Reason for revert:
Regresses lots of benchmarks: https://crbug.com/579900
Original issue's description:
> [turbofan] optimize spills in defered blocks
>
> Up to now, for ranges spilled in deferred blocks, we would spill every
> time a range would switch from using a register to spill slots. That can
> be redundant, leading to avoidable code size cost.
>
> This change addresses this issue, by performing the spills as early as
> possible.
>
> BUG=
>
> Committed: https://crrev.com/7c54dc33855b8ac31f26b309671f9b5481a74376
> Cr-Commit-Position: refs/heads/master@{#33413}
TBR=bmeurer@chromium.org,mtrofin@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1612013002
Cr-Commit-Position: refs/heads/master@{#33431}
A break location is considered muted if it has break points, but their
conditions all evaluate to false. Aside from not triggering break
events, debugger statements and exceptions are also ignored.
R=verwaest@chromium.org
BUG=chromium:429167
LOG=Y
Review URL: https://codereview.chromium.org/1610073002
Cr-Commit-Position: refs/heads/master@{#33429}
port f48bf12f5e (r33426)
original commit message:
The PrepareId bailout location was used incorrectly in Crankshaft and,
as it turns out, is not required anyway (once you do it right). Also
there was some premature optimization going on with the CheckEnumCache
(trying to load null from roots only once), plus we can be smarter about
the null/undefined check anyway.
The idea behind this changes is to prepare unification of the two
different ForInPrepare implementations that we now have, with the end
result being that we only use the new implementation that was recently
added for the interpreter.
BUG=
Review URL: https://codereview.chromium.org/1611113002
Cr-Commit-Position: refs/heads/master@{#33428}
When a slow mode for-in loop is compiled with Crankshaft we
unconditionally deoptimize when we hit an object with a usable
enum-cache (which is currently hidden by another CL), and obviously
we don't learn anything from that.
R=jarin@chromium.org
BUG=v8:3650
LOG=n
Review URL: https://codereview.chromium.org/1611933003
Cr-Commit-Position: refs/heads/master@{#33427}
The PrepareId bailout location was used incorrectly in Crankshaft and,
as it turns out, is not required anyway (once you do it right). Also
there was some premature optimization going on with the CheckEnumCache
(trying to load null from roots only once), plus we can be smarter about
the null/undefined check anyway.
The idea behind this changes is to prepare unification of the two
different ForInPrepare implementations that we now have, with the end
result being that we only use the new implementation that was recently
added for the interpreter.
R=jarin@chromium.org
BUG=v8:3650
LOG=n
Review URL: https://codereview.chromium.org/1618613002
Cr-Commit-Position: refs/heads/master@{#33426}
port 0b3066b8f5 (r33414)
original commit message:
This implements a first prototype of stack unwinding for interpreted
frames. The unwinding machinery performs a range-based lookup in the
given handler table and potentially continues dispatching at the handler
offset. Note that this does not yet correctly restore the context to the
correct value when the handler is being entered.
BUG=
Review URL: https://codereview.chromium.org/1616613002
Cr-Commit-Position: refs/heads/master@{#33425}
port d1d0196473 (r33410)
original commit message:
The motivation for this is that CompilationInfo really shouldn't
explicitly know anything about CodeStubs. This is evident in
the TurboFan stubs pipeline, which only needs to pass down
information about Code::Flags to the code generator and not
any of the CallInterfaceDescriptor silliness that Hydrogen has
to push around, since TF has the Linkage class that
encapsulates everything that is needed for the stub ABI. So,
instead of threading CodeStub machinery through the TF stub
pipeline, it is now removed from CompilationInfo and replaced
by only the explicit bits needed both by the Crankshaft and
TF pipelines in code generation.
BUG=
Review URL: https://codereview.chromium.org/1611793003
Cr-Commit-Position: refs/heads/master@{#33423}
Although the `for..in` statement allows Expressions to define the
iterator, only an AssignmentExpression may occupy this position in the
`for..of` statement.
BUG=v8:4692
LOG=N
R=adamk@chromium.org
Review URL: https://codereview.chromium.org/1602823003
Cr-Commit-Position: refs/heads/master@{#33420}
Remove an unnecessary is_static argument to ParsePropertyName (the caller
already has easy access to that information) and inline
ParseIdentifierNameOrGetOrSet into its only caller.
Review URL: https://codereview.chromium.org/1606193003
Cr-Commit-Position: refs/heads/master@{#33419}
Port 0b3066b8f5
Original commit message:
This implements a first prototype of stack unwinding for interpreted
frames. The unwinding machinery performs a range-based lookup in the
given handler table and potentially continues dispatching at the handler
offset. Note that this does not yet correctly restore the context to the
correct value when the handler is being entered.
R=mstarzinger@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=v8:4674
LOG=n
Review URL: https://codereview.chromium.org/1612593002
Cr-Commit-Position: refs/heads/master@{#33418}
The Object.getOwnPropertyNames method always calls into C++ anyway,
so there's no point in having the JavaScript wrapper around at all.
Drive-by-fix: Inline GetOwnEnumerablePropertyNames into its single
call site.
CQ_INCLUDE_TRYBOTS=tryserver.chromium.win:win_chromium_rel_ng
R=yangguo@chromium.org
Committed: https://crrev.com/bf027fe756f62b4abcac8aa08134c8c5ed055620
Cr-Commit-Position: refs/heads/master@{#33380}
Review URL: https://codereview.chromium.org/1605803002
Cr-Commit-Position: refs/heads/master@{#33417}
This change improves performance for the common case of
Object.getOwnPropertyDescriptor by up 3x-4x, where we just
return a property descriptor object for a regular data or
accessor property.
CQ_INCLUDE_TRYBOTS=tryserver.chromium.win:win_chromium_rel_ng
R=yangguo@chromium.org
Committed: https://crrev.com/ffa9e82235b20c523ebb1151c6196bc6232296b9
Cr-Commit-Position: refs/heads/master@{#33398}
Review URL: https://codereview.chromium.org/1607943003
Cr-Commit-Position: refs/heads/master@{#33415}
This implements a first prototype of stack unwinding for interpreted
frames. The unwinding machinery performs a range-based lookup in the
given handler table and potentially continues dispatching at the handler
offset. Note that this does not yet correctly restore the context to the
correct value when the handler is being entered.
R=rmcilroy@chromium.org,oth@chromium.org
BUG=v8:4674
LOG=n
Review URL: https://codereview.chromium.org/1605633003
Cr-Commit-Position: refs/heads/master@{#33414}
Up to now, for ranges spilled in deferred blocks, we would spill every
time a range would switch from using a register to spill slots. That can
be redundant, leading to avoidable code size cost.
This change addresses this issue, by performing the spills as early as
possible.
BUG=
Review URL: https://codereview.chromium.org/1551013002
Cr-Commit-Position: refs/heads/master@{#33413}
Platforms which do not provide rounding instructions (like x64 without
sse4.1, arm before v8) fall back to this new soft float inplementation.
BUG=575379
LOG=Y
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1611513003
Cr-Commit-Position: refs/heads/master@{#33412}
The motivation for this is that CompilationInfo really shouldn't
explicitly know anything about CodeStubs. This is evident in
the TurboFan stubs pipeline, which only needs to pass down
information about Code::Flags to the code generator and not
any of the CallInterfaceDescriptor silliness that Hydrogen has
to push around, since TF has the Linkage class that
encapsulates everything that is needed for the stub ABI. So,
instead of threading CodeStub machinery through the TF stub
pipeline, it is now removed from CompilationInfo and replaced
by only the explicit bits needed both by the Crankshaft and
TF pipelines in code generation.
Review URL: https://codereview.chromium.org/1604543002
Cr-Commit-Position: refs/heads/master@{#33410}
This is to fix some of the failing test262 tests with ignition flag.
In few test262 tests, there is a throw from the script scope. Rewriter::Rewrite
pass converts expression statements into assignment statements in script scope.
This causes interpreter to fail because assignment expression expects a result
in accumulator but throw statement does not return a value. To fix this, we
now mark that accumulator contains a value when visiting throw statement.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1523423003
Cr-Commit-Position: refs/heads/master@{#33408}
* Treat Select nodes as escaping
* Correctly void virtual field information
after a store to a non-const index
* Add a shortcut if all allocates escape
* Add a shortcut if no allocates are discovered
* Only reduce FrameState/StateValues nodes if they
have virtual allocates as input (transitively)
* Fix bug in FrameState/StateValues duplication
* Add check to verifier: First 3 inputs of FrameState
must be StateValues
R=mstarzinger@chromium.org
BUG=v8:4586
LOG=n
Review URL: https://codereview.chromium.org/1583213003
Cr-Commit-Position: refs/heads/master@{#33406}
Currently we fail to properly handle shadowed properties. If the
receiver defines a non-enumerable property that reappears on the
prototype as enumerable it incorrectly shows up in [[Enumerate]].
By extending the KeyAccumulator to track non-enumerable properties
we can now properly filter them out when seeing them further up in
the prototype-chain.
BUG=v8:705
LOG=y
Review URL: https://codereview.chromium.org/1608523002
Cr-Commit-Position: refs/heads/master@{#33405}
Reason for revert:
Predecessor CL suspect for roll breakage: https://codereview.chromium.org/1610563002
Original issue's description:
> [runtime] Introduce maps for the likely cases of FromPropertyDescriptor.
>
> This change improves performance for the common case of
> Object.getOwnPropertyDescriptor by up 3x-4x, where we just
> return a property descriptor object for a regular data or
> accessor property.
>
> R=yangguo@chromium.org
>
> Committed: https://crrev.com/ffa9e82235b20c523ebb1151c6196bc6232296b9
> Cr-Commit-Position: refs/heads/master@{#33398}
TBR=yangguo@chromium.org,bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1604243002
Cr-Commit-Position: refs/heads/master@{#33403}
This removes the above flag definition. The flag is no longer needed as
the default implementation is more than capable of faking presence of
handling of try-catch and try-finally constructs by now.
R=rmcilroy@chromium.org
BUG=v8:4674
LOG=n
Review URL: https://codereview.chromium.org/1603063003
Cr-Commit-Position: refs/heads/master@{#33402}
This implements a first version of exception handler table construction
within the interpreter. Note that the local control flow for try-catch
and try-finally statements is still off, and also stack unwinding does
not yet respect interpreter frames. But generated handler tables should
be populated correctly already.
R=oth@chromium.org
BUG=v8:4674
LOG=n
Review URL: https://codereview.chromium.org/1607433005
Cr-Commit-Position: refs/heads/master@{#33400}
Reason for revert:
Breaks roll: https://codereview.chromium.org/1603953002/
Original issue's description:
> [runtime] Migrate Object.getOwnPropertyNames to C++.
>
> The Object.getOwnPropertyNames method always calls into C++ anyway,
> so there's no point in having the JavaScript wrapper around at all.
>
> Drive-by-fix: Inline GetOwnEnumerablePropertyNames into its single
> call site.
>
> R=yangguo@chromium.org
>
> Committed: https://crrev.com/bf027fe756f62b4abcac8aa08134c8c5ed055620
> Cr-Commit-Position: refs/heads/master@{#33380}
TBR=yangguo@chromium.org,bmeurer@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
Review URL: https://codereview.chromium.org/1609173002
Cr-Commit-Position: refs/heads/master@{#33399}
This change improves performance for the common case of
Object.getOwnPropertyDescriptor by up 3x-4x, where we just
return a property descriptor object for a regular data or
accessor property.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1607943003
Cr-Commit-Position: refs/heads/master@{#33398}
The old handling of escaped keywords erroneously treated escaped versions
of "let" and "static" as ESCAPED_KEYWORD, leading to erroneous errors in
sloppy mode. Moreover, though the class literal parsing code attempted
to fix up the parsing of escaped versions of "static" to allow it in the
right places, that code wasn't complete.
Fixing the scanner to mark escaped "static" as ESCAPED_STRICT_RESERVED_WORD
allows simplifying the class literal parsing code. A little extra code
was needed to properly handle the new treatment of escaped "let".
Note that "yield" is still broken (that is, we're overly restrictive of
escaped "yield" in sloppy mode).
Review URL: https://codereview.chromium.org/1602013007
Cr-Commit-Position: refs/heads/master@{#33396}
This patch implements one aspect of ES2015 RegExp subclassing:
String.prototype.replace is separated into two parts, a method on
RegExp.prototype in case the first argument is a RegExp, and the
String.prototype.replace method, which handles the string pattern
case. This separation is described in the ES2015 specification.
Most of the patch is simply moving code from string.js to regexp.js.
R=yangguo
LOG=Y
BUG=v8:4343
Review URL: https://codereview.chromium.org/1590673002
Cr-Commit-Position: refs/heads/master@{#33393}
o Adds wide variants of bytecodes that have operands describing ranges
of registers. The upcoming wide register support does not suppport
re-mapping ranges.
o Adds kRegPair16 and kRegTriple16 operands required for new wide
bytecodes and renames Count8/Count16 operands to RegCount8/RegCount16.
o Removes Exchange bytecodes
BUG=v8:4675
LOG=NO
Review URL: https://codereview.chromium.org/1595103006
Cr-Commit-Position: refs/heads/master@{#33389}
Fixes a bug where the context would be popped before labeled block break target
location.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1601153002
Cr-Commit-Position: refs/heads/master@{#33388}
After 1564083002, spread expressions are desugared and should not
survive in the AST after parsing. This patch removes dead code
related to this. It also eliminates the kSpread bailout reason
and the concat_iterable_to_array_builtin.
R=bmeurer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1592713002
Cr-Commit-Position: refs/heads/master@{#33385}
Now that we support eval in Ignition, remove the fallback for eval checks
and make the flag only fallback on catch blocks.
BUG=v8:4280,v8:4676
LOG=N
Review URL: https://codereview.chromium.org/1595223004
Cr-Commit-Position: refs/heads/master@{#33384}
The Object.getOwnPropertyNames method always calls into C++ anyway,
so there's no point in having the JavaScript wrapper around at all.
Drive-by-fix: Inline GetOwnEnumerablePropertyNames into its single
call site.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1605803002
Cr-Commit-Position: refs/heads/master@{#33380}
The implementation of Object.getOwnPropertyDescriptor always called into
C++ anyway, so there's no need to have this JavaScript wrapper around at
all.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1606783002
Cr-Commit-Position: refs/heads/master@{#33379}
The old mechanism was a left-over from a previous time where the runtime
would rely on the presence or absence of the setter to figure out
whether or not the property is mutable. This is unnecessary by now.
Review URL: https://codereview.chromium.org/1600923002
Cr-Commit-Position: refs/heads/master@{#33377}
Previously MakeModuleExport invalidly set "all-can-*" to true. Also module export setters need to throw (in strict-mode) according to ES6 9.4.6.6 and 9.4.6.9.
BUG=
Review URL: https://codereview.chromium.org/1602753002
Cr-Commit-Position: refs/heads/master@{#33376}
This adds a handler table field to the header of our BytecodeArray
objects. The field will eventually hold a range-based handler table
similar to full-codegen code, to support exception handlong within
interpreted code.
R=oth@chromium.org
BUG=v8:4674
LOG=n
Review URL: https://codereview.chromium.org/1606493002
Cr-Commit-Position: refs/heads/master@{#33373}
VisitObjectLiteral has two parts. First it creates a literal and then
sets properties or accessor properties. Setting properties requires a
runtime call and it expects the literal object which was created in the
first part is contiguous with other registers it allocates. Since these
are allocated in a different scope they are not always contiguous.
This causes problems with mjsunit/setter-on-constructor-prototype.js.
This cl fixes by allocating contiguous registers in the inner scope.
Literal value is copied into the newly allocated register so that all
the required registers are always contiguous.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1588903002
Cr-Commit-Position: refs/heads/master@{#33371}
Reason for revert:
Code is incorrect for -0.
Original issue's description:
> [turbofan] Implement rounding of floats on x64 and ia32 without sse4.1.
>
> The implementation sets the rounding mode flag and then uses the
> cvtsd2si and cvtsi2sd instructions (convert between float and int) to do
> the rounding. Input values outside int range either don't have to be
> rounded anyways, or are rounded by calculating input + 2^52 - 2^52 for
> positive inputs, or input -2^52 + 2^52 for negative inputs. The original
> rounding mode is restored afterwards.
>
> R=titzer@chromium.org
>
> B=575379
>
> Committed: https://crrev.com/fa5d09e547abe79a8c82f780deb980c53ad78beb
> Cr-Commit-Position: refs/heads/master@{#33367}
TBR=titzer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1593313010
Cr-Commit-Position: refs/heads/master@{#33369}
The implementation sets the rounding mode flag and then uses the
cvtsd2si and cvtsi2sd instructions (convert between float and int) to do
the rounding. Input values outside int range either don't have to be
rounded anyways, or are rounded by calculating input + 2^52 - 2^52 for
positive inputs, or input -2^52 + 2^52 for negative inputs. The original
rounding mode is restored afterwards.
R=titzer@chromium.org
B=575379
Review URL: https://codereview.chromium.org/1584663007
Cr-Commit-Position: refs/heads/master@{#33367}
This became temporarily a big issue, because spreads are desugared
into do-expressions. This patch fixes the problem with having
spreads as parameter initializers in arrow expressions, e.g., this
line would crash:
[], ((x = [...[42]]) => x)();
R=rossberg@chromium.org
BUG=chromium:578038
LOG=N
Review URL: https://codereview.chromium.org/1581403007
Cr-Commit-Position: refs/heads/master@{#33365}
In many places we over-specify runtime-calls by explicitly mentioning
again the argument count. Except for var-args runtime-functions we can
easily deduce this from the parameters in runtime.h.
BUG=
Review URL: https://codereview.chromium.org/1596293003
Cr-Commit-Position: refs/heads/master@{#33363}
Proxy.
If a constructable Proxy changes the target's prototype during the
prototype lookup the target's initial map stays uninitialized half-way
during object construction.
LOG=n
BUG=chromium:578039
Review URL: https://codereview.chromium.org/1586203003
Cr-Commit-Position: refs/heads/master@{#33359}
Make ForInPrepare take a kRegTriple8 operand and ForInNext take kRegPair8
operand for cache state. This is to ensure that the cache state output of
ForInPrepare is in consecutive registers to allow us to deopt the
ForInPrepare node from TF->Ignition (to be done in a followup CL).
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1584813002
Cr-Commit-Position: refs/heads/master@{#33357}
Adds support for variable and function declarations in lookup slots to the
interpreter.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1583783003
Cr-Commit-Position: refs/heads/master@{#33355}
This removes the need to pass in the current unoptimized code when
requesting optimized code for a function. Note that the notion of
unoptimized code becomes moot when optimizing from the interpreter
bytecode, hence the API should not encode such a dependency.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1588293005
Cr-Commit-Position: refs/heads/master@{#33353}
port 84f8a506e2 (r33334)
original commit message:
Adds a ForInPrepare Runtime function which returns a triple of
cache_type, cache_array and cache_length.
This requires adding support to CEntryStub to call runtime functions
which return a ObjectTriple - a struct containing three Object*
pointers. Also did some cleanup of the x64 CEntryStub to avoid
replicated code.
Replaces the interpreter's use of the ad-hock InterpreterForInPrepare
Runtime function with ForInPrepare in preparation for fixing deopt in
BytecodeGraphBuilder for ForIn (which will be done in a followup CL).
MIPS port contributed by Balazs Kilvady <balazs.kilvady@imgtec.com>.
BUG=
Review URL: https://codereview.chromium.org/1603493002
Cr-Commit-Position: refs/heads/master@{#33352}
port e06f7d784e (r33347)
original commit message:
The new operator converts an int32 input to float32. If the input cannot
be represented exactly in float32, the value is rounded using the
round-ties-even rounding mode (the default rounding mode).
I provide implementations of the new operator for x64, ia32, arm, arm64,
mips, mips64, ppc, and ppc64.
BUG=
Review URL: https://codereview.chromium.org/1597403002
Cr-Commit-Position: refs/heads/master@{#33351}
We don't need to treat as "spills in deferred blocks" ranges that have
no spill range, or that have a spill operand.
Review URL: https://codereview.chromium.org/1597883002
Cr-Commit-Position: refs/heads/master@{#33349}
This may have made more sense in the old module design (where
"unification" was a thing), but as-is it's only used for a few
asserts in debug mode. These asserts don't make much sense inside
ModuleDescriptor; instead, as the modules implementation is fleshed
out, I expect the appropriate replacement asserts to show up at the
use of the ModuleDescriptor.
Review URL: https://codereview.chromium.org/1598433006
Cr-Commit-Position: refs/heads/master@{#33345}
This includes anonymous Function, Generator, and Class declarations when
preceded by 'export default'. Parsing only at the moment, nothing useful is
done with the parsed Function/ClassLiteral.
BUG=v8:1569
LOG=n
Review URL: https://codereview.chromium.org/1589173002
Cr-Commit-Position: refs/heads/master@{#33344}
Port 84f8a506e2
Original commit message:
Adds a ForInPrepare Runtime function which returns a triple of
cache_type, cache_array and cache_length.
This requires adding support to CEntryStub to call runtime functions
which return a ObjectTriple - a struct containing three Object*
pointers. Also did some cleanup of the x64 CEntryStub to avoid
replicated code.
Replaces the interpreter's use of the ad-hock InterpreterForInPrepare
Runtime function with ForInPrepare in preparation for fixing deopt in
BytecodeGraphBuilder for ForIn (which will be done in a followup CL).
R=rmcilroy@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1586153004
Cr-Commit-Position: refs/heads/master@{#33342}
Port c86f1897ac
Original commit message:
When derived constructors return a non-object (or not undefined) we
currently throw an exception directly in the callee context. This was
achieved by desugaring the return statement for derived classes. To
be spec compliamnt a separate ConstructStubForDerived is introduced.
Instead of trowing directly, the desugared return statement inside
a derived constructor only returns an integer to indicate an incompatible
result.
R=cbruni@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=v8:4509
LOG=n
Review URL: https://codereview.chromium.org/1595593002
Cr-Commit-Position: refs/heads/master@{#33341}
Port for https://codereview.chromium.org/1593553002/
Original commit message:
When derived constructors return a non-object (or not undefined) we
currently throw an exception directly in the callee context. This was
achieved by desugaring the return statement for derived classes. To
be spec compliamnt a separate ConstructStubForDerived is introduced.
Instead of trowing directly, the desugared return statement inside
a derived constructor only returns an integer to indicate an incompatible
result.
BUG=v8:4509
LOG=n
Review URL: https://codereview.chromium.org/1593603002
Cr-Commit-Position: refs/heads/master@{#33340}
When derived constructors return a non-object (or not undefined) we
currently throw an exception directly in the callee context. This was
achieved by desugaring the return statement for derived classes. To
be spec compliamnt a separate ConstructStubForDerived is introduced.
Instead of trowing directly, the desugared return statement inside
a derived constructor only returns an integer to indicate an incompatible
result.
BUG=v8:4509
LOG=n
Review URL: https://codereview.chromium.org/1593553002
Cr-Commit-Position: refs/heads/master@{#33336}
Adds a ForInPrepare Runtime function which returns a triple of
cache_type, cache_array and cache_length.
This requires adding support to CEntryStub to call runtime functions
which return a ObjectTriple - a struct containing three Object*
pointers. Also did some cleanup of the x64 CEntryStub to avoid
replicated code.
Replaces the interpreter's use of the ad-hock InterpreterForInPrepare
Runtime function with ForInPrepare in preparation for fixing deopt in
BytecodeGraphBuilder for ForIn (which will be done in a followup CL).
MIPS port contributed by Balazs Kilvady <balazs.kilvady@imgtec.com>.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1576093004
Cr-Commit-Position: refs/heads/master@{#33334}
We can return the creation context of the [[BoundTargetFunction]], and
don't need to remember the context in which the function was bound.
R=verwaest@chromium.org
BUG=chromium:535408
LOG=n
Review URL: https://codereview.chromium.org/1590273002
Cr-Commit-Position: refs/heads/master@{#33332}
This refactoring removes the dependency on the Token class from the
assembler.h header file, the utility function in question has nothing
to do with assembling in the first place.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1594443003
Cr-Commit-Position: refs/heads/master@{#33330}
That way, we don't have to implement the fast <-> slow migration logic,
and we don't allocate in-object properties anyways
BUG=chromium:571365
R=verwaest@chromium.org,neis@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1582773003
Cr-Commit-Position: refs/heads/master@{#33328}
Unify Object::ToObject and Execution::ToObject, and unify all users to
go to Object::ToObject directly. Also remove some dead code from the
frame details debug API.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1589323002
Cr-Commit-Position: refs/heads/master@{#33327}
Those counters will be incremented concurrently during parallel evacuation of
newspace. This change makes sure we do the updates atomically.
Note that actual reasoning about them happens sequentially on the main thread.
BUG=chromium:524425
LOG=N
R=ulan@chromium.org
Review URL: https://codereview.chromium.org/1585843010
Cr-Commit-Position: refs/heads/master@{#33326}
This splits out the SourcePosition class into a separate header file.
Reason for this refactoring is that said class is mostly used by the
Crankshaft compiler and not needed for all compilers. Also having the
assembler depend on the class creates a dependency cycle.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1581083009
Cr-Commit-Position: refs/heads/master@{#33325}
It is only used locally when exempting pages from the store buffer. This use
case can be replaced with a hashmap at the call site.
BUG=chromium:524425
LOG=N
R=ulan@chromium.org
Review URL: https://codereview.chromium.org/1593583002
Cr-Commit-Position: refs/heads/master@{#33324}
The Object.getOwnPropertySymbols() calls into C++ at least once on every
possible path, so no point in having the JavaScript wrapper.
Drive-by-cleanup: Also move Symbol.prototype creation to C++ as well.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1587153003
Cr-Commit-Position: refs/heads/master@{#33318}
This avoids manual, fragile assignment to Parser::scope_. And once all such
assignments are removed, BlockState might become much more valuable as
a place to reset scope-related state.
Also remove unnecessary nullptr checks after calls to FinalizeBlockScope.
Review URL: https://codereview.chromium.org/1583453003
Cr-Commit-Position: refs/heads/master@{#33313}
Previous changes with subclassable builtins and @@species were a bit
aggressive in making TypedArray.prototype.subarray act like the
ES2016 specification in terms of returning an instance of the
subclass as a result. It turns out that Node.js, and extracted
libraries for the web, subclass TypedArrays but don't expect the
subclass constructor to be called by subarray. @@species will provide
an escape hatch, but it has not shipped yet, and will take some time
for uptake by libraries.
For now, this patch makes TypedArray.prototype.subarray fall back to
constructing an instance of the parent TypedArray class, such as
Uint8Array.
R=adamk
LOG=Y
BUG=v8:4665
Review URL: https://codereview.chromium.org/1583773005
Cr-Commit-Position: refs/heads/master@{#33312}
This avoids generating different scopes on the two compilation passes, which
results in various delirious side-effects.
There's some cleanup to be done in lazy arrow function parsing, but I'd
rather do that in a separate patch, with this one targeted at fixing the
particular crash.
BUG=chromium:572589
LOG=n
Review URL: https://codereview.chromium.org/1575333004
Cr-Commit-Position: refs/heads/master@{#33311}
Respective declarations will explicitly initialise slots
with the hole anyway, so this always was unnecessary.
With varblocks it even became wrong, because block contexts
may now host var bindings, which want undefined.
Fixes the hole leaking when accessing an unitialised,
block-context-allocated var.
R=neis@chromium.org
BUG=571149
LOG=N
Review URL: https://codereview.chromium.org/1584243002
Cr-Commit-Position: refs/heads/master@{#33309}
In short, array literals containing spreads, when used as expressions,
are rewritten using do expressions. E.g.
[1, 2, 3, ...x, 4, ...y, 5]
is roughly rewritten as:
do {
$R = [1, 2, 3];
for ($i of x) %AppendElement($R, $i);
%AppendElement($R, 4);
for ($j of y) %AppendElement($R, $j);
%AppendElement($R, 5);
$R
}
where $R, $i and $j are fresh temporary variables.
R=rossberg@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1564083002
Cr-Commit-Position: refs/heads/master@{#33307}
As luck would have it, there doesn't seem to be a way to trigger
observable misbehavior currently (only with special flags).
BUG=chromium:380671
LOG=n
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/1588013002
Cr-Commit-Position: refs/heads/master@{#33305}
This is the first of several commits to contribute Linux on z Systems
(s390/s390x) port of V8. We will be breaking up the changes into several
(hopefully) logical commits.
This commit contains the changes to V8 Makefile and build toolchains to
introduce S390 macros and compiler options. Just for awareness for reviewers
is that s390 is 31-bit (not 32!) big-endian platform on Linux on z. (MSB of address
is used to distinguish between 24-bit vs 31-bit addressing!) s390x is
64-bit Linux on z. Names follow the general linux convention on the platform.
A quick roadmap on upcoming commits:
- Add \#include of S390 header files in common files
- S390 related tests + tooling changes
- printf macro for printing size_t values.
- S390 platform-specific code generation code (bulk of changes!)
R=danno@chromium.org,svenpanne@chromium.org,michael_dawson@ca.ibm.com,jyan@ca.ibm.com,mtbrandyberry@ca.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1585813002
Cr-Commit-Position: refs/heads/master@{#33304}
We were sometimes losing a splintering opportunity when a range was
ending at the beginning of a hot (==non-deferred) block, when giving
its value to some fixed range - i.e. a fixed operand of the first instruction
in that hot block.
Renamed 2 APIs to better reflect what their intent is.
Added self-checking when introducing moves connecting ranges, to
ensure we don't spill/fill in hot blocks ranges spilled only in deferred
blocks. Verified locally that these checks would have tripped in a few
cases before this change.
BUG=
Review URL: https://codereview.chromium.org/1564583002
Cr-Commit-Position: refs/heads/master@{#33301}
This patch implements eager expression rewriting when parsing. It will
be used for desugaring spreads but may have other uses in the future.
We call Traits::RewriteExpression as soon as we realise that something
parsed as an expression is actually used as an expression (and not as
a pattern). This patch adds a dummy implementation for this function,
doing no rewriting at all, and adds the trigers in the right places of
the parser.
R=rossberg@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1567603005
Cr-Commit-Position: refs/heads/master@{#33300}
When reserving a stack slot for the receiver, push an Immediate(0)
rather than a register that contains an untagged integer.
All other platforms push zero already.
Review URL: https://codereview.chromium.org/1585183002
Cr-Commit-Position: refs/heads/master@{#33299}
Split RegisterAllocationScope out of ExpressionResult and allocate one
for each statement. This ensures that we always have an outer register
allocation scope for statement code (used in CountOperation and
RegisterExecutionResult). Also refactored the register allocator code to
move it to it's own file and rename from TemporaryRegisterScope to
BytecodeRegisterAllocator.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1587033002
Cr-Commit-Position: refs/heads/master@{#33296}
CompatibleReceiverCheck used by the HandleFastApiCall builtin was terminating with failure upon encountering a hidden prototype.
It should actually stop iterating on the first non-hidden prototype.
BUG=
Review URL: https://codereview.chromium.org/1576423003
Cr-Commit-Position: refs/heads/master@{#33294}
This restores the case that was removed by
commit f0e41175fd
Author: jarin <jarin@chromium.org>
Date: Tue Jan 5 03:56:04 2016 -0800
[turbofan] Bidirectional representation inference.
BUG=v8:4667
LOG=n
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1584913003
Cr-Commit-Position: refs/heads/master@{#33292}
This solves a bug discovered with fast accessors, where a pre-age prologue
was written into a stub. Since StaticMarkingVisitor<.>::IsFlushable will
only flush Code::FUNCTION [1], we'll restrict GeneratePreagedPrologue to
functions, too, instead of adding a Code::STUB restriction.
Also, generalize api accessor test cases to --optimize-for-size.
Also, fix CompilationCacheCachingBehavior for --optimize-for-size.
[1] https://code.google.com/p/chromium/codesearch#chromium/src/v8/src/heap/objects-visiting-inl.h&l=629-632
R=epertoso
BUG=
Review URL: https://codereview.chromium.org/1580323003
Cr-Commit-Position: refs/heads/master@{#33291}
Apparently, some StateValues have other StateValues as input. This
CL makes escape analysis transformation phase aware of it.
R=mstarzinger@chromium.org
BUG=v8:4586
LOG=n
Review URL: https://codereview.chromium.org/1581183004
Cr-Commit-Position: refs/heads/master@{#33285}
Support inlining across bound functions in the JSCallReducer when we
specialize to the native context. This basically removes all overhead
from bound functions in TurboFan and gives another speed of 10x on my
microbenchmark.
BUG=chromium:535408, chromium:571299, v8:4629
R=jarin@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1581343002
Cr-Commit-Position: refs/heads/master@{#33283}
On Intel, xchg stalls the pipeline. We use xchg to implement swap
moves. In a separate exploration, the presence of xchg in a very hot
loop, due to a change in register allocation, lead to over 20% regression.
Simply changing that instruction with push/mov/pop (almost) eliminated
the regression.
In light of that, I removed uses of xchg. This leads to more instructions,
though. That is particularly problematic for long cycles, which, today,
we translate to successions of swaps.
I plan to address this cycle issue in a separate change. For now, the
goal is to unblock the initial work that lead here.
Review URL: https://codereview.chromium.org/1580233003
Cr-Commit-Position: refs/heads/master@{#33282}
port 322ffda30d (r33265)
original commit message:
Also migrate the Number constructor to a native builtin, using the
same mechanism already used by the String constructor. Otherwise just
parsing and compiling the Number constructor to optimized code already
eats 2ms on desktop for no good reason, and the resulting optimized
code is not even close to awesome.
Drive-by-fix: Use correct context for the [[Construct]] case of the
String constructor as well, and share some code with it.
BUG=
Review URL: https://codereview.chromium.org/1581313002
Cr-Commit-Position: refs/heads/master@{#33280}
port 12bcba1543 (r33258)
original commit message:
The API functions are always in sloppy mode, so receiver is always a
JSReceiver once the actual call trampoline runs, no need to check again
in various places.
BUG=
Review URL: https://codereview.chromium.org/1582173002
Cr-Commit-Position: refs/heads/master@{#33278}
Port 322ffda30d
Original commit message:
Also migrate the Number constructor to a native builtin, using the
same mechanism already used by the String constructor. Otherwise just
parsing and compiling the Number constructor to optimized code already
eats 2ms on desktop for no good reason, and the resulting optimized
code is not even close to awesome.
Drive-by-fix: Use correct context for the [[Construct]] case of the
String constructor as well, and share some code with it.
R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1583903002
Cr-Commit-Position: refs/heads/master@{#33272}
exception operand in a handler block. This avoids confusing
unrelated ranges, which may happen if escape analysis elides
the exception operand.
BUG=chromium:576195
LOG=N
Review URL: https://codereview.chromium.org/1579603005
Cr-Commit-Position: refs/heads/master@{#33271}
Removes assignment hazard scope. Reverts back to the naive scheme of
allocating a temporary for every variable load. It was decided to revert it
because the current implementation does not handle logical expressions,
ternary operators, visiting objects in named/keyed loads. Also, we wanted
to evaluate alternate approaches and choose one when we have a mechanism
to measure performance.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1576403004
Cr-Commit-Position: refs/heads/master@{#33269}
Once we use type feedback, we need to reflect the feedback in the types, propagate
the new narrower types forward and use them in the subsequent
representation inference. This CL propagates and uses the recomputed types
for Phi and Select nodes (rather than using the types from the typer).
Review URL: https://codereview.chromium.org/1580353003
Cr-Commit-Position: refs/heads/master@{#33268}
This bug improves performance of escape analysis.
* A allocation discovery phase (EscapeAnalysis::AssignAliases)
ensures compact representation of virtual state
* Node revisiting in EscapeStatusAnalysis has been improved
* Escape analysis no longer requires a trimmed graph
BUG=v8:4586
LOG=n
Review URL: https://codereview.chromium.org/1559123003
Cr-Commit-Position: refs/heads/master@{#33267}
Also migrate the Number constructor to a native builtin, using the
same mechanism already used by the String constructor. Otherwise just
parsing and compiling the Number constructor to optimized code already
eats 2ms on desktop for no good reason, and the resulting optimized
code is not even close to awesome.
Drive-by-fix: Use correct context for the [[Construct]] case of the
String constructor as well, and share some code with it.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1573243009
Cr-Commit-Position: refs/heads/master@{#33265}
ReportFailedAccessCheck() sometimes doesn't throw an exception (it's up
to the embedder). Pretend that OrdinaryDefineOwnProperty() succeeded in
that case. This is consistent with existing behavior of other methods:
- JSObject::DefineOwnPropertyIgnoreAttributes
- JSObject::SetPropertyWithFailedAccessCheck
- Object::SetPropertyWithAccessor
See also commit f66c3f5c35.
BUG=chromium:574217
LOG=n
R=neis@chromium.org
Review URL: https://codereview.chromium.org/1580823002
Cr-Commit-Position: refs/heads/master@{#33262}
The API functions are always in sloppy mode, so receiver is always a
JSReceiver once the actual call trampoline runs, no need to check again
in various places.
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/1575973006
Cr-Commit-Position: refs/heads/master@{#33258}
Failing to do so results in out-of-date marking information, because live bytes
is not properly adjusted.
This CL adds support for right trimming ByteArray and properly DCHECKs that we
do not left trim ByteArray (as we already do for FixedTypedArrayBase).
BUG=
Review URL: https://codereview.chromium.org/1577263003
Cr-Commit-Position: refs/heads/master@{#33252}
The hash calculation was dependent on upper part of |inner_pointer| and caused non-deterministic cache miss events which in turn caused non-deterministic progress of pages sweeping (see GcSafeFindCodeForInnerPointer()).
Review URL: https://codereview.chromium.org/1582573002
Cr-Commit-Position: refs/heads/master@{#33246}
There's no need to mark these as possibly-direct-eval, since all such an
eval-tagged string will ever get passed is the array of string parts, which
will be immediately returns (since it's not a string). It will
never do a lookup in the current scope, nor (in sloppy mode) introduce
new declarations.
This patch is not intended to change behavior, but I've added tests that
demonstrate the stuff explained in the preceding paragraph.
Review URL: https://codereview.chromium.org/1580463003
Cr-Commit-Position: refs/heads/master@{#33245}
This fixes a number of crashes where other code was assuming there would
be at least one deopt point in all optimized functions (i.e., the
StackCheck) but we weren't producing any.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1572333002
Cr-Commit-Position: refs/heads/master@{#33243}
No need to distribute the setup of the Function global property across
three different places, instead do everything in a single place during
bootstrapping.
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/1577703005
Cr-Commit-Position: refs/heads/master@{#33242}
That will allow for adding private symbols to JSProxies in a follow-up
change
BUG=chromium:571365
R=neis@chromium.org,verwaest@chromium.org,rossberg@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1575423002
Cr-Commit-Position: refs/heads/master@{#33241}
Adds support for LOOKUP_SLOT_CALL calls to the interpreter. Also changes
VisitCall to keep callee and reciever consecutive to avoid register
shuffles when performing LOOKUP_SLOT_CALL calls. Adds tests for the
interpreter and bytecode graph generator.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1568323002
Cr-Commit-Position: refs/heads/master@{#33237}
- Simplify the variable-length pop sequence on entry. (It now uses
smaller code with no branches.)
- Use conditional compare to merge branches where appropriate.
- Make use of Ldrsw + UntagSmiFieldMemOperand to load smis more
efficiently.
- Only load 'undefined' and 'null' once per builtin.
- A few other small improvements.
BUG=
Review URL: https://codereview.chromium.org/1576403002
Cr-Commit-Position: refs/heads/master@{#33235}
We use a scratchpad to remember visited allocation sites for post processing
(making tenure decisions). The previous implementation used a rooted FixedArray
with constant length (256) to remember all sites. Updating the scratchpad is a
bottleneck in any parallel/concurrent implementation of newspace evacuation.
The new implementation uses a HashMap with allocation sites as keys and
temporary counts as values. During evacuation we collect a local hashmap of
visited allocation sites. Upon merging the local hashmap back into a global one
we update potential forward pointers of compacted allocation sites. The
scavenger can directly enter its entries into the global hashmap. Note that the
actual memento found count is still kept on the AllocationSite as it needs to
survive scavenges and full GCs.
BUG=chromium:524425
LOG=N
R=hpayer@chromium.org
Review URL: https://codereview.chromium.org/1535723002
Cr-Commit-Position: refs/heads/master@{#33233}
This migrates the remaining Date builtins to C++ and removes obsolete
intrinsics and JavaScript wrappers. This reduces the overhead imposed
by the Date builtins, and will allow us to optimize them later in the
TurboFan compiler, while the interpreter doesn't need to worry about
them.
R=yangguo@chromium.org
BUG=chromium:576574
LOG=n
Committed: https://crrev.com/1e51af1a5c80b1650de47dd4bc8f846fa2d85281
Cr-Commit-Position: refs/heads/master@{#33228}
Review URL: https://codereview.chromium.org/1579613002
Cr-Commit-Position: refs/heads/master@{#33231}
Reason for revert:
[Sheriff] Breaks https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20noi18n%20-%20debug/builds/5711
Original issue's description:
> [builtins] Refactor the remaining Date builtins.
>
> This migrates the remaining Date builtins to C++ and removes obsolete
> intrinsics and JavaScript wrappers. This reduces the overhead imposed
> by the Date builtins, and will allow us to optimize them later in the
> TurboFan compiler, while the interpreter doesn't need to worry about
> them.
>
> R=yangguo@chromium.org
> BUG=chromium:576574
> LOG=n
>
> Committed: https://crrev.com/1e51af1a5c80b1650de47dd4bc8f846fa2d85281
> Cr-Commit-Position: refs/heads/master@{#33228}
TBR=yangguo@chromium.org,bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:576574
Review URL: https://codereview.chromium.org/1574223002
Cr-Commit-Position: refs/heads/master@{#33230}
This migrates the remaining Date builtins to C++ and removes obsolete
intrinsics and JavaScript wrappers. This reduces the overhead imposed
by the Date builtins, and will allow us to optimize them later in the
TurboFan compiler, while the interpreter doesn't need to worry about
them.
R=yangguo@chromium.org
BUG=chromium:576574
LOG=n
Review URL: https://codereview.chromium.org/1579613002
Cr-Commit-Position: refs/heads/master@{#33228}
This patch makes Promise.prototype.then use @@species as specified
in ES2015. The fix is hoped for by certain users, such as legacy
core.js versions which encounter an unhandled Promise reject (complete
with an ugly console message) when Promise subclassing is supported
in a mostly correct way, and we do error checking on Promise
constructors, but @@species is not supported.
BUG=chromium:575314,v8:4633
LOG=Y
R=adamk
Review URL: https://codereview.chromium.org/1577223002
Cr-Commit-Position: refs/heads/master@{#33225}
This CL introduces ExternalStringResourceBase::IsCompressible.
This CL is a preparation for CompressibleString, which can
be compressed for memory reduction in Blink. We've found that
JavaScript strings account for a relatively large part of Blink
memory usage, and we are now trying to replace JavaScript String/
AtomicString with CompressibleString.
When a string is compressed, the original char data is deleted
and V8 pointer cache becomes invalid. This CL introduces
isCompressible property and if an external string's isCompressble
return true, this is stored short_external_*_map instead of
external_*_map so that V8 always requires the char pointer whenever
V8 needs the string data.
BUG=chromium:574317
LOG=n
Review URL: https://codereview.chromium.org/1490193002
Cr-Commit-Position: refs/heads/master@{#33224}
This patch improves ArrayBuffer and TypedArray subclassing by adding
support for @@species and constructing outputs to certain methods
by creating an instance of the constructor determined by the
SpeciesConstructor algorithm, rather than fixed to a superclass or
naively the constructor. The new behavior is enabled by the
--harmony-species flag. Care is taken to not significantly change the
observable behavior when the flag is off. Previously, TypedArrays
already supported subclassing by reading the constructor of the
receiver, but ArrayBuffers did not, and this old behavior is
preserved and tested for, to avoid a multi-stage upgrade path and keep
things simple for users.
R=adamk
BUG=v8:4093
LOG=Y
Review URL: https://codereview.chromium.org/1574903004
Cr-Commit-Position: refs/heads/master@{#33223}
Besides reducing code duplication, this makes it easier to change the
implementation, which may be necessary to properly support eval calls
in arrow function parameter initializers.
Review URL: https://codereview.chromium.org/1573363002
Cr-Commit-Position: refs/heads/master@{#33219}
This patch moves the semantics of 'const' in sloppy mode to match those
in strict mode, that is, const makes lexical (let-like) bindings, must
have an initializer, and does not create properties of the global object.
R=adamk
LOG=Y
BUG=v8:3305
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1571873004
Cr-Commit-Position: refs/heads/master@{#33218}
As V8 becomes more and more spec-compliant, Promise polyfill libraries
like core.js expect fully correct. However, our Promises do not yet
support Symbol.species. Therefore, a case like
```
var test = new Promise(function(){});
test.constructor = function(){};
Promise.resolve(test)
```
would lead to an unhandled Promise rejection, whereas it should not
because test.constructor[Symbol.species] is undefined, so test.then
should end up constructing %Promise% as a fallback, rather than
calling test.constructor as if it were a constructor, which leads
this error checking code to throw.
For now, this patch removes the error checking code (which was not
present until recently). In an interactive test using core.js, the
error message on the console goes away with this patch. When @@species
support is in place, this patch can be reverted. A regression test
is added which checks for the same thing.
Partially reverted patch was originally out for review at
https://codereview.chromium.org/1531073004
BUG=v8:4633
LOG=Y
R=adamk,caitp88@gmail.com
Review URL: https://codereview.chromium.org/1578893002
Cr-Commit-Position: refs/heads/master@{#33217}
Does not remove the extra private state added, as doing so seems to break the
debugger.
Fixes new Test262 tests:
- built-ins/Promise/race/same-resolve-function
- built-ins/Promise/race/same-reject-function
BUG=v8:4632
LOG=N
R=littledan@chromium.org, cbruni@chromium.org
Review URL: https://codereview.chromium.org/1538853002
Cr-Commit-Position: refs/heads/master@{#33214}
This CL changes the color for encoding black and grey. Moreover, it introduces a higher level live object iterator.
BUG=chromium:561449
LOG=n
Review URL: https://codereview.chromium.org/1517993003
Cr-Commit-Position: refs/heads/master@{#33208}
A concurrent sweeper thread can access the same markbit cell as the main thread
during right trimming a fixed array, resulting in a data race on a markbit cell.
Previously we checked whether we were currently marking incrementally, filtering
out this case.
The current check has the benefit of keeping live_bytes accurate (modulo other
bugs) until the sweeper starts.
BUG=chromium:576193
LOG=N
Review URL: https://codereview.chromium.org/1576853002
Cr-Commit-Position: refs/heads/master@{#33203}
Escape analysis will eliminate the context, if possible. Materialization
must then ensure that the materialized object has the right map, and that
the context register is set accordingly.
R=jarin@chromium.org
BUG=569530,v8:4586
LOG=n
Review URL: https://codereview.chromium.org/1572293002
Cr-Commit-Position: refs/heads/master@{#33201}
In particular, Claim doesn't work with a negative size, so ensure that
it is positive.
BUG=
Review URL: https://codereview.chromium.org/1565193002
Cr-Commit-Position: refs/heads/master@{#33198}
port fc5c7e0486 (r33172)
original commit message:
There's no reason to have JavaScript wrappers for those accessors,
since the meat is already in hand-written native code (via %_DateField).
First step now to put them into native builtins. Next step will be to
completely remove %_DateField.
BUG=
Review URL: https://codereview.chromium.org/1576813003
Cr-Commit-Position: refs/heads/master@{#33196}
Removed unused name_ field, made bitfield 16-bits long, and moved it to
the start of the struct, resulting in a reduction of 8 bytes on both
32 and 64-bit platforms.
Most other changes (which prompted this work) are cosmetic:r
- Combined redundant enums
- Named enum values kConsistently
- Consistently use booleans in bitfield, using enum values
only for passing information into NewFunctionLiteral
- Removed unneeded arguments from NewFunctionLiteral, reducing
clutter at callsites
- Added const correctness consistently
Review URL: https://codereview.chromium.org/1566053002
Cr-Commit-Position: refs/heads/master@{#33194}
Port fc5c7e0486
Original commit message:
There's no reason to have JavaScript wrappers for those accessors,
since the meat is already in hand-written native code (via %_DateField).
First step now to put them into native builtins. Next step will be to
completely remove %_DateField.
BUG=
TEST=test262/built-ins/Date/prototype/toISOString/15.9.5.43-0-10, test262/built-ins/Date/prototype/toISOString/15.9.5.43-0-11, test262/built-ins/Date/S15.9.3.1_A5_T1
Review URL: https://codereview.chromium.org/1569353002
Cr-Commit-Position: refs/heads/master@{#33191}
