Jic and jialc compact branch ops are fixed as they does not have 'forbidden slot' restriction. Also COP1 branches (CTI instructions) added to IsForbiddenAfterBranchInstr().
TEST=cctest/test-disasm-mips/Type0
BUG=
Review URL: https://codereview.chromium.org/1423493006
Cr-Commit-Position: refs/heads/master@{#31922}
The minimum allocation limit already enforces this constraint for normal GCs.
GCs triggered by the memory reducer and external limit should work for all heap sizes.
BUG=chromium:552305
LOG=NO
Review URL: https://codereview.chromium.org/1418293006
Cr-Commit-Position: refs/heads/master@{#31921}
Generated code performs distinct floating multiply and add/subtract
operations. Tests fail when GCC uses fmadd/fmsub to calculate the
expected result since these instructions provide higher accuracy due
to the lack of an intermediate round.
R=machenbach@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1416123007
Cr-Commit-Position: refs/heads/master@{#31918}
This patch extends the typed lowering with a specialized version of 'instanceof' that is used if the "class", i.e. the constructor function, is a known constant.
Unittests check that replacement occurs as intended. Functional correctness is ensured by extensive unit tests covering instanceof already in the testsuite.
TESTS=unittests/JSTypedLoweringTest.{JSInstanceOfSpecializationWithSmiCheck,JSInstanceOfSpecializationWithoutSmiCheck,JSInstanceOfNoSpecialization}
Review URL: https://codereview.chromium.org/1407413014
Cr-Commit-Position: refs/heads/master@{#31916}
The body descriptor supports different visiting policies: it could visit or skip
the code entry and it could visit or skip next function field.
BUG=v8:4531
LOG=Y
Review URL: https://codereview.chromium.org/1422773007
Cr-Commit-Position: refs/heads/master@{#31915}
Avoid write barriers when storing values in the root set, and use
cheaper write barriers for storing maps or tagged pointers. Also
improve the generated code for write barriers, utilizing the out
of line code mechanism that is available to TurboFan backends,
which moves the unlikely case out of the hot path.
R=jarin@chromium.org, mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1414183006
Cr-Commit-Position: refs/heads/master@{#31914}
RegExp.prototye[@@split] is not yet implement to spec regarding creating
new RegExp object with the SpeciesConstructor.
R=littledan@chromium.org
BUG=v8:4345
LOG=N
Review URL: https://codereview.chromium.org/1427573005
Cr-Commit-Position: refs/heads/master@{#31911}
port 2b4cb2a140 (r31873)
original commit message:
The %StringCharFromCode and %CharFromCode runtime function perform
exactly the same task, so we need only one of them.
BUG=
Review URL: https://codereview.chromium.org/1432063002
Cr-Commit-Position: refs/heads/master@{#31909}
Reason for revert: failed tests on a Windows build.
TBR=rossberg,cbruni,neis
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1426943007
Cr-Commit-Position: refs/heads/master@{#31907}
Port 7c3396d01c
Original commit message:
Introduce receiver conversion mode specialization for the Call and
CallFunction builtins, so we can specialize the builtin functionality
(actually an optimization only) based on static information from the
callsite (this is basically a superset of the optimizations that were
available with the CallFunctionStub and CallICStub, except that these
optimizations are correct now).
This fixes a regression introduced by the removal of CallFunctionStub,
for programs that call a lot.
R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=chromium:552244
LOG=n
Review URL: https://codereview.chromium.org/1425083004
Cr-Commit-Position: refs/heads/master@{#31905}
This was found through a VC++ 2015 Update 1 warning about
pointer truncation. The fix is required for VC++ 2015
compatibility.
Review URL: https://codereview.chromium.org/1411403011
Cr-Commit-Position: refs/heads/master@{#31897}
I improved the tests for Word32Clz, Word32Ctz, and Word32Popcnt, and ported
some tests to the BufferedRawMachineAssemblerTester.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1437493002
Cr-Commit-Position: refs/heads/master@{#31896}
This unconditionally enables zapping of old optimized code maps and
unifies the various zapping paths. The unconditional zapping, even if
heap verification is off, is needed because slots in the code map have
not been recorded and evacuation invariants break.
R=ulan@chromium.org
Review URL: https://codereview.chromium.org/1410833009
Cr-Commit-Position: refs/heads/master@{#31895}
This makes sure that --trace-turbo or --turbo-source-positions does not
completely disable inlining. The recent introduction of a finalization
interface to the reducer borked the SourcePositionWrapper reducer.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1406113008
Cr-Commit-Position: refs/heads/master@{#31893}
1) they always own descriptors,
2) the number of own descriptors is equal to the number of descriptors in the descriptor array.
This allows an initial map of a subclass to share descriptor array with initial map of the parent class (if it already contains properties).
BUG=chromium:551430
LOG=N
Review URL: https://codereview.chromium.org/1411933005
Cr-Commit-Position: refs/heads/master@{#31892}
This moves the clearing of all optimized code maps out of the GC and
into the debugger to where it is actually required. The main goal here
is to simplify the logic in the already complex visitor for our shared
function info objects.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1423713018
Cr-Commit-Position: refs/heads/master@{#31888}
port 7c3396d01c (r31871)
original commit message:
Introduce receiver conversion mode specialization for the Call and
CallFunction builtins, so we can specialize the builtin functionality
(actually an optimization only) based on static information from the
callsite (this is basically a superset of the optimizations that were
available with the CallFunctionStub and CallICStub, except that these
optimizations are correct now).
This fixes a regression introduced by the removal of CallFunctionStub,
for programs that call a lot.
BUG=
Review URL: https://codereview.chromium.org/1431133002
Cr-Commit-Position: refs/heads/master@{#31884}
Remove some non-standard code that doesn't do anything anyways.
While FireFox uses this to set the default value for the multiline flag,
it is nonstandard and slated for removal. The matching behaviour has
never been implemented in either JSC or V8, so there is little
web-compat risk.
The only possible risk could be someone depending on the ToBoolean()
behaviour of the flag, but this seems unlikely.
BUG=v8:3870
LOG=N
R=adamk@chromium.org, littledan@chromium.org, yangguo@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1417733012
Cr-Commit-Position: refs/heads/master@{#31882}
This switches loading and storing of the message object within the
Isolate to use JavaScript operators built by the JSOperatorBuilder
instead of machine operators. This is a preparation for a stricter
representation selection for loads and stores.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1412443010
Cr-Commit-Position: refs/heads/master@{#31879}
This separates the post-processing step for optimized code maps out of
the CodeFlusher. It uses the complete SharedFunctionInfo::Iterator to
visit all candidates instead of gathering candidates during marking.
Gathering candidates during marking no longer makes sense, now that the
majority of SharedFunctionInfo objects will hold such an optimized code
map. Also it reduces complexity of the implementation. Also conflating
this mechanism with "code flushing" was confusing.
This reverts commit 7f1fb29faa.
R=ulan@chromium.org
Review URL: https://codereview.chromium.org/1418453008
Cr-Commit-Position: refs/heads/master@{#31876}
Introduce Reducer::Finalize, which get's called by the GraphReducer once
all reductions are done, and use this to implement full inlining as part
of the regular reducer fixpoint.
R=jarin@chromium.org
BUG=v8:4493
LOG=n
Review URL: https://codereview.chromium.org/1419373012
Cr-Commit-Position: refs/heads/master@{#31875}