Drive-by fix: the order of parameters in the BinaryOpWithFeedback TurboFan code stubs now reflects the convention of having the context at the end.
BUG=v8:5273
Review-Url: https://codereview.chromium.org/2263253002
Cr-Commit-Position: refs/heads/master@{#38832}
Changes the control flow builder classes to make use of the
BytecodeLabels helper class.
BUG=v8:4280
LOG=n
Review-Url: https://codereview.chromium.org/2254493002
Cr-Commit-Position: refs/heads/master@{#38744}
One more bytecode to pass info through to TurboFan.
BUG=v8:4280
LOG=n
Review-Url: https://codereview.chromium.org/2260473003
Cr-Commit-Position: refs/heads/master@{#38726}
Generates a JSCreateWithContext node for TurboFan to optimize.
BUG=v8:4280
LOG=n
Review-Url: https://codereview.chromium.org/2255793002
Cr-Commit-Position: refs/heads/master@{#38723}
Removes all accesses to the Isolate during bytecode generation and the
bytecode pipeline. Adds an DisallowIsolateAccessScope which is used to
enforce this invariant within the BytecodeGenerator.
BUG=v8:5203
Review-Url: https://codereview.chromium.org/2242193002
Cr-Commit-Position: refs/heads/master@{#38716}
Ensures SMI values have SMI type even if they have a dot (e.g., 1.0).
Adds SMI_WITH_DOT type to maintain this.
BUG=chromium:638134
Review-Url: https://codereview.chromium.org/2248693005
Cr-Commit-Position: refs/heads/master@{#38698}
Async functions are implemented via special generator functions; special in the
sense that they generally do not immediately yield. However, our generators
implementation still assumed that every generator function initially yields
(concretely: before doing the state dispatch in a loop header). This CL fixes
that.
R=littledan@chromium.org, rmcilroy@chromium.org
BUG=chromium:638019
Review-Url: https://codereview.chromium.org/2253033002
Cr-Commit-Position: refs/heads/master@{#38684}
The Smi case was updating the feedback with a bitwise AND instead of a bitwise OR. This was causing feedback that should have been 'kAny' to be erroneusly reported as 'kSignedSmall'.
R=rmcilroy@chromium.org
Review-Url: https://codereview.chromium.org/2251863004
Cr-Commit-Position: refs/heads/master@{#38682}
Allows us to create a corresponding TurboFan node, so TF can
optimize it.
BUG=v8:4280
LOG=n
Review-Url: https://codereview.chromium.org/2248633002
Cr-Commit-Position: refs/heads/master@{#38651}
Adds TestResultScope and uses it to directly jump/fall through to the
correct branch in expressions used as branch conditions.
Should enable nicer TurboFan-graphs for easier control-flow
transformations in the future.
BUG=v8:4280
LOG=n
Review-Url: https://codereview.chromium.org/2242463002
Cr-Commit-Position: refs/heads/master@{#38634}
This optimization required access to the heap which we can't do off-thread.
There doesn't seem to be a regression without this optmization in anycase,
so just rip it out.
BUG=v8:5203
Review-Url: https://codereview.chromium.org/2238853002
Cr-Commit-Position: refs/heads/master@{#38585}
In addition, make use of Variable::binding_needs_init() in addition to
VariableMode when deciding whether to do hole checking in variable assignment.
R=rmcilroy@chromium.org
Review-Url: https://codereview.chromium.org/2227203002
Cr-Commit-Position: refs/heads/master@{#38555}
Introduces code stubs to collect type feedback for the Add, Mul, Div and Mod operations in the interpreter, and modifies the BytecodeGraphBuilder to make use of it.
BUG=v8:5273
LOG=N
Review-Url: https://codereview.chromium.org/2224343002
Cr-Commit-Position: refs/heads/master@{#38543}
Avoids the always generated Star bytecodes after ObjectLiteral.
BUG=v4:4820
LOG=n
Review-Url: https://codereview.chromium.org/2216023003
Cr-Commit-Position: refs/heads/master@{#38480}
Previously, we would output \x5c to escape a backslash, but this is
invalid JSON and it would crash Turbolizer. Use \u005c instead.
BUG=
Review-Url: https://codereview.chromium.org/2224913002
Cr-Commit-Position: refs/heads/master@{#38479}
These were the final remnants of error code written in JavaScript.
BUG=
Review-Url: https://codereview.chromium.org/2222893002
Cr-Commit-Position: refs/heads/master@{#38475}
Assign feedback slots in the type feedback vector for binary operations.
Update bytecode-generator to use these slots and add them as an operand
to binary operations.
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/2209633002
Cr-Commit-Position: refs/heads/master@{#38408}
The old code was using VariableMode, but that signal is both
over-pessimistic (some CONST and LET variables need no hole-initialization)
and inconsistent with other uses of the InitializationFlag enum (such
as %LoadLookupSlot).
This changes no observable behavior, but removes unnecessary hole
initialization and hole checks in a few places, including
block-scoped function declarations, super property lookups,
and new.target.
R=bmeurer@chromium.org, neis@chromium.org
Review-Url: https://codereview.chromium.org/2201193004
Cr-Commit-Position: refs/heads/master@{#38395}
ForInPrepare checked whether the receiver object was null, undefined or
converted to a JSObject. This is already done by the generated bytecode.
BUG=v8:4820
LOG=n
Review-Url: https://codereview.chromium.org/2208043002
Cr-Commit-Position: refs/heads/master@{#38394}
Reason for revert:
[Sheriff] Fails on nosnap debug:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap%20-%20debug/builds/8403
Original issue's description:
> [Interpreter] Collect type feedback for 'new' in the bytecode handler
>
> Collect type feedback in the bytecode handler for 'new' bytecode. The
> earlier cl (https://codereview.chromium.org/2153433002/) was reverted
> because that implementation did not collect allocation site feedback.
> This regressed delta blue by an order of magnitude. This implementation
> includes collection of allocation site feedback.
>
> BUG=v8:4280, v8:4780
> LOG=N
>
> Committed: https://crrev.com/9d5e6129c4c7f9cbfe81a5fad2a470f219fe137c
> Cr-Commit-Position: refs/heads/master@{#38364}
TBR=bmeurer@chromium.org,rmcilroy@chromium.org,balazs.kilvady@imgtec.com,mythria@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4280, v8:4780
Review-Url: https://codereview.chromium.org/2212343002
Cr-Commit-Position: refs/heads/master@{#38368}
Changes ConstantPoolArrayBuilder to do object lookups using the location
of the handles, rather than dereferencing the handles and comparing the
objects. This also updates CanonicalHandleScope when internalizing AST
nodes to ensure that duplicate objects share the same handles and so are
only added to the constant pool once.
BUG=v8:5203
Review-Url: https://codereview.chromium.org/2204243003
Cr-Commit-Position: refs/heads/master@{#38366}
Collect type feedback in the bytecode handler for 'new' bytecode. The
earlier cl (https://codereview.chromium.org/2153433002/) was reverted
because that implementation did not collect allocation site feedback.
This regressed delta blue by an order of magnitude. This implementation
includes collection of allocation site feedback.
BUG=v8:4280, v8:4780
LOG=N
Review-Url: https://codereview.chromium.org/2190293003
Cr-Commit-Position: refs/heads/master@{#38364}
Add a new bytecode to create a function context. The handler inlines
FastNewFunctionContextStub.
BUG=v8:4280
LOG=n
Review-Url: https://codereview.chromium.org/2187523002
Cr-Commit-Position: refs/heads/master@{#38301}
This makes sure we are not inserting {OsrPoll} instructions for any
statements that are not actually loops and have no back edges. Without
back edges the {BytecodeGraphBuilder} is unable to deduce loop ranges
and hence cannot construct a graph for OSR entry.
R=neis@chromium.org
TEST=mjsunit/regress/regress-5252
BUG=v8:5252
Review-Url: https://codereview.chromium.org/2200733002
Cr-Commit-Position: refs/heads/master@{#38233}
This gets rid of the Star bytecodes that were always dispatched to from
ToObject.
ToObject now outputs to register instead of to the accumulator and
ForInPrepare gets the receiver object from an input register.
BUG=v8:4820
LOG=n
Review-Url: https://codereview.chromium.org/2189463006
Cr-Commit-Position: refs/heads/master@{#38177}
This CL introduces a new fast flat instantiations cache for the first 1024 object templates.
After that we fall back to the existing slower dictionary cache.
Drive-by-fix: de-handlify and clean up some code in api-natives.cc
BUG=chromium:630217
Review-Url: https://codereview.chromium.org/2170743003
Cr-Commit-Position: refs/heads/master@{#38146}
Remove TODO to perform same optimization as AstGraphBuilder.
When visiting for effect in a postfix count operation, don't
keep the intermediate result of ToNumber.
BUG=v4:4280
LOG=n
Review-Url: https://codereview.chromium.org/2187823002
Cr-Commit-Position: refs/heads/master@{#38101}
This slightly simplifies scope handling. It also makes it possible to
implement some potential future changes to classes purely in the parser
by adding additional code to the DoExpression.
This is a portion of https://codereview.chromium.org/2142333002/, which
probably isn't going through in full.
Review-Url: https://codereview.chromium.org/2176653003
Cr-Commit-Position: refs/heads/master@{#38035}
ToName was always generated with a subsequent Star, fuse them.
Requires a few changes in the peephole optimizer as ToName cannot be
elided as easily, but must be replaced by Star.
BUG=v8:4280
LOG=n
Review-Url: https://codereview.chromium.org/2169813002
Cr-Commit-Position: refs/heads/master@{#38019}
ToNumber's result is always directly stored to a register using a Star
bytecode. Fuse it into ToNumber.
BUG=v8:4280
LOG=n
Review-Url: https://codereview.chromium.org/2165953002
Cr-Commit-Position: refs/heads/master@{#37976}
Move VisitLiteral to decide what type of literal is being emitted by
checking the raw ASTValue type, instead of the internalized on-heap
value. This is required for concurrent bytecode generation.
As part of this change, the NUMBER AstValue constructor is modified to
try to convert numbers without a dot to SMIs where possible. This is to
maintain the behavior in NewNumber where such numbers are internalized as
SMIs, and ensures that we still emit LdaSmi bytecodes for these values
in the generated bytecode.
BUG=v8:5203
Review-Url: https://codereview.chromium.org/2152853002
Cr-Commit-Position: refs/heads/master@{#37931}
This removes a duplicate control scope. The visitor for ForOfStatement
nodes in the AST uses VisitIterationBody which pushes a separate control
scope. The number of control scopes will be off when we use them for
tracking loop depths.
R=rmcilroy@chromium.org
Review-Url: https://codereview.chromium.org/2164503005
Cr-Commit-Position: refs/heads/master@{#37930}
Reason for revert:
This cl causes a large regression in octane (https://chromeperf.appspot.com/group_report?bug_id=629503). I have to investigate the reason before I can reland this.
Original issue's description:
> [Interpreter] Collect type feedback for 'new' in the bytecode handler
>
> Collect type feedback in the bytecode handler for 'new' bytecode. The
> current implementation does not collect allocation site feedback.
>
> BUG=v8:4280, v8:4780
> LOG=N
>
> Committed: https://crrev.com/1eadc76419b323fb2e55ae9953142f801704aa59
> Cr-Commit-Position: refs/heads/master@{#37862}
TBR=rmcilroy@chromium.org,bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4280, v8:4780
Review-Url: https://codereview.chromium.org/2165633003
Cr-Commit-Position: refs/heads/master@{#37872}
Original issue's description:
> [interpeter] Move to table based peephole optimizer.
>
> Introduces a lookup table for peephole optimizations.
>
> Fixes some tests using BytecodePeepholeOptimizer::Write() that should
> have been update to use BytecodePeepholeOptimizer::WriteJump().
>
> BUG=v8:4280
> LOG=N
>
> Committed: https://crrev.com/f4234422b93b21a286b0f31799009bcbe8b90b9e
> Cr-Commit-Position: refs/heads/master@{#37819}
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/2164583002
Cr-Commit-Position: refs/heads/master@{#37866}
Collect type feedback in the bytecode handler for 'new' bytecode. The
current implementation does not collect allocation site feedback.
BUG=v8:4280, v8:4780
LOG=N
Review-Url: https://codereview.chromium.org/2153433002
Cr-Commit-Position: refs/heads/master@{#37862}
Reason for revert:
Break MIPS port.
Original issue's description:
> [interpeter] Move to table based peephole optimizer.
>
> Introduces a lookup table for peephole optimizations.
>
> Fixes some tests using BytecodePeepholeOptimizer::Write() that should
> have been update to use BytecodePeepholeOptimizer::WriteJump().
>
> BUG=v8:4280
> LOG=N
>
> Committed: https://crrev.com/f4234422b93b21a286b0f31799009bcbe8b90b9e
> Cr-Commit-Position: refs/heads/master@{#37819}
TBR=rmcilroy@chromium.org,machenbach@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4280
Review-Url: https://codereview.chromium.org/2161563002
Cr-Commit-Position: refs/heads/master@{#37821}
Introduces a lookup table for peephole optimizations.
Fixes some tests using BytecodePeepholeOptimizer::Write() that should
have been update to use BytecodePeepholeOptimizer::WriteJump().
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/2118183002
Cr-Commit-Position: refs/heads/master@{#37819}
Highlights:
- Record all imports and exports in the ModuleDescriptor.
- Remove ImportDeclaration; instead, introduce a new variable kind for imports.
- Set name on default exported anonymous functions.
Still to do: declaration of namespace imports.
BUG=v8:1569
Review-Url: https://codereview.chromium.org/2108193003
Cr-Commit-Position: refs/heads/master@{#37815}
Collect type feedback in the call bytecode handler. The current
implementation only collects feedback for JS function objects. The other
objects and Array functions do not collect any feedback. They will be
marked Megamorphic.
BUG=v8:4280, v8:4780
LOG=N
Review-Url: https://codereview.chromium.org/2122183002
Cr-Commit-Position: refs/heads/master@{#37700}
When reading the value property of an iterator result fails, we must not close the iterator.
This was not discovered earlier because the tests had a subtle bug.
This CL fixes both the desugaring and the tests.
BUG=
Review-Url: https://codereview.chromium.org/2119353002
Cr-Commit-Position: refs/heads/master@{#37571}
Introduces fused bytecodes for fusing LdaSmi followed by a binary op bytecode.
The chosen bytecodes are used frequently in Octane: AddSmi, SubSmi,
BitwiseOrSmi, BitwiseAndSmi, ShiftLeftSmi, ShiftRightSmi.
There are additional code stubs for these operations that are biased towards
both the left hand and right hand operands being Smis.
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/2111923002
Cr-Commit-Position: refs/heads/master@{#37531}
This patch implements "immutable prototype exotic objects" from the ECMAScript
spec, which are objects whose __proto__ cannot be changed, but are not otherwise
frozen. They are introduced in order to prevent a Proxy from being introduced
to the prototype chain of the global object.
The API is extended by a SetImmutablePrototype() call in ObjectTemplate, which
can be used to vend new immutable prototype objects. Additionally, Object.prototype
is an immutable prototype object.
In the implementation, a new bit is added to Maps to say whether the prototype is
immutable, which is read by SetPrototype. Map transitions to the immutable prototype
state are not saved in the transition tree because the main use case is just for
the prototype chain of the global object, which there will be only one of per
Context, so no need to take up the extra word for a pointer in each full transition
tree.
BUG=v8:5149
Review-Url: https://codereview.chromium.org/2108203002
Cr-Commit-Position: refs/heads/master@{#37482}
Introduce a new machine operator Float64Pow that for now is backed by
the existing MathPowStub to start the unification of Math.pow, and at
the same time address the main performance issue that TurboFan still has
with the imaging-darkroom benchmark in Kraken.
Also migrate the Math.pow builtin itself to a TurboFan builtin and
remove a few hundred lines of hand-written platform code for special
handling of the fullcodegen Math.pow version.
BUG=v8:3599,v8:5086,v8:5157
Review-Url: https://codereview.chromium.org/2103733003
Cr-Commit-Position: refs/heads/master@{#37323}
The global object can be loaded from the native context and the name can be loaded in the type feedback metadata.
BUG=chromium:576312
Review-Url: https://codereview.chromium.org/2096653003
Cr-Commit-Position: refs/heads/master@{#37278}
Adds support for intrinsics which can be called as stubs. Namely:
- HasProperty
- MathPow
- NewObject
- NumberToString
- RegExpConstructResult
- RegExpExec
- Substring
- ToString
- ToName
- ToLength
- ToNumber
- ToObject
Also adds interface descriptors for stub calls which have arguments
passed on the stack.
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/2051573002
Cr-Commit-Position: refs/heads/master@{#37185}
Adds back simple dead code elimination to the bytecode pipeline.
BUG=v8:4280,chromium:616064
Review-Url: https://codereview.chromium.org/2038083002
Cr-Commit-Position: refs/heads/master@{#37147}
Implements:
- WebAssembly object,
- WebAssembly.Module constructor,
- WebAssembly.Instance constructor,
- WebAssembly.compile async method,
- and Module and Instance instance objects.
Also, changes ErrorThrower to support capturing errors in a promise reject.
Since we cannot yet compile without fixing the Wasm memory, and cannot validate a module without compiling, the Module constructor and compile method don't do anything yet but checking that their argument is a suitable BufferSource. Instead of a compiled module, the hidden state of a Module object currently is just that buffer.
BUG=
Review-Url: https://codereview.chromium.org/2084573002
Cr-Commit-Position: refs/heads/master@{#37143}
This runtime function now also works for Ignition generators. It returns the
source position of the yield at which a suspended generator got suspended. This
works by storing the current bytecode offset at suspension and using an existing
mechanism to map it back to a source position.
TBR=littledan@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2079613003
Cr-Commit-Position: refs/heads/master@{#37140}
Make intrinsic ids a contiguous set of ids so that the switch statement can build
a table switch rather than doing a large if/else tree.
BUG=v8:4822
LOG=N
Review-Url: https://codereview.chromium.org/2084623002
Cr-Commit-Position: refs/heads/master@{#37135}
In commit b3bfc0bd58, I corrected the source
position of yield-exceptions by not setting the "return position" on returns
that correspond to yields. It turns out that this caused a bug with debug
stepping. The proper fix is to keep the return position on those returns but
additionally attach the yield's source position to the Throw emitted in
VisitYield.
R=rmcilroy@chromium.org, yangguo@chromium.org
BUG=v8:4907
Review-Url: https://codereview.chromium.org/2051783002
Cr-Commit-Position: refs/heads/master@{#36896}
With this change the bytecode array builder only emits expression
positions for bytecodes that can throw. This allows more peephole
optimization opportunities and results in smaller code.
BUG=v8:4280,chromium:615979
LOG=N
Review-Url: https://codereview.chromium.org/2038323002
Cr-Commit-Position: refs/heads/master@{#36863}
The optimization stages in the bytecode generation pipeline must
preserve source position information. Failure to preserve
source position information could result in single stepping
in the debugger misbehaving or mis-reporting in exception stack traces.
This change adds tests intended to check optimizations do not damage
source position info.
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/2042633002
Cr-Commit-Position: refs/heads/master@{#36855}
This allows using icu data, bundled in the icudtl.dat file,
to be loaded automatically from a default location
side-by-side with the executable.
The v8 stand-alone default is still to use statically
linked ICU data, but this will be switched in a separate
follow-up CL.
BUG=chromium:616033
LOG=y
Review-Url: https://codereview.chromium.org/2042253002
Cr-Commit-Position: refs/heads/master@{#36823}
This reverts commit d3a43e47dd.
This patch also adds typed_array_fun and typed_array_protoype to the
native context. These are used in InstallTypedArray to set up the
prototype chain correctly for each typed array sub class. This removes
the need to later monkey patch them prototype chain in typedarray.js.
This mechanism is also used to get hold of the TypedArray in
typedarray.js, removing the need for a global TypedArray.
This patch updates CallRuntime.golden to account for the two extra
native runtime calls. This patch also fixes some formatting issues (by
running git cl format).
BUG=chromium:579905, chromium:593634, v8:4085, v8:5073
Review-Url: https://codereview.chromium.org/2046333002
Cr-Commit-Position: refs/heads/master@{#36811}
This change requires a single pass over the register set during
bytecode pipeline flushes.
A few bytecode tests are updated too because the order of register
flushes is different.
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/2033013002
Cr-Commit-Position: refs/heads/master@{#36726}
This moves processing of jumps out of bytecode array builder and into
bytecode array writer. This simplifies the pipeline by avoiding having
to flush for offset and patch up offsets in bytecode array builder based
on what was emitted by the bytecode array writer.
This also enables future refactorings to add dead code elimination back
into the pipeline, and move processing of scalable operand sizes to the
end of the pipeline (in the bytecode array writer) rather than having to
deal with scalable operand types throughout pipeline.
BUG=v8:4280,chromium:616064
Review-Url: https://codereview.chromium.org/2035813002
Cr-Commit-Position: refs/heads/master@{#36716}
Add intrinsics for IsSmi, IsTypedArray, IsRegExp and IsJSProxy,
all of which are intrinsics in Full-Codegen.
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/2034493002
Cr-Commit-Position: refs/heads/master@{#36707}
Eliminating dead code in the bytecode array builder doesn't play nice
with the register elimination optimizer. We should move it to it's own
stage in the optimization pipeline, however doing so would require
refactoring of how we deal with jumps, so for now just remove the dead
code elimination optimization.
BUG=chromium:616064
Review-Url: https://codereview.chromium.org/2030583002
Cr-Commit-Position: refs/heads/master@{#36660}
Async functions are built out of generators, but the
SharedFunctionInfo returns false for is_generator. is_resumable is
the broader query. This patch fixes many parts of V8 to refer
to is_resumable as appropriate.
One incidental change is to remove a check for generators extending
classes. This is part of a general check for constructors being the
only thing which can extend classes, so it is removed here and the
error message for the general case is made more accurate.
BUG=v8:4483
Review-Url: https://codereview.chromium.org/1996943002
Cr-Commit-Position: refs/heads/master@{#36621}
These builtins always call into C++ anyways and so there's no point in
having the JavaScript wrapper around them, but instead they can be
implemented as C++ builtins directly.
R=franzih@chromium.org
BUG=v8:5049
Review-Url: https://codereview.chromium.org/2018983002
Cr-Commit-Position: refs/heads/master@{#36569}
One of the top runtime calls in many workloads is Runtime_Call. Add an
intrinsic for the interpreter to inline this runtime call.
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/2019433003
Cr-Commit-Position: refs/heads/master@{#36565}
We get less "pollution" of type feedback if we have one vector per native
context, rather than one for the whole system. This CL moves the vector
appropriately.
BUG=
Review-Url: https://codereview.chromium.org/1906823002
Cr-Commit-Position: refs/heads/master@{#36539}
This change introduces five fused bytecodes for common bytecode
sequences on popular websites. These are LdrNamedProperty,
LdrKeyedProperty, LdrGlobal, LdrContextSlot, and LdrUndefined. These
load values into a destination register operand instead of the
accumulator. They are emitted by the peephole optimizer.
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/1985753002
Cr-Commit-Position: refs/heads/master@{#36507}
The original peephole optimizer logic in the BytecodeArrayBuilder did
not respect source positions as it was written before there were
bytecode source positions. This led to some minor differences to
FCG and was problematic when combined with pending bytecode
optimizations. This change makes the new peephole optimizer fully
respect source positions.
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/1998203002
Cr-Commit-Position: refs/heads/master@{#36439}
Also change parser to insert %_GeneratorClose instead of %GeneratorClose.
Full-codegen generators will fall back to the runtime function.
BUG=v8:4907
Review-Url: https://codereview.chromium.org/1993073003
Cr-Commit-Position: refs/heads/master@{#36401}
When setting a generator function's "prototype" property to a non-object, the
prototype of new generator instances should be %GeneratorPrototype%, not
%ObjectPrototype%.
R=verwaest@chromium.org
BUG=v8:5011
Review-Url: https://codereview.chromium.org/1982203003
Cr-Commit-Position: refs/heads/master@{#36313}
Makes LogicalNot bytecode not do the ToBoolean operation, and add support in the
peephole optimizer to choose between the appropriate bytecode depending upon
whether the previous bytecode emitted a boolean or not.
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/1985033002
Cr-Commit-Position: refs/heads/master@{#36295}
There's a script for finding them (tools/check-unused-bailouts.sh), but make
sure you don't have an old .bailout-reason.h.swp or such around when using it...
R=mstarzinger@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/1986173004
Cr-Commit-Position: refs/heads/master@{#36287}
This adds back the instanceof operator support in the backends and
introduces a @@hasInstance protector cell on the isolate that guards the
fast path for the InstanceOfStub. This way we recover the ~10%
regression on Octane EarleyBoyer in Crankshaft and greatly improve
TurboFan and Ignition performance of instanceof.
R=ishell@chromium.orgTBR=hpayer@chromium.org,rossberg@chromium.org
BUG=chromium:597249, v8:4447
LOG=n
Review-Url: https://codereview.chromium.org/1980483003
Cr-Commit-Position: refs/heads/master@{#36275}
This reverts commit 41d571dfe8.
Reason for revert: This patch breaks the correctness of the typedarray
properties such as length, byteOffset, byteLength.
The accessor check optimization code is dead code eliminated. A follow
up patch will fix this optimization correctly.
BUG=chromium:593634
Review-Url: https://codereview.chromium.org/1977983002
Cr-Commit-Position: refs/heads/master@{#36254}
This change introduces a pipeline for the final stages of
bytecode generation.
The peephole optimizer is made distinct from the BytecodeArrayBuilder.
A new BytecodeArrayWriter is responsible for writing bytecode. It
also keeps track of the maximum register seen and offers a potentially
smaller frame size.
R=rmcilroy@chromium.org
LOG=N
BUG=v8:4280
Review-Url: https://codereview.chromium.org/1947403002
Cr-Commit-Position: refs/heads/master@{#36220}
Prints source position information alongside bytecode.
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/1963663002
Cr-Commit-Position: refs/heads/master@{#36171}
By now the runtime entry function in question is a duplicate of the
existing Runtime_ToFastProperties function. This just gets rid of the
duplication.
R=bmeurer@chromium.org
Review-Url: https://codereview.chromium.org/1963973003
Cr-Commit-Position: refs/heads/master@{#36161}
This patch installs %TypedArray% and its prototype on the native
context, and wires them up to each TypedArray subclass. This is later
used to check the holder of length, byteLength and byteOffset is
%Typedarray% and apply the appropriate optimizations.
BUG=chromium:593634
LOG=Y
Review-Url: https://codereview.chromium.org/1949863002
Cr-Commit-Position: refs/heads/master@{#36116}
We sometimes used to continue by jumping _back_ to the condition check at the
top of the loop. After my recent generator-related changes, that check is no
longer at the loop header, so a continue could create an additional loop. In
order to avoid this, we now always set the continue target to be the first
instruction following the loop body.
BUG=
Review-Url: https://codereview.chromium.org/1943383003
Cr-Commit-Position: refs/heads/master@{#36029}
Adapts FastCloneShallowObjectStub to enable it to be used by the
CreateObjectLiteral bytecode.
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/1922523002
Cr-Commit-Position: refs/heads/master@{#35909}
These checks ensure that a TypeError is thrown, per spec, rather than
a runtime assert failure.
BUG=v8:4964
R=adamk
LOG=Y
Review-Url: https://codereview.chromium.org/1929123002
Cr-Commit-Position: refs/heads/master@{#35885}
This is necessary to eventually build a turbofan graph.
BUG=v8:4907
LOG=n
Review URL: https://codereview.chromium.org/1901713003
Cr-Commit-Position: refs/heads/master@{#35820}
Use the FastNewSloppyArgumentsStub in the interpreter when function doesn't have
duplicate parameters.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1909903003
Cr-Commit-Position: refs/heads/master@{#35754}
Adds IncStub and DecStub TurboFan code stubs and hooks them up to the
interpreter's Inc and Dec bytecodes (which are used for count
operations, e.g. i++).
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1901083002
Cr-Commit-Position: refs/heads/master@{#35720}
The new bytecodes replace two runtime functions. They are still unsupported by the bytecode graphbuilder, though.
BUG=v8:4907
LOG=n
Review URL: https://codereview.chromium.org/1904933002
Cr-Commit-Position: refs/heads/master@{#35716}
The feature was deprecated in M49 and flagged off in M50.
This patch removes it entirely from the codebase.
Review URL: https://codereview.chromium.org/1909433003
Cr-Commit-Position: refs/heads/master@{#35714}
Now that all 'const' declarations are of the ES2015 variety, the only
use of CONST_LEGACY is for function name bindings in sloppy mode
named function expressions.
This patch aims to delete all code meant to handle other cases, which
mostly had to do with hole initialization/hole checks. Since function
name bindings are initialized at entry to a function, it's impossible
to ever observe one in an uninitialized state.
To simplify the patch further, it removes the `IMPORT` VariableMode,
as it's not likely to be needed (IMPORT is identical to CONST for
the purpose of VariableMode).
Review URL: https://codereview.chromium.org/1895973002
Cr-Commit-Position: refs/heads/master@{#35632}
Removes the register file machine register from the interpreter and
replaces it will loads from the parent frame pointer. As part of this
change the raw operand values for register values changes to enable the
interpreter to keep using the operand value as the offset from the
parent frame pointer.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1894063002
Cr-Commit-Position: refs/heads/master@{#35618}
Reason for revert:
performance impact
Original issue's description:
> Correctly annotate eval origin.
>
> There were a couple of issues with it:
> - interpreter is not supported
> - the source position was just accidentally correct for full-codegen
> - the eval origin could have been cached
>
> Also fixes a few other places to use AbstractCode.
>
> R=mstarzinger@chromium.org
>
> Committed: https://crrev.com/2f3a171adc9e620c2235bf0562145b9d4eaba66d
> Cr-Commit-Position: refs/heads/master@{#35257}
>
> Committed: https://crrev.com/ad4e8a27963b704bb70ec8bac0991c57296b1d16
> Cr-Commit-Position: refs/heads/master@{#35481}
TBR=mstarzinger@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1888013002
Cr-Commit-Position: refs/heads/master@{#35491}
There were a couple of issues with it:
- interpreter is not supported
- the source position was just accidentally correct for full-codegen
- the eval origin could have been cached
Also fixes a few other places to use AbstractCode.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1854713002
Cr-Commit-Position: refs/heads/master@{#35257}
When seeing a rest pattern, we used to get the remaining elements from the
iterator by calling %concat_iterable_to_array on it. This was wrong because it
caused an observable [[Get]] for @@iterator (which the iterator may not even
provide).
This CL gets rid of the call to %concat_iterable_to_array and does the iteration
manually in a simple while-loop. It also gets rid of %concat_iterable_to_array
itself because there aren't any other uses of it.
BUG=v8:4759
LOG=n
R=adamk@chromium.org
Review URL: https://codereview.chromium.org/1852703002
Cr-Commit-Position: refs/heads/master@{#35251}
The parser uses a try-catch in order to record when the client of an iterator
throws. The exception then used to get rethrown via 'throw', which
unfortunately resulted in the original exception message object getting
overwritten.
This CL solves this as follows:
- add a clear_pending_message flag to TryCatchStatement (set to true in normal
cases),
- set clear_pending_message to false for the TryCatchStatement used in iterator
finalization
- change full-codegen, turbofan, and the interpreter to emit the ClearPendingMessage call
only when the flag is set,
- replace 'throw' with '%ReThrow' in the iterator finalization code, thus
reusing the (not-cleared) pending message
R=littledan@chromium.org, mstarzinger@chromium.org, yangguo@chromium.org
BUG=v8:4875
LOG=n
Review URL: https://codereview.chromium.org/1842953003
Cr-Commit-Position: refs/heads/master@{#35226}
Improves code coverage of bytecode array builder and constant
array builder.
Fixes initial index for constant pool slice for kQuad operands.
BUG=v8:4280,chromium:599000
LOG=N
TBR=rmcilroy@chromium.org
Review URL: https://codereview.chromium.org/1845313002
Cr-Commit-Position: refs/heads/master@{#35201}
We expect that the majority of malloc'd memory held by V8 is allocated
in Zone objects. Introduce an Allocator class that is used by Zones to
manage memory, and allows for querying the current usage.
BUG=none
R=titzer@chromium.org,bmeurer@chromium.org,jarin@chromium.org
LOG=n
TBR=rossberg@chromium.org
Review URL: https://codereview.chromium.org/1847543002
Cr-Commit-Position: refs/heads/master@{#35196}
A bug in error printing meant that we failed to do proper type checks
before calling into C++ code, which could lead to RUNTIME_ASSERT
failures if methods are called on alternative receivers. This patch
adds the right type checks.
BUG=chromium:596718
LOG=Y
R=adamk
Review URL: https://codereview.chromium.org/1831053003
Cr-Commit-Position: refs/heads/master@{#35069}
This patch implements ES2015 RegExp subclassing semantics, namely the
hardest part where RegExp.prototype.exec and certain flag getters can
be overridden in order to provide different behavior. This change is
hidden behind a new flag, --harmony-regexp-exec. The flag guards the
behavior by installing entirely different implementations of the
methods which follow the new semantics.
Preliminary performance tests show a 3-4x regression in the Octane
RegExp benchmark. The new code doesn't call out into several fast
paths that the old code supported, so this is expected.
The patch is tested mostly by test262, where most RegExp tests are fixed,
with the exception of deliberate spec violations for web compatibility,
and for the 'sticky' flag, which is not dynamically read by this patch
in all cases but rather statically compiled into the RegExp. The latter
will require a follow-on patch to implement. A small additional set of
tests verifies one particular case, mostly to check whether the flag
mechanism works.
R=adamk,yangguo@chromium.org
LOG=Y
BUG=v8:4602
Review URL: https://codereview.chromium.org/1596483005
Cr-Commit-Position: refs/heads/master@{#35068}
Makes --ignition cause eager compilation if we aren't building the startup
snapshot.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1811553003
Cr-Commit-Position: refs/heads/master@{#35066}
Reason for revert:
Makes nosnap bots timeout due to having to rebuild bytecode handlers.
Original issue's description:
> [Interpreter] Remove separate Ignition snapshot.
>
> Removes the seperate Ignition snapshot and build the Ignition bytecode
> handlers in the default snapshot.
>
> BUG=v8:4280
> LOG=N
>
> Committed: https://crrev.com/1798f3fe84faff32ba44e09f6aed79245dd98d80
> Cr-Commit-Position: refs/heads/master@{#35058}
TBR=machenbach@google.com,yangguo@chromium.org,mstarzinger@chromium.org,machenbach@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4280
Review URL: https://codereview.chromium.org/1827143002
Cr-Commit-Position: refs/heads/master@{#35059}
Removes the seperate Ignition snapshot and build the Ignition bytecode
handlers in the default snapshot.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1833643002
Cr-Commit-Position: refs/heads/master@{#35058}
Now that ES2015 const has shipped, in Chrome 49, legacy const declarations
are no more. This lets us remove a bunch of code from many parts of the
codebase.
In this patch, I remove parser support for generating legacy const variables
from const declarations. This also removes the special "illegal declaration"
bit from Scope, which has ripples into all compiler backends.
Also gone are any tests which relied on legacy const declarations.
Note that we do still generate a Variable in mode CONST_LEGACY in one case:
function name bindings in sloppy mode. The likely fix there is to add a new
Variable::Kind for this case and handle it appropriately for stores in each
backend, but I leave that for a later patch to make this one completely
subtractive.
Review URL: https://codereview.chromium.org/1819123002
Cr-Commit-Position: refs/heads/master@{#35002}
Introduces a bytecode whose handler executes the equivalent of %_IsArray and %_IsJSReceiver without a runtime call.
BUG=v8:4822
LOG=y
Review URL: https://codereview.chromium.org/1645763003
Cr-Commit-Position: refs/heads/master@{#34983}
This change introduces wide prefix bytecodes to support wide (16-bit)
and extra-wide (32-bit) operands. It retires the previous
wide-bytecodes and reduces the number of operand types.
Operands are now either scalable or fixed size. Scalable operands
increase in width when a bytecode is prefixed with wide or extra-wide.
The bytecode handler table is extended to 256*3 entries. The
first 256 entries are used for bytecodes with 8-bit operands,
the second 256 entries are used for bytecodes with operands that
scale to 16-bits, and the third group of 256 entries are used for
bytecodes with operands that scale to 32-bits.
LOG=N
BUG=v8:4747,v8:4280
Review URL: https://codereview.chromium.org/1783483002
Cr-Commit-Position: refs/heads/master@{#34955}
The way desugared instanceof called OrdinaryHasInstance if the lookup of
@@hasInstance failed was incorrect.
BUG=v8:4774
LOG=N
Review URL: https://codereview.chromium.org/1812793002
Cr-Commit-Position: refs/heads/master@{#34855}
We need to pop the context to correct level on return as well. This was incorrectly
removed in this cl: https://codereview.chromium.org/1768123002/. For example
when we have a try-catch-finally block and catch does a return, the return
does not happen immediately. It should execute finally block before it
returns. Return statement should pop the context to the correct level as
expected by finally block.
BUG=594369,v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1796893002
Cr-Commit-Position: refs/heads/master@{#34822}
This part of Scope has existed since V8's initial check in, but from what
I can tell it's not required to implement "with". The only tests that
depend upon it are tests of the debugger and the Scope mirrors, but the
resulting test behavior after removing the bit still seems perfectly
reasonable to me. In fact, with the included fix for scope name collection,
the scope mirror is actually improved with this change.
As a bi-product, this fixes the attached bug, about the contains_with
bit having inconsistent values in some arrow function compilation
scenarios.
BUG=chromium:592353
LOG=n
CQ_INCLUDE_TRYBOTS=tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1804783002
Cr-Commit-Position: refs/heads/master@{#34802}
We must close the iterator whenever the destructuring didn't exhaust it, unless an iterator operation (eg. next) threw. We do this by wrapping the iterator use in a try-catch-finally similar to the desugaring of for-of.
This is behind --harmony-iterator-close.
R=adamk@chromium.org
BUG=v8:3566
LOG=Y
Review URL: https://codereview.chromium.org/1772793002
Cr-Commit-Position: refs/heads/master@{#34654}
The current implementation does not consider the case when the context of
the control scope and the current context differ. It is possible that they are
different in some cases for example: with statements. This cl fixes this.
BUG=v8:4280,v8:4680
LOG=N
Review URL: https://codereview.chromium.org/1768123002
Cr-Commit-Position: refs/heads/master@{#34609}
This mechanism was used to ensure that functions ended up as constants on the map of prototypes defined using object literals, e.g.,:
function.prototype = {
method: function() { ... }
}
Nowadays we treat prototypes specially, and make all their functions constants when an object turns prototype. Hence this special custom code isn't necessary anymore.
This also affects boilerplates that do not become prototypes. Their functions will not be constants but fields instead. Calling their methods will slow down. However, multiple instances of the same boilerplate will stay monomorphic. We'll have to see what the impact is for such objects, but preliminary benchmarks do not show this as an important regression.
BUG=chromium:593008
LOG=n
Review URL: https://codereview.chromium.org/1772423002
Cr-Commit-Position: refs/heads/master@{#34602}
TestNotEqualsStrict is converted to a TestEqualsStrict and logical not
by the parser. Also, CompareIC does not have an implementation for
TestNotEqualsStrict. Hence, removing this bytecode.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1768593002
Cr-Commit-Position: refs/heads/master@{#34527}
Similar to fullcodegen, Ignition now also marks a for-in statement as
slow (via the TypeFeedbackVector) when we have to call %ForInFilter,
i.e. we either have no enumeration cache or the receiver map changes
during an iteration of the for-in map.
R=mstarzinger@chromium.org
BUG=v8:3650
LOG=n
Review URL: https://codereview.chromium.org/1755563002
Cr-Commit-Position: refs/heads/master@{#34391}
Runtime errors will be suppressed in --rebaseline mode, unless the
--verbose flag is passed.
The reasoning behind (rebaseline && !verbose) and not just (verbose)
is to suppress harmless noise while updating the expectation for
existing, known good snippets, without hiding actually relevant
errors when the tool is used to write new expectation files.
In fact, some tests are supposed to produce a runtime error, which
might nevertheless alarm a developer who is just --rebaseline'ing.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1742723003
Cr-Commit-Position: refs/heads/master@{#34385}
When operating in --rebaseline mode, each of the files will be updated.
In --raw-js mode, all the expectations will be written to the same file.
In default mode no more than one input file is accepted.
On POSIX systems, --rebaseline will autodiscover golden files when run
from the project root and no input file is provided.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1737623002
Cr-Commit-Position: refs/heads/master@{#34324}
We don't need to compare the result of ToObject against null, since
ToObject will always yield a proper receiver (or throw a TypeError).
R=rmcilroy@chromium.org
Review URL: https://codereview.chromium.org/1736233002
Cr-Commit-Position: refs/heads/master@{#34318}
Bytecode expectations have been moved to external (.golden) files,
one per test. Each test in the suite builds a representation of the
the compiled bytecode using BytecodeExpectationsPrinter. The output is
then compared to the golden file. If the comparision fails, a textual
diff can be used to identify the discrepancies.
Only the test snippets are left in the cc file, which also allows to
make it more compact and meaningful. Leaving the snippets in the cc
file was a deliberate choice to allow keeping the "truth" about the
tests in the cc file, which will rarely change, as opposed to golden
files.
Golden files can be generated and kept up to date using
generate-bytecode-expectations, which also means that the test suite
can be batch updated whenever the bytecode or golden format changes.
The golden format has been slightly amended (no more comments about
`void*`, add size of the bytecode array) following the consideration
made while converting the tests.
There is also a fix: BytecodeExpectationsPrinter::top_level_ was left
uninitialized, leading to undefined behaviour.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1717293002
Cr-Commit-Position: refs/heads/master@{#34285}
Reason for revert:
It is not a good idea to call CallICStub from the builtin. It might be sensitive to the frame structure. Constructing a internal frame might cause problems. It is much better to inline the code related to the type feedback vector into the builtin.
Original issue's description:
> [Interpreter] Implements calls through CallICStub in the interpreter.
>
> Calls are implemented through CallICStub to collect type feedback. Adds
> a new builtin called InterpreterPushArgsAndCallIC that pushes the
> arguments onto stack and calls CallICStub.
>
> Also adds two new bytecodes CallIC and CallICWide to indicate calls have to
> go through CallICStub.
>
> MIPS port contributed by balazs.kilvady.
>
> BUG=v8:4280, v8:4680
> LOG=N
>
> Committed: https://crrev.com/20362a2214c11a0f2ea5141b6a79e09458939cec
> Cr-Commit-Position: refs/heads/master@{#34244}
TBR=rmcilroy@chromium.org,mvstanton@chromium.org,mstarzinger@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4280, v8:4680
Review URL: https://codereview.chromium.org/1731253003
Cr-Commit-Position: refs/heads/master@{#34252}
Calls are implemented through CallICStub to collect type feedback. Adds
a new builtin called InterpreterPushArgsAndCallIC that pushes the
arguments onto stack and calls CallICStub.
Also adds two new bytecodes CallIC and CallICWide to indicate calls have to
go through CallICStub.
MIPS port contributed by balazs.kilvady.
BUG=v8:4280, v8:4680
LOG=N
Review URL: https://codereview.chromium.org/1688283003
Cr-Commit-Position: refs/heads/master@{#34244}
The first operand to the CallRuntime class of bytecodes is the
ID of the runtime function being called. Before this commit
the ID was printed as plain uint16_t, now we get something like:
B(CallRuntime) U16(Runtime::Add) ...
This change is intended to make both the golden files more
resistant to modifications of the i::Runtime::FunctionId enum
and the output of generate-bytecode-expectations more readable.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1723223002
Cr-Commit-Position: refs/heads/master@{#34224}
--pool-type=int and double have now been merged into number.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1717633002
Cr-Commit-Position: refs/heads/master@{#34164}
FLAG_legacy_const and FLAG_harmony_do_expressions can now be toggled
both through the command line and through the option header.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1716793002
Cr-Commit-Position: refs/heads/master@{#34160}
A few options and features have been added to the tool:
* an output file might be specified using --output=file.name
* a shortcut when the output file is also the input, which is handy
when fixing golden files, --rebaseline.
* the input snippet might be optionally not wrapped in a top function,
or not executed after compilation (--no-wrap and --no-execute).
* the name of the wrapper can be configured using --wrapper-name=foo
The same options can be configured via setters on the usual
BytecodeExpectationsPrinter.
The output file now includes all the relevant flags to reproduce it
when running again through the tool (usually with --rebaseline).
In particular, when running in --rebaseline mode, options from the
file header will override options specified in the command line.
A couple of other fixes and improvements:
* description of the handlers is now emitted (closing the TODO).
* the snippet is now correctly unquoted when double quotes are used.
* special registers (closure, context etc.) are now emitted as such,
instead of displaying their numeric value.
* the tool can now process top level code as well.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1698403002
Cr-Commit-Position: refs/heads/master@{#34152}
Implements iterator finalisation by desugaring for-of loops with an additional try-finally wrapper. See comment in parser.cc for details.
Also improved some AST printing facilities while there.
@Ross, I had to disable the bytecode generation test for for-of, because it got completely out of hand after this change (the new bytecode has 150+ lines). See the TODO that I assigned to you.
Patch set 1 is WIP patch by Georg (http://crrev.com/1695583003), patch set 2 relative changes.
@Georg, FYI, I changed the following:
- Moved try-finally out of the loop body, for performance, and in order to be able to handle `continue` correctly.
- Fixed scope management in ParseForStatement, which was the cause for the variable allocation failure.
- Fixed pre-existing zone initialisation bug in rewriter, which caused the crashes.
- Enabled all tests, adjusted a few others, added a couple more.
BUG=v8:2214
LOG=Y
Review URL: https://codereview.chromium.org/1695393003
Cr-Commit-Position: refs/heads/master@{#34111}
This CL introduces two new bytecodes TailCall and TailCallWide.
BUG=v8:4698,v8:4687
LOG=N
Review URL: https://codereview.chromium.org/1698273003
Cr-Commit-Position: refs/heads/master@{#34083}
Now the tool produces a far more readable output format, which bears a
lot of resemblance to YAML. In fact, the output should be machine
parseable as such, one document per testcase. However, the output format
may be subject to changes in future, so don't rely on this property.
In general, the output format has been optimized for producing a meaningful
textual diff, while keeping a decent readability as well. Therefore, not
everything is as compact as it could be, e.g. for an empty const pool we get:
constant pool: [
]
instead of:
constant pool: []
Also, trailing commas are always inserted in lists.
Additionally, now the tool accepts its output format as input. When
operating in this mode, all the snippets are extracted, processed and
the output is then emitted as usual. If nothing has changed, the output
should match the input. This is very useful for catching bugs in the
bytecode generation by running a textual diff against a known-good file.
The core (namely bytecode-expectations.cc) has been extracted from the
original cc file, which provides the utility as usual. The definitions
in the matching header of the library have been moved into the
v8::internal::interpreter namespace.
The library exposes a class ExpectationPrinter, with a method
PrintExpectation, which takes a test snippet as input, and writes the
formatted expectation to the supplied stream. One might then use a
std::stringstream to retrieve the results as a string and run it through
a diff utility.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1688383003
Cr-Commit-Position: refs/heads/master@{#33997}
Adds support for ES6 super keyword and performing loads, stores, and
calls to super class members.
Implements SetHomeObject and enables ThisFunctionVariable.
BUG=v8:4280,v8:4682
LOG=N
Review URL: https://codereview.chromium.org/1689573004
Cr-Commit-Position: refs/heads/master@{#33977}
Apparently, this BytecodeArrayIterator method was missed during the
previous refactor. No other (collateral) change was done.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1691433002
Cr-Commit-Position: refs/heads/master@{#33909}
This replaces the bytecode in question with a runtime call within the
bytecode stream. The tradeoff is to safe one bytecode opcode for more
expensive encoding of lookup slot deletion.
R=rmcilroy@chromium.org
Review URL: https://codereview.chromium.org/1690913002
Cr-Commit-Position: refs/heads/master@{#33907}
This is a follow-up to https://crrev.com/1671863002, adding the
capability to print the contents of the constant pool. The expected
type of the pool is taken from command line, and it's either:
* string/int/double: assume all constants have the specified type.
This way, we can emit a meaningful representation, e.g. a quoted
string for type string and so on. All the constants in the pool must
have the same type, otherwise one or more CHECK() will fail and the
program will eventually crash.
* mixed: print the InstanceType tag instead of the actual value.
This is the choice for those tests where the type of the constants in
the pool is not uniform, however only a type tag is printed, not the
actual value of the entries. SMIs are an exception, since they do not
have an InstanceType tag, so kInstanceTypeDontCare is printed instead.
In addition to that, functions Print{ExpectedSnippet,BytecodeSequence}
have been extracted with no functional change. It's just for improving
readability, since the code is becoming quite long.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1686963002
Cr-Commit-Position: refs/heads/master@{#33888}
Add dedicated %LoadLookupSlot, %LoadLookupSlotInsideTypeof,
%LoadLookupSlotForCall, %StoreLookupSlot_Sloppy and
%StoreLookupSlot_Strict runtime entry points and use them
appropriately in the various compilers. This way we can
finally drop the machine operators from the JS graph level
completely in TurboFan.
Also drop the funky JSLoadDynamic operator from TurboFan,
which was by now just a small wrapper around the runtime
call to %LoadLookupSlot.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1683103002
Cr-Commit-Position: refs/heads/master@{#33880}
The previous implementation used GetRawOperand(), which allows a nicely
unified handling of all scalar types, but returns an unsigned type.
Because of this, generate-bytecode-expectations couldn't properly handle
negative numbers.
This commit differentiate between different types of scalar operands and
uses the appropriate getter from i::interpreter::BytecodeArrayIterator,
thus correctly handling signed types where needed.
Two new helpers have been added to i::interpreter::Bytecodes:
* IsImmediateOperandType()
* IsIndexOperandType()
with the intuitive semantic.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1684113002
Cr-Commit-Position: refs/heads/master@{#33874}
generate-bytecode-expectations is a tool intended to work together
with test/cctest/test-bytecode-generator.cc in order to produce a
meaningful diff between testcases and the actual bytecode being emitted.
It does so by parsing and compiling Javascript to bytecode,
constructing the same data structure in the testcase and then running a
textual diff between the expected (i.e. the one encoded in the unit test)
and actual (i.e. the one built from the compiler output) representation.
This commit is a first step in this direction, achieving just the first
half of what we desire. At the moment, bytecodechecker can:
* take a code snippet from the command line and emit the expected structure.
* adhere to the same formatting rules of the test cases
(this one is important for text diff and for copy and pasting too)
Still to do:
* parse unit tests:
+ extract code snippets
+ indent the code to match the input test case
+ allow flexibility in the input format
+ try to recognize and work around some macro magic (i.e. REPEAT_127)
* emit the representation of the constant pool and handlers vector
* run a textual diff
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1671863002
Cr-Commit-Position: refs/heads/master@{#33863}
This allows us to remove the somewhat awkward BuildLoadObjectField
from the BytecodeGraphBuilder and also allows us to simplify the
bytecode stream for class literals.
R=oth@chromium.org
Review URL: https://codereview.chromium.org/1678103002
Cr-Commit-Position: refs/heads/master@{#33820}
Adds implementation and tests to support const/let variables in the
interpreter.
BUG=v8:4280,v8:4679
LOG=N
Review URL: https://codereview.chromium.org/1634153002
Cr-Commit-Position: refs/heads/master@{#33819}
Replace the somewhat awkward RestParamAccessStub, which would always
call into the runtime anyway with a proper FastNewRestParameterStub,
which is basically based on the code that was already there for strict
arguments object materialization. But for rest parameters we could
optimize even further (leading to 8-10x improvements for functions with
rest parameters), by fixing the internal formal parameter count:
Every SharedFunctionInfo has a formal_parameter_count field, which
specifies the number of formal parameters, and is used to decide whether
we need to create an arguments adaptor frame when calling a function
(i.e. if there's a mismatch between the actual and expected parameters).
Previously the formal_parameter_count included the rest parameter, which
was sort of unfortunate, as that meant that calling a function with only
the non-rest parameters still required an arguments adaptor (plus some
other oddities). Now with this CL we fix, so that we do no longer
include the rest parameter in that count. Thereby checking for rest
parameters is very efficient, as we only need to check whether there is
an arguments adaptor frame, and if not create an empty array, otherwise
check whether the arguments adaptor frame has more parameters than
specified by the formal_parameter_count.
The FastNewRestParameterStub is written in a way that it can be directly
used by Ignition as well, and with some tweaks to the TurboFan backends
and the CodeStubAssembler, we should be able to rewrite it as
TurboFanCodeStub in the near future.
Drive-by-fix: Refactor and unify the CreateArgumentsType which was
different in TurboFan and Ignition; now we have a single enum class
which is used in both TurboFan and Ignition.
R=jarin@chromium.org, rmcilroy@chromium.orgTBR=rossberg@chromium.org
BUG=v8:2159
LOG=n
Review URL: https://codereview.chromium.org/1676883002
Cr-Commit-Position: refs/heads/master@{#33809}
Reason for revert:
Must revert for now due to chromium api natives issues.
Original issue's description:
> Type Feedback Vector lives in the closure
>
> (RELAND: the problem before was a missing write barrier for adding the code
> entry to the new closure. It's been addressed with a new macro instruction
> and test. The only change to this CL is the addition of two calls to
> __ RecordWriteCodeEntryField() in the platform CompileLazy builtin.)
>
> We get less "pollution" of type feedback if we have one vector per native
> context, rather than one for the whole system. This CL moves the vector
> appropriately.
>
> We rely more heavily on the Optimized Code Map in the SharedFunctionInfo. The
> vector actually lives in the first slot of the literals array (indeed there is
> great commonality between those arrays, they can be thought of as the same
> thing). So we make greater effort to ensure there is a valid literals array
> after compilation.
>
> This meant, for performance reasons, that we needed to extend
> FastNewClosureStub to support creating closures with literals. And ultimately,
> it drove us to move the optimized code map lookup out of FastNewClosureStub
> and into the compile lazy builtin.
>
> The heap change is trivial so I TBR Hannes for it...
> Also, Yang has had a look at the debugger changes already and approved 'em. So he is TBR style too.
> And Benedikt reviewed it as well.
>
> TBR=hpayer@chromium.org, yangguo@chromium.org, bmeurer@chromium.org
>
> BUG=
>
> Committed: https://crrev.com/bb31db3ad6de16f86a61f6c7bbfd3274e3d957b5
> Cr-Commit-Position: refs/heads/master@{#33741}
TBR=bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1670813005
Cr-Commit-Position: refs/heads/master@{#33766}
Adds a new runtime function, %DefineDataPropertyInLiteral, which
takes a fifth argument specifying whether the property and value
are syntactically such that the value is a function (or class)
literal that should have its name set at runtime.
The new runtime call also allows us to eliminate the now-redundant
%DefineClassMethod runtime function.
This should get much less ugly once we can desugar the "dynamic"
part of object literals in the parser (but that work is currently
blocked on having a performant way of desugaring literals).
BUG=v8:3699, v8:3761
LOG=n
Review URL: https://codereview.chromium.org/1626423003
Cr-Commit-Position: refs/heads/master@{#33756}
(RELAND: the problem before was a missing write barrier for adding the code
entry to the new closure. It's been addressed with a new macro instruction
and test. The only change to this CL is the addition of two calls to
__ RecordWriteCodeEntryField() in the platform CompileLazy builtin.)
We get less "pollution" of type feedback if we have one vector per native
context, rather than one for the whole system. This CL moves the vector
appropriately.
We rely more heavily on the Optimized Code Map in the SharedFunctionInfo. The
vector actually lives in the first slot of the literals array (indeed there is
great commonality between those arrays, they can be thought of as the same
thing). So we make greater effort to ensure there is a valid literals array
after compilation.
This meant, for performance reasons, that we needed to extend
FastNewClosureStub to support creating closures with literals. And ultimately,
it drove us to move the optimized code map lookup out of FastNewClosureStub
and into the compile lazy builtin.
The heap change is trivial so I TBR Hannes for it...
Also, Yang has had a look at the debugger changes already and approved 'em. So he is TBR style too.
And Benedikt reviewed it as well.
TBR=hpayer@chromium.org, yangguo@chromium.org, bmeurer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1668103002
Cr-Commit-Position: refs/heads/master@{#33741}
This implements proper context switching while unwinding the stack due
to an exception being handled in interpreted code. The context under
which the handler is scoped is being preserved in a dedicated register
while the try-block is running. Both, the stack unwinding machinery as
well as the graph builder, restore the context from that register.
R=rmcilroy@chromium.org,bmeurer@chromium.org
BUG=v8:4674
LOG=n
Review URL: https://codereview.chromium.org/1665833002
Cr-Commit-Position: refs/heads/master@{#33733}
Moves the stack check from the function entry trampoline to instead be
after function activation using an explicit StackCheck bytecode. Also
add stack checks on back edges of loops.
BUG=v8:4280,v8:4678
LOG=N
Review URL: https://codereview.chromium.org/1665853002
Cr-Commit-Position: refs/heads/master@{#33730}
Unifies the meaning of kRegCount8 and kRegCount16 across bytecodes.
Call and CallJSRuntime had a slightly different use of the register
count operand. From this change forth, register count operands are
always based off of the previous register operand.
BUG=v8:4280,v8:4675
LOG=N
Review URL: https://codereview.chromium.org/1659023002
Cr-Commit-Position: refs/heads/master@{#33707}
Adds implementation and tests for with statement to interprter.
BUG=v8:4280,v8:4684
LOG=N
Review URL: https://codereview.chromium.org/1656863002
Cr-Commit-Position: refs/heads/master@{#33705}
This clears the currently pending message object whenever a try-block or
a finally-block is being entered in interpreted code. The intention is
to avoid memory leaks introduced by the message object. Also the message
object is being restored when a finally-block exits.
R=rmcilroy@chromium.org
TEST=cctest/test-heap/MessageObjectLeak
BUG=v8:4674
LOG=n
Review URL: https://codereview.chromium.org/1651993002
Cr-Commit-Position: refs/heads/master@{#33704}
Moves the temporary register allocator out of the bytecode array
builder into TemporaryRegisterAllocator class and adds unittests.
Particular must be taken around the translation window boundary
motivating the addition of tests.
Also adds a Clear() method to IdentityMap() which is called by
the destructor. This allows classes to hold an IdentityMap if
they are zone allocated. Classes must call Clear() before the zone
is re-cycled or face v8 heap corruption.
BUG=v8:4280,v8:4675
LOG=N
Review URL: https://codereview.chromium.org/1651133002
Cr-Commit-Position: refs/heads/master@{#33686}
String wrappers (new String("foo")) are special objects: their string
characters are accessed like elements, and they also have an elements
backing store. This used to require a bunch of explicit checks like:
if (obj->IsJSValue() && JSValue::cast(obj)->value()->IsString()) {
/* Handle string characters */
}
// Handle regular elements (for string wrappers and other objects)
obj->GetElementsAccessor()->Whatever(...);
This CL introduces new ElementsKinds for string wrapper objects (one for
fast elements, one for dictionary elements), which allow folding the
special-casing into new StringWrapperElementsAccessors.
No observable change in behavior is intended.
Review URL: https://codereview.chromium.org/1612323003
Cr-Commit-Position: refs/heads/master@{#33616}
This translates the exception handler table attached to a bytecode array
correctly into exceptional projections within the TurboFan graph. We
perform an abstract simulation of handlers that are being entered and
exited by the bytecode iteration to track the correct handler for each
node.
R=oth@chromium.org
BUG=v8:4674
LOG=n
Review URL: https://codereview.chromium.org/1641723002
Cr-Commit-Position: refs/heads/master@{#33580}
Reason for revert:
Bug: failing to use write barrier when writing code entry into closure.
Original issue's description:
> Reland of Type Feedback Vector lives in the closure
>
> (Fixed a bug found by nosnap builds.)
>
> We get less "pollution" of type feedback if we have one vector per native
> context, rather than one for the whole system. This CL moves the vector
> appropriately.
>
> We rely more heavily on the Optimized Code Map in the SharedFunctionInfo. The
> vector actually lives in the first slot of the literals array (indeed there is
> great commonality between those arrays, they can be thought of as the same
> thing). So we make greater effort to ensure there is a valid literals array
> after compilation.
>
> This meant, for performance reasons, that we needed to extend
> FastNewClosureStub to support creating closures with literals. And ultimately,
> it drove us to move the optimized code map lookup out of FastNewClosureStub
> and into the compile lazy builtin.
>
> The heap change is trivial so I TBR Hannes for it...
>
> TBR=hpayer@chromium.org
> BUG=
>
> Committed: https://crrev.com/d984b3b0ce91e55800f5323b4bb32a06f8a5aab1
> Cr-Commit-Position: refs/heads/master@{#33548}
TBR=bmeurer@chromium.org,yangguo@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1643533003
Cr-Commit-Position: refs/heads/master@{#33556}
(Fixed a bug found by nosnap builds.)
We get less "pollution" of type feedback if we have one vector per native
context, rather than one for the whole system. This CL moves the vector
appropriately.
We rely more heavily on the Optimized Code Map in the SharedFunctionInfo. The
vector actually lives in the first slot of the literals array (indeed there is
great commonality between those arrays, they can be thought of as the same
thing). So we make greater effort to ensure there is a valid literals array
after compilation.
This meant, for performance reasons, that we needed to extend
FastNewClosureStub to support creating closures with literals. And ultimately,
it drove us to move the optimized code map lookup out of FastNewClosureStub
and into the compile lazy builtin.
The heap change is trivial so I TBR Hannes for it...
TBR=hpayer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1642613002
Cr-Commit-Position: refs/heads/master@{#33548}
Introduces the concept of transfer direction to register operands. This
enables the register translator to emit exactly the moves that a
bytecode having it's register operands translated needs.
BUG=v8:4280,v8:4675
LOG=N
Review URL: https://codereview.chromium.org/1633153002
Cr-Commit-Position: refs/heads/master@{#33544}
Reason for revert:
FAilure on win32 bot, need to investigate webkit failures.
Original issue's description:
> Type Feedback Vector lives in the closure
>
> We get less "pollution" of type feedback if we have one vector per native
> context, rather than one for the whole system. This CL moves the vector
> appropriately.
>
> We rely more heavily on the Optimized Code Map in the SharedFunctionInfo. The
> vector actually lives in the first slot of the literals array (indeed there is
> great commonality between those arrays, they can be thought of as the same
> thing). So we make greater effort to ensure there is a valid literals array
> after compilation.
>
> This meant, for performance reasons, that we needed to extend
> FastNewClosureStub to support creating closures with literals. And ultimately,
> it drove us to move the optimized code map lookup out of FastNewClosureStub
> and into the compile lazy builtin.
>
> The heap change is trivial so I TBR Hannes for it...
>
> TBR=hpayer@chromium.org
>
> BUG=
>
> Committed: https://crrev.com/a5200f7ed4d11c6b882fa667da7a1864226544b4
> Cr-Commit-Position: refs/heads/master@{#33518}
TBR=bmeurer@chromium.org,akos.palfi@imgtec.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1632993003
Cr-Commit-Position: refs/heads/master@{#33520}
We get less "pollution" of type feedback if we have one vector per native
context, rather than one for the whole system. This CL moves the vector
appropriately.
We rely more heavily on the Optimized Code Map in the SharedFunctionInfo. The
vector actually lives in the first slot of the literals array (indeed there is
great commonality between those arrays, they can be thought of as the same
thing). So we make greater effort to ensure there is a valid literals array
after compilation.
This meant, for performance reasons, that we needed to extend
FastNewClosureStub to support creating closures with literals. And ultimately,
it drove us to move the optimized code map lookup out of FastNewClosureStub
and into the compile lazy builtin.
The heap change is trivial so I TBR Hannes for it...
TBR=hpayer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1563213002
Cr-Commit-Position: refs/heads/master@{#33518}
This increases the size of register operands to be 16-bit.
Not all bytecodes have wide register variants, so when they are
needed a register translator will copy them into a small area
reserved at the top of the 8-bit register range and these registers
are supplied as arguments to the bytecode with 8-bit operands.
This is non-intrusive for typical bytecode where the number of
registers is less than 120. For bytecodes with wide register
operands (above the window) their index needs to be translated
to avoid the reserved translation window.
Enables splay.js to run in Octane and a handful of mjsunit tests.
BUG=v8:4280,v8:4675
LOG=NO
Review URL: https://codereview.chromium.org/1613163002
Cr-Commit-Position: refs/heads/master@{#33516}
The current support for try-catch in the interpreter can handle most of
the cases appearing in our test suite. Also the flag in question did not
detect try-finally constructs. This removes the flag and instead extends
the test expectations.
R=rmcilroy@chromium.org
BUG=v8:4674
LOG=n
Review URL: https://codereview.chromium.org/1631593003
Cr-Commit-Position: refs/heads/master@{#33494}
Change the interpreter to always store the current context in the frame's
context slot instead of the function context. This makes it possible to
restore the correct context during deopt.
BUG=v8:4678,v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1604923002
Cr-Commit-Position: refs/heads/master@{#33477}
This adds an explicit ReThrow bytecode to be used in the modelling of
try-finally statements. An exception that is being re-thrown should not
trigger message object creation or location computation and hence cannot
use the existing Throw bytecode.
R=rmcilroy@chromium.org
TEST=cctest/test-interpreter/InterpreterTryFinally
BUG=v8:4674
LOG=n
Review URL: https://codereview.chromium.org/1621673002
Cr-Commit-Position: refs/heads/master@{#33472}
This models function local control flow through try-finally constructs
using a token dispatch mechanism. All paths through the finally block
are assigned a token, at the end of the finally block a switch construct
dispatches according to this token.
R=oth@chromium.org,rmcilroy@chromium.org
BUG=v8:4674
LOG=n
Review URL: https://codereview.chromium.org/1613443002
Cr-Commit-Position: refs/heads/master@{#33465}
Break and continue operations need to pop the context chain to the
correct context before jumping to the target.
BUG=v8:4280,v8:4678
LOG=N
Review URL: https://codereview.chromium.org/1618693002
Cr-Commit-Position: refs/heads/master@{#33464}
This fixes the broken return address when the exception handler within
interpreted bytecode is being entered via stack unwinding. The address
in question will never actually be taken, but our stack walker uses this
address to determine whether a frame is interpreted.
R=rmcilroy@chromium.org
TEST=cctest/test-interpreter/InterpreterTryCatch
BUG=v8:4674
LOG=n
Review URL: https://codereview.chromium.org/1615063002
Cr-Commit-Position: refs/heads/master@{#33463}
This implements a first prototype of stack unwinding for interpreted
frames. The unwinding machinery performs a range-based lookup in the
given handler table and potentially continues dispatching at the handler
offset. Note that this does not yet correctly restore the context to the
correct value when the handler is being entered.
R=rmcilroy@chromium.org,oth@chromium.org
BUG=v8:4674
LOG=n
Review URL: https://codereview.chromium.org/1605633003
Cr-Commit-Position: refs/heads/master@{#33414}
This removes the above flag definition. The flag is no longer needed as
the default implementation is more than capable of faking presence of
handling of try-catch and try-finally constructs by now.
R=rmcilroy@chromium.org
BUG=v8:4674
LOG=n
Review URL: https://codereview.chromium.org/1603063003
Cr-Commit-Position: refs/heads/master@{#33402}
This implements a first version of exception handler table construction
within the interpreter. Note that the local control flow for try-catch
and try-finally statements is still off, and also stack unwinding does
not yet respect interpreter frames. But generated handler tables should
be populated correctly already.
R=oth@chromium.org
BUG=v8:4674
LOG=n
Review URL: https://codereview.chromium.org/1607433005
Cr-Commit-Position: refs/heads/master@{#33400}
o Adds wide variants of bytecodes that have operands describing ranges
of registers. The upcoming wide register support does not suppport
re-mapping ranges.
o Adds kRegPair16 and kRegTriple16 operands required for new wide
bytecodes and renames Count8/Count16 operands to RegCount8/RegCount16.
o Removes Exchange bytecodes
BUG=v8:4675
LOG=NO
Review URL: https://codereview.chromium.org/1595103006
Cr-Commit-Position: refs/heads/master@{#33389}
Fixes a bug where the context would be popped before labeled block break target
location.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1601153002
Cr-Commit-Position: refs/heads/master@{#33388}
Now that we support eval in Ignition, remove the fallback for eval checks
and make the flag only fallback on catch blocks.
BUG=v8:4280,v8:4676
LOG=N
Review URL: https://codereview.chromium.org/1595223004
Cr-Commit-Position: refs/heads/master@{#33384}
VisitObjectLiteral has two parts. First it creates a literal and then
sets properties or accessor properties. Setting properties requires a
runtime call and it expects the literal object which was created in the
first part is contiguous with other registers it allocates. Since these
are allocated in a different scope they are not always contiguous.
This causes problems with mjsunit/setter-on-constructor-prototype.js.
This cl fixes by allocating contiguous registers in the inner scope.
Literal value is copied into the newly allocated register so that all
the required registers are always contiguous.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1588903002
Cr-Commit-Position: refs/heads/master@{#33371}
Make ForInPrepare take a kRegTriple8 operand and ForInNext take kRegPair8
operand for cache state. This is to ensure that the cache state output of
ForInPrepare is in consecutive registers to allow us to deopt the
ForInPrepare node from TF->Ignition (to be done in a followup CL).
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1584813002
Cr-Commit-Position: refs/heads/master@{#33357}
Adds support for variable and function declarations in lookup slots to the
interpreter.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1583783003
Cr-Commit-Position: refs/heads/master@{#33355}
Split RegisterAllocationScope out of ExpressionResult and allocate one
for each statement. This ensures that we always have an outer register
allocation scope for statement code (used in CountOperation and
RegisterExecutionResult). Also refactored the register allocator code to
move it to it's own file and rename from TemporaryRegisterScope to
BytecodeRegisterAllocator.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1587033002
Cr-Commit-Position: refs/heads/master@{#33296}
Removes assignment hazard scope. Reverts back to the naive scheme of
allocating a temporary for every variable load. It was decided to revert it
because the current implementation does not handle logical expressions,
ternary operators, visiting objects in named/keyed loads. Also, we wanted
to evaluate alternate approaches and choose one when we have a mechanism
to measure performance.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1576403004
Cr-Commit-Position: refs/heads/master@{#33269}
Adds support for LOOKUP_SLOT_CALL calls to the interpreter. Also changes
VisitCall to keep callee and reciever consecutive to avoid register
shuffles when performing LOOKUP_SLOT_CALL calls. Adds tests for the
interpreter and bytecode graph generator.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1568323002
Cr-Commit-Position: refs/heads/master@{#33237}
This patch moves the semantics of 'const' in sloppy mode to match those
in strict mode, that is, const makes lexical (let-like) bindings, must
have an initializer, and does not create properties of the global object.
R=adamk
LOG=Y
BUG=v8:3305
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1571873004
Cr-Commit-Position: refs/heads/master@{#33218}
Fixed a bug in VisitForInAssignment. After visiting the object the value
to be stored was not loaded back to the accumulator. Also added two tests
to check this case.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1571753002
Cr-Commit-Position: refs/heads/master@{#33188}
Adds support for calling eval to the interpreter.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1508293003
Cr-Commit-Position: refs/heads/master@{#33184}
This increases the size of addressable constant pool entries for jumps
to match other bytecodes using operands indexing the constant pool.
This change also introduces reservations for constant pool entries.
Reservations are used for forward jumps to ensure a constant pool entry
will be available when the jump target (label) is bound and the jump is
patched up in the bytecode array.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1546683002
Cr-Commit-Position: refs/heads/master@{#33125}
New bytecodes for making registers with indicies wider than 1-byte
accessible.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1555713002
Cr-Commit-Position: refs/heads/master@{#33091}
After this change (https://codereview.chromium.org/1507903004) to type feedback
vector, wide bytecodes for global/keyed/named load-stores were not generated due
to a change in the number of type feedback vector slots. This cl fixes tests to
generate wide bytecodes.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1546923002
Cr-Commit-Position: refs/heads/master@{#33076}
Changes LoadGlobal, StoreGlobal, LoadNamedProperty, and StoreNamedProperty to accept
the name of variable instead of index into the constant pool entry. Also made
GetConstantPoolEntry as a private function since it is no longer used outside of
BytecodeArrayBuilder.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1546643002
Cr-Commit-Position: refs/heads/master@{#33020}
Adds support for deleting a variable in a lookup slot. Adds a new bytecode,
its implementation and tests. Also adds support for this bytecode to the
bytecode graph builder.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1542083002
Cr-Commit-Position: refs/heads/master@{#33019}
Consecutive registers are allocated in two passes. First we "reserve"
a set of registers and these get allocated when we actually use them.
If we request for a temporary register before we use all the consecutive
registers, the earlier implementation does not gaurantee that it allocates
outside the reservation for consecutive registers. This could cause problems
for example, in call_func(a, b++, c). This cl fixes
TemporaryRegisterScope::NewRegister, to return a new temporary register
outside the reservation for consecutive registers.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1531273002
Cr-Commit-Position: refs/heads/master@{#33005}
A pre-requisite for this change was changing the interpreter to use
Runtime::ForInStep to bring the interpreter implementation closer
to the turbofan implementation. Also required to flatten out the
cache parameters into the interpreter frame for de-opt.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1531693002
Cr-Commit-Position: refs/heads/master@{#32986}
Adds support for loading and storing lookup variables.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1524803003
Cr-Commit-Position: refs/heads/master@{#32913}
This change adds support for local control flow when building graphs
from bytecode. The change ensures loop emitted from the bytecode
generator are in natural order so the only back branches are for loops.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1502243002
Cr-Commit-Position: refs/heads/master@{#32911}
Adds implementation and tests for CreateObjectLiteral, CreateArrayLiteral and CreateRegExpLiteral
to bytecode graph builder. Also changes these bytecodes to expect three operands instead of using
accumulator to pass one of the operands. This is done to avoid looking into the earlier nodes to
fetch operands in the bytecode graph builder. Also adds support for wide variant of these
bytecodes to bytecode generator and bytecode graph builder.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1503963002
Cr-Commit-Position: refs/heads/master@{#32710}
It's cumbersome to maintain IC profiler statistics all the time.
Let's just do it as needed.
BUG=
Review URL: https://codereview.chromium.org/1507903004
Cr-Commit-Position: refs/heads/master@{#32693}
Reason for revert:
Seems to be (mostly) responsible for the most recent Speedometer regression, not 100% sure. Let's see what the bots have to say.
Original issue's description:
> Provide call counts for constructor calls, surface them as a vector IC.
>
> CallIC and CallConstructStub look so alike, at least in the feedback they gather even if the implementation differs...and CallIC has such a nice way of surfacing the feedback (CallICNexus), that there is a request to make CallConstructStub look analogous. Enter ConstructICStub.
>
> BUG=
>
> Committed: https://crrev.com/66d5a9df62da458a51e8c7ed1811dc9660f4f418
> Cr-Commit-Position: refs/heads/master@{#32452}
TBR=mvstanton@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1489413006
Cr-Commit-Position: refs/heads/master@{#32599}
CallIC and CallConstructStub look so alike, at least in the feedback they gather even if the implementation differs...and CallIC has such a nice way of surfacing the feedback (CallICNexus), that there is a request to make CallConstructStub look analogous. Enter ConstructICStub.
BUG=
Review URL: https://codereview.chromium.org/1476413003
Cr-Commit-Position: refs/heads/master@{#32452}
an optomization to remove redundant cast operations.
1. Adds an optimization to remove redundant ToBoolean and ToName operations.
2. Adds implementation and tests for cast operatorts to bytecode graph builder.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1468003002
Cr-Commit-Position: refs/heads/master@{#32408}
Previously all contexts had a link to the global object, but what is
required in most cases (except for the global load, store and delete
case) is the native context.
This also removes the second dummy global object that was still linked
to every native context. We will add a different mechanism to ensure
that builtins do not pollute the actual global object during
bootstrapping.
Drive-by-fix: Unify some MacroAssembler magic and drop obsolete stuff.
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_rel
R=yangguo@chromium.org,mstarzinger@chromium.org
Committed: https://crrev.com/d290f204938295bfecc5c8e645ccfcff6e80ddb8
Cr-Commit-Position: refs/heads/master@{#32375}
Review URL: https://codereview.chromium.org/1480003002
Cr-Commit-Position: refs/heads/master@{#32381}
Reason for revert:
[Sheriff] Breaks:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap/builds/5472
Original issue's description:
> [runtime] Replace global object link with native context link in all contexts.
>
> Previously all contexts had a link to the global object, but what is
> required in most cases (except for the global load, store and delete
> case) is the native context.
>
> This also removes the second dummy global object that was still linked
> to every native context. We will add a different mechanism to ensure
> that builtins do not pollute the actual global object during
> bootstrapping.
>
> Drive-by-fix: Unify some MacroAssembler magic and drop obsolete stuff.
>
> R=yangguo@chromium.org
>
> Committed: https://crrev.com/d290f204938295bfecc5c8e645ccfcff6e80ddb8
> Cr-Commit-Position: refs/heads/master@{#32375}
TBR=yangguo@chromium.org,mstarzinger@chromium.org,bmeurer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1478303002
Cr-Commit-Position: refs/heads/master@{#32377}
Previously all contexts had a link to the global object, but what is
required in most cases (except for the global load, store and delete
case) is the native context.
This also removes the second dummy global object that was still linked
to every native context. We will add a different mechanism to ensure
that builtins do not pollute the actual global object during
bootstrapping.
Drive-by-fix: Unify some MacroAssembler magic and drop obsolete stuff.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1480003002
Cr-Commit-Position: refs/heads/master@{#32375}
ES6 section 12.2.8.1 states that flags for regular expression literals
must be checked during parsing and invalid flags are early errors. This
change adapts the Scanner and (Pre)Parser to act according to the spec.
This is also a prerequisite to unify the handling of literal creation
(for Objects, Arrays, Regexps, and at some point Classes).
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1472323002
Cr-Commit-Position: refs/heads/master@{#32273}
This passes the new.target value in a register instead of through a
side-channel via the construct stub. The interpreter entry trampoline
stores this value in a bytecode register so that it can be accessed
directly by the interpreter. The size of the interpreter stack frame
hence grows by one slot.
R=oth@chromium.org
BUG=v8:4544
LOG=n
Review URL: https://codereview.chromium.org/1469313002
Cr-Commit-Position: refs/heads/master@{#32264}
Adds code and tests to support CreateClosure bytecode when building
graphs.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1458603012
Cr-Commit-Position: refs/heads/master@{#32224}
This change introduces register re-mapping to avoid assignment hazards
in binary expressions. Expressions that cause problems typically have
the form y = x + (x = 4);. The problem occurs because the lhs value
evaluates to the register holding x. The rhs updates that register and
then applying the operation would use the new value as the lhs.
By tracking loads and stores in binary expressions the generator is now
able to detect when condition occurs and uses a temporary register for
the rhs value. When the binary expression evaluation is complete the
variable is updated with the latest temporary.
A new bytecode Mov performs this update without touching the
accumulator.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1412683011
Cr-Commit-Position: refs/heads/master@{#32141}
Adds support for the New, CallRuntime and CallJSRuntime bytecodes in
BytecodeGraphBuilder. Also adds BuildLoadObjectField,
BuildLoadGlobalObject and BuildLoadNativeContextField helpers.
Landed on behalf of rmcilroy.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1456483002
Cr-Commit-Position: refs/heads/master@{#32136}
Adds support for visiting the Call bytecode to the bytecode graph builder.
This change also adds the call type feedback slot to the Call bytecode.
This is not currently used by the interpreter, but is used by the
graph builder.
Also adds a CallWide varient of the Call bytecode, and adds the kCount16
operand type.
Landed on behalf of rmcilroy.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1456453002
Cr-Commit-Position: refs/heads/master@{#32033}
Adds an optimization to omit generating Ldar/Star if the same register
is loaded or stored from the accumulator in the earlier instruction.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1435283002
Cr-Commit-Position: refs/heads/master@{#31984}
This aligns the naming of "new target" with the spec text throughout
TurboFan and the stack frame walker. The goal is to avoid unnecessary
confusion for people familiar with the spec.
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/1442643002
Cr-Commit-Position: refs/heads/master@{#31978}
Adds a test that the receiver for sloppy mode functions is replaced with
the global proxy when called with an undefined receiever.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1410113008
Cr-Commit-Position: refs/heads/master@{#31854}
On MIPS arch, all memory accesses (including halfword)
must be aligned to their native size or an alignment exception occurs.
The kernel will fix this up, but with performance penalty.
TEST=test-bytecode-generator/CallRuntime
BUG=
Review URL: https://codereview.chromium.org/1423373004
Cr-Commit-Position: refs/heads/master@{#31845}
Adds support for calling JS runtime functions. Also changes the bytecode
array builder to allow calling functions with an invalid argument
register if the call takes no arguments.
Adds the bytecode CallJSRuntime.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1410003003
Cr-Commit-Position: refs/heads/master@{#31774}
Corrects LdaGlobal to deal with TypeofMode::INSIDE_TYPEOF so that it
doesn't throw a reference error on undefined globals.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1422443006
Cr-Commit-Position: refs/heads/master@{#31757}
Existing code was assuming that 'lexical' blocks were the same as basic
blocks, therefore code which emitted jumps within a lexical block (e.g.,
logical or) would in some occassions incorrectly omit a necessary
ToBoolean.
This change removes Enter/LeaveBlock from BytecodeArrayBuilder and
instead tracks basic blocks via label bindings and jump operations. The
change also ensures we don't emit dead code at the end of a basic block,
and adds tests of the edge cases.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1406983010
Cr-Commit-Position: refs/heads/master@{#31741}
Adds an optimization to not emit unnecessary jumps and dead code in If,
For, While, and do-while statments. When the value of condition is known
at compile time, the code is emitted only for the paths that can be taken.
For example, when the condition is known to be true in an if statmenet
only then block is generated.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1414193006
Cr-Commit-Position: refs/heads/master@{#31715}
Adds an optimization to emit JumpIfToBooleanTrue/False instead
of ToBoolean followed by JumpIfTrue/False if the value in the
accumulator is not boolean.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1426913002
Cr-Commit-Position: refs/heads/master@{#31697}
Adds support for switch statments to the interpreter.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1415093006
Cr-Commit-Position: refs/heads/master@{#31687}
This moves the cctest file for the interpreter to live in the same
namespace as the components it is testing. Hence we can avoid the
forbidden using directives pulling in entire namespaces.
From the Google C++ style guide: "You may not use a using-directive to
make all names from a namespace available". This would be covered by
presubmit linter checks if build/namespaces were not blacklisted.
R=rmcilroy@chromium.org
Review URL: https://codereview.chromium.org/1410993009
Cr-Commit-Position: refs/heads/master@{#31681}
For..in introduces 3 new bytecodes ForInPrepare, ForInNext, and
ForInDone to start a for..in loop, get the next element, and check if
the loop is done.
For..in builds upon new LoopBuilder constructs for conditionally
breaking and continuing during iteration: BreakIf{Null|Undefined}
and ContinueIf{Null|Undefined}. New conditional jump bytecodes
support this succinctly: JumpIfNull and JumpIfUndefined.
Add missing check to BytecodeLabel that could allow multiple
forward referencess to the same label which is not supported.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1422033002
Cr-Commit-Position: refs/heads/master@{#31651}
Adds support for delete operator, it's implementation and tests.
Adds tests for the following unary operators
-BitwiseNot
-Add
-Sub
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1410953003
Cr-Commit-Position: refs/heads/master@{#31620}
Adds support for loading from and storing to outer context
variables. Also adds support for declaring functions on contexts and
locals. Finally, fixes a couple of issues with StaContextSlot where
we weren't emitting the write barrier and therefore would crash in the
GC.
Also added code so that --print-bytecode will output the
function name before the bytecodes, and replaces MachineType with StoreRepresentation in RawMachineAssembler::Store and updates tests.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1425633002
Cr-Commit-Position: refs/heads/master@{#31584}
Adds support and tests for conditional (ternary) expressions.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1417053004
Cr-Commit-Position: refs/heads/master@{#31575}
Fills out some more of the function prologue support in the
interpreter. Deals with creation of arguments objects and throwing
IllegalRedeclarations if necessary. Also adds (untested) support for
this.function and new.target variable assignment.
Also fixes a bug in Frames::is_java_script() to deal with
interpreter frames correctly.
Cleans up comments in builtins InterpreterEntryTrampoline about
missing prologue support.
Adds the following bytecodes:
- CreateArgumentsSloppy
- CreateArgumentsStrict
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1412953007
Cr-Commit-Position: refs/heads/master@{#31486}
Adds support for compound expressions for variables and named / keyed
property assignments.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1420503002
Cr-Commit-Position: refs/heads/master@{#31485}
Adds support for count operations to the interpreter. Deals with count
operations on locals, globals, context allocated variables and named and
keyed properties.
Adds the following bytecodes:
ToNumber
Inc
Dec
BUG=v8:4280
LOG=N
TBR=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1416623003
Cr-Commit-Position: refs/heads/master@{#31484}
Unifies the global and unallocated variable type accesses given that
--global_var_shortcuts is going away. Lda/StaGlobal is modified to use
Load/StoreICs on the global object. The named LoadIC and StoreIC bytecodes
are also modified so that they take a constant pool entry index for the
name rather than a register, avoiding unecessary LdaConstant bytecodes to
be emitted.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1419003002
Cr-Commit-Position: refs/heads/master@{#31482}
The plan is to implement the same idea using vector IC machinery.
Stubs implementations and scopes modifications are left untouched for now.
Review URL: https://codereview.chromium.org/1419823003
Cr-Commit-Position: refs/heads/master@{#31458}
This change adds new flavors of Visit() methods for obtaining
expression results:
- VisitForAccumulatorValue() which places result in the accumulator.
- VisitForRegisterValue() which places the result in a register.
- VisitForEffect() which evaluates the expression and discards the result.
The targets of these calls place the expression result with
result_scope()->SetResultInRegister() or
result_scope()->SetResultInAccumulator().
By being smarter about result locations, there's less temporary
register usage. However, we now have a hazard with assignments
in binary expressions that didn't exist before. This change detects and
DCHECK's when a hazard is detected. A follow on CL will address this.
There are consequential changes to test-bytecode-generator.cc and
this change also adds new bytecode macros A(x, n) and THIS(n) for
register file entries for arguments and this.
BUG=v8:4280
LOG=NO
Review URL: https://codereview.chromium.org/1392933002
Cr-Commit-Position: refs/heads/master@{#31445}
Adds support for local context loads and stores. Also adds support for
creation of new block contexts (e.g., for let variables) and initializing
const / let variables with the hole appropriately.
Also adds some checks to ensure BytecodeArrayBuilder::context_count is set
appropriately and fixes tests to do so.
Adds the bytecode StaContextSlot.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1403943004
Cr-Commit-Position: refs/heads/master@{#31343}
This change add a new bytecode for operator new and implements it using
the Construct() builtin.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1402943002
Cr-Commit-Position: refs/heads/master@{#31293}
Adds support for following operators
-Logical and
-Logical or
-Comma
Adds the above bytecodes, support to BytecodeGenerator and BytecodeArrayBuilder
to enable it's use, it's implementation and tests.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1399773002
Cr-Commit-Position: refs/heads/master@{#31281}
The AccessorsTable has a non-deterministic iteration order depending on the
random seed. This means that the order of the accessor defines could vary
and the test which tried to set accessors on two different properties
could flakly fail due to the order not being as expected. To fix this I make
the test only do a setter on one property (the test-interpreter.cc test
does the check on multiple property accessors
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1404793002
Cr-Commit-Position: refs/heads/master@{#31264}
Replaces the use of KeyedStoreICGeneric with a vector based KeyedStoreIC for
array literal computed stores now that there is a feedback vector slot for
these expressions. Removes KeyedStoreICGeneric bytecode since this is no
longer necessary.
BUG=v8:4280
LOG=N
TBR=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1400353002
Cr-Commit-Position: refs/heads/master@{#31262}
Adds Object literal support to the interpreter. Adds the following bytecodes:
- ToName
- CreateObjectLiteral.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1386313005
Cr-Commit-Position: refs/heads/master@{#31253}
Adds array literal support to the interpreter. Currently constructed
array elements don't have type feedback slots, so also adds support for
generic keyed store operations.
Adds the following bytecodes:
- CreateArrayLiteral
- KeyedStoreICGeneric
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1400753003
Cr-Commit-Position: refs/heads/master@{#31240}
Adds support for creation of new local function contexts (or script context for
top-level code). As part of this, also adds support for context push/pop
operations using a ContextScope object in BytecodeGenerator. Adds the following
bytecodes:
- PushContext
- PopContext
Support for inner contexts and loading from / storing to context allocated
variables will come in a future CL.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1379793004
Cr-Commit-Position: refs/heads/master@{#31238}
Adds function literal support and add support for OTHER_CALLS which can be
made when calling a function literal.
Adds the CreateClosure bytecode.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1396693003
Cr-Commit-Position: refs/heads/master@{#31231}
-Bitwise Or
-Bitwise Xor
-Bitwise And
Adds the above bytecodes, support to BytecodeGenerator and BytecodeArrayBuilder to enable it's use, it's implementation and tests.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1386133002
Cr-Commit-Position: refs/heads/master@{#31210}
Adds support for following operators
-Shift left
-Shift right
-Shift right logical
Adds the above bytecodes, support to BytecodeGenerator and BytecodeArrayBuilder
to enable it's use, it's implementation and tests.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1392913002
Cr-Commit-Position: refs/heads/master@{#31205}
Without that, it has a few false positives about out-of-bounds array accesses.
Also makes the clang static-analyzer happy.
Original code review from Sven Panne:
https://codereview.chromium.org/790723002/
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_arm_dbg,v8_linux_arm64_dbg,v8_mac64_dbg,v8_win_compile_dbg,v8_linux_gcc_rel
Review URL: https://codereview.chromium.org/1393023003
Cr-Commit-Position: refs/heads/master@{#31185}
Reason for revert:
Breaks Arm debug.
Original issue's description:
> Reland: Introduce a V8_NORETURN macro and use it to make GCC 4.9.2 happy again.
>
> Without that, it has a few false positives about out-of-bounds array accesses.
> Also makes the clang static-analyzer happy.
>
> Original code review from Sven Panne:
> https://codereview.chromium.org/790723002/
>
> CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_arm_dbg,v8_linux_arm64_dbg,v8_mac64_dbg,v8_win_compile_dbg
>
> Committed: https://crrev.com/93ae81101af68d81b7af84ea4046ea849e605116
> Cr-Commit-Position: refs/heads/master@{#31163}
TBR=jochen@chromium.org,karl@skomski.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1398643002
Cr-Commit-Position: refs/heads/master@{#31167}
Implements support for declaring global variables. Also adds support for loading
from and storing to both global and unallocated global variables. Adds the
following bytecodes:
- StoreGlobal
- LoadContextSlot
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1378523005
Cr-Commit-Position: refs/heads/master@{#31166}
Without that, it has a few false positives about out-of-bounds array accesses.
Also makes the clang static-analyzer happy.
Original code review from Sven Panne:
https://codereview.chromium.org/790723002/
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_arm_dbg,v8_linux_arm64_dbg,v8_mac64_dbg,v8_win_compile_dbg
Review URL: https://codereview.chromium.org/1383053005
Cr-Commit-Position: refs/heads/master@{#31163}
Thus TypeFeedbackMetadata can now be shared between different native contexts.
Review URL: https://codereview.chromium.org/1384673002
Cr-Commit-Position: refs/heads/master@{#31143}
Adds support for strict mode load / store ICs and cleans up BinaryOp and
CompareOp to only trigger an UNIMPLEMENTED abort if called with STRONG
mode (which is the only language mode which has different compare/binary ops.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1385623002
Cr-Commit-Position: refs/heads/master@{#31134}
Implementations and tests for typeof, void, and logical not.
Add missing string type to Object::TypeOf.
BUG=v8:4280
LOG=NO
Review URL: https://codereview.chromium.org/1390483002
Cr-Commit-Position: refs/heads/master@{#31124}
Without that, it has a few false positives about out-of-bounds array accesses.
Also makes the clang static-analyzer happy.
Original code review from Sven Panne:
https://codereview.chromium.org/790723002/
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_arm_dbg,v8_linux_arm64_dbg,v8_mac64_dbg,v8_win_compile_dbg
Review URL: https://codereview.chromium.org/1384873002
Cr-Commit-Position: refs/heads/master@{#31105}
Adds support for calling runtime functions from the interpreter. Adds the
CallRuntime bytecode which takes a Runtime::FunctionId of the function to call
and the arguments in sequential registers. Adds a InterpreterCEntry builtin
to enable the interpreter to enter C++ code based on the functionId.
Also renames Builtin::PushArgsAndCall to Builtin::InterpreterPushArgsAndCall
and groups all the interpreter builtins together.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1362383002
Cr-Commit-Position: refs/heads/master@{#31089}
Reason for revert:
Now breaking arm32 debug bot (worked locally even with --debug-code, so I'll need to figure out what's different on the bot)
Original issue's description:
> [Interpreter] Add CallRuntime support to the interpreter.
>
> Adds support for calling runtime functions from the interpreter. Adds the
> CallRuntime bytecode which takes a Runtime::FunctionId of the function to call
> and the arguments in sequential registers. Adds a InterpreterCEntry builtin
> to enable the interpreter to enter C++ code based on the functionId.
>
> Also renames Builtin::PushArgsAndCall to Builtin::InterpreterPushArgsAndCall
> and groups all the interpreter builtins together.
>
> BUG=v8:4280
> LOG=N
>
TBR=bmeurer@chromium.org,oth@chromium.org,mstarzinger@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4280
Review URL: https://codereview.chromium.org/1379933003
Cr-Commit-Position: refs/heads/master@{#31078}
Adds support for calling runtime functions from the interpreter. Adds the
CallRuntime bytecode which takes a Runtime::FunctionId of the function to call
and the arguments in sequential registers. Adds a InterpreterCEntry builtin
to enable the interpreter to enter C++ code based on the functionId.
Also renames Builtin::PushArgsAndCall to Builtin::InterpreterPushArgsAndCall
and groups all the interpreter builtins together.
BUG=v8:4280
LOG=N
Committed: https://crrev.com/40e8424b744f8b6e3e1d93e20f23487419911dfc
Cr-Commit-Position: refs/heads/master@{#31064}
Review URL: https://codereview.chromium.org/1362383002
Cr-Commit-Position: refs/heads/master@{#31076}
Reason for revert:
Broke Arm64 bot (CEntry stub is trying to pop arguments off stack when argv_in_reg, so I need to fix this).
Original issue's description:
> [Interpreter] Add CallRuntime support to the interpreter.
>
> Adds support for calling runtime functions from the interpreter. Adds the
> CallRuntime bytecode which takes a Runtime::FunctionId of the function to call
> and the arguments in sequential registers. Adds a InterpreterCEntry builtin
> to enable the interpreter to enter C++ code based on the functionId.
>
> Also renames Builtin::PushArgsAndCall to Builtin::InterpreterPushArgsAndCall
> and groups all the interpreter builtins together.
>
> BUG=v8:4280
> LOG=N
>
> Committed: https://crrev.com/40e8424b744f8b6e3e1d93e20f23487419911dfc
> Cr-Commit-Position: refs/heads/master@{#31064}
TBR=bmeurer@chromium.org,oth@chromium.org,mstarzinger@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4280
Review URL: https://codereview.chromium.org/1387543002
Cr-Commit-Position: refs/heads/master@{#31066}
Adds support for calling runtime functions from the interpreter. Adds the
CallRuntime bytecode which takes a Runtime::FunctionId of the function to call
and the arguments in sequential registers. Adds a InterpreterCEntry builtin
to enable the interpreter to enter C++ code based on the functionId.
Also renames Builtin::PushArgsAndCall to Builtin::InterpreterPushArgsAndCall
and groups all the interpreter builtins together.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1362383002
Cr-Commit-Position: refs/heads/master@{#31064}
Adds support for short operands, starting with kIdx16. Introduces
BytecodeTraits to enable compile time determination of various traits for a
bytecode, such as size, operands, etc. Reworks BytecodeIterator,
BytecodeArrayBuilder and Bytecodes::Decode to support 16 bit operands. Adds
support to Interpreter to load 16 bit operands.
Also fixes a bug with ToBoolean where it wouldn't get emitted at the start
of a block, and added a test.
BytecodeTraits template magic inspired by oth@chromium.org.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1370893002
Cr-Commit-Position: refs/heads/master@{#31058}
Improve bytecode generation for if when there's no else clause.
Display target addresses for jump instructions in
Bytecode::Disassemble().
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1373903005
Cr-Commit-Position: refs/heads/master@{#31052}
This CL also allows to use arbitrary number of feedback vector elements for particular slot kind.
Review URL: https://codereview.chromium.org/1370303004
Cr-Commit-Position: refs/heads/master@{#31050}
This enables linter checking for "readability/namespace" violations
during presubmit and instead marks the few known exceptions that we
allow explicitly.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1371083003
Cr-Commit-Position: refs/heads/master@{#31019}
The comparison operators and ToBoolean are implemented by calling into
the runtime. There are new runtime methods are prefixed with Interpreter
to make use case clear.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1369123002
Cr-Commit-Position: refs/heads/master@{#30983}
This is a second step towards merging FeedbackVectorSlot and FeedbackVectorICSlot.
Review URL: https://codereview.chromium.org/1376443002
Cr-Commit-Position: refs/heads/master@{#30971}
This is a first step towards merging FeedbackVectorSlot and FeedbackVectorICSlot.
Review URL: https://codereview.chromium.org/1369973002
Cr-Commit-Position: refs/heads/master@{#30964}
+ Add bytecodes for conditional and unconditional jumps.
+ Add bytecodes for test/compare operations.
+ Expose jumps in bytecode-array-builder and add BytecodeLabel class for
identifying jump targets.
+ Add support for if..then...else in the bytecode-generator.
+ Implement jump bytecodes in the interpreter. Test/compare operations
dependent on runtime call for comparisons.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1343363002
Cr-Commit-Position: refs/heads/master@{#30918}
Adds LdaGlobal bytecode and augments BytecodeGenerator to load globals for
global variables and function calls.
Modified TestBytecodeGenerator to add the ability to specify that a bytecode
operand has an unknown value (used so we don't need to figure out the slot
index of a global). Also added a helper which checks equality of BytecodeArray
with the expected snipptets.
Modified TestInterpreter to allow it to take snippets of JS and have the
BytecodeGenerator generate the bytecode rather than having to build a
BytecodeArray manually. This is used to enable the global tests.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1361113002
Cr-Commit-Position: refs/heads/master@{#30910}
Currently Execution::Call (and friends) still duplicate a lot of the
Call sequence logic that should be encapsulated in the Call and
CallFunction builtins. So the plan now is to switch Execution::Call
to accept any Callable and just pass that through to the Call builtin.
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_dbg
R=jarin@chromium.org
BUG=v8:4413
LOG=n
Committed: https://crrev.com/359645f48156e15f235e9a9ede7910e0bcd9ae45
Cr-Commit-Position: refs/heads/master@{#30791}
Review URL: https://codereview.chromium.org/1353723002
Cr-Commit-Position: refs/heads/master@{#30808}
Currently Execution::Call (and friends) still duplicate a lot of the
Call sequence logic that should be encapsulated in the Call and
CallFunction builtins. So the plan now is to switch Execution::Call
to accept any Callable and just pass that through to the Call builtin.
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_dbg
R=jarin@chromium.org
BUG=v8:4413
LOG=n
Review URL: https://codereview.chromium.org/1353723002
Cr-Commit-Position: refs/heads/master@{#30791}
Adds support for JS calls to the interpreter. In order to support
calls from the interpreter, the PushArgsAndCall builtin is added
which pushes a sequence of arguments onto the stack and calls
builtin::Call.
Adds the Call bytecode.
MIPS port contributed by akos.palfi@imgtec.com in https://codereview.chromium.org/1334873002/
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1323463005
Cr-Commit-Position: refs/heads/master@{#30710}
Adds support for property store operations via Store/KeyedStore ICs. Adds the
following bytecodes:
- StoreIC
- KeyedStoreIC
The --vector_store flag is now required for --ignition.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1319833004
Cr-Commit-Position: refs/heads/master@{#30660}
When there is no explicit return we need to generate an implicit
return undefined.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1308693014
Cr-Commit-Position: refs/heads/master@{#30639}
Adds support for property load operations via Load/KeyedLoad ICs. Adds the
following bytecodes:
- LoadIC
- KeyedLoadIC
Also adds support to the interpreter assembler for loading the type feedback
vector from the function on the stack, and calling ICs.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1309843007
Cr-Commit-Position: refs/heads/master@{#30543}
Adds support to the interpreter for loading literals from the constant pool.
Adds the LoadConstant bytecode and makes use of it for loading large Smis and
HeapObject literals.
Also removes unused HandleVector from utils.h.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1321663003
Cr-Commit-Position: refs/heads/master@{#30450}
Adds support for parameters to the BytecodeArrayBuilder and BytecodeGenerator.
Parameters are accessed as negative interpreter registers.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1303403004
Cr-Commit-Position: refs/heads/master@{#30403}
Adds implementations and tests for the following bytecodes:
- Add
- Sub
- Mul
- Div
- Mod
Also adds the Mod bytecode and adds support to BytecodeGenerator and
BytecodeArrayBuilder to enable it's use.
The current bytecodes always call through to the JS builtins. This also adds
LoadObjectField and CallJSBuiltin operators to the InterpreterAssembler.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1300813005
Cr-Commit-Position: refs/heads/master@{#30352}
Bytecode generator for local assignment and basic binary operations.
Command-line flag for printing bytecodes.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1294543002
Cr-Commit-Position: refs/heads/master@{#30221}
Makes the following modifications to the interpreter builtins and
InterpreterAssembler:
- Adds an accumulator register and initializes it to undefined()
- Adds a register file pointer register and use it instead of FramePointer to
access registers
- Modifies builtin to support functions with 0 regiters in the register file
- Modifies builtin to Call rather than TailCall to first bytecode handler.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1289863003
Cr-Commit-Position: refs/heads/master@{#30219}
Modifies the BytecodeArrayBuilder to create register operands which are
negative. This reduces the number of instructions to access registers
by the interpreter and allows us to use positive register operands to
access parameter values.
Adds a Register class to keep register usage typesafe and simplify the
convertion to bytecode operand values.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1283313003
Cr-Commit-Position: refs/heads/master@{#30151}
Moves the creation of the interpreter table early on during initialization
to ensure that even on nosnap builds it still gets allocated in the
first page.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1278413002
Cr-Commit-Position: refs/heads/master@{#30096}
Change minimum BytecodeArray frame size to zero now return value is in
the accumulator.
Fix inconsistent checks in bytecode-array-builder.cc.
Simplify bytecode disassembly by adding Bytecodes::Decode to
disassemble one bytecode and operands.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1259193004
Cr-Commit-Position: refs/heads/master@{#29988}
The BytecodeArrayBuilder has responsibility for emitting the BytecodeArray. It will be used by the AST walker.
Bytecode now uses an accumulator plus registers rather being pure register based.
Update BytecodeArray::Disassemble to print operand information.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1266713004
Cr-Commit-Position: refs/heads/master@{#29970}
