- New invariant on union types: if the union has a range then the number
bits in the bitset must be cleared.
- Various tweaks in intersection and union to satisfy the invariant.
- Exposed and used representation bits in range types (and the Limits
helper class).
- Implemented Glb for ranges so that the Is predicate handles
ranges correctly.
- Change typer weakening so that it does not rely on GetRange.
However, the code still seems to be a bit fragile.
- Removed the Smi types from the type system core, instead introduced
Signed31, Unsigned30 and created constructors for Small(Un)Signed
that point to the right type for the architecture.
- Punched a hole in the config to be able to get to the isolate so
that it is possible to allocate heap numbers for newly created
ranges.
Patch by jarin@chromium.prg, original review here:
https://codereview.chromium.org/795713003/TBR=jarin@chromium.org
BUG=
Review URL: https://codereview.chromium.org/837723006
Cr-Commit-Position: refs/heads/master@{#26197}
Use std::numeric_limits<double>::quiet_NaN() and
std::numeric_limits<float>::quiet_NaN() instead.
Review URL: https://codereview.chromium.org/864803002
Cr-Commit-Position: refs/heads/master@{#26195}
It should be possible to create a concise method with the name
__proto__ without setting the [[Prototype]]. Similarly, property
name shorthands with the name __proto__ should define an own
property.
BUG=v8:3818
LOG=Y
R=adamk, dslomov@chromium.org
Review URL: https://codereview.chromium.org/858673002
Cr-Commit-Position: refs/heads/master@{#26172}
(1) --prof-cpp: Collects ticks like --prof, but ignores code creation events to reduce distortion (so all JS ticks will be "unaccounted"). Useful for profiling C++ code.
(2) --timed-range flag for tick processor: Ignores ticks before the first and after the last call to Date.now(). Useful for focusing on the timed section of a test.
Review URL: https://codereview.chromium.org/802333002
Cr-Commit-Position: refs/heads/master@{#26168}
This method circumvented JS semantics, and should not be used.
BUG=
Review URL: https://codereview.chromium.org/854493004
Cr-Commit-Position: refs/heads/master@{#26157}
See CompileTopLevel for similar logic which suppresses producing parser cache
when the debugger is active.
BUG=441130
LOG=n
Review URL: https://codereview.chromium.org/845643005
Cr-Commit-Position: refs/heads/master@{#26138}
- Make Node::Inputs and Node::Uses mostly STL compliant.
- Get rid of some pre-C++11 crappiness.
- Start moving unit tests from cctest to unittests.
- TrimInputCount() now tries to reserve inputs slots for
later appending.
- Fix numerous style guide violations.
TEST=cctest,unittests
R=dcarney@chromium.org
Review URL: https://codereview.chromium.org/851263002
Cr-Commit-Position: refs/heads/master@{#26098}
Hopefully we'll catch heap corruption earlier where identifying the
object that holds a stale pointer.
Speaking of staleness, also remove old debugging code.
BUG=chromium:128415
R=ulan@chromium.org,hpayer@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/843013005
Cr-Commit-Position: refs/heads/master@{#26095}
This time we simply undo the change introduced by the PPC port for
this test. No idea why it should be necessary, and Windows XP
obviously doesn't give us that much stack, anyway.
TBR=machenbach@chromium.org
Review URL: https://codereview.chromium.org/826833003
Cr-Commit-Position: refs/heads/master@{#26093}
The test fails on XP only, so let's tentatively raise the stack limit more. We probably need to investigate what a tighter limit might be and (more importantly) what the underlying reason for the failure is.
Hopefully 1800kB is enough, we can't test this via try jobs, because we don't have XP try bots. :-/
R=machenbach@chromium.org
Review URL: https://codereview.chromium.org/791693005
Cr-Commit-Position: refs/heads/master@{#26092}
This adds support for computed property names, under the flag
--harmony-computed-property-names, for both object literals and
classes.
This is a revert of the revert, 7d48fd9dc2.
BUG=v8:3754
LOG=Y
R=dslomov@chromium.org
Review URL: https://codereview.chromium.org/798243004
Cr-Commit-Position: refs/heads/master@{#26084}
The MISS handler was being called when the receiver was a Smi, instead,
we should recognize the case and use the heap number map.
BUG=
Review URL: https://codereview.chromium.org/854623002
Cr-Commit-Position: refs/heads/master@{#26076}
Math functions:
Some Math functions require typed arrays for their implementation. The embedded
script may call those Math functions. The serializer needs to deal with this.
Added assertion to make sure no other typed array is created when snapshotting.
Number-string cache:
We assume that the initial snapshot does not expand the number-string cache.
This is no longer true for custom heap snapshots.
Bound functions:
Bound functions store the bound arguments in a COW fixed array, including the
bindee function. COW arrays are serialized into the startup snapshot and
referenced in the partial snapshot via partial snapshot cache. However, the
bindee function is context-dependent and must not be part of the startup
snapshot. There is no need for bound functions to use a COW array though.
R=jochen@chromium.org
Review URL: https://codereview.chromium.org/851073002
Cr-Commit-Position: refs/heads/master@{#26072}
Support for it is slow and difficult to implement, and it's not used in
Blink. An embedder that uses this feature will have to check the
argument types itself.
BUG=none
R=dcarney@chromium.org
LOG=y
Review URL: https://codereview.chromium.org/848173002
Cr-Commit-Position: refs/heads/master@{#26058}
R=jochen@chromium.org
TEST=test-serialize/CustomContext{Des,S}erialization
Also test by
- make ia32.debug embedscript=<full path to mjsunit.js>
- d8 -e "assertDoesNotThrow('print(1)')"
Review URL: https://codereview.chromium.org/846023002
Cr-Commit-Position: refs/heads/master@{#26035}
Since we have a special guard page at the beginning of the code range on
win64, we need to make sure to adjust the size of the free list
accordingly when creating it.
BUG=chromium:447555
R=hpayer@chromium.org
LOG=y
Review URL: https://codereview.chromium.org/843973002
Cr-Commit-Position: refs/heads/master@{#26012}
(Debug builds have --enable-slow-asserts, and with slow asserts each
assignment to the array in the prepare function will trigger a check
over the entire array. This turns it into n^2 work, for reasonably
large n.)
BUG=
Review URL: https://codereview.chromium.org/831953003
Cr-Commit-Position: refs/heads/master@{#26006}
- Use C++11 range based for loops.
- Remove duplicated virtual register set in unittests.
- Don't expose implementation details of InstructionSelector.
TEST=unittests
R=dcarney@chromium.org
Review URL: https://codereview.chromium.org/837423002
Cr-Commit-Position: refs/heads/master@{#25997}
- Move NodeMarker to its own file, and introduce a non
templatized base class.
- Cleanup the include hell.
- Sanitize the Node construction methods now that we
got rid of that GenericNode/GenericGraph stuff.
- Protect against NodeId overflow in Graph.
- Various minor cleanups.
TEST=cctest,mjsunit,unittests
Review URL: https://codereview.chromium.org/838783002
Cr-Commit-Position: refs/heads/master@{#25977}
Also support additional number types (singleton ranges, NaN and minus
zero) for constant propagation in typed lowering.
TEST=unittests
Review URL: https://codereview.chromium.org/829303002
Cr-Commit-Position: refs/heads/master@{#25963}
Test case LowerAnyToBoolean_tagged_tagged invokes "Linkage::GetStubCallDescriptor(...)"
function but this function is not implemented on turbofan unsupported platform.
BUG=
Review URL: https://codereview.chromium.org/836973002
Cr-Commit-Position: refs/heads/master@{#25960}
Introduce a new AnyToBoolean simplified operator to handle the later
lowering of boolean conversions. Previously we tried to hack that with
the generic JSToBoolean, having its context set to zero, but that lead
to various problems/bugs and did not handle all cases.
TEST=cctest,unittests
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/800833003
Cr-Commit-Position: refs/heads/master@{#25958}
This prevents eliminating effectful statements before the loop.
BUG=
Review URL: https://codereview.chromium.org/830923002
Cr-Commit-Position: refs/heads/master@{#25953}
We cannot just clear the result register optimistically, because the
register allocator might assign the same register to result and buffer.
TEST=mjsunit/compiler/regress-445858
BUG=chromium:445858
LOG=y
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/828303002
Cr-Commit-Position: refs/heads/master@{#25950}
Set a valid reason for disabling optimization when using
%NeverOptimizeFunction.
TEST=mjsunit/compiler/regress-445732
BUG=chromium:445732
LOG=y
TBR=machenbach@chromium.org
Review URL: https://codereview.chromium.org/832003002
Cr-Commit-Position: refs/heads/master@{#25949}
Change InstructionOperand to use a 64-bit field for encoding the operand
information instead of the 32-bit field that was used before. Ideally we
wouldn't use the Zone-allocated bit field at all, and use an integer
instead of the pointer; but that requires fixing the register allocator
first, which will take some time.
TEST=mjsunit/compiler/regress-3786
BUG=v8:3786
LOG=y
Review URL: https://codereview.chromium.org/826673002
Cr-Commit-Position: refs/heads/master@{#25941}
Also slightly refactor the NodeCache and CommonNodeCache classes to
reduce inherent overhead of caching.
TEST=cctest
Review URL: https://codereview.chromium.org/822923002
Cr-Commit-Position: refs/heads/master@{#25937}
This API is used by Blink to inform V8 about HTML frames being disposed.
Using the optional parameter, Blink can tell V8 whether the disposed
frame was a main frame. In that case, we might want to reset GC
parameters
BUG=none
R=hpayer@chromium.org
LOG=y
Review URL: https://codereview.chromium.org/823583003
Cr-Commit-Position: refs/heads/master@{#25926}
The CommonOperatorReducer currently takes care of redundant Phis,
EffectPhis and Selects. This functionality overlaps with ControlReducer,
but is required to make certain optimizations effective, since the
ControlReducer only runs really early and really late in the pipeline
and therefore other reducers aren't reapplied properly after redundant
phi/select elimination.
TEST=unittests
R=hpayer@chromium.org
Review URL: https://codereview.chromium.org/817243003
Cr-Commit-Position: refs/heads/master@{#25922}
The test driver doesn't know at the moment if optdebug 1 or 2 has been used (the first is used on the bots, the second
locally in quickcheck). It can't know therefore if slow
asserts can be enabled or not. Trying to enable them leads
to a warning if they weren't compiled, which causes webkit
1:1 text comparison to fail.
Review URL: https://codereview.chromium.org/819033002
Cr-Commit-Position: refs/heads/master@{#25921}
There might be a number of clients that would like to
setup an interrupt request on the Isolate.
The patch also deprecates ClearInterrupt API. As long as
the interrupt handler is called outside of locks there's no way
to guarantee that the handler will not be called after
ClearInterrupt was invoked as it might have already started execution.
Review URL: https://codereview.chromium.org/796623003
Cr-Commit-Position: refs/heads/master@{#25910}
This avoids touching the Array prototype, which may have been tampered with.
BUG=chromium:443982
LOG=n
Review URL: https://codereview.chromium.org/820503005
Cr-Commit-Position: refs/heads/master@{#25908}
Regular ICs in MONOMORPHIC and POLYMORPHIC state now hold onto maps with
WeakCells. Vector-based ICs should do the same.
R=ulan@chromium.org
Review URL: https://codereview.chromium.org/815953002
Cr-Commit-Position: refs/heads/master@{#25907}
This keeps dying maps alive for FLAG_retain_maps_for_n_gc garbage collections to increase chances of them being reused for new objects in future.
BUG=v8:3664
LOG=N
TEST=cctest/test-heap/MapRetaining
Review URL: https://codereview.chromium.org/794583003
Cr-Commit-Position: refs/heads/master@{#25887}
Reason for revert:
[sheriff] Still crashes on win32 (XP):
http://build.chromium.org/p/client.v8/builders/V8%20Win32%20-%201/builds/1380
Original issue's description:
> ES6 computed property names
>
> This adds support for computed property names, under the flag
> --harmony-computed-property-names, for both object literals and
> classes.
>
> This is a revert of the revert, a76419f0f4.
>
> This changes to do an early bailout in
> HOptimizedGraphBuilder::VisitObjectLiteral instead of doing that in the later
> loop.
>
> BUG=v8:3754
> LOG=Y
> TBR=dslomov@chromium.orgTBR=dslomov@chromium.org,arv@chromium.org
NOTREECHECKS=true
NOTRY=true
BUG=v8:3754
Review URL: https://codereview.chromium.org/811593004
Cr-Commit-Position: refs/heads/master@{#25872}
This adds support for computed property names, under the flag
--harmony-computed-property-names, for both object literals and
classes.
This is a revert of the revert, a76419f0f4.
This changes to do an early bailout in
HOptimizedGraphBuilder::VisitObjectLiteral instead of doing that in the later
loop.
BUG=v8:3754
LOG=Y
TBR=dslomov@chromium.org
Review URL: https://codereview.chromium.org/792233008
Cr-Commit-Position: refs/heads/master@{#25868}
The spec ended up using Get(unscopables, propertyName) and
comparing the result to undefined instead of using Has.
BUG=v8:3632
LOG=Y
R=adamk, dslomov@chromium.org
Review URL: https://codereview.chromium.org/807893002
Cr-Commit-Position: refs/heads/master@{#25854}
Reason for revert:
Crashes Win32. It was not flake.
Original issue's description:
> ES6 computed property names
>
> This adds support for computed property names, under the flag
> --harmony-computed-property-names, for both object literals and
> classes.
>
> This is a revert of the revert, a76419f0f4 with
> no changes. I cannot reproduce the issue on Win8.1 or WinXP. Letting the bots
> try again.
>
> BUG=v8:3754
> LOG=Y
> TBR=dslomov@chromium.orgTBR=dslomov@chromium.org
NOTREECHECKS=true
NOTRY=true
BUG=v8:3754
Review URL: https://codereview.chromium.org/807033003
Cr-Commit-Position: refs/heads/master@{#25853}
This adds support for computed property names, under the flag
--harmony-computed-property-names, for both object literals and
classes.
This is a revert of the revert, a76419f0f4 with
no changes. I cannot reproduce the issue on Win8.1 or WinXP. Letting the bots
try again.
BUG=v8:3754
LOG=Y
TBR=dslomov@chromium.org
Review URL: https://codereview.chromium.org/807173002
Cr-Commit-Position: refs/heads/master@{#25851}
This greatly reduces the number of nodes in the graph (by more than 20x in
some extreme cases) for the Emscripten python interpreter main function.
BUG=v8:3763
LOG=y
TEST=cctest,mjsunit,unittests
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/802353003
Cr-Commit-Position: refs/heads/master@{#25840}
The bug would occur when we try to Reset() to a position already at the end.
This happens e.g., when the regexp ends with \u. What used to happen in that
case: 1) Advance past \ and u (to the end) (which wouldn't increase next_pos_
enough) 2) Try to parse 4 hex digits 3) When that failed, Reset() to the
position which should've been at the end but wasn't.
To be able to properly Reset() to a position at the end, we need to allow
next_pos_ to move beyond the end (since position() is next_pos_ - 1).
Minimal repro case:
var r = /foo\u/
r.test("foou") // should be true, was false.
(Note that \u not followed by 4 hex didits should be interpreted as an identity
escape. It already worked unless \u was at the end of the regexp.)
BUG=v8:3756
LOG=NO
Review URL: https://codereview.chromium.org/802313003
Cr-Commit-Position: refs/heads/master@{#25838}
Relanded with fix for always returning Change for PlainPrimitive even
if there was no change. The performance regression on primes.js and
corrections.js is due to unlucky loop header alignment; will be addressed
separately.
TEST=unittests
R=svenpanne@chromium.org
Committed: 75484e8d16
Review URL: https://codereview.chromium.org/799413002
Cr-Commit-Position: refs/heads/master@{#25832}
This adds support for computed property names, under the flag
--harmony-computed-property-names, for both object literals and
classes.
BUG=v8:3754
LOG=Y
Review URL: https://codereview.chromium.org/795573005
Cr-Commit-Position: refs/heads/master@{#25821}
Keyed loads should not unconditionally be compiled to element loads. Update KeyedLoadICs to keep track of the key type, so that Hydrogen can emit ICs for string-keyed loads it doesn't have inline support for.
BUG=v8:3167
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/755513003
Cr-Commit-Position: refs/heads/master@{#25817}
This functionality is now used by both object visitor and store buffer.
TEST=cctest/test-unboxed-doubles
Review URL: https://codereview.chromium.org/726713003
Cr-Commit-Position: refs/heads/master@{#25816}
Add support for Symbol.isConcatSpreadable in Array.prototype.concat. This enables spreading non-Array objects with the symbol.
LOG=N
R=dslomov@chromium.org
BUG=
Review URL: https://codereview.chromium.org/771483002
Cr-Commit-Position: refs/heads/master@{#25808}
Such properties never notified prior to r21558, but the combination of
that change and r23163 led to sending notifications when they were
set via Object.defineProperty (but not when set via other means).
This also allows some cleanup in v8natives.js and objects.cc,
both of which were doing unnecessary contortions to produce the right
change records.
BUG=v8:3745
LOG=n
Review URL: https://codereview.chromium.org/791243002
Cr-Commit-Position: refs/heads/master@{#25806}
To make space in the type bitset, remove Function, RegExp, and Buffer
types for now, since they aren't really relied upon anyway.
R=bmeurer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/795993002
Cr-Commit-Position: refs/heads/master@{#25776}
The instruction selector now selects pseudo instructions: CompareAndBranch or
TestAndBranch which are associated with their continuations so that generic
code in the code generator will treat them as branch instruction and will be
able to apply optimization like avoiding branches when the code can falltrhough.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/798553002
Cr-Commit-Position: refs/heads/master@{#25773}
V8 didn't report compile events on pause before this patch. These events can be important for listener. For example, DevTools allows user to execute some JS code on pause and needs to show correct stack trace in message from it.
BUG=396013
R=yurys@chromium.org
Review URL: https://codereview.chromium.org/781623004
Cr-Commit-Position: refs/heads/master@{#25767}
They both now run fast (due to utilizing transitions instead of always
creating new maps) and sealed or non-extensible objects can stay in
fast mode after transitioning.
This almost entirely reuses the code for transitioning objects
frozen by Object.freeze(), with the added benefit of freeing
up a bit on the map (we no longer keep track of frozen-ness,
as that bit wasn't used for anything interesting).
BUG=v8:3662,chromium:115960
LOG=y
Review URL: https://codereview.chromium.org/776143005
Cr-Commit-Position: refs/heads/master@{#25759}
Reason for revert:
For breaking the waterfall (run-json-stringify test).
Original issue's description:
> Avoid number range holes in bitset types.
>
> BUG=
TBR=rossberg@chromium.org
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/794663002
Cr-Commit-Position: refs/heads/master@{#25756}
Also fix the pushing of JSToBoolean into Phis and generalize it to
also include pushing into Selects.
TEST=cctest,unittests
Review URL: https://codereview.chromium.org/792463003
Cr-Commit-Position: refs/heads/master@{#25718}
This test case ( added by git: 4c7effe56e ).
should has different implementation for Turbofan and crankshaft.
BUG=
Review URL: https://codereview.chromium.org/774163005
Cr-Commit-Position: refs/heads/master@{#25713}
Blink already has code for handling invalid cached data. The attached test
ensures that cached data is gracefully rejected if it cannot be used.
This also unifies parser cache and code cache handling.
R=yangguo@chromium.org
BUG=439889
LOG=N
Review URL: https://codereview.chromium.org/781203003
Cr-Commit-Position: refs/heads/master@{#25708}
When compiling with the macro DCHECK_ALWAYS_ON defined, DCHECKs and
supporting code gets compiled and enabled.
This increases test coverage for chromium release buildbots
BUG=v8:3731
R=jkummerow@chromium.org
LOG=y
Review URL: https://codereview.chromium.org/760213005
Cr-Commit-Position: refs/heads/master@{#25701}
This introduces Hydrogen for %_GetPrototype. The code falls back on
runtime if the object needs access checks or if its prototype is a
hidden prototype.
BUG=None
LOG=Y
R=dslomov@chromium.org
Review URL: https://codereview.chromium.org/756423006
Cr-Commit-Position: refs/heads/master@{#25694}
Achieve more than parity with modes currently handled on ia32 in preparation for
porting the entire mechanism to ia32, including supporting mul of constants 3,
5 and 9 with "leal" instructions.
TEST=unittests
Review URL: https://codereview.chromium.org/774193003
Cr-Commit-Position: refs/heads/master@{#25677}
This is an initial version of redundant load elimination, currently
limited to LoadField operators, and implemented by walking the effect
chain.
TEST=unittests
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/782473002
Cr-Commit-Position: refs/heads/master@{#25673}
These methods for used for compressed libraries, where GetSource* functions
contained the compressed sources and [GS]etRawSource* the uncompressed
sources. This is dead code since the API no longer supports compression.
(If you need/want compressed sources, use the external startup data and
compress/uncompress on the Embedder's side.)
BUG=
Review URL: https://codereview.chromium.org/772853003
Cr-Commit-Position: refs/heads/master@{#25666}
If we hade }` the right brace was always treated as part of the
template literal. We should only treat the right brace as part of
the literal when we continue to parse the template literal after a
placeholder.
BUG=v8:3734
LOG=Y
Review URL: https://codereview.chromium.org/778813003
Cr-Commit-Position: refs/heads/master@{#25661}
This adds a common perf configuration for JSTests including
Classes, Collections, Iterators and Strings. This allows
the android test runner to handle subdirectories correctly
and to share the base.js resource in the parent directory.
The new json config has added resources configs for the
Android runner.
The perf runner's relative paths on the device are fixed as
well. Resources are only pushed on the configuration node
where they are specified. They are pushed to a dir on the
device that follows the same directory structure as on the
host. The binary is executed in the benchmark folder on the
device like on the host to allow relative path file
loading.
BUG=chromium:374740
LOG=n
TEST=python -m unittest run_perf_test
TBR=ulan@chromium.org
NOTRY=true
Review URL: https://codereview.chromium.org/779923002
Cr-Commit-Position: refs/heads/master@{#25655}
Instead, make it possible for indifidual tests to pass "always true flags" which
are not part of the varying flag set.
The downside is that if an experimental flag changes parsing of some of the
unrelated code snippets, it's noticed later (only after the flag is turned on by
default). But this is a reasonable trade off for faster tests.
Additional fix: Some tests (ErrorsFutureStrictReservedWords) were using
always_flags incorrectly (running two different tests with different
always_flags basically iterates over every flag combination anyway - most of
them twice).
BUG=v8:3707
LOG=N
Review URL: https://codereview.chromium.org/772823002
Cr-Commit-Position: refs/heads/master@{#25628}
- Create a first-class Edge type.
- Separate node and edge iterators
- Make iterators only responsible for iteration
- Make it possible to modify the use edge iterator while iterating.
- Add the ability to update inputs to Edges directly.
Review URL: https://codereview.chromium.org/765983002
Cr-Commit-Position: refs/heads/master@{#25616}
This relands macroassembler instructions and weak cell caching and
does not include parts that caused "Linux ASan LSan" test failures.
BUG=v8:3663
LOG=N
Review URL: https://codereview.chromium.org/764003003
Cr-Commit-Position: refs/heads/master@{#25615}
Most of the run time came from testing with all possible flag combinations. None
of the flags passed affect the test, and there are specialized tests for testing
the features behind the flags; no need to slow down the generic test.
With these changes, run time for debug build goes from 186 s to 0.5 s.
In addition, fixed some missing commas between the test cases.
R=svenpanne@chromium.org
BUG=v8:3707
LOG=N
Review URL: https://codereview.chromium.org/766673003
Cr-Commit-Position: refs/heads/master@{#25612}
