The JSNativeContextSpecialization class is getting rather huge with all
the stuff related to property and element access going in. Splitting off
the global object related stuff into JSGlobalObjectSpecialization seems
like a natural separation, especially since the global object
specialization is sort of separate issue anyway. This is neutral
functionality- and performance-wise.
R=jarin@chromium.org
BUG=v8:4470
LOG=n
Review URL: https://codereview.chromium.org/1417043006
Cr-Commit-Position: refs/heads/master@{#31748}
1) The Map::CopyInitialMap() did not set descriptor's array if
the source initial map had one.
2) Subclasses are temporarily disallowed to have more in-object
properties than the parent class (for GC reasons).
BUG=v8:3101, v8:3330, v8:4531
LOG=N
Review URL: https://codereview.chromium.org/1431593003
Cr-Commit-Position: refs/heads/master@{#31743}
This changes the inlining candidates to be stored in a sorted set of
unique entries instead of a vector. We can avoid the final sorting
operation by amortizing the cost across insertions and also duplicate
entries are not created in the first place. Duplicate entries cause
crashes when candidates are processed.
R=bmeurer@chromium.org
BUG=chromium:549113
LOG=n
Review URL: https://codereview.chromium.org/1430553003
Cr-Commit-Position: refs/heads/master@{#31742}
Existing code was assuming that 'lexical' blocks were the same as basic
blocks, therefore code which emitted jumps within a lexical block (e.g.,
logical or) would in some occassions incorrectly omit a necessary
ToBoolean.
This change removes Enter/LeaveBlock from BytecodeArrayBuilder and
instead tracks basic blocks via label bindings and jump operations. The
change also ensures we don't emit dead code at the end of a basic block,
and adds tests of the edge cases.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1406983010
Cr-Commit-Position: refs/heads/master@{#31741}
The flake detection is done on the infra-side according to
the contents of the json test results. We don't want the
runner to fail after flakes.
This was controlled on the infra side by accepting any exit
codes so far. After the swarming switch, this is more
difficult, because the runner is wrapped by the swarming
collect script. There, failing exit codes can mean many
things, including network failures. Therefore, we now
force exit code 0 with test failures if those failures
are reported in the formal test results json.
The infrastructure will take care of reporting the flakes
and failures accordingly.
BUG=chromium:535160
LOG=n
Review URL: https://codereview.chromium.org/1416373005
Cr-Commit-Position: refs/heads/master@{#31740}
TurboFan is actually able to generate property access to all prototypes
of all primitives, except the special Oddball primitives that have no
wrapper counterparts (namely null and undefined from the ES6 point of
view).
R=jarin@chromium.org
BUG=v8:4470
LOG=n
Review URL: https://codereview.chromium.org/1409163007
Cr-Commit-Position: refs/heads/master@{#31739}
This CL fixes an invalid cast in Slow_ArrayConcat (a Proxy on a DICTIONARY_ELEMENTS array's prototype chain).
It also adds some comments and minor drive-by refactorings to other PrototypeIterator use sites.
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/1402393003
Cr-Commit-Position: refs/heads/master@{#31738}
Reason for revert:
This CL reintroduces all kinds of funny moves for Merges of deferred code, which makes jump threading ineffective.
Original issue's description:
> [turbofan] Remove redundant code.
>
> When I centralized the treatment of memory operands, I forgot to delete
> the old code.
>
> There is a semantic difference between the old and new code. The old
> code was handling either memory operands, or ranges that had a spilled
> predecessor. The new code handles just memory operands. It may
> happen that (using LinearScan) an active range is spilled when trying
> to allocate another range (see SplitAndSpillIntersecting). That may make
> it a candidate for the old version of the code, however, since we would
> have spilled up to a register use, the old code wouldn't have had taken
> effect.
>
> Perf data shows this nuance doesn't make a difference in perf.
>
> BUG=
>
> Committed: https://crrev.com/c03d7a7f03657a452f71277d84e435ed73566327
> Cr-Commit-Position: refs/heads/master@{#31729}
TBR=jarin@chromium.org,mtrofin@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1416293004
Cr-Commit-Position: refs/heads/master@{#31732}
Implement the missing bits for named access to Number values, which is
basically always done on the Number prototype. Crankshaft only deals
with Number primitives in the polymorphic case, while we generally
support Numbers even for monomorphic access.
R=jarin@chromium.org
BUG=v8:4470
LOG=n
Review URL: https://codereview.chromium.org/1425293004
Cr-Commit-Position: refs/heads/master@{#31731}
When I centralized the treatment of memory operands, I forgot to delete
the old code.
There is a semantic difference between the old and new code. The old
code was handling either memory operands, or ranges that had a spilled
predecessor. The new code handles just memory operands. It may
happen that (using LinearScan) an active range is spilled when trying
to allocate another range (see SplitAndSpillIntersecting). That may make
it a candidate for the old version of the code, however, since we would
have spilled up to a register use, the old code wouldn't have had taken
effect.
Perf data shows this nuance doesn't make a difference in perf.
BUG=
Review URL: https://codereview.chromium.org/1428943004
Cr-Commit-Position: refs/heads/master@{#31729}
The Interpreter uses the function_data slot in the shared function info, so
can't be used to compile functions which use that field for other reasons,
such as API functions or functions with builtin function ids.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1427143002
Cr-Commit-Position: refs/heads/master@{#31721}
Port 4490ce8520
Original commit message:
Create proper initial map for original constructor (new.target) instead of doing prototype
transition on the base constructor's initial map. This approach fixes in-object slack tracking
for subclass instances.
This CL also fixes subclassing from String.
It also fixes typed array map smashing done during typed array initialization.
R=ishell@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=v8:3101, v8:3330, v8:4419
LOG=N
Review URL: https://codereview.chromium.org/1425353002
Cr-Commit-Position: refs/heads/master@{#31720}
The calling context is the second top-most non-debugger context on the
stack, but that's not necessarily the actually calling context, e.g.,
when a tail-call was used.
BUG=chromium:541703
R=verwaest@chromium.org
LOG=y
Review URL: https://codereview.chromium.org/1431473003
Cr-Commit-Position: refs/heads/master@{#31719}
The BufferedRawMachineAssemblerTester takes care of storing and loading
parameters to and from memory for these test cases. By using the
BufferedRawMachineAssemblerTester the test cases become more readible.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1409013004
Cr-Commit-Position: refs/heads/master@{#31718}
This adds some initial support for keyed element access to fast,
non-holey JSArray objects.
Also renames PropertyAccessInfoFactory to AccessInfoFactory and
PropertyAccessMode to AccessMode.
R=jarin@chromium.org
BUG=v8:4470
LOG=n
Review URL: https://codereview.chromium.org/1418213010
Cr-Commit-Position: refs/heads/master@{#31717}
V8 zaps (writes 0xdeadbeef) over the mmapped regions when in debug mode.
This causes more resident size than displayed in tracing. So, This CL
adds an api to tell if zapping is done.
BUG=546492
LOG=Y
Review URL: https://codereview.chromium.org/1419523008
Cr-Commit-Position: refs/heads/master@{#31716}
Adds an optimization to not emit unnecessary jumps and dead code in If,
For, While, and do-while statments. When the value of condition is known
at compile time, the code is emitted only for the paths that can be taken.
For example, when the condition is known to be true in an if statmenet
only then block is generated.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1414193006
Cr-Commit-Position: refs/heads/master@{#31715}
This moves the optimization for variables loads targeting lookup slots
in DYNAMIC_GLOBAL and DYNAMIC_LOCAL mode into the AstGraphBuilder. This
way we implicitly get all optimizations that target global loads and
context loads for free.
R=bmeurer@chromium.org
BUG=v8:4513
LOG=n
Review URL: https://codereview.chromium.org/1424943008
Cr-Commit-Position: refs/heads/master@{#31713}
This ports some code from chromium for using the bundled
toolchain.
BUG=chromium:548586
LOG=n
Review URL: https://codereview.chromium.org/1237803003
Cr-Commit-Position: refs/heads/master@{#31706}
port 4490ce8520 (r31701).
original commit message:
Original issue's description:
> [es6] Better support for built-ins subclassing.
>
> Create proper initial map for original constructor (new.target) instead of doing prototype
> transition on the base constructor's initial map. This approach fixes in-object slack tracking
> for subclass instances.
> This CL also fixes subclassing from String.
>
> BUG=v8:3101, v8:3330
> LOG=Y
>
> Committed: https://crrev.com/cd5f48302a502154a0106d12e3066bd563c6340c
> Cr-Commit-Position: refs/heads/master@{#31680}
It also fixes typed array map smashing done during typed array initialization.
BUG=
Review URL: https://codereview.chromium.org/1432483003
Cr-Commit-Position: refs/heads/master@{#31704}
The compiler can generate a named access for o[x] if x is a compile time
constant that can be turned into a name using ToName (limited to
primitive x values, because other ToName invocations might be observable),
or the KeyedLoadIC/KeyedStoreIC have gather constant name feedback for x
(i.e. the access always goes to the same symbol).
R=jarin@chromium.org
BUG=v8:4470
LOG=n
Review URL: https://codereview.chromium.org/1414013004
Cr-Commit-Position: refs/heads/master@{#31703}
Original issue's description:
> [es6] Better support for built-ins subclassing.
>
> Create proper initial map for original constructor (new.target) instead of doing prototype
> transition on the base constructor's initial map. This approach fixes in-object slack tracking
> for subclass instances.
> This CL also fixes subclassing from String.
>
> BUG=v8:3101, v8:3330
> LOG=Y
>
> Committed: https://crrev.com/cd5f48302a502154a0106d12e3066bd563c6340c
> Cr-Commit-Position: refs/heads/master@{#31680}
It also fixes typed array map smashing done during typed array initialization.
BUG=v8:3101, v8:3330, v8:4419
LOG=Y
Review URL: https://codereview.chromium.org/1413033006
Cr-Commit-Position: refs/heads/master@{#31701}
