This removes the frame state input representing the before-state from
nodes having the {JSDivide} or the {JSModulus} operator. Lowering that
inserts number conversions of the inputs has to be disabled when
deoptimization is enabled, because the frame state layout is no longer
known.
R=jarin@chromium.org
BUG=v8:5021
Review-Url: https://codereview.chromium.org/2121153003
Cr-Commit-Position: refs/heads/master@{#37608}
This CL is on the way to extend parallel compilation of wasm modules to code generation. With parallel compilation it is not allowed to dereference handles during code generation. However, the is_identical_to check dereferences handles. In this CL we therefore replace the call to is_identical_to with a handle comparison.
Review-Url: https://codereview.chromium.org/2109143002
Cr-Commit-Position: refs/heads/master@{#37607}
This enables tests which rely on the context available at "debugger"
statements to be accurate. This is the case by now when deoptimization
information is available.
R=yangguo@chromium.org
BUG=v8:4055
Review URL: https://codereview.chromium.org/2129123002 .
Cr-Commit-Position: refs/heads/master@{#37604}
Reason for revert:
Performance stayed the same after the revert; relanding.
Original issue's description:
> Revert of [esnext] ship --harmony-object-values-entries (patchset #1 id:1 of https://codereview.chromium.org/2116053003/ )
>
> Reason for revert:
> Revert to see if it addresses the performance regression observed in chromium:625956 in automated graphs
>
> Original issue's description:
> > [esnext] ship --harmony-object-values-entries
> >
> > BUG=v8:4663
> > R=littledan@chromium.org, adamk@chromium.org
> >
> > Committed: https://crrev.com/ab529234853a1768642f8f6c907aaaa5ea8b19bf
> > Cr-Commit-Position: refs/heads/master@{#37485}
>
> TBR=adamk@chromium.org,caitpotter88@gmail.com
> # Not skipping CQ checks because original CL landed more than 1 days ago.
> BUG=v8:4663
>
> Committed: https://crrev.com/1177750a98faaa11e92ece13b70115bf704baf3b
> Cr-Commit-Position: refs/heads/master@{#37566}
TBR=adamk@chromium.org,caitpotter88@gmail.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4663
Review-Url: https://codereview.chromium.org/2127253002
Cr-Commit-Position: refs/heads/master@{#37596}
Drive-by-fix: hydrogen code does not blindly return the
byteLength offset, instead it executes what is defined
in the byteLength getter.
BUG=
Review-Url: https://codereview.chromium.org/2123263002
Cr-Commit-Position: refs/heads/master@{#37595}
Such an object can be used to later create a context from it. It has to
have access checks with handlers enabled, as it cannot be accessed
otherwise.
BUG=chromium:618305
R=verwaest@chromium.org
Review-Url: https://codereview.chromium.org/2107673003
Cr-Commit-Position: refs/heads/master@{#37594}
This enables tests which rely on the context available at "debugger"
statements to be accurate. This is the case by now when deoptimization
information is available.
R=mvstanton@chromium.org
BUG=v8:4035
Review-Url: https://codereview.chromium.org/2125773005
Cr-Commit-Position: refs/heads/master@{#37590}
Port de369129d2
Original commit message:
In the current implementation of wasm an unrepresentable input of the
float32-to-int32 conversion is detected by first truncating the input, then
converting the truncated input to int32 and back to float32, and then checking
whether the result is the same as the truncated input.
This input check does not work on arm and arm64 for an input of (INT32_MAX + 1)
because on these platforms the float32-to-int32 conversion results in INT32_MAX
if the input is greater than INT32_MAX. When INT32_MAX is converted back to
float32, then the result is (INT32_MAX + 1) again because INT32_MAX cannot be
represented precisely as float32, and rounding-to-nearest results in (INT32_MAX
+ 1). Since (INT32_MAX + 1) equals the truncated input value, the input appears
to be representable.
With the changes in this CL, the result of the float32-to-int32 conversion is
incremented by 1 if the original result was INT32_MAX. Thereby the detection of
unrepresenable inputs in wasm works. Note that since INT32_MAX cannot be
represented precisely in float32, it can also never be a valid result of the
float32-to-int32 conversion.
BUG=cctest/test-run-wasm/RunWasmCompiled_I32SConvertF32,cctest/test-run-wasm/RunWasmCompiled_I32UConvertF32
Review-Url: https://codereview.chromium.org/2130763002
Cr-Commit-Position: refs/heads/master@{#37586}
Now LookupIterator follows the same pattern of prepare transition, apply transition
and write value when adding new properties to dictionary objects.
JSGlobalObject case:
* Prepare transition phase ensures that there is a "transition" property cell
prepared for receiving a value.
* Apply transition phase does nothing.
* Prepare for data property phase ensures that the existing property cell can
receive the value.
* Write value phase writes value directly to the current property cell.
JSObject case:
* Prepare transition phase prepares the object for receiving a data value (which
could switch an object to dictionary mode).
* Apply transition phase migrates object to a transition map. If the map happened
to be a dictionary mode object's map then an uninitialized entry added to the
properties dictionary.
* Prepare for data property phase does nothing.
* Write value phase just puts value to the properties dictionary.
BUG=chromium:576312
Review-Url: https://codereview.chromium.org/2127583002
Cr-Commit-Position: refs/heads/master@{#37585}
In AstNumberingVisitor we always know what node we're dealing with, so there's no reason for this method to be virtual. This additionally deletes 3 calls to AssignFeedbackVectorSlots that would always end up in the empty version.
BUG=
Review-Url: https://codereview.chromium.org/2128613003
Cr-Commit-Position: refs/heads/master@{#37582}
This changes the last few remaining RUNTIME_ASSERT calls that need to be
intentionally robust because fuzzers or other callers can invoke the
runtime functions in question with unsafe arguments.
R=yangguo@chromium.org
BUG=v8:5066
Review-Url: https://codereview.chromium.org/2122173003
Cr-Commit-Position: refs/heads/master@{#37576}
Those virtual methods shouldn't live on the AST since they are crankshaft specific, and can easily be checked inline.
BUG=
Review-Url: https://codereview.chromium.org/2125933004
Cr-Commit-Position: refs/heads/master@{#37572}
When reading the value property of an iterator result fails, we must not close the iterator.
This was not discovered earlier because the tests had a subtle bug.
This CL fixes both the desugaring and the tests.
BUG=
Review-Url: https://codereview.chromium.org/2119353002
Cr-Commit-Position: refs/heads/master@{#37571}
A bit of browsing around indicates that the new fast-path is taken most of the time:
3496 Entering new
152295 Reentering same
BUG=
Review-Url: https://codereview.chromium.org/2131483002
Cr-Commit-Position: refs/heads/master@{#37570}
For variables introduced as part of a catch pattern, we used to set their
"initializer position" to the beginning of the pattern. This lead to
full-codegen eliminating crucial hole checks when reading such variables
inside the pattern itself.
R=adamk@chromium.org, littledan@chromium.org
BUG=v8:5178
Review-Url: https://codereview.chromium.org/2123953002
Cr-Commit-Position: refs/heads/master@{#37569}
Rolling v8/build to 6d9becf753310daf17f04ac4f0d8c109c364cdd2
Rolling v8/buildtools to aa47d9773d8f4d6254a587a1240b3dc023d54f06
Rolling v8/tools/gyp to bac4680ec9a5c55ab692490b6732999648ecf1e9
TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
Review-Url: https://codereview.chromium.org/2123853004
Cr-Commit-Position: refs/heads/master@{#37568}
Working on eliminating the use of ClassOf(). This function was checking IS_ARRAYBUFFER.
BUG=
Review-Url: https://codereview.chromium.org/2126603003
Cr-Commit-Position: refs/heads/master@{#37565}
We want to eventually move the profiling functionality out of V8 as library,
this patch exposes TickSample and its APIs in v8-profiler.h so that when
embedders use library, they can have more details.
Minor change: Rename tick-sample.[h|cc] to simulator-helper.[h|cc].
BUG=v8:4789
LOG=N
Review-Url: https://codereview.chromium.org/2105943002
Cr-Commit-Position: refs/heads/master@{#37564}
Port f59a23356b
Original commit message:
Stack trace generation requires access to the receiver; and while the
receiver is already on the stack, we cannot determine its position
during stack trace generation (it's stored in argv[0], and argc is only
stored in a callee-saved register).
This patch grants access to the receiver by pushing argc onto builtin
exit frames as an extra argument. Compared to simply pushing the
receiver, this requires an additional dereference during stack trace
generation, but one fewer during builtin calls.
R=jgruber@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com
BUG=v8:4815
LOG=N
Review-Url: https://codereview.chromium.org/2129643002
Cr-Commit-Position: refs/heads/master@{#37563}
Port bd0d9e7d87
Original commit message:
This optimizes the passing of stack parameters in function calls.
For some architectures (ia32/x64), using pushes when possible instead
of bumping the stack and then storing parameters generates much
smaller code, and in some cases is faster (e.g. when a push of a memory
location can implement a memory-to-memory copy and thus elide an
intermediate load. On others (e.g. ARM), the benefit is smaller, where
it's only possible to elide direct stack pointer adjustment in certain cases
or combine multiple register stores into a single instruction in other limited
situations. On yet other platforms (ARM64, MIPS), there are no push instructions,
and this optimization isn't used at all.
Ideally, this mechanism would be used for both tail calls and normal calls,
but "normal" calls are currently pretty efficient, and tail calls are very
inefficient, so this CL sets the bar low for building a new mechanism to
handle parameter pushing that only needs to raise the bar on tail calls for now.
The key aspect of this change is that adjustment to the stack pointer
for tail calls (and perhaps later real calls) is an explicit step separate from
instruction selection and gap resolution, but aware of both, making it possible
to safely recognize gap moves that are actually pushes.
R=danno@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com
BUG=
LOG=N
Review-Url: https://codereview.chromium.org/2123983002
Cr-Commit-Position: refs/heads/master@{#37561}
