This way we avoid the second deoptimization for the Math.floor and
Math.ceil builtins when -0 is involved. We still deoptimize the inlined
Crankshaft version in various cases, that's a separate issue.
The algorithm used for implement CodeStubAssembler::Float64Floor is
vaguely based on the fast math version used in the libm of various BSDs,
but had to be reengineered to match the EcmaScript specification.
R=epertoso@chromium.org
BUG=v8:2890, v8:4059
LOG=n
Review URL: https://codereview.chromium.org/1828253002
Cr-Commit-Position: refs/heads/master@{#35083}
This CL adds support for builtins with JavaScript linkage written using
the TurboFan CodeStubAssembler, but with a JSCall descriptor (which was
already supported thanks to a previous patch by Ben Smith). As a first
example, we convert the Math.sqrt builtin and thereby get rid of the
%_MathSqrt intrinsic, which causes trouble for the representation
selection pass in the JavaScript pipeline.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1824993002
Cr-Commit-Position: refs/heads/master@{#34989}
The CL also add guard nodes to places where we assume that certain
values are numbers.
Review URL: https://codereview.chromium.org/1821133002
Cr-Commit-Position: refs/heads/master@{#34977}
This new intrinsic is used by the desugared ES6 instanceof implementation for
the cases when the F[@@hasInstance] property is null or undefined.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1809993002
Cr-Commit-Position: refs/heads/master@{#34866}
Int64Sub is lowered to a new turbofan operator, Int32SubPair. The new
operator takes 4 inputs an generates 2 outputs. The inputs are the low
word of the left input, high word of the left input, the low word of the
right input, and high word of the right input. The ouputs are the low
and high word of the result of the subtraction.
The implementation is very similar to the implementation of Int64Add.
@v8-arm-ports: please take a careful look at the implementation of sbc
in the simulator.
R=titzer@chromium.org, v8-arm-ports@googlegroups.com
Review URL: https://codereview.chromium.org/1778893005
Cr-Commit-Position: refs/heads/master@{#34808}
Word64Popcnt is lowered to Word32Popcnt(low-word) + Word32Popcnt(high_word).
Since the optional Word64Popcnt operator does not exist on 32 bit platforms,
I introduced a new operator "Word64PopcntPlaceholder" which is generated
in the WasmCompiler and then lowered in the Int64Lowering.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1803453003
Cr-Commit-Position: refs/heads/master@{#34777}
Int64Add is lowered to a new turbofan operator, Int32AddPair. The new
operator takes 4 inputs an generates 2 outputs. The inputs are the low
word of the left input, high word of the left input, the low word of the
right input, and high word of the right input. The ouputs are the low
and high word of the result of the addition.
R=titzer@chromium.org, v8-arm-ports@googlegroups.com
Review URL: https://codereview.chromium.org/1778493004
Cr-Commit-Position: refs/heads/master@{#34747}
I64Shl is lowered to a new turbofan operator, WasmWord64Shl. The new
operator takes 3 inputs, the low-word input, the high-word input, and
the shift, and produces 2 output, the low-word output and the high-word
output.
At the moment I implemented the lowering only for ia32, but I think the
CL is already big enough. I will add the other platforms in separate
CLs.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1756863002
Cr-Commit-Position: refs/heads/master@{#34546}
Reason for revert:
Tanks benchmarks (e.g., Octane box2d TF).
Original issue's description:
> [turbofan] Connect ObjectIsNumber to effect and control chains.
>
> In theory, we could connect the nodes when doing
> the schedule-in-the-middle pass, but that would require creating two
> versions of the operator (effectful and pure). I believe we do not
> lose anything by wiring the node up eagerly.
>
> Committed: https://crrev.com/2894e80a0a4a51a0d72e72aa48fcd01968f7949f
> Cr-Commit-Position: refs/heads/master@{#34141}
TBR=bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1718483002
Cr-Commit-Position: refs/heads/master@{#34147}
In theory, we could connect the nodes when doing
the schedule-in-the-middle pass, but that would require creating two
versions of the operator (effectful and pure). I believe we do not
lose anything by wiring the node up eagerly.
Review URL: https://codereview.chromium.org/1709093002
Cr-Commit-Position: refs/heads/master@{#34141}
This reducer doesn't really add value, because:
(a) it is only concerned with JSCallFunction and JSToNumber, but when
we get to it, all JSCallFunction nodes will have been replaced by
Call nodes, and in the not so far future, we will also have
replaced almost all JSToNumber nodes with better code,
(b) and the reducer tries to be smart and use one of the outermost
contexts, but that might not be beneficial always; actually it
might even create longer live ranges and lead to more spilling
in some cases.
But most importantly, the JSContextRelaxation currently blocks inlining
based on SharedFunctionInfo, because it requires the inliner to check
the native context, which in turn requires JSFunction knowledge. So I'm
removing this reducer for now to unblock the more important inliner
changes.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1715633002
Cr-Commit-Position: refs/heads/master@{#34139}
This removes the language mode parameter from all JSCall operators. The
information is no longer used anywhere and is not threaded through the
interpreter bytecode. We should only thread it through the bytecode if
it has a semantic impact on the compilation.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1709493002
Cr-Commit-Position: refs/heads/master@{#34073}
Drive-by-fix: Remove the (now) unused %_SetValueOf and %_JSValueGetValue
intrinsics from the various compilers and the runtime.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1698343002
Cr-Commit-Position: refs/heads/master@{#34037}
Support SBFX in the instruction selector for sign-extension patterns like
Sar(Shl(x, a), b), where a and b are immediate values.
BUG=
Review URL: https://codereview.chromium.org/1695293002
Cr-Commit-Position: refs/heads/master@{#34029}
Passing floating point params to/from C has never quite worked correctly,
but we've never enforced the restriction early in the CallDescriptor
creation process because of unittests. Fix unittests to make their own
simple call descriptors and not rely on the C ones.
R=bmeurer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1701593003
Cr-Commit-Position: refs/heads/master@{#33993}
Improve instruction selector for mask and shift operations by using cheaper
instructions where possible, in preference to UBFX.
Reverted because it was suspected of causing a couple of flaky tests to fail,
but investigation suggests this is unlikely.
Original review: https://codereview.chromium.org/1677023002
BUG=
Review URL: https://codereview.chromium.org/1684073006
Cr-Commit-Position: refs/heads/master@{#33988}
This adds initial support for inline allocation of object and array
literals to the JSCreateLowering pass. It's basically identical to
what Crankshaft does.
This also unstages the TurboFan escape analysis, as the lowering seems
to trigger a bunch of bugs in it; those bugs will be fixed separately,
and we will re-enable escape analysis afterwards.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1698783002
Cr-Commit-Position: refs/heads/master@{#33972}
This was causing code like:
REX.W cmpq r9,r8
setzl r8l
movzxbl r8,r8
REX.W cmpq r8,0x0
jz 185
(note the cmpq instead of cmpl above) on x64 instead of:
REX.W cmpq r9,r8
jnz 149
http://crrev.com/1677503002 is now obsolete and has been reverted.
Review URL: https://codereview.chromium.org/1685183003
Cr-Commit-Position: refs/heads/master@{#33934}
The FastNewStrictArgumentsStub is very similar to the recently added
FastNewRestParameterStub, it's actually almost a copy of it, except that
it doesn't have the fast case we have for the empty rest parameter. This
patch improves strict arguments in TurboFan and fullcodegen by up to 10x
compared to the previous version.
Also introduce proper JSSloppyArgumentsObject and JSStrictArgumentsObject
for the in-object properties instead of having them as constants in the
Heap class.
Drive-by-fix: Use this stub and the FastNewRestParameterStub in the
interpreter to avoid the runtime call overhead for strict arguments
and rest parameter creation.
R=jarin@chromium.orgTBR=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1693513002
Cr-Commit-Position: refs/heads/master@{#33925}
Moves InterpreterAssembler out of the compiler directory and into the
interpreter directory. Makes InterpreterAssembler as subclass of
CodeStubAssembler.
As part of this change, the special bytecode dispatch linkage type
is removed and instead we use a InterfaceDispatchDescriptor and
a normal CodeStub linkage type.
Removes a bunch of duplicated logic in InterpreterAssembler and
instead uses the CodeStubAssembler logic. Refactors Interpreter
with these changes.
Modifies CodeStubAssembler to add the extra operations required
by the Interpreter (extra call types, raw memory access and some extra
binary ops). Also adds the ability for subclasses to add extra
prologue and epilogue operations around calls, which is required
for the Interpreter.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1673333004
Cr-Commit-Position: refs/heads/master@{#33873}
Reason for revert:
Possibly causing Mozilla test failures - will investigate.
Original issue's description:
> [turbofan] ARM: Improve AND instruction selection
>
> Improve instruction selector for mask and shift operations by using cheaper
> instructions where possible, in preference to UBFX.
>
> BUG=
>
> Committed: https://crrev.com/53d9c12977f07f55b6f2a72128b8d02c4c857845
> Cr-Commit-Position: refs/heads/master@{#33843}
TBR=bmeurer@chromium.org,jarin@chromium.org,danno@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1681953003
Cr-Commit-Position: refs/heads/master@{#33850}
Improve instruction selector for mask and shift operations by using cheaper
instructions where possible, in preference to UBFX.
BUG=
Review URL: https://codereview.chromium.org/1677023002
Cr-Commit-Position: refs/heads/master@{#33843}
This moves the JSCreate related functionality from JSTypedLowering into
a dedicated JSCreateLowering reducer. This is in preparation of landing
the support for optimized literals in TurboFan, which would blow up
JSTypedLowering quite seriously otherwise.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1678833002
Cr-Commit-Position: refs/heads/master@{#33813}
Replace the somewhat awkward RestParamAccessStub, which would always
call into the runtime anyway with a proper FastNewRestParameterStub,
which is basically based on the code that was already there for strict
arguments object materialization. But for rest parameters we could
optimize even further (leading to 8-10x improvements for functions with
rest parameters), by fixing the internal formal parameter count:
Every SharedFunctionInfo has a formal_parameter_count field, which
specifies the number of formal parameters, and is used to decide whether
we need to create an arguments adaptor frame when calling a function
(i.e. if there's a mismatch between the actual and expected parameters).
Previously the formal_parameter_count included the rest parameter, which
was sort of unfortunate, as that meant that calling a function with only
the non-rest parameters still required an arguments adaptor (plus some
other oddities). Now with this CL we fix, so that we do no longer
include the rest parameter in that count. Thereby checking for rest
parameters is very efficient, as we only need to check whether there is
an arguments adaptor frame, and if not create an empty array, otherwise
check whether the arguments adaptor frame has more parameters than
specified by the formal_parameter_count.
The FastNewRestParameterStub is written in a way that it can be directly
used by Ignition as well, and with some tweaks to the TurboFan backends
and the CodeStubAssembler, we should be able to rewrite it as
TurboFanCodeStub in the near future.
Drive-by-fix: Refactor and unify the CreateArgumentsType which was
different in TurboFan and Ignition; now we have a single enum class
which is used in both TurboFan and Ignition.
R=jarin@chromium.org, rmcilroy@chromium.orgTBR=rossberg@chromium.org
BUG=v8:2159
LOG=n
Review URL: https://codereview.chromium.org/1676883002
Cr-Commit-Position: refs/heads/master@{#33809}
Reason for revert:
Must revert for now due to chromium api natives issues.
Original issue's description:
> Type Feedback Vector lives in the closure
>
> (RELAND: the problem before was a missing write barrier for adding the code
> entry to the new closure. It's been addressed with a new macro instruction
> and test. The only change to this CL is the addition of two calls to
> __ RecordWriteCodeEntryField() in the platform CompileLazy builtin.)
>
> We get less "pollution" of type feedback if we have one vector per native
> context, rather than one for the whole system. This CL moves the vector
> appropriately.
>
> We rely more heavily on the Optimized Code Map in the SharedFunctionInfo. The
> vector actually lives in the first slot of the literals array (indeed there is
> great commonality between those arrays, they can be thought of as the same
> thing). So we make greater effort to ensure there is a valid literals array
> after compilation.
>
> This meant, for performance reasons, that we needed to extend
> FastNewClosureStub to support creating closures with literals. And ultimately,
> it drove us to move the optimized code map lookup out of FastNewClosureStub
> and into the compile lazy builtin.
>
> The heap change is trivial so I TBR Hannes for it...
> Also, Yang has had a look at the debugger changes already and approved 'em. So he is TBR style too.
> And Benedikt reviewed it as well.
>
> TBR=hpayer@chromium.org, yangguo@chromium.org, bmeurer@chromium.org
>
> BUG=
>
> Committed: https://crrev.com/bb31db3ad6de16f86a61f6c7bbfd3274e3d957b5
> Cr-Commit-Position: refs/heads/master@{#33741}
TBR=bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1670813005
Cr-Commit-Position: refs/heads/master@{#33766}
(RELAND: the problem before was a missing write barrier for adding the code
entry to the new closure. It's been addressed with a new macro instruction
and test. The only change to this CL is the addition of two calls to
__ RecordWriteCodeEntryField() in the platform CompileLazy builtin.)
We get less "pollution" of type feedback if we have one vector per native
context, rather than one for the whole system. This CL moves the vector
appropriately.
We rely more heavily on the Optimized Code Map in the SharedFunctionInfo. The
vector actually lives in the first slot of the literals array (indeed there is
great commonality between those arrays, they can be thought of as the same
thing). So we make greater effort to ensure there is a valid literals array
after compilation.
This meant, for performance reasons, that we needed to extend
FastNewClosureStub to support creating closures with literals. And ultimately,
it drove us to move the optimized code map lookup out of FastNewClosureStub
and into the compile lazy builtin.
The heap change is trivial so I TBR Hannes for it...
Also, Yang has had a look at the debugger changes already and approved 'em. So he is TBR style too.
And Benedikt reviewed it as well.
TBR=hpayer@chromium.org, yangguo@chromium.org, bmeurer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1668103002
Cr-Commit-Position: refs/heads/master@{#33741}
So far, we've been moving down gaps wholesale. This change moves
individual move operations instead. This improves some benchmarks,
and should overall reduce code size, because it improves the chance of
reducing the number of moves.
For example, there are improvements on x64 in Emscripten (Bullet, in
particular) , JetStream geomean, Embenchen (zlib).
In the process of making this change, I noticed we can separate the
tasks performed by the move optimizer, as follows:
- group gaps into 1
- push gaps down, jumping instructions (these 2 were together before)
- merge blocks (and then push gaps down)
- finalize
We can do without a finalization list. This avoids duplicating storage -
we already have the list of instructions; it also simplifies the logic, since,
with this change, we may process an instruction's gap twice.
Compile time doesn't regress much (see pathological cases), but we
may want to avoid the allocations of the few sets used in the new code.
I'll do that in a subsequent change.
BUG=
Review URL: https://codereview.chromium.org/1634093002
Cr-Commit-Position: refs/heads/master@{#33715}
Move all the code that deals with falling back to object creation via
stubs to JSGenericLowering, where we can already deal well with stub
calls. This includes JSCreateLiteralArray, JSCreateLiteralObject,
JSCreateClosure, JSCreateFunctionContext and JSCreateArray.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1653353002
Cr-Commit-Position: refs/heads/master@{#33682}
Avoid the hacking in JSIntrinsicLowering and provide a proper simplified
operator ObjectIsReceiver instead that is used to implement %_IsJSReceiver
which is used by our JavaScript builtins and the JSInliner.
R=jarin@chromium.org
BUG=v8:4544
LOG=n
Review URL: https://codereview.chromium.org/1657863004
Cr-Commit-Position: refs/heads/master@{#33675}
There's no point in having %_IsFunction as inline intrinsic, as it
is only used in non performance critical code, which is already full
of runtime calls anyway, so %IsFunction will do the trick as well.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1658123002
Cr-Commit-Position: refs/heads/master@{#33660}
This CL removes the Config templatization from the types. It is not
necessary anymore, after the HeapTypes have been removed.
The CL also changes the type hierarchy - the specific type kinds are
not inner classes of the Type class and they do not inherit from Type.
This is partly because it seems impossible to make this work without
templates. Instead, a new TypeBase class is introduced and all the
structural (i.e., non-bitset) types inherit from it.
The bitset type still requires the bit-munging hack and some nasty
reinterpret-casts to pretend bitsets are of type Type*. Additionally,
there is now the same hack for TypeBase - all pointers to the sub-types
of TypeBase are reinterpret-casted to Type*. This is to keep the type
constructors in inline method definitions (although it is unclear how
much that actually buys us).
In future, we would like to move to a model where we encapsulate Type*
into a class (or possibly use Type where we used to use Type*). This
would loosen the coupling between bitset size and pointer size, and
eventually we would be able to have more bits.
TBR=bradnelson@chromium.org
Review URL: https://codereview.chromium.org/1655833002
Cr-Commit-Position: refs/heads/master@{#33656}
Reason for revert:
problems on Mac64
Original issue's description:
> [turbofan] Add the StackSlot operator to turbofan.
>
> The StackSlot operator allows to allocate a spill slot on the stack. We
> are going to use this operator to pass floats through pointers to c
> functions, which we need for floating point rounding in the case where
> the architecture does not provide rounding instructions.
>
> R=titzer@chromium.org, v8-arm-ports@googlegroups.com, v8-ppc-ports@googlegroups.com, v8-mips-ports@googlegroups.com
>
> Committed: https://crrev.com/7a693437787090d62d937b862e29521debcc5223
> Cr-Commit-Position: refs/heads/master@{#33600}
TBR=titzer@chromium.org,v8-arm-ports@googlegroups.com,v8-mips-ports@googlegroups.com,v8-ppc-ports@googlegroups.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1644283002
Cr-Commit-Position: refs/heads/master@{#33601}
Reason for revert:
Bug: failing to use write barrier when writing code entry into closure.
Original issue's description:
> Reland of Type Feedback Vector lives in the closure
>
> (Fixed a bug found by nosnap builds.)
>
> We get less "pollution" of type feedback if we have one vector per native
> context, rather than one for the whole system. This CL moves the vector
> appropriately.
>
> We rely more heavily on the Optimized Code Map in the SharedFunctionInfo. The
> vector actually lives in the first slot of the literals array (indeed there is
> great commonality between those arrays, they can be thought of as the same
> thing). So we make greater effort to ensure there is a valid literals array
> after compilation.
>
> This meant, for performance reasons, that we needed to extend
> FastNewClosureStub to support creating closures with literals. And ultimately,
> it drove us to move the optimized code map lookup out of FastNewClosureStub
> and into the compile lazy builtin.
>
> The heap change is trivial so I TBR Hannes for it...
>
> TBR=hpayer@chromium.org
> BUG=
>
> Committed: https://crrev.com/d984b3b0ce91e55800f5323b4bb32a06f8a5aab1
> Cr-Commit-Position: refs/heads/master@{#33548}
TBR=bmeurer@chromium.org,yangguo@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1643533003
Cr-Commit-Position: refs/heads/master@{#33556}
(Fixed a bug found by nosnap builds.)
We get less "pollution" of type feedback if we have one vector per native
context, rather than one for the whole system. This CL moves the vector
appropriately.
We rely more heavily on the Optimized Code Map in the SharedFunctionInfo. The
vector actually lives in the first slot of the literals array (indeed there is
great commonality between those arrays, they can be thought of as the same
thing). So we make greater effort to ensure there is a valid literals array
after compilation.
This meant, for performance reasons, that we needed to extend
FastNewClosureStub to support creating closures with literals. And ultimately,
it drove us to move the optimized code map lookup out of FastNewClosureStub
and into the compile lazy builtin.
The heap change is trivial so I TBR Hannes for it...
TBR=hpayer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1642613002
Cr-Commit-Position: refs/heads/master@{#33548}
Introduces the concept of transfer direction to register operands. This
enables the register translator to emit exactly the moves that a
bytecode having it's register operands translated needs.
BUG=v8:4280,v8:4675
LOG=N
Review URL: https://codereview.chromium.org/1633153002
Cr-Commit-Position: refs/heads/master@{#33544}
Reason for revert:
FAilure on win32 bot, need to investigate webkit failures.
Original issue's description:
> Type Feedback Vector lives in the closure
>
> We get less "pollution" of type feedback if we have one vector per native
> context, rather than one for the whole system. This CL moves the vector
> appropriately.
>
> We rely more heavily on the Optimized Code Map in the SharedFunctionInfo. The
> vector actually lives in the first slot of the literals array (indeed there is
> great commonality between those arrays, they can be thought of as the same
> thing). So we make greater effort to ensure there is a valid literals array
> after compilation.
>
> This meant, for performance reasons, that we needed to extend
> FastNewClosureStub to support creating closures with literals. And ultimately,
> it drove us to move the optimized code map lookup out of FastNewClosureStub
> and into the compile lazy builtin.
>
> The heap change is trivial so I TBR Hannes for it...
>
> TBR=hpayer@chromium.org
>
> BUG=
>
> Committed: https://crrev.com/a5200f7ed4d11c6b882fa667da7a1864226544b4
> Cr-Commit-Position: refs/heads/master@{#33518}
TBR=bmeurer@chromium.org,akos.palfi@imgtec.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1632993003
Cr-Commit-Position: refs/heads/master@{#33520}
We get less "pollution" of type feedback if we have one vector per native
context, rather than one for the whole system. This CL moves the vector
appropriately.
We rely more heavily on the Optimized Code Map in the SharedFunctionInfo. The
vector actually lives in the first slot of the literals array (indeed there is
great commonality between those arrays, they can be thought of as the same
thing). So we make greater effort to ensure there is a valid literals array
after compilation.
This meant, for performance reasons, that we needed to extend
FastNewClosureStub to support creating closures with literals. And ultimately,
it drove us to move the optimized code map lookup out of FastNewClosureStub
and into the compile lazy builtin.
The heap change is trivial so I TBR Hannes for it...
TBR=hpayer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1563213002
Cr-Commit-Position: refs/heads/master@{#33518}
* Add caching to handling of dangling loads
* Add two unittests for load elimination on escaped objects
BUG=v8:4586
LOG=n
Review URL: https://codereview.chromium.org/1619103004
Cr-Commit-Position: refs/heads/master@{#33498}
moves, we move those to the node, and remove them from the
predecessors ("merge" them to the common node).
If only some of the moves are common, we don't do anything. This is
what this change addresses.
The bug linked below should be addressed by this change. The only
difference in codegen before/after the change that introduced the bug
was un-merged moves.
BUG=chromium:549262
LOG=N
Review URL: https://codereview.chromium.org/1527203002
Cr-Commit-Position: refs/heads/master@{#33481}
Change the interpreter to always store the current context in the frame's
context slot instead of the function context. This makes it possible to
restore the correct context during deopt.
BUG=v8:4678,v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1604923002
Cr-Commit-Position: refs/heads/master@{#33477}
* Treat Select nodes as escaping
* Correctly void virtual field information
after a store to a non-const index
* Add a shortcut if all allocates escape
* Add a shortcut if no allocates are discovered
* Only reduce FrameState/StateValues nodes if they
have virtual allocates as input (transitively)
* Fix bug in FrameState/StateValues duplication
* Add check to verifier: First 3 inputs of FrameState
must be StateValues
R=mstarzinger@chromium.org
BUG=v8:4586
LOG=n
Review URL: https://codereview.chromium.org/1583213003
Cr-Commit-Position: refs/heads/master@{#33406}
o Adds wide variants of bytecodes that have operands describing ranges
of registers. The upcoming wide register support does not suppport
re-mapping ranges.
o Adds kRegPair16 and kRegTriple16 operands required for new wide
bytecodes and renames Count8/Count16 operands to RegCount8/RegCount16.
o Removes Exchange bytecodes
BUG=v8:4675
LOG=NO
Review URL: https://codereview.chromium.org/1595103006
Cr-Commit-Position: refs/heads/master@{#33389}
Make ForInPrepare take a kRegTriple8 operand and ForInNext take kRegPair8
operand for cache state. This is to ensure that the cache state output of
ForInPrepare is in consecutive registers to allow us to deopt the
ForInPrepare node from TF->Ignition (to be done in a followup CL).
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1584813002
Cr-Commit-Position: refs/heads/master@{#33357}
This bug improves performance of escape analysis.
* A allocation discovery phase (EscapeAnalysis::AssignAliases)
ensures compact representation of virtual state
* Node revisiting in EscapeStatusAnalysis has been improved
* Escape analysis no longer requires a trimmed graph
BUG=v8:4586
LOG=n
Review URL: https://codereview.chromium.org/1559123003
Cr-Commit-Position: refs/heads/master@{#33267}
Adds support for calling runtime functions which return a pair of
values. Adds the bytecode CallRuntimePair. Also adds support to TurboFan
for calling stubs which return multiple values.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1568493002
Cr-Commit-Position: refs/heads/master@{#33181}
Deopt support is added on two levels. On the IR level,
a new ObjectState node is added, which represenents an
object to be materialized. ObjectState nodes appear as
inputs of FrameState and StateValues nodes. On the
instruction select/code-generation level, the
FrameStateDescriptor class handles the nesting
introduced by ObjectState, and ensures that deopt code
with CAPTURED_OBJECT/DUPLICATED_OBJECT entries are
generated similarly to what crankshaft's escape
analysis does.
Two unittests test correctness of the IR level implementation.
Correctness for instruction selection / code generation
is tested by mjsunit tests.
R=jarin@chromium.org,mstarzinger@chromium.org
BUG=v8:4586
LOG=n
Review URL: https://codereview.chromium.org/1485183002
Cr-Commit-Position: refs/heads/master@{#33115}
New bytecodes for making registers with indicies wider than 1-byte
accessible.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1555713002
Cr-Commit-Position: refs/heads/master@{#33091}
According to the ES2015 specification, bound functions are exotic
objects, and thus don't need to be implemented as JSFunctions. So
we introduce a new JSBoundFunction type to represent bound functions
and make them optimizable. This already improves the performance of
calling or constructing bound functions by 10-100x depending on the
use case because we avoid the crazy dance between JavaScript and C++
that was implemented in v8natives.js previously.
There's still room for improvement in the performance of actually
creating bound functions, which is also relevant in practice, but
we already have a plan how to accomplish that later.
The mips/mips64 ports were contributed by akos.palfi@imgtec.com.
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
BUG=chromium:535408, chromium:571299, v8:4629
LOG=n
Committed: https://crrev.com/ca8623eaa468cba65a5adafcdfb4615966f43ce2
Cr-Commit-Position: refs/heads/master@{#33042}
Review URL: https://codereview.chromium.org/1542963002
Cr-Commit-Position: refs/heads/master@{#33044}
Reason for revert:
Breaks arm64 sim nosnap: https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20nosnap%20-%20debug/builds/805/steps/Check/logs/function-bind
Original issue's description:
> [runtime] Introduce dedicated JSBoundFunction to represent bound functions.
>
> According to the ES2015 specification, bound functions are exotic
> objects, and thus don't need to be implemented as JSFunctions. So
> we introduce a new JSBoundFunction type to represent bound functions
> and make them optimizable. This already improves the performance of
> calling or constructing bound functions by 10-100x depending on the
> use case because we avoid the crazy dance between JavaScript and C++
> that was implemented in v8natives.js previously.
>
> There's still room for improvement in the performance of actually
> creating bound functions, which is also relevant in practice, but
> we already have a plan how to accomplish that later.
>
> The mips/mips64 ports were contributed by akos.palfi@imgtec.com.
>
> CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
> BUG=chromium:535408, chromium:571299, v8:4629
> LOG=n
>
> Committed: https://crrev.com/ca8623eaa468cba65a5adafcdfb4615966f43ce2
> Cr-Commit-Position: refs/heads/master@{#33042}
TBR=cbruni@chromium.org,hpayer@chromium.org,yangguo@chromium.org,akos.palfi@imgtec.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:535408, chromium:571299, v8:4629
Review URL: https://codereview.chromium.org/1552473002
Cr-Commit-Position: refs/heads/master@{#33043}
According to the ES2015 specification, bound functions are exotic
objects, and thus don't need to be implemented as JSFunctions. So
we introduce a new JSBoundFunction type to represent bound functions
and make them optimizable. This already improves the performance of
calling or constructing bound functions by 10-100x depending on the
use case because we avoid the crazy dance between JavaScript and C++
that was implemented in v8natives.js previously.
There's still room for improvement in the performance of actually
creating bound functions, which is also relevant in practice, but
we already have a plan how to accomplish that later.
The mips/mips64 ports were contributed by akos.palfi@imgtec.com.
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
BUG=chromium:535408, chromium:571299, v8:4629
LOG=n
Review URL: https://codereview.chromium.org/1542963002
Cr-Commit-Position: refs/heads/master@{#33042}
Move replacements out of virtual object. Replacements are
global to the graph and are not dependent on the virtual
state (after they are discovered).
R=mstarzinger@chromium.org
BUG=v8:4586
LOG=n
Review URL: https://codereview.chromium.org/1527533002
Cr-Commit-Position: refs/heads/master@{#32838}
Removes the dummy control and effect edges from the RMA Call nodes. This
requires a change to the node matchers to allow them to cope with nodes
which don't have control or effect matchers.
Review URL: https://codereview.chromium.org/1518673002
Cr-Commit-Position: refs/heads/master@{#32752}
Nowadays, representation inference and simplified lowering can insert the
right truncations based on the use.
Review URL: https://codereview.chromium.org/1512243002
Cr-Commit-Position: refs/heads/master@{#32747}
MachineType is now a class with two enum fields:
- MachineRepresentation
- MachineSemantic
Both enums are usable on their own, and this change switches some places from using MachineType to use just MachineRepresentation. Most notably:
- register allocator now uses just the representation.
- Phi and Select nodes only refer to representations.
Review URL: https://codereview.chromium.org/1513543003
Cr-Commit-Position: refs/heads/master@{#32738}
Extract ToBoolean hints from the fullcodegen code object and put them
into the ToBoolean nodes created by the AstGraphBuilder. We currently
do not yet consume this feedback, that will be done in a followup CL.
R=mstarzinger@chromium.org
BUG=v8:4583
LOG=n
Review URL: https://codereview.chromium.org/1494973002
Cr-Commit-Position: refs/heads/master@{#32576}
This moves the proper handling for the end node withing the constructed
graph into the RawMachineAssembler. This simplifies all assemblers and
makes the handling of {Start} and {End} symmetrical.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1493963003
Cr-Commit-Position: refs/heads/master@{#32563}
Also remove the ResultMode from ToBooleanStub and always return true or
false and use the same mechanism in fullcodegen. This is in preparation
for adding ToBoolean hints to TurboFan.
Drive-by-fix: We can use the power of the ToBooleanIC in TurboFan now
that the ResultMode is gone (and the runtime always returns true or
false from the miss handler).
R=mstarzinger@chromium.org
BUG=v8:4583
LOG=n
Review URL: https://codereview.chromium.org/1491223002
Cr-Commit-Position: refs/heads/master@{#32524}
We can constant fold %_IsJSReceiver(x) based on whether x is always a
receiver or can never be a receiver. This is important as
%_IsJSReceiver is inserted by the JSInliner.
R=jarin@chromium.org
BUG=v8:4544
LOG=n
Review URL: https://codereview.chromium.org/1486383003
Cr-Commit-Position: refs/heads/master@{#32519}
This is the first part of escape analysis for turbofan.
At the moment, there is no deopt support, and support
for loops is partial (only binary Phis are handled).
The CL includes 4 unittests.
There are also 8 new mjsunit tests, some of which are
skiped as they require features not yet implemented.
BUG=v8:4586
LOG=n
Review URL: https://codereview.chromium.org/1457683003
Cr-Commit-Position: refs/heads/master@{#32498}
Xori instruction can only have unisgned 16-bit immediates for right input,
as such it is not suitable for bit negation on mips.
TEST=unittests/InstructionSecetorTest.Word(32|64)XorMinusOneWithParameter
BUG=
Review URL: https://codereview.chromium.org/1485833003
Cr-Commit-Position: refs/heads/master@{#32478}
This is the initial support for binary operation hints on javascript
binary operators, i.e. JSAdd, JSSubtract and so on. The hints are
extracted from the fullcodegen code object before graph building and the
AstGraphBuilder puts those hints on the operators if available.
R=jarin@chromium.org
BUG=v8:4583
LOG=n
Review URL: https://codereview.chromium.org/1487973002
Cr-Commit-Position: refs/heads/master@{#32443}
an optomization to remove redundant cast operations.
1. Adds an optimization to remove redundant ToBoolean and ToName operations.
2. Adds implementation and tests for cast operatorts to bytecode graph builder.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1468003002
Cr-Commit-Position: refs/heads/master@{#32408}
Add initial support to optimize certain "prototype" loads from known
JSFunctions which have a prototype. This includes an appropriate typing
rule plus a matching rule for typed lowering.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1482213002
Cr-Commit-Position: refs/heads/master@{#32390}
Previously all contexts had a link to the global object, but what is
required in most cases (except for the global load, store and delete
case) is the native context.
This also removes the second dummy global object that was still linked
to every native context. We will add a different mechanism to ensure
that builtins do not pollute the actual global object during
bootstrapping.
Drive-by-fix: Unify some MacroAssembler magic and drop obsolete stuff.
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_rel
R=yangguo@chromium.org,mstarzinger@chromium.org
Committed: https://crrev.com/d290f204938295bfecc5c8e645ccfcff6e80ddb8
Cr-Commit-Position: refs/heads/master@{#32375}
Review URL: https://codereview.chromium.org/1480003002
Cr-Commit-Position: refs/heads/master@{#32381}
Reason for revert:
[Sheriff] Breaks:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap/builds/5472
Original issue's description:
> [runtime] Replace global object link with native context link in all contexts.
>
> Previously all contexts had a link to the global object, but what is
> required in most cases (except for the global load, store and delete
> case) is the native context.
>
> This also removes the second dummy global object that was still linked
> to every native context. We will add a different mechanism to ensure
> that builtins do not pollute the actual global object during
> bootstrapping.
>
> Drive-by-fix: Unify some MacroAssembler magic and drop obsolete stuff.
>
> R=yangguo@chromium.org
>
> Committed: https://crrev.com/d290f204938295bfecc5c8e645ccfcff6e80ddb8
> Cr-Commit-Position: refs/heads/master@{#32375}
TBR=yangguo@chromium.org,mstarzinger@chromium.org,bmeurer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1478303002
Cr-Commit-Position: refs/heads/master@{#32377}
Previously all contexts had a link to the global object, but what is
required in most cases (except for the global load, store and delete
case) is the native context.
This also removes the second dummy global object that was still linked
to every native context. We will add a different mechanism to ensure
that builtins do not pollute the actual global object during
bootstrapping.
Drive-by-fix: Unify some MacroAssembler magic and drop obsolete stuff.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1480003002
Cr-Commit-Position: refs/heads/master@{#32375}
Decouple the implicit ToObject for with statements from the actual
creation of the with context. This way we can handle/optimize those
constructs separately.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1481753003
Cr-Commit-Position: refs/heads/master@{#32341}
Removing bytecode graph builder tests as they are high maintenance and
have limited use, ie they track changes in the implementation rather
than behaviour.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1477783003
Cr-Commit-Position: refs/heads/master@{#32333}
Reason for revert:
This is also unsound for the reasons outlined in
https://codereview.chromium.org/1473073004/
Will reland the mjsunit test separately and help Fedor to implement a solution based on simplified operators.
Original issue's description:
> [machine-operator-reducer] fix float truncation
>
> Don't replace `TruncateFloat64ToInt32(RoundInt64ToFloat64(value))` with
> `value`. Generally, `value` may have a range bigger than the one that
> could fit into Int32. Replace it with `TruncateInt64ToInt32(value)`
> instead, and only if the `value` fits into Float64 without precision
> loss.
>
> Add missing mjsunit test for 52bit multiplication/division optimization
> that has landed in refs/heads/master@{#31899}.
>
> BUG=
> R=titzer@google.com
>
> Committed: https://crrev.com/64efa2a904773816968992628f0bf0f1b7ae82be
> Cr-Commit-Position: refs/heads/master@{#32227}
TBR=titzer@chromium.org,fedor@indutny.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1468313009
Cr-Commit-Position: refs/heads/master@{#32312}
Reason for revert:
Unsound use of types in the MachineOperatorReducer. Will work on a sound solution with Fedor.
Original issue's description:
> [compiler] merge binary-operator-reducer
>
> Merge BinaryOperatorReducer into the MachineOperatorReducer class.
> It does not need `Revisit()` calls, because the newly inserted nodes are
> visited anyway, and there are no other methods that need AdvancedReducer
> there.
>
> BUG=
> R=titzer@chromium.org
>
> Committed: https://crrev.com/993ba9d2529a6401b3040b9263f8d06db7dbb4f1
> Cr-Commit-Position: refs/heads/master@{#32298}
TBR=titzer@chromium.org,fedor@indutny.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1476763006
Cr-Commit-Position: refs/heads/master@{#32310}
Merge BinaryOperatorReducer into the MachineOperatorReducer class.
It does not need `Revisit()` calls, because the newly inserted nodes are
visited anyway, and there are no other methods that need AdvancedReducer
there.
BUG=
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1473073004
Cr-Commit-Position: refs/heads/master@{#32298}
Don't replace `TruncateFloat64ToInt32(RoundInt64ToFloat64(value))` with
`value`. Generally, `value` may have a range bigger than the one that
could fit into Int32. Replace it with `TruncateInt64ToInt32(value)`
instead, and only if the `value` fits into Float64 without precision
loss.
Add missing mjsunit test for 52bit multiplication/division optimization
that has landed in refs/heads/master@{#31899}.
BUG=
R=titzer@google.com
Review URL: https://codereview.chromium.org/1433353006
Cr-Commit-Position: refs/heads/master@{#32227}
Adds code and tests to support CreateClosure bytecode when building
graphs.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1458603012
Cr-Commit-Position: refs/heads/master@{#32224}
Change the runtime entries and their associated code stubs for object
and array literal creation to take the closure instead of the raw
literals pointer. This is way easier to deal with (and cleaner) in
TurboFan.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1469833005
Cr-Commit-Position: refs/heads/master@{#32220}
Put the constant parts of the CreateLiteralArray and CreateLiteralObject
operators into CreateLiteralParameters and properly use them everywhere.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1475613002
Cr-Commit-Position: refs/heads/master@{#32207}
* Adds a PrepareForTailCall instruction that bumps the stack in the case that
the number of parameters passed to the callee causes the stack to exceed the
calleer's frame size.
* Uses the gap resolver to move the saved caller return address and frame
pointer to the approprate location in the tail-called frame.
BUG=v8:4076
LOG=n
Review URL: https://codereview.chromium.org/1455833004
Cr-Commit-Position: refs/heads/master@{#32151}
Adds support for the New, CallRuntime and CallJSRuntime bytecodes in
BytecodeGraphBuilder. Also adds BuildLoadObjectField,
BuildLoadGlobalObject and BuildLoadNativeContextField helpers.
Landed on behalf of rmcilroy.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1456483002
Cr-Commit-Position: refs/heads/master@{#32136}
This adds an explicit parameter to the call descriptor having kind
kJSCallFunction representing the new.target value. Note that for now
this parameter is not yet passed in and hence cannot be used yet. Also
contains some refactoring of how parameter index value are calculated,
establishing Linkage as the central point for such index computations.
This is a preparatory CL to allows us passing new.target in a register
instead of via a side-channel through the construct stub frame.
R=bmeurer@chromium.org
BUG=v8:4544
LOG=n
Review URL: https://codereview.chromium.org/1461973002
Cr-Commit-Position: refs/heads/master@{#32112}
This fixes undefined behavior with the OpParameter helper in some of our
node matchers. There was a constness mismatch of the template parameter.
R=oth@chromium.org,mythria@chromium.org
Review URL: https://codereview.chromium.org/1453973004
Cr-Commit-Position: refs/heads/master@{#32087}
Adds support for the LdaGlobal and StaGlobal bytecodes to the
BytecodeGraphBuilder. Also fixes a bug in the context node's parameter
index and start node inputs.
Landed on behalf of rmcilroy.
TBR=bmeuer@chromium.org,mythria@chromium.org
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1449373002
Cr-Commit-Position: refs/heads/master@{#32049}
Adds support for visiting the Call bytecode to the bytecode graph builder.
This change also adds the call type feedback slot to the Call bytecode.
This is not currently used by the interpreter, but is used by the
graph builder.
Also adds a CallWide varient of the Call bytecode, and adds the kCount16
operand type.
Landed on behalf of rmcilroy.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1456453002
Cr-Commit-Position: refs/heads/master@{#32033}
Adds implementation and tests for following operators in bytecode graph builder:
-VisitLoadICSloppy
-VisitLoadICStrict
-VisitLoadICSloppyWide
-VisitLoadICStrictWide
The current implementation introduces empty frame states for frame state inputs expected by these operations.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1419373007
Cr-Commit-Position: refs/heads/master@{#32026}
* Limit triggering of tail calls to explicit use of a new inline runtime
function %_TailCall. %_TailCall works just like %_Call except for using
tail-calling mechanics (currently only in TF).
* Remove hack that recognized some specific usages of %_Call and converted them
into tail calls.
* Support tail calls for all calls where the number of callee stack parameters
is less than or equal to the number of caller stack parameters.
* Use the gap resolver to swizzle parameters and registers to tail calls.
BUG=v8:4076
LOG=n
Review URL: https://codereview.chromium.org/1439613003
Cr-Commit-Position: refs/heads/master@{#31987}
This makes sure that inlining a constructor call to a function which
cannot be used as a constructor (e.g. strong mode function) still does
throw correctly when the implicit receiver is created.
R=bmeurer@chromium.org
TEST=mjsunit/regress/regress-inline-strong-as-construct
BUG=v8:4544
LOG=n
Review URL: https://codereview.chromium.org/1447443002
Cr-Commit-Position: refs/heads/master@{#31982}
This is necessary to allow more optimizations to take place between
the representation inference and change lowering. Perhaps we want
to rename SimplifiedLowering -> RepresentationInference and
ChangeLowering -> SimplifiedLowering.
Review URL: https://codereview.chromium.org/1439473003
Cr-Commit-Position: refs/heads/master@{#31976}
This adds initial support for fast inline allocations of JSObject
instances. It currently has exactly the same limitations as Crankshaft.
R=mstarzinger@chromium.org
BUG=v8:4544
LOG=n
Review URL: https://codereview.chromium.org/1441573004
Cr-Commit-Position: refs/heads/master@{#31957}
This passes both, the actual constructor and the original constructor,
to nodes having the {JSCreate} operator. This is required for allocating
properly subclassed implicit receiver objects.
R=verwaest@chromium.org
BUG=v8:4544
LOG=n
Review URL: https://codereview.chromium.org/1434873004
Cr-Commit-Position: refs/heads/master@{#31955}
This implements a first version of support for constructor call inlining
in the inlining machinery. For now we can only inline calls where the
actual constructor and the original constructor coincide (i.e. no super
constructor calls). Note that the target of a super constructor call is
loaded with a runtime call, so there is no way for it to be constant
promoted at the moment.
R=bmeurer@chromium.org
BUG=v8:4544
LOG=n
Review URL: https://codereview.chromium.org/1435873002
Cr-Commit-Position: refs/heads/master@{#31954}
This patch extends the typed lowering with a specialized version of 'instanceof' that is used if the "class", i.e. the constructor function, is a known constant.
Unittests check that replacement occurs as intended. Functional correctness is ensured by extensive unit tests covering instanceof already in the testsuite.
TESTS=unittests/JSTypedLoweringTest.{JSInstanceOfSpecializationWithSmiCheck,JSInstanceOfSpecializationWithoutSmiCheck,JSInstanceOfNoSpecialization}
Review URL: https://codereview.chromium.org/1407413014
Cr-Commit-Position: refs/heads/master@{#31916}
Use compare-negate instruction if the right-hand input to a compare is a
negate operation.
BUG=
Review URL: https://codereview.chromium.org/1410123009
Cr-Commit-Position: refs/heads/master@{#31866}
TurboFan didn't fully support the relevant ES6 type conversion
intrinsics like %_ToNumber, %_ToLength, %_ToName, %_ToString and
%_ToInteger until now, we always went to the runtime instead. These
intrinsics are now well supported in TurboFan, and we are even able to
generate quite decent code in some cases.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1428243003
Cr-Commit-Position: refs/heads/master@{#31820}
This deprecates the ability of the raw machine assembler to utilize the
CallFunctionStub in preparation of the stub itself being deprecated. We
only used this to test instruction selection of calls to stubs that can
deoptimize, the test has been adapted.
R=verwaest@chromium.org
TEST=unittests/InstructionSelectorTest
Review URL: https://codereview.chromium.org/1408193006
Cr-Commit-Position: refs/heads/master@{#31799}
Use the Call builtin instead, which does the right thing(TM)
always, especially since the CallFunctionStub is going away.
R=jarin@chromium.org
BUG=v8:4413
LOG=n
Review URL: https://codereview.chromium.org/1410853007
Cr-Commit-Position: refs/heads/master@{#31794}
The callees are expected to properly set the number of actual
arguments passed to the callee, which is now represented correctly
in the TurboFan graphs by a new Parameter right before the context
Parameter. Currently this is only being used for outgoing calls.
Note that this requires disabling two of the TF code stub tests,
because of the JavaScript graphs are not automagically compatible
with abitrary (incoming) code stub interface descriptors. If we
want to support JS code stubs at all, then we need to find a sane
way to feed in this information.
Drive-by-fix: Don't insert a direct call to a classConstructor.
R=mstarzinger@chromium.org
BUG=v8:4413, v8:4428
LOG=n
Review URL: https://codereview.chromium.org/1410633006
Cr-Commit-Position: refs/heads/master@{#31789}
