This adds a test case that ensures calling Debug.scripts without any
listener attached fails gracefully. For now we are throwing the string
"illegal access", this might change in the future to be a dedicated
exception.
R=yangguo@chromium.org
TEST=mjsunit/debug-scripts-throw
Review URL: https://codereview.chromium.org/1411193002
Cr-Commit-Position: refs/heads/master@{#31377}
Use %_ToLength for TO_LENGTH, implemented via a ToLengthStub
that supports a fast path for small integers. Everything else is still
handled in the runtime.
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_rel
BUG=v8:4494
LOG=n
Review URL: https://codereview.chromium.org/1412963002
Cr-Commit-Position: refs/heads/master@{#31358}
This removes all locally constructed SimplifiedOperatorBuilder instances
and uses the one passed along the JSGraph. It ensures that the correct
zone is used to allocate operators, no matter where the reducer is used.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1410003002
Cr-Commit-Position: refs/heads/master@{#31355}
This introduces an explicit lazy bailout. It is wrapped in the call
node, mostly because the lazy deoptimization processing is married
to the call processing in the instruction selector and the code generator.
It is still a terrible hack.
R=bmeurer@chromium.org,mstarzinger@chromium.org
BUG=chromium:543994,v8:4195
LOG=n
Review URL: https://codereview.chromium.org/1412443003
Cr-Commit-Position: refs/heads/master@{#31353}
Native context specialization now lowers monomorphic and
polymorphic accesses to data and constant data properties on
object and/or prototype chain. We don't deal with accessors
yet, and we also completely ignore proxies (which is compatible
with what Crankshaft does).
The code is more or less the straightforward implementation. We
will need to refactor that and extract common patterns once the
remaining bits for full load/store support is in.
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_rel
R=jarin@chromium.org
BUG=v8:4470
LOG=n
Committed: https://crrev.com/3a0bf860b7177f7abef01ff308a53603389d958e
Cr-Commit-Position: refs/heads/master@{#31340}
Review URL: https://codereview.chromium.org/1396333010
Cr-Commit-Position: refs/heads/master@{#31352}
Removes a branch that checks for a condition that has been checked on dominators of the branch.
This introduces a new reducer that propagates the list of checked conditions (and their boolean values) through the control flow graph. If it encounters a branch checking a condition with a known value, the branch is eliminated.
The analysis relies on loops being reducible: if a condition has been checked on all paths to loop entry, then it is checked in the loop (regardless what of the conditions checked inside the loop).
The implementation is fairly naive and could be improved:
- all the operation on the condition lists could be made allocation-free when revisited.
- we could try to use a map structure rather than a linked list (to make
lookups faster).
- the merging of control flow could be changed to take into account
conditions from non-dominating paths (as long as all paths check
the condition).
Review URL: https://codereview.chromium.org/1376293005
Cr-Commit-Position: refs/heads/master@{#31347}
Adds support for local context loads and stores. Also adds support for
creation of new block contexts (e.g., for let variables) and initializing
const / let variables with the hole appropriately.
Also adds some checks to ensure BytecodeArrayBuilder::context_count is set
appropriately and fixes tests to do so.
Adds the bytecode StaContextSlot.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1403943004
Cr-Commit-Position: refs/heads/master@{#31343}
Reason for revert:
Waterfall redness.
Original issue's description:
> [turbofan] Initial support for monomorphic/polymorphic property loads.
>
> Native context specialization now lowers monomorphic and
> polymorphic accesses to data and constant data properties on
> object and/or prototype chain. We don't deal with accessors
> yet, and we also completely ignore proxies (which is compatible
> with what Crankshaft does).
>
> The code is more or less the straightforward implementation. We
> will need to refactor that and extract common patterns once the
> remaining bits for full load/store support is in.
>
> CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_rel
> R=jarin@chromium.org
> BUG=v8:4470
> LOG=n
>
> Committed: https://crrev.com/3a0bf860b7177f7abef01ff308a53603389d958e
> Cr-Commit-Position: refs/heads/master@{#31340}
TBR=bmeurer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4470
Review URL: https://codereview.chromium.org/1408123002
Cr-Commit-Position: refs/heads/master@{#31341}
Native context specialization now lowers monomorphic and
polymorphic accesses to data and constant data properties on
object and/or prototype chain. We don't deal with accessors
yet, and we also completely ignore proxies (which is compatible
with what Crankshaft does).
The code is more or less the straightforward implementation. We
will need to refactor that and extract common patterns once the
remaining bits for full load/store support is in.
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_rel
R=jarin@chromium.org
BUG=v8:4470
LOG=n
Review URL: https://codereview.chromium.org/1396333010
Cr-Commit-Position: refs/heads/master@{#31340}
This fixes the lifetime of nodes created by JSGlobalSpecialization that
contain a simplified operator. In the case where this reducer runs as
part of the inliner, the SimplifiedOperatorBuilder was instantiated with
the wrong zone. This led to use-after-free of simplified operators.
To avoid such situations in the future, we decided to move this operator
builder into the JSGraph and make the situation uniform with all other
operator builders.
R=bmeurer@chromium.org
BUG=chromium:543528
LOG=n
Review URL: https://codereview.chromium.org/1409993002
Cr-Commit-Position: refs/heads/master@{#31334}
Reason for revert:
Failing: https://chromegw.corp.google.com/i/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/2115
Original issue's description:
> Reland of "[heap] Divide available memory upon compaction tasks"
>
> This reverts commit ec1046f9f8.
>
> Original message:
>
> [heap] Divide available memory upon compaction tasks
> - Fairly (round-robin) divide available memory upon compaction tasks.
> - Ensure an upper limit (of memory) since dividing is O(n) for n free-space
> nodes.
> - Refill from free lists managed by sweeper once a compaction space becomes
> empty.
>
> Assumption for dividing memory: Memory in the free lists is sparse upon starting
> compaction (which means that only few nodes are available), except for memory
> reducer GCs, which happen in idle time though (so it's less of a problem).
>
> BUG=chromium:524425
> LOG=N
>
> Committed: https://crrev.com/a805be73f6f97645450124f75c0f7417ec7b3e70
> Cr-Commit-Position: refs/heads/master@{#31329}
TBR=hpayer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:524425
Review URL: https://codereview.chromium.org/1412643002
Cr-Commit-Position: refs/heads/master@{#31332}
This reverts commit ec1046f9f8.
Original message:
[heap] Divide available memory upon compaction tasks
- Fairly (round-robin) divide available memory upon compaction tasks.
- Ensure an upper limit (of memory) since dividing is O(n) for n free-space
nodes.
- Refill from free lists managed by sweeper once a compaction space becomes
empty.
Assumption for dividing memory: Memory in the free lists is sparse upon starting
compaction (which means that only few nodes are available), except for memory
reducer GCs, which happen in idle time though (so it's less of a problem).
BUG=chromium:524425
LOG=N
Review URL: https://codereview.chromium.org/1399403002
Cr-Commit-Position: refs/heads/master@{#31329}
In the ES2015 spec, RegExp uses ToLength, not ToInteger, on lastIndex
to coerce it to an integer. This patch switches to ToLength when
the --harmony-tolength flag is on, and adds some tests to verify the
new behavior.
BUG=v8:4244
LOG=Y
R=adamk
Review URL: https://codereview.chromium.org/1394023005
Cr-Commit-Position: refs/heads/master@{#31306}
The runtime flag in question makes no sense, because the feature cannot
be disabled without keeping the snapshot in sync. We should avoid having
the flag in our "mjsunit" test suite, so that CluserFuzz doesn't pick it
up. The test in question is already skipped, the change will not affect
test results on our waterfall.
R=mvstanton@chromium.org
TEST=mjsunit/call-counts
BUG=v8:4458
LOG=n
Review URL: https://codereview.chromium.org/1409533003
Cr-Commit-Position: refs/heads/master@{#31302}
Reason for revert:
Weird endless loop in TopLevelLiveRange::Merge() due to always splitting first and not making progress. See comments, unfortunately no useable repro.
Original issue's description:
> [turbofan] Splinter into one range.
>
> Before this CL, we created one live range per successive set of
> deferred blocks. For scenarios with many such blocks, this creates
> an upfront pressure for the register allocator to deal with many ranges.
> Linear sorts ranges, which is a super-linear operation.
>
> The change places all deferred intervals into one range, meaning that,
> at most, there will be twice as many live ranges as the original set. In
> pathological cases (benchmarks/Compile/slow_nbody1.js), this change
> halves the compilation time. We see some improvements elsewhere,
> notably SQLite at ~4-5%.
>
> We may be able to avoid the subsequent merge. Its cost is the
> additional ranges it may need to create. The sole reason for the merge
> phase is to provide an unchanged view of the world to the subsequent
> phases. With the at-most-one splinter model, we may be able to teach
> the other phases about splintering - should we find perf hindrances
> due to merging.
>
> Committed: https://crrev.com/efdcd20267870276c5824f1ccf4e171ac378f7ae
> Cr-Commit-Position: refs/heads/master@{#31224}
TBR=jarin@chromium.org,mtrofin@google.com,mtrofin@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1403163003
Cr-Commit-Position: refs/heads/master@{#31300}
Even though the change is ES6 spec compliant, we decided to revert
to be consistent with other browsers and work on fixing the spec.
Original issue's description:
> Make dates default to the local timezone if none specified
>
> In ES5, dates were supposed to default to UTC if no timezone was specified. However, this changed in ES6, which specified that dates should be in the local timezone if no timezone was specified. This CL updates our behavior to match that part of the ES6 spec.
> BUG=chromium:391730, v8:4242
> LOG=Y
> Committed: https://crrev.com/f06754a8e1d305a43560705f6c167d85d40e602d
> Cr-Commit-Position: refs/heads/master@{#29854}
BUG=chromium:543320,chromium:539813
LOG=NO
Review URL: https://codereview.chromium.org/1403153003
Cr-Commit-Position: refs/heads/master@{#31295}
This is in preparation to enabling --turbo-inlining by default, fixing
various issues when general purpose inlining is running against our
entire test suite.
R=bmeurer@chromium.org
BUG=v8:4493
LOG=n
Review URL: https://codereview.chromium.org/1407533004
Cr-Commit-Position: refs/heads/master@{#31294}
This change add a new bytecode for operator new and implements it using
the Construct() builtin.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1402943002
Cr-Commit-Position: refs/heads/master@{#31293}
When the checker was added prohibiting lexical binding called let,
certain error propagation was not implemented properly. This patch
fixes that issue, which fixes error checking for cases such as
let [let]
BUG=v8:4403
R=adamk
LOG=N
Review URL: https://codereview.chromium.org/1409613003
Cr-Commit-Position: refs/heads/master@{#31289}
This adds a bit of boilerplate to some AstVisitors (they now have to
declare their own zone_ member and zone() accessor), but makes it clearer
what DEFINE_AST_VISITOR_SUBCLASS_MEMBERS is for: stack limit checking.
Review URL: https://codereview.chromium.org/1394303008
Cr-Commit-Position: refs/heads/master@{#31287}
Adds support for following operators
-Logical and
-Logical or
-Comma
Adds the above bytecodes, support to BytecodeGenerator and BytecodeArrayBuilder
to enable it's use, it's implementation and tests.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1399773002
Cr-Commit-Position: refs/heads/master@{#31281}
An identifier may be parsed in an object literal like {let}, but
this was previously left out of lexical name checking. This patch
adds that check to prohibit code like
let {let} = {let: 1}
BUG=v8:4403
LOG=N
R=adamk
Review URL: https://codereview.chromium.org/1401253003
Cr-Commit-Position: refs/heads/master@{#31278}
Section 8.10.5 9a specifies that a property descriptor cannot both have
accessors and specify the writability of the property. The previous
error message was misleading because it referred to writable rather
than specifying the writability (which includes writable: false).
BUG=v8:2536
LOG=N
Review URL: https://codereview.chromium.org/1399693003
Cr-Commit-Position: refs/heads/master@{#31273}
https://codereview.chromium.org/1343113003 introduced a separate InternalPackedArray constructor to the extras utils object, distinct from the one used by natives. However, it omitted the code to set up the methods for that InternalPackedArray. This makes all the basic manipulation methods available.
BUG=v8:4276
LOG=Y
R=jochen@chromium.org,yangguo@chromium.org
Review URL: https://codereview.chromium.org/1401243003
Cr-Commit-Position: refs/heads/master@{#31272}
For an edge case like the following in sloppy mode
with ({}) function f() {}
a lexical scope needs to be created around the body in order
to hold the function declaration, so it can be hoisted according
to a loose interpretation of Annex B 3.3 (loose because ES2015
does not permit a function declaration as the body of a with
statement). This patch adds that scope.
BUG=chromium:542100
LOG=N
R=adamk
Review URL: https://codereview.chromium.org/1404803002
Cr-Commit-Position: refs/heads/master@{#31269}
This patch fixes an obscure edge case for functions defined as the
direct body of a for-of/for-in loop, such as the following:
for (foo in []) function foo() { return foo; }
Here, the first occurrence of foo should point to the outer scope;
however, before this patch, it pointed to the inner foo in an
invalid way which caused an assertion about the scope chain to fail.
This patch fixes the scope chain by inserting an extra scope for
the body of the loop, not including the header.
BUG=chromium:542099
LOG=N
R=rossberg
Review URL: https://codereview.chromium.org/1396663004
Cr-Commit-Position: refs/heads/master@{#31268}
This CL re-purposes ValueEffect and Finish as delimiters for regions
that are scheduled atomically (renamed to BeginRegion, FinishRegion).
The BeginRegion node takes and produces an effect. For the uses that do
not care about the placement in the effect chain, it is ok to feed
graph->start() as an effect input.
The FinishRegion takes a value and an effect and produces a value and
an effect. It is important that any value or effect produced inside the
region is not used outside the region. The FinishRegion node is the only
way to smuggle an effect and a value out.
At the moment, this does not support control flow inside the region. Control flow would be hard.
During scheduling we do some sanity check, but the checks are not exhaustive. Here is what we check:
- the effect chain between begin and finish is linear (no splitting,
single effect input and output).
- any value produced is consumed by the FinishRegion node.
- no control flow outputs.
Review URL: https://codereview.chromium.org/1399423002
Cr-Commit-Position: refs/heads/master@{#31265}
The AccessorsTable has a non-deterministic iteration order depending on the
random seed. This means that the order of the accessor defines could vary
and the test which tried to set accessors on two different properties
could flakly fail due to the order not being as expected. To fix this I make
the test only do a setter on one property (the test-interpreter.cc test
does the check on multiple property accessors
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1404793002
Cr-Commit-Position: refs/heads/master@{#31264}
Support negate with shifted input on ARM64 by supporting lhs zero registers for
binary operations, and removing explicit Neg instruction support.
Review URL: https://codereview.chromium.org/1404093003
Cr-Commit-Position: refs/heads/master@{#31263}
Replaces the use of KeyedStoreICGeneric with a vector based KeyedStoreIC for
array literal computed stores now that there is a feedback vector slot for
these expressions. Removes KeyedStoreICGeneric bytecode since this is no
longer necessary.
BUG=v8:4280
LOG=N
TBR=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1400353002
Cr-Commit-Position: refs/heads/master@{#31262}
Adds Object literal support to the interpreter. Adds the following bytecodes:
- ToName
- CreateObjectLiteral.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1386313005
Cr-Commit-Position: refs/heads/master@{#31253}
Adds array literal support to the interpreter. Currently constructed
array elements don't have type feedback slots, so also adds support for
generic keyed store operations.
Adds the following bytecodes:
- CreateArrayLiteral
- KeyedStoreICGeneric
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1400753003
Cr-Commit-Position: refs/heads/master@{#31240}
Adds support for creation of new local function contexts (or script context for
top-level code). As part of this, also adds support for context push/pop
operations using a ContextScope object in BytecodeGenerator. Adds the following
bytecodes:
- PushContext
- PopContext
Support for inner contexts and loading from / storing to context allocated
variables will come in a future CL.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1379793004
Cr-Commit-Position: refs/heads/master@{#31238}
The flag for deactivating break points also affects stepping, since both
are implemented via debug break slots. Fixing this by introducing a new
flag solely responsible for deactivating actual break points.
R=mvstanton@chromium.org
BUG=chromium:119800
LOG=N
Review URL: https://codereview.chromium.org/1402913002
Cr-Commit-Position: refs/heads/master@{#31236}
- Fairly (round-robin) divide available memory upon compaction tasks.
- Ensure an upper limit (of memory) since dividing is O(n) for n free-space
nodes.
- Refill from free lists managed by sweeper once a compaction space becomes
empty.
Assumption for dividing memory: Memory in the free lists is sparse upon starting
compaction (which means that only few nodes are available), except for memory
reducer GCs, which happen in idle time though (so it's less of a problem).
BUG=chromium:524425
LOG=N
Review URL: https://codereview.chromium.org/1382003002
Cr-Commit-Position: refs/heads/master@{#31234}
Adds function literal support and add support for OTHER_CALLS which can be
made when calling a function literal.
Adds the CreateClosure bytecode.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1396693003
Cr-Commit-Position: refs/heads/master@{#31231}
Looking up 'name' and 'message' properties at the same time and loading
the properties later can cause assertion failure if one of the properties
is an accessor and calling it changes the holder map. That may invalidate
the other lookup.
R=jkummerow@chromium.org
BUG=chromium:542101
LOG=N
Review URL: https://codereview.chromium.org/1403923002
Cr-Commit-Position: refs/heads/master@{#31229}
Before this CL, we created one live range per successive set of
deferred blocks. For scenarios with many such blocks, this creates
an upfront pressure for the register allocator to deal with many ranges.
Linear sorts ranges, which is a super-linear operation.
The change places all deferred intervals into one range, meaning that,
at most, there will be twice as many live ranges as the original set. In
pathological cases (benchmarks/Compile/slow_nbody1.js), this change
halves the compilation time. We see some improvements elsewhere,
notably SQLite at ~4-5%.
We may be able to avoid the subsequent merge. Its cost is the
additional ranges it may need to create. The sole reason for the merge
phase is to provide an unchanged view of the world to the subsequent
phases. With the at-most-one splinter model, we may be able to teach
the other phases about splintering - should we find perf hindrances
due to merging.
Review URL: https://codereview.chromium.org/1391023007
Cr-Commit-Position: refs/heads/master@{#31224}
Previously, name conflicts between var and let declarations were only
made into exceptions if they were visible at parse-time. This patch adds
runtime checks so that sloppy-mode direct eval can't introduce conflicting
var declarations. The change is implemented by traversing the scope chain
when a direct eval introduces a var declaration to look for conflicting
let declarations, up to the function boundary.
BUG=v8:4454
R=adamk
LOG=Y
Review URL: https://codereview.chromium.org/1382513003
Cr-Commit-Position: refs/heads/master@{#31211}
-Bitwise Or
-Bitwise Xor
-Bitwise And
Adds the above bytecodes, support to BytecodeGenerator and BytecodeArrayBuilder to enable it's use, it's implementation and tests.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1386133002
Cr-Commit-Position: refs/heads/master@{#31210}
Reason for revert:
This still breaks Inbox.
Original issue's description:
> Stage --harmony_sloppy_function
>
> This patch turns on ES2015-style function hoisting semantics in
> staging. --harmony_sloppy_function was previously staged, leading
> to a number of bugs being filed and the staging being reversed;
> important bugs have been fixed, so it is time to try again.
>
> R=adamk
> LOG=Y
> BUG=v8:4285
>
> Committed: https://crrev.com/333e27fd99f8187c97e62b9538529900f0a30668
> Cr-Commit-Position: refs/heads/master@{#31190}
TBR=adamk@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4285
Review URL: https://codereview.chromium.org/1402763003
Cr-Commit-Position: refs/heads/master@{#31206}
Adds support for following operators
-Shift left
-Shift right
-Shift right logical
Adds the above bytecodes, support to BytecodeGenerator and BytecodeArrayBuilder
to enable it's use, it's implementation and tests.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1392913002
Cr-Commit-Position: refs/heads/master@{#31205}
The test had an effect phi with one effect input connected to a loop with two control inputs. Also, the Terminate node was used by the effect phi.
Review URL: https://codereview.chromium.org/1398763002
Cr-Commit-Position: refs/heads/master@{#31193}
This patch turns on ES2015-style function hoisting semantics in
staging. --harmony_sloppy_function was previously staged, leading
to a number of bugs being filed and the staging being reversed;
important bugs have been fixed, so it is time to try again.
R=adamk
LOG=Y
BUG=v8:4285
Review URL: https://codereview.chromium.org/1393423002
Cr-Commit-Position: refs/heads/master@{#31190}
Make the end position of a regexp literal the first character following the regexp. This matches the behaviour of number literals and string literals, as well as single-character tokens.
This change corrects the lazy-parsing of arrow functions with concise bodies, whose last token is a regular expression literal.
BUG=v8:4474
LOG=N
R=wingo@igalia.com, adamk@chromium.org, rossberg@chromium.org
Review URL: https://codereview.chromium.org/1389313003
Cr-Commit-Position: refs/heads/master@{#31189}
Not all register codes are safe for use on all architectures.
Using RegisterConfiguration when picking a calling convention
in test-multiple-return.
BUG=None
TEST=test-multiple-return
R=titzer@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/1401453002
Cr-Commit-Position: refs/heads/master@{#31188}
Without that, it has a few false positives about out-of-bounds array accesses.
Also makes the clang static-analyzer happy.
Original code review from Sven Panne:
https://codereview.chromium.org/790723002/
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_arm_dbg,v8_linux_arm64_dbg,v8_mac64_dbg,v8_win_compile_dbg,v8_linux_gcc_rel
Review URL: https://codereview.chromium.org/1393023003
Cr-Commit-Position: refs/heads/master@{#31185}
This will allow exploration of possibilities like passing around buffer base and length.
BUG=None
TEST=test-multiple-return
LOG=N
R=mtrofin@chromium.org,titzer@chromium.org
Review URL: https://codereview.chromium.org/1391333003
Cr-Commit-Position: refs/heads/master@{#31184}
This fixes several warnings when cross-building using GCC (since r31087,
5cf1c0b).
In particular, CPURegister::code() now returns 'int', matching the other
platforms (and the coding style guide). The rest of the patch consists
of similar changes to make this work.
BUG=
Review URL: https://codereview.chromium.org/1393043003
Cr-Commit-Position: refs/heads/master@{#31176}
Reason for revert:
Breaks Arm debug.
Original issue's description:
> Reland: Introduce a V8_NORETURN macro and use it to make GCC 4.9.2 happy again.
>
> Without that, it has a few false positives about out-of-bounds array accesses.
> Also makes the clang static-analyzer happy.
>
> Original code review from Sven Panne:
> https://codereview.chromium.org/790723002/
>
> CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_arm_dbg,v8_linux_arm64_dbg,v8_mac64_dbg,v8_win_compile_dbg
>
> Committed: https://crrev.com/93ae81101af68d81b7af84ea4046ea849e605116
> Cr-Commit-Position: refs/heads/master@{#31163}
TBR=jochen@chromium.org,karl@skomski.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1398643002
Cr-Commit-Position: refs/heads/master@{#31167}
Implements support for declaring global variables. Also adds support for loading
from and storing to both global and unallocated global variables. Adds the
following bytecodes:
- StoreGlobal
- LoadContextSlot
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1378523005
Cr-Commit-Position: refs/heads/master@{#31166}
This patch brings test262 up to the latest version on GitHub. Some
highlights from new failures are:
- Reflect
- Default parameters
- Case conversion edge cases
R=adamk
Review URL: https://codereview.chromium.org/1391793002
Cr-Commit-Position: refs/heads/master@{#31165}
Add a flag to explicitly filter scripts in ignition and use it for the test262
variant. The previous approach of overloading ignition-filter meant that only
top-level code was getting compiled through ignition.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1396493002
Cr-Commit-Position: refs/heads/master@{#31164}
Without that, it has a few false positives about out-of-bounds array accesses.
Also makes the clang static-analyzer happy.
Original code review from Sven Panne:
https://codereview.chromium.org/790723002/
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_arm_dbg,v8_linux_arm64_dbg,v8_mac64_dbg,v8_win_compile_dbg
Review URL: https://codereview.chromium.org/1383053005
Cr-Commit-Position: refs/heads/master@{#31163}
Previously, arrow function scopes had a separate ScopeType. However,
Scope::DeserializeScopeChain() erroneously deserialized ARROW_SCOPE
ScopeInfos as FUNCTION_SCOPE. This could lead to bugs such as the
attached one, where "super" was disallowed where it should have
been allowed.
This patch utilizes the Scope's FunctionKind to distinguish arrow
functions from others. Besides fixing the above bug, this also
simplifies code in various places that had to deal with two different
ScopeTypes both of which meant "function".
BUG=v8:4466
LOG=n
Review URL: https://codereview.chromium.org/1386253002
Cr-Commit-Position: refs/heads/master@{#31154}
This makes it explicit when the --ignition-filter pattern should be
applied to the script name instead of the function name by using a
proper "s:{name}" pattern. It also hardcodes it to be a prefix match
instead of an exact match, because that is all we need for test262.
R=rmcilroy@chromium.org
Review URL: https://codereview.chromium.org/1389353002
Cr-Commit-Position: refs/heads/master@{#31153}
Allow access to Array Iterator through the API, in order to simplify
setting up interfaces which use these methods. This applies to
WebIDL interfaces with "length" attributes returning integer types and
a getter taking an unsigned long type.
BUG=
LOG=N
R=adamk@chromium.org
Review URL: https://codereview.chromium.org/1378403004
Cr-Commit-Position: refs/heads/master@{#31152}
Untangles committed memory from capacity in a given space and unifies accounting
for all spaces.
Pre-work for parallel compaction.
R=hpayer@chromium.org
BUG=chromium:524425
LOG=N
Review URL: https://codereview.chromium.org/1388383002
Cr-Commit-Position: refs/heads/master@{#31149}
Introduce a new JSGlobalSpecialization advanced reducer that runs
during the initial inlining and context specialization, and specializes
the graph to the globals of the native context. Currently we assume
that we do not inline cross native context, but long-term we will grab
the global object from the JSLoadGlobal/JSStoreGlobal feedback (with the
new global load/store ICs that are currently in the workings), and then
this whole specialization will be fully compositional even across
cross-context inlining.
Note that we cannot really handle most of the stores to global object
property cells because TurboFan doesn't have a mechanism to enforce
certain representations. Also note that we cannot yet fully benefit
from the type feedback collected on the global object property cells,
because the type system cannot deal with maps in a reasonable way.
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_rel
R=jarin@chromium.org
BUG=v8:4470
LOG=n
Committed: https://crrev.com/6fbf7903f94924ea066af481719898bd9667b6eb
Cr-Commit-Position: refs/heads/master@{#31139}
Review URL: https://codereview.chromium.org/1387393002
Cr-Commit-Position: refs/heads/master@{#31148}
- Reflect.deleteProperty
- Reflect.get
- Reflect.has
- Reflect.isExtensible
Reflect.get doesn't support the receiver argument yet, and
some of the others don't support proxies yet.
R=rossberg
BUG=v8:3931
LOG=n
Review URL: https://codereview.chromium.org/1379313002
Cr-Commit-Position: refs/heads/master@{#31146}
Reason for revert:
Breaks GC stress: http://build.chromium.org/p/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/1984/steps/Bisect%20c5528ac1.Retry/logs/regress-crbug-450960
Original issue's description:
> [turbofan] Add initial support for global specialization.
>
> Introduce a new JSGlobalSpecialization advanced reducer that runs
> during the initial inlining and context specialization, and specializes
> the graph to the globals of the native context. Currently we assume
> that we do not inline cross native context, but long-term we will grab
> the global object from the JSLoadGlobal/JSStoreGlobal feedback (with the
> new global load/store ICs that are currently in the workings), and then
> this whole specialization will be fully compositional even across
> cross-context inlining.
>
> Note that we cannot really handle most of the stores to global object
> property cells because TurboFan doesn't have a mechanism to enforce
> certain representations. Also note that we cannot yet fully benefit
> from the type feedback collected on the global object property cells,
> because the type system cannot deal with maps in a reasonable way.
>
> CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_rel
> R=jarin@chromium.org
> BUG=v8:4470
> LOG=n
>
> Committed: https://crrev.com/6fbf7903f94924ea066af481719898bd9667b6eb
> Cr-Commit-Position: refs/heads/master@{#31139}
TBR=jarin@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4470
Review URL: https://codereview.chromium.org/1390073004
Cr-Commit-Position: refs/heads/master@{#31144}
Thus TypeFeedbackMetadata can now be shared between different native contexts.
Review URL: https://codereview.chromium.org/1384673002
Cr-Commit-Position: refs/heads/master@{#31143}
Introduce a new JSGlobalSpecialization advanced reducer that runs
during the initial inlining and context specialization, and specializes
the graph to the globals of the native context. Currently we assume
that we do not inline cross native context, but long-term we will grab
the global object from the JSLoadGlobal/JSStoreGlobal feedback (with the
new global load/store ICs that are currently in the workings), and then
this whole specialization will be fully compositional even across
cross-context inlining.
Note that we cannot really handle most of the stores to global object
property cells because TurboFan doesn't have a mechanism to enforce
certain representations. Also note that we cannot yet fully benefit
from the type feedback collected on the global object property cells,
because the type system cannot deal with maps in a reasonable way.
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_rel
R=jarin@chromium.org
BUG=v8:4470
LOG=n
Review URL: https://codereview.chromium.org/1387393002
Cr-Commit-Position: refs/heads/master@{#31139}
Optimizing global constants such as "NaN", "Infinity" and "undefined" is
best performed during graph building. Then the optimization and lowering
passes only need to deal with real loads in case of JSLoadGlobal.
R=mstarzinger@chromium.org
BUG=v8:4470
LOG=n
Review URL: https://codereview.chromium.org/1384953002
Cr-Commit-Position: refs/heads/master@{#31135}
Adds support for strict mode load / store ICs and cleans up BinaryOp and
CompareOp to only trigger an UNIMPLEMENTED abort if called with STRONG
mode (which is the only language mode which has different compare/binary ops.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1385623002
Cr-Commit-Position: refs/heads/master@{#31134}
Symbols marked as "well-known" now return an undefined value when loaded with a failed access check, instead of throwing.
Currently, only @@isConcatSpreadable is marked as well-known, until the correct behaviour is properly specified.
BUG=v8:4289, 507553
LOG=N
R=adamk@chromium.org, jochen@chromium.org, verwaest@chromium.org
Review URL: https://codereview.chromium.org/1230793002
Cr-Commit-Position: refs/heads/master@{#31131}
Reason for revert:
[Sheriff] Speculative revert due to crbug.com/539814
Original issue's description:
> Changed scavenge GC to collect unmodified references
>
> Added a scavenge GC pass that collects unmodified references instead of
> processing object groups. This mode can be controlled by setting
> FLAG_scavenge_remove_unmodified_objects. By default this is turned off.
> Also, modified a test case to suit the handle the new GC pass.
>
> BUG=v8:4421
> LOG=N
>
> Committed: https://crrev.com/6254019238a853c9f3c09d615ba153043f6957c7
> Cr-Commit-Position: refs/heads/master@{#31102}
TBR=jochen@chromium.org,rmcilroy@chromium.org,mythria@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4421,chromium:539814
Review URL: https://codereview.chromium.org/1388133002
Cr-Commit-Position: refs/heads/master@{#31130}
Previously, cases like
var [foo]
led to a parser crash because the parser tried to do something with
the initializer, which was not syntactically present.
This patch fixes the parser issue (implicitly creating an undefined
initializer) and inserts a check for array destructuring that the
right-hand side is coercible to an object, so it can have iterator
methods called on it safely.
BUG=v8:4462
LOG=Y
R=adamk
Review URL: https://codereview.chromium.org/1384413002
Cr-Commit-Position: refs/heads/master@{#31128}
Implementations and tests for typeof, void, and logical not.
Add missing string type to Object::TypeOf.
BUG=v8:4280
LOG=NO
Review URL: https://codereview.chromium.org/1390483002
Cr-Commit-Position: refs/heads/master@{#31124}
Adds an ignition variant to the test runner and adds support to test262 for
filtering such that only test scripts (not the test harness) get run by
the interpreter.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1379093002
Cr-Commit-Position: refs/heads/master@{#31123}
This adds the unittests to the "default" test set. Now that
the "default" and the DEFAULT_TESTS (i.e. runner with
no arguments) are the same, removed DEFAULT_TESTS and use
TEST_MAP["default"] instead.
On the bots, where unittests and default were run in
separation before, the explicit unittests step should now
be skipped.
This is necessary for swarming, as the unittests step is
too small to justify its own swarming job.
BUG=chromium:535160
LOG=n
Review URL: https://codereview.chromium.org/1374733006
Cr-Commit-Position: refs/heads/master@{#31122}
When calling into C++ builtins, we need to make sure that the argument
count register contains the correct number of arguments, otherwise the
CEntryStub will not be able to leave the stack in the correct state.
R=ishell@chromium.org
BUG=v8:4413
LOG=n
Review URL: https://codereview.chromium.org/1391543002
Cr-Commit-Position: refs/heads/master@{#31120}
Previously, using legacy const in for-of/in loops led to a check-fail
in the parser. This was due to the fact that the destructuring bind
led to an undefined initialization to undefined in the parser, which
caused the for loop code to go down a strange path. This patch
eliminates the undefined initialization in variables declared in
for-in/of loops, so that that path is not used and the error is
fixed.
BUG=v8:4461
LOG=Y
R=adamk
Review URL: https://codereview.chromium.org/1385913003
Cr-Commit-Position: refs/heads/master@{#31117}
* Promise.resolve is now works with subclasses
* Spec removed [[PromiseConstructor]] now can simply use constructor
* Promise.resolve ignores species
R=littledan@chromium.org,domenic@chromium.org
BUG=v8:4161,v8:4341
LOG=Y
Review URL: https://codereview.chromium.org/1362773002
Cr-Commit-Position: refs/heads/master@{#31116}
This patch prohibits lexical bindings from being called 'let', even in
sloppy mode, following the ES2015 specification. The change affects
multiple cases of lexical bindings, including simple let/const declarations
and both kinds of for loops. var and legacy const bindings still permit
the name to be let, including in destructuring cases. Tests are added to
verify, though some cases are commented out since they led to (pre-existing)
crashes.
BUG=v8:4403
R=adamk
LOG=Y
Review URL: https://codereview.chromium.org/1371263003
Cr-Commit-Position: refs/heads/master@{#31115}
Port 5cf1c0bcf6
Original commit message:
Previous to this patch, both the lithium and TurboFan register
allocators tracked allocated registers by "indices", rather than
the register codes used elsewhere in the runtime. This patch
ensures that codes are used everywhere, and in the process cleans
up a bunch of redundant code and adds more structure to how the
set of allocatable registers is defined.
Some highlights of changes:
* TurboFan's RegisterConfiguration class moved to V8's top level
so that it can be shared with Crankshaft.
* Various "ToAllocationIndex" and related methods removed.
* Code that can be easily shared between Register classes on
different platforms is now shared.
* The list of allocatable registers on each platform is declared
as a list rather than implicitly via the register index <->
code mapping.
R=danno@chromium.org, bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1381383002
Cr-Commit-Position: refs/heads/master@{#31114}
The --abort-on-uncaught-exception command line switch makes
Isolate::Throw abort if the error being thrown cannot be caught by a
try/catch block.
Embedders may want to use other mechanisms than try/catch blocks to
handle uncaught exceptions. For instance, Node.js has "domain" objects
that have error handlers that can handle uncaught exception like
following:
var d = domain.create();
d.on('error', function onError(err) {
console.log('Handling error');
});
d.run(function() {
throw new Error("boom");
});
These error handlers are called by isolates' message listeners.
If --abort-on-uncaught-exception is *not* used, the isolate's
message listener will be called, which will in turn call the domain's
error handler. The process will output 'Handling error' and will exit
successfully (not due to an uncaught exception). This is the behavior
that Node.js users expect.
However, if --abort-on-uncaught-exception is used and when throwing an
error within a domain that has an error handler, the process will abort
and the domain's error handler will not be called. This is not the
behavior that Node.js users expect.
Having a SetAbortOnUncaughtExceptionCallback API allows embedders to
determine when it's not appropriate to abort and instead handle the
exception via the isolate's message listener.
In the example above, Node.js would set a custom callback with
SetAbortOnUncaughtExceptionCallback that would be implemented as
following (the sample code has been simplified to remove what's not
relevant to this change):
bool ShouldAbortOnUncaughtException(Isolate* isolate) {
return !IsDomainActive();
}
Now when --abort-on-uncaught-exception is used, Isolate::Throw would
call that callback and determine that it should not abort if a domain
with an error handler is active. Instead, the isolate's message listener
would be called and the error would be handled by the domain's error
handler.
I believe this can also be useful for other embedders.
BUG=
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1375933003
Cr-Commit-Position: refs/heads/master@{#31111}
Clusterfuzz testing discovered that sloppy-mode block-scoped function
declarations introduce lexically-scoped variables in scopes that were
thrown away under the expectation that no lexically-scoped variables
were introduced. These cases are:
for (;;) function foo() {}
for (x in y) function foo() {}
This patch ensures that a block is created in those cases to hold the
lexically scoped variable. Usually, scope analysis should discover that
that block is not important, and it should not have a runtime
representation.
BUG=chromium:536750,chromium:536751
LOG=Y
R=adamk
Review URL: https://codereview.chromium.org/1382123002
Cr-Commit-Position: refs/heads/master@{#31109}
Without that, it has a few false positives about out-of-bounds array accesses.
Also makes the clang static-analyzer happy.
Original code review from Sven Panne:
https://codereview.chromium.org/790723002/
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_arm_dbg,v8_linux_arm64_dbg,v8_mac64_dbg,v8_win_compile_dbg
Review URL: https://codereview.chromium.org/1384873002
Cr-Commit-Position: refs/heads/master@{#31105}
Added a scavenge GC pass that collects unmodified references instead of
processing object groups. This mode can be controlled by setting
FLAG_scavenge_remove_unmodified_objects. By default this is turned off.
Also, modified a test case to suit the handle the new GC pass.
BUG=v8:4421
LOG=N
Review URL: https://codereview.chromium.org/1358703003
Cr-Commit-Position: refs/heads/master@{#31102}
Fixes:
../../test/cctest/compiler/test-js-typed-lowering.cc:224:14:
error: ‘kJSTypes’ defined but not used [-Werror=unused-variable]
static Type* kJSTypes[] = {Type::Undefined(), Type::Null(), Type::Boolean(),
../../src/bignum.cc: In member function
‘void v8::internal::Bignum::AssignDecimalString(Vector<const char>)’:
../../src/bignum.cc:80:6: error: assuming signed overflow does not occur when
assuming that (X + c) < X is always false [-Werror=strict-overflow]
../../src/compiler/ia32/code-generator-ia32.cc:1366:3:
required from here ../../src/base/logging.h:123:26:
error: comparison between signed and unsigned integer expressions
[-Werror=sign-compare] DEFINE_CHECK_OP_IMPL(EQ, ==)
BUG=
Review URL: https://codereview.chromium.org/1371823002
Cr-Commit-Position: refs/heads/master@{#31095}
A subset of the LiveRangeUnitTests (SplitInvalidPreStart,
InvalidSplitEnd, SplitInvalidPostEnd) fail or hang on AIX in release
mode.
These tests fork a child which is expected to crash in
register-allocator code after feeding in bad inputs.
In debug mode, they behave as expected due to hitting a debug assert.
In release mode, however, the tests rely only on the fact that
dereferencing a null pointer will cause a SEGFAULT. This is true on
most platforms, but not AIX. An AIX process has valid low memory
pages mapped for reading and will not fault. Thus, these tests fail
or hang because the child process survives the load from address zero
and either completes (with undefined results) or goes into an infinite
loop.
R=bmeurer@chromium.org, danno@chromium.org, michael_dawson@ca.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1384733002
Cr-Commit-Position: refs/heads/master@{#31090}
Adds support for calling runtime functions from the interpreter. Adds the
CallRuntime bytecode which takes a Runtime::FunctionId of the function to call
and the arguments in sequential registers. Adds a InterpreterCEntry builtin
to enable the interpreter to enter C++ code based on the functionId.
Also renames Builtin::PushArgsAndCall to Builtin::InterpreterPushArgsAndCall
and groups all the interpreter builtins together.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1362383002
Cr-Commit-Position: refs/heads/master@{#31089}
Previous to this patch, both the lithium and TurboFan register
allocators tracked allocated registers by "indices", rather than
the register codes used elsewhere in the runtime. This patch
ensures that codes are used everywhere, and in the process cleans
up a bunch of redundant code and adds more structure to how the
set of allocatable registers is defined.
Some highlights of changes:
* TurboFan's RegisterConfiguration class moved to V8's top level
so that it can be shared with Crankshaft.
* Various "ToAllocationIndex" and related methods removed.
* Code that can be easily shared between Register classes on
different platforms is now shared.
* The list of allocatable registers on each platform is declared
as a list rather than implicitly via the register index <->
code mapping.
Committed: https://crrev.com/80bc6f6e11f79524e3f1ad05579583adfd5f18b2
Cr-Commit-Position: refs/heads/master@{#30913}
Committed: https://crrev.com/7b7a8205d9a00c678fb7a6e032a55fecbc1509cf
Cr-Commit-Position: refs/heads/master@{#31075}
Review URL: https://codereview.chromium.org/1287383003
Cr-Commit-Position: refs/heads/master@{#31087}
Reason for revert:
Prime suspect in breakage of V8 Linux -- no snap
Original issue's description:
> [swarming] Isolate v8 testing.
>
> Add gyp support and isolates for default test suites.
> Add two default isolates, one (default) for using the
> test suite collection we call "default" on the bots. One
> (developer_default) for also supporting the way developers
> call the driver (i.e. without argument, which includes
> the unittests).
>
> BUG=chromium:535160
> LOG=n
>
> Committed: https://crrev.com/9bd83f58f29ab0c7c5b71b00bcb1df3a9e641f05
> Cr-Commit-Position: refs/heads/master@{#31081}
TBR=tandrii@chromium.org,jochen@chromium.org,maruel@chromium.org,machenbach@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:535160
Review URL: https://codereview.chromium.org/1370993008
Cr-Commit-Position: refs/heads/master@{#31084}
Reason for revert:
Failures on MIPS
Original issue's description:
> Remove register index/code indirection
>
> Previous to this patch, both the lithium and TurboFan register
> allocators tracked allocated registers by "indices", rather than
> the register codes used elsewhere in the runtime. This patch
> ensures that codes are used everywhere, and in the process cleans
> up a bunch of redundant code and adds more structure to how the
> set of allocatable registers is defined.
>
> Some highlights of changes:
>
> * TurboFan's RegisterConfiguration class moved to V8's top level
> so that it can be shared with Crankshaft.
> * Various "ToAllocationIndex" and related methods removed.
> * Code that can be easily shared between Register classes on
> different platforms is now shared.
> * The list of allocatable registers on each platform is declared
> as a list rather than implicitly via the register index <->
> code mapping.
>
> Committed: https://crrev.com/80bc6f6e11f79524e3f1ad05579583adfd5f18b2
> Cr-Commit-Position: refs/heads/master@{#30913}
>
> Committed: https://crrev.com/7b7a8205d9a00c678fb7a6e032a55fecbc1509cf
> Cr-Commit-Position: refs/heads/master@{#31075}
TBR=akos.palfi@imgtec.com,bmeurer@chromium.org,jarin@chromium.org,paul.lind@imgtec.com,titzer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1380863004
Cr-Commit-Position: refs/heads/master@{#31083}
Add gyp support and isolates for default test suites.
Add two default isolates, one (default) for using the
test suite collection we call "default" on the bots. One
(developer_default) for also supporting the way developers
call the driver (i.e. without argument, which includes
the unittests).
BUG=chromium:535160
LOG=n
Review URL: https://codereview.chromium.org/1380593002
Cr-Commit-Position: refs/heads/master@{#31081}
Reason for revert:
Now breaking arm32 debug bot (worked locally even with --debug-code, so I'll need to figure out what's different on the bot)
Original issue's description:
> [Interpreter] Add CallRuntime support to the interpreter.
>
> Adds support for calling runtime functions from the interpreter. Adds the
> CallRuntime bytecode which takes a Runtime::FunctionId of the function to call
> and the arguments in sequential registers. Adds a InterpreterCEntry builtin
> to enable the interpreter to enter C++ code based on the functionId.
>
> Also renames Builtin::PushArgsAndCall to Builtin::InterpreterPushArgsAndCall
> and groups all the interpreter builtins together.
>
> BUG=v8:4280
> LOG=N
>
TBR=bmeurer@chromium.org,oth@chromium.org,mstarzinger@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4280
Review URL: https://codereview.chromium.org/1379933003
Cr-Commit-Position: refs/heads/master@{#31078}
Adds support for calling runtime functions from the interpreter. Adds the
CallRuntime bytecode which takes a Runtime::FunctionId of the function to call
and the arguments in sequential registers. Adds a InterpreterCEntry builtin
to enable the interpreter to enter C++ code based on the functionId.
Also renames Builtin::PushArgsAndCall to Builtin::InterpreterPushArgsAndCall
and groups all the interpreter builtins together.
BUG=v8:4280
LOG=N
Committed: https://crrev.com/40e8424b744f8b6e3e1d93e20f23487419911dfc
Cr-Commit-Position: refs/heads/master@{#31064}
Review URL: https://codereview.chromium.org/1362383002
Cr-Commit-Position: refs/heads/master@{#31076}
Previous to this patch, both the lithium and TurboFan register
allocators tracked allocated registers by "indices", rather than
the register codes used elsewhere in the runtime. This patch
ensures that codes are used everywhere, and in the process cleans
up a bunch of redundant code and adds more structure to how the
set of allocatable registers is defined.
Some highlights of changes:
* TurboFan's RegisterConfiguration class moved to V8's top level
so that it can be shared with Crankshaft.
* Various "ToAllocationIndex" and related methods removed.
* Code that can be easily shared between Register classes on
different platforms is now shared.
* The list of allocatable registers on each platform is declared
as a list rather than implicitly via the register index <->
code mapping.
Committed: https://crrev.com/80bc6f6e11f79524e3f1ad05579583adfd5f18b2
Cr-Commit-Position: refs/heads/master@{#30913}
Review URL: https://codereview.chromium.org/1287383003
Cr-Commit-Position: refs/heads/master@{#31075}
This lowers JSCreateFunctionContext nodes to call the above stub for
help with allocating function contexts when possible. It also contains
an implementation for inlined allocations of such contexts, which is
still behind a flag until inlined allocations are ready for prime time.
TEST=unittests/JSTypedLoweringTest.JSCreateFunctionContext
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/1380113002
Cr-Commit-Position: refs/heads/master@{#31068}
Reason for revert:
Broke Arm64 bot (CEntry stub is trying to pop arguments off stack when argv_in_reg, so I need to fix this).
Original issue's description:
> [Interpreter] Add CallRuntime support to the interpreter.
>
> Adds support for calling runtime functions from the interpreter. Adds the
> CallRuntime bytecode which takes a Runtime::FunctionId of the function to call
> and the arguments in sequential registers. Adds a InterpreterCEntry builtin
> to enable the interpreter to enter C++ code based on the functionId.
>
> Also renames Builtin::PushArgsAndCall to Builtin::InterpreterPushArgsAndCall
> and groups all the interpreter builtins together.
>
> BUG=v8:4280
> LOG=N
>
> Committed: https://crrev.com/40e8424b744f8b6e3e1d93e20f23487419911dfc
> Cr-Commit-Position: refs/heads/master@{#31064}
TBR=bmeurer@chromium.org,oth@chromium.org,mstarzinger@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4280
Review URL: https://codereview.chromium.org/1387543002
Cr-Commit-Position: refs/heads/master@{#31066}
Adds support for calling runtime functions from the interpreter. Adds the
CallRuntime bytecode which takes a Runtime::FunctionId of the function to call
and the arguments in sequential registers. Adds a InterpreterCEntry builtin
to enable the interpreter to enter C++ code based on the functionId.
Also renames Builtin::PushArgsAndCall to Builtin::InterpreterPushArgsAndCall
and groups all the interpreter builtins together.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1362383002
Cr-Commit-Position: refs/heads/master@{#31064}
Swarming won't support an incremental data file. By just
sorting the lowest hanging fruits to the beginning we
already get a big bang for the buck (>80% of the improvement
we get otherwise).
This will require semi-regular manual updates of the
slowest tests.
BUG=chromium:535160
LOG=n
Review URL: https://codereview.chromium.org/1385443002
Cr-Commit-Position: refs/heads/master@{#31061}
Adds support for short operands, starting with kIdx16. Introduces
BytecodeTraits to enable compile time determination of various traits for a
bytecode, such as size, operands, etc. Reworks BytecodeIterator,
BytecodeArrayBuilder and Bytecodes::Decode to support 16 bit operands. Adds
support to Interpreter to load 16 bit operands.
Also fixes a bug with ToBoolean where it wouldn't get emitted at the start
of a block, and added a test.
BytecodeTraits template magic inspired by oth@chromium.org.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1370893002
Cr-Commit-Position: refs/heads/master@{#31058}
Introduce %_ToNumber intrinsic, which just calls to the existing
ToNumberStub, and remove all uses of our custom JavaScript plus
intrinsics based ToNumber and friends.
Also replace the TO_NUMBER_INLINE macro with TO_NUMBER,
which is currently a wrapper for %_ToNumber. Newly written JS
code should use TO_NUMBER (similar to TO_STRING, TO_INT32,
and friends).
Also finally remove the DefaultString/DefaultNumber builtins, which
are basically the ES5 version of ToPrimitive. Now all code uses the
ES6 version, which is implemented in Object::ToPrimitive and
JSReceiver::ToPrimitive in C++.
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg,v8_linux_nosnap_dbg
R=jarin@chromium.org
BUG=v8:4307
LOG=n
Review URL: https://codereview.chromium.org/1384443002
Cr-Commit-Position: refs/heads/master@{#31054}
Improve bytecode generation for if when there's no else clause.
Display target addresses for jump instructions in
Bytecode::Disassemble().
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1373903005
Cr-Commit-Position: refs/heads/master@{#31052}
This CL also allows to use arbitrary number of feedback vector elements for particular slot kind.
Review URL: https://codereview.chromium.org/1370303004
Cr-Commit-Position: refs/heads/master@{#31050}
Var-bindings may shadow parameters from a non-simple parameter list. When that happens: they create separate bindings, but are initialised with the respective parameter value. Thus:
(function(x, f = () => x) { var x; var y = x; x = 2; return [x, y, f()] })(1) --> [2, 1, 1]
This CL implements that by inserting a suitable assignment for every shadwowing var-variable (e.g., x = outer_x above) at the beginning of the function's body block.
R=adamk@chromium.org
BUG=v8:4440,v8:811
LOG=N
Review URL: https://codereview.chromium.org/1371333004
Cr-Commit-Position: refs/heads/master@{#31042}
The ES2015 spec is missing an extension of sloppy-mode block-scoped function
behavior to the global scope in scripts, as well as to eval. This patch
brings that hoisting to those two areas. The behavior is not perfectly
spec-compliant since properties created on the global scope should be
set as enumerable even if they are non-enumerable previously, but the
attributes will not be modified if the property already exists under
this patch.
BUG=v8:4441
LOG=Y
R=adamk
TEST=reddit comment functionality seems to be fixed
Review URL: https://codereview.chromium.org/1376623002
Cr-Commit-Position: refs/heads/master@{#31037}
Arrow functions have been enabled by default since the 4.5 branch.
Review URL: https://codereview.chromium.org/1373633002
Cr-Commit-Position: refs/heads/master@{#31031}
Besides matching the spec, this matches the behavior of Firefox and Edge.
BUG=v8:3699
LOG=n
CQ_INCLUDE_TRYBOTS=tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1377603006
Cr-Commit-Position: refs/heads/master@{#31030}
The current implemention breaks sloppy mode code that uses function
declarations inside blocks at top-level. Work is ongoing on a patch
to fix this issue, but in the meantime it seems reasonable to move
the feature out of staging.
Manual revert of commit 6e07f5a75b.
R=littledan@chromium.org
BUG=chromium:535836
LOG=y
Review URL: https://codereview.chromium.org/1375213005
Cr-Commit-Position: refs/heads/master@{#31029}
Added ScopeDetails.name field for closure scopes. It contains function's debug name of current context of scope.
BUG=493156
LOG=Y
R=yurys@chromium.org,yangguo@chromium.org
Review URL: https://codereview.chromium.org/1375813002
Cr-Commit-Position: refs/heads/master@{#31028}
This enables linter checking for "readability/namespace" violations
during presubmit and instead marks the few known exceptions that we
allow explicitly.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1371083003
Cr-Commit-Position: refs/heads/master@{#31019}
This prevents the internal incremental-marking.h to be usable outisde
of the "heap" directory. The logic inside that component is only useful
within the GC and is now properly encapsulated.
R=hpayer@chromium.org
Review URL: https://codereview.chromium.org/1374203002
Cr-Commit-Position: refs/heads/master@{#31010}
This changes the operators for JSCreate[Block|Script]Context to take
their ScopeInfo as a static parameter as opposed to a value input and
in turn allows for easier access to that parameter during lowerings.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1379593002
Cr-Commit-Position: refs/heads/master@{#31009}
This is necessary because these operators can read heap (equality can actually write heap when flattening strings).
BUG=v8:4446
LOG=n
Review URL: https://codereview.chromium.org/1374683002
Cr-Commit-Position: refs/heads/master@{#31005}
The LiteralsArray will soon hold a type feedback vector. Code treats it as an
ordinary fixed array, and needs to stop that.
BUG=
Review URL: https://codereview.chromium.org/1374723002
Cr-Commit-Position: refs/heads/master@{#31000}
[run-tests.py]
- adding more detailed information about the flags
- show more detailed error message on failing Popen commands
BUG=
Review URL: https://codereview.chromium.org/1369343002
Cr-Commit-Position: refs/heads/master@{#30997}
This is mostly removing dead code and also dropping MUST_USE_RESULT
annotations from methods that cannot throw an exception anyways.
R=hpayer@chromium.org
Review URL: https://codereview.chromium.org/1370153002
Cr-Commit-Position: refs/heads/master@{#30995}
The comparison operators and ToBoolean are implemented by calling into
the runtime. There are new runtime methods are prefixed with Interpreter
to make use case clear.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1369123002
Cr-Commit-Position: refs/heads/master@{#30983}
The main changes are:
- Fix treatment of loops, which was incorrect and sometimes resulted in
the wrong completion value.
- Get rid of unnecessary variables.
This is in preparation of implementing ES6 completion semantics.
R=rossberg
BUG=
Review URL: https://codereview.chromium.org/1362333002
Cr-Commit-Position: refs/heads/master@{#30981}
This is a second step towards merging FeedbackVectorSlot and FeedbackVectorICSlot.
Review URL: https://codereview.chromium.org/1376443002
Cr-Commit-Position: refs/heads/master@{#30971}
This is a first step towards merging FeedbackVectorSlot and FeedbackVectorICSlot.
Review URL: https://codereview.chromium.org/1369973002
Cr-Commit-Position: refs/heads/master@{#30964}
Reason for revert:
failing again: https://chromegw.corp.google.com/i/client.v8/builders/V8%20Mac/builds/4505/steps/Mozilla%20%28flakes%29/logs/regress-416628
Original issue's description:
> Reland of "[heap] Add more tasks for parallel compaction"
>
> - We now compute the number of parallel compaction tasks, depending on the
> evacuation candidate list, the number of cores, and some hard limit.
> - Free memory is moved over to compaction tasks (up to some limit)
> - Moving over memory is done by dividing the free list of a given space up among
> other free lists. Since this is potentially slow we limit the maximum amount
> of moved memory.
>
> This reverts commit bfccd5187c.
>
> BUG=chromium:524425
> LOG=N
>
> Committed: https://crrev.com/7e283d746a194ceaaca114e2ba17504653d6a109
> Cr-Commit-Position: refs/heads/master@{#30945}
TBR=hpayer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:524425
Review URL: https://codereview.chromium.org/1371653002
Cr-Commit-Position: refs/heads/master@{#30947}
- We now compute the number of parallel compaction tasks, depending on the
evacuation candidate list, the number of cores, and some hard limit.
- Free memory is moved over to compaction tasks (up to some limit)
- Moving over memory is done by dividing the free list of a given space up among
other free lists. Since this is potentially slow we limit the maximum amount
of moved memory.
This reverts commit bfccd5187c.
BUG=chromium:524425
LOG=N
Review URL: https://codereview.chromium.org/1365743003
Cr-Commit-Position: refs/heads/master@{#30945}
This prevents the internal gc-idle-time-handler.h to be usable outisde
of the "heap" directory. The logic inside that component is only useful
within the GC and is now properly encapsulated.
R=ulan@chromium.org
Review URL: https://codereview.chromium.org/1368983002
Cr-Commit-Position: refs/heads/master@{#30939}
Looks like we never ran test262-es6 on mac. After merging
into test262 we've got these failures. Skipping for now.
BUG=v8:4437
LOG=n
NOTRY=true
NOTREECHECKS=true
TBR=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/1372603002
Cr-Commit-Position: refs/heads/master@{#30937}
This name makes it clear that the flag (also the variant in the Compiler)
is talking about specializing to the function context instead of i.e. the
native context.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1372513003
Cr-Commit-Position: refs/heads/master@{#30934}
Verifies consistency of node inputs and uses:
- node inputs should agree with the input count computed from the node's operator.
- effect inputs should have effect outputs (or be a sentinel).
- control inputs should have control outputs (or be a sentinel).
- frame state inputs should be frame states (or be a sentinel).
- if the node has control uses, it should produce control.
- if the node has effect uses, it should produce effect.
- if the node has frame state uses, it must be a frame state.
I also removed some tests, either because they did not seem to be useful (scheduler) or they tested dead functionality (diamond effect phi).
Review URL: https://codereview.chromium.org/1368913002
Cr-Commit-Position: refs/heads/master@{#30927}
The actual Function.prototype.toMethod was removed some time already,
but there were some stuff (esp. %ToMethod) left in the tree, including
tests for %ToMethod. This code (and esp. the tests) cause trouble in
the process of moving bound functions away from JSFunction; so since
the code is unused anyway, we can as well remove it.
The original removal of Function.prototype.toMethod was in February
2015 in 68e4897586.
R=jarin@chromium.org
BUG=v8:3330
LOG=n
Review URL: https://codereview.chromium.org/1366063002
Cr-Commit-Position: refs/heads/master@{#30925}
Since https://codereview.chromium.org/366103005 the promise tests null out
various globals, to ensure the promise implementation doesn’t itself rely
on functions patchable by monkeys.
Unfortunately, doing so breaks test assertion failures which rely on
those globals.
This isn’t the ideal solution, but does improve the current state.
R=littledan@chromium.org,domenic@chromium.org
LOG=N
BUG=
Review URL: https://codereview.chromium.org/1370583002
Cr-Commit-Position: refs/heads/master@{#30922}
+ Add bytecodes for conditional and unconditional jumps.
+ Add bytecodes for test/compare operations.
+ Expose jumps in bytecode-array-builder and add BytecodeLabel class for
identifying jump targets.
+ Add support for if..then...else in the bytecode-generator.
+ Implement jump bytecodes in the interpreter. Test/compare operations
dependent on runtime call for comparisons.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1343363002
Cr-Commit-Position: refs/heads/master@{#30918}
This introduces the NodeProperties::ChangeOp helper which guards node
operator changes so that additional checking can be done without any
additional dependencies being pulled into the Node class. For now only
the input count is checked, but additional checking might follow.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1366753003
Cr-Commit-Position: refs/heads/master@{#30916}
Reason for revert:
Failures on greedy RegAlloc, Fuzzer
Original issue's description:
> Remove register index/code indirection
>
> Previous to this patch, both the lithium and TurboFan register
> allocators tracked allocated registers by "indices", rather than
> the register codes used elsewhere in the runtime. This patch
> ensures that codes are used everywhere, and in the process cleans
> up a bunch of redundant code and adds more structure to how the
> set of allocatable registers is defined.
>
> Some highlights of changes:
>
> * TurboFan's RegisterConfiguration class moved to V8's top level
> so that it can be shared with Crankshaft.
> * Various "ToAllocationIndex" and related methods removed.
> * Code that can be easily shared between Register classes on
> different platforms is now shared.
> * The list of allocatable registers on each platform is declared
> as a list rather than implicitly via the register index <->
> code mapping.
>
> Committed: https://crrev.com/80bc6f6e11f79524e3f1ad05579583adfd5f18b2
> Cr-Commit-Position: refs/heads/master@{#30913}
TBR=akos.palfi@imgtec.com,bmeurer@chromium.org,jarin@chromium.org,paul.lind@imgtec.com,titzer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1365073002
Cr-Commit-Position: refs/heads/master@{#30914}
Previous to this patch, both the lithium and TurboFan register
allocators tracked allocated registers by "indices", rather than
the register codes used elsewhere in the runtime. This patch
ensures that codes are used everywhere, and in the process cleans
up a bunch of redundant code and adds more structure to how the
set of allocatable registers is defined.
Some highlights of changes:
* TurboFan's RegisterConfiguration class moved to V8's top level
so that it can be shared with Crankshaft.
* Various "ToAllocationIndex" and related methods removed.
* Code that can be easily shared between Register classes on
different platforms is now shared.
* The list of allocatable registers on each platform is declared
as a list rather than implicitly via the register index <->
code mapping.
Review URL: https://codereview.chromium.org/1287383003
Cr-Commit-Position: refs/heads/master@{#30913}
This patch checks the type of the lhs operand of a floating point
comparison for ARM, and commutes the operands if it is #0.0. It allows
us to optimize a comparison with zero, as the vcmp instruction
accepts #0.0 as rhs operand.
Code before for "0.0 < 0.123":
------------------------------
movw ip, #29360
movt ip, #37224
movw r9, #31981
movt r9, #16319
vmov d0, ip, r9
mov ip, #0
vmov d1, ip, ip
vcmp.f64 d1, d0
vmrs APSR, FPSCR
bcc +12
Code after:
-----------
movw ip, #29360
movt ip, #37224
movw r9, #31981
movt r9, #16319
vmov d0, ip, r9
vcmp.f64 d0, #0.0
vmrs APSR, FPSCR
bgt +12
BUG=
Review URL: https://codereview.chromium.org/1361913003
Cr-Commit-Position: refs/heads/master@{#30911}
Adds LdaGlobal bytecode and augments BytecodeGenerator to load globals for
global variables and function calls.
Modified TestBytecodeGenerator to add the ability to specify that a bytecode
operand has an unknown value (used so we don't need to figure out the slot
index of a global). Also added a helper which checks equality of BytecodeArray
with the expected snipptets.
Modified TestInterpreter to allow it to take snippets of JS and have the
BytecodeGenerator generate the bytecode rather than having to build a
BytecodeArray manually. This is used to enable the global tests.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1361113002
Cr-Commit-Position: refs/heads/master@{#30910}
Reduce operations of the form f64cmp(fp32to64(x), k) to f32cmp(x, k) when k
can be encoded as a 32-bit float.
Review URL: https://codereview.chromium.org/1365623002
Cr-Commit-Position: refs/heads/master@{#30909}
This patch explicitly names commuted conditions for floating point
comparisons, instead of relying on CommuteFlagsCondition. Otherwise, a
bug in this function would not be caught.
BUG=
Review URL: https://codereview.chromium.org/1364773002
Cr-Commit-Position: refs/heads/master@{#30905}
Introduce a new macro TO_STRING that maps to %_ToString and use that
instead of calling into any of the ToString/NonStringToString JavaScript
builtins. Also remove the TO_STRING_INLINE macro, which is basically
obsolete with %_ToString. We still have a few uses of ToString left (via
the utils export mechanism), where we need to investigate whether we
will tank badly if we replace them with TO_STRING as well.
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg,v8_linux_nosnap_dbg
R=yangguo@chromium.org
BUG=v8:4307
LOG=n
Review URL: https://codereview.chromium.org/1323543002
Cr-Commit-Position: refs/heads/master@{#30895}
Reason for revert:
[Sheriff] May have caused this new flake:
http://build.chromium.org/p/client.v8/builders/V8%20Linux/builds/5412
Original issue's description:
> [heap] Add more tasks for parallel compaction
>
> - We now compute the number of parallel compaction tasks, depending on the
> evacuation candidate list, the number of cores, and some hard limit.
> - Free memory is moved over to compaction tasks (up to some limit)
> - Moving over memory is done by dividing the free list of a given space up among
> other free lists. Since this is potentially slow we limit the maximum amount
> of moved memory.
>
> BUG=chromium:524425
> LOG=N
>
> Committed: https://crrev.com/0e842418835eea85886a06cf37052895bc8a17db
> Cr-Commit-Position: refs/heads/master@{#30886}
TBR=hpayer@chromium.org,mlippautz@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:524425
Review URL: https://codereview.chromium.org/1356363005
Cr-Commit-Position: refs/heads/master@{#30888}
Whenever a generalization is computed, the inputs must be checked for being cleared, and if they are, the generalization must be Type::Any.
Hopefully this fixes Chromium issue 527994 as well.
BUG=v8:4325,chromium:527994
LOG=n
Review URL: https://codereview.chromium.org/1361103002
Cr-Commit-Position: refs/heads/master@{#30887}
- We now compute the number of parallel compaction tasks, depending on the
evacuation candidate list, the number of cores, and some hard limit.
- Free memory is moved over to compaction tasks (up to some limit)
- Moving over memory is done by dividing the free list of a given space up among
other free lists. Since this is potentially slow we limit the maximum amount
of moved memory.
BUG=chromium:524425
LOG=N
Review URL: https://codereview.chromium.org/1354383002
Cr-Commit-Position: refs/heads/master@{#30886}
