In VisitArrayLiteral(), we stopped creating boilerplates during
compilation. This created a bug, because we'd emit an HStoreKeyed with an
ElementsKind based on the initial elements kind of the boilerplate. Since
boilerplates may transition as part of elements transition feedback, this can
lead to incorrect values (storing a smi in a double array).
BUG=chromium:606021
Review-Url: https://codereview.chromium.org/2000673002
Cr-Commit-Position: refs/heads/master@{#36408}
Instead of dynamically creating semaphore for each page parallel job,
we create one semaphore for MarkCompact and reuse it.
This patch also removes all instrumentation code that was added to
help with investigation.
BUG=chromium:609249
LOG=NO
Review-Url: https://codereview.chromium.org/1998213002
Cr-Commit-Position: refs/heads/master@{#36407}
For now we treat simplified ObjectIsFoo operators as escaping uses when
it comes to escape analysis. Eventually we want to handle them in the
associated reducer, just like we do with ObjectIsSmi.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2002573002
Cr-Commit-Position: refs/heads/master@{#36404}
- Lane indices are no longer required to be integers. Add index coersion for loads/stores
- Give shift operators masking shift count semantics
- Throw type/range errors instead of runtime asserts.
BUG=v8:4963
LOG=N
R=bbudge@chromium.org, bmeurer@chromium.org
Review-Url: https://codereview.chromium.org/1965443003
Cr-Commit-Position: refs/heads/master@{#36402}
Also change parser to insert %_GeneratorClose instead of %GeneratorClose.
Full-codegen generators will fall back to the runtime function.
BUG=v8:4907
Review-Url: https://codereview.chromium.org/1993073003
Cr-Commit-Position: refs/heads/master@{#36401}
This adds support to materialize JSFunction objects from deoptimization
information. By now we need to support this because TurboFan's escape
analysis can produce virtual (i.e. non-escaping) closures.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/1998143002
Cr-Commit-Position: refs/heads/master@{#36400}
Script position calculation logic (i.e. line & column numbers for a
given code position) is now based on a single method
Script::GetPositionInfo(). Refactored related code in isolate.cc and
js/messages.js to use the new method. The line_ends accessor is still
in use by chromium and thus cannot be removed yet.
R=yangguo@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2003483002
Cr-Commit-Position: refs/heads/master@{#36398}
Reason for revert:
First CF feedback is in, reverting for now until the know bugs are fixed.
Original issue's description:
> [ESNext] Activate async/await for ClusterFuzz
>
> BUG=v8:4483
> R=neis@chromium.org,littledan@chromium.org,caitpotter88@gmail.com
> LOG=N
>
> Committed: https://crrev.com/c57cadfa09fa493141bf43c1c7b898187a71da19
> Cr-Commit-Position: refs/heads/master@{#36362}
TBR=littledan@chromium.org,caitpotter88@gmail.com,neis@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4483
Review-Url: https://codereview.chromium.org/2003503002
Cr-Commit-Position: refs/heads/master@{#36397}
port f241a61a34 (r36360)
original commit message:
We cannot tier up from interpreted to baseline code when there is an
activation of the function on the stack. This significantly regresses
the performance of recursive functions since they are unlikely to get
tiered up.
This CL adds the ability for a function to be marked for baseline
compilation when it returns. To do this we patch the
InterpreterEntryTrampoline return address to point to
InterpreterMarkBaselineOnReturn, which leaves the
interpreted frame and recompile the function for
baseline.
This improves the score of EarlyBoyer by ~8x for Ignition.
BUG=
Review-Url: https://codereview.chromium.org/1998153002
Cr-Commit-Position: refs/heads/master@{#36396}
Introduce three new JS operators in Turbofan:
- JSGeneratorStore is used in implementing Ignition's SuspendGenerator bytecode.
- JSGeneratorRestoreContinuation and JSGeneratorRestoreRegister are used in
implementing Ignition's ResumeGenerator bytecode.
Remove the runtime functions that were used to implement these bytecodes before.
BUG=v8:4907
Review-Url: https://codereview.chromium.org/1991203002
Cr-Commit-Position: refs/heads/master@{#36395}
This patch re-lands #36341 with another fix to make
the amd64-generic build work as well.
R=machenbach@chromium.org, hablich@chromium.org, adamk@chromium.org
BUG=608596, 595653
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:chromeos_daisy_chromium_compile_only_ng,chromeos_amd64-generic_chromium_compile_only_ng,chromeos_x86-generic_chromium_compile_only_ng,linux_chromium_gn_chromeos_rel,linux_chromium_gn_chromeos_dbg
Review-Url: https://codereview.chromium.org/1996513005
Cr-Commit-Position: refs/heads/master@{#36390}
Rolling v8/build to f81cc400005454453b83aad6e47e321a37d092dd
Rolling v8/third_party/android_tools to 5b5f2f60b78198eaef25d442ac60f823142a8a6e
TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
Review-Url: https://codereview.chromium.org/1999603003
Cr-Commit-Position: refs/heads/master@{#36387}
port f241a61a34
Original Commit Message:
We cannot tier up from interpreted to baseline code when there is an
activation of the function on the stack. This significantly regresses
the performance of recursive functions since they are unlikely to get
tiered up.
This CL adds the ability for a function to be marked for baseline
compilation when it returns. To do this we patch the
InterpreterEntryTrampoline return address to point to
InterpreterMarkBaselineOnReturn, which leaves the
interpreted frame and recompile the function for
baseline.
This improves the score of EarlyBoyer by ~8x for Ignition.
R=rmcilroy@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/1993343002
Cr-Commit-Position: refs/heads/master@{#36384}
In ES2015, the "byteLength" and "byteOffset" properties of DataViews are
getters on the prototype, so the previously-used strategy of special-casing
them using only the receiver map is invalid.
A future CL will need to use the same strategy which will be taken for
TypedArray "length", "byteLength", and "byteOffset": adding a prototype
chain check.
BUG=v8:5018, chromium:593634
Review-Url: https://codereview.chromium.org/1984043002
Cr-Commit-Position: refs/heads/master@{#36382}
This patch is a follow up to https://codereview.chromium.org/1972103002/
adding support for the `Operand_R_LSL_I` addressing mode to loads and
stores for ARM.
Just as the ARM64 implementation, the shift + load/store pattern is only
really relevant to the interpreter. For this reason, this patch does not
add support for the other addressing modes (`R_LSR_I`, `R_ASR_I` and
`R_ROR_I`) as I haven't seen those pattern being generated. Additionally,
the optimization is restricted 32 bit loads and stores.
kind = BYTECODE_HANDLER
name = Star
compiler = turbofan
Instructions (size = 40)
0x22a5f860 0 e2851001 add r1, r5, #1
0x22a5f864 4 e19610d1 ldrsb r1, [r6, +r1]
0x22a5f868 8 e1a0200b mov r2, fp
0x22a5f86c 12 e7820101 str r0, [r2, +r1, lsl #2]
^^^^^^^^^^^^^^^^^^^^^^^^^
0x22a5f870 16 e2855002 add r5, r5, #2
0x22a5f874 20 e7d61005 ldrb r1, [r6, +r5]
0x22a5f878 24 e7981101 ldr r1, [r8, +r1, lsl #2]
^^^^^^^^^^^^^^^^^^^^^^^^^
0x22a5f87c 28 e12fff11 bx r1
BUG=
Review-Url: https://codereview.chromium.org/1974263002
Cr-Commit-Position: refs/heads/master@{#36381}
Move it to HARMONY_STAGED from HARMONY_INPROGRESS.
Update test262.status now that case mapping tests are passing with
'--harmony' specified.
BUG=v8:4476,v8:4477
LOG=Y
TEST=test262/{built-ins,intl402}/Strings/*, webkit/fast/js/*,
mjsunit/string-case, intl/general/case*
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_noi18n_rel_ng
Review-Url: https://codereview.chromium.org/1990083002
Cr-Commit-Position: refs/heads/master@{#36379}
The MLS instruction is available in all ARMv7 devices, and in no ARMv6
devices, aside from the usual ARMv6T2 caveat. We don't need a separate
feature flag for it.
BUG=
Review-Url: https://codereview.chromium.org/1988133004
Cr-Commit-Position: refs/heads/master@{#36378}
- Removing null checks as we always have the CodeRange object (it might be
invalid, but it's there)
- Account for reserved area (Win64) in SetUp so we the caller doesn't need to be
aware of it
R=ulan@chromium.org
Review-Url: https://codereview.chromium.org/1991253002
Cr-Commit-Position: refs/heads/master@{#36377}
Assembler::db() could start a trampoline pool at wrong pc position.
TEST: mjsunit/asm/embenchen/zlib
BUG=
Review-Url: https://codereview.chromium.org/1994143002
Cr-Commit-Position: refs/heads/master@{#36374}
Define the ELF e_machine field for ARM64, enabling --perf-prof.
BUG=
Review-Url: https://codereview.chromium.org/1992263002
Cr-Commit-Position: refs/heads/master@{#36373}
use_icu_data_file from //third_party/icu should be used.
//third_party/icu also defines ICU_UTIL_DATA_IMPL.
BUG=chromium:610673,chromium:474921
Review-Url: https://codereview.chromium.org/1996033002
Cr-Commit-Position: refs/heads/master@{#36371}
Previously, CodeStubAssembler macros performing FixedArray element accesses had
to compute offsets to elements explicitly with a fair amount of duplicated
code. Furthermore, any peephole optimizations that could produce better code--
like recognizing constant indices or combining array index computation with Smi
untagging--were also duplicated.
This change factors the code to compute FixedArray index offsets into a common
routine in the CodeStubAssembler that applies standard peephole optimizations to
all accesses. In order to do this, it also introduces limited introspection into
the up-until-now opaque Node* type exported from code-assembler.h, allowing
Nodes to be queried whether they are constant and extracting their constant
value in that case.
Review-Url: https://codereview.chromium.org/1989363004
Cr-Commit-Position: refs/heads/master@{#36370}
Inlines the ToBoolean operations in the interpreter. Also do some
cleanup to unify UnaryOp helper in the Interpreter, remove the unused
BinaryOp Runtime call helper and remove extra newlines.
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/1998593002
Cr-Commit-Position: refs/heads/master@{#36366}
This patch moves the wrapper code from the remembered-set to the
scavenger and the mark-compact code.
The wrapper code inspected a slot address to see if the object that
belongs to the address is in the from-space. If it was in the
from-space, then some callback was executed on the object. If the object
got move to the to-space, then the wrapper returned KEEP_SLOT, otherwise
REMOVE_SLOT.
This logic does not really belong to the remembered set, so I moved it
away from there.
R=ulan@chromium.org
Review-Url: https://codereview.chromium.org/1994933002
Cr-Commit-Position: refs/heads/master@{#36364}
The cached resource data pointer is a source of non-determinism when
creating the snapshot. Long-term we may not keep the native source in
memory anyways, so caching the resource data pointer will not be
possible.
R=ulan@chromium.org
BUG=v8:4886
LOG=N
Review-Url: https://codereview.chromium.org/1990183002
Cr-Commit-Position: refs/heads/master@{#36361}
We cannot tier up from interpreted to baseline code when there is an
activation of the function on the stack. This significantly regresses
the performance of recursive functions since they are unlikely to get
tiered up.
This CL adds the ability for a function to be marked for baseline
compilation when it returns. To do this we patch the
InterpreterEntryTrampoline return address to point to
InterpreterMarkBaselineOnReturn, which leaves the
interpreted frame and recompile the function for
baseline.
This improves the score of EarlyBoyer by ~8x for Ignition.
BUG=v8:4280
LOG=N
Review-Url: https://codereview.chromium.org/1965343002
Cr-Commit-Position: refs/heads/master@{#36360}
