The internal ConvertToString helper was using the wrong ToPrimitive,
actually the old ES5 like DefaultString, and it also prematurely
optimized for no real benefit.
BUG=v8:4307
LOG=n
Review URL: https://codereview.chromium.org/1370943002
Cr-Commit-Position: refs/heads/master@{#30956}
Also support %_ToString in Crankshaft utilizing the ToStringStub, which
is also used in TurboFan and fullcodegen. This is necessary to repair a
regression on Octane that was introduced when switching from the hand
crafted NonStringToString/ToString magic to %_ToString (which properly
supports @@toPrimitive).
BUG=chromium:535953,v8:4307
LOG=n
Review URL: https://codereview.chromium.org/1373743002
Cr-Commit-Position: refs/heads/master@{#30955}
port c90c60ba26 (r30940)
original commit message:
Make sure to always reference it indirectly. This allows us to make the vector
native-context dependent should we wish.
BUG=
Review URL: https://codereview.chromium.org/1369963002
Cr-Commit-Position: refs/heads/master@{#30954}
Rolling v8/third_party/icu to 423fc7e1107fb08ccf007c4aeb76dcab8b2747c1
Rolling v8/tools/clang to 290301c180118e27755bfced176ff61bd0acb1b8
TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
Review URL: https://codereview.chromium.org/1373683002
Cr-Commit-Position: refs/heads/master@{#30951}
Reason for revert:
Reverting, because of broken GC stress bots.
@cbruni: Sorry for the revert. I'm not entirely sure it's actually your CL; but policy is to revert speculatively if we can't determine an exact cause.
Original issue's description:
> JSObject::GetEnumProperty cleanup
>
> BUG=
>
> Committed: https://crrev.com/a00d47c802f93cf9835eafce4c9da2dd10b44f6a
> Cr-Commit-Position: refs/heads/master@{#30946}
TBR=jkummerow@chromium.org,cbruni@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1371673004
Cr-Commit-Position: refs/heads/master@{#30950}
Reason for revert:
failing again: https://chromegw.corp.google.com/i/client.v8/builders/V8%20Mac/builds/4505/steps/Mozilla%20%28flakes%29/logs/regress-416628
Original issue's description:
> Reland of "[heap] Add more tasks for parallel compaction"
>
> - We now compute the number of parallel compaction tasks, depending on the
> evacuation candidate list, the number of cores, and some hard limit.
> - Free memory is moved over to compaction tasks (up to some limit)
> - Moving over memory is done by dividing the free list of a given space up among
> other free lists. Since this is potentially slow we limit the maximum amount
> of moved memory.
>
> This reverts commit bfccd5187c.
>
> BUG=chromium:524425
> LOG=N
>
> Committed: https://crrev.com/7e283d746a194ceaaca114e2ba17504653d6a109
> Cr-Commit-Position: refs/heads/master@{#30945}
TBR=hpayer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:524425
Review URL: https://codereview.chromium.org/1371653002
Cr-Commit-Position: refs/heads/master@{#30947}
- We now compute the number of parallel compaction tasks, depending on the
evacuation candidate list, the number of cores, and some hard limit.
- Free memory is moved over to compaction tasks (up to some limit)
- Moving over memory is done by dividing the free list of a given space up among
other free lists. Since this is potentially slow we limit the maximum amount
of moved memory.
This reverts commit bfccd5187c.
BUG=chromium:524425
LOG=N
Review URL: https://codereview.chromium.org/1365743003
Cr-Commit-Position: refs/heads/master@{#30945}
This prevents the internal gc-idle-time-handler.h to be usable outisde
of the "heap" directory. The logic inside that component is only useful
within the GC and is now properly encapsulated.
R=ulan@chromium.org
Review URL: https://codereview.chromium.org/1368983002
Cr-Commit-Position: refs/heads/master@{#30939}
Looks like we never ran test262-es6 on mac. After merging
into test262 we've got these failures. Skipping for now.
BUG=v8:4437
LOG=n
NOTRY=true
NOTREECHECKS=true
TBR=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/1372603002
Cr-Commit-Position: refs/heads/master@{#30937}
This name makes it clear that the flag (also the variant in the Compiler)
is talking about specializing to the function context instead of i.e. the
native context.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1372513003
Cr-Commit-Position: refs/heads/master@{#30934}
This enables linter checking for "runtime/threadsafe_fn" violations
during presubmit and instead marks the few known exceptions that we
allow explicitly.
R=jochen@chromium.org
Review URL: https://codereview.chromium.org/1369673003
Cr-Commit-Position: refs/heads/master@{#30933}
Not resetting the allocation area after freeing it potentially results in
negative SizeOfObjects() because the area is accounted for as allocated while it
has already been freed.
BUG=
Review URL: https://codereview.chromium.org/1364303002
Cr-Commit-Position: refs/heads/master@{#30928}
Verifies consistency of node inputs and uses:
- node inputs should agree with the input count computed from the node's operator.
- effect inputs should have effect outputs (or be a sentinel).
- control inputs should have control outputs (or be a sentinel).
- frame state inputs should be frame states (or be a sentinel).
- if the node has control uses, it should produce control.
- if the node has effect uses, it should produce effect.
- if the node has frame state uses, it must be a frame state.
I also removed some tests, either because they did not seem to be useful (scheduler) or they tested dead functionality (diamond effect phi).
Review URL: https://codereview.chromium.org/1368913002
Cr-Commit-Position: refs/heads/master@{#30927}
mdb_v8, a post-mortem debugger for Node.js, now uses JSArrayBuffer's
backing_store property and JSArrayBufferView's byte_offset property to
get access to the content of Buffer instances in node (which are
Uint8Array instances). This change adds post-mortem metadata for these
two properties.
This change also fixes a typo in
inobject_properties_of_constructor_function_index_offset that was added
to gen-postmortem-metadata in a previous change. It should be named
inobject_properties_or_constructor_function_index instead.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1363403003
Cr-Commit-Position: refs/heads/master@{#30926}
The actual Function.prototype.toMethod was removed some time already,
but there were some stuff (esp. %ToMethod) left in the tree, including
tests for %ToMethod. This code (and esp. the tests) cause trouble in
the process of moving bound functions away from JSFunction; so since
the code is unused anyway, we can as well remove it.
The original removal of Function.prototype.toMethod was in February
2015 in 68e4897586.
R=jarin@chromium.org
BUG=v8:3330
LOG=n
Review URL: https://codereview.chromium.org/1366063002
Cr-Commit-Position: refs/heads/master@{#30925}
port 9b12ec9ac2 (r30919)
original commit message:
This lowers JSCreateArgument nodes to call the ArgumentsAccessStub for
help with materializing arguments objects when possible. Along the way
this changes the calling convention of said stub to take parameters in
registers instead of on the stack.
R=weiliang.lin@intel.com
BUG=
Review URL: https://codereview.chromium.org/1368873002
Cr-Commit-Position: refs/heads/master@{#30923}
Since https://codereview.chromium.org/366103005 the promise tests null out
various globals, to ensure the promise implementation doesn’t itself rely
on functions patchable by monkeys.
Unfortunately, doing so breaks test assertion failures which rely on
those globals.
This isn’t the ideal solution, but does improve the current state.
R=littledan@chromium.org,domenic@chromium.org
LOG=N
BUG=
Review URL: https://codereview.chromium.org/1370583002
Cr-Commit-Position: refs/heads/master@{#30922}
Once I improved byte accounting done for incremental mark in [1], there is some
code duplication that becomes apparent. This commit refactors the duplicated
code into a private method on NewSpace. This also makes it easy to add new
consumers of inline allocation steps in the future.
[1] https://codereview.chromium.org/1274453002/R=hpayer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1351983002
Cr-Commit-Position: refs/heads/master@{#30921}
This lowers JSCreateArgument nodes to call the ArgumentsAccessStub for
help with materializing arguments objects when possible. Along the way
this changes the calling convention of said stub to take parameters in
registers instead of on the stack.
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/1348773002
Cr-Commit-Position: refs/heads/master@{#30919}
+ Add bytecodes for conditional and unconditional jumps.
+ Add bytecodes for test/compare operations.
+ Expose jumps in bytecode-array-builder and add BytecodeLabel class for
identifying jump targets.
+ Add support for if..then...else in the bytecode-generator.
+ Implement jump bytecodes in the interpreter. Test/compare operations
dependent on runtime call for comparisons.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1343363002
Cr-Commit-Position: refs/heads/master@{#30918}
This introduces the NodeProperties::ChangeOp helper which guards node
operator changes so that additional checking can be done without any
additional dependencies being pulled into the Node class. For now only
the input count is checked, but additional checking might follow.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1366753003
Cr-Commit-Position: refs/heads/master@{#30916}
Reason for revert:
Failures on greedy RegAlloc, Fuzzer
Original issue's description:
> Remove register index/code indirection
>
> Previous to this patch, both the lithium and TurboFan register
> allocators tracked allocated registers by "indices", rather than
> the register codes used elsewhere in the runtime. This patch
> ensures that codes are used everywhere, and in the process cleans
> up a bunch of redundant code and adds more structure to how the
> set of allocatable registers is defined.
>
> Some highlights of changes:
>
> * TurboFan's RegisterConfiguration class moved to V8's top level
> so that it can be shared with Crankshaft.
> * Various "ToAllocationIndex" and related methods removed.
> * Code that can be easily shared between Register classes on
> different platforms is now shared.
> * The list of allocatable registers on each platform is declared
> as a list rather than implicitly via the register index <->
> code mapping.
>
> Committed: https://crrev.com/80bc6f6e11f79524e3f1ad05579583adfd5f18b2
> Cr-Commit-Position: refs/heads/master@{#30913}
TBR=akos.palfi@imgtec.com,bmeurer@chromium.org,jarin@chromium.org,paul.lind@imgtec.com,titzer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1365073002
Cr-Commit-Position: refs/heads/master@{#30914}
Previous to this patch, both the lithium and TurboFan register
allocators tracked allocated registers by "indices", rather than
the register codes used elsewhere in the runtime. This patch
ensures that codes are used everywhere, and in the process cleans
up a bunch of redundant code and adds more structure to how the
set of allocatable registers is defined.
Some highlights of changes:
* TurboFan's RegisterConfiguration class moved to V8's top level
so that it can be shared with Crankshaft.
* Various "ToAllocationIndex" and related methods removed.
* Code that can be easily shared between Register classes on
different platforms is now shared.
* The list of allocatable registers on each platform is declared
as a list rather than implicitly via the register index <->
code mapping.
Review URL: https://codereview.chromium.org/1287383003
Cr-Commit-Position: refs/heads/master@{#30913}
This will allow per-code-kind logic more easily in the future (e.g. for WASM).
BUG=
Review URL: https://codereview.chromium.org/1350763004
Cr-Commit-Position: refs/heads/master@{#30912}
This patch checks the type of the lhs operand of a floating point
comparison for ARM, and commutes the operands if it is #0.0. It allows
us to optimize a comparison with zero, as the vcmp instruction
accepts #0.0 as rhs operand.
Code before for "0.0 < 0.123":
------------------------------
movw ip, #29360
movt ip, #37224
movw r9, #31981
movt r9, #16319
vmov d0, ip, r9
mov ip, #0
vmov d1, ip, ip
vcmp.f64 d1, d0
vmrs APSR, FPSCR
bcc +12
Code after:
-----------
movw ip, #29360
movt ip, #37224
movw r9, #31981
movt r9, #16319
vmov d0, ip, r9
vcmp.f64 d0, #0.0
vmrs APSR, FPSCR
bgt +12
BUG=
Review URL: https://codereview.chromium.org/1361913003
Cr-Commit-Position: refs/heads/master@{#30911}
Adds LdaGlobal bytecode and augments BytecodeGenerator to load globals for
global variables and function calls.
Modified TestBytecodeGenerator to add the ability to specify that a bytecode
operand has an unknown value (used so we don't need to figure out the slot
index of a global). Also added a helper which checks equality of BytecodeArray
with the expected snipptets.
Modified TestInterpreter to allow it to take snippets of JS and have the
BytecodeGenerator generate the bytecode rather than having to build a
BytecodeArray manually. This is used to enable the global tests.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1361113002
Cr-Commit-Position: refs/heads/master@{#30910}
Reduce operations of the form f64cmp(fp32to64(x), k) to f32cmp(x, k) when k
can be encoded as a 32-bit float.
Review URL: https://codereview.chromium.org/1365623002
Cr-Commit-Position: refs/heads/master@{#30909}
port 8fe3ac0701 (30902).
original commit message:
There was already a bit on the Map named "function with prototype",
which basically meant that the Map was a map for a JSFunction that could
be used as a constructor. Now this CL generalizes that bit to
IsConstructor, which says that whatever (Heap)Object you are looking at
can be used as a constructor (i.e. the bit is also set for bound
functions that can be used as constructors and proxies that have a
[[Construct]] internal method).
This way we have a single chokepoint for IsConstructor checking, which
allows us to get rid of the various ways in which we tried to guess
whether something could be used as a constructor or not.
Drive-by-fix: Renamed IsConstructor on FunctionKind to
IsClassConstructor to resolve the weird name clash, and the
IsClassConstructor name also matches the spec.
BUG=
Review URL: https://codereview.chromium.org/1362313002
Cr-Commit-Position: refs/heads/master@{#30908}
port 556b522ac6 (r30883)
original commit message:
We somehow try to push some stuff on the stack when we detect a stack
overflow, that we don't need. Even worse we might access outside the
valid stack bounds. Since we don't need this, it's gone.
BUG=
Review URL: https://codereview.chromium.org/1367943002
Cr-Commit-Position: refs/heads/master@{#30907}
