For two FinishRegion nodes, the alias analysis returned "may alias" even
without properly looking through them.
Drive-by-fix: Add meaningful output for --trace-turbo-load-elimination.
R=jarin@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2301903002
Cr-Commit-Position: refs/heads/master@{#39075}
This patch refactors the scanner bookmark in SkipLazyFunctionBody,
so that it is only used locally, instead of being passed to several
other methods. It is replaced by a "may_abort" parameter and an
appropriate result denoting whether lazy parsing has been aborted.
It also applies the hack of aborting lazy parsing for arrow
functions that are considered to be "initialization functions".
R=adamk@chromium.org, vogelheim@chromium.org
BUG=
LOG=N
Review-Url: https://codereview.chromium.org/2297733002
Cr-Commit-Position: refs/heads/master@{#39072}
This patch removes the explicit classifier parameters from all
parsing methods and makes expression classifiers implicit in
the (pre)parser's implementation. In this way, the implementation
is simplified and a proper stack of classifiers is enforced.
R=adamk@chromium.org,littledan@chromium.org
BUG=
LOG=N
Review-Url: https://codereview.chromium.org/2289663002
Cr-Commit-Position: refs/heads/master@{#39068}
This patch removes the code for speeding up marking.
Now the step size depends on allocated bytes and
invoked write barriers.
We also ensure that the step size is large enough to
justify the overhead of interrupting the generated code.
BUG=chromium:616434
LOG=NO
Review-Url: https://codereview.chromium.org/2290333002
Cr-Commit-Position: refs/heads/master@{#39067}
The main goal is to have the opcode number on the stack, so that we can
extract it from minidumps.
Review-Url: https://codereview.chromium.org/2301853002
Cr-Commit-Position: refs/heads/master@{#39066}
This furthers our goal of avoiding using the representation dimension of
the Type class.
BUG=v8:5270
Review-Url: https://codereview.chromium.org/2295883004
Cr-Commit-Position: refs/heads/master@{#39064}
Now that the hole NaN is no longer represented as Float64Constant early
on, we should never see such a constant node in any JS-level graph, but
we will only see them after representation selection. Change Typer and
SimplifiedLowering appropriately (and fix the invalid tests).
R=jarin@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2299883003
Cr-Commit-Position: refs/heads/master@{#39063}
We use a signaling NaN to represent the hole in
FAST_HOLEY_DOUBLE_ELEMENTS backing stores, but on Intel processors, the
C++ compiler may decide to (or be forced to due to calling conventions)
use X87 registers for double values. However transfering to X87
registers automatically quietens the NaNs and there's no way to disable
this. Therefore we should just always load the hole NaN from the canonical
place identified by the address_of_hole_nan external reference instead,
which might even be more efficient in some cases.
R=jarin@chromium.org, jkummerow@chromium.org
BUG=v8:5332
Review-Url: https://codereview.chromium.org/2303643002
Cr-Commit-Position: refs/heads/master@{#39062}
Rolling v8/build to 87f8ed60519428c429030cd9ccb3feaf9f616881
Rolling v8/third_party/WebKit/Source/platform/inspector_protocol to a78b8834da38e5bca9eb5f0d8c28ffe4561dd224
Rolling v8/tools/clang to bd3311be3d35277e6d839596873e906b0b069ab5
Rolling v8/tools/mb to 2f9349ee2aec6dd7b167b26cbbcac2891a9649ab
TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
Review-Url: https://codereview.chromium.org/2307433002
Cr-Commit-Position: refs/heads/master@{#39061}
Port 7516fe1eaa
Original commit message:
The only remaining use of this VariableMode is for the names of sloppy
named function expressions. This patch instead uses CONST for such
bindings (just as we do in strict mode) and instead marks those
Variables specially. During code generation a new helper method,
Variable::throw_on_const_assignment(), is called to decide whether
to throw or silently ignore the assignment.
R=adamk@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com
BUG=
Review-Url: https://codereview.chromium.org/2299043002
Cr-Commit-Position: refs/heads/master@{#39060}
port 7516fe1eaa (r39052)
original commit message:
The only remaining use of this VariableMode is for the names of sloppy
named function expressions. This patch instead uses CONST for such
bindings (just as we do in strict mode) and instead marks those
Variables specially. During code generation a new helper method,
Variable::throw_on_const_assignment(), is called to decide whether
to throw or silently ignore the assignment.
BUG=
Review-Url: https://codereview.chromium.org/2299103002
Cr-Commit-Position: refs/heads/master@{#39059}
This patch arranges that property names are parsed in a single pass,
reporting the name as well as the type of the property, instead of
parsing qualifiers like 'static' or 'get' initially as names and then
re-parsing. This change is easier to reason about, very slightly (4%)
faster in some cases (although slower in other, less common ones, though
this slowdown will be fixed in an upcoming patch), and is a prerequisite
for separating the parsing of object and class literal properties, which
will become increasingly important as ECMAScript adds more class features.
This is a reland of https://codereview.chromium.org/2278153004/,
which fixes the issue causing the revert and adds more tests.
Review-Url: https://codereview.chromium.org/2300503002
Cr-Commit-Position: refs/heads/master@{#39056}
The event is used by DevTools to mark microtask execution intervals.
To reduces the overhead the event is only emitted when there are
microtasks to run.
BUG=642228
Review-Url: https://codereview.chromium.org/2289593005
Cr-Commit-Position: refs/heads/master@{#39055}
The only remaining use of this VariableMode is for the names of sloppy
named function expressions. This patch instead uses CONST for such
bindings (just as we do in strict mode) and instead marks those
Variables specially. During code generation a new helper method,
Variable::throw_on_const_assignment(), is called to decide whether
to throw or silently ignore the assignment.
Review-Url: https://codereview.chromium.org/2233673003
Cr-Commit-Position: refs/heads/master@{#39052}
Previously, fast holey elements accessors would detect element presence
by simply doing a hole check on any slot within the backing store's
capacity. This relied on the (mostly-true but brittle) assumption that
slots beyond the length are always correctly zapped with The Hole.
Review-Url: https://codereview.chromium.org/2297253002
Cr-Commit-Position: refs/heads/master@{#39051}
This introduces a new heap object ModuleInfo, which is to ModuleDescriptor
what ScopeInfo is to Scope. When deserializing a scope info that contains
a module info, we deserialize the module info into a module descriptor and
put it into the synthesized module scope.
Currently, module infos only store exports.
R=adamk@chromium.org
BUG=v8:1569
Review-Url: https://codereview.chromium.org/2277253003
Cr-Commit-Position: refs/heads/master@{#39049}
Ignition OSR to turbofan seems to cause instruction selector crashes
(where instructions selector gets simplified operators, probably
because we break the effect chain somehow).
BUG=chromium:641893
Review-Url: https://codereview.chromium.org/2298613003
Cr-Commit-Position: refs/heads/master@{#39045}
When we try to further fold previously folded allocations in Crankshaft
GVN we don't properly transform the allocations involved, which causes
the mechanism to leave holes in the new/old space (and thereby violate
the iterability property of the new/old space).
BUG=chromium:621868
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2297983003
Cr-Commit-Position: refs/heads/master@{#39040}
The last user was propagating asm_module_ to inner function scopes as asm_function_. asm_function_ is already set upon scope creation when the outer scope IsAsmModule(). With default parameter it's possible that inner scopes are created before set_asm_module() is called. To keep current behavior we'll eagerly mark inner scopes as asm_function_ upon set_asm_module().
There's only one special case that used to be marked asm_function_ which is now no longer marked as such: asm functions in block scopes that are 'Finalized'. PropagateScopeInfo used to mark them as asm_function_ as well, whereas the new version would not mark them upon construction of the inner scope.
I presume both above cornercases aren't actually intended valid asm.js use-cases anyway. The second we can now easily identify in the verifier and mark as invalid asm, since we'll have an asm module with non-asm-function inner functions. If we want to disallow the first, we can also not mark them as asm_functions_ (by removing the loop I added in set_asm_module), which will reveal this structure to the validator.
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2270743003
Cr-Commit-Position: refs/heads/master@{#39039}
This way, many files which only need CompilationInfo but not compiler.h
and its dependencies can include just compilation-info.h.
BUG=
Review-Url: https://codereview.chromium.org/2284313003
Cr-Commit-Position: refs/heads/master@{#39038}
This is the first step towards unifying ParseVariableDeclarations.
BUG=
Review-Url: https://codereview.chromium.org/2297643002
Cr-Commit-Position: refs/heads/master@{#39036}
Rolling v8/build to 679c9fd3fa7390897bcf6891f0dc57a5e5dced0d
Rolling v8/tools/mb to d939c7d364f0565ac2ddcae09aafe01c9bf8007d
TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
Review-Url: https://codereview.chromium.org/2293333002
Cr-Commit-Position: refs/heads/master@{#39035}
The way we use FinishRegion for transitioning stores makes them eligible
for elimination by TypedOptimization, which is unintended and removes
the atomicity of the transitioning stores. This is a quickfix to ensure
that we don't remove the FinishRegion nodes during TypedOptimization;
the real fix is probably to have separate region operators for value
(producing) regions (i.e. allocations) and for effect-only regions (i.e.
transitioning stores).
R=jarin@chromium.org
BUG=v8:5303
Review-Url: https://codereview.chromium.org/2293023003
Cr-Commit-Position: refs/heads/master@{#39033}
If the type of a tracked field or element value is less precise than the
advertised type of the field or element load, then we replace the load
operation with a TypeGuard that guards the advertised type.
R=jarin@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2295643002
Cr-Commit-Position: refs/heads/master@{#39032}
We (mis)used Type::Class to track stable field maps in the past. But
that always more or less unsupport and wrong for various reasons, mostly
because the class types do not really present static information and
thus it is possible to violate fundamental assumptions of the type
system (i.e. intersecting class types and other types produces
"interesting" results).
Now it is possible to finally nuke the class types completely and thus
simplify (and ideally correctify) the type system further.
Note to performance sheriff: We do expect to see some performance
regressions from this change. This is because we do not yet have a sane
replacement mechanism to track known field maps and utilize them during
LoadElimination. This will be accomplished in a follow up CL.
BUG=v8:5270,v8:5267
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2293343002
Cr-Commit-Position: refs/heads/master@{#39031}
This removes two bits of duplication:
- Parsing of each AssignmentExpression, which previously was called
first outside the loop and then inside the loop.
- Parsing of arrow rest parameters, which previously was handled
separately for the one-arg and N-arg cases.
The only change in behavior is in a few error messages.
Review-Url: https://codereview.chromium.org/2279363002
Cr-Commit-Position: refs/heads/master@{#39030}
Reason for revert:
Fails to reject "{*foo: 1}" as an object literal, found
by the fuzzer:
https://build.chromium.org/p/client.v8/builders/V8%20Fuzzer/builds/12315/steps/Fuzz%20on%20Ubuntu-12.04/logs/stdio
Original issue's description:
> Refactor object/class literal property name parsing
>
> This patch arranges that property names are parsed in a single pass,
> reporting the name as well as the type of the property, instead of
> parsing qualifiers like 'static' or 'get' initially as names and then
> re-parsing. This change is easier to reason about, very slightly (4%)
> faster in some cases (although slower in other, less common ones, though
> this slowdown will be fixed in an upcoming patch), and is a prerequisite
> for separating the parsing of object and class literal properties, which
> will become increasingly important as ECMAScript adds more class features.
>
> Committed: https://crrev.com/6dd26c729584024e17a05a2a76b319d4aecdc138
> Cr-Commit-Position: refs/heads/master@{#39027}
TBR=littledan@chromium.org,marja@chromium.org,bakkot@google.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2295743003
Cr-Commit-Position: refs/heads/master@{#39029}
Test ensuring globals are isolated between instances. Also
added support for globals section to mjsunit's
WebModuleBuilder as a prerequisite.
BUG=
Review-Url: https://codereview.chromium.org/2296993002
Cr-Commit-Position: refs/heads/master@{#39028}