- Fix recording sub types that have their own instance type
- Fix double accounting by keeping a shadow map for tracking recorded status
- Add recording of more fixed array sub types
BUG=hpayer@chromium.org
Review-Url: https://codereview.chromium.org/2147693004
Cr-Commit-Position: refs/heads/master@{#37768}
This removes the fallback path in question. Now the {AstNumbering} phase
is the only phase deciding whether Crankshaft is supposed to be disabled
or not. This in turn simplifies reasoning about the paths through the
compilation pipeline. We can decide early whether we want Ignition to
kick in depending on whether Crankshaft is enabled or not.
R=mvstanton@chromium.org,rmcilroy@chromium.org
Review-Url: https://codereview.chromium.org/2146573004
Cr-Commit-Position: refs/heads/master@{#37763}
Typed lowering now produces SpeculativeNumberShiftLeft for JSShiftLeft if the type feedback is kSignedSmall or kSigned32.
BUG=v8:4583
LOG=n
Review-Url: https://codereview.chromium.org/2150553002
Cr-Commit-Position: refs/heads/master@{#37762}
Reason for revert:
blink is unhappy about the microtask change
Original issue's description:
> Reland "Don't compile functions in a context the caller doesn't have access to"
>
> Original issue's description:
> > Don't compile functions in a context the caller doesn't have access to
> >
> > Instead just return undefined
> >
> > A side effect of this is that it's no longer possible to compile
> > functions in a detached context.
> >
> > BUG=chromium:541703
> > R=verwaest@chromium.org,bmeurer@chromium.org
>
> BUG=chromium:541703
> R=verwaest@chromium.org
>
> Committed: https://crrev.com/6bceabac5b705b2ce1f52d34650cea1ae3b8c617
> Cr-Commit-Position: refs/heads/master@{#37756}
TBR=verwaest@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:541703
Review-Url: https://codereview.chromium.org/2151843002
Cr-Commit-Position: refs/heads/master@{#37760}
Using the Hydrogen code stub bailout mechanism is not correct for the
string length overflow check in the StringAddStub. Instead make sure we
just throw the proper exception.
R=mstarzinger@chromium.org
BUG=chromium:627934
Review-Url: https://codereview.chromium.org/2146353002
Cr-Commit-Position: refs/heads/master@{#37758}
This adds a missing conversion of time zone names to string primitives
before case conversion and regular expression matching are applied.
This is in sync with ECMA-402, section 12.1.1.1, step 16(a).
R=jochen@chromium.org
TEST=mjsunit/regress/regress-crbug-627935
BUG=chromium:627935
Review-Url: https://codereview.chromium.org/2143003005
Cr-Commit-Position: refs/heads/master@{#37757}
Original issue's description:
> Don't compile functions in a context the caller doesn't have access to
>
> Instead just return undefined
>
> A side effect of this is that it's no longer possible to compile
> functions in a detached context.
>
> BUG=chromium:541703
> R=verwaest@chromium.org,bmeurer@chromium.org
BUG=chromium:541703
R=verwaest@chromium.org
Review-Url: https://codereview.chromium.org/2143893005
Cr-Commit-Position: refs/heads/master@{#37756}
This should avoid weird performance issues when changing layout of Code::flags field.
BUG=chromium:618701
Review-Url: https://codereview.chromium.org/2147433002
Cr-Commit-Position: refs/heads/master@{#37755}
Original commit message:
Also, CodeGenerator::MakeCodeEpilogue now accepts an optional pointer
to a EhFrameWriter and will attach unwinding information to the code
object when passed one.
Reason for reverting:
The STATIC_CONST_MEMBER_DEFINITION in eh-frame-writer-unittest.cc
causes a compiler error on V8 Win64 - clang buildbot.
Removing that bit.
BUG=v8:4899
LOG=N
Review-Url: https://codereview.chromium.org/2023503002
Cr-Commit-Position: refs/heads/master@{#37754}
This adds initial support for ToPrimitive in JavaScript w/o having to
call out to C++. This uses the newly introduced GetPropertyStub.
R=ishell@chromium.org
Review-Url: https://codereview.chromium.org/2152693002
Cr-Commit-Position: refs/heads/master@{#37753}
If --turbo-type-feedback is off, the type hints on the operators will
just be kAny, so we don't need to do additional checks in the
JSTypedLowering reducer.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2144203002
Cr-Commit-Position: refs/heads/master@{#37750}
Simulators use separate stacks for C++ and JS. JS stack overflow checks
are performed whenever a JS function is called. However, it can be the
case that the C++ stack grows faster than the JS stack, resulting in an
overflow there. Add a check here to make that less likely.
BUG=chromium:604376
R=bmeurer@chromium.org, yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2151663003
Cr-Commit-Position: refs/heads/master@{#37749}
This will be temporarily added to the V8 CQ in a follow up
to prevent win-specific gn breakages. It will be removed
once v8 has its own full gn coverage on windows.
BUG=chromium:474921
NOTRY=true
Review-Url: https://codereview.chromium.org/2144193002
Cr-Commit-Position: refs/heads/master@{#37747}
This fix was made to address a performance issue in
memory.long_running_idle_gmail_tbmv2, but it didn't improve things.
BUG=615831
Review-Url: https://codereview.chromium.org/2144183002
Cr-Commit-Position: refs/heads/master@{#37746}
Reason for revert:
Breaks the roll, possibly win gn:
https://codereview.chromium.org/2148863002/
Original issue's description:
> [interpreter] Reduce dependencies in bytecodes.{h,cc}
>
> This CL reduces the number of dependencies bytecodes.{h,cc} to facilitate
> generating the bytecode peephole optimizer table during build. Specifically,
> it avoids depending on v8_base.
>
> BUG=v8:4280
> LOG=N
>
> Committed: https://crrev.com/4edebb1cd870ae6c1359ad54f83e618e185883b1
> Cr-Commit-Position: refs/heads/master@{#37715}
TBR=mstarzinger@chromium.org,rmcilroy@chromium.org,oth@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4280
Review-Url: https://codereview.chromium.org/2151693003
Cr-Commit-Position: refs/heads/master@{#37743}
Currently the code example in the FunctionTemplate class documentation
is out of date. This commit updates the examples so they compile and run
without error.
BUG=
Review-Url: https://codereview.chromium.org/2127523003
Cr-Commit-Position: refs/heads/master@{#37741}
Rolling v8/build to 0942801bf0d49016e44591d3e47ad3f41ad2d8a4
Rolling v8/buildtools to 031420bbafaaa8c33e2bc0623c22fb6181a57f47
Rolling v8/tools/mb to 18b92420fb0cb4378c9496b966507842b99d56b5
Rolling v8/tools/swarming_client to 7f63a272f7d9785ce41b6d10bb3106c49a968e57
TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
Review-Url: https://codereview.chromium.org/2145303002
Cr-Commit-Position: refs/heads/master@{#37739}
port 574f6fe127 (r37701)
original commit message:
Previously, the following schedule fragment:
1: Parameter[0](0)
2: Parameter[1](0)
7: Int32Constant[1]
8: Int32Sub(2, 7)
9: Load[kRepTagged|kTypeAny](1, 8)
would generate the following code (on ia32):
mov eax,[ebp+0x8]
mov ecx,[ebp+0xc]
sub eax,0x1
mov eax,[eax+ecx*1]
Now it generates:
mov eax,[ebp+0x8]
mov ecx,[ebp+0xc]
mov eax,[eax+ecx*1-1]
Similar pattern matching also now works on x64.
BUG=
Review-Url: https://codereview.chromium.org/2151753002
Cr-Commit-Position: refs/heads/master@{#37738}
port fd420203ec (r37700)
original commit message:
Collect type feedback in the call bytecode handler. The current
implementation only collects feedback for JS function objects. The other
objects and Array functions do not collect any feedback. They will be
marked Megamorphic.
BUG=
Review-Url: https://codereview.chromium.org/2149493005
Cr-Commit-Position: refs/heads/master@{#37737}
Reason for revert:
Causes crashes on Canary
Original issue's description:
> Don't compile functions in a context the caller doesn't have access to
>
> Instead just return undefined
>
> A side effect of this is that it's no longer possible to compile
> functions in a detached context.
>
> BUG=chromium:541703
> R=verwaest@chromium.org,bmeurer@chromium.org
> CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng
>
> Committed: https://crrev.com/992e34c21635b179a993b82ac1d81753e7a6a57a
> Cr-Commit-Position: refs/heads/master@{#37657}
TBR=bmeurer@chromium.org,verwaest@chromium.org,jochen@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=chromium:541703, chromium:628053
Review-Url: https://codereview.chromium.org/2148163002
Cr-Commit-Position: refs/heads/master@{#37736}
The runtime JIT function is passed in the function table to hook up the compiled code and the starting address of the memory to locate the bytes to be compiled.
BUG=5044
Review-Url: https://codereview.chromium.org/2137993003
Cr-Commit-Position: refs/heads/master@{#37735}
The PrettyPrinter may have been valuable once, but with all the desugaring
now done in the parser the output is far from readable, and for some nodes
it's next-to-impossible to recreate the source from the AST. --print-ast is a
much more sensible place to look for human-readable info on what the parser did.
Review-Url: https://codereview.chromium.org/1974623002
Cr-Commit-Position: refs/heads/master@{#37730}
Reason for revert:
Correcting issue.
Original issue's description:
> Revert of Add errors for declarations which conflict with catch parameters. (patchset #6 id:100001 of https://codereview.chromium.org/2109733003/ )
>
> Reason for revert:
> Fuzzer claims `try { \"\" ; } catch(x) { let x1 = [1,,], x = x; }` causes a crash.
>
> Original issue's description:
> > Add errors for declarations which conflict with catch parameters.
> >
> > Catch parameters are largely treated as lexical declarations in the
> > block which contains their body for the purposes of early syntax errors,
> > with some exceptions outlined in B.3.5. This patch introduces most of
> > those errors, except those from `eval('for (var e of ...);')` inside of
> > a catch with a simple parameter named 'e'.
> >
> > Note that annex B.3.5 allows var declarations to conflict with simple
> > catch parameters, except when the variable declaration is the init of a
> > for-of statement.
> >
> > BUG=v8:5112,v8:4231
> >
> > Committed: https://crrev.com/2907c726b2bb5cf20b2bec639ca9e6a521585406
> > Cr-Commit-Position: refs/heads/master@{#37462}
>
> TBR=littledan@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:5112,v8:4231
>
> Committed: https://crrev.com/8834d5ecb559001c87c42322969471da60574a8c
> Cr-Commit-Position: refs/heads/master@{#37464}
R=littledan@chromium.org
BUG=v8:5112,v8:4231
Review-Url: https://codereview.chromium.org/2119933002
Cr-Commit-Position: refs/heads/master@{#37728}
* Rename Atomics.futexWait -> Atomics.wait
* Rename Atomics.futexWake -> Atomics.wake
* Remove Atomics.futexWakeOrRequeue
* Return value of Atomics.wait is now a string: "ok", "not-equal" or
"timed-out"
* Update comments that reference URL for ecmascript_sharedmem to
https://github.com/tc39/ecmascript_sharedmem
Review-Url: https://codereview.chromium.org/2143443002
Cr-Commit-Position: refs/heads/master@{#37727}
This runtime function in question can indirectly be fuzzed by the two
assertion methods "assertOptimized" and "assertUnoptimized" that our
test harness provides for the "mjsunit" test suite.
R=ishell@chromium.org
BUG=chromium:627841
Review-Url: https://codereview.chromium.org/2145993002
Cr-Commit-Position: refs/heads/master@{#37722}
This fixes the deoptimization information for the lazy bailout point
after a [[ToName]] operation inserted for object literals and class
literals. The result value was erroneously ignored.
R=jarin@chromium.org
TEST=mjsunit/regress/regress-crbug-627828
BUG=chromium:627828
Review-Url: https://codereview.chromium.org/2149493003
Cr-Commit-Position: refs/heads/master@{#37719}