This only introduces the basic support for both SOFT and EAGER deopts in
TurboFan, but doesn't make use of SOFT deopts anywhere yet (there are
some other issues blocking that). Basically every Deoptimize operator
now has a DeoptimizeKind, which can be either kSoft or kEager.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1511883002
Cr-Commit-Position: refs/heads/master@{#32690}
I noticed that using --print-opt-code was producing output unreliably.
Upon investigation, it turns out OFStream's destructor was not marked
virtual. Fixing this fixes the problem, as ostream flushes at destruction.
BUG=
Review URL: https://codereview.chromium.org/1503383003
Cr-Commit-Position: refs/heads/master@{#32688}
Reconstructing which stdlib object is used within an asm.js
module seems wasteful, given the typer has already checked this.
Preserving this information in a form that can be queried in
the asm-wasm-builder which generating code.
BUG= https://code.google.com/p/v8/issues/detail?id=4203
TEST=test-asm-validator, test-parsing
R=titzer@chromium.org,marja@chromium.org,aseemgarg@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/1508003002
Cr-Commit-Position: refs/heads/master@{#32687}
Instead of iterating the whole map space to find dead transitions,
look in weak cell list and transition array list.
Simple transitions are in the weak cell list.
Full transitions are in the transitions array list.
BUG=chromium:554488
LOG=NO
Review URL: https://codereview.chromium.org/1488593003
Cr-Commit-Position: refs/heads/master@{#32684}
This was introduced due to a false positive by the linter script. We
have blacklisted the "build/include_what_you_use" linter bucket in our
presubmit.py wrapper for that reason.
R=jochen@chromium.org
Review URL: https://codereview.chromium.org/1509843002
Cr-Commit-Position: refs/heads/master@{#32679}
Rolling v8/build/gyp to 70ee80e82bacf2d7816a56f792bb33587b04c338
Rolling v8/tools/clang to 247bb6833987bc73051243230a1f3c949a9c9b92
TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
Review URL: https://codereview.chromium.org/1509093002
Cr-Commit-Position: refs/heads/master@{#32672}
The Promise::Chain logic is moved to a helper function to avoid
a violation of deprecated function usage.
R=rossberg,jochen
BUG=v8:3237
LOG=Y
Review URL: https://codereview.chromium.org/1477023002
Cr-Commit-Position: refs/heads/master@{#32670}
ECMAScript dates act as if the Gregorian changeover happened at the
beginning of time. This patch fixes up internationalized date
formatting to set that changeover properly, as opposed to the ICU
default which is in the 16th century.
BUG=chromium:537382
R=adamk,cira
LOG=Y
Review URL: https://codereview.chromium.org/1501113002
Cr-Commit-Position: refs/heads/master@{#32669}
Fix some minor issues that the linter is complaining about
R=jochen
Review URL: https://codereview.chromium.org/1507823002
Cr-Commit-Position: refs/heads/master@{#32667}
Deoptimization expects the context and function marker on the stack.
To let the register allocator control spilling of the live ranges
corresponding to these 2 operands, we need their use to be represented
accurately.
BUG= v8:4533
LOG=N
Review URL: https://codereview.chromium.org/1506903002
Cr-Commit-Position: refs/heads/master@{#32666}
Port 95844d94f3
Original commit message:
The new operator provides a second output which indicates whether the
conversion from float64 to int64 was successful or not. The second
output returns 0 if the conversion fails. If the conversion succeeds,
then the second output is differs from 0.
The second output can be ignored, which means that the operator can be
used the same way as the original operator.
I implemented the new operator on x64 and arm64. @v8-mips-ports and
@v8-ppc-ports, can you please take care of the mips64 and ppc64
implementation of the second output?
BUG=
TEST=cctest/test-run-machops/RunTryTruncateFloat64ToInt64WithCheck
Review URL: https://codereview.chromium.org/1503173002
Cr-Commit-Position: refs/heads/master@{#32664}
Error still to be done, since that's not yet available in the bootstrapper.
BUG=v8:3900, v8:3931, v8:1543, v8:3330
LOG=n
Review URL: https://codereview.chromium.org/1499923002
Cr-Commit-Position: refs/heads/master@{#32662}
Fixes code size multiplier of Arm64 based on generated code size of Octane.
Review URL: https://codereview.chromium.org/1504023002
Cr-Commit-Position: refs/heads/master@{#32661}
This adds a runtime flag that controls whether the WASM object is
exposed to JavaScript. While currently guarded by the V8_WASM build-time
flag, after landing in V8 the build-time flag will be removed, leaving
only this new runtime flag.
R=mstarzinger@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1507623002
Cr-Commit-Position: refs/heads/master@{#32657}
This patch improves escape analysis and fixes bugs
triggered by clusterfuzz. Impovements include:
* Handling of LoadElement/StoreElement if index is a
constant
* Handling of JSStoreProperty: invalidate all information,
as the store could have altered any field.
* Treat phis that use an allocation as escaping
* Improve resolution of replacements
R=mstarzinger@chromium.org
BUG=v8:4586
LOG=n
Review URL: https://codereview.chromium.org/1499143002
Cr-Commit-Position: refs/heads/master@{#32656}
This makes the strong link from optimized code to code objects for all
inlined functions explicit. It adds direct references to code objects
into deoptimization data as literals. Note that this is not necessarily
the code that will be deoptimized to, because the code on the shared
function info might be replaced by other components (e.g. debugger).
Those replacement code objects however are all non-flushable, marking
explicit strong links for reachability unnecessary.
R=hpayer@chromium.org
Review URL: https://codereview.chromium.org/1490233009
Cr-Commit-Position: refs/heads/master@{#32654}
The new operator provides a second output which indicates whether the
conversion from float64 to int64 was successful or not. The second
output returns 0 if the conversion fails. If the conversion succeeds,
then the second output is differs from 0.
The second output can be ignored, which means that the operator can be
used the same way as the original operator.
I implemented the new operator on x64 and arm64. @v8-mips-ports and
@v8-ppc-ports, can you please take care of the mips64 and ppc64
implementation of the second output?
R=titzer@chromium.org, v8-arm-ports@googlegroups.com
Review URL: https://codereview.chromium.org/1495213003
Cr-Commit-Position: refs/heads/master@{#32653}
The JSInliningHeuristic keeps a list of nodes, which might have been
killed by other reducers before the JSInliningHeuristic looks at it
again, so it has to check whether nodes are dead before trying to
expand them later (this is similar to what the ValueNumberingReducer
needs to do with its internal table).
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1508643002
Cr-Commit-Position: refs/heads/master@{#32652}
- Add JSReceiver::SetIntegrityLevel, with a fast path for regular objects.
- Make Object.{freeze,seal} call this via %Object{Freeze,Seal}, thus no longer
using broken or deprecated functions from v8natives.js.
- Add JSReceiver::OwnPropertyKeys convenience function.
- Reenable harmony/proxies-hash.js test.
R=rossberg
BUG=v8:1543
LOG=N
Review URL: https://codereview.chromium.org/1489423002
Cr-Commit-Position: refs/heads/master@{#32651}
port 086d459847 (r32644)
original commit message:
The backing store is only held alive indirectly via the array buffer
referenced by the holder (typed array), so it's not enough to keep the
elements alive (or even just the external pointer loaded from the
elements).
BUG=
Review URL: https://codereview.chromium.org/1503943002
Cr-Commit-Position: refs/heads/master@{#32648}
This makes the implementations of MacroAssembler::InvokeBuiltin go
through the InvokeFunctionCode helper on all architectures. This helper
knows how to correctly set up all registers (i.e. argument count and the
new target value).
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1488303008
Cr-Commit-Position: refs/heads/master@{#32646}
port 0ed0878041 (r32642)
original commit message:
There's no reason to limit the CompareIC to (known) JSObject instances,
as all JSReceivers behave the same wrt. abstract and strict equality.
So remove this historical limitation and track JSReceivers instead.
BUG=
Review URL: https://codereview.chromium.org/1501373003
Cr-Commit-Position: refs/heads/master@{#32645}
The backing store is only held alive indirectly via the array buffer
referenced by the holder (typed array), so it's not enough to keep the
elements alive (or even just the external pointer loaded from the
elements).
R=mstarzinger@chromium.org,bmeurer@chromium.org
LOG=n
BUG=v8:1827
Review URL: https://codereview.chromium.org/1493983004
Cr-Commit-Position: refs/heads/master@{#32644}
There's no reason to limit the CompareIC to (known) JSObject instances,
as all JSReceivers behave the same wrt. abstract and strict equality.
So remove this historical limitation and track JSReceivers instead.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1502963002
Cr-Commit-Position: refs/heads/master@{#32642}
