Up until now we had two places where we did the function prototype
folding, once in the Typer and once in JSTypedLowering. Put this logic
into JSNativeContextSpecialization instead.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/1965293002
Cr-Commit-Position: refs/heads/master@{#36157}
Make JSCreateArguments eliminatable, and remove the need for frame
states on JSCreateArguments nodes being lowered to (optimized) stub
calls. Only the runtime fallback needs a frame state, because in that
case we need to ask the deoptimizer for arguments to inlined functions.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/1965013005
Cr-Commit-Position: refs/heads/master@{#36154}
The data from UseCounters are in--V8's custom Promise methods are not
in wide use on the web (<.002%). Therefore, this patch removes them.
That includes:
- Promise.prototype.chain
- Promise.defer -- the most widely used of the bunch
- Promise.accept
For now, those methods are still available by checking the "disable
latest stable JavaScript features" flag, or --promise-extra at the
command line, but I expect them to be fully removable.
R=adamk
CC=rossberg
BUG=v8:3238,v8:4633
Review-Url: https://codereview.chromium.org/1965183002
Cr-Commit-Position: refs/heads/master@{#36152}
Old code failed to walk over deleted elements, instead treating
deleted elements as "undefined" in the output array.
This is the Map equivalent of commit 2d9bfe9ad5.
Also micro-optimized the loops to avoid an extra call to KeyAt()
and used a direct hole comparison instead of calling IsTheHole().
R=cbruni@chromium.org
BUG=v8:4946
LOG=y
Review-Url: https://codereview.chromium.org/1965593002
Cr-Commit-Position: refs/heads/master@{#36149}
Renames IsDouble* predicates to IsFP*.
Adds specific IsFloat*, IsDouble*, and IsSimd128* predicates.
Adds specific GetFloatRegister, GetDoubleRegister, and
GetSimd128Register methods.
This is mostly a mechanical renaming of IsDouble* to IsFP* methods.
This shouldn't change code generation at all. All fp registers are still
treated as double registers.
LOG=N
BUG=v8:4124
Review-Url: https://codereview.chromium.org/1959763002
Cr-Commit-Position: refs/heads/master@{#36146}
Rather than pushing zero for the initial bytecode offset, we should push the
offset of the first bytecode handler, Smi tagged. This fixes the line number
for the top stack frame on overflow errors.
BUG=v8:4981
LOG=N
Review-Url: https://codereview.chromium.org/1950913004
Cr-Commit-Position: refs/heads/master@{#36137}
Trying to re-land http://crrev.com/1948453002 after fixing assembler-x64.cc in http://crrev.com/1962563003.
Before this patch, we would emit a cmp or test with a memory operand only if both of the operands in the IR were loads. Now if either of them is a load and the other one is an immediate, we can use a memory operand if the load representation machine size is wide enough to represent the latter.
Review-Url: https://codereview.chromium.org/1968453002
Cr-Commit-Position: refs/heads/master@{#36136}
In the bytecode graphbuilder, translate the two generator-specific
bytecodes as a couple of runtime calls for now.
BUG=v8:4907
LOG=n
Review-Url: https://codereview.chromium.org/1957393004
Cr-Commit-Position: refs/heads/master@{#36134}
This adds a new pass MemoryOptimizer that walks over the effect chain
from Start and lowers all Allocate, LoadField, StoreField, LoadElement,
and StoreElement nodes, trying to fold allocations into allocation
groups and eliminate write barriers on StoreField and StoreElement if
possible (i.e. if the object belongs to the current allocation group and
that group allocates in new space).
R=hpayer@chromium.org, jarin@chromium.org
BUG=v8:4931, chromium:580959
LOG=n
Review-Url: https://codereview.chromium.org/1963583004
Cr-Commit-Position: refs/heads/master@{#36128}
This implements declaration of lookup slots for variables and functions
within optimized code. Such a declaration only appears with top-level
eval code, which we only recently started handling in TurboFan.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/1962723002
Cr-Commit-Position: refs/heads/master@{#36125}
This patch installs %TypedArray% and its prototype on the native
context, and wires them up to each TypedArray subclass. This is later
used to check the holder of length, byteLength and byteOffset is
%Typedarray% and apply the appropriate optimizations.
BUG=chromium:593634
LOG=Y
Review-Url: https://codereview.chromium.org/1949863002
Cr-Commit-Position: refs/heads/master@{#36116}
Fixes 4 compile errors on Mac due to specifiers not matching type casts.
LOG=N
BUG=
Review-Url: https://codereview.chromium.org/1960113002
Cr-Commit-Position: refs/heads/master@{#36115}
atomic-utils.h only uses functionality from base/, and also by moving it into
base/, code outside of v8_base can benefit from it.
BUG=v8:4991
LOG=n
Review-Url: https://codereview.chromium.org/1954603002
Cr-Commit-Position: refs/heads/master@{#36114}
Assembler::testw(Register, Immediate) and Assembler::testw(const Operand&, Immediate) were emitting only the first 8 bits of a 16-bit immediate, causing unexpected crashes.
This went unnoticed because before http://crrev.com/1948453002 no compiler was using them.
Review-Url: https://codereview.chromium.org/1962563003
Cr-Commit-Position: refs/heads/master@{#36110}
The bailout points for named and keyed property loads when doing super
property calls are not being prepared by full-codegen, even though we
are using them in TurboFan for deopts and stack traces.
R=jarin@chromium.org
TEST=mjsunit/regress/regress-4971
BUG=v8:4971
LOG=n
Review-Url: https://codereview.chromium.org/1960083002
Cr-Commit-Position: refs/heads/master@{#36109}
This catches malformed code like the following example:
<expr>
<block begin>
<expr>
<binop>
<end>
Which is illegal because the inputs to the binop cross the block boundary.
R=rossberg@chromium.org,ahaas@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/1961853002
Cr-Commit-Position: refs/heads/master@{#36103}
The flag in question used to fall-back to Crankshaft whenever an OSR
request couldn't be handled by TurboFan. By now OSR in TurboFan is
sufficiently stabilized that one single --use-osr flag should do it.
R=titzer@chromium.org
Review-Url: https://codereview.chromium.org/1960043002
Cr-Commit-Position: refs/heads/master@{#36102}
mjsunit/es6/mirror-collections fails with ignition because dead registers
may hold references to objects. This prevents GC from collecting
otherwise dead objects. Dead registers are not cleared because the cost
of clearing them outweighs its benefits. Hence, modifying this test to
work around this problem.
BUG=v8:4280,v8:4853
LOG=N
Review-Url: https://codereview.chromium.org/1945223002
Cr-Commit-Position: refs/heads/master@{#36098}
Handles of this type are automatically reset by the garbage collector
when their objects are not longer reachable.
The motivation is to reduce pause time of external.weak_global_handles
phase of the garbage collector by not maintaing the list of pending
callbacks and not calling the callbacks.
Local testing on discourse page of the v8.inifinite_scroll benchmark
shows 7x improvement for this GC phase.
Before:
external.weak_global_handles
len: 21
min: 0.0
max: 4.5
avg: 0.757142857143
After:
external.weak_global_handles
len: 21
min: 0.0
max: 0.5
avg: 0.109523809524
A follow-up patch will enable the new phantom handles in Chromium.
BUG=chromium:608333
LOG=NO
Review-Url: https://codereview.chromium.org/1950963002
Cr-Commit-Position: refs/heads/master@{#36095}
Add comments explaining how to iterate over an OrderedHashTable.
Use the correct strategy for iteration in Set::AsArray().
Add a DCHECK bounds check in OrderedHashTable::KeyAt().
BUG=v8:4946
LOG=y
Review-Url: https://codereview.chromium.org/1952093002
Cr-Commit-Position: refs/heads/master@{#36091}
Some tests which fail with '--ignition --turbo --turbo-from-bytecode' pass with
just '--ignition'. Unskip these tests. Also group other tests with related
bugs.
BUG=v8:4680
LOG=N
Review-Url: https://codereview.chromium.org/1944413002
Cr-Commit-Position: refs/heads/master@{#36083}
This changes different locations to extract the reference to the wasm
object and the function index from the stack trace, and make it
available through all the APIs which process stack traces.
The javascript CallSite object now has the new methods isWasm(),
getWasmObject() and getWasmFunctionIndex(); the byte offset is
available via getPosition().
Function names of wasm frames should be fully functional with this
commit, position information works reliably for calls, but not for
traps like unreachable or out-of-bounds accesses.
R=titzer@chromium.org, yangguo@chromium.org
Review-Url: https://codereview.chromium.org/1909353002
Cr-Commit-Position: refs/heads/master@{#36067}
This operator was initially designed to handle arbitrary effect merging
for effect relaxation, but we don't do that (at least currently). So no
need to keep the dead operator around.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/1954983002
Cr-Commit-Position: refs/heads/master@{#36063}
port 117a56b7c2 (r36044)
original commit message:
- Add new RelocInfo mode WASM_MEMORY_SIZE_REFERENCE in the assembler and add relocation information to immediates in compare instructions.
- Use relocatable constants for MemSize/BoundsCheck in the wasm compiler
BUG=
Review-Url: https://codereview.chromium.org/1947413003
Cr-Commit-Position: refs/heads/master@{#36058}
Scope analysis is over-conservative when treating variable resolutions
as possibly-shadowed by a sloppy eval. In the attached bug, this comes
into play since catch scopes have different behavior with respect to
the "calls eval" in eager vs lazy compilation (in the latter, they
are never marked as "calls eval" because CatchContexts don't have
an associated ScopeInfo).
This patch changes the scope-type check to also eliminate a few other
cases where shadowing isn't possible, such as non-declaration block scopes.
BUG=chromium:608279
LOG=n
Review-Url: https://codereview.chromium.org/1950803002
Cr-Commit-Position: refs/heads/master@{#36046}
A load instruction will implicitely clear the top 32 bits when writing to a W
register. This patch avoids generating a `mov` instruction to zero-extend the
result in this case.
For example, this occurs in the generated code for dispatching to the next
bytecode in the interpreter:
kind = BYTECODE_HANDLER
name = LdaZero
compiler = turbofan
Instructions (size = 36)
0x32e64c60 0 add x19, x19, #0x1 (1)
0x32e64c64 4 ldrb w0, [x20, x19]
0x32e64c68 8 mov w0, w0
^^^^^^^^^^
0x32e64c6c 12 lsl x0, x0, #3
0x32e64c70 16 ldr x1, [x21, x0]
0x32e64c74 20 movz x0, #0x0
0x32e64c78 24 br x1
BUG=
Review-Url: https://codereview.chromium.org/1950013003
Cr-Commit-Position: refs/heads/master@{#36038}
