the .eh_frame format as part of the jitdump generated when
FLAG_perf_prof is enabled. The final goal is allowing precise unwinding
of callchains that include JITted code when profiling V8 using perf.
Unwinding information is stored in the body of code objects after the
code itself, prefixed with its length and aligned to a 8-byte boundary.
A boolean flag in the header signals its presence, resulting in zero
memory overhead when the generation of unwinding info is disabled or
no such information was attached to the code object.
A new jitdump record type (with id 4) is introduced for specifying
optional unwinding information for code load records. The EhFrameHdr
struct is also introduced, together with a constructor to initialise it
from the associated code object.
At this stage no unwinding information is written to the jitdump, but
the infrastructure for doing so is ready in place.
BUG=v8:4899
LOG=N
Review-Url: https://codereview.chromium.org/1993653003
Cr-Commit-Position: refs/heads/master@{#37296}
- Add a const bool kSimpleFPAliasing variable for each platform so it's
easier for the compiler to eliminate dead code.
- Modify RegisterAllocator to use it.
LOG=N
BUG=v8:4124
Review-Url: https://codereview.chromium.org/2101473002
Cr-Commit-Position: refs/heads/master@{#37288}
port f5b83dec4e (r37061)
original commit message:
As a first step towards showing builtin frames in stack traces, we will now
push target and new target unconditionally.
Since the various specializations of BuiltinArguments are made redundant by
this change, we can remove them and all related code.
BUG=
Review-Url: https://codereview.chromium.org/2095323002
Cr-Commit-Position: refs/heads/master@{#37282}
port 198e09de5a (r37053)
original commit message:
Construct a BUILTIN frame before throwing an exception from runtime.
BUG=
Review-Url: https://codereview.chromium.org/2094223002
Cr-Commit-Position: refs/heads/master@{#37275}
port f47b9e9810 (r37051)
original commit message:
This adds a new BUILTIN frame type, which supports variable number of
arguments for builtins implemented in hand-written native code (we will
extend this mechanism to TurboFan builtins at some point). Convert the
Math.max and Math.min builtins to construct a BUILTIN frame if required.
This does not yet work for C++ builtins, but that'll be the next step.
BUG=
Review-Url: https://codereview.chromium.org/2096283003
Cr-Commit-Position: refs/heads/master@{#37270}
port d5f2ac5e33 (r37047)
original commit message:
Import base::ieee754::exp() from FreeBSD msun and introduce a Float64Exp
TurboFan operator based on that, similar to what we do for Float64Log.
Rewrite Math.exp() as TurboFan builtin and use that operator to also
inline Math.exp() into optimized TurboFan functions.
BUG=
Review-Url: https://codereview.chromium.org/2096283002
Cr-Commit-Position: refs/heads/master@{#37269}
port c5e3c9bf56 (r37011)
original commit message:
Only Intel needed changes, arm and mips work as expected.
BUG=
Review-Url: https://codereview.chromium.org/2094143003
Cr-Commit-Position: refs/heads/master@{#37267}
port 2d1f977c93 (r36978)
original commit message:
Support for relocatable globals, to facilitate compilation before
instantiation.
BUG=
Review-Url: https://codereview.chromium.org/2096273002
Cr-Commit-Position: refs/heads/master@{#37266}
port e95cfafb67 (r36917)
original commit message:
This fixes FastNewStrictArgumentsStub and FastNewRestParameterStub to no
longer assume that the strict arguments object being allocated will fit
into new-space. The case where said object needs to move to large object
space is now handled in the runtime.
BUG=
Review-Url: https://codereview.chromium.org/2100003002
Cr-Commit-Position: refs/heads/master@{#37263}
port c8ac0d8693f559795eeb3f3aaf386dde166fb2ab(r36888)
original commit message:
Instead, always tail call to the runtime. Also, cleanup the various versions
of the runtime call that is used for Array construction fallback. There can be
only one.
BUG=
Review-Url: https://codereview.chromium.org/2080223009
Cr-Commit-Position: refs/heads/master@{#37243}
Port fc59eb8a7a
Original commit message:
Moves between operands with different representations shouldn't happen,
so don't test them. This makes it easier to modify canonicalization to
differentiate between floating point types, which is needed to support
floating point register aliasing for ARM and MIPS.
This change also expands tests to include explicit FP moves (both register and stack slot).
LOG=N
BUG=v8:4124
BUG=chromium:622619
Review-Url: https://codereview.chromium.org/2090993002
Cr-Commit-Position: refs/heads/master@{#37241}
Reason for revert:
This breaks gc-stress bot: https://chromegw.corp.google.com/i/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot
#
# Fatal error in ../../src/heap/mark-compact.cc, line 3715
# Check failed: Page::FromAddress(reinterpret_cast<HeapObject*>(*slot)->address()) ->IsFlagSet(Page::PAGE_NEW_NEW_PROMOTION).
#
I can reproduce locally, and local revert also fixes it -> revert.
Reproduce with:
out/Debug/d8 --test --random-seed=2140216864 --nohard-abort --nodead-code-elimination --nofold-constants --enable-slow-asserts --debug-code --verify-heap --allow-natives-syntax --harmony-tailcalls test/mjsunit/mjsunit.js test/mjsunit/es6/tail-call-megatest-shard2.js --gc-interval=500 --stress-compaction --concurrent-recompilation-queue-length=64 --concurrent-recompilation-delay=500 --concurrent-recompilation
(Maybe run in loop; it's flaky when broken; but passes reliably w/ revert.)
Original issue's description:
> Reland [heap] Avoid the use of cells to point from code to new-space objects.
>
> The reason for reverting was: [Sheriff] Breaks arm debug:
> https://build.chromium.org/p/client.v8.ports/builders/V8%20Linux%20-%20arm%20-%20sim%20-%20debug/builds/1038.
>
> The problem was the dereferencing of handles for smi checks. It turned out
> that these smi checks can be removed anyways, both on arm and on mips.
>
> Additionally some rebasing was necessary.
>
> Original issue's description:
>
> Cells were needed originally because there was no typed remembered set to
> record direct pointers from code space to new space. A previous
> CL (https://codereview.chromium.org/2003553002/) already introduced
> the remembered set, this CL uses it.
>
> This CL
> * stores direct pointers in code objects, even if the target is in new space,
> * records the slot of the pointer in typed-old-to-new remembered set,
> * adds a list which stores weak code-to-new-space references,
> * adds a test to test-heap.cc for weak code-to-new-space references,
> * removes prints in tail-call-megatest.js
>
> R=mlippautz@chromium.org
>
> Committed: https://crrev.com/5508e16592522658587da71ba6743c8e832fe4d1
> Cr-Commit-Position: refs/heads/master@{#37217}
TBR=mlippautz@chromium.org,ahaas@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2090983002
Cr-Commit-Position: refs/heads/master@{#37221}
The reason for reverting was: [Sheriff] Breaks arm debug:
https://build.chromium.org/p/client.v8.ports/builders/V8%20Linux%20-%20arm%20-%20sim%20-%20debug/builds/1038.
The problem was the dereferencing of handles for smi checks. It turned out
that these smi checks can be removed anyways, both on arm and on mips.
Additionally some rebasing was necessary.
Original issue's description:
Cells were needed originally because there was no typed remembered set to
record direct pointers from code space to new space. A previous
CL (https://codereview.chromium.org/2003553002/) already introduced
the remembered set, this CL uses it.
This CL
* stores direct pointers in code objects, even if the target is in new space,
* records the slot of the pointer in typed-old-to-new remembered set,
* adds a list which stores weak code-to-new-space references,
* adds a test to test-heap.cc for weak code-to-new-space references,
* removes prints in tail-call-megatest.js
R=mlippautz@chromium.org
Review-Url: https://codereview.chromium.org/2091733002
Cr-Commit-Position: refs/heads/master@{#37217}
This runtime function now also works for Ignition generators. It returns the
source position of the yield at which a suspended generator got suspended. This
works by storing the current bytecode offset at suspension and using an existing
mechanism to map it back to a source position.
TBR=littledan@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2079613003
Cr-Commit-Position: refs/heads/master@{#37140}
Reason for revert:
[Sheriff] Breaks arm debug:
https://build.chromium.org/p/client.v8.ports/builders/V8%20Linux%20-%20arm%20-%20sim%20-%20debug/builds/1038
Original issue's description:
> [heap] Avoid the use of cells to point from code to new-space objects.
>
> Cells were needed originally because there was no typed remembered set to
> record direct pointers from code space to new space. A previous
> CL (https://codereview.chromium.org/2003553002/) already introduced
> the remembered set, this CL uses it.
>
> This CL
> * stores direct pointers in code objects, even if the target is in new space,
> * records the slot of the pointer in typed-old-to-new remembered set,
> * adds a list which stores weak code-to-new-space references,
> * adds a test to test-heap.cc for weak code-to-new-space references,
> * removes prints in tail-call-megatest.js
>
> R=ulan@chromium.org
>
> Committed: https://crrev.com/2d2087b79a293a92a6ed34a2775e481ff2173b3c
> Cr-Commit-Position: refs/heads/master@{#37134}
TBR=titzer@chromium.org,ulan@chromium.org,ahaas@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2087463004
Cr-Commit-Position: refs/heads/master@{#37139}
Cells were needed originally because there was no typed remembered set to
record direct pointers from code space to new space. A previous
CL (https://codereview.chromium.org/2003553002/) already introduced
the remembered set, this CL uses it.
This CL
* stores direct pointers in code objects, even if the target is in new space,
* records the slot of the pointer in typed-old-to-new remembered set,
* adds a list which stores weak code-to-new-space references,
* adds a test to test-heap.cc for weak code-to-new-space references,
* removes prints in tail-call-megatest.js
R=ulan@chromium.org
Review-Url: https://codereview.chromium.org/2045263002
Cr-Commit-Position: refs/heads/master@{#37134}
port 3cfcc7e111 (r36786)
original commit message:
It may be that we have a feedback vector, but no literals. In this case
we can store into the OptimizedCodeMap directly instead of using a WeakCell,
because all data in the feedback vector is already held weakly.
The use of a WeakCell in the OptimizedCodeMap is only required when
there are literals which may hold maps strongly.
This is to address a performance regression caused by the creation of
a large number of WeakCells.
BUG=
Review-Url: https://codereview.chromium.org/2081663004
Cr-Commit-Position: refs/heads/master@{#37123}
LoadICState was used to hold the TypeofMode flag which is relevant only for LoadGlobalIC.
This CL removes usage of this state from LoadIC and KeyedLoadIC and renames the state
class to LoadGlobalICState.
BUG=chromium:576312
LOG=Y
Review-Url: https://codereview.chromium.org/2065373003
Cr-Commit-Position: refs/heads/master@{#37033}
The new approach is that instead of compiling custom handlers for
every global object's PropertyCell it uses single dispatcher that
caches PropertyCells in respective slot of the feedback vector.
Currently the new LoadGlobalIC machinery is disabled.
This CL also removes unused LoadGlobalViaContext* stuff.
BUG=chromium:576312
LOG=Y
Review-Url: https://codereview.chromium.org/2065113002
Cr-Commit-Position: refs/heads/master@{#37002}
This makes sure we do not compile ToNumber stub on demand. This makes it
easier to use during concurrent compilation.
Review-Url: https://codereview.chromium.org/2051113002
Cr-Commit-Position: refs/heads/master@{#36870}
Since some builtins use StringToNumberStub (so the code is always there),
it makes more sense to have StringToNumber builtin.
Review-Url: https://codereview.chromium.org/2050853003
Cr-Commit-Position: refs/heads/master@{#36843}
This speeds up .bind by >10x as measured by
function f(a,b,c) {}
for (var i = 0; i < 10000000; i++) {
f.bind(1); // or more arguments.
}
(Uses hydrogen-stubs rather than TF due to var-args + possible runtime fallback, which is still unsupported in TF.)
BUG=
Review-Url: https://codereview.chromium.org/2044113002
Cr-Commit-Position: refs/heads/master@{#36817}
Passing in the isolate and pointer compare the instnance against the
corresponding constant is always faster than decoding the instance types.
BUG=
Review-Url: https://codereview.chromium.org/2028983002
Cr-Commit-Position: refs/heads/master@{#36744}
port 471893ccec (r36649)
original commit message:
GenerateSmiToDouble on ia32 assumes that it is called from a JSFrame and can restore
the context from the StandardFrameConstants::kContextObject. In the case of the
interpreter it is called from a interpreter handler stub frame which doesn't
push the context onto it's frame. Instead, push and pop esi to explicitly restore it
correctly.
BUG=
Review-Url: https://codereview.chromium.org/2036083003
Cr-Commit-Position: refs/heads/master@{#36702}
port 63ea3a5009 (r36599)
original commit message:
Previously, we used the lowest bit for something else.
BUG=
Review-Url: https://codereview.chromium.org/2032063003
Cr-Commit-Position: refs/heads/master@{#36701}
This CL introduces a DECLARE_DEFAULT_DESCRIPTOR macro that helps defining a CallInterfaceDescriptor in a cases where it is not important which registers to use for passing arguments. One can use such descriptors for new TurboFan stubs.
HasPropertyDescriptor now uses the new machinery.
Review-Url: https://codereview.chromium.org/2002143002
Cr-Commit-Position: refs/heads/master@{#36675}
port 91c88644dc (r36539)
original commit message:
We get less "pollution" of type feedback if we have one vector per native
context, rather than one for the whole system. This CL moves the vector
appropriately.
BUG=
Review-Url: https://codereview.chromium.org/2019263002
Cr-Commit-Position: refs/heads/master@{#36570}
This was initially used to special case some weird date.js behavior, but
has since been abused in other areas. In case of the string character
access, everything that is outside the Smi range cannot be a valid
string index anyways, so %NumberToSmi is perfect here in either case,
and for ToPositiveInteger it's better to just use ToInteger adding +0 to
turn -0 into +0.
R=ishell@chromium.org
BUG=v8:5049
Review-Url: https://codereview.chromium.org/2010183003
Cr-Commit-Position: refs/heads/master@{#36545}
For cross-compiler-compatibility and standards compliance %p
requires a void*, rather than any pointer type.
BUG=chromium:474921
Review-Url: https://codereview.chromium.org/2001073002
Cr-Commit-Position: refs/heads/master@{#36466}
port f241a61a34 (r36360)
original commit message:
We cannot tier up from interpreted to baseline code when there is an
activation of the function on the stack. This significantly regresses
the performance of recursive functions since they are unlikely to get
tiered up.
This CL adds the ability for a function to be marked for baseline
compilation when it returns. To do this we patch the
InterpreterEntryTrampoline return address to point to
InterpreterMarkBaselineOnReturn, which leaves the
interpreted frame and recompile the function for
baseline.
This improves the score of EarlyBoyer by ~8x for Ignition.
BUG=
Review-Url: https://codereview.chromium.org/1998153002
Cr-Commit-Position: refs/heads/master@{#36396}
port 39738bc905 (r36310)
original commit message:
In order to support compiling to baseline on return we need to be able to
return to the actual return address. With this change this is what the
Return bytecode now does, removing the need for the
InterpreterExitTrampoline.
This change also removes the InterpreterNotifyDeoptXXX builtins and
unifies FCG and Igntion to both use NotifyDeoptXXX. As part of this
change, FullCodegenerator::State is moved to Deoptimize::BailoutState.
BUG=
Review-Url: https://codereview.chromium.org/1987053006
Cr-Commit-Position: refs/heads/master@{#36344}
port 551e0aa11b (r36275)
original commit message:
This adds back the instanceof operator support in the backends and
introduces a @@hasInstance protector cell on the isolate that guards the
fast path for the InstanceOfStub. This way we recover the ~10%
regression on Octane EarleyBoyer in Crankshaft and greatly improve
TurboFan and Ignition performance of instanceof.
BUG=
Review-Url: https://codereview.chromium.org/1991663002
Cr-Commit-Position: refs/heads/master@{#36303}
This makes the profiler reconstruct inlined function frames at eager
deopt points from the deoptimization data. The main goal of this is to
remove the last side-channel where Crankshaft communicates directly to
the profiler. This is the last preparatory step towards deprecating the
side-channel in question.
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/1973993002
Cr-Commit-Position: refs/heads/master@{#36229}
port 40f345416f (r36181)
original commit message:
The previous approach taken by FastNew[Sloppy,Strict,Rest]ArgumentsStub
looked at the function slot in order to skip stub frames
and find the JS frame. However, stub frames do not have a
function slot (in fact their fixed frame ends one slot
before the JS frame's function slot). Therefore, if this
location in the stub frame happens to have the function
object the create arguments stubs won't skip this frame
correctly.
Replace this approach with one where the stub is
specialized to either skip a frame if required (since
there will only ever be one extra frame on Ignition
the loop approach isn't necessary).
BUG=
Review-Url: https://codereview.chromium.org/1976483002
Cr-Commit-Position: refs/heads/master@{#36197}
This passes the inlining_id of deoptimization points via the relocation
info instead of via a side-channel to the CPU profiler. This is one step
towards deprecating the side-channel in question and avoid the need for
performing a lookup of the return address of the deopt point.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/1956693002
Cr-Commit-Position: refs/heads/master@{#36177}
port 61f5fbbb19 (r36133)
original commit message:
The new allocation folding implementation avoids fragmentation between folded allocation. As a consequence, our heap will always be iterable i.e. we do not have to perform a garbage collection
before iterating the heap.
BUG=
Review-Url: https://codereview.chromium.org/1969553003
Cr-Commit-Position: refs/heads/master@{#36158}
Rather than pushing zero for the initial bytecode offset, we should push the
offset of the first bytecode handler, Smi tagged. This fixes the line number
for the top stack frame on overflow errors.
BUG=v8:4981
LOG=N
Review-Url: https://codereview.chromium.org/1950913004
Cr-Commit-Position: refs/heads/master@{#36137}
The new allocation folding implementation avoids fragmentation between folded allocation. As a consequence, our heap will always be iterable i.e. we do not have to perform a garbage collection before iterating the heap.
BUG=chromium:580959
LOG=n
Review-Url: https://codereview.chromium.org/1899813003
Cr-Commit-Position: refs/heads/master@{#36133}
This adds a new pass MemoryOptimizer that walks over the effect chain
from Start and lowers all Allocate, LoadField, StoreField, LoadElement,
and StoreElement nodes, trying to fold allocations into allocation
groups and eliminate write barriers on StoreField and StoreElement if
possible (i.e. if the object belongs to the current allocation group and
that group allocates in new space).
R=hpayer@chromium.org, jarin@chromium.org
BUG=v8:4931, chromium:580959
LOG=n
Review-Url: https://codereview.chromium.org/1963583004
Cr-Commit-Position: refs/heads/master@{#36128}
Changes some platform specific class names and uses typedefs
to define FloatRegister, DoubleRegister, etc.
This will be needed to do register allocation on ARM/MIPS where
registers combine to form larger registers.
LOG=N
BUG=v8:4124
Review-Url: https://codereview.chromium.org/1954953002
Cr-Commit-Position: refs/heads/master@{#36117}
port 117a56b7c2 (r36044)
original commit message:
- Add new RelocInfo mode WASM_MEMORY_SIZE_REFERENCE in the assembler and add relocation information to immediates in compare instructions.
- Use relocatable constants for MemSize/BoundsCheck in the wasm compiler
BUG=
Review-Url: https://codereview.chromium.org/1947413003
Cr-Commit-Position: refs/heads/master@{#36058}
Code common with ObjectHasOwnProperty builtin was moved to CodeStubAssembler.
BUG=v8:2743
LOG=Y
Review-Url: https://codereview.chromium.org/1894953004
Cr-Commit-Position: refs/heads/master@{#35972}
port d1b3d426ce (r35918)
original commit message:
Further refactor the pipeline to even run the first scheduler (part of
the effect control linearization) concurrently. This temporarily
disables most of the write barrier elimination, but we will get back to
that later.
Drive-by-fix: Remove the dead code from ChangeLowering, and stack
allocate the Typer in the pipeline. Also migrate the AllocateStub to a
native code builtin, so that we have the code object + a handle to it
available all the time.
BUG=
Review-Url: https://codereview.chromium.org/1940143002
Cr-Commit-Position: refs/heads/master@{#35961}
port 306c412ce0 (r35833)
original commit message:
This is needed by Blink to implement the Custom Elements spec.
BUG=
Review-Url: https://codereview.chromium.org/1928213002
Cr-Commit-Position: refs/heads/master@{#35889}
port ef49c6b11a (r35792)
original commit message:
Default (and only way) is now to retrieve a tagged object.
BUG=
Review URL: https://codereview.chromium.org/1924643004
Cr-Commit-Position: refs/heads/master@{#35808}
Default (and only way) is now to retrieve a tagged object.
BUG=chromium:606711
LOG=N
Review URL: https://codereview.chromium.org/1922553002
Cr-Commit-Position: refs/heads/master@{#35792}
port c005029aa4 (r35754)
original commit message:
Use the FastNewSloppyArgumentsStub in the interpreter when function doesn't have
duplicate parameters.
BUG=
Review URL: https://codereview.chromium.org/1922803002
Cr-Commit-Position: refs/heads/master@{#35781}
This adds a baseline tier to the compilation pipeline. Currently this
tier is used to model a path from the interpreter to optimized code via
full-codegen code (to ensure sufficient type feedback). Switching from
the unoptimized tier to the baseline tier is limited to happen only when
there are no activations of the given function on the stack.
R=rmcilroy@chromium.org,bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1903273004
Cr-Commit-Position: refs/heads/master@{#35757}
port 5c8609de9d (r35724)
original commit message:
This ensures the InterpreterEntryTrampoline heals code entry fields
inside closures when being called without a valid bytecode array. This
is preparatory work to allow removal of bytecode when switching some
functions to other types of code.
BUG=
Review URL: https://codereview.chromium.org/1920713002
Cr-Commit-Position: refs/heads/master@{#35744}
Adds IncStub and DecStub TurboFan code stubs and hooks them up to the
interpreter's Inc and Dec bytecodes (which are used for count
operations, e.g. i++).
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1901083002
Cr-Commit-Position: refs/heads/master@{#35720}
port 3518e492c0 (r35660)
original commit message:
Short external strings do not cache the resource data, and may be used
for compressible strings. The assumptions about their lengths is
invalid and may lead to oob reads.
BUG=
Review URL: https://codereview.chromium.org/1904003003
Cr-Commit-Position: refs/heads/master@{#35681}
port 623ad7de88 (r35618)
original commit message:
Removes the register file machine register from the interpreter and
replaces it will loads from the parent frame pointer. As part of this
change the raw operand values for register values changes to enable the
interpreter to keep using the operand value as the offset from the
parent frame pointer.
BUG=
Review URL: https://codereview.chromium.org/1903093002
Cr-Commit-Position: refs/heads/master@{#35640}
port d2b0a4b727 (r35606)
original commit message:
MIPS port contributed by Balazs Kilvady <balazs.kilvady@imgtec.com>
BUG=
Review URL: https://codereview.chromium.org/1897823005
Cr-Commit-Position: refs/heads/master@{#35611}
port d0ccddd032 (r35584)
original commit message:
Behind --ignition-generators. Does not yet support Turbofan.
BUG=
Review URL: https://codereview.chromium.org/1902663002
Cr-Commit-Position: refs/heads/master@{#35602}
Adds code to call FunctionEntryHook on entry to the InterpreterEntryTrampoline.
This should give SyzyProf enough information to build non-discontinous profile
graphs, however since interpreter functions aren't uniquely identified they will
all get lumped into one bucket. This should be good enough for SyzyProf's current
use-case.
BUG=v8:4763
LOG=N
Review URL: https://codereview.chromium.org/1884133002
Cr-Commit-Position: refs/heads/master@{#35568}
port 0c05e02f25 (r35480)
original commit message:
Modifies Ignition to store code entry addresses in the dispatch table
rather than code objects. This allows the interpreter to avoid
calculating the code entry address from the code object on every
dispatch and provides a ~5-7% performance improvement on Octane with
Ignition.
This change adds ArchOpcode::kArchTailCallAddress to TurboFan to enable
tail call dispatch using these code addresses. It also adds a Dispatch
linkage creator (distinct from the stub linkage type used previously) to
allow targetting a code address target (which will diverge further from
the stub linkage type when we remove the context machine register in
Ignition).
BUG=
Review URL: https://codereview.chromium.org/1893243002
Cr-Commit-Position: refs/heads/master@{#35561}
port 5e9ddf6ce4 (r35453)
original commit message:
Reland of (https://codereview.chromium.org/1617503003)
* New atomic code stubs for x64, ia32, arm, arm64
* Add convenience functions JumpIfNotValidSmiValue, JumpIfUintNotValidSmiValue
to macro-assembler-ia32 (API based on x64 macro assembler)
* Remove runtime implementation of Atomics.load, the code stub should always be
called instead
* Add new test to mjsunit atomics test; check that Smi values of different
sizes are supported when possible, else fall back to HeapNumbers
These changes were needed to add another codestub:
* Bump kStubMajorKeyBits from 7 to 8
* Reduce ScriptContextFieldStub::kSlotIndexBits from 13 to 12
BUG=
Review URL: https://codereview.chromium.org/1894923002
Cr-Commit-Position: refs/heads/master@{#35560}
port c2de9611281d6da70fe1770072ec55f2f8aaf467(r35440)
original commit message:
Visit the Optimized Code Map on first call rather than closure creation.
This is useful for escape analysis, and helps upcoming changes to
type feedback gathering.
BUG=
Review URL: https://codereview.chromium.org/1893213002
Cr-Commit-Position: refs/heads/master@{#35558}
port 2e3296666b04f0a038d9239a92e2ff39b5716f74(r35370)
original commit message:
... instead of doing stack magic. This is a cleanup in preparation for the new generators implementation.
BUG=
Review URL: https://codereview.chromium.org/1893943002
Cr-Commit-Position: refs/heads/master@{#35555}
The current context is stored as a stack slot on the interpreter frame
and therefore we don't need to also maintain a machine register for the
context. Removes this register from bytecode handlers.
In the process modifies this frees up a register on ia32 to keep the
dispatch table pointer in a register rather than on a stack slot on
ia32.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1887493004
Cr-Commit-Position: refs/heads/master@{#35511}
port 974721c661 (r35283)
original commit message:
Introduce a ResumeGeneratorTrampoline, which does the actual stack state
reconstruction (currently always restores a fullcodegen frame), and
introduce appropriate TurboFan builtins for %GeneratorPrototype%.next,
%GeneratorPrototype%.return and %GeneratorPrototype%.throw based on
this native builtin.
Also unify the flooding in case of step-in to always work based on
JSFunction and remove the special casing for JSGeneratorObject.
BUG=
Review URL: https://codereview.chromium.org/1889083002
Cr-Commit-Position: refs/heads/master@{#35510}
port 3dd3beb066 (r35199)
original commit message:
Currently, if the size of two cmp or test operands is a byte or a word, we sign-extend or zero-extend each of them into a 32-bit register before doing the comparison, even when the conditions
for the use of a memory operand are met.
This CL makes it possible to load only one of them into a register and address the other as a memory operand.
The tricky bit is that, unlike as in the x64 counterpart http://crrev.com/1780193003, not all registers can be accessed as bytes.
BUG=
Review URL: https://codereview.chromium.org/1883373002
Cr-Commit-Position: refs/heads/master@{#35508}
port e6b6e55453 (r35163)
original commit message:
In the earlier implementation of GenerateDoubleToObject the context
is loaded from the parent's frame. rsi is clobbered because it is used
to store kHoleNan constnat. It is not always safe to peek at
the parents frame. Bytecode handlers have TypedFrame and the type of
frame is stored at FP + 1. GenerateDoubleToObject expects context
to be store at that place. In the current implementation rsi is pushed
onto the stack and is popped when exiting this function.
BUG=
Review URL: https://codereview.chromium.org/1884873007
Cr-Commit-Position: refs/heads/master@{#35478}
The usage of __attribute__((format(x, y)) was either wrong or missing from multiple functions, leading to erroneous formats. This CL:
- Imports PRINTF_FORMAT macro from Chrome's src/base/compiler-specific.h.
- Uses it appropriately.
- Imports Chrome's base/format_macros.h mainly to fix size_t formats (further cleanup could be done).
- Fixes a bunch of incorrect formats.
Original CL: https://codereview.chromium.org/1869433004
Reverted in: https://codereview.chromium.org/1867383002
Reverted again in: https://codereview.chromium.org/1877823003
Reverts due to non-CQ bots:
- First: v8_win_dbg, v8_win64_dbg, v8_mac_dbg
- Second: gc mole (added to v8_linux_rel_ng for this patch)
R= jochen@chromium.org
TBR= ahaas@chromium.org,bmeurer@chromium.org,yangguo@chromium.org
Review URL: https://codereview.chromium.org/1872203005
Cr-Commit-Position: refs/heads/master@{#35423}
Reason for revert:
One small issue easily fixed here: https://codereview.chromium.org/1867333003/
But it looks like MSVS 2013 doesn't like some of the formats and exists with the unhelpful:
Stderr:
f:\dd\vctools\crt\crtw32\stdio\output.c(1125) : Assertion failed: ("Incorrect
format specifier", 0)
It's easier to revert for now, I'll dig more into the docs:
https://msdn.microsoft.com/en-us/library/56e442dc(v=vs.120).aspxhttps://msdn.microsoft.com/en-us/library/tcxf1dw6(v=vs.120).aspx
And then resubmit, making sure I run these bots.
Original issue's description:
> Fix printf formats
>
> The usage of __attribute__((format(x, y)) was either wrong or missing from multiple functions, leading to erroneous formats. This CL:
>
> - Imports PRINTF_FORMAT macro from Chrome's src/base/compiler-specific.h.
> - Uses it appropriately.
> - Imports Chrome's base/format_macros.h mainly to fix size_t formats (further cleanup could be done).
> - Fixes a bunch of incorrect formats.
>
> R= jochen@chromium.org, bmeurer@chromium.org, yangguo@chromium.org, ahaas@chromium.org
>
> Committed: https://crrev.com/6ebf9fbb93d31f9be41156a3325d58704ed4933d
> Cr-Commit-Position: refs/heads/master@{#35365}
TBR=jochen@chromium.org,bmeurer@chromium.org,yangguo@chromium.org,ahaas@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1867383002
Cr-Commit-Position: refs/heads/master@{#35366}
The usage of __attribute__((format(x, y)) was either wrong or missing from multiple functions, leading to erroneous formats. This CL:
- Imports PRINTF_FORMAT macro from Chrome's src/base/compiler-specific.h.
- Uses it appropriately.
- Imports Chrome's base/format_macros.h mainly to fix size_t formats (further cleanup could be done).
- Fixes a bunch of incorrect formats.
R= jochen@chromium.org, bmeurer@chromium.org, yangguo@chromium.org, ahaas@chromium.org
Review URL: https://codereview.chromium.org/1869433004
Cr-Commit-Position: refs/heads/master@{#35365}
The previous code cache system required stubs to be marked with a StubType, causing them to be inserted either into a fixed array or into a dictionary-mode code cache. This could cause names to be in both cases, and lookup would just find the "fast" one first. Given that we clear out the caches on each GC, the memory overhead shouldn't be too bad. Additionally, the dictionary itself should just stay linear for small arrays; that's faster anyway.
This CL additionally deletes some dead IC code.
BUG=
Review URL: https://codereview.chromium.org/1846963002
Cr-Commit-Position: refs/heads/master@{#35291}
This reduces the reserved virtual memory size needed for the store buffer.
BUG=chromium:578883
LOG=NO
Review URL: https://codereview.chromium.org/1851473002
Cr-Commit-Position: refs/heads/master@{#35174}
We now have everything in place to fully implement ToLengthStub as
TurboFanCodeStub without any runtime fallback (modulo allocation failure
of course).
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1843933002
Cr-Commit-Position: refs/heads/master@{#35137}
Thus DevTools will be able to disable tail call elimination dynamically upon user's choice.
BUG=v8:4698
LOG=N
Review URL: https://codereview.chromium.org/1837513002
Cr-Commit-Position: refs/heads/master@{#35098}
port b6419fa229 (r34959)
original commit message:
Now implemented as a builtin that delegates to the InstanceOfStub. That
stub was parameterized to fallback to either Runtime_InstanceOf or to
Runtime_OrdinaryHasInstance depending on the --harmony-instanceof flag.
Once the feature stabilizes and the flag is no longer needed, we can get
rid of this parameterization again.
BUG=
Review URL: https://codereview.chromium.org/1821113002
Cr-Commit-Position: refs/heads/master@{#34975}
port b7aa4c3ab3 (r34922)
original commit message:
Split ToNumberStub into the entry ToNumberStub, and two new stubs,
StringToNumberStub and NonNumberToNumberStub, which can be used when we
already know something about the input (i.e. in various branches of the
code stubs, or in TurboFan graphs).
Also introduce an appropriate StringToNumber simplified operator for
TurboFan, that is pure and is lowered to an invocation of the newly
added StringToNumberStub.
BUG=
Review URL: https://codereview.chromium.org/1816423002
Cr-Commit-Position: refs/heads/master@{#34971}
Up until now all type conversions (i.e. ToNumber, ToString and friends)
had their own specific call interface descriptors, where some of them
had to match (i.e. ToString and NumberToString have to use the same
argument register). Instead of all the different descriptors, it's
sufficient to have a single TypeConversionDescriptor instead.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1823523002
Cr-Commit-Position: refs/heads/master@{#34916}
port 2aa070be4f (r34863)
original commit message:
Repair this to match what the runtime correctly does, by first checking if the
function is a constructor before we access the prototype.
BUG=
Review URL: https://codereview.chromium.org/1809333002
Cr-Commit-Position: refs/heads/master@{#34880}
port e1a7c1e76c (r34836)
original commit message:
- New RelocInfo mode WASM_MEMORY_REFERENCE as a marker for wasm code objects that need to be relocated on a heap change
- RelocInfo mode recorded for immediates that use the memory buffer as base
- Tests to verify address patching works
BUG=
Review URL: https://codereview.chromium.org/1809973002
Cr-Commit-Position: refs/heads/master@{#34845}
port 1b23079936 (r34747)
original commit message:
Int64Add is lowered to a new turbofan operator, Int32AddPair. The new
operator takes 4 inputs an generates 2 outputs. The inputs are the low
word of the left input, high word of the left input, the low word of the
right input, and high word of the right input. The ouputs are the low
and high word of the result of the addition.
BUG=
Review URL: https://codereview.chromium.org/1806833002
Cr-Commit-Position: refs/heads/master@{#34803}
