BUG=
Change-Id: Ibf49df830153a829015723826dacc6939fb42189
Reviewed-on: https://chromium-review.googlesource.com/452377
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43689}
It depends on constant field tracking and currently disabled.
BUG=v8:5495
Change-Id: I6202cddfc2d32b5a06c5ab00c42caa6e276a3eb1
Reviewed-on: https://chromium-review.googlesource.com/451639
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43687}
This fixes an incorrect usage of String::Flatten in EscapeRegExpSource.
It also adds %ConstructConsString (to easily and reliably construct cons
strings in tests) and Factory::NewConsString (to enable guaranteed cons
string construction without preemptive flattening attempts).
BUG=chromium:698790
Review-Url: https://codereview.chromium.org/2736383003
Cr-Commit-Position: refs/heads/master@{#43686}
- supporting appending new data instead of simply replacing the current set
- fix issue when not filtering out groups on initial loading
Change-Id: I77d508e644b247fa236ea64ef919639cac6ee425
NOTRY=true
Change-Id: I77d508e644b247fa236ea64ef919639cac6ee425
Reviewed-on: https://chromium-review.googlesource.com/451276
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43685}
The BitcastWordToTagged operator is used for bump pointer allocation to
construct the actual HeapObject pointer. The input to this operator is
a naked pointer (derived from the allocation top). If this input value
is live across an allocation, then the resulting tagged pointer is
invalid because the GC might have scavenged new space in the meantime.
That means we must not allow Node splitting (in the Scheduler) for these
instructions, as that could extend the live range of the naked pointer
input across arbitrary code. As such, this operator must not be marked
as pure.
R=jarin@chromium.org
BUG=v8:6059
Review-Url: https://codereview.chromium.org/2739093002
Cr-Commit-Position: refs/heads/master@{#43683}
- Changes input filtering to test NaNs, but skip very large or very
small inputs, which may cause imprecision on some platforms.
- Changes expected result filtering to only skip NaNs.
LOG=N
BUG=6020
Review-Url: https://codereview.chromium.org/2738703006
Cr-Commit-Position: refs/heads/master@{#43681}
Port e82b7ccd32
Original Commit Message:
I originally needed this for the initialization of a constexpr array in
the wasm lazy compile builtin, but since it's a bigger change, I now
split it off as this separate CL.
The style guide recommends constexpr over const. I thus apply the
constexprificaton over all headers that I touched anyway.
I also remove the ARM64_DEFINE_REG_STATICS hack. It was introduced when
merging in arm64 support more than three years ago, and I don't see the
purpose for this.
Also, some #defines can now be constexpr definitions, which was not
possible before according to the comment.
R=clemensh@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Review-Url: https://codereview.chromium.org/2733323003
Cr-Commit-Position: refs/heads/master@{#43678}
The compiler dispatcher is not being used yet by Ignition, so we shouldn't
enable it when enabling Ignition + TurboFan by default.
Change-Id: I2806608ba95080df3538ef66373165107ac3beb6
Reviewed-on: https://chromium-review.googlesource.com/451279
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43677}
This bumps the required stack space gap when the bootstrapper kicks off
compilation of native scripts during genesis. The stack requirements are
now higher for simulators in no-snapshot mode with Ignition being used.
R=jochen@chromium.org
TEST=mjsunit/regress/regress-681984
BUG=v8:6066
Change-Id: I65df388d1b57c09db124ac9a85d380b4edb7d260
Reviewed-on: https://chromium-review.googlesource.com/451275
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43675}
From declarations of bit() member functions (for structures Register,
FPURegister and FPUControlRegister) are removed constexpr specificators.
Build V8 will fail if function bit() is declared as a constant
expression.
TEST=
BUG=
Review-Url: https://codereview.chromium.org/2737143002
Cr-Commit-Position: refs/heads/master@{#43674}
Adds a bar below the current timeline view which can show the time
when an individual function was on the stack. Functions in the call
stack are now clickable to show them in this view.
Sections where the function was on the stack, but not at the top, are
displayed at half height.
Review-Url: https://codereview.chromium.org/2737083003
Cr-Commit-Position: refs/heads/master@{#43673}
This fixes various allocator methods to properly propagate {nullptr} to
callers without accidentally dereferencing it. We also disable one test
case for stress mode as it runs out of memory due to inlining limits
being lifted in the stress mode.
R=bmeurer@chromium.org
TEST=mjsunit/array-natives-elements
BUG=v8:6061
Change-Id: Id0a7b826a8612d00b4f4ae8aa0bea011c50890ca
Reviewed-on: https://chromium-review.googlesource.com/451365
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43672}
The immediate passed to cmpw can be either a signed 16-bit or an
unsigned 16-bit integer, but the DCHECK was testing for signed 16-bit
values only.
R=mstarzinger@chromium.org
BUG=v8:6063
Review-Url: https://codereview.chromium.org/2735363002
Cr-Commit-Position: refs/heads/master@{#43671}
Reuse the last LAB's unused area for further newspace allocation.
This is relevant when we expect GCs that use evacuation to compact down
new space to just live bytes for single tasks.
BUG=chromium:651354
Change-Id: Ic418521d98f418a93d3748b824e3ddb6ff7a40c3
Reviewed-on: https://chromium-review.googlesource.com/451398
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43670}
Markbits should be verified in VerifyMarking and friends. The function
may also be used then e.g. iterating just black objects while
incremental marking is active for the fast promotion mode.
BUG=chromium:694255
Change-Id: Ia719a983fec27b2bae03f8c6c3332003a10e8823
Reviewed-on: https://chromium-review.googlesource.com/451363
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43669}
BUG=
Change-Id: I7aed8e7bd35f59196b1b178942355aef4c97bca8
Reviewed-on: https://chromium-review.googlesource.com/451379
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43667}
This introduces a new truncation bit for truncation of minus-zero to zero.
At the moment it is only used to handle the limit cases of deopt, such as the
one in the Google maps workload (see simplified version below), where the -q
(which is desugared to q * -1.0) currently deoptimizes because the result would
produce minus zero. To handle this situation, we exploit the knowledge that
righthand side of + cannot be -0, so even if lefthand side was -0, the result
would still be 0 (so the + operation cannot distinguish between left hand side
0 and -0).
function f(q) {
q -= 4;
return (-q) + q;
}
f(10);
f(10);
%OptimizeFunctionOnNextCall(f);
f(4);
Review-Url: https://codereview.chromium.org/2734253002
Cr-Commit-Position: refs/heads/master@{#43661}
For nodes
NumberMin(lhs, rhs)
NumberMax(lhs, rhs)
we might have feedback types for lhs and rhs that would allow us to
generate unsigned32 or signed32 versions of this operator, which is way
more efficient that going to the full Float64Min/Float64Max operator.
However we cannot promise word32 truncations in this case, since we
based this decision on the feedback types.
This allows us to generate better code for Math.min and Math.max when
one of the inputs is a speculative number operator that provides better
typing during representation selection. We've seen such code in the
hottest function on Google Maps for example.
BUG=v8:5267
R=jarin@chromium.org,mvstanton@chromium.org
Review-Url: https://codereview.chromium.org/2734193003
Cr-Commit-Position: refs/heads/master@{#43660}
- Implements Float32x4 Mul, Min, Max for ARM.
- Implements Float32x4 relational ops for ARM.
- Implements reciprocal, reciprocal square root estimate/refinement ops for ARM.
- Reorganizes tests to eliminate need for specialized float ref fns in tests.
- Rephrases Gt, Ge in terms of Lt, Le, and eliminates the redundant machine
operators.
- Renames test-run-wasm-simd test names to match instructions.
LOG=N
BUG=v8:6020
Review-Url: https://codereview.chromium.org/2729943002
Cr-Commit-Position: refs/heads/master@{#43658}
Once we enabled --turbo by default we need to turn all the implications
off with --no-turbo as well. Chrome sets flags in V8 using SetFlagFromString,
which enforces the implications each time it is called. Therefore, if --turbo
is enabled by default, and an unrelated flag is set, the turbo implications are
enabled but not later disabled if we set --no-turbo. To fix this, add negative
implications as well.
BUG=chromium:692409
Change-Id: Iadb0ca542f49ba65c7419cda8c7a03636a8d5ba9
Reviewed-on: https://chromium-review.googlesource.com/451320
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43655}
Fix two issues in the interpreter entry for 64 bit return values on
32 bit platforms. First, the effect chain was slightly incorrect, second
the order of the returned values was wrong.
Also add a test case for this.
Tested on x64, ia32 and s390.
Plus drive-by fix in Int64Lowering to reuse global constants for
big-endian/little-endian disambiguation.
R=titzer@chromium.org
BUG=v8:5822
Review-Url: https://codereview.chromium.org/2731713002
Cr-Commit-Position: refs/heads/master@{#43654}
Issue 6051 description: "Blink blindly assumes that it can get an
aligned pointer from the 0-th internal field of any object that has two
internal fields."
R=titzer@chromium.org, jochen@chromium.org
BUG=v8:6051
Change-Id: I814b76e508ffd9fe2326bd0e728129f2a013b807
Reviewed-on: https://chromium-review.googlesource.com/451319
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43653}
Polymorphic IC feedback can contain up to four (map, handler) pairs.
HandlePolymorphicCase already unrolled checks for the first two pairs; these
are guaranteed to exist and can omit bound checks.
This CL unrolls checks against the final two pairs as well.
BUG=v8:5917
Review-Url: https://codereview.chromium.org/2728293005
Cr-Commit-Position: refs/heads/master@{#43650}
This requires serialized data to track the number of API-provided
external references separately.
And it flushes out a case of serialized data corruption (stored "length"
field too large) that we didn't handle without crashing.
BUG=v8:6055
Review-Url: https://codereview.chromium.org/2736923002
Cr-Commit-Position: refs/heads/master@{#43649}
The receiver in the case of Promise.resolve is the promise
constructor, not an instance of Promise.
BUG=chromium:691875
Change-Id: I43e914aac51077b28c7954c8023780b9174df825
Reviewed-on: https://chromium-review.googlesource.com/450884
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43648}
malloc(0) returning 0 is expected behavior on AIX but
compiling with -D_LINUX_SOURCE_COMPAT, malloc(0) should
return a valid pointer (which we do define for AIX). However,
including cstdlib resets the behaviour of _LINUX_SOURCE_COMPAT.
GCC bug: 79839
R=jochen@chromium.org, titzer@chromium.org
BUG=
LOG=N
Review-Url: https://codereview.chromium.org/2732743002
Cr-Commit-Position: refs/heads/master@{#43647}
So far we only recognize the special
NumberFloor(NumberDivide(lhs, rhs))
subgraph when both lhs and rhs are in the Unsigned32 range, and the
result is a PlainNumber. Extend this pattern matching to also cover
NumberFloor(SpeculativeNumberDivide(lhs, rhs))
and to replace the NumberFloor with NumberToInt32 truncation if the
lhs value is in Signed32 range and the rhs is in Unsigned32 range.
R=jarin@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2739573004
Cr-Commit-Position: refs/heads/master@{#43642}
