Reason for revert:
Tanks sunspider/date-format-tofte because of the Date constructor being turbofanned.
Original issue's description:
> [turbofan] Ship TurboFan with new.target references.
>
> This correctly marks functions containing a new.target reference as
> being disabled with Crankshaft, which would have bailed out anyways.
> Also note that this will trigger TurboFan for such functions and hence
> widens the TurboFan intake valve.
>
> R=bmeurer@chromium.org
>
> Committed: https://crrev.com/2ec6fcd1520bb8a09c9924ac5498eb9b437670b0
> Cr-Commit-Position: refs/heads/master@{#32444}
TBR=bmeurer@chromium.org,rossberg@chromium.org,hablich@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1489833002
Cr-Commit-Position: refs/heads/master@{#32455}
CallIC and CallConstructStub look so alike, at least in the feedback they gather even if the implementation differs...and CallIC has such a nice way of surfacing the feedback (CallICNexus), that there is a request to make CallConstructStub look analogous. Enter ConstructICStub.
BUG=
Review URL: https://codereview.chromium.org/1476413003
Cr-Commit-Position: refs/heads/master@{#32452}
This switches all remaining builtin methods to use the ES6 new.target
value when determined whether being called as a constructor or not. This
is prepatory work for fully deprecating the aforementioned intrinsic.
R=rossberg@chromium.org
Review URL: https://codereview.chromium.org/1474343002
Cr-Commit-Position: refs/heads/master@{#32447}
This moves the decision whether code flushing is active into the setup
phase of the GC. Components are no longer allowed to dynamically switch
the code flushing mode on demand.
R=hpayer@chromium.org
Review URL: https://codereview.chromium.org/1487743002
Cr-Commit-Position: refs/heads/master@{#32446}
This correctly marks functions containing a new.target reference as
being disabled with Crankshaft, which would have bailed out anyways.
Also note that this will trigger TurboFan for such functions and hence
widens the TurboFan intake valve.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1482733002
Cr-Commit-Position: refs/heads/master@{#32444}
This is the initial support for binary operation hints on javascript
binary operators, i.e. JSAdd, JSSubtract and so on. The hints are
extracted from the fullcodegen code object before graph building and the
AstGraphBuilder puts those hints on the operators if available.
R=jarin@chromium.org
BUG=v8:4583
LOG=n
Review URL: https://codereview.chromium.org/1487973002
Cr-Commit-Position: refs/heads/master@{#32443}
X87 port already implemented Float64RoundDown and Float64RoundTruncate operators, not enabled yet.
This CL would enable them.
BUG=
Review URL: https://codereview.chromium.org/1486483003
Cr-Commit-Position: refs/heads/master@{#32442}
port 9e6448813d (r32407)
original commit message:
This way we avoid the %_IsSmi magic that is required in TurboFan to
(efficiently) check abitrary context slots for smi 0. Checking against
"the hole" is common in the AstGraphBuilder and "the hole" is also used
to mark other context slots as not initialized.
BUG=
Review URL: https://codereview.chromium.org/1486913002
Cr-Commit-Position: refs/heads/master@{#32441}
port 51e992f147 (r32410)
original commit message:
Restore frame pointer directly from stack rather than copying it and
restoring. Also restore return address register directly on platforms that
support it.
BUG=
Review URL: https://codereview.chromium.org/1483063004
Cr-Commit-Position: refs/heads/master@{#32440}
Node has an operator<<, however, constructing an ostream in a debugger
session is non-trivial, hence this method.
BUG=
Review URL: https://codereview.chromium.org/1488953003
Cr-Commit-Position: refs/heads/master@{#32439}
Rolling v8/build/gyp to f4d65e35719cfe02257ece126c109cfc053ca35c
Rolling v8/tools/clang to 3bd755f93254f9c21a323a5cfd28dacbe02e53e4
TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
Review URL: https://codereview.chromium.org/1486733003
Cr-Commit-Position: refs/heads/master@{#32437}
Port 47502a238b
Original commit message:
Previously all contexts had a link to the global object, but what is
required in most cases (except for the global load, store and delete
case) is the native context.
This also removes the second dummy global object that was still linked
to every native context. We will add a different mechanism to ensure
that builtins do not pollute the actual global object during
bootstrapping.
Drive-by-fix: Unify some MacroAssembler magic and drop obsolete stuff.
R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1491433002
Cr-Commit-Position: refs/heads/master@{#32435}
SIMD.js potentially adds to the standard library passed into
asm.js modules. Splitting off the point where the SIMD object
would be referenced to allow work on SIMD typing to occur orthogonally.
Adding VariableInfo to allow tracking of simd constructors / check functions. Using this for fround.
BUG= https://code.google.com/p/v8/issues/detail?id=4203
TEST=test-asm-validator
R=titzer@chromium.org,aseemgarg@chromium.org
LOG=N
Looking at simd.js
Review URL: https://codereview.chromium.org/1473513004
Cr-Commit-Position: refs/heads/master@{#32431}
Port d3e5db0428
Original commit message:
Up until now we sometimes pass Smi 0 around as closure and expect the
runtime to translate that appropriately. But we need to be careful in
some places to not confuse the Smi 0 with a real closure. However, we
could instead just pass the correct closure extracted from the native
context.
This addresses three long-standing TODOs in the JSTypedLowering pass.
R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1490553002
Cr-Commit-Position: refs/heads/master@{#32430}
This fixes a corner-case in redeclaration handling, where the ES2015
early error case got mixed up with legacy const handling in the parser.
Redeclaration using ES2015 'let' and 'const' should be early errors,
but legacy 'const' redeclaration has historically been a runtime error,
and should stay that way until legacy 'const' is gone.
The fix here is uglier than it might be due to
https://code.google.com/p/v8/issues/detail?id=4577, which keeps us
from simplifying the mess of if/else-if in the current code.
BUG=v8:4576
LOG=n
Review URL: https://codereview.chromium.org/1485943002
Cr-Commit-Position: refs/heads/master@{#32429}
Port 3d004eeab2
Original commit message:
This passes the new.target value in a register instead of through a
side-channel via the construct stub. The interpreter entry trampoline
stores this value in a bytecode register so that it can be accessed
directly by the interpreter. The size of the interpreter stack frame
hence grows by one slot.
R=mstarzinger@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=v8:4544
LOG=n
Review URL: https://codereview.chromium.org/1487863002
Cr-Commit-Position: refs/heads/master@{#32425}
Port 5166987369
Original commit message:
Some highlights of this CL:
* Refactor the mutable state out of Frame into FrameAccessState,
which is maintained and updated during code generation to
record whether sp- or fp-based frame access is currently active
and how deep the stack on top of the frame is.
* The operand resultion in linkage.cc now uses FrameAccessState
to determine how to generate frame-accessing operands.
* Update all platforms to accurately track additionally pushed
stack slots (e.g. arguments for calls) in the FrameAccessState.
* Add a flag, --turbo_sp_frame_access, which forces all frame
access to be sp-based whenever possible. This will likely never
be used in production, but for testing it's useful in verifying
that the stack-tracking of each platform maintained in the
FrameAccessState is correct.
* Use sp-based frame access for gap resolving before tail
calls. This will allow for slightly more efficient restoration
of the frame pointer in the tail call in a later CL.
* Remove most ad hoc groping into CallDescriptors to
determine if a frame is needed, instead consistently use
predicates like needs_frame(), IsCFunctionCall() and
IsJSFunctionCall().
R=danno@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=v8:4076
LOG=n
Review URL: https://codereview.chromium.org/1484913003
Cr-Commit-Position: refs/heads/master@{#32420}
Shifts of integer values are in some contexts collapsed by the parser into single literal AST nodes, rather than a direct representation of the parse tree. Confirming this behavior in tests.
Integer TypedArrays are assumed to load and store "intish" values rather than more fine-grained type information. Reducing the precision of the typing information to match the spec and simplify the wasm generator.
The asm spec requires load and store values of various "float?", "floatish", "double?" and "intish" types to ensure undefined values are not visible and that float32 rounding occurs at the right time. More closely matching this.
Adding additional testing around unsigned / signed comparisons, loads and stores.
Adding addition debug mode printing when asserting about types fail.
BUG= https://code.google.com/p/v8/issues/detail?id=4203
TEST=test-asm-validator, wasm side tests
R=titzer@chromium.org,aseemgarg@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/1471073003
Cr-Commit-Position: refs/heads/master@{#32419}
This disregards the code age heuristic when deciding whether to flush
code so that GC stress mode is more likely to flush out potential races
between our various "invariants".
R=hpayer@chromium.org
Review URL: https://codereview.chromium.org/1483993002
Cr-Commit-Position: refs/heads/master@{#32414}
This removes an overly complex predicate from the IsFlushable check
within the marking visitor. By now all JSFunction objects reference a
valid Context object, also builtin functions can be recognized without
looking at the JSFunction object.
R=hpayer@chromium.org
Review URL: https://codereview.chromium.org/1482363002
Cr-Commit-Position: refs/heads/master@{#32412}
Restore frame pointer directly from stack rather than copying it and
restoring. Also restore return address register directly on platforms that
support it.
BUG=v8:4076
LOG=n
Review URL: https://codereview.chromium.org/1488553002
Cr-Commit-Position: refs/heads/master@{#32410}
an optomization to remove redundant cast operations.
1. Adds an optimization to remove redundant ToBoolean and ToName operations.
2. Adds implementation and tests for cast operatorts to bytecode graph builder.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1468003002
Cr-Commit-Position: refs/heads/master@{#32408}