EOS token location is useless for users and messages.js are not ready for its location.
With this CL we use location of token before EOS for it.
LOG=Y
BUG=chromium:480652
R=yurys@chromium.org,yangguo@chromium.org
Review URL: https://codereview.chromium.org/1100993003
Cr-Commit-Position: refs/heads/master@{#28164}
Implements the strong mode proposal's restrictions on implicit conversions
for the binary + operator. Test suite is also cleaned up/refactored to allow
easier testing of the comparison operators in the future.
BUG=v8:3956
LOG=N
Review URL: https://codereview.chromium.org/1109223004
Cr-Commit-Position: refs/heads/master@{#28159}
Original issue's description:
> Remove the weak list of array buffers
>
> Instead, collect live array buffers during marking and free pointers we
> no longer found.
>
> BUG=v8:3996
> R=hpayer@chromium.org
> LOG=n
BUG=v8:3996
TBR=hpayer@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1115853004
Cr-Commit-Position: refs/heads/master@{#28156}
This CL contains the first steps towards tail call optimization:
* Structurally detect tail calls during instruction selection,
looking for special return/call combinations.
* Added new architecture-specific instructions for tail calls which
jump instead of call and take care of frame adjustment.
* Moved some code around.
Currently we restrict tail calls to callees which only use registers
for arguments/return value and to call sites which are explicitly
marked as being OK for tail calls. This excludes, among other things,
call sites in sloppy JS functions and our IC machinery (both need in
general to be able to access the caller's frame).
All this is behind a flag --turbo-tail-calls, which is currently off
by default, so it can easily be toggled.
Review URL: https://codereview.chromium.org/1108563002
Cr-Commit-Position: refs/heads/master@{#28150}
The method is not used anywhere, and it is a bad idea in general anyway.
If you see a need to call YieldCPU, then you're code is probably in need
of a redesign!
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/1116853002
Cr-Commit-Position: refs/heads/master@{#28147}
Added rounding according to fcsr, CVT_W_D and RINT.D instruction in assembler, dissasembler and simulator and wrote appropiate tests.
BUG=
Review URL: https://codereview.chromium.org/1108583003
Cr-Commit-Position: refs/heads/master@{#28143}
- allows the optimization of emitted gap move code since the representation of the value in the register is known
- necessary preparation for vector register allocation
- prepare for slot sharing for any value of the same byte width
TBR=jarin@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1111323003
Cr-Commit-Position: refs/heads/master@{#28140}
- allows the optimization of emitted gap move code since the representation of the value in the register is known
- necessary preparation for vector register allocation
- prepare for slot sharing for any value of the same byte width
BUG=
Review URL: https://codereview.chromium.org/1087793002
Cr-Commit-Position: refs/heads/master@{#28137}
We shouldn't have shared state between isolates by default. The embedder
is free to pass the same allocator to all isolates it creates.
BUG=none
R=dcarney@chromium.org
LOG=y
Review URL: https://codereview.chromium.org/1116633002
Cr-Commit-Position: refs/heads/master@{#28127}
The goal is to port all of error stack trace formatting to C++.
We will do this bottom up, by first porting helper functions.
Eventually, CallSite methods will only be used when a custom
error stack trace formatter is defined via Error.prepareStackTrace.
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/1060583008
Cr-Commit-Position: refs/heads/master@{#28095}
Currently only the Win64 bots report this warnings, which adds quite
some overhead to the development process. With this flag we also get
compiler warnings about implicit 64bit to 32bit truncations when
building with clang on Linux/x64 and Mac/x64.
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/1111733002
Cr-Commit-Position: refs/heads/master@{#28093}
These two test cases "InlineCreateArrayLiteral" and "InlineCreateObjectLiteral" are
added in d1597b7d22. They invokes Linkage::GetStubCallDescriptor
which is unimplemented for turbofan unsupported platform.
BUG=
Review URL: https://codereview.chromium.org/1095793007
Cr-Commit-Position: refs/heads/master@{#28090}
...when handing out validity cells to handlers; because invalidating said cells is
the only time we'll need the user registrations.
Along the way, fix a corner case in WeakFixedArray, which can now be empty after
the recently introduced compaction support.
This reverts commit 968715c653.
Original review: https://codereview.chromium.org/1104813004/
Review URL: https://codereview.chromium.org/1110513002
Cr-Commit-Position: refs/heads/master@{#28076}
This uses explicit operators instead of intrinsic runtime calls to
create literals froms boilerplates. It allows for easier access of
static parameters and syncs it with other allocating operators.
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/1104453006
Cr-Commit-Position: refs/heads/master@{#28062}
This introduces a JSCreateClosure operator which can be lowered by the
typed pipeline to the aforementioned stub. It also allows for further
optimizations of closure creation.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1105513002
Cr-Commit-Position: refs/heads/master@{#28058}
If the array's map is the initial FastHoley array map, and the array prototype
chain is undisturbed and empty of elements, then keyed loads can convert the
load of a hole to undefined.
BUG=
Review URL: https://codereview.chromium.org/1100083002
Cr-Commit-Position: refs/heads/master@{#28056}
This reverts commit d5565c1f68.
Getter and setter function names in ES6 are defined as "get foo" and
"set foo".
This also moves the logic for handling symbols from runtime-function.cc
to v8natives.js.
BUG=None
LOG=N
R=adamk@chromium.org
Review URL: https://codereview.chromium.org/1093183006
Cr-Commit-Position: refs/heads/master@{#28050}
Reason for revert:
Suspected of causing GC stress failures.
Original issue's description:
> Lazily register prototype users
>
> when handing out validity cells to handles; because invalidating said cells is the only time we'll need the user registrations.
> Along the way, fix a corner case in WeakFixedArray, which can now be empty after the recently introduced compaction support.
>
> Committed: https://crrev.com/a4bb7643c076b014816431a9b85af3e2edf828e7
> Cr-Commit-Position: refs/heads/master@{#28047}
TBR=yangguo@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1108583002
Cr-Commit-Position: refs/heads/master@{#28049}
when handing out validity cells to handles; because invalidating said cells is the only time we'll need the user registrations.
Along the way, fix a corner case in WeakFixedArray, which can now be empty after the recently introduced compaction support.
Review URL: https://codereview.chromium.org/1104813004
Cr-Commit-Position: refs/heads/master@{#28047}
Implements the strong mode proposal's restrictions on
implicit conversions for binary arithmetic operations, not
including the + special case. Adds some infrastructure
for future implementation of the restrictions for other
operators.
BUG=v8:3956
LOG=N
Review URL: https://codereview.chromium.org/1092353002
Cr-Commit-Position: refs/heads/master@{#28045}
This introduces a bailout point for class literals right after the
%DefineClass function has been called. Otherwise the FrameState after
class literal evaluation might contain the literal itself.
R=jarin@chromium.org
TEST=mjsunit/regress/regress-crbug-480819
BUG=chromium:480819
LOG=N
Review URL: https://codereview.chromium.org/1104673004
Cr-Commit-Position: refs/heads/master@{#28043}
Add the restriction that both classes must be declared inside the same
consectutive class declaration batch.
Dependency analysis not implemented yet.
BUG=v8:3956
LOG=N
Review URL: https://codereview.chromium.org/1060913005
Cr-Commit-Position: refs/heads/master@{#28032}
A strict arrow function with no parameters and no variable bindings
won't need a context object because it will never have any
locals. (This is unlike strict normal functions, which do have
"arguments" and "this" locals.)
R=rossberg@chromium.org
BUG=v8:4056
LOG=N
Review URL: https://codereview.chromium.org/1093183003
Cr-Commit-Position: refs/heads/master@{#28031}
Now all nodes that care about deoptimization always take frame state
inputs no matter whether deoptimization is enabled for a particular
function. In case that deoptimization is off, the AstGraphBuilder just
inserts the empty frame state. This greatly simplifies the logic in
various places and makes testing easier as well, and is probably the
first step towards enabling --turbo-deoptimization by default.
There seems to be no noticable performance impact on asm.js programs.
Also fix the graph replay in order to regenerate the scheduler unittests.
Review URL: https://codereview.chromium.org/1106613003
Cr-Commit-Position: refs/heads/master@{#28026}
ES6 specifies the function name property (it was not part of ES5) and
it specifies the name of Function.prototype to the empty string ("" and
not "Empty"). This makes us match Firefox, Safari and IE developer
preview.
BUG=v8:4033
LOG=N
R=adamk@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1080393004
Cr-Commit-Position: refs/heads/master@{#28021}
Reason for revert:
I'm reverting this while working on the regression fix
Original issue's description:
> Remove the weak list of views from array buffers
>
> Instead, views have to check their array buffer for whether
> it's neutered or not.
>
> BUG=v8:3996
> R=hpayer@chromium.org,dslomov@chromium.org,verwaest@chromium.org
> LOG=n
>
> Committed: https://crrev.com/5ae083a05a6743d6cb91585f449539f7846a5d8c
> Cr-Commit-Position: refs/heads/master@{#27995}
TBR=dslomov@chromium.org,hpayer@chromium.org,verwaest@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3996
Review URL: https://codereview.chromium.org/1061753008
Cr-Commit-Position: refs/heads/master@{#28014}
Reason for revert:
Was an infrastructure problem.
Original issue's description:
> Revert of [strong] checking of this & super in constructors (patchset #7 id:110001 of https://codereview.chromium.org/1024063002/)
>
> Reason for revert:
> [Sheriff] Breaks mac gc stress:
> http://build.chromium.org/p/client.v8/builders/V8%20Mac%20GC%20Stress/builds/1024
>
> Original issue's description:
> > [strong] checking of this & super in constructors
> >
> > R=dslomov@chromium.org, marja@chromium.org
> > BUG=v8:3956
> > LOG=N
> >
> > Enforces for constructors that
> > - the only use of 'super' is the super constructor call
> > - the only use of 'this' is a property assignment
> > - both of these must happen at the top-level of the body
> > - 'this' may only be assigned after the 'super' call
> > - 'return' may only be used after the last assignment to 'this'
> >
> > Not yet working for arrow functions (there might be deeper bugs with those).
> >
> > Committed: https://crrev.com/580d66bcda66220d2f3062ac58daf925436df74c
> > Cr-Commit-Position: refs/heads/master@{#27977}
>
> TBR=dslomov@chromium.org,marja@chromium.org,conradw@chromium.org,rossberg@chromium.org
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:3956
TBR=dslomov@chromium.org,marja@chromium.org,conradw@chromium.org,rossberg@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3956
Review URL: https://codereview.chromium.org/1073103004
Cr-Commit-Position: refs/heads/master@{#28001}
Reason for revert:
This was probably an infrastructure problem caused by the mac ninja/goma switch.
Original issue's description:
> Revert of Protect the emptiness of Array prototype elements with a PropertyCell. (patchset #7 id:120001 of https://codereview.chromium.org/1092043002/)
>
> Reason for revert:
> MAC GCSTRESS failure on new test.
>
> Original issue's description:
> > Protect the emptiness of Array prototype elements with a PropertyCell.
> >
> > Not just emptiness, but also a particular structure.
> >
> > BUG=v8:4044
> > LOG=N
>
> TBR=jkummerow@chromium.org
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:4044
TBR=jkummerow@chromium.org,mvstanton@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4044
Review URL: https://codereview.chromium.org/1052253003
Cr-Commit-Position: refs/heads/master@{#28000}
Reason for revert:
MAC GCSTRESS failure on new test.
Original issue's description:
> Protect the emptiness of Array prototype elements with a PropertyCell.
>
> Not just emptiness, but also a particular structure.
>
> BUG=v8:4044
> LOG=N
TBR=jkummerow@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4044
Review URL: https://codereview.chromium.org/1099203004
Cr-Commit-Position: refs/heads/master@{#27998}
Instead, views have to check their array buffer for whether
it's neutered or not.
BUG=v8:3996
R=hpayer@chromium.org,dslomov@chromium.org,verwaest@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1094863002
Cr-Commit-Position: refs/heads/master@{#27995}
Not just emptiness, but also a particular structure.
BUG=v8:4044
LOG=N
Review URL: https://codereview.chromium.org/1092043002
Cr-Commit-Position: refs/heads/master@{#27993}
Reason for revert:
[Sheriff] Breaks mac gc stress:
http://build.chromium.org/p/client.v8/builders/V8%20Mac%20GC%20Stress/builds/1024
Original issue's description:
> [strong] checking of this & super in constructors
>
> R=dslomov@chromium.org, marja@chromium.org
> BUG=v8:3956
> LOG=N
>
> Enforces for constructors that
> - the only use of 'super' is the super constructor call
> - the only use of 'this' is a property assignment
> - both of these must happen at the top-level of the body
> - 'this' may only be assigned after the 'super' call
> - 'return' may only be used after the last assignment to 'this'
>
> Not yet working for arrow functions (there might be deeper bugs with those).
>
> Committed: https://crrev.com/580d66bcda66220d2f3062ac58daf925436df74c
> Cr-Commit-Position: refs/heads/master@{#27977}
TBR=dslomov@chromium.org,marja@chromium.org,conradw@chromium.org,rossberg@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3956
Review URL: https://codereview.chromium.org/1105453002
Cr-Commit-Position: refs/heads/master@{#27991}
R=dslomov@chromium.org, marja@chromium.org
BUG=v8:3956
LOG=N
Enforces for constructors that
- the only use of 'super' is the super constructor call
- the only use of 'this' is a property assignment
- both of these must happen at the top-level of the body
- 'this' may only be assigned after the 'super' call
- 'return' may only be used after the last assignment to 'this'
Not yet working for arrow functions (there might be deeper bugs with those).
Review URL: https://codereview.chromium.org/1024063002
Cr-Commit-Position: refs/heads/master@{#27977}
Reason for revert:
Breaks gbemu
Original issue's description:
> Reland "LayoutDescriptor should inherit from JSTypedArray"
>
> Original issue's description:
> > LayoutDescriptor should inherit from JSTypedArray
> >
> > It can't just inherit from a FixedTypedArray-like type, as we soon
> > assume that a FixedTypedArray-like type is always held by an
> > ArrayBufferView-like type
> >
> > BUG=v8:3996
> > R=ishell@chromium.org,verwaest@chromium.org
> > LOG=n
>
> BUG=v8:3996
> R=ishell@chromium.org,verwaest@chromium.org
> LOG=n
TBR=ishell@chromium.org,verwaest@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3996
Review URL: https://codereview.chromium.org/1080403004
Cr-Commit-Position: refs/heads/master@{#27975}
This allows the JSIntrinsicLowering to optimize the cloning of literal
boilerplate objects using either the FastCloneShallowArrayStub or the
FastCloneShallowObjectStub when applicable.
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/1097963002
Cr-Commit-Position: refs/heads/master@{#27974}
Original issue's description:
> LayoutDescriptor should inherit from JSTypedArray
>
> It can't just inherit from a FixedTypedArray-like type, as we soon
> assume that a FixedTypedArray-like type is always held by an
> ArrayBufferView-like type
>
> BUG=v8:3996
> R=ishell@chromium.org,verwaest@chromium.org
> LOG=n
BUG=v8:3996
R=ishell@chromium.org,verwaest@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1094333002
Cr-Commit-Position: refs/heads/master@{#27973}
Reason for revert:
breaks mjsunit on debug bots
Original issue's description:
> LayoutDescriptor should inherit from JSTypedArray
>
> It can't just inherit from a FixedTypedArray-like type, as we soon
> assume that a FixedTypedArray-like type is always held by an
> ArrayBufferView-like type
>
> BUG=v8:3996
> R=ishell@chromium.org,verwaest@chromium.org
> LOG=n
TBR=ishell@chromium.org,verwaest@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3996
Review URL: https://codereview.chromium.org/1073053006
Cr-Commit-Position: refs/heads/master@{#27968}
It can't just inherit from a FixedTypedArray-like type, as we soon
assume that a FixedTypedArray-like type is always held by an
ArrayBufferView-like type
BUG=v8:3996
R=ishell@chromium.org,verwaest@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1084793004
Cr-Commit-Position: refs/heads/master@{#27964}
These tests are based on individual tests from the Emscripten benchmark
suite, which are used to test Emscripten itself. We adopt them to test
asm.js code paths in V8.
TBR=machenbach@chromium.org
Review URL: https://codereview.chromium.org/1101493002
Cr-Commit-Position: refs/heads/master@{#27962}
We have a bottleneck around storing elements in the array and object prototypes,
but the Push() and Unshift() builtins don't respect them.
Fix this exactly to the level of existing support for stores.
BUG=v8:4043
LOG=N
NOTRY=true
Review URL: https://codereview.chromium.org/1066003003
Cr-Commit-Position: refs/heads/master@{#27943}
The embedder has to take appropriate steps to ensure that the
ArrayBuffer doesn't die while it's accessing the pointer, e.g. keep a
Local handle to it around
BUG=none
R=dslomov@chromium.org
LOG=y
Review URL: https://codereview.chromium.org/1095083002
Cr-Commit-Position: refs/heads/master@{#27942}
This adds a stripped down version of the SQLite benchmark (running with
--size 1) to the mjsunit suite. We might want to move that to a
dedicated slow/stress/whatever test suite once an appropriate decision
is made.
R=machenbach@chromium.org
Review URL: https://codereview.chromium.org/1094043002
Cr-Commit-Position: refs/heads/master@{#27930}
Two last forms supported in this patch:
- 'import' ModuleSpecifier
- 'export' '*' 'from' ModuleSpecifier.
BUG=v8:1569
LOG=n
Review URL: https://codereview.chromium.org/1094963002
Cr-Commit-Position: refs/heads/master@{#27927}
This flag is intended as a staging flag for TurboFan. It serves as a
single flag that always enables a most recent configuration of TurboFan
for test suites and benchmarks, without needing to update test drivers.
R=titzer@chromium.org,machenbach@chromium.org
Review URL: https://codereview.chromium.org/1094573002
Cr-Commit-Position: refs/heads/master@{#27896}
The previous restrictions were overshooting (didn't allow a class to refer to a
later class under any circumstances); after this CL we're undershooting (allow
referring to any class from inside a method).
Implementing the correct checks (allow referring only if the class declarations
are in a consecutive block and if there's no dependency cycle) will be
implemented as a follow up.
BUG=v8:3956
LOG=N
Review URL: https://codereview.chromium.org/1087543004
Cr-Commit-Position: refs/heads/master@{#27888}
Implements the strong mode proposal's restrictions on the syntax of the
switch statement. Also fixes a minor bug with empty statements in strong
mode and improves StrongUndefinedArrow parser synch tests.
BUG=v8:3956
LOG=N
Review URL: https://codereview.chromium.org/1084983002
Cr-Commit-Position: refs/heads/master@{#27885}
This fixes a race where
- mutator changes the fixed array length by trimming it,
- sweeper thread reads the length of the fixed array.
Also rename FROM_GC and FROM_MUTATOR to be more precise.
BUG=chromium:462908
LOG=NO
Review URL: https://codereview.chromium.org/1034163002
Cr-Commit-Position: refs/heads/master@{#27869}
This reverts commit 8c98cc074e
because it causes flaky failures in the dromaeo.jslibeventprototype
benchmark on Linux/Windows and consistent failures on Android.
Also reverts the followup "Remove kForInStatementIsNotFastCase bailout reason"
(commit ba24e67696) to avoid breaking the build.
BUG=chromium:476592
TBR=verwaest@chromium.org
LOG=y
Review URL: https://codereview.chromium.org/1066663005
Cr-Commit-Position: refs/heads/master@{#27859}
Calling new Array(JSObject::kInitialMaxFastElementArray) in optimized code
makes a stub call that bails out due to the length. Currently, the bailout
code a) doesn't have the allocation site, and b) wouldn't use it if it did
because the length is perceived to be too high.
This CL passes the allocation site to the stub call (rather than undefined),
and alters the bailout code to utilize the feedback.
BUG=
Review URL: https://codereview.chromium.org/1086873003
Cr-Commit-Position: refs/heads/master@{#27857}
In ES6 function name and length are configurable. However, the length
and name properties of the poison pill function must not be
configurable.
BUG=v8:4011
LOG=N
R=adamk@chromium.org, rossberg@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1061393002
Cr-Commit-Position: refs/heads/master@{#27855}
This adds a missing bailout id to a ForInStatement for when retrieving
and filtering a property name deoptimizes. This can happen with proxies
that have a getPropertyDescriptor trap.
R=jarin@chromium.org
TEST=mjsunit/for-in-opt
Review URL: https://codereview.chromium.org/1086083002
Cr-Commit-Position: refs/heads/master@{#27846}
- make ParallelMove into a ZoneVector, removing an annoying level of indirection
- make MoveOperands hold InstructionOperands instead of pointers, so there's no more operand aliasing for moves
- opens up possibility of storing MachineType in allocated operands
R=bmeurer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1081373002
Cr-Commit-Position: refs/heads/master@{#27842}
Add a finalize incremental marking mode for CollectAllGarbage to finalize incremental marking when incremental marking is in progress, but we want a full gc at a given CollectAllGarbage call site.
Default mode for CollectAllGarbage is finalize incremental marking and perform a full GC.
BUG=
Review URL: https://codereview.chromium.org/1082973003
Cr-Commit-Position: refs/heads/master@{#27831}
Instead of modifying a context chain and then modifying it back, causing
potential mismatches, we clone the inner context chain and evaluate
the expression in this cloned context. We then copy all local variable
values back if needed.
R=yangguo@chromium.org,yurys@chromium.org
Review URL: https://codereview.chromium.org/1088503003
Cr-Commit-Position: refs/heads/master@{#27809}
The overwrite-builtins test cases will throw one expected exception
and the exception message should include the source position in the JS
file. But crankshaft compiler does not generate the source position for
it when creating the flow graph by default. The source position information
is always zero. So it failed when comparing with the reference file.
If we use crankshaft compiler on IA32 platform to run this test case, it
has the same failure.
BUG=
Review URL: https://codereview.chromium.org/1086503002
Cr-Commit-Position: refs/heads/master@{#27807}
This avoids both a mysterious boolean argument ("insert") and lets
non-mutating lookups skip passing an allocator (in one such case,
we were passing a scary-looking ZoneAllocationPolicy(NULL)!).
Review URL: https://codereview.chromium.org/1074943002
Cr-Commit-Position: refs/heads/master@{#27799}
Does not entirely disallow the use of 'eval' as an identifier in strong mode,
as originally proposed.
BUG=v8:3956
LOG=N
Review URL: https://codereview.chromium.org/1059273004
Cr-Commit-Position: refs/heads/master@{#27796}
This allows the embedder to decide whether it's worthwhile to copy the
contents to avoid materializing a buffer.
BUG=v8:3996
R=dslomov@chromium.org,kbr@chromium.org
LOG=y
Review URL: https://codereview.chromium.org/1084513002
Cr-Commit-Position: refs/heads/master@{#27782}
Deoptimization infrastructure already handles it correctly.
This change fixes repetitive deoptimizations in the code like this:
var u32 = new Uint32Array(1);
u32[0] = -1;
function tr(x) { return x|0; }
function ld() { return tr(u32[0]); }
while (true) ld();
Currently inlined tr will contain HArgumentsObject that is considered uint32-unsafe use and prevents u32[0] from becoming uint32 load - instead a speculative int32 load is generated which just deopts.
BUG=
Review URL: https://codereview.chromium.org/1077113002
Cr-Commit-Position: refs/heads/master@{#27781}
This makes the compilers agree on the source position of a message
generated by "throw new Error()", it points to the beginning of the
throw directive.
R=titzer@chromium.org
TEST=message/regress/regress-3995
BUG=v8:3995
LOG=N
Review URL: https://codereview.chromium.org/1049703002
Cr-Commit-Position: refs/heads/master@{#27775}
This commit is a precursor to making lazy arrow function parsing use
similar logic to function(){} argument parsing.
R=arv@chromium.org
BUG=4020
LOG=N
Review URL: https://codereview.chromium.org/1078093002
Cr-Commit-Position: refs/heads/master@{#27773}
The ES6 specification does not explicitly state the attributes for the
'next' and 'throw' property descriptors, so their values are defined by
Section 17 [1]:
> Every other data property described in clauses 18 through 26 and in
> Annex B.2 has the attributes
> { [[Writable]]: true, [[Enumerable]]: false, [[Configurable]]: true }
> unless otherwise specified.
[1]
https://people.mozilla.org/~jorendorff/es6-draft.html#sec-ecmascript-standard-built-in-objects
BUG=v8:3986
LOG=N
R=wingo,arv
Review URL: https://codereview.chromium.org/1051363003
Cr-Commit-Position: refs/heads/master@{#27770}
When debugging Handle leaks in io.js we found it very convenient to be
able to Seal some specific (root in our case) scope to prevent Handle
allocations in it, and easily find leakage.
R=yangguo
BUG=
Review URL: https://codereview.chromium.org/1079713002
Cr-Commit-Position: refs/heads/master@{#27766}
Implements the strong mode proposal's static restrictions on the use of the
identifier 'undefined', for arrow functions. Assumes these restrictions are
intended to be identical to the restrictions on the use of 'eval and 'arguments'
in strict mode. In addition, Location variables inconsistantly named (e.g.
dupe_error_loc vs dupe_loc) are now consistently named the shorter way.
Baseline: https://codereview.chromium.org/1070633002
BUG=v8:3956
LOG=N
Review URL: https://codereview.chromium.org/1060883004
Cr-Commit-Position: refs/heads/master@{#27756}
identifier. Delete unused (and now incorrect) function IsValidStrictVariable.
Implements the strong mode proposal's static restrictions on the use of the
identifier 'undefined'. Assumes these restrictions are intended to be identical
to the restrictions on the use of 'eval' and 'arguments' in strict mode. The
AllowEvalOrArgumentsAsIdentifier enum has been renamed to
AllowRestrictedIdentifiers as logic involving it is now also used for this case.
BUG=v8:3956
LOG=N
Review URL: https://codereview.chromium.org/1070633002
Cr-Commit-Position: refs/heads/master@{#27744}
Currently we always generate a diamond in the graph builder for every
legacy const context slot, which we cannot get rid of until late control
reduction, even if we know after context specialization that the slot is
already initialized.
Now we generate a select instead, which the CommonOperatorReducer
happily removes during typed lowering. This greatly speeds up asm.js
code generated by Emscripten with the new POINTER_MASKING mode.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1072353002
Cr-Commit-Position: refs/heads/master@{#27739}
This makes sure Crankshaft respects interceptors in the global object
even when they shadow a constant global property.
R=verwaest@chromium.org
TEST=cctest/test-api-interceptors/PrePropertyHandler
Review URL: https://codereview.chromium.org/1070803002
Cr-Commit-Position: refs/heads/master@{#27733}
When ObjectToString is installed on Object.prototype twice (once in v8natives.js, and once in harmony-tostring.js), this pollutes old code spaces on some devices. To prevent this, the function is only installed once, preventing test failures when the --harmony-tostring flag is flipped on by default.
BUG=v8:3502
LOG=N
R=arv@chromium.org
Review URL: https://codereview.chromium.org/1072083002
Cr-Commit-Position: refs/heads/master@{#27720}
This is a workaround to make the debugger happy about TurboFan frames
when the debugger causes frame inspection. Note that this can happen
because the debugger can be activated while there still are optimized
TurboFan activations on the stack.
R=ishell@chromium.org
BUG=chromium:465298
TEST=mjsunit/regress/regress-crbug-465298
LOG=N
Review URL: https://codereview.chromium.org/1074793003
Cr-Commit-Position: refs/heads/master@{#27717}
These comparisons are only meant to be done by AstValueFactory itself (in
its string_table_ operations), so make the Compare() function a private
member of AstValueFactory.
All other clients of AstRawStrings should compare them by pointer value.
There were only two clients which failed to abide by this rule, one
recently-added (in ModuleDescriptor) and the other in Literal::Match
(in ast.cc, added in https://code.google.com/p/v8/source/detail?r=24396).
Review URL: https://codereview.chromium.org/1069423003
Cr-Commit-Position: refs/heads/master@{#27715}
This makes some tests in test-heap.cc more robust against flags, now
that top-level code can be optimized by the --always-opt flag.
R=hpayer@chromium.org
TEST=cctest/test-heap/TestInternalWeakLists
Review URL: https://codereview.chromium.org/1071063004
Cr-Commit-Position: refs/heads/master@{#27699}
This is preparatory work to have MachineTypes encoded in AllocatedOperands.
Review URL: https://codereview.chromium.org/1075863002
Cr-Commit-Position: refs/heads/master@{#27698}
- ConstantOperand was using a too-small field too store its virtual register
- drop ConvertTo, replace it with simple copy
- split AllocatedOperand off from Immediate and Constant to make assignment clearer, also paving the way for small Immediates
- put zone first in *Operand::New
- driveby: drop delayed ssa deconstruction experiment
R=titzer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1050803002
Cr-Commit-Position: refs/heads/master@{#27692}
Those two tests fail in gc-stress and custom snapshot (embedding mjsunit.js).
This is likely due to different GC timing with the custom snapshot.
R=mstarzinger@chromium.org
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1078653002
Cr-Commit-Position: refs/heads/master@{#27688}
Port 9af9f1d026
Original commit message:
These operators compute the absolute floating point value of some
arbitrary input, and are implemented without any branches (i.e. using
vabs on arm, and andps/andpd on x86).
BUG=
Review URL: https://codereview.chromium.org/1073463003
Cr-Commit-Position: refs/heads/master@{#27679}
If we optimize a function before gathering feedback it may be
peppered with soft deoptimizations. So it can't help but deoptimize.
A judicious reading of the code isn't enough to determine what the
optimization state should be in the face of such chaotic gyrations.
BUG=
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/1069363003
Cr-Commit-Position: refs/heads/master@{#27671}
This allows loopy TurboFan code to be interrupted by placing a stack
check (i.e. JSStackCheck node) into each loop. Note that we currently
limit this to non-asm.js code. Also note that stack checks are actually
placed after loop headers and not at back-branches, which allows us to
reuse existing BailoutIds from Crankshaft.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1065923002
Cr-Commit-Position: refs/heads/master@{#27666}
These operators compute the absolute floating point value of some
arbitrary input, and are implemented without any branches (i.e. using
vabs on arm, and andps/andpd on x86).
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/1066393002
Cr-Commit-Position: refs/heads/master@{#27662}
This is a follow-up to 2d281e71ac and prevents bailouts on empty
script contexts in Crankshaft, which don't need allocation. Only
non-empty script contexts should cause a bailout.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1063373003
Cr-Commit-Position: refs/heads/master@{#27649}
Performance measurements show that the position independent code is
usually slightly faster than the position dependent code, and there
seems to be no noticable regression.
This also gets rid of a lot of support code that was only required to allow
embedding labels into the code stream. And it implies that neither the GC
nor the deserializer need to do anything for jump tables.
R=svenpanne@chromium.org
BUG=v8:3872
LOG=n
Review URL: https://codereview.chromium.org/1069633002
Cr-Commit-Position: refs/heads/master@{#27646}
The ES6 grammar forbids the initialization of variable declarations in IterationStatements.
This CL will report `for (var x = y in z)` as a SyntaxError in strict mode (as done in JSC). It is possible that this could break sites in sloppy mode, and so that change can wait.
BUG=
R=
LOG=N
Review URL: https://codereview.chromium.org/1033823002
Cr-Commit-Position: refs/heads/master@{#27639}
This enables eager optimization of top-level code with TurboFan and
extends test coverage by triggering it with the --always-opt flag.
Script contexts are now also properly allocated in TurboFan.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1053063003
Cr-Commit-Position: refs/heads/master@{#27633}
Instead, please use v8::Isolate::RequestInterrupt to synchronize
to the main thread.
R=yurys@chromium.org
API=Removed v8::Debug::DebugBreakForCommand
LOG=Y
Review URL: https://codereview.chromium.org/1036863002
Cr-Commit-Position: refs/heads/master@{#27625}
Support sxtb and sxth extend operators on add and subtract, as we've
done for ubtx/h. This is similar to ARM support for sxtab/h.
BUG=
Review URL: https://codereview.chromium.org/1064813003
Cr-Commit-Position: refs/heads/master@{#27624}
This CL primarily makes the loop peeling algorithm more robust; it no longer damages the graph if the loops are improperly closed.
R=bmeurer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1052753004
Cr-Commit-Position: refs/heads/master@{#27620}
We can use xorps/xorpd on Intel CPUs to flip the sign bit. Ideally we'd
use an absolute 128-bit constant in the code object, as OCaml/GCC
does, however that requires 128-bit alignment for code objects,
which is not yet implemented. So for now we materialize the mask
inline.
As drive-by-fix, don't hardcode xmm0 as scratch double register.
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/1064833002
Cr-Commit-Position: refs/heads/master@{#27618}
The motivation is that we prefer to avoid creating internal properties, and we have a usable field on maps ("transitions", which is not used for prototype maps).
This CL also ensures the invariant that prototype maps are never shared, even if they are in dictionary mode.
Review URL: https://codereview.chromium.org/1033653002
Cr-Commit-Position: refs/heads/master@{#27617}
Optimistically pushing a lot of arguments can run into the stack limit of the process, at least on operating systems where this limit is close to the limit that V8 sets for itself.
BUG=chromium:469768
LOG=y
Review URL: https://codereview.chromium.org/1056913003
Cr-Commit-Position: refs/heads/master@{#27614}
We can use xorps/xorpd on Intel CPUs to flip the sign bit. Ideally we'd
use a RIP-relative 128-bit constant in the code object, as OCaml/GCC
does, however that requires 128-bit alignment for code objects, which is
not yet implemented. So for now we materialize the mask inline.
R=dcarney@chromium.org
Review URL: https://codereview.chromium.org/1046893002
Cr-Commit-Position: refs/heads/master@{#27611}
cctest/test-log/EquivalenceOfLoggingAndTraversal fails on
AIX because it does not correctly handle the full 64 bit
address space supported by AIX. SKIP until the issue
is resolved.
modified: test/cctest/cctest.status
R=danno@chromium.org, svenpanne@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1055183002
Cr-Commit-Position: refs/heads/master@{#27608}
Previously, the only optimized code path for Maps and Sets was for String keys.
This was achieved through an implementation of various complex operations
in Hydrogen. This approach was neither scalable nor forward-compatible.
This patch adds the necessary intrinsics to implement Maps and Sets almost entirely
in JS. The added intrinsics are:
%_FixedArrayGet
%_FixedArraySet
%_TheHole
%_JSCollectionGetTable
%_StringGetRawHashField
With these additions, as well as a few changes to what's exposed as runtime functions,
most of the C++ code backing Maps and Sets is gone (including both runtime code in
objects.cc and Crankshaft in hydrogen.cc).
Review URL: https://codereview.chromium.org/947683002
Cr-Commit-Position: refs/heads/master@{#27605}
From ES6 25.2.3 ("Properties of the GeneratorFunction Prototype
Object"):
> The GeneratorFunction prototype object is an ordinary object. It is
> not a function object and does not have an [[ECMAScriptCode]] internal
> slot or any other of the internal slots listed in Table 27 or Table
> 56.
Introduce one assertion for the value's type and additional tests for its
properties. Remove an invalid assertion that fails as a result of this
fix.
BUG=v8:3991
LOG=N
Review URL: https://codereview.chromium.org/1062633002
Cr-Commit-Position: refs/heads/master@{#27603}
- Fixed single float register type instruction en[de]coding in assembler and disassembler.
- Added max and min instructions for r6 and corresponding tests.
- Fixed selection instruction for boundary cases in simulator.
- Update assembler tests to be more thorough wrt boundary cases.
TEST=cctest/test-assembler-mips64/MIPS17, MIPS18
cctest/test-disasm-mips64/Type1
cctest/test-assembler-mips/MIPS16, MIPS17
cctest/test-disasm-mips/Type1
BUG=
Review URL: https://codereview.chromium.org/1057323002
Cr-Commit-Position: refs/heads/master@{#27601}
Currently, this doesn't really help to generate better code,
nevertheless this is the right thing to do. When our type system(s)
are fixed, this should avoid falling back to floating point operations
in various cases.
Review URL: https://codereview.chromium.org/1057813002
Cr-Commit-Position: refs/heads/master@{#27578}
In ES6 Object.getOwnPropertyDescriptor should call ToObject, which
means that primitive values will return descriptors from the wrapper.
BUG=v8:3964
LOG=N
R=adamk, rossberg@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/998163004
Cr-Commit-Position: refs/heads/master@{#27569}
The removed assertion consistently passes not because the invoked
`close` method internally throws a `TypeError` but because the `close`
method does not exist. The ES6 specification does not define a `close`
method on the GeneratorPrototype, so this test is a tautology.
BUG=None
LOG=N
R=arv
Review URL: https://codereview.chromium.org/1046963002
Cr-Commit-Position: refs/heads/master@{#27567}
The modified assertions targeted the property descriptor for the
template object's first "cooked" value. The code immediately preceeding
these statements asserts these values.
Update the assertions to instead target the property descriptor for the
template object's first "raw" value (which are otherwise untested).
BUG=
Review URL: https://codereview.chromium.org/1049523003
Cr-Commit-Position: refs/heads/master@{#27566}
This reverts commit 992751d0dc.
The final spec for Object.getPrototypeOf calls ToObject on the
parameter, which means that it should only throw for null and
undefined. For other non object values the prototype of the wrapper
should be used.
Difference from last time: Updated .status and will disable Blink
side tests as needed.
BUG=v8:3964
LOG=N
R=adamk, rossberg@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1051523003
Cr-Commit-Position: refs/heads/master@{#27558}
It triggers once per context that calls observe (or attempts to access
any observation metadata, e.g. through Object.getNotifier).
Review URL: https://codereview.chromium.org/1048213002
Cr-Commit-Position: refs/heads/master@{#27557}
In DevTools we've already used sourceURL in inline scripts.
This CL makes the behavior of the V8 in the same for Error.stack property and v8::StackTrace.
BUG=v8:3920
LOG=Y
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1044173002
Cr-Commit-Position: refs/heads/master@{#27554}
Add missing parts of the port to MIPS/MIPS64 implementations.
BUG=
Review URL: https://codereview.chromium.org/1047213002
Cr-Commit-Position: refs/heads/master@{#27551}
The spec settled on ToBoolean instead of only using not undefined.
BUG=v8:3827
LOG=N
R=adamk
Review URL: https://codereview.chromium.org/1045113002
Cr-Commit-Position: refs/heads/master@{#27548}
Second try. Disabled the tests that were failing due to
https://github.com/tc39/test262/issues/215
This updates test262 to revision d24fd10 (2015/03/11).
The files moved around in the test repo and a lot of new tests are
failing.
BUG=None
LOG=N
R=adamk, rossberg
Review URL: https://codereview.chromium.org/1040093003
Cr-Commit-Position: refs/heads/master@{#27543}
This changes the IrOpcode::kThrow operator to have kNoThrow property,
which sounds unintuitive, but holds for our graphs. The operators is
used to indicate exceptional control flow out of the function, but in
itself does not throw, the throwing is done by a runtime call.
R=titzer@chromium.org
TEST=unittests/CommonOperatorTest/CommonSharedOperatorTest.Properties
Review URL: https://codereview.chromium.org/1046173002
Cr-Commit-Position: refs/heads/master@{#27541}
Currently this only sets branch hints, so we get unlikely code "out of
the way", but in the long run the register allocator needs some love
to treat the unlikely code as, well, unlikely. :-)
Review URL: https://codereview.chromium.org/1048063002
Cr-Commit-Position: refs/heads/master@{#27540}
The V8::IdleNotification will only return 'True' when the gc idle time handler
thinks there is no more GC which can be done. However, the gc idle task handler
can end up repeatedly making no progress (e.g., if it can't finalize a sweep)
which causes idle tasks to be repeatedly scheduled in Chrome which do nothing
but wake up Chrome. Fix this by returning Done if we can't make any progress
within an Idle Round.
BUG=chromium:470615
LOG=Y
Review URL: https://codereview.chromium.org/1042483002
Cr-Commit-Position: refs/heads/master@{#27529}
We only report the usages when full parse is happening, i.e. only when the function that declares a legacy const is compiled. This is an approximation that is easy to implement, but still should reflect the real-world usage.
BUG=v8:3942
LOG=N
Review URL: https://codereview.chromium.org/1041863002
Cr-Commit-Position: refs/heads/master@{#27526}
Reason for revert:
Bot failed to include verifyNotEnumerable function for some screwed up reason.
Original issue's description:
> [es6] Update test262 tests
>
> This updates test262 to revision d24fd10 (2015/03/11).
>
> The files moved around in the test repo and a lot of new tests are
> failing.
>
> BUG=None
> LOG=N
> R=rossberg
>
> Committed: https://crrev.com/4f2fb3835feff3663146f12be42b01a226d0065e
> Cr-Commit-Position: refs/heads/master@{#27522}
TBR=rossberg@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=None
Review URL: https://codereview.chromium.org/1047713002
Cr-Commit-Position: refs/heads/master@{#27525}
This test will fail once we optimize top-level code, because the
aforementioned intrinsic doesn't perform a NumberToUint32 conversion.
R=titzer@chromium.org
TEST=mjsunit/asm/math-clz32
Review URL: https://codereview.chromium.org/1041173002
Cr-Commit-Position: refs/heads/master@{#27524}
This prepares for re-landing crrev.com/956373002
This pulls all decision about the snapshot [no|internal|external] into one rule. Previously, this logic was in separate places and not /quite/ the same, which causes build problems.
BUG=
Review URL: https://codereview.chromium.org/1016603004
Cr-Commit-Position: refs/heads/master@{#27523}
This updates test262 to revision d24fd10 (2015/03/11).
The files moved around in the test repo and a lot of new tests are
failing.
BUG=None
LOG=N
R=rossberg
Review URL: https://codereview.chromium.org/1025043002
Cr-Commit-Position: refs/heads/master@{#27522}
A bug allows JSObject literals with elements to have the elements in the
boilerplate modified.
BUG=466993
LOG=N
Review URL: https://codereview.chromium.org/1037273002
Cr-Commit-Position: refs/heads/master@{#27511}
This adds the basics necessary to support float32 operations in TurboFan.
The actual functionality required to detect safe float32 operations will
be added based on this later. Therefore this does not affect production
code except for some cleanup/refactoring.
In detail, this patchset contains the following features:
- Add support for float32 operations to arm, arm64, ia32 and x64
backends.
- Add float32 machine operators.
- Add support for float32 constants to simplified lowering.
- Handle float32 representation for phis in simplified lowering.
In addition, contains the following (related) cleanups:
- Fix/unify naming of backend instructions.
- Use AVX comparisons when available.
- Extend ArchOpcodeField to 9 bits (required for arm64).
- Refactor some code duplication in instruction selectors.
BUG=v8:3589
LOG=n
R=dcarney@chromium.org
Review URL: https://codereview.chromium.org/1044793002
Cr-Commit-Position: refs/heads/master@{#27509}
No compiler support for now (BTW: %_NewString, doesn't have that,
either), inline allocation will come later. Hopefully the last
intrisic to add for a StringAddStub POC...
Review URL: https://codereview.chromium.org/1041723002
Cr-Commit-Position: refs/heads/master@{#27508}
And reland "Use a slot that is located on a heap page when removing
invalid entries from the SlotsBuffer."
This reverts commits de018fbda3 and
d23a9f7a3e.
Reason for relanding: looking fine on Canary, let's get these fixes back in.
BUG=chromium:454297,chromium:470801
LOG=y
TBR=ishell@chromium.org
Review URL: https://codereview.chromium.org/1043703003
Cr-Commit-Position: refs/heads/master@{#27507}
