trivial so I TBR Hannes for it...
Also, Yang has had a look at the debugger changes already and approved 'em. So he is TBR style too.
And Benedikt reviewed it as well.
TBR=hpayer@chromium.org, yangguo@chromium.org, bmeurer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1668103002
Cr-Commit-Position: refs/heads/master@{#33741}
Unstructured control flow caused by excpetion handling leads to a wrong x87 stack
state. This patch is to reset the x87 state at the hanlder entry point.
Thanks for help from weiliang.lin@intel.com.
BUG=
Review URL: https://codereview.chromium.org/1668463006
Cr-Commit-Position: refs/heads/master@{#33738}
Synchronize calls in the heap iterator have been put there for the
serializer, which never actually made use of them. This CL fixes that.
R=vogelheim@chromium.org
Review URL: https://codereview.chromium.org/1667063002
Cr-Commit-Position: refs/heads/master@{#33736}
This CL deals with yield* by desugaring it in the parser. Hence the
full-codegen implementation of it becomes obsolete and can be removed in a
future CL.
The only change in semantics should be that the results of the iterator's next
and throw methods are checked to be objects, which didn't happen before but is
required by the spec.
BUG=
Review URL: https://codereview.chromium.org/1643903003
Cr-Commit-Position: refs/heads/master@{#33735}
Code compiled during snapshot are overwhelmingly for functions
that are only used for bootstrapping. It makes no sense to
include them in the startup snapshot, which bloats up the snapshot size
and slows down deserialization.
Snapshot sizes for comparison, for ia32:
w/o --ignition: 484k
w/ --ignition: 537k
bytecode removed: 489k
R=rmcilroy@chromium.org,mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1667693002
Cr-Commit-Position: refs/heads/master@{#33734}
This implements proper context switching while unwinding the stack due
to an exception being handled in interpreted code. The context under
which the handler is scoped is being preserved in a dedicated register
while the try-block is running. Both, the stack unwinding machinery as
well as the graph builder, restore the context from that register.
R=rmcilroy@chromium.org,bmeurer@chromium.org
BUG=v8:4674
LOG=n
Review URL: https://codereview.chromium.org/1665833002
Cr-Commit-Position: refs/heads/master@{#33733}
Moves the stack check from the function entry trampoline to instead be
after function activation using an explicit StackCheck bytecode. Also
add stack checks on back edges of loops.
BUG=v8:4280,v8:4678
LOG=N
Review URL: https://codereview.chromium.org/1665853002
Cr-Commit-Position: refs/heads/master@{#33730}
This is also a refactoring of the merge function in
escape analysis.
BUG=v8:4586
LOG=n
Review URL: https://codereview.chromium.org/1654163003
Cr-Commit-Position: refs/heads/master@{#33728}
This cleans up and simplifyies handling the bytes followin an opcode
with little helper structs that will be useful in the interpreter and
already have been in keeping OpcodeArity and OpcodeLength up to date
with the decoder.
R=bradnelson@chromium.org, ahaas@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1664883002
Cr-Commit-Position: refs/heads/master@{#33723}
The goal of the Int64Reducer is to replace all int64 nodes in a tf graph
with a set of int32 nodes such that 64 bit tf functions can be executed
on 32 bit platforms. At the moment the Int64Reducer only replaces
Int64Constants, TruncateInt64ToInt32, and Word64And.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1655883002
Cr-Commit-Position: refs/heads/master@{#33721}
The spec requires all Math functions to first call ToNumber on all
arguments before doing any other observable operation. So early
return in case of Infinity is not valid.
Drive-by-fix: Remove the use of %_Arguments / %_ArgumentsLength and
use (strict) arguments instead of allocating a temporary InternalArray
explicitly.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1669773002
Cr-Commit-Position: refs/heads/master@{#33717}
No need to micro-optimize here, and in almost all cases here, using
arguments should result in roughly the same code w/ Crankshaft anyway.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1664513007
Cr-Commit-Position: refs/heads/master@{#33716}
So far, we've been moving down gaps wholesale. This change moves
individual move operations instead. This improves some benchmarks,
and should overall reduce code size, because it improves the chance of
reducing the number of moves.
For example, there are improvements on x64 in Emscripten (Bullet, in
particular) , JetStream geomean, Embenchen (zlib).
In the process of making this change, I noticed we can separate the
tasks performed by the move optimizer, as follows:
- group gaps into 1
- push gaps down, jumping instructions (these 2 were together before)
- merge blocks (and then push gaps down)
- finalize
We can do without a finalization list. This avoids duplicating storage -
we already have the list of instructions; it also simplifies the logic, since,
with this change, we may process an instruction's gap twice.
Compile time doesn't regress much (see pathological cases), but we
may want to avoid the allocations of the few sets used in the new code.
I'll do that in a subsequent change.
BUG=
Review URL: https://codereview.chromium.org/1634093002
Cr-Commit-Position: refs/heads/master@{#33715}
This removes --harmony-completion, --harmony-concat-spreadable, and
--harmony-tolength and moves the appropriate tests from harmony/ to es6/.
Review URL: https://codereview.chromium.org/1667453002
Cr-Commit-Position: refs/heads/master@{#33712}
Unifies the meaning of kRegCount8 and kRegCount16 across bytecodes.
Call and CallJSRuntime had a slightly different use of the register
count operand. From this change forth, register count operands are
always based off of the previous register operand.
BUG=v8:4280,v8:4675
LOG=N
Review URL: https://codereview.chromium.org/1659023002
Cr-Commit-Position: refs/heads/master@{#33707}
Adds implementation and tests for with statement to interprter.
BUG=v8:4280,v8:4684
LOG=N
Review URL: https://codereview.chromium.org/1656863002
Cr-Commit-Position: refs/heads/master@{#33705}
This clears the currently pending message object whenever a try-block or
a finally-block is being entered in interpreted code. The intention is
to avoid memory leaks introduced by the message object. Also the message
object is being restored when a finally-block exits.
R=rmcilroy@chromium.org
TEST=cctest/test-heap/MessageObjectLeak
BUG=v8:4674
LOG=n
Review URL: https://codereview.chromium.org/1651993002
Cr-Commit-Position: refs/heads/master@{#33704}
This was inconsistent in the spec in case of has vs get, set. Removing
receiver==holder simplifies the lookup; so tentatively removing this
additional check which was broken until yesterday anyway. See
https://github.com/tc39/ecma262/issues/347 for more information.
Review URL: https://codereview.chromium.org/1660903002
Cr-Commit-Position: refs/heads/master@{#33701}
Reason for revert:
Fails a lot of layout tests and blocks the roll. Can be easily reproduced with a local Chromium checkout.
Reference: https://codereview.chromium.org/1652413003/
Original issue's description:
> [api] Make ObjectTemplate::SetNativeDataProperty() work even if the ObjectTemplate does not have a constructor.
>
> Previously ObjectTemplate::New() logic relied on the fact that all the accessor properties are already installed in the initial map of the function object of the constructor FunctionTemplate.
> When the FunctionTemplate were instantiated the accessors of the instance templates from the whole inheritance chain were accumulated and added to the initial map.
> ObjectTemplate::SetSetAccessor() used to explicitly ensure that the ObjectTemplate has a constructor and therefore an initial map to add all accessors to.
>
> The new approach is to add all the accessors and data properties to the object exactly when the ObjectTemplate is instantiated. In order to keep it fast we now cache the object boilerplates in the Isolate::template_instantiations_cache (the former function_cache), so the object creation turns to be a deep copying of the boilerplate object.
>
> This CL also prohibits non-primitive properties in ObjectTemplate to avoid potential cross-context leaks.
>
> BUG=chromium:579009
> LOG=Y
>
> Committed: https://crrev.com/6a118774244d087b5979e9291d628a994f21d59d
> Cr-Commit-Position: refs/heads/master@{#33674}
TBR=verwaest@chromium.org,ishell@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:579009
Review URL: https://codereview.chromium.org/1660263003
Cr-Commit-Position: refs/heads/master@{#33698}
Reason for revert:
Bisection results show that this was not the culprit.
Original issue's description:
> Revert of [heap] Simplify distribution of remaining memory during sweeping & compaction (patchset #2 id:80001 of https://codereview.chromium.org/1653973003/ )
>
> Reason for revert:
> Very likely blocking roll: https://codereview.chromium.org/1652413003/
>
> Original issue's description:
> > [heap] Simplify distribution of remaining memory during sweeping & compaction
> >
> > BUG=chromium:524425
> > LOG=N
> >
> > Committed: https://crrev.com/f72923526ccaa8faef5c977267b0c074c4a44dfa
> > Cr-Commit-Position: refs/heads/master@{#33668}
>
> TBR=hpayer@chromium.org,mlippautz@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=chromium:524425
>
> Committed: https://crrev.com/a9441b0e7a2a56c2047482a3cc66e3ca2255444b
> Cr-Commit-Position: refs/heads/master@{#33695}
TBR=hpayer@chromium.org,mlippautz@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:524425
Review URL: https://codereview.chromium.org/1663013002
Cr-Commit-Position: refs/heads/master@{#33696}
This includes 2 fixes:
1) We didn't properly advance the holder when checking whether
Receiver==Holder, so we'd inadvertently block loading the property if
the first property we find is on the typed array.
2) Reflect.get may cause any object on the prototype chain of the holder
to be the receiver; so we need to recheck for this special state for
each object we perform lookup on.
Review URL: https://codereview.chromium.org/1651913005
Cr-Commit-Position: refs/heads/master@{#33689}
Moves the temporary register allocator out of the bytecode array
builder into TemporaryRegisterAllocator class and adds unittests.
Particular must be taken around the translation window boundary
motivating the addition of tests.
Also adds a Clear() method to IdentityMap() which is called by
the destructor. This allows classes to hold an IdentityMap if
they are zone allocated. Classes must call Clear() before the zone
is re-cycled or face v8 heap corruption.
BUG=v8:4280,v8:4675
LOG=N
Review URL: https://codereview.chromium.org/1651133002
Cr-Commit-Position: refs/heads/master@{#33686}
Move all the code that deals with falling back to object creation via
stubs to JSGenericLowering, where we can already deal well with stub
calls. This includes JSCreateLiteralArray, JSCreateLiteralObject,
JSCreateClosure, JSCreateFunctionContext and JSCreateArray.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1653353002
Cr-Commit-Position: refs/heads/master@{#33682}
We don't have proper test coverage for the no-deoptimization code paths
in the JSGlobalObjectSpecialization reducer, and we will properly never
have any use for that code, so it just adds complexity and code that
likely breaks over time (as its untested).
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1659463007
Cr-Commit-Position: refs/heads/master@{#33680}
If the architecture does not provide rounding instructions, then C
implementations of these rounding instructions are called. The C
implementations from math.h are used, function pointers are registered
as external references so that they can be call from the simulator.
R=titzer@chromium.org
BUG=575379
LOG=Y
Review URL: https://codereview.chromium.org/1661463002
Cr-Commit-Position: refs/heads/master@{#33677}
Reason for revert:
This test fails:
assertEquals(["as"], /^a[\u017F]/ui.exec("as"));
The reason is that we end up with a character class that is not stand alone, so we do not perform case folding on it correctly (with unicode flag).
Original issue's description:
> [regexp] implement /ui to mirror the implementation for /i.
>
> R=erik.corry@gmail.com, erikcorry@chromium.org
>
> Committed: https://crrev.com/eea1a4c003c559c99bcc9f08aa7eadf931975aad
> Cr-Commit-Position: refs/heads/master@{#33655}
TBR=erik.corry@gmail.com,erikcorry@chromium.org,erikcorry@google.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1661483002
Cr-Commit-Position: refs/heads/master@{#33676}
Avoid the hacking in JSIntrinsicLowering and provide a proper simplified
operator ObjectIsReceiver instead that is used to implement %_IsJSReceiver
which is used by our JavaScript builtins and the JSInliner.
R=jarin@chromium.org
BUG=v8:4544
LOG=n
Review URL: https://codereview.chromium.org/1657863004
Cr-Commit-Position: refs/heads/master@{#33675}
Previously ObjectTemplate::New() logic relied on the fact that all the accessor properties are already installed in the initial map of the function object of the constructor FunctionTemplate.
When the FunctionTemplate were instantiated the accessors of the instance templates from the whole inheritance chain were accumulated and added to the initial map.
ObjectTemplate::SetSetAccessor() used to explicitly ensure that the ObjectTemplate has a constructor and therefore an initial map to add all accessors to.
The new approach is to add all the accessors and data properties to the object exactly when the ObjectTemplate is instantiated. In order to keep it fast we now cache the object boilerplates in the Isolate::template_instantiations_cache (the former function_cache), so the object creation turns to be a deep copying of the boilerplate object.
This CL also prohibits non-primitive properties in ObjectTemplate to avoid potential cross-context leaks.
BUG=chromium:579009
LOG=Y
Review URL: https://codereview.chromium.org/1642223003
Cr-Commit-Position: refs/heads/master@{#33674}
(Trying to finish FastAccessorAssembler this week. This should make it easier to pick up the Blink side of this work later on.)
BUG=chromium:508898
SOUNDTRACK=http://youtu.be/i1EG-MKy4so
LOG=Y
Review URL: https://codereview.chromium.org/1620293002
Cr-Commit-Position: refs/heads/master@{#33671}
Now that the branch analysis result is no longer mutated by the graph
builder, it can be made const again to preserve immutability.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1656933006
Cr-Commit-Position: refs/heads/master@{#33669}
After this change, the functionality of the CodeStubAssembler should be
sufficient to generate non-trivial stubs (e.g. the KeyedLoadIC) with control
flow, variables and probing of internal meta data structures.
Specifically this patch:
* introduces a Label class, which allows stubs to construct graphs that don't
have linear control graphs.
* introduces a Variable class. Variables can be bound to Node* values at
different points in a non-linear control flow graph. In conjunction with the
Label machinery, the CodeStubAssembler ensures that Phi nodes are inserted at
the "minimal" set of merge points.
* adds Tail calling support to other Stubs and to any arbitrary code whose
interface can be described by a CallInterfaceDescriptor.
* provides new macros for accessing FixedArray elements that are optimized for
use with Smi values.
Review URL: https://codereview.chromium.org/1649723002
Cr-Commit-Position: refs/heads/master@{#33664}
This function is called for every live object in new space. We statically know
which version to call, so let's use templates here and eliminite a branch at
runtime.
BUG=chromium:524425
LOG=N
Review URL: https://codereview.chromium.org/1659823002
Cr-Commit-Position: refs/heads/master@{#33662}
There's no point in having %_IsFunction as inline intrinsic, as it
is only used in non performance critical code, which is already full
of runtime calls anyway, so %IsFunction will do the trick as well.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1658123002
Cr-Commit-Position: refs/heads/master@{#33660}
So far TurboFan only calls %TraceExit for the implicit
return of undefined, when the function contains no explicit
return statement. To make --trace useful, we also need to
call %TraceExit for ReturnStatement.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1652013002
Cr-Commit-Position: refs/heads/master@{#33659}
This CL removes the Config templatization from the types. It is not
necessary anymore, after the HeapTypes have been removed.
The CL also changes the type hierarchy - the specific type kinds are
not inner classes of the Type class and they do not inherit from Type.
This is partly because it seems impossible to make this work without
templates. Instead, a new TypeBase class is introduced and all the
structural (i.e., non-bitset) types inherit from it.
The bitset type still requires the bit-munging hack and some nasty
reinterpret-casts to pretend bitsets are of type Type*. Additionally,
there is now the same hack for TypeBase - all pointers to the sub-types
of TypeBase are reinterpret-casted to Type*. This is to keep the type
constructors in inline method definitions (although it is unclear how
much that actually buys us).
In future, we would like to move to a model where we encapsulate Type*
into a class (or possibly use Type where we used to use Type*). This
would loosen the coupling between bitset size and pointer size, and
eventually we would be able to have more bits.
TBR=bradnelson@chromium.org
Review URL: https://codereview.chromium.org/1655833002
Cr-Commit-Position: refs/heads/master@{#33656}
We can constant-fold JSToNumber conversions during typed lowering
if the input is a known primitive constant (i.e. a string, oddball
or number). I.e. JSToNumber("123") can be constant-folded to 123.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1657213002
Cr-Commit-Position: refs/heads/master@{#33654}
port cb9b801069 (r33582)
original commit message:
The previous versions of Math.max and Math.min made it difficult to
optimize those (that's why we already have custom code in Crankshaft),
and due to lack of ideas what to do about the variable number of
arguments, we will probably need to stick in special code in TurboFan
as well; so inlining those builtins is off the table, hence there's no
real advantage in having them around as "not quite JS" with extra work
necessary in the optimizing compilers to still make those builtins
somewhat fast in cases where we cannot inline them (also there's a
tricky deopt loop in Crankshaft related to Math.min and Math.max, but
that will be dealt with later).
So to sum up: Instead of trying to make Math.max and Math.min semi-fast
in the optimizing compilers with weird work-arounds support %_Arguments
%_ArgumentsLength, we do provide the optimal code as native builtins
instead and call it a day (which gives a nice performance boost on some
benchmarks).
BUG=
Review URL: https://codereview.chromium.org/1659623003
Cr-Commit-Position: refs/heads/master@{#33652}
This patch adds a UseCounter for each of the following:
- Allowing duplicate sloppy-mode block-scoped function declarations
in the exact same scope
- for-in loops with an initializer
The patch also refactors some of the declaration code to clean it up and
enable the first counter, and adds additional unit tests to nail down
the semantics of edge cases of sloppy-mode block-scoped function declarations.
BUG=v8:4693,chromium:579395
LOG=N
R=adamk
Review URL: https://codereview.chromium.org/1633743003
Cr-Commit-Position: refs/heads/master@{#33650}
A class's name is its constructor's name, so there's no need to treat it separately,
either in the parser or in code generation. The main parser use of the name is
for ES2015 Function.name handling, and this patch also cleans up handling there
by adding a new IsAnonymousFunctionDefinition() method to Expression (the name
comes from the spec).
Also removed unused ParserTraits::DefaultConstructor method.
BUG=v8:3699
LOG=n
Review URL: https://codereview.chromium.org/1647213002
Cr-Commit-Position: refs/heads/master@{#33643}
The runtime call to Runtime::kReThrow does not need a frame-state node
attached, the frame-state input count is zero. This restructures the
graph builder to not instantiate a FrameStateBeforeAndAfter for it.
R=jarin@chromium.org
TEST=cctest/test-run-bytecode-graph-builder
BUG=v8:4674
LOG=n
Review URL: https://codereview.chromium.org/1654833002
Cr-Commit-Position: refs/heads/master@{#33641}
The notion of an unreachable environment is useful for a recursive
descent iteration (e.g. over an AST) where nodes are created on the
ascent path as well. For a flat iteration (e.g. over bytecode stream)
environments become unreachable at the end of a visitation function.
Hence any unreachable path can be represented by nulling the tracked
environment completely. This further reduces the number of redundant
nodes being created.
R=oth@chromium.org
Review URL: https://codereview.chromium.org/1650483003
Cr-Commit-Position: refs/heads/master@{#33639}
Set the bytecode array correctly in Runtime_SetCode.
This fixes issues with building the snapshot with ignition enabled.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1647913002
Cr-Commit-Position: refs/heads/master@{#33638}
This simplifies the branch analysis we perform on the bytecode stream
down to the bare minimum that we need to build graphs. Note that we
still record all branch targets, even though only the backwards ones
would be needed, but this is essentially for free and might be useful
eventually.
R=oth@chromium.org
Review URL: https://codereview.chromium.org/1646873004
Cr-Commit-Position: refs/heads/master@{#33635}
The reachability of a bytecode is implied by a live environment reaching
the bytecode during the abstract control flow simulation of the bytecode
iteration perfromed by the graph builder. There is no need to compute it
upfront anymore.
Also, the upfront computation was only an approximation when it came to
the reachability of an exception handler. This is why several tests for
translation of exception handlers can now be enabled.
R=oth@chromium.org
Review URL: https://codereview.chromium.org/1645293003
Cr-Commit-Position: refs/heads/master@{#33634}
This simplifies how the BytecodeGraphBuilder simulates control flow by
reversing the propagation direction to forwards propagation. This is the
same direction as the data flow which is also a forward propagation. In
this way the analysis information needed at merge points is drastically
reduced while still retaining the same simulation power.
In short: We push down environments instead of pulling them.
R=oth@chromium.org
Review URL: https://codereview.chromium.org/1641893004
Cr-Commit-Position: refs/heads/master@{#33633}
NonPatternRewrite was called more than once for the same AST
in the case of (computed) key expressions present in object
literals. As an example, in:
var x = { [[...42]]: 17 };
the array containing the spread would be desugared first and
then the resulting do-expression would again be desugared.
This could be problematic if a computed key expression contains
large nested array/object literals.
R=rossberg@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1645023002
Cr-Commit-Position: refs/heads/master@{#33632}
This patch ships the first part of RegExp subclassing--defining
Symbol.{match,replace,search,split}, but keeping their original
definitions which are restricted to a RegExp receiver and do not
call out to the core 'exec' method. This is being shipped separately
because the two sets of extension points are separate features with
separate functionality. The amount of behavior which is held behind
the flag is very small, just exposing the symbols as properties of
Symbol--the behavior that the String methods call out to these Symbol
properties has already been shipping unflagged.
R=yangguo@chromium.org
BUG=v8:4305,v8:4343,v8:4344,v8:4345
LOG=Y
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1652793002
Cr-Commit-Position: refs/heads/master@{#33629}
In the debugger we are interested in getting the context for the
current frame, which is usually a function context. To do that,
we used to call Context::declaration_context, which may also
return a block context. This is wrong and can lead to crashes.
Instead, we now use a newly introduced Context::closure_context,
which skips block contexts. This works fine for the debugger,
since we have other means to find and materialize block contexts.
R=rossberg@chromium.org
BUG=chromium:582051
LOG=N
Review URL: https://codereview.chromium.org/1648263002
Cr-Commit-Position: refs/heads/master@{#33627}
Associate a type with foreign functions at their callsite.
Associate a type with foreign variables.
More pervasively forbid computation in the module body.
Confirm foreign call arguments are exports.
Pass zone to more Type constructors, for consistency.
BUG= https://code.google.com/p/v8/issues/detail?id=4203
TEST=test-asm-validator
R=aseemgarg@chromium.org,titzer@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/1643003004
Cr-Commit-Position: refs/heads/master@{#33622}
Port cb9b801069
Original commit message:
The previous versions of Math.max and Math.min made it difficult to
optimize those (that's why we already have custom code in Crankshaft),
and due to lack of ideas what to do about the variable number of
arguments, we will probably need to stick in special code in TurboFan
as well; so inlining those builtins is off the table, hence there's no
real advantage in having them around as "not quite JS" with extra work
necessary in the optimizing compilers to still make those builtins
somewhat fast in cases where we cannot inline them (also there's a
tricky deopt loop in Crankshaft related to Math.min and Math.max, but
that will be dealt with later).
So to sum up: Instead of trying to make Math.max and Math.min semi-fast
in the optimizing compilers with weird work-arounds support %_Arguments
%_ArgumentsLength, we do provide the optimal code as native builtins
instead and call it a day (which gives a nice performance boost on some
benchmarks).
R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1648353002
Cr-Commit-Position: refs/heads/master@{#33618}
Port 0637f5f64c
Original commit message:
If we deoptimize from TurboFan or Crankshaft into the body of a for-in
loop and that for-in mode then switches to slow mode (i.e. has to call
%ForInFilter), we have to record that feedback, because otherwise we
might actually OSR into that loop assuming that it's fast mode still,
or even worse recompile the function later when we call it again w/o
having rerun the for-in loop in fullcodegen from the beginning (where
was previously the only place we could learn).
R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=v8:3650
LOG=n
Review URL: https://codereview.chromium.org/1644383002
Cr-Commit-Position: refs/heads/master@{#33617}
String wrappers (new String("foo")) are special objects: their string
characters are accessed like elements, and they also have an elements
backing store. This used to require a bunch of explicit checks like:
if (obj->IsJSValue() && JSValue::cast(obj)->value()->IsString()) {
/* Handle string characters */
}
// Handle regular elements (for string wrappers and other objects)
obj->GetElementsAccessor()->Whatever(...);
This CL introduces new ElementsKinds for string wrapper objects (one for
fast elements, one for dictionary elements), which allow folding the
special-casing into new StringWrapperElementsAccessors.
No observable change in behavior is intended.
Review URL: https://codereview.chromium.org/1612323003
Cr-Commit-Position: refs/heads/master@{#33616}
Previously, String.prototype.normalize constructed its ICU input
string as a null-terminated string. This creates a bug for strings
which contain a null byte, which is allowed in ECMAScript. This
patch constructs the ICU string based on its length so that the
entire string is normalized.
R=jshin@chromium.org
BUG=v8:4654
LOG=Y
Review URL: https://codereview.chromium.org/1645223003
Cr-Commit-Position: refs/heads/master@{#33614}
If we deoptimize from TurboFan or Crankshaft into the body of a for-in
loop and that for-in mode then switches to slow mode (i.e. has to call
%ForInFilter), we have to record that feedback, because otherwise we
might actually OSR into that loop assuming that it's fast mode still,
or even worse recompile the function later when we call it again w/o
having rerun the for-in loop in fullcodegen from the beginning (where
was previously the only place we could learn).
R=mstarzinger@chromium.org
BUG=v8:3650
LOG=n
Review URL: https://codereview.chromium.org/1638303008
Cr-Commit-Position: refs/heads/master@{#33612}
Port cb9b801069
Original commit message:
The previous versions of Math.max and Math.min made it difficult to
optimize those (that's why we already have custom code in Crankshaft),
and due to lack of ideas what to do about the variable number of
arguments, we will probably need to stick in special code in TurboFan
as well; so inlining those builtins is off the table, hence there's no
real advantage in having them around as "not quite JS" with extra work
necessary in the optimizing compilers to still make those builtins
somewhat fast in cases where we cannot inline them (also there's a
tricky deopt loop in Crankshaft related to Math.min and Math.max, but
that will be dealt with later).
So to sum up: Instead of trying to make Math.max and Math.min semi-fast
in the optimizing compilers with weird work-arounds support %_Arguments
%_ArgumentsLength, we do provide the optimal code as native builtins
instead and call it a day (which gives a nice performance boost on some
benchmarks).
BUG=
Review URL: https://codereview.chromium.org/1643973002
Cr-Commit-Position: refs/heads/master@{#33611}
Also remove duplicate code Disassemble, which is already done in TF pipeline.
BUG=
Review URL: https://codereview.chromium.org/1634653002
Cr-Commit-Position: refs/heads/master@{#33610}
The for-in slow mode implementation in Crankshaft unconditionally
deoptimizes when %ForInFilter returns undefined instead of just
skipping the item. Even worse, there's nothing we can learn from
that deopt, so we will eventually optimize again and hit exactly
the same problem again once we get back to optimized code.
R=mvstanton@chromium.org
BUG=v8:3650
LOG=n
Review URL: https://codereview.chromium.org/1647093002
Cr-Commit-Position: refs/heads/master@{#33609}
This refactors how the BytecodeArrayIterator is passed to visitation
methods on the BytecodeGraphBuilder. We no longer pass it explicitly,
but use the field accessor instead. Note that const-ness is still
preserved and visitation methods are still not able to mutate the
iterator. The main goal of this refactoring is increased readability.
R=rmcilroy@chromium.org
Review URL: https://codereview.chromium.org/1642893004
Cr-Commit-Position: refs/heads/master@{#33607}
This moves the definition of the Environment class into the compilation
unit because it is only used there and not needed outside, the header
doesn't need to expose it.
R=rmcilroy@chromium.org
Review URL: https://codereview.chromium.org/1644103002
Cr-Commit-Position: refs/heads/master@{#33605}
Reason for revert:
problems on Mac64
Original issue's description:
> [turbofan] Add the StackSlot operator to turbofan.
>
> The StackSlot operator allows to allocate a spill slot on the stack. We
> are going to use this operator to pass floats through pointers to c
> functions, which we need for floating point rounding in the case where
> the architecture does not provide rounding instructions.
>
> R=titzer@chromium.org, v8-arm-ports@googlegroups.com, v8-ppc-ports@googlegroups.com, v8-mips-ports@googlegroups.com
>
> Committed: https://crrev.com/7a693437787090d62d937b862e29521debcc5223
> Cr-Commit-Position: refs/heads/master@{#33600}
TBR=titzer@chromium.org,v8-arm-ports@googlegroups.com,v8-mips-ports@googlegroups.com,v8-ppc-ports@googlegroups.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1644283002
Cr-Commit-Position: refs/heads/master@{#33601}
So far the for-in slow path in Crankshaft unconditionally called
%ForInFilter for every iteration of the for-in loop, without paying
attention to the possible enum cache equipped receiver map. So even
though we iterate the enum cache FixedArray associated with the map
we don't check the map, but always go to %ForInFilter. This would be
perfectly fine if the enum cache FixedArray would be immutable, but
due to some funny GC/runtime interaction kicking in, the enum cache
can be right trimmed while we are iterating it, and the only way to
detect this is to ensure that we check the map when accessing the
enum cache.
BUG=v8:3650,v8:4715
LOG=n
Review URL: https://codereview.chromium.org/1650493002
Cr-Commit-Position: refs/heads/master@{#33599}
This is to fix a bug in the bytecode graph builder. This cl adds a new merge
node before we copy the environment on conditional/unconditional jumps. Since
these environments could be merged later, we add a place holder merge so that
the control dependencies are correctly merged. If we do not have a merge node
we may incorrectly merge the dependencies into the previous block.
For ex: test-run-variables/ContextStoreVariables in cctests.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1641143002
Cr-Commit-Position: refs/heads/master@{#33591}
avoid jump threading erasing the reconstruction of a frame, if the
frame was elided.
BUG=
Review URL: https://codereview.chromium.org/1642823002
Cr-Commit-Position: refs/heads/master@{#33590}
Compilation dependencies for O32 ABI are removed from the code and now
compilation will be done according n64 ABI only.
TEST=
BUG=
Review URL: https://codereview.chromium.org/1638303005
Cr-Commit-Position: refs/heads/master@{#33589}
Disabling it for anything else, to avoid compile time overhead.
BUG=
Review URL: https://codereview.chromium.org/1641653005
Cr-Commit-Position: refs/heads/master@{#33587}
With the new iteration strategy, sucessors of EffectPhis
are only visited once the effect phi has been processed.
BUG=v8:4586
LOG=n
Review URL: https://codereview.chromium.org/1641923003
Cr-Commit-Position: refs/heads/master@{#33586}
This adds debug code to the interpreter entry trampoline to ensure that
the called bytecode handler will never return, but instead tear down the
frame with a proper exit trampoline eventually.
R=rmcilroy@chromium.org
Review URL: https://codereview.chromium.org/1642063002
Cr-Commit-Position: refs/heads/master@{#33585}
ES2015 Annex B.1.4 specifies a restricted pattern language for unicode
mode. This change reflects that, based on some test262 test cases.
R=littledan@chromium.org
BUG=v8:2952
LOG=N
Review URL: https://codereview.chromium.org/1645573002
Cr-Commit-Position: refs/heads/master@{#33584}
Reason for revert:
Revert patch due to a number of failures appearing on the MIPS v8 simulator
Original issue's description:
> MIPS: Add FPXX support to MIPS32R2
>
> The JIT code generated by V8 is FPXX compliant
> when v8 compiled with FPXX flag. This allows the code to
> run in both FP=1 and FP=0 mode. It also alows v8 to be used
> as a library by both FP32 and FP64 binaries.
>
> BUG=
>
> Committed: https://crrev.com/95110dde666158a230a823fd50a68558ad772320
> Cr-Commit-Position: refs/heads/master@{#33576}
TBR=paul.lind@imgtec.com,gergely.kis@imgtec.com,akos.palfi@imgtec.com,ilija.pavlovic@imgtec.com,marija.antic@imgtec.com,miran.karic@imgtec.com,balazs.kilvady@imgtec.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1646813003
Cr-Commit-Position: refs/heads/master@{#33583}
The previous versions of Math.max and Math.min made it difficult to
optimize those (that's why we already have custom code in Crankshaft),
and due to lack of ideas what to do about the variable number of
arguments, we will probably need to stick in special code in TurboFan
as well; so inlining those builtins is off the table, hence there's no
real advantage in having them around as "not quite JS" with extra work
necessary in the optimizing compilers to still make those builtins
somewhat fast in cases where we cannot inline them (also there's a
tricky deopt loop in Crankshaft related to Math.min and Math.max, but
that will be dealt with later).
So to sum up: Instead of trying to make Math.max and Math.min semi-fast
in the optimizing compilers with weird work-arounds support %_Arguments
%_ArgumentsLength, we do provide the optimal code as native builtins
instead and call it a day (which gives a nice performance boost on some
benchmarks).
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1641083003
Cr-Commit-Position: refs/heads/master@{#33582}
This translates the exception handler table attached to a bytecode array
correctly into exceptional projections within the TurboFan graph. We
perform an abstract simulation of handlers that are being entered and
exited by the bytecode iteration to track the correct handler for each
node.
R=oth@chromium.org
BUG=v8:4674
LOG=n
Review URL: https://codereview.chromium.org/1641723002
Cr-Commit-Position: refs/heads/master@{#33580}
This change adds AbstractCode, which can be either Code or
BytecodeArray, and adds methods to calculate source position based
on that. Also cleans up to use code offsets instead of raw PC
where possible, and consistently uses the offset from instruction
start (as opposed to code object start).
R=rmcilroy@chromium.org, vogelheim@chromium.org
BUG=v8:4690
LOG=N
Review URL: https://codereview.chromium.org/1618343002
Cr-Commit-Position: refs/heads/master@{#33579}
The JIT code generated by V8 is FPXX compliant
when v8 compiled with FPXX flag. This allows the code to
run in both FP=1 and FP=0 mode. It also alows v8 to be used
as a library by both FP32 and FP64 binaries.
BUG=
Review URL: https://codereview.chromium.org/1586223004
Cr-Commit-Position: refs/heads/master@{#33576}
This currently works since we never call set_target_cell when we have to record slots for evacuation. It would break with black allocation.
BUG=chromium:561449
LOG=n
Review URL: https://codereview.chromium.org/1643573003
Cr-Commit-Position: refs/heads/master@{#33575}
The body of a generator function can now refer to the generator's input value via a new
"function.sent" expression. We extend the proposal at
https://github.com/allenwb/ESideas/blob/master/Generator%20metaproperty.md
in the obvious way to also apply to GeneratorResumeAbrupt.
This will enable us to desugar yield*.
The new syntax is behind a new --harmony-function-sent flag.
BUG=v8:4700
LOG=n
Review URL: https://codereview.chromium.org/1620253003
Cr-Commit-Position: refs/heads/master@{#33574}
X87 TurboFan code generation convention assumes that there is always a value at the top of the X87 FPU stack for each TurboFan's float operation.
But native C++ function assumes there are 8 FPU stack slots can be used when it's called. This will lead to FPU stack overflow when TurboFan x87 code calls or returns back to native C++ function.
as there are only 7 FPU stack slots remained for this native C++ function.
This CL does:
1. Make sure X87 FPU stack depth always 1 before each TurboFan's float operation
2. Remove the top value in X87 FPU stack required by TurboFan when calling or returning from TurboFan Functions to other TurboFan or Non-TurboFan Functions.
3. Add the strict X87 FPU stack depth check for TurboFan debug code.
4. Re-initialize the X87 FPU stack and push a value at the top of the X87 FPU stack to satify the X87 TurboFan code generation convention for float operation
at the entries where the TurboFan code will be called such as: exception handler, CallCFunctions in tests,..etc
BUG=
Review URL: https://codereview.chromium.org/1636353002
Cr-Commit-Position: refs/heads/master@{#33573}
We can reduce Math.round(v) to a sequence of
let i = Float64RoundUp(v);
let r = i - v;
return r > 0.5 ? 1.0 + i : i;
if the target supports the Float64RoundUp machine operator (i.e.
roundsd with RoundUp rounding on Intel processors with SSE4.1).
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1640393002
Cr-Commit-Position: refs/heads/master@{#33572}
We already have this fast case in Crankshaft where we don't call
%ToInteger when the input is already a SMI. Add the same optimization
to JSIntrinsicLowering.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1641753002
Cr-Commit-Position: refs/heads/master@{#33571}
port a685180d38 (r33535)
original commit message:
On Intel, imul clobbers {r|e}ax. We're missing that in the representation
of the MulHigh intermediate instructions. Fixing, by adding it as a temp,
akin VisitDiv does.
BUG=
Review URL: https://codereview.chromium.org/1643753003
Cr-Commit-Position: refs/heads/master@{#33567}
Note that in these cases, we don't support computed property names yet, just
as we don't for object and class literals.
BUG=v8:3699, v8:4710
LOG=n
Review URL: https://codereview.chromium.org/1634403002
Cr-Commit-Position: refs/heads/master@{#33562}
This cleans up the aforementioned predicate to not rely on the flags
computed for communication between compiled code and the runtime. The
underlying predicates of the AST are used directly instead.
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/1638353002
Cr-Commit-Position: refs/heads/master@{#33559}
Safe stack iterator is supposed to work even when the stack is in an inconsistent state.
E.g. during cpu profile sample recording. This patch eliminates a crash if the frame marker
is found to be bogus.
BUG=v8:4705
LOG=N
Review URL: https://codereview.chromium.org/1633323002
Cr-Commit-Position: refs/heads/master@{#33558}
Reason for revert:
Bug: failing to use write barrier when writing code entry into closure.
Original issue's description:
> Reland of Type Feedback Vector lives in the closure
>
> (Fixed a bug found by nosnap builds.)
>
> We get less "pollution" of type feedback if we have one vector per native
> context, rather than one for the whole system. This CL moves the vector
> appropriately.
>
> We rely more heavily on the Optimized Code Map in the SharedFunctionInfo. The
> vector actually lives in the first slot of the literals array (indeed there is
> great commonality between those arrays, they can be thought of as the same
> thing). So we make greater effort to ensure there is a valid literals array
> after compilation.
>
> This meant, for performance reasons, that we needed to extend
> FastNewClosureStub to support creating closures with literals. And ultimately,
> it drove us to move the optimized code map lookup out of FastNewClosureStub
> and into the compile lazy builtin.
>
> The heap change is trivial so I TBR Hannes for it...
>
> TBR=hpayer@chromium.org
> BUG=
>
> Committed: https://crrev.com/d984b3b0ce91e55800f5323b4bb32a06f8a5aab1
> Cr-Commit-Position: refs/heads/master@{#33548}
TBR=bmeurer@chromium.org,yangguo@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1643533003
Cr-Commit-Position: refs/heads/master@{#33556}
This reverts commit 85ba94f28c.
All parallelism can be turned off using --predictable, or --noparallel-compaction.
This patch completely parallelizes
- semispace copy: from space -> to space (within newspace)
- newspace evacuation: newspace -> oldspace
- oldspace compaction: oldspace -> oldspace
Previously newspace has been handled sequentially (semispace copy, newspace
evacuation) before compacting oldspace in parallel. However, on a high level
there are no dependencies between those two actions, hence we parallelize them
altogether. We base the number of evacuation tasks on the overall set of
to-be-processed pages (newspace + oldspace compaction pages).
Some low-level details:
- The hard cap on number of tasks has been lifted
- We cache store buffer entries locally before merging them back into the global
StoreBuffer in a finalization phase.
- We cache AllocationSite operations locally before merging them back into the
global pretenuring storage in a finalization phase.
- AllocationSite might be compacted while they would be needed for newspace
evacuation. To mitigate any problems we defer checking allocation sites for
newspace till merging locally buffered data.
CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_asan_rel,v8_linux64_tsan_rel,v8_mac64_asan_rel
BUG=chromium:524425
LOG=N
R=hpayer@chromium.org, ulan@chromium.org
Review URL: https://codereview.chromium.org/1640563004
Cr-Commit-Position: refs/heads/master@{#33552}
port 6131ab1edd (r33509)
original commit message:
This CL implements PrepareForTailCall() mentioned in ES6 spec for full codegen, Crankshaft and Turbofan.
When debugger is active tail calls are disabled.
Tail calling can be enabled by --harmony-tailcalls flag.
BUG=
Review URL: https://codereview.chromium.org/1637163003
Cr-Commit-Position: refs/heads/master@{#33549}
(Fixed a bug found by nosnap builds.)
We get less "pollution" of type feedback if we have one vector per native
context, rather than one for the whole system. This CL moves the vector
appropriately.
We rely more heavily on the Optimized Code Map in the SharedFunctionInfo. The
vector actually lives in the first slot of the literals array (indeed there is
great commonality between those arrays, they can be thought of as the same
thing). So we make greater effort to ensure there is a valid literals array
after compilation.
This meant, for performance reasons, that we needed to extend
FastNewClosureStub to support creating closures with literals. And ultimately,
it drove us to move the optimized code map lookup out of FastNewClosureStub
and into the compile lazy builtin.
The heap change is trivial so I TBR Hannes for it...
TBR=hpayer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1642613002
Cr-Commit-Position: refs/heads/master@{#33548}
This ensures that the BytecodeGraphBuilder can generate correct graphs
even when deoptimization has not been enabled. This configuration is not
enabled in production, and we might eventually decide to deprecate it
for good. Until then, this is a quick fix.
R=jarin@chromium.org
TEST=cctest/test-pipeline
Review URL: https://codereview.chromium.org/1640683002
Cr-Commit-Position: refs/heads/master@{#33545}
Introduces the concept of transfer direction to register operands. This
enables the register translator to emit exactly the moves that a
bytecode having it's register operands translated needs.
BUG=v8:4280,v8:4675
LOG=N
Review URL: https://codereview.chromium.org/1633153002
Cr-Commit-Position: refs/heads/master@{#33544}
Reason for revert:
[Sheriff] Leads to crashes on all webrtc chromium testers, e.g.:
https://build.chromium.org/p/chromium.webrtc/builders/Mac%20Tester/builds/49664
Original issue's description:
> [heap] Parallel newspace evacuation, semispace copy, and compaction \o/
>
> All parallelism can be turned off using --predictable, or --noparallel-compaction.
>
> This patch completely parallelizes
> - semispace copy: from space -> to space (within newspace)
> - newspace evacuation: newspace -> oldspace
> - oldspace compaction: oldspace -> oldspace
>
> Previously newspace has been handled sequentially (semispace copy, newspace
> evacuation) before compacting oldspace in parallel. However, on a high level
> there are no dependencies between those two actions, hence we parallelize them
> altogether. We base the number of evacuation tasks on the overall set of
> to-be-processed pages (newspace + oldspace compaction pages).
>
> Some low-level details:
> - The hard cap on number of tasks has been lifted
> - We cache store buffer entries locally before merging them back into the global
> StoreBuffer in a finalization phase.
> - We cache AllocationSite operations locally before merging them back into the
> global pretenuring storage in a finalization phase.
> - AllocationSite might be compacted while they would be needed for newspace
> evacuation. To mitigate any problems we defer checking allocation sites for
> newspace till merging locally buffered data.
>
> CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_asan_rel,v8_linux64_tsan_rel,v8_mac64_asan_rel
> BUG=chromium:524425
> LOG=N
> R=hpayer@chromium.org, ulan@chromium.org
>
> Committed: https://crrev.com/8f0fd8c0370ae8c5aab56491b879d7e30c329062
> Cr-Commit-Position: refs/heads/master@{#33523}
TBR=hpayer@chromium.org,ulan@chromium.org,mlippautz@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:524425
Review URL: https://codereview.chromium.org/1643473002
Cr-Commit-Position: refs/heads/master@{#33539}
In a generator function, the parser rewrites a return statement into a "final"
yield. A final yield used to close the generator, which was incorrect because
the return may occur inside a try-finally clause and so the generator may not
yet terminate.
BUG=
Review URL: https://codereview.chromium.org/1634553002
Cr-Commit-Position: refs/heads/master@{#33537}
MoveKey used to be a std::pair. Rather than expecting the reader to
remember which is "first" and "second", this change makes it a struct
with specific names ("source" and "destination")
BUG=
Review URL: https://codereview.chromium.org/1641523002
Cr-Commit-Position: refs/heads/master@{#33536}
On Intel, imul clobbers {r|e}ax. We're missing that in the representation
of the MulHigh intermediate instructions. Fixing, by adding it as a temp,
akin VisitDiv does.
Review URL: https://codereview.chromium.org/1631973003
Cr-Commit-Position: refs/heads/master@{#33535}
This patch stages the first part of RegExp subclassing--defining
Symbol.{match,replace,search,split}, but keeping their original
definitions which are restricted to a RegExp receiver and do not
call out to the core 'exec' method. This is being staged separately
because the two sets of extension points are separate features with
separate functionality. The amount of behavior which is held behind
the flag is very small, just exposing the symbols as properties of
Symbol--the behavior that the String methods call out to these Symbol
properties has already been shipping unflagged.
R=yangguo@chromium.org
BUG=v8:4305,v8:4343,v8:4344,v8:4345
LOG=Y
Review URL: https://codereview.chromium.org/1637703003
Cr-Commit-Position: refs/heads/master@{#33534}
Field types can contain at most one map, so we can just use IsClass().
Review URL: https://codereview.chromium.org/1633213003
Cr-Commit-Position: refs/heads/master@{#33533}
Functions like DataView.prototype.getUint8 should have length 1,
and DataView.prototype.setUint8 should have length 2, as their
endianness arguments are optional. Additionally,
TypedArray.prototype.set.length should be 2. This follows the ES2015
specification, and a new test262 test tests for it. This patch
fixes the functions' lengths.
R=adamk
Review URL: https://codereview.chromium.org/1636953003
Cr-Commit-Position: refs/heads/master@{#33531}
ParseArrowFunctionLiteral was erroneously checking AllowsLazyCompilation
rather than AllowsLazyParsing when deciding whether to parse lazily.
This meant that lexically-scoped variables that had no other referents
wouldn't get closed over properly.
BUG=chromium:580934, v8:4255
LOG=y
Review URL: https://codereview.chromium.org/1630823006
Cr-Commit-Position: refs/heads/master@{#33530}
They were already treated as a BindingPattern error; this patch simply
replaces that call with one marking them as both a binding and assignment
error, and adds parsing tests for both cases.
BUG=v8:4707
LOG=n
Review URL: https://codereview.chromium.org/1632303002
Cr-Commit-Position: refs/heads/master@{#33528}
It allows embedder to inject a stack sample on demand.
BUG=chromium:579191
LOG=N
Review URL: https://codereview.chromium.org/1631043002
Cr-Commit-Position: refs/heads/master@{#33527}
All parallelism can be turned off using --predictable, or --noparallel-compaction.
This patch completely parallelizes
- semispace copy: from space -> to space (within newspace)
- newspace evacuation: newspace -> oldspace
- oldspace compaction: oldspace -> oldspace
Previously newspace has been handled sequentially (semispace copy, newspace
evacuation) before compacting oldspace in parallel. However, on a high level
there are no dependencies between those two actions, hence we parallelize them
altogether. We base the number of evacuation tasks on the overall set of
to-be-processed pages (newspace + oldspace compaction pages).
Some low-level details:
- The hard cap on number of tasks has been lifted
- We cache store buffer entries locally before merging them back into the global
StoreBuffer in a finalization phase.
- We cache AllocationSite operations locally before merging them back into the
global pretenuring storage in a finalization phase.
- AllocationSite might be compacted while they would be needed for newspace
evacuation. To mitigate any problems we defer checking allocation sites for
newspace till merging locally buffered data.
CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_asan_rel,v8_linux64_tsan_rel,v8_mac64_asan_rel
BUG=chromium:524425
LOG=N
R=hpayer@chromium.org, ulan@chromium.org
Review URL: https://codereview.chromium.org/1577853007
Cr-Commit-Position: refs/heads/master@{#33523}
A statement could have several break positions. The entire statement
should be considered muted if break points across all these break
positions evaluate to false.
R=verwaest@chromium.org
BUG=chromium:429167
LOG=N
Review URL: https://codereview.chromium.org/1615903002
Cr-Commit-Position: refs/heads/master@{#33522}
This replace HeapType with a dedicated class that implements just what we need for field type tracking. In the next CL, I plan to remove FieldType::Iterator because FieldType can iterate over at most one map.
The ultimate plan is to get rid of templates in types.(h|cc) and remove type-inl.h.
TBR=rossberg@chromium.org
Review URL: https://codereview.chromium.org/1636013002
Cr-Commit-Position: refs/heads/master@{#33521}
Reason for revert:
FAilure on win32 bot, need to investigate webkit failures.
Original issue's description:
> Type Feedback Vector lives in the closure
>
> We get less "pollution" of type feedback if we have one vector per native
> context, rather than one for the whole system. This CL moves the vector
> appropriately.
>
> We rely more heavily on the Optimized Code Map in the SharedFunctionInfo. The
> vector actually lives in the first slot of the literals array (indeed there is
> great commonality between those arrays, they can be thought of as the same
> thing). So we make greater effort to ensure there is a valid literals array
> after compilation.
>
> This meant, for performance reasons, that we needed to extend
> FastNewClosureStub to support creating closures with literals. And ultimately,
> it drove us to move the optimized code map lookup out of FastNewClosureStub
> and into the compile lazy builtin.
>
> The heap change is trivial so I TBR Hannes for it...
>
> TBR=hpayer@chromium.org
>
> BUG=
>
> Committed: https://crrev.com/a5200f7ed4d11c6b882fa667da7a1864226544b4
> Cr-Commit-Position: refs/heads/master@{#33518}
TBR=bmeurer@chromium.org,akos.palfi@imgtec.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1632993003
Cr-Commit-Position: refs/heads/master@{#33520}
We get less "pollution" of type feedback if we have one vector per native
context, rather than one for the whole system. This CL moves the vector
appropriately.
We rely more heavily on the Optimized Code Map in the SharedFunctionInfo. The
vector actually lives in the first slot of the literals array (indeed there is
great commonality between those arrays, they can be thought of as the same
thing). So we make greater effort to ensure there is a valid literals array
after compilation.
This meant, for performance reasons, that we needed to extend
FastNewClosureStub to support creating closures with literals. And ultimately,
it drove us to move the optimized code map lookup out of FastNewClosureStub
and into the compile lazy builtin.
The heap change is trivial so I TBR Hannes for it...
TBR=hpayer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1563213002
Cr-Commit-Position: refs/heads/master@{#33518}
This increases the size of register operands to be 16-bit.
Not all bytecodes have wide register variants, so when they are
needed a register translator will copy them into a small area
reserved at the top of the 8-bit register range and these registers
are supplied as arguments to the bytecode with 8-bit operands.
This is non-intrusive for typical bytecode where the number of
registers is less than 120. For bytecodes with wide register
operands (above the window) their index needs to be translated
to avoid the reserved translation window.
Enables splay.js to run in Octane and a handful of mjsunit tests.
BUG=v8:4280,v8:4675
LOG=NO
Review URL: https://codereview.chromium.org/1613163002
Cr-Commit-Position: refs/heads/master@{#33516}
