port 5166987369 (r32234)
original commit message:
Some highlights of this CL:
* Refactor the mutable state out of Frame into FrameAccessState,
which is maintained and updated during code generation to
record whether sp- or fp-based frame access is currently active
and how deep the stack on top of the frame is.
* The operand resultion in linkage.cc now uses FrameAccessState
to determine how to generate frame-accessing operands.
* Update all platforms to accurately track additionally pushed
stack slots (e.g. arguments for calls) in the FrameAccessState.
* Add a flag, --turbo_sp_frame_access, which forces all frame
access to be sp-based whenever possible. This will likely never
be used in production, but for testing it's useful in verifying
that the stack-tracking of each platform maintained in the
FrameAccessState is correct.
* Use sp-based frame access for gap resolving before tail
calls. This will allow for slightly more efficient restoration
of the frame pointer in the tail call in a later CL.
* Remove most ad hoc groping into CallDescriptors to
determine if a frame is needed, instead consistently use
predicates like needs_frame(), IsCFunctionCall() and
IsJSFunctionCall().
BUG=
Review URL: https://codereview.chromium.org/1479483002
Cr-Commit-Position: refs/heads/master@{#32253}
This change replaces the bitwise masking of uses by storing the most general truncation for all uses.
Review URL: https://codereview.chromium.org/1464763003
Cr-Commit-Position: refs/heads/master@{#32248}
port 0ef5ad5ab9 (r32219)
original commit message:
This CL also fixed register usages in MacroAssembler::Allocate() broken by 2fc2cb99 (r32144).
BUG=
Review URL: https://codereview.chromium.org/1473763003
Cr-Commit-Position: refs/heads/master@{#32245}
port 1b1db13549 (r32220)
original commit message:
Change the runtime entries and their associated code stubs for object
and array literal creation to take the closure instead of the raw
literals pointer. This is way easier to deal with (and cleaner) in
TurboFan.
BUG=
Review URL: https://codereview.chromium.org/1472273002
Cr-Commit-Position: refs/heads/master@{#32244}
port 0fb2edd15d (r32217)
original commit message:
We still share the code globally, but if we wanted, it would be easy to
make it per isolate now
BUG=
Review URL: https://codereview.chromium.org/1477683002
Cr-Commit-Position: refs/heads/master@{#32242}
port 9846f386f0 (r32205)
original commit message:
The literal index is being pushed onto the stack while evaluating
the non-constant subexpressions, but never used in fullcodegen (and
hence not used in the optimizing compilers).
BUG=
Review URL: https://codereview.chromium.org/1477673002
Cr-Commit-Position: refs/heads/master@{#32241}
port 7c45b00529 (r32203)
original commit message:
This passes the new.target value in a register instead of through a
side-channel via the construct stub. Note that only TurboFan code uses
the register value so far, but unoptimized code will be switched soon.
BUG=
Review URL: https://codereview.chromium.org/1477663002
Cr-Commit-Position: refs/heads/master@{#32240}
The first bug was that there are two different "initialization positions"
passed into PatternRewriter::DeclareAndInitializeVariables, and we weren't
setting them all properly for this case.
After further code review, it became clear that we weren't even recording
the correct position (the end of the initializer expression).
The combination of those two bugs caused the hole check elimination code
in full-codegen to skip emitting a hole check.
This patch takes care of both of those things. A follow-up will try
to reduce the number of "initializer positions" we track in the
variable declaration code.
R=littledan@chromium.org
BUG=v8:4568
LOG=n
Review URL: https://codereview.chromium.org/1468143004
Cr-Commit-Position: refs/heads/master@{#32237}
For web compat reasons, we support an initializer in the declaration
part of a for-in loop. But we should disallow this for destructured
declarations (just as we do for lexical declarations). In fact, without
disallowing it, we crash.
Also fix up the PreParser to have the same restrictions here as the parser
(the lexical check was missing there), verified by running the message tests
with --min-preparse-length=0.
In fixing the logic I've also cleaned up the code a bit, removing the
only-called-once DeclarationParsingResult::SingleName method.
BUG=v8:811
LOG=n
Review URL: https://codereview.chromium.org/1471973003
Cr-Commit-Position: refs/heads/master@{#32236}
Some highlights of this CL:
* Refactor the mutable state out of Frame into FrameAccessState,
which is maintained and updated during code generation to
record whether sp- or fp-based frame access is currently active
and how deep the stack on top of the frame is.
* The operand resultion in linkage.cc now uses FrameAccessState
to determine how to generate frame-accessing operands.
* Update all platforms to accurately track additionally pushed
stack slots (e.g. arguments for calls) in the FrameAccessState.
* Add a flag, --turbo_sp_frame_access, which forces all frame
access to be sp-based whenever possible. This will likely never
be used in production, but for testing it's useful in verifying
that the stack-tracking of each platform maintained in the
FrameAccessState is correct.
* Use sp-based frame access for gap resolving before tail
calls. This will allow for slightly more efficient restoration
of the frame pointer in the tail call in a later CL.
* Remove most ad hoc groping into CallDescriptors to
determine if a frame is needed, instead consistently use
predicates like needs_frame(), IsCFunctionCall() and
IsJSFunctionCall().
BUG=v8:4076
LOG=n
Review URL: https://codereview.chromium.org/1460183002
Cr-Commit-Position: refs/heads/master@{#32234}
Don't replace `TruncateFloat64ToInt32(RoundInt64ToFloat64(value))` with
`value`. Generally, `value` may have a range bigger than the one that
could fit into Int32. Replace it with `TruncateInt64ToInt32(value)`
instead, and only if the `value` fits into Float64 without precision
loss.
Add missing mjsunit test for 52bit multiplication/division optimization
that has landed in refs/heads/master@{#31899}.
BUG=
R=titzer@google.com
Review URL: https://codereview.chromium.org/1433353006
Cr-Commit-Position: refs/heads/master@{#32227}
Reason for revert:
Fails on V8 Fuzzer: https://build.chromium.org/p/client.v8/builders/V8%20Fuzzer/builds/6028
Original issue's description:
> Move --harmony-destructuring-bind to shipping
>
> Also fix CheckConflictingVarDeclarations() to properly handle
> legacy const bindings. Without that change enabling the flag
> causes code like:
>
> function f() { const x; var x; }
>
> to throw an early error, rather than wait to throw the error
> until f is invoked.
>
> BUG=v8:811
> LOG=y
> CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
>
> Committed: https://crrev.com/515093630a4a925a66d550561e38293d49633f10
> Cr-Commit-Position: refs/heads/master@{#32222}
TBR=rossberg@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:811
Review URL: https://codereview.chromium.org/1470333002
Cr-Commit-Position: refs/heads/master@{#32226}
Adds code and tests to support CreateClosure bytecode when building
graphs.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1458603012
Cr-Commit-Position: refs/heads/master@{#32224}
Also fix CheckConflictingVarDeclarations() to properly handle
legacy const bindings. Without that change enabling the flag
causes code like:
function f() { const x; var x; }
to throw an early error, rather than wait to throw the error
until f is invoked.
BUG=v8:811
LOG=y
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1451843002
Cr-Commit-Position: refs/heads/master@{#32222}
sufficient physical registers for all the virtual registers.
This should come in handy for frame elision. There, I noticed that even
for very small functions (==very few virtual registers), because we spill
the context/function marker ranges, we lose the frame elision
opportunity.
There is a subsequent change needed to fully help frame elision -
decoupling spilling of context & function marker from prologue.
BUG=
Review URL: https://codereview.chromium.org/1469743002
Cr-Commit-Position: refs/heads/master@{#32221}
Change the runtime entries and their associated code stubs for object
and array literal creation to take the closure instead of the raw
literals pointer. This is way easier to deal with (and cleaner) in
TurboFan.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1469833005
Cr-Commit-Position: refs/heads/master@{#32220}
This CL also fixed register usages in MacroAssembler::Allocate() broken by 2fc2cb99 (r32144).
BUG=chromium:560239
LOG=Y
Review URL: https://codereview.chromium.org/1468073004
Cr-Commit-Position: refs/heads/master@{#32219}
We still share the code globally, but if we wanted, it would be easy to
make it per isolate now
BUG=v8:2487
R=yangguo@chromium.org,jkummerow@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1468313004
Cr-Commit-Position: refs/heads/master@{#32217}
Having access to the unfinished schedule inside of raw machine assembler
turned out to be dangerous, because it cannot be used without exporting
which in turn computes the RPO of the schedule.
R=vogelheim@chromium.org
Review URL: https://codereview.chromium.org/1475643002
Cr-Commit-Position: refs/heads/master@{#32216}
Makes it possible for the the inline allocation observers to be sample the
actual object allocation on which the notification triggers.
R=hpayer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1460063006
Cr-Commit-Position: refs/heads/master@{#32209}
Put the constant parts of the CreateLiteralArray and CreateLiteralObject
operators into CreateLiteralParameters and properly use them everywhere.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1475613002
Cr-Commit-Position: refs/heads/master@{#32207}
The literal index is being pushed onto the stack while evaluating
the non-constant subexpressions, but never used in fullcodegen (and
hence not used in the optimizing compilers).
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1471893003
Cr-Commit-Position: refs/heads/master@{#32205}
This passes the new.target value in a register instead of through a
side-channel via the construct stub. Note that only TurboFan code uses
the register value so far, but unoptimized code will be switched soon.
R=bmeurer@chromium.org
BUG=v8:4544
LOG=n
Review URL: https://codereview.chromium.org/1460503008
Cr-Commit-Position: refs/heads/master@{#32203}
We use comparisons with the_hole to implement temporal dead zones, so we
should also optimize those, as they currently turn into CompareIC calls.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1473593002
Cr-Commit-Position: refs/heads/master@{#32198}
port 374b6ea210 (r32172)
original commit message:
There's no point in collecting feedback for super constructor calls,
because in all (interesting) cases we can gather (better) feedback from
other sources (i.e. via inlining or via using a LOAD_IC to get to the
[[Prototype]] of the target). So CallConstructStub is now only used
for new Foo(...args) sites where we want to collect feedback in the
baseline compiler. The optimizing compilers, Reflect.construct and
super constructor calls use the Construct builtin directly, which allows
us to remove some weird code from the CallConstructStub (and opens the
possibility for more code sharing with the CallICStub, maybe even going
for a ConstructICStub).
Also remove the 100% redundant HCallNew instruction, which is just a
wrapper for the Construct builtin anyway (indirectly via the
CallConstructStub).
Drive-by-fix: Drop unused has_function_cache bit on Code objects.
BUG=
Review URL: https://codereview.chromium.org/1471193002
Cr-Commit-Position: refs/heads/master@{#32197}
This CL also fixes HeapObject::IterateFast() and HeapObject::IterateBodyFast().
BUG=v8:4531
LOG=Y
Review URL: https://codereview.chromium.org/1469883002
Cr-Commit-Position: refs/heads/master@{#32195}
This patch removes Promise functions and methods which are absent
from the ES2015 specification when the --es-staging flag is on.
BUG=v8:3237
R=rossberg
LOG=Y
Review URL: https://codereview.chromium.org/1469543003
Cr-Commit-Position: refs/heads/master@{#32194}
port c1e7c8d972 (r32171)
original commit message:
This ensures that the ArgumentsAdaptorTrampoline does not clobber the
new.target value, but rather passes it through to the callee unaltered.
Note that callees do not yet use the new.target value so far.
This is a preparatory CL to allows us passing new.target in a register
instead of via a side-channel through the construct stub frame.
BUG=
Review URL: https://codereview.chromium.org/1475523002
Cr-Commit-Position: refs/heads/master@{#32192}
Add support for using inline allocations for arrays in lowering of
JSCreateArray when target equals new.target. Currently we are only
concerend with the straight-forward Array() and Array(length) cases,
but at some point TurboFan should also be able to support the more
complex initializing cases.
R=mvstanton@chromium.org
BUG=v8:4470
LOG=n
Review URL: https://codereview.chromium.org/1465203002
Cr-Commit-Position: refs/heads/master@{#32191}