The hash calculation was dependent on upper part of |inner_pointer| and caused non-deterministic cache miss events which in turn caused non-deterministic progress of pages sweeping (see GcSafeFindCodeForInnerPointer()).
Review URL: https://codereview.chromium.org/1582573002
Cr-Commit-Position: refs/heads/master@{#33246}
There's no need to mark these as possibly-direct-eval, since all such an
eval-tagged string will ever get passed is the array of string parts, which
will be immediately returns (since it's not a string). It will
never do a lookup in the current scope, nor (in sloppy mode) introduce
new declarations.
This patch is not intended to change behavior, but I've added tests that
demonstrate the stuff explained in the preceding paragraph.
Review URL: https://codereview.chromium.org/1580463003
Cr-Commit-Position: refs/heads/master@{#33245}
This fixes a number of crashes where other code was assuming there would
be at least one deopt point in all optimized functions (i.e., the
StackCheck) but we weren't producing any.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1572333002
Cr-Commit-Position: refs/heads/master@{#33243}
No need to distribute the setup of the Function global property across
three different places, instead do everything in a single place during
bootstrapping.
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/1577703005
Cr-Commit-Position: refs/heads/master@{#33242}
That will allow for adding private symbols to JSProxies in a follow-up
change
BUG=chromium:571365
R=neis@chromium.org,verwaest@chromium.org,rossberg@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1575423002
Cr-Commit-Position: refs/heads/master@{#33241}
Adds support for LOOKUP_SLOT_CALL calls to the interpreter. Also changes
VisitCall to keep callee and reciever consecutive to avoid register
shuffles when performing LOOKUP_SLOT_CALL calls. Adds tests for the
interpreter and bytecode graph generator.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1568323002
Cr-Commit-Position: refs/heads/master@{#33237}
- Simplify the variable-length pop sequence on entry. (It now uses
smaller code with no branches.)
- Use conditional compare to merge branches where appropriate.
- Make use of Ldrsw + UntagSmiFieldMemOperand to load smis more
efficiently.
- Only load 'undefined' and 'null' once per builtin.
- A few other small improvements.
BUG=
Review URL: https://codereview.chromium.org/1576403002
Cr-Commit-Position: refs/heads/master@{#33235}
We use a scratchpad to remember visited allocation sites for post processing
(making tenure decisions). The previous implementation used a rooted FixedArray
with constant length (256) to remember all sites. Updating the scratchpad is a
bottleneck in any parallel/concurrent implementation of newspace evacuation.
The new implementation uses a HashMap with allocation sites as keys and
temporary counts as values. During evacuation we collect a local hashmap of
visited allocation sites. Upon merging the local hashmap back into a global one
we update potential forward pointers of compacted allocation sites. The
scavenger can directly enter its entries into the global hashmap. Note that the
actual memento found count is still kept on the AllocationSite as it needs to
survive scavenges and full GCs.
BUG=chromium:524425
LOG=N
R=hpayer@chromium.org
Review URL: https://codereview.chromium.org/1535723002
Cr-Commit-Position: refs/heads/master@{#33233}
This migrates the remaining Date builtins to C++ and removes obsolete
intrinsics and JavaScript wrappers. This reduces the overhead imposed
by the Date builtins, and will allow us to optimize them later in the
TurboFan compiler, while the interpreter doesn't need to worry about
them.
R=yangguo@chromium.org
BUG=chromium:576574
LOG=n
Committed: https://crrev.com/1e51af1a5c80b1650de47dd4bc8f846fa2d85281
Cr-Commit-Position: refs/heads/master@{#33228}
Review URL: https://codereview.chromium.org/1579613002
Cr-Commit-Position: refs/heads/master@{#33231}
Reason for revert:
[Sheriff] Breaks https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20noi18n%20-%20debug/builds/5711
Original issue's description:
> [builtins] Refactor the remaining Date builtins.
>
> This migrates the remaining Date builtins to C++ and removes obsolete
> intrinsics and JavaScript wrappers. This reduces the overhead imposed
> by the Date builtins, and will allow us to optimize them later in the
> TurboFan compiler, while the interpreter doesn't need to worry about
> them.
>
> R=yangguo@chromium.org
> BUG=chromium:576574
> LOG=n
>
> Committed: https://crrev.com/1e51af1a5c80b1650de47dd4bc8f846fa2d85281
> Cr-Commit-Position: refs/heads/master@{#33228}
TBR=yangguo@chromium.org,bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:576574
Review URL: https://codereview.chromium.org/1574223002
Cr-Commit-Position: refs/heads/master@{#33230}
This migrates the remaining Date builtins to C++ and removes obsolete
intrinsics and JavaScript wrappers. This reduces the overhead imposed
by the Date builtins, and will allow us to optimize them later in the
TurboFan compiler, while the interpreter doesn't need to worry about
them.
R=yangguo@chromium.org
BUG=chromium:576574
LOG=n
Review URL: https://codereview.chromium.org/1579613002
Cr-Commit-Position: refs/heads/master@{#33228}
This patch makes Promise.prototype.then use @@species as specified
in ES2015. The fix is hoped for by certain users, such as legacy
core.js versions which encounter an unhandled Promise reject (complete
with an ugly console message) when Promise subclassing is supported
in a mostly correct way, and we do error checking on Promise
constructors, but @@species is not supported.
BUG=chromium:575314,v8:4633
LOG=Y
R=adamk
Review URL: https://codereview.chromium.org/1577223002
Cr-Commit-Position: refs/heads/master@{#33225}
This CL introduces ExternalStringResourceBase::IsCompressible.
This CL is a preparation for CompressibleString, which can
be compressed for memory reduction in Blink. We've found that
JavaScript strings account for a relatively large part of Blink
memory usage, and we are now trying to replace JavaScript String/
AtomicString with CompressibleString.
When a string is compressed, the original char data is deleted
and V8 pointer cache becomes invalid. This CL introduces
isCompressible property and if an external string's isCompressble
return true, this is stored short_external_*_map instead of
external_*_map so that V8 always requires the char pointer whenever
V8 needs the string data.
BUG=chromium:574317
LOG=n
Review URL: https://codereview.chromium.org/1490193002
Cr-Commit-Position: refs/heads/master@{#33224}
This patch improves ArrayBuffer and TypedArray subclassing by adding
support for @@species and constructing outputs to certain methods
by creating an instance of the constructor determined by the
SpeciesConstructor algorithm, rather than fixed to a superclass or
naively the constructor. The new behavior is enabled by the
--harmony-species flag. Care is taken to not significantly change the
observable behavior when the flag is off. Previously, TypedArrays
already supported subclassing by reading the constructor of the
receiver, but ArrayBuffers did not, and this old behavior is
preserved and tested for, to avoid a multi-stage upgrade path and keep
things simple for users.
R=adamk
BUG=v8:4093
LOG=Y
Review URL: https://codereview.chromium.org/1574903004
Cr-Commit-Position: refs/heads/master@{#33223}
Besides reducing code duplication, this makes it easier to change the
implementation, which may be necessary to properly support eval calls
in arrow function parameter initializers.
Review URL: https://codereview.chromium.org/1573363002
Cr-Commit-Position: refs/heads/master@{#33219}
This patch moves the semantics of 'const' in sloppy mode to match those
in strict mode, that is, const makes lexical (let-like) bindings, must
have an initializer, and does not create properties of the global object.
R=adamk
LOG=Y
BUG=v8:3305
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1571873004
Cr-Commit-Position: refs/heads/master@{#33218}
As V8 becomes more and more spec-compliant, Promise polyfill libraries
like core.js expect fully correct. However, our Promises do not yet
support Symbol.species. Therefore, a case like
```
var test = new Promise(function(){});
test.constructor = function(){};
Promise.resolve(test)
```
would lead to an unhandled Promise rejection, whereas it should not
because test.constructor[Symbol.species] is undefined, so test.then
should end up constructing %Promise% as a fallback, rather than
calling test.constructor as if it were a constructor, which leads
this error checking code to throw.
For now, this patch removes the error checking code (which was not
present until recently). In an interactive test using core.js, the
error message on the console goes away with this patch. When @@species
support is in place, this patch can be reverted. A regression test
is added which checks for the same thing.
Partially reverted patch was originally out for review at
https://codereview.chromium.org/1531073004
BUG=v8:4633
LOG=Y
R=adamk,caitp88@gmail.com
Review URL: https://codereview.chromium.org/1578893002
Cr-Commit-Position: refs/heads/master@{#33217}
Does not remove the extra private state added, as doing so seems to break the
debugger.
Fixes new Test262 tests:
- built-ins/Promise/race/same-resolve-function
- built-ins/Promise/race/same-reject-function
BUG=v8:4632
LOG=N
R=littledan@chromium.org, cbruni@chromium.org
Review URL: https://codereview.chromium.org/1538853002
Cr-Commit-Position: refs/heads/master@{#33214}
This CL changes the color for encoding black and grey. Moreover, it introduces a higher level live object iterator.
BUG=chromium:561449
LOG=n
Review URL: https://codereview.chromium.org/1517993003
Cr-Commit-Position: refs/heads/master@{#33208}
A concurrent sweeper thread can access the same markbit cell as the main thread
during right trimming a fixed array, resulting in a data race on a markbit cell.
Previously we checked whether we were currently marking incrementally, filtering
out this case.
The current check has the benefit of keeping live_bytes accurate (modulo other
bugs) until the sweeper starts.
BUG=chromium:576193
LOG=N
Review URL: https://codereview.chromium.org/1576853002
Cr-Commit-Position: refs/heads/master@{#33203}
Escape analysis will eliminate the context, if possible. Materialization
must then ensure that the materialized object has the right map, and that
the context register is set accordingly.
R=jarin@chromium.org
BUG=569530,v8:4586
LOG=n
Review URL: https://codereview.chromium.org/1572293002
Cr-Commit-Position: refs/heads/master@{#33201}