This is the initial (big) step towards a more uniform implementation of
the ToObject abstract operation (ES6 7.1.13), where we have a fallback
implementation in JSReceiver::ToObject() and a fast (hydrogen) CodeStub
to deal with the fast case (we should be able to do more cleanup on this
in a followup CL). For natives we expose the abstract operation via a
%_ToObject intrinsic, also exposed via a macro TO_OBJECT, that unifies
the previous confusion with TO_OBJECT_INLINE, ToObject, TO_OBJECT,
$toObject and %$toObject. Now the whole implementation of the abstract
operation is context independent, meaning we don't need any magic in the
builtins object nor the native context.
R=mvstanton@chromium.org,yangguo@chromium.org
Review URL: https://codereview.chromium.org/1266013006
Cr-Commit-Position: refs/heads/master@{#29953}
Also, a one line fix in TurboFan to call the correct store ic.
BUG=
Review URL: https://codereview.chromium.org/1266983002
Cr-Commit-Position: refs/heads/master@{#29952}
Previously these instructions tried to jump to the value at the code entry's
location, rather than jumping to this location. Also adds a test.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1265723003
Cr-Commit-Position: refs/heads/master@{#29949}
port c5dd553cf3 (r29929).
original commit message:
Adds interpreter entry and exit trampoline builtins. Also implements the
Return bytecode handler and fixes a few bugs in InterpreterAssembler
highlighted by running on other architectures.
BUG=
Review URL: https://codereview.chromium.org/1271433002
Cr-Commit-Position: refs/heads/master@{#29943}
port 597da50322 (r29910).
original commit message:
Changes the interpreter to use a BytecodeArray pointer and an offset to avoid
having an inner pointer to a BytecodeArray object in registers during dispatch.
BUG=
Review URL: https://codereview.chromium.org/1267783002
Cr-Commit-Position: refs/heads/master@{#29942}
Add factory methods for different types of LinkageLocations, and ensure that
accesses to the underlying data in the location are classified by type and
funneled through explicit accessors.
Also change the representation of LinkageLocation to use a BitField rather
than using a reserved section of the integer range.
Review URL: https://codereview.chromium.org/1262343002
Cr-Commit-Position: refs/heads/master@{#29938}
When enabling the v8 profiler (Using the following command parameters: --js-flags=--prof)
or vtune profiling in chromium. it will break. This failure is introduced by this CL:
https://codereview.chromium.org/1218863002.
The reason is that V8 will enable the JITted code logging if --prof is set for V8. And under
this condition, the function Logger::LogCodeObjects() will be invoked and it will trigger a
mark-compact GC when deserializing the snapshot. This GC will use MemoryReducer to post a
delay task by invoking V8Platform::CallDelayedOnForegroundThread() function. But at this point
V8 isolation is still under initialization and the PerIsolationData of this isolation has not
been created. (isolation_holder.cc:39~40 line). This leads to V8Platform::CallDelayedOnForegroundThread()
failure because of segment fault.
According to my understanding, I proposed the following fix. If the heap deserialization has not
be completed, it does not post the delay task for next GC.
BUG=
Review URL: https://codereview.chromium.org/1270493002
Cr-Commit-Position: refs/heads/master@{#29937}
This forces the second pass of the pending phantom callbacks to run immediately after the first.
BUG=chromium:511294
LOG=Y
Review URL: https://codereview.chromium.org/1252993004
Cr-Commit-Position: refs/heads/master@{#29933}
This is the first step in cutting the Gordian linkage/linkage-impl knot.
This basically changes the axis along which we organize call descriptor
building logic from having platform-specific files dedicated to all call
descriptor types to having call-descriptor-type-specific files that have
The next step is to factor the JS, code stub, and runtime call descriptors
similarly, dumping them into:
compiler/js-linkage.cc
compiler/runtime-linkage.cc
compiler/code-stub-linkage.cc
or, alternatively, all of them just into compiler/js-linkage.cc.
This also anticipates a wasm-linkage.cc file in the future.
R=bmeurer@chromium.org,danno@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1266603002
Cr-Commit-Position: refs/heads/master@{#29931}
Adds interpreter entry and exit trampoline builtins. Also implements the
Return bytecode handler and fixes a few bugs in InterpreterAssembler
highlighted by running on other architectures.
MIPS and MIPS64 port contributed by Paul Lind (paul.lind@imgtec.com)
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1245133002
Cr-Commit-Position: refs/heads/master@{#29929}
The idle time handler should never return DONE or DO_SCAVENGE for
background tabs. Upon receiving DONE chrome will stop sending idle notifications.
BUG=chromium:515174
LOG=NO
Review URL: https://codereview.chromium.org/1269583002
Cr-Commit-Position: refs/heads/master@{#29926}
When a Property or a VariableProxy is used as the left hand side of an
assignment statement, there is no need to allocate a LOAD_IC feedback
vector slot for it. Alter the numbering phase to support this.
BUG=
Review URL: https://codereview.chromium.org/1262803002
Cr-Commit-Position: refs/heads/master@{#29924}
All runtime function get a context anyway, which is the same as the
explicit one in case of DeclareGlobals and DeclareLookupSlot. So
we can remove the additional parameter there.
As an additional bonus, improve the runtime interface to DeclareLookupSlot.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1261863002
Cr-Commit-Position: refs/heads/master@{#29923}
Replaces the 64-bit div instruction with 32-bit division in DivI.
Also fixes the Ddiv implementation in the simulator.
TEST=mjsunit/asm/int32div
BUG=
Review URL: https://codereview.chromium.org/1265603002
Cr-Commit-Position: refs/heads/master@{#29920}
A Parameter operator contains a ParameterInfo payload, not an int
payload, so the OpParameter<int> cast is invalid (and only worked by
coincidence currently).
BUG=chromium:515215
LOG=n
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1266743002
Cr-Commit-Position: refs/heads/master@{#29919}
This fixes several bugs related to float64 pool constants.
Note that float64 pool constants are still disabled by default, and are
only used if --enable-vldr-imm is provided.
BUG=
Review URL: https://codereview.chromium.org/1260953002
Cr-Commit-Position: refs/heads/master@{#29917}
Moves some uncommon type checking from ToString and
NonStringToString into DefaultString. This should
speed up string operations.
LOG=N
BUG=none
Review URL: https://codereview.chromium.org/1256323004
Cr-Commit-Position: refs/heads/master@{#29913}
script_executed and last_run are read/written by multiple threads. Also
externalized_shared_contents_ is modified by multiple threads.
BUG=4306
R=jarin@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1252623003
Cr-Commit-Position: refs/heads/master@{#29912}
When the main thread terminates, it forcibly terminates all Worker threads.
When this happens, the threads objects were only half-created; they had a
JavaScript Worker object, but not a C++ worker object.
This CL fixes that bug, as well as some other fixes:
* Signatures on Worker methods
* Use SetAlignedPointerFromInternalField instead of using an External.
* Remove state_ from Worker. Simplify to atomic bool running_.
BUG=chromium:511880
R=jarin@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1255563002
Cr-Commit-Position: refs/heads/master@{#29911}
Changes the interpreter to use a BytecodeArray pointer and an offset to avoid
having an inner pointer to a BytecodeArray object in registers during dispatch.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1254293006
Cr-Commit-Position: refs/heads/master@{#29910}
Moves some uncommon type checking from ToNumber and
NonNumberToNumber into DefaultNumber. This should
speed up numeric operations especially as more "value types
are added.
LOG=N
BUG=513196, v8:4124
Review URL: https://codereview.chromium.org/1260273002
Cr-Commit-Position: refs/heads/master@{#29908}
Reason for revert:
Suspected to cause Canary crashes
Original issue's description:
> Reland^2 "Enable loads and stores to global vars through property cell shortcuts installed into parent script context".
>
> This reverts commit 362b378501.
>
> R=ishell@chromium.org
>
> Committed: https://crrev.com/440ae014e56924b52337c3747221b79283f07b81
> Cr-Commit-Position: refs/heads/master@{#29849}
TBR=ishell@chromium.org,v8-mips-ports@googlegroups.com,plind44@gmail.com,bmeurer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
Review URL: https://codereview.chromium.org/1260423002
Cr-Commit-Position: refs/heads/master@{#29905}
