When optimizing SpeculativeToNumber we need to pay attention to the
hint, otherwise we optimize away a Signed32 conversion, based on the
fact that the input is a Number.
Bug: chromium:819298
Change-Id: I2ac7b0dac708fee9083eca2880bd5674a82daaa3
Reviewed-on: https://chromium-review.googlesource.com/955423
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51805}
... and use Smi Map::kPrototypeChainValid for the cases where direct receiver's
prototype is not JSObject instead of creating a new valid cell for each such
case. This will make a validity cell checking code simpler.
Bug: v8:5988
Change-Id: I52cf55797171cc8021d80e4e441615d0c8fc8bd4
Reviewed-on: https://chromium-review.googlesource.com/951384
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51803}
UnalignedLoad is the only kind of load operation that defines its own
UnalignedLoadRepresentation type alias and LoadRepresentationOf function.
This is a problem because it means we cannot use the LOAD_MATCHER
infrastructure without defining all of this boilerplate for all the other
kinds of load operations. Since these aliases serve no real purpose,
it is best to unify UnalignedLoad to how its peers are handled.
Change-Id: I51a591eb82fb85edee66512136b23276e851f767
Reviewed-on: https://chromium-review.googlesource.com/951683
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51802}
The debugger script implementation had its own way to write
uint32_t values to a string as hex values. This removes the
custom code and uses a shared implementation in String16Builder
instead.
The observable effect is that script hashes are now lower-case
and the character sequence is reversed for each 8-character
pair.
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ib21769fbe10c24055fbd3fa9573bc5c2d72f6a74
Reviewed-on: https://chromium-review.googlesource.com/951303
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51801}
- Make it explicit that the field marks are supposed to be all-false after each
object.
- Remove unused param from MarkVisitedField.
BUG=v8:7534
Change-Id: Ibc226290bb09daca60b92819944e0049bb33e594
Reviewed-on: https://chromium-review.googlesource.com/951725
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51799}
The tricky part here is to take away one register from register
allocation for the mask. The only problem is with calls that need
an input operand to be passed in the poison register. For such calls,
we change the register constraint in the instruction selector
to pass the value in whatever place the register allocator sees fit.
During code generation, we then copy the value from that place
to the poison register. By that time, the mask is not necessary
(once we bake the mask into the target, it should be done before
this move).
For the branches, the mask update does not use cmov (unlike x64)
because cmov does not take an immediate and we do not have
a scratch register. Instead we use bit-twiddling tricks
(suggested by @tebbi). For example, here is the code for masking
register update after a bailout on non-zero:
jnz deopt_bailout ;; Bailout branch
setnz bl ;; These three instructions update the mask
add ebx, 255
sar ebx, 31
(On x64, the sequence is:
jnz deopt_bailout
mov r10, 0 ;; We have a scratch register for zero
cmovnz r9, r10 ;; Set to zero if we execute this branch
;; in branch mis-speculation
)
This CL also fixes a bug in register configuration, where we used
to wrongly restrict the array of register name.
Change-Id: I5fceff2faf8bdc527d9934afc284b749574ab69e
Bug: chromium:798964
Reviewed-on: https://chromium-review.googlesource.com/946251
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51798}
icu-timezone-data was enabled before but reverted due to a perf issue.
(sunspider/date-format-totfe regressed; crbug.com/769706 ).
However, my in-Chrome test of the same test [1] shows that there's virtually
no perf difference. See https://goo.gl/GX1jt6 .
This will introduce a new behavior on POSIX(-like) platforms. Timezone
names inside parentheses after GMT offset will not be 3-4 letter
abbreviation any longer. They'll be human-readable names in the current
default locale. This matches the current Windows behavior.
new Date(2017, 5, 22).toString()
new Date(2017, 11, 22).toString()
Current:
Thu Jun 22 2017 00:00:00 GMT-0700 (PDT)
Fri Dec 22 2017 00:00:00 GMT-0800 (PST)
New:
Thu Jun 22 2017 00:00:00 GMT-0700 (Pacific Daylight Time)
Fri Dec 22 2017 00:00:00 GMT-0800 (Pacific Standard Time)
This CL will be followed by
https://chromium-review.googlesource.com/c/v8/v8/+/572148 to
implement https://github.com/tc39/ecma262/pull/778 .
[1] http://jungshik.github.io/v8/cr769706.html
BUG=v8:6031, v8:2137, v8:6076, chromium:769706
TEST=mjsunit/icu-date-lord-howe.js, mjsunit/icu-date-to-string.js
Change-Id: I22203670c3307a57fbf99e5f0a271dcbfbbef8fd
Reviewed-on: https://chromium-review.googlesource.com/857333
Commit-Queue: Jungshik Shin <jshin@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51791}
The next CL will add an actual WeakFixedArray which contains in-place weak
references.
Also removes FLAG_trace_weak_arrays which is not super useful.
BUG=v8:7308
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I016880ecc66b03b406f7184b7f72ab514cb65428
Reviewed-on: https://chromium-review.googlesource.com/951730
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51789}
Just copies the StringConcat tests and refactors them to exercise
template literals rather than simple string addition.
BUG=v8:7415
R=rmcilroy@chromium.org
Change-Id: I79cf24ee33e64b1d57221eb0291d9958634130ec
Reviewed-on: https://chromium-review.googlesource.com/951968
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Cr-Commit-Position: refs/heads/master@{#51788}
Shrink number of instruction in ByteSwap macro for some cases.
Allow that input and output registers can be the same.
Extend test to cover all test cases.
Change-Id: I7e0b86988fb73eed604751ffd89657cdff4abc3c
Reviewed-on: https://chromium-review.googlesource.com/951726
Reviewed-by: Sreten Kovacevic <sreten.kovacevic@mips.com>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#51787}
This was a shim for the non-I+TF codepath, which is now the only
codepath (that still uses this tier-up mechanism anyway). There were a
couple of places we were accidentally using it due to CompileLazy or
deopts, so this also fixes those.
Change-Id: I00a7fdf9fb5cf74844138dac62d01ceaaf192e17
Reviewed-on: https://chromium-review.googlesource.com/951490
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51786}
If test webkit/dfg-int-overflow-in-loop is executed with option --noopt,
execution will be too slow on simulator. Therefore, this test will be
skipped on MIPS64 simulators.
TEST=webkit/dfg-int-overflow-in-loop
BUG=
Change-Id: I3d116fe579a5690c817a9a9d4e8a4bf8188298cc
Reviewed-on: https://chromium-review.googlesource.com/951610
Commit-Queue: Ilija Pavlović <ilija.pavlovic@mips.com>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51785}
The register file of the JSGeneratorObject is normally filled with
undefined in the beginning, except in TurboFan where we put the_hole
there. In addition TurboFan used StoreElement to initialize the fields
but then StoreField/LoadField to access them later, which can lead to
aliasing bugs (currently not possible because our alias analysis is
not smart enough).
Bug: v8:7253
Change-Id: Idbff29d138946f110336b9bef0e1889e596d834c
Reviewed-on: https://chromium-review.googlesource.com/952968
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51784}
We may get an empty handle passed to the side-effect check in places
where we have not implemented the flag check yet.
R=luoe@chromium.org
Bug: v8:7515
Change-Id: I088b223c4e8cc3aa262bebe34458c2e95b30e347
Reviewed-on: https://chromium-review.googlesource.com/951768
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51783}
The VM state is a property of the isolate, not the CPU profiler.
Having to create a v8::CpuProfiler instance in order to change
the property is somewhat inefficient.
See https://github.com/nodejs/node/issues/18039 and
https://github.com/nodejs/node/pull/18534 for context.
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I70e31deca6529bccc05a0f4ed500ee268fb63cb8
Reviewed-on: https://chromium-review.googlesource.com/900622
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51779}
The test is flaky because the OS does not sleep for the full requested
time. Adding a check for the OS sleep time.
Bug: v8:7492
Change-Id: I495ecc6595238bc1771adc434e766543513a0256
Reviewed-on: https://chromium-review.googlesource.com/937818
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Fadi Meawad <fmeawad@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51774}
We are not allowed to use t0 and t1 as temporary registers in
macro assembler as they are allocatable. This CL fixes the
issue.
Change-Id: I328532e669b081e5215887b725b0b645a86d98b1
Reviewed-on: https://chromium-review.googlesource.com/951488
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Reviewed-by: Sreten Kovacevic <sreten.kovacevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#51773}
RecordWrite is not isolate-independent on arm/arm64.
TBR=yangguo@chromium.org
NOTRY=true
Bug: v8:6666
Change-Id: Ie1160434dc9fcb0da91ce53ea06addf9f87434dd
Reviewed-on: https://chromium-review.googlesource.com/951247
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51771}
The idea of GetUnaryOpTargetRegister and GetBinaryOpTargetRegister is
to reuse the register of one of the operands instead of using an
separate third one, because we can often generate better code if the
destination register matches the src or lhs.
This was implemented by looking at the top or the first two stack
entries, and using one of their registers if there is only one use.
Instead of doing that we can also just pop them and then later check
whether this was the only use. This makes the code smaller, more
readable and probably faster.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: Ia5d9e320bdb3add5032400455a64a0c7fee77cbd
Reviewed-on: https://chromium-review.googlesource.com/950947
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51770}
Tests are failing on MIPS with bus error because instruction cache is not flushed.
Change-Id: I1725a87ea2dc36ffde767d10a0c4deea0e069c09
Reviewed-on: https://chromium-review.googlesource.com/950722
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#51768}
This fixes HeapSnapshotGenerator::SetProgressTotal so that
ProgressReport is called with finished flag only once.
The DevTools front-end assumes that progress with finished flag is
reported only once.
Change-Id: Iad958478aa8ad27a520cb491419e521027967754
Reviewed-on: https://chromium-review.googlesource.com/949224
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51767}
ObjectSpace was only referred to in static_asserts and was otherwise
removed in http://codereview.chromium.org/7945009.
AllocationActions's last usage was removed in
https://codereview.chromium.org/1991293002.
Bug: v8:7310
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I2ccbf3b674517bc698b4c92754cd0b251229d342
Reviewed-on: https://chromium-review.googlesource.com/931887
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51763}
Instead of computing the disassmebly and offset tables eagerly on
registering a WASM function with a debugger agent, only generate
it when the source or offset tables are actually required. This is
implemented using a lazy, memoizing supplier that is shared
between the debugger agent and wasm translator.
Bug: chromium:794941
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I1a2f7dd71ab65c80f91ddee4f7babbdf33d2e74b
Reviewed-on: https://chromium-review.googlesource.com/918641
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51762}
Make BuiltinsArrayAssembler::o() and len() into TNode<JSReceiver> and
TNode<Number> respectively.
Also adds typing to CodeStubAssembler::ToLength_Inline.
Fixes a type error in ArraySpeciesCreate which needs to take a Number rather
than a Smi.
Bug: v8:7310
Change-Id: Ie01d58ba195bddfe58ac7e4a31272c8f1a14c6ce
Reviewed-on: https://chromium-review.googlesource.com/934821
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51761}
We now unconditionally both parse and compile StreamedSource on the background
thread.
BUG=v8:5203
Change-Id: I42d6fe9059bc1745da3a415d270f46cf1c08b306
Reviewed-on: https://chromium-review.googlesource.com/948854
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51758}
Note that {nullptr} is a dangerous sentinel value in V8's object model
because it can be interpreted as Smi(0) and hence will turn into a
completely different type than the declared return type at runtime.
R=ahaas@chromium.org
BUG=v8:7509
Change-Id: I89cffa1160a3bf6853f91c04fb90c74ad08888a3
Reviewed-on: https://chromium-review.googlesource.com/948907
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51757}
Instead of a hard-coded list of function addresses, we now use a flag
on the AccessorInfo object to annotate whether the getter can cause any
side effect.
Future changes will extend this to InterceptorInfo, CallHandlerInfo, and
expose this through the API.
R=jgruber@chromium.org, luoe@chromium.org
Bug: v8:7515
Change-Id: Id0fedf03493c3bd81913557a5681f8f63660f6a4
Reviewed-on: https://chromium-review.googlesource.com/945909
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51756}
