Also support additional number types (singleton ranges, NaN and minus
zero) for constant propagation in typed lowering.
TEST=unittests
Review URL: https://codereview.chromium.org/829303002
Cr-Commit-Position: refs/heads/master@{#25963}
Test case LowerAnyToBoolean_tagged_tagged invokes "Linkage::GetStubCallDescriptor(...)"
function but this function is not implemented on turbofan unsupported platform.
BUG=
Review URL: https://codereview.chromium.org/836973002
Cr-Commit-Position: refs/heads/master@{#25960}
Introduce a new AnyToBoolean simplified operator to handle the later
lowering of boolean conversions. Previously we tried to hack that with
the generic JSToBoolean, having its context set to zero, but that lead
to various problems/bugs and did not handle all cases.
TEST=cctest,unittests
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/800833003
Cr-Commit-Position: refs/heads/master@{#25958}
This prevents eliminating effectful statements before the loop.
BUG=
Review URL: https://codereview.chromium.org/830923002
Cr-Commit-Position: refs/heads/master@{#25953}
We cannot just clear the result register optimistically, because the
register allocator might assign the same register to result and buffer.
TEST=mjsunit/compiler/regress-445858
BUG=chromium:445858
LOG=y
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/828303002
Cr-Commit-Position: refs/heads/master@{#25950}
Set a valid reason for disabling optimization when using
%NeverOptimizeFunction.
TEST=mjsunit/compiler/regress-445732
BUG=chromium:445732
LOG=y
TBR=machenbach@chromium.org
Review URL: https://codereview.chromium.org/832003002
Cr-Commit-Position: refs/heads/master@{#25949}
Change InstructionOperand to use a 64-bit field for encoding the operand
information instead of the 32-bit field that was used before. Ideally we
wouldn't use the Zone-allocated bit field at all, and use an integer
instead of the pointer; but that requires fixing the register allocator
first, which will take some time.
TEST=mjsunit/compiler/regress-3786
BUG=v8:3786
LOG=y
Review URL: https://codereview.chromium.org/826673002
Cr-Commit-Position: refs/heads/master@{#25941}
Also slightly refactor the NodeCache and CommonNodeCache classes to
reduce inherent overhead of caching.
TEST=cctest
Review URL: https://codereview.chromium.org/822923002
Cr-Commit-Position: refs/heads/master@{#25937}
This API is used by Blink to inform V8 about HTML frames being disposed.
Using the optional parameter, Blink can tell V8 whether the disposed
frame was a main frame. In that case, we might want to reset GC
parameters
BUG=none
R=hpayer@chromium.org
LOG=y
Review URL: https://codereview.chromium.org/823583003
Cr-Commit-Position: refs/heads/master@{#25926}
The CommonOperatorReducer currently takes care of redundant Phis,
EffectPhis and Selects. This functionality overlaps with ControlReducer,
but is required to make certain optimizations effective, since the
ControlReducer only runs really early and really late in the pipeline
and therefore other reducers aren't reapplied properly after redundant
phi/select elimination.
TEST=unittests
R=hpayer@chromium.org
Review URL: https://codereview.chromium.org/817243003
Cr-Commit-Position: refs/heads/master@{#25922}
The test driver doesn't know at the moment if optdebug 1 or 2 has been used (the first is used on the bots, the second
locally in quickcheck). It can't know therefore if slow
asserts can be enabled or not. Trying to enable them leads
to a warning if they weren't compiled, which causes webkit
1:1 text comparison to fail.
Review URL: https://codereview.chromium.org/819033002
Cr-Commit-Position: refs/heads/master@{#25921}
There might be a number of clients that would like to
setup an interrupt request on the Isolate.
The patch also deprecates ClearInterrupt API. As long as
the interrupt handler is called outside of locks there's no way
to guarantee that the handler will not be called after
ClearInterrupt was invoked as it might have already started execution.
Review URL: https://codereview.chromium.org/796623003
Cr-Commit-Position: refs/heads/master@{#25910}
This avoids touching the Array prototype, which may have been tampered with.
BUG=chromium:443982
LOG=n
Review URL: https://codereview.chromium.org/820503005
Cr-Commit-Position: refs/heads/master@{#25908}
Regular ICs in MONOMORPHIC and POLYMORPHIC state now hold onto maps with
WeakCells. Vector-based ICs should do the same.
R=ulan@chromium.org
Review URL: https://codereview.chromium.org/815953002
Cr-Commit-Position: refs/heads/master@{#25907}
This keeps dying maps alive for FLAG_retain_maps_for_n_gc garbage collections to increase chances of them being reused for new objects in future.
BUG=v8:3664
LOG=N
TEST=cctest/test-heap/MapRetaining
Review URL: https://codereview.chromium.org/794583003
Cr-Commit-Position: refs/heads/master@{#25887}
Reason for revert:
[sheriff] Still crashes on win32 (XP):
http://build.chromium.org/p/client.v8/builders/V8%20Win32%20-%201/builds/1380
Original issue's description:
> ES6 computed property names
>
> This adds support for computed property names, under the flag
> --harmony-computed-property-names, for both object literals and
> classes.
>
> This is a revert of the revert, a76419f0f4.
>
> This changes to do an early bailout in
> HOptimizedGraphBuilder::VisitObjectLiteral instead of doing that in the later
> loop.
>
> BUG=v8:3754
> LOG=Y
> TBR=dslomov@chromium.orgTBR=dslomov@chromium.org,arv@chromium.org
NOTREECHECKS=true
NOTRY=true
BUG=v8:3754
Review URL: https://codereview.chromium.org/811593004
Cr-Commit-Position: refs/heads/master@{#25872}
This adds support for computed property names, under the flag
--harmony-computed-property-names, for both object literals and
classes.
This is a revert of the revert, a76419f0f4.
This changes to do an early bailout in
HOptimizedGraphBuilder::VisitObjectLiteral instead of doing that in the later
loop.
BUG=v8:3754
LOG=Y
TBR=dslomov@chromium.org
Review URL: https://codereview.chromium.org/792233008
Cr-Commit-Position: refs/heads/master@{#25868}
The spec ended up using Get(unscopables, propertyName) and
comparing the result to undefined instead of using Has.
BUG=v8:3632
LOG=Y
R=adamk, dslomov@chromium.org
Review URL: https://codereview.chromium.org/807893002
Cr-Commit-Position: refs/heads/master@{#25854}
Reason for revert:
Crashes Win32. It was not flake.
Original issue's description:
> ES6 computed property names
>
> This adds support for computed property names, under the flag
> --harmony-computed-property-names, for both object literals and
> classes.
>
> This is a revert of the revert, a76419f0f4 with
> no changes. I cannot reproduce the issue on Win8.1 or WinXP. Letting the bots
> try again.
>
> BUG=v8:3754
> LOG=Y
> TBR=dslomov@chromium.orgTBR=dslomov@chromium.org
NOTREECHECKS=true
NOTRY=true
BUG=v8:3754
Review URL: https://codereview.chromium.org/807033003
Cr-Commit-Position: refs/heads/master@{#25853}
This adds support for computed property names, under the flag
--harmony-computed-property-names, for both object literals and
classes.
This is a revert of the revert, a76419f0f4 with
no changes. I cannot reproduce the issue on Win8.1 or WinXP. Letting the bots
try again.
BUG=v8:3754
LOG=Y
TBR=dslomov@chromium.org
Review URL: https://codereview.chromium.org/807173002
Cr-Commit-Position: refs/heads/master@{#25851}
This greatly reduces the number of nodes in the graph (by more than 20x in
some extreme cases) for the Emscripten python interpreter main function.
BUG=v8:3763
LOG=y
TEST=cctest,mjsunit,unittests
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/802353003
Cr-Commit-Position: refs/heads/master@{#25840}
The bug would occur when we try to Reset() to a position already at the end.
This happens e.g., when the regexp ends with \u. What used to happen in that
case: 1) Advance past \ and u (to the end) (which wouldn't increase next_pos_
enough) 2) Try to parse 4 hex digits 3) When that failed, Reset() to the
position which should've been at the end but wasn't.
To be able to properly Reset() to a position at the end, we need to allow
next_pos_ to move beyond the end (since position() is next_pos_ - 1).
Minimal repro case:
var r = /foo\u/
r.test("foou") // should be true, was false.
(Note that \u not followed by 4 hex didits should be interpreted as an identity
escape. It already worked unless \u was at the end of the regexp.)
BUG=v8:3756
LOG=NO
Review URL: https://codereview.chromium.org/802313003
Cr-Commit-Position: refs/heads/master@{#25838}
Relanded with fix for always returning Change for PlainPrimitive even
if there was no change. The performance regression on primes.js and
corrections.js is due to unlucky loop header alignment; will be addressed
separately.
TEST=unittests
R=svenpanne@chromium.org
Committed: 75484e8d16
Review URL: https://codereview.chromium.org/799413002
Cr-Commit-Position: refs/heads/master@{#25832}
This adds support for computed property names, under the flag
--harmony-computed-property-names, for both object literals and
classes.
BUG=v8:3754
LOG=Y
Review URL: https://codereview.chromium.org/795573005
Cr-Commit-Position: refs/heads/master@{#25821}
Keyed loads should not unconditionally be compiled to element loads. Update KeyedLoadICs to keep track of the key type, so that Hydrogen can emit ICs for string-keyed loads it doesn't have inline support for.
BUG=v8:3167
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/755513003
Cr-Commit-Position: refs/heads/master@{#25817}
This functionality is now used by both object visitor and store buffer.
TEST=cctest/test-unboxed-doubles
Review URL: https://codereview.chromium.org/726713003
Cr-Commit-Position: refs/heads/master@{#25816}
Add support for Symbol.isConcatSpreadable in Array.prototype.concat. This enables spreading non-Array objects with the symbol.
LOG=N
R=dslomov@chromium.org
BUG=
Review URL: https://codereview.chromium.org/771483002
Cr-Commit-Position: refs/heads/master@{#25808}
Such properties never notified prior to r21558, but the combination of
that change and r23163 led to sending notifications when they were
set via Object.defineProperty (but not when set via other means).
This also allows some cleanup in v8natives.js and objects.cc,
both of which were doing unnecessary contortions to produce the right
change records.
BUG=v8:3745
LOG=n
Review URL: https://codereview.chromium.org/791243002
Cr-Commit-Position: refs/heads/master@{#25806}
To make space in the type bitset, remove Function, RegExp, and Buffer
types for now, since they aren't really relied upon anyway.
R=bmeurer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/795993002
Cr-Commit-Position: refs/heads/master@{#25776}
The instruction selector now selects pseudo instructions: CompareAndBranch or
TestAndBranch which are associated with their continuations so that generic
code in the code generator will treat them as branch instruction and will be
able to apply optimization like avoiding branches when the code can falltrhough.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/798553002
Cr-Commit-Position: refs/heads/master@{#25773}
V8 didn't report compile events on pause before this patch. These events can be important for listener. For example, DevTools allows user to execute some JS code on pause and needs to show correct stack trace in message from it.
BUG=396013
R=yurys@chromium.org
Review URL: https://codereview.chromium.org/781623004
Cr-Commit-Position: refs/heads/master@{#25767}
They both now run fast (due to utilizing transitions instead of always
creating new maps) and sealed or non-extensible objects can stay in
fast mode after transitioning.
This almost entirely reuses the code for transitioning objects
frozen by Object.freeze(), with the added benefit of freeing
up a bit on the map (we no longer keep track of frozen-ness,
as that bit wasn't used for anything interesting).
BUG=v8:3662,chromium:115960
LOG=y
Review URL: https://codereview.chromium.org/776143005
Cr-Commit-Position: refs/heads/master@{#25759}
Reason for revert:
For breaking the waterfall (run-json-stringify test).
Original issue's description:
> Avoid number range holes in bitset types.
>
> BUG=
TBR=rossberg@chromium.org
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/794663002
Cr-Commit-Position: refs/heads/master@{#25756}
Also fix the pushing of JSToBoolean into Phis and generalize it to
also include pushing into Selects.
TEST=cctest,unittests
Review URL: https://codereview.chromium.org/792463003
Cr-Commit-Position: refs/heads/master@{#25718}
This test case ( added by git: 4c7effe56e ).
should has different implementation for Turbofan and crankshaft.
BUG=
Review URL: https://codereview.chromium.org/774163005
Cr-Commit-Position: refs/heads/master@{#25713}
Blink already has code for handling invalid cached data. The attached test
ensures that cached data is gracefully rejected if it cannot be used.
This also unifies parser cache and code cache handling.
R=yangguo@chromium.org
BUG=439889
LOG=N
Review URL: https://codereview.chromium.org/781203003
Cr-Commit-Position: refs/heads/master@{#25708}
When compiling with the macro DCHECK_ALWAYS_ON defined, DCHECKs and
supporting code gets compiled and enabled.
This increases test coverage for chromium release buildbots
BUG=v8:3731
R=jkummerow@chromium.org
LOG=y
Review URL: https://codereview.chromium.org/760213005
Cr-Commit-Position: refs/heads/master@{#25701}
This introduces Hydrogen for %_GetPrototype. The code falls back on
runtime if the object needs access checks or if its prototype is a
hidden prototype.
BUG=None
LOG=Y
R=dslomov@chromium.org
Review URL: https://codereview.chromium.org/756423006
Cr-Commit-Position: refs/heads/master@{#25694}
Achieve more than parity with modes currently handled on ia32 in preparation for
porting the entire mechanism to ia32, including supporting mul of constants 3,
5 and 9 with "leal" instructions.
TEST=unittests
Review URL: https://codereview.chromium.org/774193003
Cr-Commit-Position: refs/heads/master@{#25677}
This is an initial version of redundant load elimination, currently
limited to LoadField operators, and implemented by walking the effect
chain.
TEST=unittests
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/782473002
Cr-Commit-Position: refs/heads/master@{#25673}
These methods for used for compressed libraries, where GetSource* functions
contained the compressed sources and [GS]etRawSource* the uncompressed
sources. This is dead code since the API no longer supports compression.
(If you need/want compressed sources, use the external startup data and
compress/uncompress on the Embedder's side.)
BUG=
Review URL: https://codereview.chromium.org/772853003
Cr-Commit-Position: refs/heads/master@{#25666}
If we hade }` the right brace was always treated as part of the
template literal. We should only treat the right brace as part of
the literal when we continue to parse the template literal after a
placeholder.
BUG=v8:3734
LOG=Y
Review URL: https://codereview.chromium.org/778813003
Cr-Commit-Position: refs/heads/master@{#25661}
This adds a common perf configuration for JSTests including
Classes, Collections, Iterators and Strings. This allows
the android test runner to handle subdirectories correctly
and to share the base.js resource in the parent directory.
The new json config has added resources configs for the
Android runner.
The perf runner's relative paths on the device are fixed as
well. Resources are only pushed on the configuration node
where they are specified. They are pushed to a dir on the
device that follows the same directory structure as on the
host. The binary is executed in the benchmark folder on the
device like on the host to allow relative path file
loading.
BUG=chromium:374740
LOG=n
TEST=python -m unittest run_perf_test
TBR=ulan@chromium.org
NOTRY=true
Review URL: https://codereview.chromium.org/779923002
Cr-Commit-Position: refs/heads/master@{#25655}
Instead, make it possible for indifidual tests to pass "always true flags" which
are not part of the varying flag set.
The downside is that if an experimental flag changes parsing of some of the
unrelated code snippets, it's noticed later (only after the flag is turned on by
default). But this is a reasonable trade off for faster tests.
Additional fix: Some tests (ErrorsFutureStrictReservedWords) were using
always_flags incorrectly (running two different tests with different
always_flags basically iterates over every flag combination anyway - most of
them twice).
BUG=v8:3707
LOG=N
Review URL: https://codereview.chromium.org/772823002
Cr-Commit-Position: refs/heads/master@{#25628}
- Create a first-class Edge type.
- Separate node and edge iterators
- Make iterators only responsible for iteration
- Make it possible to modify the use edge iterator while iterating.
- Add the ability to update inputs to Edges directly.
Review URL: https://codereview.chromium.org/765983002
Cr-Commit-Position: refs/heads/master@{#25616}
This relands macroassembler instructions and weak cell caching and
does not include parts that caused "Linux ASan LSan" test failures.
BUG=v8:3663
LOG=N
Review URL: https://codereview.chromium.org/764003003
Cr-Commit-Position: refs/heads/master@{#25615}
Most of the run time came from testing with all possible flag combinations. None
of the flags passed affect the test, and there are specialized tests for testing
the features behind the flags; no need to slow down the generic test.
With these changes, run time for debug build goes from 186 s to 0.5 s.
In addition, fixed some missing commas between the test cases.
R=svenpanne@chromium.org
BUG=v8:3707
LOG=N
Review URL: https://codereview.chromium.org/766673003
Cr-Commit-Position: refs/heads/master@{#25612}
Groups and implicit references are no longer relevant at this point.
Also add tests that fail if the first or second round of ephemeral
marking is omitted
BUG=none
R=mstarzinger@chromium.org,hpayer@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/761343004
Cr-Commit-Position: refs/heads/master@{#25606}
v8::Object already has GetIdentityHash on it. This change adds its counterpart to v8::Name.
BUG=chromium:437416
LOG=Y
Review URL: https://codereview.chromium.org/753373003
Cr-Commit-Position: refs/heads/master@{#25598}
Only use "addl" and "subl" in cases that have been measured to be
faster (currently only immediate operations).
Review URL: https://codereview.chromium.org/735293004
Cr-Commit-Position: refs/heads/master@{#25580}
The %OptimizeFunctionOnNextCall sledgehammer can cause a function to be
marked for optimization before it's ever been compiled by fullcode.
This can lead to the situation where a function doesn't have optimization
disabled until we try to compile it optimized.
Basically, the assert should just handle this case more gracefully.
R=yangguo@chromium.org
BUG=436893
LOG=Y
Review URL: https://codereview.chromium.org/760063002
Cr-Commit-Position: refs/heads/master@{#25528}
Per TC39 Nov 2014 decision.
This patch also changes behavior for "legacy const": assignments to sloppy const in strict mode is now also a type error. This fixes v8:2243 and also brings us in compliance with other engines re assignment to function names (see updated webkit test), but might have bigger implications.
That change can easily be reverted by changing Variable::IsSignallingAssignmentToConst.
BUG=v8:3713,v8:2243
LOG=N
Review URL: https://codereview.chromium.org/749633002
Cr-Commit-Position: refs/heads/master@{#25516}
Running this in x64.release mode on a powerful HP620 takes 4 seconds,
this is at least 2 orders of magnitude too slow and leads to tons of
false positives on our build bots due to timeouts. As it is, the
cost-benefit ratio is far too low.
The whole approach needs to be changed: Instead of trying to exhaust
some search space in unit tests, this should be turned into a fuzzing
test where only a small but random number of things are tested. The
exhaustive approach can be done separately, but definitely not in the
unit tests.
BUG=v8:3707
Review URL: https://codereview.chromium.org/762743002
Cr-Commit-Position: refs/heads/master@{#25510}
Follow-up to 87db4ff1f4, which added
suppressions to unittests.status and a special case for Android to the
ThreadLocalStorageTest, both of which are unneccessary and should be
handled differently for the GTest based unittests.
BUG=v8:3706
LOG=n
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/757913002
Cr-Commit-Position: refs/heads/master@{#25495}
cctest/test-threads/ThreadJoinSelf is suppressed for Android, but the
test has since been moved to unittests/Thread.SelfJoin. Move the
suppression to unittests.status.
unittests/ThreadLocalStorageTest.DoTest fails on older Android devices
as it assumes the availability of more TLS slots than many devices
implement. Test a smaller number of slots (32) on Android. Remove old
suppression of test-platform-tls/FastTLS (which no longer exists).
cctest/test-mark-compact/RegressJoinThreadsOnIsolateDeinit can't deal
with shared mappings. Check for 's' instead of '-'.
BUG=v8:3706
LOG=
Review URL: https://codereview.chromium.org/735863003
Cr-Commit-Position: refs/heads/master@{#25492}
Resets the scaled exponent to 0 when the scaling match fails.
BUG=
Review URL: https://codereview.chromium.org/756643002
Cr-Commit-Position: refs/heads/master@{#25491}
They generally cause regressions on most modern Intel chips. Replace them with
addl/subl.
Review URL: https://codereview.chromium.org/737153003
Cr-Commit-Position: refs/heads/master@{#25466}
The bug was an error when copying arrays in crankshaft. If it's a holey smi
array, the copy must be done as FAST_HOLEY_ELEMENTS to prevent representation
changes from being inserted that deopt on encountering the hole.
Also, prevent inlining array pop() and shift() if the length is read-only.
BUG=435073
LOG=N
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/737383002
Cr-Commit-Position: refs/heads/master@{#25455}
if there is not enough type-feedback to detect that f is Function.prototype.apply.
BUG=v8:3709
LOG=N
TEST=mjsunit/regress/regress-3709
Review URL: https://codereview.chromium.org/736043002
Cr-Commit-Position: refs/heads/master@{#25447}
If we run out of code range, then GC wouldn't be able to compact code space,
because it wouldn't be able to allocate a new page. This can cause code space
fragmentation and OOM crashes.
BUG=chromium:430118
LOG=Y
Review URL: https://codereview.chromium.org/742733002
Cr-Commit-Position: refs/heads/master@{#25441}
- Use "leal" for subtraction of integer constant when non-constant input to
subtract is used more than once.
- Use "incl", "decl", and "addl" when they are smaller/cheaper than their
leal/addl/subl equivalant.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/738073002
Cr-Commit-Position: refs/heads/master@{#25439}
JavaScript shifts perform an implicit '& 0x1F' on their right operand, this
patch removes it when the underlying architecture already does it.
BUG=
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/732103002
Cr-Commit-Position: refs/heads/master@{#25438}
There are separated JS and C stacks on simulators so for some stack
extensive tests (like mozilla/js1_5/extensions/regress-355497) might
cause a C stack overflow and that overflow is not caught by V8. It is
not an issue on real HW. Increasing the C stack also solves the problem
but we have already FLAG_sim_stack_size flag to control the JS stack
size.
This patch makes it possible to add flags to tests conditionally in
.status files.
TEST=mozilla/js1_5/extensions/regress-355497
BUG=v8:3152
LOG=N
Review URL: https://codereview.chromium.org/735723006
Cr-Commit-Position: refs/heads/master@{#25434}
Since checking all possible combinations is taking so long this
reduces the test to test the odd cases (let, yield and static) as
well as a single ordinary case.
BUG=v8:3707
LOG=n
Review URL: https://codereview.chromium.org/724713004
Cr-Commit-Position: refs/heads/master@{#25428}
Skip one hard fail, and two frequent flakes while we investigate.
BUG=
NOTRY=true
Review URL: https://codereview.chromium.org/728653004
Cr-Commit-Position: refs/heads/master@{#25418}
First step towards replacing PropertyType with two enums: {DATA,ACCESSOR} x {CONST,WRITABLE}.
Review URL: https://codereview.chromium.org/733253004
Cr-Commit-Position: refs/heads/master@{#25417}
Reduces dependencies on #include files, making it easier for other
build systems to include this library.
BUG=
Review URL: https://codereview.chromium.org/740493002
Cr-Commit-Position: refs/heads/master@{#25408}
This essentially performs the following transformation
JSToNumber(phi(x1,...,xn,control):primitive)
=> phi(JSToNumber(x1),...,JSToNumber(xn),control):number
which is similar to what we already do for JSToBoolean.
TEST=mjsunit/asm
R=svenpanne@chromium.org
BUG=
Review URL: https://codereview.chromium.org/732463003
Cr-Commit-Position: refs/heads/master@{#25390}
We add a new ScopeType, ScopeType.Script. The scope with
ScopeType.Script is always present in the scope chain (ScopeIterator
fakes it if neededi - i.e. if ScriptContext for a script has not been
allocated since that script has no lexical declarations).
ScriptScope reflects ScriptContextTable.
R=yurys@chromium.org,yangguo@chromium.org
BUG=v8:3690
LOG=N
Review URL: https://codereview.chromium.org/726643002
Cr-Commit-Position: refs/heads/master@{#25383}
Don't use the generic algorithm, but instead start going into the
direction of ControlReducer, using a stack plus a revisit queue to
not miss any more possibilities for reductions anymore.
TEST=cctest,unittests
R=dcarney@chromium.org
Committed: f047507370
Committed: 6e148989a4
Review URL: https://codereview.chromium.org/726513002
Cr-Commit-Position: refs/heads/master@{#25377}
With Int32Add we lose the int/uint distinction, so later, in simplified lowering we can make a wrong decision. E.g., see the attached test case, where we lower NumberAdd -> Int32Add because inputs are Uint32, but during simplified lowering we change the inputs to Int32, so we get a wrong result.
Simplified lowering will lower the NumberAdd operations anyway, so we should lose performance.
BUG=
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/721723004
Cr-Commit-Position: refs/heads/master@{#25368}
If a class extends another class and it doesn't provide a constructor,
one is created for them. We therefore need to ensure that stepping into
the constructor steps into the super class constructor.
BUG=v8:3674
LOG=Y
R=dslomov@chromium.org, aandrey , yurys
Review URL: https://codereview.chromium.org/725983002
Cr-Commit-Position: refs/heads/master@{#25366}
This requires putting the original loop's body inside an inner for loop (with
the same labels as the original loop) and re-binding the temp variables in its
"next" expression. A second flag is added to the desugared code to ensure the
loop body executes at most once per loop.
BUG=v8:3683
LOG=y
Review URL: https://codereview.chromium.org/720863002
Cr-Commit-Position: refs/heads/master@{#25363}
Named class declarations and class expression have a const binding for
the name that is in TDZ for the extends expression.
BUG=v8:3330
LOG=Y
R=dslomov@chromium.org, adamk
Review URL: https://codereview.chromium.org/722793005
Cr-Commit-Position: refs/heads/master@{#25360}
Don't use the generic algorithm, but instead start going into the
direction of ControlReducer, using a stack plus a revisit queue to
not miss any more possibilities for reductions anymore.
TEST=cctest,unittests
R=dcarney@chromium.org
Committed: f047507370
Review URL: https://codereview.chromium.org/726513002
Cr-Commit-Position: refs/heads/master@{#25345}
Revert "Fix for an assertion failure in Map::FindTransitionToField(...). Appeared after r25136."
This revert is made in order to revert r25099 which potentially causes renderer hangs.
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/722873004
Cr-Commit-Position: refs/heads/master@{#25332}
Don't use the generic algorithm, but instead start going into the
direction of ControlReducer, using a stack plus a revisit queue to
not miss any more possibilities for reductions anymore.
TEST=cctest,unittests
R=dcarney@chromium.org
Review URL: https://codereview.chromium.org/726513002
Cr-Commit-Position: refs/heads/master@{#25326}
There's no need to apply the 0x1f mask to right hand sides of shifts if
the input is already in range [0,31].
TEST=cctest,unittests
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/718193003
Cr-Commit-Position: refs/heads/master@{#25313}
This is currently done by generating a default constructor that looks
like this:
constructor() {
%DefaultConstructorSuperCall();
}
The a runtime function implements the logic which is pretty similar to
Runtime_Apply except that it uses the [[Prototype]] of the current
function.
This is the second try. The first failed because the test was using a
array that was too large for Function.prototype.apply.
Revert "Revert "Classes: Add support for arguments in default constructor""
This reverts commit 43aa7e541df56a132608b8b4217e9da84575e4f8.
BUG=v8:3672
LOG=Y
TBR=dslomov@chromium.org
Review URL: https://codereview.chromium.org/716853003
Cr-Commit-Position: refs/heads/master@{#25272}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25272 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This is currently done by generating a default constructor that looks
like this:
constructor() {
%DefaultConstructorSuperCall();
}
The a runtime function implements the logic which is pretty similar to
Runtime_Apply except that it uses the [[Prototype]] of the current
function.
BUG=v8:3672
LOG=Y
R=dslomov@chromium.org
Review URL: https://codereview.chromium.org/692333011
Cr-Commit-Position: refs/heads/master@{#25268}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25268 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This relands commit ea74f0f85a.
The revert was due to failures in cctest/test-heap/ReleaseOverReservedPages,
caused by apparent changes to memory layout and fragmentation of the
first page. Eliminating a situation in messages.js where this CL has had
an effect on map transitions seems to solve the issue.
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/714883003
Cr-Commit-Position: refs/heads/master@{#25266}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25266 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Lowering of NumberToUint32 and NumberToInt32 was not correctly accounting for the sign of the input and the sign of the output, emitting the wrong representation changes.
Along the way, I've found cases where MachineOperatorBuilder would break if fed a machine type for loads or stores that was not cached, requiring MachineOperatorBuilder to take zone to allocate operators for these cases.
R=bmeurer@chromium.org, jarin@chromium.org
BUG=
Review URL: https://codereview.chromium.org/714613002
Cr-Commit-Position: refs/heads/master@{#25247}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25247 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This implements correct semantics for "extensible" top level lexical scope.
The entire lexical scope is represented at runtime by GlobalContextTable, reachable from native context and accumulating global contexts from every script loaded into the context.
When the new script starts executing, it does the following validation:
- checks the GlobalContextTable and global object (non-configurable own) properties against the set of declarations it introduces and reports potential conflicts.
- invalidates the conflicting PropertyCells on global object, so that any code depending on them will miss/deopt causing any contextual lookups to be reexecuted under the new bindings
- adds the lexical bindings it introduces to the GlobalContextTable
Loads and stores for contextual lookups are modified so that they check the GlobalContextTable before looking up properties on global object, thus implementing the shadowing of global object properties by lexical declarations.
R=adamk@chromium.org, rossberg@chromium.org
Review URL: https://codereview.chromium.org/705663004
Cr-Commit-Position: refs/heads/master@{#25220}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25220 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
The spec explicitly forbids them. V8 never handled them properly either, just
the Scanner accepted them (it had code to add them literally to the
LiteralBuffer) and later on, Regexp constructor disallowed them.
According to the spec, unicode escapes in regexp flags should be an early error
("It is a Syntax Error if IdentifierPart contains a Unicode escape sequence.").
Note that Scanner is still more relaxed about regexp flags than the
spec. Especially, it accepts any identifier parts (not just a small set of
letters) and doesn't check for duplicates.
R=rossberg@chromium.org
Review URL: https://codereview.chromium.org/700373003
Cr-Commit-Position: refs/heads/master@{#25215}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25215 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
During generation code and relocation info are generated simultaneously.
When code generation is done you each code object has associated "relocation info".
Relocation information lets V8 to mark interesting places in the generated code: the pointers that might need to be relocated (after garbage collection),
correspondences between the machine program counter and source locations for stack walking.
This patch:
1. Add more source positions info in reloc info to make it suitable for source level mapping.
The amount of data should not be increased dramatically because (1) V8 already marks interesting places in the generated code and
(2) V8 does not write redundant information (it writes a pair (pc_offset, pos) only if pos is changed and skips other).
I measured it on Octane benchmark - for unoptimized code the number of source positions may achieve 2x ('lin_solve' from NavierStokes benchmark).
2. When a sample happens, CPU profiler finds a code object by pc, then use its reloc info to match the sample to a source line.
If a source line is found that hit counter is increased by one for this line.
3. Add a new public V8 API to get the hit source lines by CDT CPU profiler.
Note that it's expected a minor patch in Blink to pack the source level info in JSON to be shown.
4.Add a test that checks how the samples are distributed through source lines.
It tests two cases: (1) relocation info created during code generation and (2) relocation info associated with precompiled function's version.
Patch from Denis Pravdin <denis.pravdin@intel.com>;
R=svenpanne@chromium.org, yurys@chromium.org
Review URL: https://codereview.chromium.org/682143003
Patch from Weiliang <weiliang.lin@intel.com>.
Cr-Commit-Position: refs/heads/master@{#25182}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25182 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Emscripten requires little-endian arch. It has assertion for endianness:
assert(HEAPU8[0] === 255 && HEAPU8[3] === 0,
'Typed arrays 2 must be run on a little-endian system');
TEST=mjsunit/asm/embenchen/*
BUG=
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/708663003
Patch from Paul Lind <paul.lind@imgtec.com>.
Cr-Commit-Position: refs/heads/master@{#25177}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25177 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This contains the following changes squashed together:
- Switch BasicBlock::loop_end to be a basic block instead of an RPO.
- Switch ScheduleLate to use dominator depth instead of RPO.
- Switch ScheduleEarly to use dominator depth instead of RPO.
- Push out absolute RPO ordering everywhere else in the scheduler.
- Keep linked list of blocks in RPO order while scheduling.
- Switch from RPO number to depth for dominator calculation.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/696363002
Cr-Commit-Position: refs/heads/master@{#25138}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25138 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This is in preparation for making --harmony and --es-staging synonyms.
The only remaining difference currently is block-scoping, which is still
implied by --harmony, to avoid regressing on a long-available feature.
Also removes the special-casing of --harmony-proxies.
R=adamk@chromium.org
BUG=
Review URL: https://codereview.chromium.org/693153004
Cr-Commit-Position: refs/heads/master@{#25115}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25115 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
