Reason for revert:
ARM64 GCStress failure
Original issue's description:
> [crankshaft] Inline hasOwnProperty when used in fast-case for-in
>
> e.g.,
>
> for (var k in o) {
> if (!o.hasOwnProperty(k)) continue;
> ...
> }
>
> without enumerable properties on the prototype chain of o.
>
> BUG=
>
> Committed: https://crrev.com/dec80752eb344dfeb85588e61ac0afd22b11aadb
> Cr-Commit-Position: refs/heads/master@{#34379}
TBR=bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1748143004
Cr-Commit-Position: refs/heads/master@{#34380}
e.g.,
for (var k in o) {
if (!o.hasOwnProperty(k)) continue;
...
}
without enumerable properties on the prototype chain of o.
BUG=
Review URL: https://codereview.chromium.org/1742253002
Cr-Commit-Position: refs/heads/master@{#34379}
Operations on word size data must be word sized, and not word32.
Currently this only generates worse code, but in the future, it
might even generate wrong code, so we should better get this right
from the beginning.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1748953004
Cr-Commit-Position: refs/heads/master@{#34378}
The only place in fullcodegen, where we know for sure that a for-in loop
entered the slow-path is right before the potential call to %ForInFilter.
So there's no point in also updating the mode eagerly during ForInPrepare.
R=yangguo@chromium.org
BUG=v8:3650
LOG=n
Review URL: https://codereview.chromium.org/1749033002
Cr-Commit-Position: refs/heads/master@{#34377}
Rolling v8/base/trace_event/common to e40c41030f44cbd5b6f54081436620f43c3bb08a
Rolling v8/tools/clang to d53e60b4f31f03a6f719b13ed2de7389a4d89be4
TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
Review URL: https://codereview.chromium.org/1748313002
Cr-Commit-Position: refs/heads/master@{#34374}
This patch fixes %TypedArray%.from to follow the ES2016 draft spec
more precisely. Specifically, the input is first converted to an
ArrayLike, and then afterwards, the mapping function is run and the
results written into the TypedArray. This fixes a test262 test.
R=adamk
LOG=Y
BUG=v8:4782
Review URL: https://codereview.chromium.org/1743463004
Cr-Commit-Position: refs/heads/master@{#34373}
port d00da47b61462681b48e48bdff4a80a33da1a6d6(r34335)
original commit message:
The CompareICStub produces an untagged raw word value, which has to be
translated to true or false manually in the TurboFan code. But for lazy
bailout after the CompareIC, we immediately go back to fullcodegen or
Ignition with the raw value, to a location where both fullcodegen and
Ignition expect a boolean value, which might crash or in the worst case
(depending on the exact computation inside the CompareIC) could lead to
arbitrary memory access.
Short-term fix is to use the proper runtime functions (unified with the
interpreter now) for comparisons. Next task is to provide optimized
versions of these based on the CodeStubAssembler, which can then be used
via code stubs in TurboFan or directly in handlers in the interpreter.
BUG=
Review URL: https://codereview.chromium.org/1744923002
Cr-Commit-Position: refs/heads/master@{#34372}
Port fb59ea3334
Original commit message:
Since both null and undefined are also marked as undetectable now, we
can just test that bit instead of having the CompareNilIC try to collect
feedback to speed up the general case (without the undetectable bit
being used).
Drive-by-fix: Update the type system to match the new handling of
undetectable in the runtime.
R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1742333002
Cr-Commit-Position: refs/heads/master@{#34371}
The "each" slot is only actually used by ForIn, so this simply cleans
up a TODO of mine and removes an IsForOfStatement() call.
Review URL: https://codereview.chromium.org/1742013002
Cr-Commit-Position: refs/heads/master@{#34369}
This caused a runtime crash for Chrome built with clang on all
ChromeOs
arm32 platforms - ChromeOs chrome is using hardfp while this routine
returns false.
The fix is straightforward.
BUG=chromium:586219
TEST=built arm32 hardfp using clang and passed all tests.
LOG=N
Review URL: https://codereview.chromium.org/1733863002
Cr-Commit-Position: refs/heads/master@{#34367}
This is done by ensuring that the Arm64ClaimCSP instruction calls
AlignAndSetCSPForFrame when it's generated when the StackPointer() is set to
jssp.
LOG=N
Review URL: https://codereview.chromium.org/1746053002
Cr-Commit-Position: refs/heads/master@{#34365}
In order to track certain critical code-patters we will start adding
micro-benchmarks that reflect common requests on http://jsperf.com.
In this first CL a number of property enumeration methods are added,
in the hope to get a clearer picture on future regressions.
BUG=
Review URL: https://codereview.chromium.org/1702613002
Cr-Commit-Position: refs/heads/master@{#34364}
Rename the existing (patching) ToBooleanStub to ToBooleanICStub to match
our naming convention, and add a new TurboFan-powered ToBooleanStub,
which just does the ToBoolean conversion without any runtime call or
code patching, so we can use it for Ignition (and TurboFan).
Drive-by-fix: Add an Oddball::to_boolean field similar to the ones we
already have for to_string and to_number, so we don't need to actually
dispatch on the concrete Oddball at all.
R=epertoso@chromium.org, rmcilroy@chromium.org, yangguo@chromium.org
Review URL: https://codereview.chromium.org/1744163002
Cr-Commit-Position: refs/heads/master@{#34361}
Given that an additional map-check is inserted for function, we need to
check the underlying value.
BUG=
Review URL: https://codereview.chromium.org/1747753003
Cr-Commit-Position: refs/heads/master@{#34359}
This gets rid of the JavaScript wrapper. That way we can more quickly handle non-JSReceivers and indexed properties; and don't need to optimize the JavaScript wrapper either.
BUG=
Review URL: https://codereview.chromium.org/1742283002
Cr-Commit-Position: refs/heads/master@{#34356}
This ensures that the generated code output will match the reference code output
and fixes some failures when running tests natively.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1744493003
Cr-Commit-Position: refs/heads/master@{#34354}
port fcb83f2015afe63449f7ab070558e0c7f2accb47(r34273)
original commit message:
This optimization does not give us much (see perf try bot results associated with this CL) but complicates things a lot. The main motivation is to avoid additional complexity in tail call optim
There are some pieces left in the deoptimizer, but I'll address this in a separate CL.
BUG=
Review URL: https://codereview.chromium.org/1750433002
Cr-Commit-Position: refs/heads/master@{#34353}
port 55b4df7357557eb16377ad9227e4e0a4224b7885(r34303)
original commit message:
Only use one set of %StrictEquals/%StrictNotEquals and
%Equals/%NotEquals runtime entries for both the interpreter
and the old-style CompareICStub. The long-term plan is to
update the CompareICStub to also return boolean values, and
even allow some more code sharing with the interpreter there.
BUG=
Review URL: https://codereview.chromium.org/1743123002
Cr-Commit-Position: refs/heads/master@{#34352}
Since both null and undefined are also marked as undetectable now, we
can just test that bit instead of having the CompareNilIC try to collect
feedback to speed up the general case (without the undetectable bit
being used).
Drive-by-fix: Update the type system to match the new handling of
undetectable in the runtime.
R=danno@chromium.org
Committed: https://crrev.com/666aec0348c8793e61c8633dee7ad29a514239ba
Cr-Commit-Position: refs/heads/master@{#34237}
Review URL: https://codereview.chromium.org/1722193002
Cr-Commit-Position: refs/heads/master@{#34344}
Port d00da47b61
Original commit message:
The CompareICStub produces an untagged raw word value, which has to be
translated to true or false manually in the TurboFan code. But for lazy
bailout after the CompareIC, we immediately go back to fullcodegen or
Ignition with the raw value, to a location where both fullcodegen and
Ignition expect a boolean value, which might crash or in the worst case
(depending on the exact computation inside the CompareIC) could lead to
arbitrary memory access.
Short-term fix is to use the proper runtime functions (unified with the
interpreter now) for comparisons. Next task is to provide optimized
versions of these based on the CodeStubAssembler, which can then be used
via code stubs in TurboFan or directly in handlers in the interpreter.
R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=v8:4788
LOG=n
Review URL: https://codereview.chromium.org/1745643002
Cr-Commit-Position: refs/heads/master@{#34341}
Reason for revert:
Original commit reverted.
Original issue's description:
> PPC: [compiler] Drop the CompareNilIC.
>
> Port 666aec0348
>
> Original commit message:
> Since both null and undefined are also marked as undetectable now, we
> can just test that bit instead of having the CompareNilIC try to collect
> feedback to speed up the general case (without the undetectable bit
> being used).
>
> Drive-by-fix: Update the type system to match the new handling of
> undetectable in the runtime.
>
> R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
> BUG=
>
> Committed: https://crrev.com/546ea6b8393a894f07597ade5ec1c7db02c1e425
> Cr-Commit-Position: refs/heads/master@{#34266}
TBR=bmeurer@chromium.org,joransiu@ca.ibm.com,jyan@ca.ibm.com,michael_dawson@ca.ibm.com
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=
Review URL: https://codereview.chromium.org/1736253003
Cr-Commit-Position: refs/heads/master@{#34340}
This reland fixes a bug by pulling properties off the utils object, so
that it can be garbage collected in nosnap builds.
Original commit message:
Intl has been somewhat of an oddball for how it integrates with V8.
One aspect is that it largely didn't use utils to install itself
into the snapshot, which led to some missing names, which new
test262 tests check for, and duplicated code. This patch brings
Intl a bit closer to how the rest of the builtins do things, though
not entirely as it is currently structured to do unusual things,
such as creating new constructors from JavaScript rather than C++.
New test262 tests check for some of the names that are added in
this patch.
R=adamk
CC=jshin
BUG=v8:4778
LOG=Y
Review URL: https://codereview.chromium.org/1745483002
Cr-Commit-Position: refs/heads/master@{#34337}
Port 3ef573e9f1
Original commit message:
Replace the somewhat awkward RestParamAccessStub, which would always
call into the runtime anyway with a proper FastNewRestParameterStub,
which is basically based on the code that was already there for strict
arguments object materialization. But for rest parameters we could
optimize even further (leading to 8-10x improvements for functions with
rest parameters), by fixing the internal formal parameter count:
Every SharedFunctionInfo has a formal_parameter_count field, which
specifies the number of formal parameters, and is used to decide whether
we need to create an arguments adaptor frame when calling a function
(i.e. if there's a mismatch between the actual and expected parameters).
Previously the formal_parameter_count included the rest parameter, which
was sort of unfortunate, as that meant that calling a function with only
the non-rest parameters still required an arguments adaptor (plus some
other oddities). Now with this CL we fix, so that we do no longer
include the rest parameter in that count. Thereby checking for rest
parameters is very efficient, as we only need to check whether there is
an arguments adaptor frame, and if not create an empty array, otherwise
check whether the arguments adaptor frame has more parameters than
specified by the formal_parameter_count.
The FastNewRestParameterStub is written in a way that it can be directly
used by Ignition as well, and with some tweaks to the TurboFan backends
and the CodeStubAssembler, we should be able to rewrite it as
TurboFanCodeStub in the near future.
Drive-by-fix: Refactor and unify the CreateArgumentsType which was
different in TurboFan and Ignition; now we have a single enum class
which is used in both TurboFan and Ignition.
TEST=test/mjsunit/harmony/destructuring, test/mjsunit/harmony/default-parameters,
test/mjsunit/harmony/default-parameters, test/mjsunit/es6/classes-subclass-builtins,
BUG=
Review URL: https://codereview.chromium.org/1734273003
Cr-Commit-Position: refs/heads/master@{#34336}
The CompareICStub produces an untagged raw word value, which has to be
translated to true or false manually in the TurboFan code. But for lazy
bailout after the CompareIC, we immediately go back to fullcodegen or
Ignition with the raw value, to a location where both fullcodegen and
Ignition expect a boolean value, which might crash or in the worst case
(depending on the exact computation inside the CompareIC) could lead to
arbitrary memory access.
Short-term fix is to use the proper runtime functions (unified with the
interpreter now) for comparisons. Next task is to provide optimized
versions of these based on the CodeStubAssembler, which can then be used
via code stubs in TurboFan or directly in handlers in the interpreter.
R=mstarzinger@chromium.org
BUG=v8:4788
LOG=n
Review URL: https://codereview.chromium.org/1738153002
Cr-Commit-Position: refs/heads/master@{#34335}
Moves skips to explicit fails and groups errors be failure reason. Almost all failures
are due to lack of generator support.
BUG=v8:4680
LOG=N
TBR=oth@chromium.org
Review URL: https://codereview.chromium.org/1740843003
Cr-Commit-Position: refs/heads/master@{#34334}
