This moves the bailout for functions containing new.target variable to
the correct place so that Crankshaft doesn't accidentally inline such
functions, yielding an "undefined" new.target value all the time.
R=bmeurer@chromium.org
TEST=mjsunit/es6/regress/regress-inlined-new-target
Review URL: https://codereview.chromium.org/1484163003
Cr-Commit-Position: refs/heads/master@{#32468}
Remove two unused fields.
Define register codes the same way register names are defined and eliminate static methods.
#error if target isn't defined.
LOG=N
BUG=v8:4124
Review URL: https://codereview.chromium.org/1482963003
Cr-Commit-Position: refs/heads/master@{#32467}
Reason for revert:
Still investigating bad canary.
Original issue's description:
> [heap] Remove eager shortcut in JSFunction visitor.
>
> This removes an optimization in the static JSFunction visitor that
> eagerly marked through to the SharedFunctionInfo for code flushing
> candidates. This causes all processing in VisitJSFunction to be
> side-stepped and hence might cause leaks.
>
> R=hpayer@chromium.org
>
> Committed: https://crrev.com/a29f0576c32e8fda90bf7ab19c6d170568150a7f
> Cr-Commit-Position: refs/heads/master@{#32332}
TBR=mstarzinger@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1488063002
Cr-Commit-Position: refs/heads/master@{#32463}
Reason for revert:
Still investigating bad canary.
Original issue's description:
> [heap] Refactor evacuation for young and old gen into visitors.
>
> Create a visitor for evacuating objects for young and old generation. This is
> the first step of preparing a task to process, both, newspace and oldspace
> pages in parallel.
>
> BUG=chromium:524425
> LOG=N
>
> Committed: https://crrev.com/138d9bae5d7014e0d205634a49b5eac3697744c8
> Cr-Commit-Position: refs/heads/master@{#32349}
TBR=mlippautz@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:524425
Review URL: https://codereview.chromium.org/1483393002
Cr-Commit-Position: refs/heads/master@{#32462}
Reason for revert:
Tanks sunspider/date-format-tofte because of the Date constructor being turbofanned.
Original issue's description:
> [turbofan] Ship TurboFan with new.target references.
>
> This correctly marks functions containing a new.target reference as
> being disabled with Crankshaft, which would have bailed out anyways.
> Also note that this will trigger TurboFan for such functions and hence
> widens the TurboFan intake valve.
>
> R=bmeurer@chromium.org
>
> Committed: https://crrev.com/2ec6fcd1520bb8a09c9924ac5498eb9b437670b0
> Cr-Commit-Position: refs/heads/master@{#32444}
TBR=bmeurer@chromium.org,rossberg@chromium.org,hablich@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1489833002
Cr-Commit-Position: refs/heads/master@{#32455}
CallIC and CallConstructStub look so alike, at least in the feedback they gather even if the implementation differs...and CallIC has such a nice way of surfacing the feedback (CallICNexus), that there is a request to make CallConstructStub look analogous. Enter ConstructICStub.
BUG=
Review URL: https://codereview.chromium.org/1476413003
Cr-Commit-Position: refs/heads/master@{#32452}
This switches all remaining builtin methods to use the ES6 new.target
value when determined whether being called as a constructor or not. This
is prepatory work for fully deprecating the aforementioned intrinsic.
R=rossberg@chromium.org
Review URL: https://codereview.chromium.org/1474343002
Cr-Commit-Position: refs/heads/master@{#32447}
This moves the decision whether code flushing is active into the setup
phase of the GC. Components are no longer allowed to dynamically switch
the code flushing mode on demand.
R=hpayer@chromium.org
Review URL: https://codereview.chromium.org/1487743002
Cr-Commit-Position: refs/heads/master@{#32446}
This correctly marks functions containing a new.target reference as
being disabled with Crankshaft, which would have bailed out anyways.
Also note that this will trigger TurboFan for such functions and hence
widens the TurboFan intake valve.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1482733002
Cr-Commit-Position: refs/heads/master@{#32444}
This is the initial support for binary operation hints on javascript
binary operators, i.e. JSAdd, JSSubtract and so on. The hints are
extracted from the fullcodegen code object before graph building and the
AstGraphBuilder puts those hints on the operators if available.
R=jarin@chromium.org
BUG=v8:4583
LOG=n
Review URL: https://codereview.chromium.org/1487973002
Cr-Commit-Position: refs/heads/master@{#32443}
X87 port already implemented Float64RoundDown and Float64RoundTruncate operators, not enabled yet.
This CL would enable them.
BUG=
Review URL: https://codereview.chromium.org/1486483003
Cr-Commit-Position: refs/heads/master@{#32442}
port 9e6448813d (r32407)
original commit message:
This way we avoid the %_IsSmi magic that is required in TurboFan to
(efficiently) check abitrary context slots for smi 0. Checking against
"the hole" is common in the AstGraphBuilder and "the hole" is also used
to mark other context slots as not initialized.
BUG=
Review URL: https://codereview.chromium.org/1486913002
Cr-Commit-Position: refs/heads/master@{#32441}
port 51e992f147 (r32410)
original commit message:
Restore frame pointer directly from stack rather than copying it and
restoring. Also restore return address register directly on platforms that
support it.
BUG=
Review URL: https://codereview.chromium.org/1483063004
Cr-Commit-Position: refs/heads/master@{#32440}
Node has an operator<<, however, constructing an ostream in a debugger
session is non-trivial, hence this method.
BUG=
Review URL: https://codereview.chromium.org/1488953003
Cr-Commit-Position: refs/heads/master@{#32439}
Rolling v8/build/gyp to f4d65e35719cfe02257ece126c109cfc053ca35c
Rolling v8/tools/clang to 3bd755f93254f9c21a323a5cfd28dacbe02e53e4
TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
Review URL: https://codereview.chromium.org/1486733003
Cr-Commit-Position: refs/heads/master@{#32437}
Port 47502a238b
Original commit message:
Previously all contexts had a link to the global object, but what is
required in most cases (except for the global load, store and delete
case) is the native context.
This also removes the second dummy global object that was still linked
to every native context. We will add a different mechanism to ensure
that builtins do not pollute the actual global object during
bootstrapping.
Drive-by-fix: Unify some MacroAssembler magic and drop obsolete stuff.
R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1491433002
Cr-Commit-Position: refs/heads/master@{#32435}
SIMD.js potentially adds to the standard library passed into
asm.js modules. Splitting off the point where the SIMD object
would be referenced to allow work on SIMD typing to occur orthogonally.
Adding VariableInfo to allow tracking of simd constructors / check functions. Using this for fround.
BUG= https://code.google.com/p/v8/issues/detail?id=4203
TEST=test-asm-validator
R=titzer@chromium.org,aseemgarg@chromium.org
LOG=N
Looking at simd.js
Review URL: https://codereview.chromium.org/1473513004
Cr-Commit-Position: refs/heads/master@{#32431}
Port d3e5db0428
Original commit message:
Up until now we sometimes pass Smi 0 around as closure and expect the
runtime to translate that appropriately. But we need to be careful in
some places to not confuse the Smi 0 with a real closure. However, we
could instead just pass the correct closure extracted from the native
context.
This addresses three long-standing TODOs in the JSTypedLowering pass.
R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1490553002
Cr-Commit-Position: refs/heads/master@{#32430}
This fixes a corner-case in redeclaration handling, where the ES2015
early error case got mixed up with legacy const handling in the parser.
Redeclaration using ES2015 'let' and 'const' should be early errors,
but legacy 'const' redeclaration has historically been a runtime error,
and should stay that way until legacy 'const' is gone.
The fix here is uglier than it might be due to
https://code.google.com/p/v8/issues/detail?id=4577, which keeps us
from simplifying the mess of if/else-if in the current code.
BUG=v8:4576
LOG=n
Review URL: https://codereview.chromium.org/1485943002
Cr-Commit-Position: refs/heads/master@{#32429}
Port 3d004eeab2
Original commit message:
This passes the new.target value in a register instead of through a
side-channel via the construct stub. The interpreter entry trampoline
stores this value in a bytecode register so that it can be accessed
directly by the interpreter. The size of the interpreter stack frame
hence grows by one slot.
R=mstarzinger@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=v8:4544
LOG=n
Review URL: https://codereview.chromium.org/1487863002
Cr-Commit-Position: refs/heads/master@{#32425}
