Remove Variable::IsValidReference(), and the Variable::is_valid_ref_
member: This was "false" only for "this", and for internal variables.
For the first, VariableProxy::is_this() can be used for the check
instead; and for internal variables, it is guaranteed they they will
not be written to (because the V8 code does not do it, and they are
not accessible from JavaScript).
The "bool is_this" parameter of VariableProxy() constructor is
changed to use Variable::Kind. This will allow to later on adding
a parameter to create unresolved variables of any kind, which in
turn will be used to make references to "this" initially unresolved,
and use the existing variable resolution mechanics for "this".
BUG=v8:2700
LOG=N
Review URL: https://codereview.chromium.org/1024703004
Cr-Commit-Position: refs/heads/master@{#27404}
it is the last patch of https://codereview.chromium.org/1012633002
All that we need here is to push the collected info to the profiler
and convert it into actionable information about deopt.
On the Next: get the info accessible by embedder.
BUG=chromium:452067
LOG=n
TEST=DeoptAtFirstLevelInlinedSource, DeoptAtSecondLevelInlinedSource, DeoptUntrackedFunction
Review URL: https://codereview.chromium.org/1013143003
Cr-Commit-Position: refs/heads/master@{#27403}
port e18e3cd4d8 (r27305)
original commit message:
[stubs] Add missing interface descriptor for the CompareIC.
BUG=
Review URL: https://codereview.chromium.org/1024553007
Cr-Commit-Position: refs/heads/master@{#27397}
port 16c8485a35 (r27269).
original commit message:
Replaces StoreGlobalCell / LoadGlobalCell with NamedField variants that use write barriers.
BUG=
Review URL: https://codereview.chromium.org/1013543004
Cr-Commit-Position: refs/heads/master@{#27395}
port 34a1a76ddf (r27235)
original commit message:
A hydrogen code stub is not the best approach because it builds a frame
and doesn't have the technology to discard roots at tail call exits.
Platform-specific stubs provide much better performance at this point.
BUG=
Review URL: https://codereview.chromium.org/1025073005
Cr-Commit-Position: refs/heads/master@{#27394}
Reason for revert:
Layout test failures. Please update layout test expectations before landing this, in order to not block the roll.
Original issue's description:
> [es6] Object.getPrototypeOf should work with values
>
> The final spec for Object.getPrototypeOf calls ToObject on the
> parameter, which means that it should only throw for null and
> undefined. For other non object values the prototype of the wrapper
> should be used.
>
> BUG=v8:3964
> LOG=N
> R=adamk, rossberg@chromium.org
>
> Committed: https://crrev.com/ea463a916bbe5994b0d2d04e8075058b373b2e2c
> Cr-Commit-Position: refs/heads/master@{#27354}
TBR=adamk@chromium.org,rossberg@chromium.org,arv@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3964
Review URL: https://codereview.chromium.org/1033623002
Cr-Commit-Position: refs/heads/master@{#27389}
port 15f8213809 (r27263)
original commit message:
This relands commit 96f79568a9.
This makes the Isolate::Throw logic not depend on a prediction of
whether an exception is caught or uncaught. Such a prediction is
inherently undecidable because a finally block can decide between
consuming or re-throwing an exception depending on arbitray control
flow.
There still is a conservative prediction mechanism in place that
components like the debugger or tracing can use for reporting.
With this change we can get rid of the StackHandler::kind field, a
pre-requisite to do table-based lookups of exception handlers.
BUG=
Review URL: https://codereview.chromium.org/1027413002
Cr-Commit-Position: refs/heads/master@{#27385}
Every time embedder calls v8::HeapProfiler::GetHeapStats we store next unuassigned heap object id and timestamp of the request. This patch serializes all that data into heap snapshot so that embedder can restore allocation timeline.
BUG=chromium:467222
LOG=Y
Review URL: https://codereview.chromium.org/1019813004
Cr-Commit-Position: refs/heads/master@{#27384}
Port 6689cc27eb
Original commit message:
Handlers should be in charge of this work. The change uncovered a bug in
vector-ics related to keyed loads into strings. It's important for
StringCharCodeAtGenerator, a helper used in full code and in
LoadIndexedStringStub (a handler) to protect the vector and slot registers
when it makes a runtime call to convert a HeapNumber to a Smi.
It's still possible for the handler to MISS after this call, perhaps due
to out of bounds access. In that case, the vector and slot registers need
to be delivered safely to the MISS handler.
BUG=
Review URL: https://codereview.chromium.org/1025303005
Cr-Commit-Position: refs/heads/master@{#27383}
Port 15f8213809
Original commit message:
This relands commit 96f79568a9.
This makes the Isolate::Throw logic not depend on a prediction of
whether an exception is caught or uncaught. Such a prediction is
inherently undecidable because a finally block can decide between
consuming or re-throwing an exception depending on arbitray control
flow.
There still is a conservative prediction mechanism in place that
components like the debugger or tracing can use for reporting.
With this change we can get rid of the StackHandler::kind field, a
pre-requisite to do table-based lookups of exception handlers.
R=mbrandy@us.ibm.com, yangguo@chromium.org, svenpanne@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1016333002
Cr-Commit-Position: refs/heads/master@{#27381}
Handlers should be in charge of this work. The change uncovered a bug in
vector-ics related to keyed loads into strings. It's important for
StringCharCodeAtGenerator, a helper used in full code and in
LoadIndexedStringStub (a handler) to protect the vector and slot registers
when it makes a runtime call to convert a HeapNumber to a Smi.
It's still possible for the handler to MISS after this call, perhaps due
to out of bounds access. In that case, the vector and slot registers need
to be delivered safely to the MISS handler.
BUG=
Review URL: https://codereview.chromium.org/1028093002
Cr-Commit-Position: refs/heads/master@{#27377}
This removes the stub-based constructor from CompilationInfoWithZone
as this class is more than a pure convenience class and only by chance
doesn't have an effect in the destructor.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1026513004
Cr-Commit-Position: refs/heads/master@{#27376}
This method uses in messages.js in GetSourceLine and GetPositionInLine. This methods uses in v8::Message API methods and there is no documentation about it.
Method looks obsolete.
One of the strange side effect is shown by attached issue.
BUG=chromium:468781
R=yangguo@chromium.org
LOG=Y
Review URL: https://codereview.chromium.org/1022333004
Cr-Commit-Position: refs/heads/master@{#27374}
15.5.4.6 5.b requires each part to be converted using ToString(). This also needs to occur in the single argument fast-case.
BUG=v8:3981
R=arv@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/1029103002
Cr-Commit-Position: refs/heads/master@{#27372}
This allows using %OptimizeFunctionOnNextCall and friends even when
Crankshaft is disabled. Note that this should only affect code paths
that are not relevant to performance. By now we have a single bailout
point in place within OptimizedCompileJob::CreateGraph that ensures
Crankshaft is only used when enabled and supported.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/999173007
Cr-Commit-Position: refs/heads/master@{#27367}
Port 34a1a76ddf
Original commit message:
A hydrogen code stub is not the best approach because it builds a frame
and doesn't have the technology to discard roots at tail call exits.
Platform-specific stubs provide much better performance at this point.
R=verwaest@chromium.org, mbrandy@us.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1019003002
Cr-Commit-Position: refs/heads/master@{#27365}
port d4696c4841 (r27150)
original commit message:
This moves the decision whether to report a message or not to when
the pending exception is propagated instead of trying to preserve the
decision in a ThreadLocalTop field.
BUG=
Review URL: https://codereview.chromium.org/1028073002
Cr-Commit-Position: refs/heads/master@{#27360}
port f71e262683 (r27127)
original commit message:
Simplify pending message script handling.
This removes the separate tracking of the pending message script,
because that script is already stored in the message object and
duplicating it in the ThreadLocalTop makes it more brittle.
BUG=
R=weiliang.lin@intel.com
Review URL: https://codereview.chromium.org/1028993003
Cr-Commit-Position: refs/heads/master@{#27358}
port 36e69a916f (r27115)
original commit message:
This reduces the size of the StackHandler by yet another word. We no
longer need to keep track of the frame pointer, as the stack walk will
be able to recalculate it.
BUG=
Review URL: https://codereview.chromium.org/1030563002
Cr-Commit-Position: refs/heads/master@{#27357}
port 8d946b9c3f (r27106).
original commit message:
[es6] Throw TypeError for computed static prototype property name
The prototype of a class constructor function is read only. When we set
computed property names we were ignoring this and we were overriding the
property.
Since the prototype is the only possible own read only property on the
constructor function object we special case this so we do not have to
check this for every property in the class literal.
BUG=
Review URL: https://codereview.chromium.org/1028983002
Cr-Commit-Position: refs/heads/master@{#27356}
We were using ToObject in a lot of places where the common case is that
we already have an object. By changing to TO_OBJECT_INLINE we don't
have to go through 5 different if statements before falling through.
We were also calling ToObject too many times in DefineObjectProperty
where we already know that obj is an object.
BUG=None
LOG=N
Review URL: https://codereview.chromium.org/1019413002
Cr-Commit-Position: refs/heads/master@{#27355}
The final spec for Object.getPrototypeOf calls ToObject on the
parameter, which means that it should only throw for null and
undefined. For other non object values the prototype of the wrapper
should be used.
BUG=v8:3964
LOG=N
R=adamk, rossberg@chromium.org
Review URL: https://codereview.chromium.org/1014813003
Cr-Commit-Position: refs/heads/master@{#27354}
port e0aa8ebf93 (r27103).
original commit message:
This reduces the size of the StackHandler by one word. We no longer
need to keep track of the code object, as the stack walk finds it.
BUG=
R=weiliang.lin@intel.com
Review URL: https://codereview.chromium.org/1022403002
Cr-Commit-Position: refs/heads/master@{#27353}
port 1382879f29 (r27016).
oringinal commit message:
[turbofan] Implement throwing exceptions into TurboFan code.
This extends the stack unwinding logic to respect optimized frames
and perform a lookup in the handler table to find handlers. It also
contains fixes to the API call stubs to allow a stack walk while
promoting scheduled exceptions.
BUG=
Review URL: https://codereview.chromium.org/1023943002
Cr-Commit-Position: refs/heads/master@{#27342}
port 2ecdf736cf (r27014).
original commit message:
Fix exception for assignment to uninitialised const.
BUG=
Review URL: https://codereview.chromium.org/1028533002
Cr-Commit-Position: refs/heads/master@{#27332}
To ensure termination, we need to be sure that once we start weakening
a node, we keep weakening that node in subsequent re-typings. Until now,
we were guessing that we previously weakened from the type. This
change introduces a set of nodes that have already be weakened, so
that we have a reliable way to detect previous weakening.
BUG=chromium:468799
LOG=n
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1019883002
Cr-Commit-Position: refs/heads/master@{#27331}
Port d21fd15467
Known issue: the mjsunit/harmony/reflect-construct test fails, it will be addressed in a follow-up CL.
BUG=
Review URL: https://codereview.chromium.org/1021863002
Cr-Commit-Position: refs/heads/master@{#27326}
The problem manifests itself when parsing manages to return something
meaningful in the presence of a stack overflow. This happens because
calling ParserBase::Next() will still return one valid token on stack
overflow, before starting to return invalid tokens.
Take the following input as example:
a.map(v => v + 1);
| |
already next token
parsed (which will be an invalid token
(identifier) because of a stack overflow)
The "v" may have been already parsed into a VariableProxy, then if a
stack overflow occurs, next token will be an invalid token (instead
of Token::ARROW), but the parser will return the VariableProxy.
This always happens when lazy-parsing arrow functions, so the position
in the input stream where the the arrow function code ends is known.
This fix adds a check that ensures that parsing ended at the end
position of the arrow function.
BUG=465671
LOG=N
Review URL: https://codereview.chromium.org/1023483003
Cr-Commit-Position: refs/heads/master@{#27325}
With this change, we remember the types of frame state inputs (in a new
operator, called TypedStateValues). Instead of inferring the value types
when building translations, we used the recorded types.
The original approach was not reliable because the passes after
simplified lowering can change node types, and this in turn confuses
the translation builder.
BUG=chromium:468727
LOG=n
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1015423002
Cr-Commit-Position: refs/heads/master@{#27310}
The CallInterfaceDescriptor already provides information about the
expected representation of parameters, so we can use that instead of
hardcoding tagged representation for all parameters.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1019293002
Cr-Commit-Position: refs/heads/master@{#27308}
Reason for revert:
Failing Blink tests on Win and Mac:
- plugins/netscape-plugin-property-access-exception.html
- http/tests/plugins/cross-frame-object-access.html
Original issue's description:
> Cleanup and unify Isolate::ReportPendingMessages.
>
> Note that this is a pure cleanup CL and shouldn't have an observable
> impact on the functional behavior of message reporting.
>
> R=yangguo@chromium.orgTBR=yangguo@chromium.org,machenbach@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1016323002
Cr-Commit-Position: refs/heads/master@{#27306}
Add support for appending extend modes uxtb or uxth to add and subtract
instructions, and using them in the instruction selector.
BUG=
Review URL: https://codereview.chromium.org/1021533002
Cr-Commit-Position: refs/heads/master@{#27303}
Use a delegating constructor for CompilationInfo, reducing duplicated
code. Simplified handling of InlinedFunctionInfos on the way: When we
start compiling, we have bigger things to worry about than a default
vector.
Reduced the usage of a SharedFunctionInfo for compiling, this is a
slighty strange concept.
Review URL: https://codereview.chromium.org/1018853004
Cr-Commit-Position: refs/heads/master@{#27299}
The weaken limits are constants, there's no point in having a separate
copy of those constants per typer that is initialized per Typer
instance.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1008923004
Cr-Commit-Position: refs/heads/master@{#27297}
This reduces the overhead of typed lowering, because we lower
JSToBoolean/JSUnaryNot directly if possible, instead of first lowering
to AnyToBoolean, and then letting the SimplifiedOperatorReducer do the
further lowering.
Also remove some obsolete tests from the cctest suite that have since
been removed by proper unittests. And improve unitttest coverage for the
typed lowering cases.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/999173003
Cr-Commit-Position: refs/heads/master@{#27295}
When the debugger is active, a host of connected functions get an associated
DebugInfo structure, and their code is copied. The debugger uses the original
code to occasionally patch ICs with their initial value. Although IC learning
can occur, it's thrown away often, depending on the constellation of
breakpoints active or deactivating. Finally, feedback is discarded when the
debugger is turned off.
The type feedback vector needs to be brought into line with this behavior, so
now the debugger clears it's IC slots at appropriate bottlenecks in debug.cc.
R=yangguo@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1014373002
Cr-Commit-Position: refs/heads/master@{#27289}
The control input is only relevant for operations that may "write" (to
prevent hoisting) or "throw" (because they are part of the control chain).
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1015353004
Cr-Commit-Position: refs/heads/master@{#27288}
The change introduces a second frame state (for the state before
the operation) for the StoreProperty nodes. If the store writes
into a typed array, the frame state is used for lazy deopt from
the to-number conversion that is performed by the store.
BUG=v8:3963
LOG=n
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/997983004
Cr-Commit-Position: refs/heads/master@{#27285}
Port 16c8485a35
Original commit message:
Replaces StoreGlobalCell / LoadGlobalCell with NamedField variants that use write barriers.
BUG=
Review URL: https://codereview.chromium.org/1014293002
Cr-Commit-Position: refs/heads/master@{#27277}
Port 15f8213809
Original commit message:
This relands commit 96f79568a9.
This makes the Isolate::Throw logic not depend on a prediction of
whether an exception is caught or uncaught. Such a prediction is
inherently undecidable because a finally block can decide between
consuming or re-throwing an exception depending on arbitray control
flow.
There still is a conservative prediction mechanism in place that
components like the debugger or tracing can use for reporting.
With this change we can get rid of the StackHandler::kind field, a
pre-requisite to do table-based lookups of exception handlers.
BUG=
Review URL: https://codereview.chromium.org/1015993002
Cr-Commit-Position: refs/heads/master@{#27273}
I found some strange split in deopt entry points generator.
The code for table entry generator had two classes.
It is safe to join these classes together and drop virtual.
BUG=
LOG=n
Review URL: https://codereview.chromium.org/1010413003
Cr-Commit-Position: refs/heads/master@{#27264}
This relands commit 96f79568a9.
This makes the Isolate::Throw logic not depend on a prediction of
whether an exception is caught or uncaught. Such a prediction is
inherently undecidable because a finally block can decide between
consuming or re-throwing an exception depending on arbitray control
flow.
There still is a conservative prediction mechanism in place that
components like the debugger or tracing can use for reporting.
With this change we can get rid of the StackHandler::kind field, a
pre-requisite to do table-based lookups of exception handlers.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/997213003
Cr-Commit-Position: refs/heads/master@{#27263}
Some native counters (e.g. KeyedLoadGenericSlow) are referenced from stubs that are generated very early in the Isolate lifecycle before v8::Isolate::New returns. Thus counter lookup callback also needs to be installed early prior to v8::internal::Isolate::Init call. Otherwise assembler will just assume that the counter is not enabled and produce no code from IncrementCounter - because address of the counter is not yet available.
Histogram related callbacks are moved for consistency to make them able to collect samples which occur at isolate initialization time.
BUG=
Review URL: https://codereview.chromium.org/1010233002
Cr-Commit-Position: refs/heads/master@{#27262}
This is the fifth part of https://codereview.chromium.org/1012633002
In this part we collect the offsets of deopt calls and save it into
an inlined function info.
On the Next:
Later when deopt happens we will get the offset of deopt call and
search it among inlined infos.
BUG=chromium:452067
LOG=n
Review URL: https://codereview.chromium.org/1011113004
Cr-Commit-Position: refs/heads/master@{#27258}
We also need to fix the weakening to weaken unions with ranges in them.
BUG=
Review URL: https://codereview.chromium.org/1011103003
Cr-Commit-Position: refs/heads/master@{#27257}
We were able to remove most of our changes needed to compile
on AIX with an earlier compiler level. These changes are the
remaining ones.
The changes in heap/heap.cc are needed because otherwise the
compiler complains that result is potentially used before
it is initialized.
The changes in heap/mark-compact.cc are required because
AIX supports the full 64 bit address range so the check
being guarded is invalid.
The changes in build/toolchain.gypi and
test/cctest/cctest/gyp are aix only and are adjust the
compile/link options to allow the AIX build to succeed.
modified: build/toolchain.gypi
modified: src/heap/heap.cc
modified: src/heap/mark-compact.cc
modified: test/cctest/cctest.gyp
R=danno@chromium.org, svenpanne@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1013833002
Cr-Commit-Position: refs/heads/master@{#27255}
- Use representation information provided by the type system to skip SMI
checks.
- Fix combining of ChangeTaggedToFloat64 with JSToNumber now that JS
operators can produce control.
- Remove the unnecessary abstraction of smi/field offsets.
- Improve unit test coverage.
- Various cosmetic fixes.
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/1018873002
Cr-Commit-Position: refs/heads/master@{#27250}
this is a fourth part of https://codereview.chromium.org/1012633002
In another patch I'll collect the inlining tree in cpu-profiler CodeEntry
Each leaf for an inlined function will have a list of deopts and their pc offsets.
So when deopt happens I'll be able to map the deopt pc_offset into
inlined function id and point the web developer to the exact place
where deopt has happened even if it was in the inlined function.
BUG=chromium:452067
LOG=n
Review URL: https://codereview.chromium.org/1013753007
Cr-Commit-Position: refs/heads/master@{#27247}
In constructing the transfer between loop copies, we need to merge the backedges from all the previous copies of the given loop. The control reduction will work out which ones are really reachable.
R=mstarzinger@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1004993004
Cr-Commit-Position: refs/heads/master@{#27246}
This ensures that there is only one stub that deals with unwinding the
stack. Having more than one place containing that logic is brittle and
error prone, especially when it is a corner case only for RangeErrors.
R=titzer@chromium.org
TEST=mjsunit/regress/regress-crbug-467047
BUG=chromium:467047
LOG=N
Review URL: https://codereview.chromium.org/1012103002
Cr-Commit-Position: refs/heads/master@{#27243}
The cause was dynamic allocation of an accounting structure used to
create/initialize the type feedback vector, done at the end of the
numbering pass. The solution is to Zone-allocate the structure to
bring it's lifetime in line with the compilation unit.
BUG=
Review URL: https://codereview.chromium.org/1014793003
Cr-Commit-Position: refs/heads/master@{#27241}
The evaluation order of receiver versus arguments is not properly
defined by C++. This caused issues with Clang where the environment
changed after the receiveing environment was already loaded.
R=jarin@chromium.org
BUG=chromium:467531
LOG=N
Review URL: https://codereview.chromium.org/1011123002
Cr-Commit-Position: refs/heads/master@{#27240}
The evaluation order of receiver versus arguments is not properly
defined by C++. This caused issues with Clang where the environment
changed after the receiveing environment was already loaded.
R=jarin@chromium.org
BUG=chromium:467531
TEST=mjsunit/regress/regress-crbug-467531
LOG=N
Review URL: https://codereview.chromium.org/1015683002
Cr-Commit-Position: refs/heads/master@{#27238}
A hydrogen code stub is not the best approach because it builds a frame
and doesn't have the technology to discard roots at tail call exits.
Platform-specific stubs provide much better performance at this point.
R=verwaest@chromium.org
BUG=
Review URL: https://codereview.chromium.org/988653003
Cr-Commit-Position: refs/heads/master@{#27235}
This change introduces a liveness analyzer for local variables in frame states.
The main idea is to use the AstGraphBuilder::Environment class to build the control flow graph, and record local variable loads, stores and checkpoints in the CFG basic blocks (LivenessAnalyzerBlock class).
After the graph building finishes, we run a simple data flow analysis over the CFG to figure out liveness of each local variable at each checkpoint. Finally, we run a pass over all the checkpoints and replace dead local variables in the frame states with the 'undefined' value.
Performance numbers for Embenchen are below.
----------- box2d.js
Current --turbo-deoptimization: EmbenchenBox2d(RunTime): 11265 ms.
d8-master --turbo-deoptimization: EmbenchenBox2d(RunTime): 11768 ms.
d8-master: EmbenchenBox2d(RunTime): 10996 ms.
----------- bullet.js
Current --turbo-deoptimization: EmbenchenBullet(RunTime): 17049 ms.
d8-master --turbo-deoptimization: EmbenchenBullet(RunTime): 17384 ms.
d8-master: EmbenchenBullet(RunTime): 16153 ms.
----------- copy.js
Current --turbo-deoptimization: EmbenchenCopy(RunTime): 4877 ms.
d8-master --turbo-deoptimization: EmbenchenCopy(RunTime): 4938 ms.
d8-master: EmbenchenCopy(RunTime): 4940 ms.
----------- corrections.js
Current --turbo-deoptimization: EmbenchenCorrections(RunTime): 7068 ms.
d8-master --turbo-deoptimization: EmbenchenCorrections(RunTime): 6718 ms.
d8-master: EmbenchenCorrections(RunTime): 6858 ms.
----------- fannkuch.js
Current --turbo-deoptimization: EmbenchenFannkuch(RunTime): 4167 ms.
d8-master --turbo-deoptimization: EmbenchenFannkuch(RunTime): 4608 ms.
d8-master: EmbenchenFannkuch(RunTime): 4149 ms.
----------- fasta.js
Current --turbo-deoptimization: EmbenchenFasta(RunTime): 9981 ms.
d8-master --turbo-deoptimization: EmbenchenFasta(RunTime): 9848 ms.
d8-master: EmbenchenFasta(RunTime): 9640 ms.
----------- lua_binarytrees.js
Current --turbo-deoptimization: EmbenchenLuaBinaryTrees(RunTime): 11571 ms.
d8-master --turbo-deoptimization: EmbenchenLuaBinaryTrees(RunTime): 13089 ms.
d8-master: EmbenchenLuaBinaryTrees(RunTime): 10957 ms.
----------- memops.js
Current --turbo-deoptimization: EmbenchenMemOps(RunTime): 7766 ms.
d8-master --turbo-deoptimization: EmbenchenMemOps(RunTime): 7346 ms.
d8-master: EmbenchenMemOps(RunTime): 7738 ms.
----------- primes.js
Current --turbo-deoptimization: EmbenchenPrimes(RunTime): 7459 ms.
d8-master --turbo-deoptimization: EmbenchenPrimes(RunTime): 7453 ms.
d8-master: EmbenchenPrimes(RunTime): 7451 ms.
----------- skinning.js
Current --turbo-deoptimization: EmbenchenSkinning(RunTime): 15564 ms.
d8-master --turbo-deoptimization: EmbenchenSkinning(RunTime): 15611 ms.
d8-master: EmbenchenSkinning(RunTime): 15583 ms.
----------- zlib.js
Current --turbo-deoptimization: EmbenchenZLib(RunTime): 10825 ms.
d8-master --turbo-deoptimization: EmbenchenZLib(RunTime): 11180 ms.
d8-master: EmbenchenZLib(RunTime): 10823 ms.
BUG=
Review URL: https://codereview.chromium.org/949743002
Cr-Commit-Position: refs/heads/master@{#27232}
the third part of the patch https://codereview.chromium.org/1012633002
this patch
1) moves DeoptInfo builder code to platform independent file lithium-codegen.cc
2) adds inlining_id property to HEnterInlined so we can use it on lithium level.
BUG=chromium:452067
LOG=n
Review URL: https://codereview.chromium.org/1011733005
Cr-Commit-Position: refs/heads/master@{#27231}
Improve the code generated for construction of a 64-bit floating point
number from two 32-bit integers.
Previously, this moved FP->core, inserted, then moved core->FP for each
half. Now, we construct the double in an X register and move core->FP.
Typically, the temporary register aliases the input register, so the
sequence improves from six to two instructions.
Patch from Martyn Capewell <m.m.capewell@googlemail.com>.
BUG=
Review URL: https://codereview.chromium.org/1008003004
Cr-Commit-Position: refs/heads/master@{#27227}
this is the second part of https://codereview.chromium.org/1012633002.
almost mechanical change.
I'd like to enable positions tracking when cpu profiler is working.
But I'll switch it on for cpu-profiler in another patch.
BUG=chromium:452067
LOG=n
Review URL: https://codereview.chromium.org/995183005
Cr-Commit-Position: refs/heads/master@{#27224}
Instead of the current approach of storing flat vectors in frame states (and possibly reusing the last vector in AST graph builder), this change list builds a tree for the values and tries to reuse the nodes for different frame states. At the moment, we only use this for the local variable part of frame state, but nothing prevents us from using this for all parts.
This change provides two new classes: one for creating the tree (StateValuesCache) and one for iterating the trees (StateValuesAccess).
BUG=
Review URL: https://codereview.chromium.org/1008213002
Cr-Commit-Position: refs/heads/master@{#27222}
The per-isolate compilation cache is a lot faster still than
the serialized code cache. Promote code to compilation cache
after deserialization.
R=vogelheim@chromium.org
BUG=chromium:399580
LOG=N
Review URL: https://codereview.chromium.org/1008363002
Cr-Commit-Position: refs/heads/master@{#27220}
Fix the resulting warnings by renaming things apart.
BUG=v8:3947
LOG=n
Review URL: https://codereview.chromium.org/1009373002
Cr-Commit-Position: refs/heads/master@{#27219}
Store buffer does not contain stale pointers anymore. Hence, sweeper threads and store buffer processing does not collide.
BUG=
Review URL: https://codereview.chromium.org/1007273002
Cr-Commit-Position: refs/heads/master@{#27217}
Reason for revert:
Layout test failure in inspector/sources/debugger/debugger-pause-on-promise-rejection.html
Original issue's description:
> Remove kind field from StackHandler.
>
> This makes the Isolate::Throw logic not depend on a prediction of
> whether an exception is caught or uncaught. Such a prediction is
> inherently undecidable because a finally block can decide between
> consuming or re-throwing an exception depending on arbitray control
> flow.
>
> There still is a conservative prediction mechanism in place that
> components like the debugger or tracing can use for reporting.
>
> With this change we can get rid of the StackHandler::kind field, a
> pre-requisite to do table-based lookups of exception handlers.
>
> R=yangguo@chromium.org
>
> Committed: https://crrev.com/96f79568a926966ebcf0685bf9adc947f4e1fbff
> Cr-Commit-Position: refs/heads/master@{#27210}
TBR=yangguo@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1009903002
Cr-Commit-Position: refs/heads/master@{#27215}
The CL enables the same instructions are selected for Word32 and Word64 compare
operations which is possible due to a fact 32-bit inputs and produced values
are always sign-extended.
TEST=
BUG=
Review URL: https://codereview.chromium.org/1005123002
Cr-Commit-Position: refs/heads/master@{#27212}
This makes the Isolate::Throw logic not depend on a prediction of
whether an exception is caught or uncaught. Such a prediction is
inherently undecidable because a finally block can decide between
consuming or re-throwing an exception depending on arbitray control
flow.
There still is a conservative prediction mechanism in place that
components like the debugger or tracing can use for reporting.
With this change we can get rid of the StackHandler::kind field, a
pre-requisite to do table-based lookups of exception handlers.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1002203002
Cr-Commit-Position: refs/heads/master@{#27210}
Reason for revert:
Increased rate of Chrome crashes. Requires further investigation.
Original issue's description:
> Reland of Remove slots that point to unboxed doubles from the StoreBuffer/SlotsBuffer.
>
> The problem is that tagged slot could become a double slot after migrating of an object to another map with "shifted" fields (for example as a result of generalizing immutable data property to a data field).
> This CL also adds useful machinery that helps triggering incremental write barriers.
>
> BUG=chromium:454297, chromium:465273
> LOG=Y
>
> Committed: https://crrev.com/6d0677d845c47ab9fa297de61d0e3d8e5480a02a
> Cr-Commit-Position: refs/heads/master@{#27141}
TBR=hpayer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:454297, chromium:465273
Review URL: https://codereview.chromium.org/1004623003
Cr-Commit-Position: refs/heads/master@{#27207}
ES6 specs the function length property (it was not part of ES5) and
it makes it configurable.
BUG=v8:3045
LOG=N
R=mstarzinger@chromium.org, adamk@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/993073002
Cr-Commit-Position: refs/heads/master@{#27190}
Error.stack contains function.name if its type is string.
Otherwise if function have inferred name then .stack contains it.
For functions from eval .stack property contains "eval".
LOG=N
BUG=chromium:17356
R=yurys@chromium.org
Review URL: https://codereview.chromium.org/919653002
Cr-Commit-Position: refs/heads/master@{#27186}
Since incremental marking hasn't completed yet at this point, we can't
use the MC's root visitor.
Also, we shouldn't hurry with incremental marking while
overapproximating
BUG=v8:3862
R=hpayer@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/997423002
Cr-Commit-Position: refs/heads/master@{#27184}
Platform ports that use this RelocInfo kind need to implement
set_target_internal_reference accordingly to distinguish between
INTERNAL_REFERENCE and INTERNAL_REFERENCE_ENCODED.
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/1000373003
Cr-Commit-Position: refs/heads/master@{#27177}
We previously had two nested SCRIPT_SCOPEs (used to be GLOBAL_SCOPES), but as
the lexical variable implementation changed, the inner one is no longer needed.
BUG=
Review URL: https://codereview.chromium.org/1002193002
Cr-Commit-Position: refs/heads/master@{#27176}
Reduces the amount of custom support code for Math functions in TurboFan
and allows for more general inlining (i.e. independent of parameter
types).
BUG=v8:3952
LOG=n
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1004083002
Cr-Commit-Position: refs/heads/master@{#27172}
Port 99f8d57f3c
Original commit message:
Basically recognize certain x < y ? x : y constructs and turn that into
Float64Min/Float64Max operations, if the target machine supports that.
On x86 we lower to (v)minsd/(v)maxsd.
BUG=
Review URL: https://codereview.chromium.org/1006513002
Cr-Commit-Position: refs/heads/master@{#27168}
e8b9f2d7 introduced a different cast which broke building on Illumos.
Revert to previous behavior for V8_OS_SOLARIS only.
Found on SmartOS while building with gcc 4.9.0.
edit1: adding jochen to reviewers since he was assigned through the issue tracker and danno since he seems to do a fair amount of cross-platform work
edit2: removing BUG reference because I don't understand what LOG needs to contain (and it seems to link to chromium and not the v8 repo). Please edit commit message as appropriate.
BUG=3935
LOG=n
Review URL: https://codereview.chromium.org/990063002
Cr-Commit-Position: refs/heads/master@{#27163}
Basically recognize certain x < y ? x : y constructs and turn that into
Float64Min/Float64Max operations, if the target machine supports that.
On x86 we lower to (v)minsd/(v)maxsd.
R=dcarney@chromium.org
Review URL: https://codereview.chromium.org/998283002
Cr-Commit-Position: refs/heads/master@{#27160}
Port d4696c4841
Original commit message:
This moves the decision whether to report a message or not to when
the pending exception is propagated instead of trying to preserve the
decision in a ThreadLocalTop field.
BUG=
Review URL: https://codereview.chromium.org/1004623002
Cr-Commit-Position: refs/heads/master@{#27158}
This introduces a choke point in the AstGraphBuilder for property
access creation. This makes it easier to enrich all such nodes with
additional side-table or debugging information.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1002713002
Cr-Commit-Position: refs/heads/master@{#27157}
It should be possible to cast a Value to Int32 without throwing an exception
when IsInt32() is true. Same for Uint32.
BUG=chromium:462402
LOG=Y
Review URL: https://codereview.chromium.org/1003663002
Cr-Commit-Position: refs/heads/master@{#27156}
This moves the decision whether to report a message or not to when
the pending exception is propagated instead of trying to preserve the
decision in a ThreadLocalTop field.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/998943003
Cr-Commit-Position: refs/heads/master@{#27150}
We can reduce the number of type feedback vector slots required, and
also reduce IC misses.
Review URL: https://codereview.chromium.org/1001533002
Cr-Commit-Position: refs/heads/master@{#27149}
A diamond is unused if the Merge node has no Phi/EffectPhi uses, exactly
two inputs, one IfTrue and one IfFalse, which have the same Branch
control input and no other uses except for the Merge. In this case the
diamond can safely be removed.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1000883003
Cr-Commit-Position: refs/heads/master@{#27148}
Since recursive modules are gone, only the top-level scope can have
module inner scopes. Rename Scope::AllocateModulesRecursively to
Scope::AllocateModules, and add test showing the module Variables
are still allocated appropriately in the top level scope.
BUG=v8:1569,v8:3940
LOG=n
Review URL: https://codereview.chromium.org/999893003
Cr-Commit-Position: refs/heads/master@{#27143}
The problem is that tagged slot could become a double slot after migrating of an object to another map with "shifted" fields (for example as a result of generalizing immutable data property to a data field).
This CL also adds useful machinery that helps triggering incremental write barriers.
BUG=chromium:454297, chromium:465273
LOG=Y
Review URL: https://codereview.chromium.org/988363002
Cr-Commit-Position: refs/heads/master@{#27141}
Port f71e262683
Original commit message:
This removes the separate tracking of the pending message script,
because that script is already stored in the message object and
duplicating it in the ThreadLocalTop makes it more brittle.
BUG=
Review URL: https://codereview.chromium.org/999763003
Cr-Commit-Position: refs/heads/master@{#27140}
Outside of runtime.h, only the distinction between intrinsics
returning pairs and those returning pairs is really meaningful, not
the internal traditional partitioning of them.
BUG=v8:3947
LOG=n
Review URL: https://codereview.chromium.org/997933003
Cr-Commit-Position: refs/heads/master@{#27137}
Combined the various lists, the only slightly ugly thing is now the
distinction between intrinsics returning pairs and the rest, but
that's no big deal.
BUG=v8:3947
LOG=n
Review URL: https://codereview.chromium.org/989273003
Cr-Commit-Position: refs/heads/master@{#27135}
I did some investigation and found that in the most cases
the old schema with the separate List for functions and inlines
gives us no memory benefits because more frequently we inlines
different functions into parent function. So the plain schema
wins a tens or even hundreds bytes a few thousand times.
The only drawback is that we will print the inlined body
the each time when we inline it. But is not a problem
because it happens only under FLAG_hydrogen_track_positions.
Also I added script_id to the structure, so it could be used later
by cpu-profiler.
BUG=chromium:452067
LOG=n
Review URL: https://codereview.chromium.org/996153003
Cr-Commit-Position: refs/heads/master@{#27134}
The external v8::TryCatch handler was computed eagerly and kept in
intact. This changes it to be computed lazily for simplicity and
readability of the code.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/997863003
Cr-Commit-Position: refs/heads/master@{#27132}
This recovers the performance loss for some ancient benchmarks.
Added some comments/UNIMPLEMENTED on the way.
BUG=v8:3947
LOG=n
Review URL: https://codereview.chromium.org/996153002
Cr-Commit-Position: refs/heads/master@{#27131}
This removes the separate tracking of the pending message script,
because that script is already stored in the message object and
duplicating it in the ThreadLocalTop makes it more brittle.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/995013005
Cr-Commit-Position: refs/heads/master@{#27127}
Contribution of PowerPC port (continuation of 422063005,
817143002,866843003, and 901083004). This patch updates
the ppc directories to make them current with changes in
common code as of today.
We had to exclude the test test-serialize/SerializeInternalReference
until we agree on the right way to add those changes for PPC as
outlined in the description in the google doc provided earlier.
We also had to exclude a couple of other tests due to new
failures seen since the last uplevel. We excluded as opposed
to waiting until we could investigate to maximize the chance
of getting PPC compiling in the google repos before new
breaking changes are made.
I'll note that before applying any of our changes the
mozilla part of quickcheck was already broken when using
the lastest repo content so I had to run without that
modified: src/compiler/ppc/code-generator-ppc.cc
modified: src/compiler/ppc/instruction-codes-ppc.h
modified: src/compiler/ppc/instruction-selector-ppc.cc
modified: src/ic/ppc/handler-compiler-ppc.cc
modified: src/ic/ppc/ic-compiler-ppc.cc
modified: src/ppc/assembler-ppc-inl.h
modified: src/ppc/assembler-ppc.cc
modified: src/ppc/assembler-ppc.h
modified: src/ppc/builtins-ppc.cc
modified: src/ppc/code-stubs-ppc.cc
modified: src/ppc/codegen-ppc.cc
modified: src/ppc/full-codegen-ppc.cc
modified: src/ppc/lithium-codegen-ppc.cc
modified: src/ppc/macro-assembler-ppc.cc
modified: src/ppc/macro-assembler-ppc.h
modified: test/cctest/cctest.status
R=danno@chromium.org, svenpanne@chromium.org
BUG=
Review URL: https://codereview.chromium.org/994533004
Cr-Commit-Position: refs/heads/master@{#27125}
We should be able to cast a Value to Boolean when IsBoolean() is true.
Review URL: https://codereview.chromium.org/990943003
Cr-Commit-Position: refs/heads/master@{#27124}
Port 36e69a916f
Original commit message:
This reduces the size of the StackHandler by yet another word. We no
longer need to keep track of the frame pointer, as the stack walk will
be able to recalculate it.
BUG=
Review URL: https://codereview.chromium.org/997663002
Cr-Commit-Position: refs/heads/master@{#27123}
Port e0aa8ebf93
Original commit message:
This reduces the size of the StackHandler by one word. We no longer
need to keep track of the code object, as the stack walk finds it.
BUG=
Review URL: https://codereview.chromium.org/990903008
Cr-Commit-Position: refs/heads/master@{#27120}
Port 8d946b9c3f
Original commit message:
The prototype of a class constructor function is read only. When we set
computed property names we were ignoring this and we were overriding the
property.
Since the prototype is the only possible own read only property on the
constructor function object we special case this so we do not have to
check this for every property in the class literal.
BUG=v8:3945
LOG=N
Review URL: https://codereview.chromium.org/993963003
Cr-Commit-Position: refs/heads/master@{#27119}
Port 022ea7e057
Original commit message:
Provide an intrinsic %MathFloor / %_MathFloor that is used to optimize
both Math.ceil and Math.floor, and use the JS inlining mechanism to
inline Math.ceil into TurboFan code. Although we need to touch code
outside of TurboFan to make this work, this does not affect the way we
handle Math.ceil and/or Math.floor in CrankShaft, because for CrankShaft
the old-style builtin function id based inlining still kicks in first.
Once this solution is stabilized, we can use it for Math.floor as well.
And once that is settled, we can establish it as the unified way to
inline builtins, and get rid of the specialized builtin function id
based inlining at some point.
Note that "builtin" applies to basically every piece of internal
JavaScript/intrinsics based code, so this also applies to the yet to be
defined JavaScript based code stubs and handlers.
BUG=v8:3953
LOG=n
Review URL: https://codereview.chromium.org/998503002
Cr-Commit-Position: refs/heads/master@{#27117}
This reduces the size of the StackHandler by yet another word. We no
longer need to keep track of the frame pointer, as the stack walk will
be able to recalculate it.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/991893003
Cr-Commit-Position: refs/heads/master@{#27115}
None of these fields is used in Blink. Embedder always can implement them using existing API.
BUG=chromium:465651
LOG=Y
Review URL: https://codereview.chromium.org/983833006
Cr-Commit-Position: refs/heads/master@{#27113}
Doing a runtime call should always be better than totally giving up
(unless we have fullcode-only intrinsics, which we'll probably never
have).
BUG=v8:3947
LOG=n
Review URL: https://codereview.chromium.org/997543002
Cr-Commit-Position: refs/heads/master@{#27110}
This makes sure that the pending message location is only tracked by
the message object, as only this is saved for finally-blocks. The
location information is duplicated and becomes stale.
R=titzer@chromium.org
TEST=maeh, not so much.
Review URL: https://codereview.chromium.org/987353002
Cr-Commit-Position: refs/heads/master@{#27109}
There are no stale store buffer pointers anymore. The sweeper thread can not be in conflict with store buffer processing.
BUG=
Review URL: https://codereview.chromium.org/993983002
Cr-Commit-Position: refs/heads/master@{#27107}
The prototype of a class constructor function is read only. When we set
computed property names we were ignoring this and we were overriding the
property.
Since the prototype is the only possible own read only property on the
constructor function object we special case this so we do not have to
check this for every property in the class literal.
BUG=v8:3945
LOG=N
R=mstarzinger@chromium.org, dslomov@chromium.org
Review URL: https://codereview.chromium.org/985643003
Cr-Commit-Position: refs/heads/master@{#27106}
We can do that now since we have the invariant that the store buffer always has valid slots after marking.
BUG=
Review URL: https://codereview.chromium.org/991853002
Cr-Commit-Position: refs/heads/master@{#27105}
This reduces the size of the StackHandler by one word. We no longer
need to keep track of the code object, as the stack walk finds it.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/985803002
Cr-Commit-Position: refs/heads/master@{#27103}
We can remove a few of them now (those which unconditionally bailout),
but this will be done in a separate CL to see any impact separately.
BUG=v8:3947
LOG=n
Review URL: https://codereview.chromium.org/993963002
Cr-Commit-Position: refs/heads/master@{#27102}
Note that this patch is not really a *solution*, it is just enough to
make the undefined behavior unobservable. The real fix would be being
much more correct about sizes and signedness in our code base...
BUG=chromium:464657
LOG=n
R=dcarney@chromium.org
Review URL: https://codereview.chromium.org/995743002
Cr-Commit-Position: refs/heads/master@{#27100}
The bits in CompilerHints are accessed via FunctionKindBits, and on the other
hand, with accessors defined by BOOL_ACCESSORS(SharedFunctionInfo,
compiler_hints, is_accessor_function, kIsAccessorFunction) etc.
So the bit order in FunctionKind must match CompilerHints.
This is not causing problems (yet) because there's no accessor for these two
bits, but if somebody adds one, things will go wrong.
R=dslomov@chromium.org
BUG=
Review URL: https://codereview.chromium.org/988413002
Cr-Commit-Position: refs/heads/master@{#27096}
We use slightly different schema for JumpTable on arm64 than for x64.
We do a branch (B) to the JumpTable from the code,
then a branch (B) to the end of jump table code
and then branch to the deoptimizer code with putting
the return address into lr register (Call which is actually Blr).
As a result the 'from' address in Deoptimizer always points to
the end of JumpTable code and we can get nothing from this information.
0) I moved save_doubles and needs_frame code out of for_loop.
1) I replaced B commands with Bl so we put different return addresses
to lr register for the different jump table entries and replaced
the final Call with Br which do not touch lr register.
Also I removed the last_entry check so we will always do the Bl
even for the last entry because we need the right address in lr.
I don't think that this will affect the performance because it
just one more branch for entire deopt mechanics.
BUG=chromium:452067
LOG=n
Review URL: https://codereview.chromium.org/984893003
Cr-Commit-Position: refs/heads/master@{#27094}
Provide an intrinsic %MathFloor / %_MathFloor that is used to optimize
both Math.ceil and Math.floor, and use the JS inlining mechanism to
inline Math.ceil into TurboFan code. Although we need to touch code
outside of TurboFan to make this work, this does not affect the way we
handle Math.ceil and/or Math.floor in CrankShaft, because for CrankShaft
the old-style builtin function id based inlining still kicks in first.
Once this solution is stabilized, we can use it for Math.floor as well.
And once that is settled, we can establish it as the unified way to
inline builtins, and get rid of the specialized builtin function id
based inlining at some point.
Note that "builtin" applies to basically every piece of internal
JavaScript/intrinsics based code, so this also applies to the yet to be
defined JavaScript based code stubs and handlers.
BUG=v8:3953
LOG=n
R=yangguo@chromium.org,svenpanne@chromium.org
Review URL: https://codereview.chromium.org/990963003
Cr-Commit-Position: refs/heads/master@{#27086}
Context specialization enables inlining (at least currently it is the
only enabler for inlining), but inlining enables more possibilities for
context specialization. So we really need to run them together.
This is especially important with the "module based builtins" that we're
working towards.
BUG=v8:3952
LOG=n
Review URL: https://codereview.chromium.org/988423004
Cr-Commit-Position: refs/heads/master@{#27085}
since the old style weakness is slated for removal, we might as well reuse the name to limit confusion. additionally I simplified the callback type to a enum to either get internal field values or not
this should be a non-breaking change with the exception of PhantomPersistentValueMap, which is unused.
R=jochen@chromium.org, erikcorry@chromium.org
BUG=
Review URL: https://codereview.chromium.org/989153003
Cr-Commit-Position: refs/heads/master@{#27084}
Rationale: separate the inputs and outputs of parsing + analysis from the business of compiling (i.e. generating machine code).
BUG=
Review URL: https://codereview.chromium.org/974213002
Cr-Commit-Position: refs/heads/master@{#27078}
The original code always returned the first entry from RelocInfo that matched with
bailout_id. But we may have a few different deopt reasons for one bailout_id.
So we need to get the one which matches with a particular call from JumpTable.
We can do this by checking not 'target_address' (it maps to bailout_id)
but 'from' address which maps to a particular JumpTable entry.
The test was reworked so it tests identical functions against different reasons.
BUG=chromium:452067
LOG=n
Review URL: https://codereview.chromium.org/984773003
Cr-Commit-Position: refs/heads/master@{#27076}
After establishing the invariant that the store buffer always has valid slots after marking, the store buffer integrity check is not needed anymore.
BUG=454157
LOG=n
Review URL: https://codereview.chromium.org/990173002
Cr-Commit-Position: refs/heads/master@{#27073}
This makes sure only the %_DeoptimizeNow intrinsic is inlined, and
not the %DeoptimizeNow one. It hence re-establishes the invariant
that JSIntrinsicLowering only deals with inline intrinsics.
R=jarin@chromium.org
TEST=mjsunit/compiler/eager-deopt-simple
Review URL: https://codereview.chromium.org/988333003
Cr-Commit-Position: refs/heads/master@{#27070}
The JSInliner used to load the context from the JSFunction node at
runtime, which introduced a HeapConstant (because we had to materialize
the JSFunction after context specialization) and a LoadField operation,
independent whether the inlinee actually uses the context. This is
rather cumbersome currently, and therefore this is now changed to just
embed the context constant instead. Once we do inlining based on
SharedFunctionInfo rather than JSFunction, we should reconsider this
decision and come up with a proper heuristic.
BUG=v8:3952
LOG=n
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/994523002
Cr-Commit-Position: refs/heads/master@{#27069}
The store buffer can contain stale store buffer entries, i.e., slot in dead objects pointing to new space objects. These slots are treaded as live slots which cause problems with non-pointer fields and makes concurrent sweeping complicated. Removing these pointers from the store buffer before it is used makes life easier.
BUG=
Review URL: https://codereview.chromium.org/985453003
Cr-Commit-Position: refs/heads/master@{#27068}
Reason for revert:
This doesn't do what it's supposed to do. The problem seems to lie on the blink side, people aren't reusing their FunctionTemplates (or creating them when not necessary).
Original issue's description:
> Don't overwrite existing serial numbers on the function template, otherwise instantiating the function for a new context causes the serial number to bump.
>
> Committed: https://crrev.com/1e638c3610ec6938e5fb16c42018642195782fb2
> Cr-Commit-Position: refs/heads/master@{#27048}
TBR=yangguo@chromium.org,dcarney@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/993533003
Cr-Commit-Position: refs/heads/master@{#27067}
Reason for revert:
It caused a lot of Canary crashes.
Original issue's description:
> Remove slots that point to unboxed doubles from the StoreBuffer/SlotsBuffer.
>
> The problem is that tagged slot could become a double slot after migrating of an object to another map with "shifted" fields (for example as a result of generalizing immutable data property to a data field).
> This CL also adds useful machinery that helps triggering incremental write barriers.
>
> BUG=chromium:454297
> LOG=Y
>
> Committed: https://crrev.com/9633ebabd405c264d33f603f8798c31f59418dcd
> Cr-Commit-Position: refs/heads/master@{#27054}
TBR=verwaest@chromium.org,hpayer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:454297
Review URL: https://codereview.chromium.org/991793002
Cr-Commit-Position: refs/heads/master@{#27063}
We mark certain builtins for inlining, and those should always be
inlined into optimized code (CrankShaft already handles it this way), so
we should support that in TurboFan as well. Currently this mainly
affects a certain set of Math functions, but once have the basics in
place we can extend this to any kind of builtin/code stub/accessor.
This adds a new flag --turbo_builtin_inlining (enabled by default), that
forces the inliner to always inline builtins marked for inlining, but
does not affect inlining of other functions (this is still controlled by
the --turbo-inlining flag).
BUG=v8:3952
LOG=n
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/993473002
Cr-Commit-Position: refs/heads/master@{#27059}