This CL adds inlining for the Number constructor if new.target is not
present. The lowering is BigInt compatible, i.e. it converts BigInts to
numbers.
Bug: v8:7904
Change-Id: If03b9f872d82e50b6ded7709069181c33dc44e82
Reviewed-on: https://chromium-review.googlesource.com/1118557
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54454}
This increases the size of a NumberFormat instance by a word to store
the bound format function.
The instance to be bound is stored on the context of this builtin function.
Bug: v8:5751, v8:7800
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Ie85d8db7d10aabb5c40e77687e6f7112a84f3ebd
Reviewed-on: https://chromium-review.googlesource.com/1122153
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54353}
RegExp builtins were the first to be ported to CSA roughly two years
ago. Back then, we weren't really aware of issues surrounding code
size and CSA inlining, and thus some of these builtins were bigger
than they should be.
This CL adds a few new helper builtins and removes inlined calls to
SubString, RegExpExecInternal, and StringAdd. It significantly
reduces the size of affected builtins. Minor performance regressions
due to call overhead are expected.
Before:
TFS Builtin, RegExpReplace, 20008
TFS Builtin, RegExpSplit, 17340
TFS Builtin, RegExpMatchFast, 17064
TFJ Builtin, RegExpStringIteratorPrototypeNext, 12862
After:
TFS Builtin, RegExpReplace, 5067
TFS Builtin, RegExpSplit, 6329
TFS Builtin, RegExpMatchFast, 8164
TFJ Builtin, RegExpStringIteratorPrototypeNext, 6652
Bug: v8:5737
Change-Id: I1c077a084da85bb73c0c5adb7118b941f488e0ec
Reviewed-on: https://chromium-review.googlesource.com/1127796
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54293}
* Rename BoilerplateDescription to ObjectBoilerplateDescription
* Add literal_type flag to ObjectBoilerplateDescription,
which is stored as zeroth element of Fixed array
* Create ArrayBoilerplateDescription with elements_kind and
constant_elements field
* Replace CompileTimeValue and ConstantElementPair with
ArrayBoilerplateDescription
* Kill ConstantElementPair and CompileTimeValue
Change-Id: Icb42dcfd575a27e2b64ffd5e2e61f9d703d5e986
Bug: v8:7787, chromium:818642
Reviewed-on: https://chromium-review.googlesource.com/1122411
Commit-Queue: Chandan Reddy <chandanreddy@google.com>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54272}
Fixes V8 correctness failure when there's a proxy in the global object
prototype chain and unsuccessful attempt is made to access a property.
Bug: chromium:849024
Change-Id: I829e1a6c038982b7c7a77f8bdefb61facb4614f0
Reviewed-on: https://chromium-review.googlesource.com/1124446
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54237}
Adds the builtin Trace and IsTraceCategoryEnabled functions
exposed via extra bindings. These are intended to use by
embedders to allow basic trace event support from JavaScript.
```js
isTraceCategoryEnabled('v8.some-category')
trace('e'.charCodeAt(0), 'v8.some-category',
'Foo', 0, { abc: 'xyz'})
```
Bug: v8:7851
Change-Id: I7bfb9bb059efdf87d92a56a0aae326650730c250
Reviewed-on: https://chromium-review.googlesource.com/1103294
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Fadi Meawad <fmeawad@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54121}
Currently we perform the full iteration protocol even when we don't need
to. When IterableToListCanBeElided is true, we still need to create a
copy of the array (from a spec correctness point of view, in case there
are user-JS side-effects that would modify the original).
This CL copies the array directly, skipping the iteration protocol.
This recovers the JSTests/TypedArrays/ConstructArrayLike benchmark
almost completely.
Change-Id: I7f1593dd9af6e4a0485bd654e6c02186c5ae99d0
Reviewed-on: https://chromium-review.googlesource.com/1105995
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53996}
Migrate the Object.getOwnPropertyNames to the CodeStubAssembler and use the enum cache backing store when
1) the enum cache is avaible
2) the {object} has no elements
3) all own properties are enumerable
This makes a speedup of 10x when using Object.getOwnPropertyNames with fast-path. It improves Speedometer2.0 Inferno case by ~9% on ATOM platform.
Change-Id: I05e1df0e7d9d53d97664c322248cedb106a7b1d0
Reviewed-on: https://chromium-review.googlesource.com/1004434
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Shiyu Zhang <shiyu.zhang@intel.com>
Cr-Commit-Position: refs/heads/master@{#53992}
This CL adds a builtin which receives an int32 argument and returns the
int32 result. Internally, it checks whether the argument is in the
valid smi range, then calls the runtime function with the smi argument
and converts the return value back from smi to int32.
This saves a lot of code in the wasm TF builder and in Liftoff.
R=mstarzinger@chromium.org
Bug: v8:6600
Change-Id: Icddcb020eae74c767a75090feb4939275432c007
Reviewed-on: https://chromium-review.googlesource.com/1107711
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53946}
This makes sure we use WebAssembly runtime stubs when performing value
coercions in wrapper code that is compiled into {WasmCode}. It hence
removes the last {RelocInfo::CODE_TARGET} references in {WasmCode}.
R=clemensh@chromium.org
BUG=v8:7424
Change-Id: Ic96e541abe98f90796a6506b09ff99557743b6f7
Reviewed-on: https://chromium-review.googlesource.com/1104462
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53846}
Now TFJ builtins can use their own descriptors so there's no need to
keep the hacky BuiltinDescriptor around.
Bug: v8:7754
Change-Id: Ia7f23a21fb979370fd2149fef13186b83a3d5d30
Reviewed-on: https://chromium-review.googlesource.com/1104428
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53806}
This CL also adds macros for defining JS-compatible interface descriptors that
has additional parameters.
ArrayConstructorDescriptor is redefined using the new macros.
Bug: v8:7754
Change-Id: Id39cac9f234666576f35de755d11aba198248bea
Reviewed-on: https://chromium-review.googlesource.com/1100833
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53796}
This allows WebAssembly runtime stubs implemented as {WasmCode} to be
called with regular stub linkage. So far we have only been able to call
such stubs with WebAssembly linkage.
Also switch two more on-heap builtins over to WebAssembly runtime stubs.
R=clemensh@chromium.org
BUG=v8:7424
Change-Id: Ifa553b5908ee27a1be780c325a114449d7fe7001
Reviewed-on: https://chromium-review.googlesource.com/1100882
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53734}
No need to have a separately defined CallDescriptor.
R=titzer@chromium.org
Change-Id: Ic7c0ee87d458fa8e55bef4d750aa7f61a763237f
Reviewed-on: https://chromium-review.googlesource.com/1098927
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53699}
This CL adds a TFS stub for RegExp#test and moves several checks to
the JSCallReducer. In particular, the JSCallReducer checks that
- property {exec} on the regexp is still the original exec
- property {lastIndex} on the regexp is a non-negative smi
The stub does not repeat these checks in release mode.
This effectively means that if the regexp is known, we can perform these
checks at compile time, and get away with a map dependency.
Bug: v8:7779, v8:7200
Change-Id: I0c6d711d4f1d2f6f325a1c02855b0e1b62e014c8
Reviewed-on: https://chromium-review.googlesource.com/1074654
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53630}
New intstrumentation consists of:
- kAsyncFunctionSuspended when async function is suspended on await
(called on each await),
- kAsyncFunctionFinished when async function is finished.
Old instrumentation was based on reusing async function promise.
Using this promise produces couple side effects:
- for any promise instrumentation we first need to check if it is
special case for async function promise or not - it requires
expensive reading from promise object.
- we capture stack for async functions even if it does not contain
awaits.
- we do not properly cancel async task created for async function.
New intsrumntation resolved all these problems as well as provide
clear mapping between async task and generator which we can use later
to fetch scope information for async functions on pause.
R=dgozman@chromium.org,yangguo@chromium.org
Bug: v8:7078
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ifdcec947d91e6e3d4d5f9029bc080a19b8e23d41
Reviewed-on: https://chromium-review.googlesource.com/1043096
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53445}
Calls from embedded builtins to stubs are expensive due to the
indirection through the builtins constants table. This moves
all remaining Array constructor stubs to builtins.
Bug: v8:6666
Change-Id: I5989a7480697a506a1bae1929ddd2e3f1d655048
Reviewed-on: https://chromium-review.googlesource.com/1074759
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53399}
Calls from embedded builtins to stubs are expensive due to the
indirection through the builtins constants table. This moves
the InternalArrayConstructorStub to a builtin.
Bug: v8:6666
Change-Id: I8cd801bd9218ca9ef0853ed99c7a69090af5c9f9
Reviewed-on: https://chromium-review.googlesource.com/1072608
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53360}
Calls from embedded builtins to stubs are expensive due to the
indirection through the builtins constants table. This moves
the ArrayConstructorStub to a builtin.
Bug: v8:6666
Change-Id: Iff4bff99cd911a7f5f138819801c7812b75ea969
Reviewed-on: https://chromium-review.googlesource.com/1071519
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53357}
Calls from embedded builtins to stubs are expensive due to the
indirection through the builtins constants table. This moves
the ArrayNArgumentsConstructorStub to a builtin.
Bug: v8:6666
Change-Id: Ied303334874251415a9057abf612d76dd8330aa6
Reviewed-on: https://chromium-review.googlesource.com/1071450
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53356}
Calls from embedded builtins to stubs are expensive due to the
indirection through the builtins constants table. This moves
CallApiGetter and the 0/1 argument case of CallApiCallback to
builtins.
Bug: v8:6666
Change-Id: I49c4917253f790a3b947f42c50d6308a1ab99d91
Reviewed-on: https://chromium-review.googlesource.com/1070980
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53355}
This CL completely removes the C++ builtin implementation of the
DataView.prototype.buffer, DataView.prototype.byteLength, and
DataView.prototype.byteOffset getters, and moves them to
a Torque implementation (that still relies on a bit of CSA).
Change-Id: Id46678ae709c3787b7b93d0f78bd2a6e16e00f7b
Reviewed-on: https://chromium-review.googlesource.com/1070369
Commit-Queue: Théotime Grohens <theotime@google.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53339}
This CL uses the new function pointers and generic features of Torque
to improve the performance of TypedArray.p.sort.
Instead of one Load/Store builtin that dispatches at runtime based on
the element kind, there are now many small builtins (one for each
element kind). The sorting algorithm then uses function pointers to
those small builtins, which get set once.
Changes in the relevant benchmarks:
Benchmark Original (JS) Current This CL
IntTypes 83.9 202.3 240.7
BigIntTypes 32.1 47.2 53.3
FloatTypes 99.3 109.3 129.3
Bug: v8:7382
Change-Id: I8684410524d546615b19f6edcbfdc615068196aa
Reviewed-on: https://chromium-review.googlesource.com/1070069
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53322}
This CL adds a baseline Torque implementation of the DataView getters
and setters.
Right now, the Torque code just calls the C++ implementation, which
has moved to runtime.
Change-Id: Ic96fde7ea908c628af9586e84511037c237c4d3b
Reviewed-on: https://chromium-review.googlesource.com/1061520
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Théotime Grohens <theotime@google.com>
Cr-Commit-Position: refs/heads/master@{#53312}
The TC39 committee reached consensus to rename `flatten` to `flat`
during the May 22nd meeting. The corresponding patch to the proposal
is here:
093eacc7fe
Bug: v8:7220
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Ie8049ae4d4589a4ae7fe3d203053cef798c135e4
Reviewed-on: https://chromium-review.googlesource.com/1069467
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53294}
This is not web compatible, so let's delete the code.
Bug: v8:5536
Change-Id: I50506d37dcdff1f7f95577c47adcec653cc1f06e
Reviewed-on: https://chromium-review.googlesource.com/1064740
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53264}
https://github.com/tc39/proposal-intl-locale
Rename locale property to baseName to better reflect the intented use case and the change in spec.
TBR: bmeurer@chromium.org
Bug: v8:7684
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I91b630b49ce73abcebd6040ec968c91d75cff879
Reviewed-on: https://chromium-review.googlesource.com/1014411
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53193}
