The operator in question does not call arbitrary JavaSciprt, nor throw,
nor trigger a lazy deoptimization. Nodes hence do not need a frame-state
representing the "after" state of the operation.
R=bmeurer@chromium.org
Review-Url: https://codereview.chromium.org/2672763002
Cr-Commit-Position: refs/heads/master@{#42891}
We don't need Code::CALL_IC for anything now that the CallICStub is
migrated and no longer hooks into the traditional IC system.
R=yangguo@chromium.org
BUG=v8:5049
Review-Url: https://codereview.chromium.org/2669193002
Cr-Commit-Position: refs/heads/master@{#42890}
Port the Call feedback machinery from the interpreter to the CallICStub
as second step to unify the feedback collection. This removes a lot of
hand-written native code, and makes the runtime miss handler obsolete.
The next step will be to use the CallICStub from the interpreter as
well.
Drive-by-fix: Adjust CallIC/CallICTrampoline descriptors names.
R=mvstanton@chromium.org
BUG=v8:5049
Review-Url: https://codereview.chromium.org/2670843002
Cr-Commit-Position: refs/heads/master@{#42889}
This behavior was recently changed. Turns out that for some usage patterns
at least, populating the stub cache is significantly faster overall.
BUG=chromium:684428
Review-Url: https://codereview.chromium.org/2674653002
Cr-Commit-Position: refs/heads/master@{#42885}
This adds optional multi-architecture builds, allowing to compile
x86 and x64 in one build. The correctness fuzzer can be configured to
compare the two executables, e.g. to compare x86 to x64 run the
launcher with: --second-d8=clang_x86/d8 in an x64 build.
Configuring the executable's architecture is now simplified and
inferred from the gn build configuration.
Building for clusterfuzz has now a new canonical target that can be
used by the infrastructure (defaults to d8).
The clusterfuzz release builder is now defined to compile
multi-arch builds, which will have an effect as soon as the
infrastructure refers to the new clusterfuzz target.
BUG=chromium:673246
NOTRY=true
TBR=mstarzinger,jarin
Review-Url: https://codereview.chromium.org/2649133010
Cr-Commit-Position: refs/heads/master@{#42884}
First discovery by the names section fuzzer I think. During the decoding
of the names of locals only ok() of the outer decoder was checked, not
the ok() of the actual names section decoder.
R=tizer@chromium.org
BUG=chromium:684855
Review-Url: https://codereview.chromium.org/2648383007
Cr-Commit-Position: refs/heads/master@{#42880}
The CallIC is already not a traditional IC in the V8 sense, so it
doesn't make sense to integrate with the traditional IC machinery.
The plan is to migrate it away completely from the IC world and use
the code that is already available in the interpreter instead.
R=yangguo@chromium.org
BUG=v8:5049
Review-Url: https://codereview.chromium.org/2676543002
Cr-Commit-Position: refs/heads/master@{#42879}
- Remove obsolete BreakLocatorType.
- Perform PrepareStepOnThrow after OnException event, in case stepping
was scheduled in the exception event.
- Use frame count instead of frame pointer for stepping. Frame pointer
is not reliable due to possible deopts.
- Consistently check for inlined functions in inlined frames.
- Use SharedFunctionInfo in FloodWithOneshot and EnsureDebugInfo.
R=jgruber@chromium.org
BUG=v8:5901
Review-Url: https://codereview.chromium.org/2664793002
Cr-Commit-Position: refs/heads/master@{#42878}
Rename the CallIC factory method to CallICTrampoline and the
CallICInOptimizedCode to CallIC to match the naming of the
stubs and better reflect their functionality.
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2670073002
Cr-Commit-Position: refs/heads/master@{#42876}
This introduces additional verification logic to ensure that the
condition passed to Branch/Select operators is always of type
Boolean.
CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_win64_dbg
TBR=jarin@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2672713002
Cr-Commit-Position: refs/heads/master@{#42875}
Remove the cases that deal with a top pointer that is reset. We should always
be in a sane state wrt. top and age mark. Also add more DCHECKs.
BUG=chromium:672678
Review-Url: https://codereview.chromium.org/2674493002
Cr-Commit-Position: refs/heads/master@{#42873}
This avoids the need to pull in the UTF-8 encoding code from the public API,
and allows it to take advantage of any supported way that i::String can be
encoded (one- or two-byte).
Backward compatibility is maintained, but this is the behavior beginning
with this version.
BUG=chromium:686159
Review-Url: https://codereview.chromium.org/2665653004
Cr-Commit-Position: refs/heads/master@{#42872}
Also if the count is not specified, it should wake all waiters.
BUG=v8:4777
Review-Url: https://codereview.chromium.org/2659083004
Cr-Commit-Position: refs/heads/master@{#42871}
Even though the elements kind is FAST_DOUBLE_ELEMENTS, if length is zero
the isolate's empty_fixed_array is used. It's illegal to cast this to
FixedDoubleArray, so we avoid the cast.
BUG=chromium:686479
Review-Url: https://codereview.chromium.org/2665313003
Cr-Commit-Position: refs/heads/master@{#42867}
- Adds vqadd.s/u, vqsub.s/u for all integer lane sizes.
- Refactors disassembler and simulator, using switches instead
of long if-else chains.
LOG=N
BUG=v8:4124
Review-Url: https://codereview.chromium.org/2649323012
Cr-Commit-Position: refs/heads/master@{#42865}
This allows support for tagged representations of index/loop variables which
asserted in BuildFastFixedArrayForEach's call to Increment up to this point.
Review-Url: https://codereview.chromium.org/2665143002
Cr-Commit-Position: refs/heads/master@{#42863}
The hoist_scope member of DeclarationDescriptor was only used to pass the function
scope for declaration of parameters containing sloppy evals, for example:
function f(x = eval("var y")) { }
In cases like this, "x" is declared in the function scope but "y" is declared in an inner scope.
Rather than passing the function scope as "hoist_scope", we simply ask for the outer_scope()
of the inner scope as needed in PatternRewriter.
This reduces the cognitive overhead of understanding what a DeclarationDescriptor has; for
example, it removes some dead code from the PreParser which never has to deal
with a situation like the example above.
Review-Url: https://codereview.chromium.org/2662183002
Cr-Commit-Position: refs/heads/master@{#42861}
The int64-lowering only lowered store instructions with a word64 store
representation. For all other stores the default lowering applied. The
default lowering replaces all input nodes with both their replacement
nodes, which can change the number of input nodes of the lowered node.
In WebAssembly there exist stores which take an I64 input and store it
with a different representation, e.g. I32. In TurboFan this translates
to a store node with word32 store representation and a word64 value
input. The default lowering replaces the word64 value input to become
two word32 value inputs, which makes the number of inputs of the store
node invalid. This CL discards the high word replacement of the value
input so that the number of input nodes of a store node does not change
in the default lowering.
R=titzer@chromium.orgCC=rossberg@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2668023004
Cr-Commit-Position: refs/heads/master@{#42860}
This is a step towards encoding all the necessary information in
the feedback slot kind instead of storing it in the IC dispatcher's
code object flags.
BUG=v8:5849, v8:5917
Review-Url: https://codereview.chromium.org/2662113005
Cr-Commit-Position: refs/heads/master@{#42859}
Using .caller, one can get access to the internal function that invokes the
handler passed to Promise.prototype.then. This internal function is a TF
builtin that was set up as non-native and without an argument adaptor. As a
consequence of this, when accessing .arguments on it, the frame-walking logic in
the .arguments accessor thinks the number of arguments is -1 and we try to
allocate an array of size -1.
This CL marks the builtin function as native (making its .arguments be null),
along with a few others that may have been incorrect in the same way.
BUG=chromium:682349
Review-Url: https://codereview.chromium.org/2672453002
Cr-Commit-Position: refs/heads/master@{#42855}
Move set_native(true) from InstallFunction into CreateFunction in order to
emphasize the places where we create non-native functions.
No change in semantics overall.
BUG=
Review-Url: https://codereview.chromium.org/2667993005
Cr-Commit-Position: refs/heads/master@{#42854}
This is the first step to reduce the size of the out-of-line code of
TrapIf. Instead of passing the context to the runtime call as a
parameter, we pass Smi::kZero to the runtime call and then get the
actual context from the WasmFrame on the stack.
BUG=v8:5908
R=titzer@chromium.org, clemensh@chromium.org
Review-Url: https://codereview.chromium.org/2664273002
Cr-Commit-Position: refs/heads/master@{#42853}
Reason for revert:
AAAAAHHHHHHH
Original issue's description:
> [tools] Fix RegExp for ticksprocessor.
>
> Properly attribute all builtins, bytecode handlers and other stubs to
> the calling function unless --separate-ic is passed.
>
> R=jarin@chromium.org
> NOTRY=true
>
> Review-Url: https://codereview.chromium.org/2668953002
> Cr-Commit-Position: refs/heads/master@{#42849}
> Committed: 42011d2997TBR=jarin@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2664033005
Cr-Commit-Position: refs/heads/master@{#42851}
I removed some constant folding optimizations for float instruction in
https://codereview.chromium.org/2647353007 because they were incorrect
if the input was a signalling NaN. Removing these optimizations, however
had an unexpectedly big impact on asm.js performance. With this CL I
restore the optimizations again when the source origin is not wasm. In
JavaScript signalling NaNs are not observable and therefore the
optimizations are correct.
R=titzer@chromium.org
BUG=chromium:686654
Review-Url: https://codereview.chromium.org/2666903002
Cr-Commit-Position: refs/heads/master@{#42850}
Properly attribute all builtins, bytecode handlers and other stubs to
the calling function unless --separate-ic is passed.
R=jarin@chromium.org
NOTRY=true
Review-Url: https://codereview.chromium.org/2668953002
Cr-Commit-Position: refs/heads/master@{#42849}
Reason for revert:
Breaks win64 it seems.
Original issue's description:
> [turbofan] Constant propagation for JumpIfFalse/JumpIfTrue.
>
> The JumpIfFalse and JumpIfTrue bytecodes test the accumulator, and
> branch based on whether the accumulator is true or false (no other
> value allowed, and in fact TurboFan would blow up if you would pass
> anything else, since Branch operator can only deal with Boolean).
> So for either branch we know exactly the value of the accumulator,
> and we can update the environment to this constant value instead.
>
> This helps to avoid the useless bit materialization that currently
> happens when || or && is being used in a value context.
>
> R=jarin@chromium.org
> BUG=v8:5267
>
> Review-Url: https://codereview.chromium.org/2666283002
> Cr-Commit-Position: refs/heads/master@{#42843}
> Committed: 158ac92871TBR=jarin@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2668933002
Cr-Commit-Position: refs/heads/master@{#42845}
The function being tested is forced to go through Turbofan anyway (since it references a module variable).
Adding --turbo explicitly just to make a check happy.
BUG=
Review-Url: https://codereview.chromium.org/2664393003
Cr-Commit-Position: refs/heads/master@{#42844}