This stub will be used as the basis of a Math.floor-specific CallIC to
detect and track calls to floor that return -0.
Along the way:
- Create a TurboFanCodeStub super class from which the StringLength and
MathRound TF stubs derive.
- Fix the ugly hack that passes the first stub parameter as the "this"
pointer in the the TF-compiled JS function.
- Fix bugs in the ia32/x64 disassembler.
Review URL: https://codereview.chromium.org/1137703002
Cr-Commit-Position: refs/heads/master@{#28339}
Reason for revert:
Shouldn't unconditionally load holes since it tanks performance. I'll change it in a follow-up to only do it if the IC ever saw it happen.
Original issue's description:
> Allow loading holes from holey smi arrays
>
> BUG=
>
> Committed: https://crrev.com/eab5bb5390fab79d063f29398377c6d181963dde
> Cr-Commit-Position: refs/heads/master@{#28298}
TBR=mvstanton@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1131203002
Cr-Commit-Position: refs/heads/master@{#28309}
Reason for revert:
[Sheriff] Breaks jetstream benchmark with errors like this:
>>> Running suite: JetStream/bigfib.cpp
>>> Stdout (#1):
undefined:93: ReferenceError: this is not defined
this['Module'] = Module;
^
ReferenceError: this is not defined
at eval (eval at __run (runner.js:13:3), <anonymous>:93:3)
at eval (native)
at __run (runner.js:13:3)
at Object.runSimpleBenchmark (runner.js:44:31)
at runner.js:97:13
Original issue's description:
> Resolve references to "this" the same way as normal variables
>
> Make the parser handle references to "this" as unresolved variables, so the
> same logic as for the rest of function parameters is used for the receiver.
> Minor additions to the code generation handle copying the receiver to the
> context, along with the rest of the function parameters.
>
> Based on work by Adrian Perez de Castro <aperez@igalia.com>.
>
> BUG=v8:2700
> LOG=N
>
> Committed: https://crrev.com/06a792b7cc2db33ffce7244c044a9c05afbb6116
> Cr-Commit-Position: refs/heads/master@{#28263}
TBR=rossberg@chromium.org,arv@chromium.org,wingo@igalia.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:2700
Review URL: https://codereview.chromium.org/1129723003
Cr-Commit-Position: refs/heads/master@{#28283}
Make the parser handle references to "this" as unresolved variables, so the
same logic as for the rest of function parameters is used for the receiver.
Minor additions to the code generation handle copying the receiver to the
context, along with the rest of the function parameters.
Based on work by Adrian Perez de Castro <aperez@igalia.com>.
BUG=v8:2700
LOG=N
Review URL: https://codereview.chromium.org/1130733003
Cr-Commit-Position: refs/heads/master@{#28263}
typeof was implemented as a runtime function. Calling it in
optimized code with a non-constant input becomes burdensome.
BUG=
Review URL: https://codereview.chromium.org/1114563003
Cr-Commit-Position: refs/heads/master@{#28260}
The Hydrogen representation for binops was never changed to care about the
language mode. We thought this was ok, but it turns out we need to keep track
of it to make sure inlining doesn't mess with the "strongness" of binops.
Also added more rigorous inlining testing.
BUG=v8:3956
LOG=N
Review URL: https://codereview.chromium.org/1123043002
Cr-Commit-Position: refs/heads/master@{#28253}
ArgumentsAdaptorStub for derived constructor (the one that needs
new.target) works in this way:
- If the constructor is invoked via the Construct stub, we know that
actual arguments always include new.target. ``arguments`` object
however should not include a new.target, therefore we remove it.
We achieve this by decrementing the argument count.
- If the constructor is invoked as a call, we do not care for a correct
``arguments`` array since the constructor will immediately throw on
entrance.
The bug is that the call could actually pass 0 actual arguments, but I
decrement unconditionally :(. The fix is to detect this case and avoid
decrementing. ``arguments`` is bogus, but it is ok as constructor
throws.
Long-term we should just remove mucking about with arguments for
new.target and just get it from the stack.
R=arv@chromium.org,rossberg@chromium.org
BUG=chromium:474783
LOG=Y
Review URL: https://codereview.chromium.org/1126783003
Cr-Commit-Position: refs/heads/master@{#28242}
Reason for revert:
nosnap failures
Original issue's description:
> Resolve references to "this" the same way as normal variables
>
> Make the parser handle references to "this" as unresolved variables, so the
> same logic as for the rest of function parameters is used for the receiver.
> Minor additions to the code generation handle copying the receiver to the
> context, along with the rest of the function parameters.
>
> Based on work by Adrian Perez de Castro <aperez@igalia.com>.
>
> BUG=
> LOG=N
>
> Committed: https://crrev.com/18619d355192e2699203d12d9ebb9caea107b693
> Cr-Commit-Position: refs/heads/master@{#28236}
TBR=rossberg@chromium.org,mstarzinger@chromium.org,dslomov@chromium.org,adamk@chromium.org,arv@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1113133006
Cr-Commit-Position: refs/heads/master@{#28238}
Reason for revert:
All sorts of performance regressions
Original issue's description:
> Collect type feedback on result of Math.[round|ceil|floor]
>
> By recording invocations of these builtins that can return -0, we now learn to not emit Crankshaft code that only handles integer results, avoiding deopt loops.
>
> Committed: https://crrev.com/f36ecaf3a4d61568ca50a20718acce7dd5da9a5f
> Cr-Commit-Position: refs/heads/master@{#28215}
TBR=mvstanton@chromium.org,bmeurer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1115973005
Cr-Commit-Position: refs/heads/master@{#28237}
Make the parser handle references to "this" as unresolved variables, so the
same logic as for the rest of function parameters is used for the receiver.
Minor additions to the code generation handle copying the receiver to the
context, along with the rest of the function parameters.
Based on work by Adrian Perez de Castro <aperez@igalia.com>.
BUG=
LOG=N
Review URL: https://codereview.chromium.org/1097283003
Cr-Commit-Position: refs/heads/master@{#28236}
When comparing a symbol to istself using <, <=, > or >= we need to
throw a TypeError. This is correctly handled in the runtime function
so if we are comparing a symbol fall back to use the runtime.
BUG=v8:4073
LOG=Y
R=rossberg@chromium.org
Review URL: https://codereview.chromium.org/1125783002
Cr-Commit-Position: refs/heads/master@{#28226}
By recording invocations of these builtins that can return -0, we now learn to not emit Crankshaft code that only handles integer results, avoiding deopt loops.
Review URL: https://codereview.chromium.org/1053143005
Cr-Commit-Position: refs/heads/master@{#28215}
Just give internal ones an ArrayBuffer with a NULL backing store. This
simplifies the access checks a lot.
BUG=v8:3996
R=hpayer@chromium.org,verwaest@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1109353003
Cr-Commit-Position: refs/heads/master@{#28168}
An initial 'code age' state that will turn into a 'pre-aging' code age only after it was executed the first time.
BUG=470930
LOG=Y
Review URL: https://codereview.chromium.org/1107233004
Cr-Commit-Position: refs/heads/master@{#28162}
If the array's map is the initial FastHoley array map, and the array prototype
chain is undisturbed and empty of elements, then keyed loads can convert the
load of a hole to undefined.
BUG=
Review URL: https://codereview.chromium.org/1100083002
Cr-Commit-Position: refs/heads/master@{#28056}
Implements the strong mode proposal's restrictions on
implicit conversions for binary arithmetic operations, not
including the + special case. Adds some infrastructure
for future implementation of the restrictions for other
operators.
BUG=v8:3956
LOG=N
Review URL: https://codereview.chromium.org/1092353002
Cr-Commit-Position: refs/heads/master@{#28045}
Calling new Array(JSObject::kInitialMaxFastElementArray) in optimized code
makes a stub call that bails out due to the length. Currently, the bailout
code a) doesn't have the allocation site, and b) wouldn't use it if it did
because the length is perceived to be too high.
This CL passes the allocation site to the stub call (rather than undefined),
and alters the bailout code to utilize the feedback.
BUG=
Review URL: https://codereview.chromium.org/1086873003
Cr-Commit-Position: refs/heads/master@{#27857}
AFAICT none of these can actually be triggered currently; but it's still good to harden the code a little.
Review URL: https://codereview.chromium.org/1058533007
Cr-Commit-Position: refs/heads/master@{#27848}
This adds a missing bailout id to a ForInStatement for when retrieving
and filtering a property name deoptimizes. This can happen with proxies
that have a getPropertyDescriptor trap.
R=jarin@chromium.org
TEST=mjsunit/for-in-opt
Review URL: https://codereview.chromium.org/1086083002
Cr-Commit-Position: refs/heads/master@{#27846}
This avoids both a mysterious boolean argument ("insert") and lets
non-mutating lookups skip passing an allocator (in one such case,
we were passing a scary-looking ZoneAllocationPolicy(NULL)!).
Review URL: https://codereview.chromium.org/1074943002
Cr-Commit-Position: refs/heads/master@{#27799}
They are content with a dummy vector, as MISSES won't result in
changing the real vector/slot at all.
BUG=
Review URL: https://codereview.chromium.org/1067573003
Cr-Commit-Position: refs/heads/master@{#27788}
Reason for revert:
Causes test failures on ARM bots related to cells and write barriers.
Original issue's description:
> Merge cellspace into old pointer space
>
> BUG=
>
> Committed: https://crrev.com/4e7163ce05f135918205c7855ae60a48e5d46cc5
> Cr-Commit-Position: refs/heads/master@{#27707}
TBR=hpayer@chromium.org,balazs.kilvady@imgtec.com,yangguo@chromium.org,verwaest@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1053243003
Cr-Commit-Position: refs/heads/master@{#27711}
Performance measurements show that the position independent code is
usually slightly faster than the position dependent code, and there
seems to be no noticable regression.
This also gets rid of a lot of support code that was only required to allow
embedding labels into the code stream. And it implies that neither the GC
nor the deserializer need to do anything for jump tables.
R=svenpanne@chromium.org
BUG=v8:3872
LOG=n
Review URL: https://codereview.chromium.org/1069633002
Cr-Commit-Position: refs/heads/master@{#27646}
This enables eager optimization of top-level code with TurboFan and
extends test coverage by triggering it with the --always-opt flag.
Script contexts are now also properly allocated in TurboFan.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1053063003
Cr-Commit-Position: refs/heads/master@{#27633}
Thanks to some careful assumptions, we can examine the object found at
vector[slot] and trust it's a heap object where the second field is
either a map if it's a WeakCell, or definitely not a map if it's a
Symbol, String or FixedArray. Use this to save a memory read.
BUG=
Review URL: https://codereview.chromium.org/1032163002
Cr-Commit-Position: refs/heads/master@{#27631}
Optimistically pushing a lot of arguments can run into the stack limit of the process, at least on operating systems where this limit is close to the limit that V8 sets for itself.
BUG=chromium:469768
LOG=y
Review URL: https://codereview.chromium.org/1056913003
Cr-Commit-Position: refs/heads/master@{#27614}
Previously, the only optimized code path for Maps and Sets was for String keys.
This was achieved through an implementation of various complex operations
in Hydrogen. This approach was neither scalable nor forward-compatible.
This patch adds the necessary intrinsics to implement Maps and Sets almost entirely
in JS. The added intrinsics are:
%_FixedArrayGet
%_FixedArraySet
%_TheHole
%_JSCollectionGetTable
%_StringGetRawHashField
With these additions, as well as a few changes to what's exposed as runtime functions,
most of the C++ code backing Maps and Sets is gone (including both runtime code in
objects.cc and Crankshaft in hydrogen.cc).
Review URL: https://codereview.chromium.org/947683002
Cr-Commit-Position: refs/heads/master@{#27605}
