This introduces a conservative prediction for each exception handler
whether it will locally catch an exception or re-throw it to outside
the code bondaries. It will allow for a more intuitive prediction of
whether an exception is considered "caught" or "uncaught".
R=bmeurer@chromium.org,yangguo@chromium.org
BUG=chromium:492522
LOG=N
Review URL: https://codereview.chromium.org/1158563008
Cr-Commit-Position: refs/heads/master@{#28681}
We need the shared function info of inlined functions to prevent code
flushing for their unoptimized code, and also to make sure that liveedit
can find the proper functions to deoptimize.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1156403002
Cr-Commit-Position: refs/heads/master@{#28677}
The control flow optimization should work independent of the JSGraph. We
used the JSGraph there because it was convinient, not because it was
necessary.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1160863003
Cr-Commit-Position: refs/heads/master@{#28674}
The SimplifiedOperatorReducer is (mostly) unused, except for the very
rough store elimination, and just eats compilation time.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1162563002
Cr-Commit-Position: refs/heads/master@{#28673}
The list of inlined functions is used in exactly two places - for live
edit and to prevent code flushing for inlined functions - and those are
fine with SharedFunctionInfo and don't require a closure.
This is one additional step towards inlining based on SharedFunctionInfo
instead of JSFunction.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1145893003
Cr-Commit-Position: refs/heads/master@{#28672}
This test is little-endian specific and therefore it can't run
correctly on big-endian platforms.
BUG=
Review URL: https://codereview.chromium.org/1155113008
Cr-Commit-Position: refs/heads/master@{#28667}
Port 44e9810345
Original commit message:
When we enter a method that needs access to the [[HomeObject]]
we allocate a local variable `.home_object` and assign it the
value from the [[HomeObject]] private symbol. Something along
the lines of:
method() {
var .home_object = %ThisFunction()[home_object_symbol];
...
}
R=arv@chromium.org, dstence@us.ibm.com, michael_dawson@ca.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1161603004
Cr-Commit-Position: refs/heads/master@{#28665}
Implements the strong mode proposal's restrictions on the ability of user code
to modify the prototype of strong objects.
Setting the strong bit is still wip, so this change will only affect those
objects that have the bit correctly set. The tests reflect this, and will be
expanded as more objects can be marked as strong.
BUG=v8:3956
LOG=N
Review URL: https://codereview.chromium.org/1143623002
Cr-Commit-Position: refs/heads/master@{#28664}
The DCHECK was a lie. The idea was that - when a bookmark is set -
the scanner must clearly be at a character boundary and hence the
bookmark does not need to save a 'partial' UTF-8 code point. The
first part is true - the Scanner is always at a character boundary -
but the 'partial' UTF-8 code point is at the end of a block, not at
the current character position of the Scanner.
Hence, the 'partial' character needs to be saved as well.
jkummerow: Thanks for noticing.
BUG=chromium:470930
R=jochen@chromium.org, jkummerow@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/1154773004
Cr-Commit-Position: refs/heads/master@{#28661}
Also adapt code generation to pass the slot to the
store/keyed-store ic. AST nodes ObjectLiteral, Assignment,
ForEach, Call and CountOperation now include one or more
feedback vector ic slot ids.
BUG=
Review URL: https://codereview.chromium.org/1161623002
Cr-Commit-Position: refs/heads/master@{#28659}
Strong Object/Array literals are currently being created with incorrect
internal prototypes. This CL fixes this and extends the test suite to check.
BUG=
LOG=N
Review URL: https://codereview.chromium.org/1158933002
Cr-Commit-Position: refs/heads/master@{#28655}
Before we used to scale the growing factor based on freed global handles (which may have caused jank when many global handles got freed on site navigation).
BUG=
Review URL: https://codereview.chromium.org/1158433003
Cr-Commit-Position: refs/heads/master@{#28652}
This lifts the sqrt(n) limit on number of evacuation candidates,
replaces O(n * sqrt(n)) algorithm with O(n*log(n)) algorithm, and
removes hard-coded constants.
Evacuation candidates are selected as follows:
1) Sort pages from the most free to the least free.
2) Select the first m pages as evacuation candidates such that m is as
large as possible under the two conditions:
- The total size of live objects in the first m pages does not exceed
the given limit. This is based on the assumption that the evacuation cost is
proportional to the total size of moved objects.
- The fragmentation of the (m+1)-th page does not exceed the given
limit.
Review URL: https://codereview.chromium.org/1038313003
Cr-Commit-Position: refs/heads/master@{#28651}
And delete remnants of non-vectorized LoadICs from the type feedback oracle
Review URL: https://codereview.chromium.org/1147253004
Cr-Commit-Position: refs/heads/master@{#28650}
This simplifies inlining, in that we only need to update uses of Start
and inputs of End instead of walking the whole inlinee to update all
outer frame states.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1146403008
Cr-Commit-Position: refs/heads/master@{#28649}
If both inputs to JSStrictEqual/JSStrictNotEqual are unique values (i.e.
values with a canonical representation), we can lower the comparison to
ReferenceEqual instead of StringEqual or CompareIC.
Review URL: https://codereview.chromium.org/1154303002
Cr-Commit-Position: refs/heads/master@{#28646}
When we enter a method that needs access to the [[HomeObject]]
we allocate a local variable `.home_object` and assign it the
value from the [[HomeObject]] private symbol. Something along
the lines of:
method() {
var .home_object = %ThisFunction()[home_object_symbol];
...
}
BUG=v8:3867, v8:4031
LOG=N
Review URL: https://codereview.chromium.org/1135243004
Cr-Commit-Position: refs/heads/master@{#28644}
These are similar to the Map/Set constructors when called with an array,
except that they are guaranteed to be side-effect free if called with
a packed array.
This will be useful in implementing structured clone which, as
specified in HTML, speaks in terms of the internal [[MapData]]
and [[SetData]] slots without going through the exposed iteration
ES semantics.
BUG=v8:3340
LOG=y
Review URL: https://codereview.chromium.org/1155893003
Cr-Commit-Position: refs/heads/master@{#28642}
The April 14 2015 final draft of the ES6 specification states that the
`prototype` property of generator function instances should be writable.
BUG=v8:4140, v8:4140
LOG=N
R=arv@chromium.org
Review URL: https://codereview.chromium.org/1153633003
Cr-Commit-Position: refs/heads/master@{#28641}
These return arrays representing the current contents of the given
Map/Set. They are similar to what would be returned by the JS code:
Array.from(collection)
except that they are guaranteed side-effect free.
This will be useful in implementing structured clone which, as
specified in HTML, speaks in terms of the internal [[MapData]]
and [[SetData]] slots without going through the exposed iteration
ES semantics.
BUG=v8:3340
LOG=y
Review URL: https://codereview.chromium.org/1148383007
Cr-Commit-Position: refs/heads/master@{#28640}
Only supports constructing new objects and returning size.
Followup patch will need to add ability to retrieve and
set contents in order to support structured clone.
Also removes a bunch of outdated "experimental" markers from v8.h.
BUG=v8:3340
LOG=y
Review URL: https://codereview.chromium.org/1157453002
Cr-Commit-Position: refs/heads/master@{#28637}
