We were using ToObject in a lot of places where the common case is that
we already have an object. By changing to TO_OBJECT_INLINE we don't
have to go through 5 different if statements before falling through.
We were also calling ToObject too many times in DefineObjectProperty
where we already know that obj is an object.
BUG=None
LOG=N
Review URL: https://codereview.chromium.org/1019413002
Cr-Commit-Position: refs/heads/master@{#27355}
The final spec for Object.getPrototypeOf calls ToObject on the
parameter, which means that it should only throw for null and
undefined. For other non object values the prototype of the wrapper
should be used.
BUG=v8:3964
LOG=N
R=adamk, rossberg@chromium.org
Review URL: https://codereview.chromium.org/1014813003
Cr-Commit-Position: refs/heads/master@{#27354}
port e0aa8ebf93 (r27103).
original commit message:
This reduces the size of the StackHandler by one word. We no longer
need to keep track of the code object, as the stack walk finds it.
BUG=
R=weiliang.lin@intel.com
Review URL: https://codereview.chromium.org/1022403002
Cr-Commit-Position: refs/heads/master@{#27353}
port 1382879f29 (r27016).
oringinal commit message:
[turbofan] Implement throwing exceptions into TurboFan code.
This extends the stack unwinding logic to respect optimized frames
and perform a lookup in the handler table to find handlers. It also
contains fixes to the API call stubs to allow a stack walk while
promoting scheduled exceptions.
BUG=
Review URL: https://codereview.chromium.org/1023943002
Cr-Commit-Position: refs/heads/master@{#27342}
port 2ecdf736cf (r27014).
original commit message:
Fix exception for assignment to uninitialised const.
BUG=
Review URL: https://codereview.chromium.org/1028533002
Cr-Commit-Position: refs/heads/master@{#27332}
To ensure termination, we need to be sure that once we start weakening
a node, we keep weakening that node in subsequent re-typings. Until now,
we were guessing that we previously weakened from the type. This
change introduces a set of nodes that have already be weakened, so
that we have a reliable way to detect previous weakening.
BUG=chromium:468799
LOG=n
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1019883002
Cr-Commit-Position: refs/heads/master@{#27331}
Port d21fd15467
Known issue: the mjsunit/harmony/reflect-construct test fails, it will be addressed in a follow-up CL.
BUG=
Review URL: https://codereview.chromium.org/1021863002
Cr-Commit-Position: refs/heads/master@{#27326}
The problem manifests itself when parsing manages to return something
meaningful in the presence of a stack overflow. This happens because
calling ParserBase::Next() will still return one valid token on stack
overflow, before starting to return invalid tokens.
Take the following input as example:
a.map(v => v + 1);
| |
already next token
parsed (which will be an invalid token
(identifier) because of a stack overflow)
The "v" may have been already parsed into a VariableProxy, then if a
stack overflow occurs, next token will be an invalid token (instead
of Token::ARROW), but the parser will return the VariableProxy.
This always happens when lazy-parsing arrow functions, so the position
in the input stream where the the arrow function code ends is known.
This fix adds a check that ensures that parsing ended at the end
position of the arrow function.
BUG=465671
LOG=N
Review URL: https://codereview.chromium.org/1023483003
Cr-Commit-Position: refs/heads/master@{#27325}
With this change, we remember the types of frame state inputs (in a new
operator, called TypedStateValues). Instead of inferring the value types
when building translations, we used the recorded types.
The original approach was not reliable because the passes after
simplified lowering can change node types, and this in turn confuses
the translation builder.
BUG=chromium:468727
LOG=n
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1015423002
Cr-Commit-Position: refs/heads/master@{#27310}
The CallInterfaceDescriptor already provides information about the
expected representation of parameters, so we can use that instead of
hardcoding tagged representation for all parameters.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1019293002
Cr-Commit-Position: refs/heads/master@{#27308}
Reason for revert:
Failing Blink tests on Win and Mac:
- plugins/netscape-plugin-property-access-exception.html
- http/tests/plugins/cross-frame-object-access.html
Original issue's description:
> Cleanup and unify Isolate::ReportPendingMessages.
>
> Note that this is a pure cleanup CL and shouldn't have an observable
> impact on the functional behavior of message reporting.
>
> R=yangguo@chromium.orgTBR=yangguo@chromium.org,machenbach@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1016323002
Cr-Commit-Position: refs/heads/master@{#27306}
Add support for appending extend modes uxtb or uxth to add and subtract
instructions, and using them in the instruction selector.
BUG=
Review URL: https://codereview.chromium.org/1021533002
Cr-Commit-Position: refs/heads/master@{#27303}
Use a delegating constructor for CompilationInfo, reducing duplicated
code. Simplified handling of InlinedFunctionInfos on the way: When we
start compiling, we have bigger things to worry about than a default
vector.
Reduced the usage of a SharedFunctionInfo for compiling, this is a
slighty strange concept.
Review URL: https://codereview.chromium.org/1018853004
Cr-Commit-Position: refs/heads/master@{#27299}
The weaken limits are constants, there's no point in having a separate
copy of those constants per typer that is initialized per Typer
instance.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1008923004
Cr-Commit-Position: refs/heads/master@{#27297}
This reduces the overhead of typed lowering, because we lower
JSToBoolean/JSUnaryNot directly if possible, instead of first lowering
to AnyToBoolean, and then letting the SimplifiedOperatorReducer do the
further lowering.
Also remove some obsolete tests from the cctest suite that have since
been removed by proper unittests. And improve unitttest coverage for the
typed lowering cases.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/999173003
Cr-Commit-Position: refs/heads/master@{#27295}
When the debugger is active, a host of connected functions get an associated
DebugInfo structure, and their code is copied. The debugger uses the original
code to occasionally patch ICs with their initial value. Although IC learning
can occur, it's thrown away often, depending on the constellation of
breakpoints active or deactivating. Finally, feedback is discarded when the
debugger is turned off.
The type feedback vector needs to be brought into line with this behavior, so
now the debugger clears it's IC slots at appropriate bottlenecks in debug.cc.
R=yangguo@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1014373002
Cr-Commit-Position: refs/heads/master@{#27289}
The control input is only relevant for operations that may "write" (to
prevent hoisting) or "throw" (because they are part of the control chain).
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1015353004
Cr-Commit-Position: refs/heads/master@{#27288}
The change introduces a second frame state (for the state before
the operation) for the StoreProperty nodes. If the store writes
into a typed array, the frame state is used for lazy deopt from
the to-number conversion that is performed by the store.
BUG=v8:3963
LOG=n
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/997983004
Cr-Commit-Position: refs/heads/master@{#27285}
Port 16c8485a35
Original commit message:
Replaces StoreGlobalCell / LoadGlobalCell with NamedField variants that use write barriers.
BUG=
Review URL: https://codereview.chromium.org/1014293002
Cr-Commit-Position: refs/heads/master@{#27277}
Port 15f8213809
Original commit message:
This relands commit 96f79568a9.
This makes the Isolate::Throw logic not depend on a prediction of
whether an exception is caught or uncaught. Such a prediction is
inherently undecidable because a finally block can decide between
consuming or re-throwing an exception depending on arbitray control
flow.
There still is a conservative prediction mechanism in place that
components like the debugger or tracing can use for reporting.
With this change we can get rid of the StackHandler::kind field, a
pre-requisite to do table-based lookups of exception handlers.
BUG=
Review URL: https://codereview.chromium.org/1015993002
Cr-Commit-Position: refs/heads/master@{#27273}
I found some strange split in deopt entry points generator.
The code for table entry generator had two classes.
It is safe to join these classes together and drop virtual.
BUG=
LOG=n
Review URL: https://codereview.chromium.org/1010413003
Cr-Commit-Position: refs/heads/master@{#27264}
This relands commit 96f79568a9.
This makes the Isolate::Throw logic not depend on a prediction of
whether an exception is caught or uncaught. Such a prediction is
inherently undecidable because a finally block can decide between
consuming or re-throwing an exception depending on arbitray control
flow.
There still is a conservative prediction mechanism in place that
components like the debugger or tracing can use for reporting.
With this change we can get rid of the StackHandler::kind field, a
pre-requisite to do table-based lookups of exception handlers.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/997213003
Cr-Commit-Position: refs/heads/master@{#27263}
Some native counters (e.g. KeyedLoadGenericSlow) are referenced from stubs that are generated very early in the Isolate lifecycle before v8::Isolate::New returns. Thus counter lookup callback also needs to be installed early prior to v8::internal::Isolate::Init call. Otherwise assembler will just assume that the counter is not enabled and produce no code from IncrementCounter - because address of the counter is not yet available.
Histogram related callbacks are moved for consistency to make them able to collect samples which occur at isolate initialization time.
BUG=
Review URL: https://codereview.chromium.org/1010233002
Cr-Commit-Position: refs/heads/master@{#27262}
This is the fifth part of https://codereview.chromium.org/1012633002
In this part we collect the offsets of deopt calls and save it into
an inlined function info.
On the Next:
Later when deopt happens we will get the offset of deopt call and
search it among inlined infos.
BUG=chromium:452067
LOG=n
Review URL: https://codereview.chromium.org/1011113004
Cr-Commit-Position: refs/heads/master@{#27258}
We also need to fix the weakening to weaken unions with ranges in them.
BUG=
Review URL: https://codereview.chromium.org/1011103003
Cr-Commit-Position: refs/heads/master@{#27257}
We were able to remove most of our changes needed to compile
on AIX with an earlier compiler level. These changes are the
remaining ones.
The changes in heap/heap.cc are needed because otherwise the
compiler complains that result is potentially used before
it is initialized.
The changes in heap/mark-compact.cc are required because
AIX supports the full 64 bit address range so the check
being guarded is invalid.
The changes in build/toolchain.gypi and
test/cctest/cctest/gyp are aix only and are adjust the
compile/link options to allow the AIX build to succeed.
modified: build/toolchain.gypi
modified: src/heap/heap.cc
modified: src/heap/mark-compact.cc
modified: test/cctest/cctest.gyp
R=danno@chromium.org, svenpanne@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1013833002
Cr-Commit-Position: refs/heads/master@{#27255}
- Use representation information provided by the type system to skip SMI
checks.
- Fix combining of ChangeTaggedToFloat64 with JSToNumber now that JS
operators can produce control.
- Remove the unnecessary abstraction of smi/field offsets.
- Improve unit test coverage.
- Various cosmetic fixes.
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/1018873002
Cr-Commit-Position: refs/heads/master@{#27250}
this is a fourth part of https://codereview.chromium.org/1012633002
In another patch I'll collect the inlining tree in cpu-profiler CodeEntry
Each leaf for an inlined function will have a list of deopts and their pc offsets.
So when deopt happens I'll be able to map the deopt pc_offset into
inlined function id and point the web developer to the exact place
where deopt has happened even if it was in the inlined function.
BUG=chromium:452067
LOG=n
Review URL: https://codereview.chromium.org/1013753007
Cr-Commit-Position: refs/heads/master@{#27247}
In constructing the transfer between loop copies, we need to merge the backedges from all the previous copies of the given loop. The control reduction will work out which ones are really reachable.
R=mstarzinger@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1004993004
Cr-Commit-Position: refs/heads/master@{#27246}
This ensures that there is only one stub that deals with unwinding the
stack. Having more than one place containing that logic is brittle and
error prone, especially when it is a corner case only for RangeErrors.
R=titzer@chromium.org
TEST=mjsunit/regress/regress-crbug-467047
BUG=chromium:467047
LOG=N
Review URL: https://codereview.chromium.org/1012103002
Cr-Commit-Position: refs/heads/master@{#27243}
The cause was dynamic allocation of an accounting structure used to
create/initialize the type feedback vector, done at the end of the
numbering pass. The solution is to Zone-allocate the structure to
bring it's lifetime in line with the compilation unit.
BUG=
Review URL: https://codereview.chromium.org/1014793003
Cr-Commit-Position: refs/heads/master@{#27241}
The evaluation order of receiver versus arguments is not properly
defined by C++. This caused issues with Clang where the environment
changed after the receiveing environment was already loaded.
R=jarin@chromium.org
BUG=chromium:467531
LOG=N
Review URL: https://codereview.chromium.org/1011123002
Cr-Commit-Position: refs/heads/master@{#27240}
The evaluation order of receiver versus arguments is not properly
defined by C++. This caused issues with Clang where the environment
changed after the receiveing environment was already loaded.
R=jarin@chromium.org
BUG=chromium:467531
TEST=mjsunit/regress/regress-crbug-467531
LOG=N
Review URL: https://codereview.chromium.org/1015683002
Cr-Commit-Position: refs/heads/master@{#27238}
A hydrogen code stub is not the best approach because it builds a frame
and doesn't have the technology to discard roots at tail call exits.
Platform-specific stubs provide much better performance at this point.
R=verwaest@chromium.org
BUG=
Review URL: https://codereview.chromium.org/988653003
Cr-Commit-Position: refs/heads/master@{#27235}
This change introduces a liveness analyzer for local variables in frame states.
The main idea is to use the AstGraphBuilder::Environment class to build the control flow graph, and record local variable loads, stores and checkpoints in the CFG basic blocks (LivenessAnalyzerBlock class).
After the graph building finishes, we run a simple data flow analysis over the CFG to figure out liveness of each local variable at each checkpoint. Finally, we run a pass over all the checkpoints and replace dead local variables in the frame states with the 'undefined' value.
Performance numbers for Embenchen are below.
----------- box2d.js
Current --turbo-deoptimization: EmbenchenBox2d(RunTime): 11265 ms.
d8-master --turbo-deoptimization: EmbenchenBox2d(RunTime): 11768 ms.
d8-master: EmbenchenBox2d(RunTime): 10996 ms.
----------- bullet.js
Current --turbo-deoptimization: EmbenchenBullet(RunTime): 17049 ms.
d8-master --turbo-deoptimization: EmbenchenBullet(RunTime): 17384 ms.
d8-master: EmbenchenBullet(RunTime): 16153 ms.
----------- copy.js
Current --turbo-deoptimization: EmbenchenCopy(RunTime): 4877 ms.
d8-master --turbo-deoptimization: EmbenchenCopy(RunTime): 4938 ms.
d8-master: EmbenchenCopy(RunTime): 4940 ms.
----------- corrections.js
Current --turbo-deoptimization: EmbenchenCorrections(RunTime): 7068 ms.
d8-master --turbo-deoptimization: EmbenchenCorrections(RunTime): 6718 ms.
d8-master: EmbenchenCorrections(RunTime): 6858 ms.
----------- fannkuch.js
Current --turbo-deoptimization: EmbenchenFannkuch(RunTime): 4167 ms.
d8-master --turbo-deoptimization: EmbenchenFannkuch(RunTime): 4608 ms.
d8-master: EmbenchenFannkuch(RunTime): 4149 ms.
----------- fasta.js
Current --turbo-deoptimization: EmbenchenFasta(RunTime): 9981 ms.
d8-master --turbo-deoptimization: EmbenchenFasta(RunTime): 9848 ms.
d8-master: EmbenchenFasta(RunTime): 9640 ms.
----------- lua_binarytrees.js
Current --turbo-deoptimization: EmbenchenLuaBinaryTrees(RunTime): 11571 ms.
d8-master --turbo-deoptimization: EmbenchenLuaBinaryTrees(RunTime): 13089 ms.
d8-master: EmbenchenLuaBinaryTrees(RunTime): 10957 ms.
----------- memops.js
Current --turbo-deoptimization: EmbenchenMemOps(RunTime): 7766 ms.
d8-master --turbo-deoptimization: EmbenchenMemOps(RunTime): 7346 ms.
d8-master: EmbenchenMemOps(RunTime): 7738 ms.
----------- primes.js
Current --turbo-deoptimization: EmbenchenPrimes(RunTime): 7459 ms.
d8-master --turbo-deoptimization: EmbenchenPrimes(RunTime): 7453 ms.
d8-master: EmbenchenPrimes(RunTime): 7451 ms.
----------- skinning.js
Current --turbo-deoptimization: EmbenchenSkinning(RunTime): 15564 ms.
d8-master --turbo-deoptimization: EmbenchenSkinning(RunTime): 15611 ms.
d8-master: EmbenchenSkinning(RunTime): 15583 ms.
----------- zlib.js
Current --turbo-deoptimization: EmbenchenZLib(RunTime): 10825 ms.
d8-master --turbo-deoptimization: EmbenchenZLib(RunTime): 11180 ms.
d8-master: EmbenchenZLib(RunTime): 10823 ms.
BUG=
Review URL: https://codereview.chromium.org/949743002
Cr-Commit-Position: refs/heads/master@{#27232}
the third part of the patch https://codereview.chromium.org/1012633002
this patch
1) moves DeoptInfo builder code to platform independent file lithium-codegen.cc
2) adds inlining_id property to HEnterInlined so we can use it on lithium level.
BUG=chromium:452067
LOG=n
Review URL: https://codereview.chromium.org/1011733005
Cr-Commit-Position: refs/heads/master@{#27231}
Improve the code generated for construction of a 64-bit floating point
number from two 32-bit integers.
Previously, this moved FP->core, inserted, then moved core->FP for each
half. Now, we construct the double in an X register and move core->FP.
Typically, the temporary register aliases the input register, so the
sequence improves from six to two instructions.
Patch from Martyn Capewell <m.m.capewell@googlemail.com>.
BUG=
Review URL: https://codereview.chromium.org/1008003004
Cr-Commit-Position: refs/heads/master@{#27227}
this is the second part of https://codereview.chromium.org/1012633002.
almost mechanical change.
I'd like to enable positions tracking when cpu profiler is working.
But I'll switch it on for cpu-profiler in another patch.
BUG=chromium:452067
LOG=n
Review URL: https://codereview.chromium.org/995183005
Cr-Commit-Position: refs/heads/master@{#27224}
Instead of the current approach of storing flat vectors in frame states (and possibly reusing the last vector in AST graph builder), this change list builds a tree for the values and tries to reuse the nodes for different frame states. At the moment, we only use this for the local variable part of frame state, but nothing prevents us from using this for all parts.
This change provides two new classes: one for creating the tree (StateValuesCache) and one for iterating the trees (StateValuesAccess).
BUG=
Review URL: https://codereview.chromium.org/1008213002
Cr-Commit-Position: refs/heads/master@{#27222}
The per-isolate compilation cache is a lot faster still than
the serialized code cache. Promote code to compilation cache
after deserialization.
R=vogelheim@chromium.org
BUG=chromium:399580
LOG=N
Review URL: https://codereview.chromium.org/1008363002
Cr-Commit-Position: refs/heads/master@{#27220}
Fix the resulting warnings by renaming things apart.
BUG=v8:3947
LOG=n
Review URL: https://codereview.chromium.org/1009373002
Cr-Commit-Position: refs/heads/master@{#27219}
Store buffer does not contain stale pointers anymore. Hence, sweeper threads and store buffer processing does not collide.
BUG=
Review URL: https://codereview.chromium.org/1007273002
Cr-Commit-Position: refs/heads/master@{#27217}
Reason for revert:
Layout test failure in inspector/sources/debugger/debugger-pause-on-promise-rejection.html
Original issue's description:
> Remove kind field from StackHandler.
>
> This makes the Isolate::Throw logic not depend on a prediction of
> whether an exception is caught or uncaught. Such a prediction is
> inherently undecidable because a finally block can decide between
> consuming or re-throwing an exception depending on arbitray control
> flow.
>
> There still is a conservative prediction mechanism in place that
> components like the debugger or tracing can use for reporting.
>
> With this change we can get rid of the StackHandler::kind field, a
> pre-requisite to do table-based lookups of exception handlers.
>
> R=yangguo@chromium.org
>
> Committed: https://crrev.com/96f79568a926966ebcf0685bf9adc947f4e1fbff
> Cr-Commit-Position: refs/heads/master@{#27210}
TBR=yangguo@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1009903002
Cr-Commit-Position: refs/heads/master@{#27215}
The CL enables the same instructions are selected for Word32 and Word64 compare
operations which is possible due to a fact 32-bit inputs and produced values
are always sign-extended.
TEST=
BUG=
Review URL: https://codereview.chromium.org/1005123002
Cr-Commit-Position: refs/heads/master@{#27212}
This makes the Isolate::Throw logic not depend on a prediction of
whether an exception is caught or uncaught. Such a prediction is
inherently undecidable because a finally block can decide between
consuming or re-throwing an exception depending on arbitray control
flow.
There still is a conservative prediction mechanism in place that
components like the debugger or tracing can use for reporting.
With this change we can get rid of the StackHandler::kind field, a
pre-requisite to do table-based lookups of exception handlers.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1002203002
Cr-Commit-Position: refs/heads/master@{#27210}
Reason for revert:
Increased rate of Chrome crashes. Requires further investigation.
Original issue's description:
> Reland of Remove slots that point to unboxed doubles from the StoreBuffer/SlotsBuffer.
>
> The problem is that tagged slot could become a double slot after migrating of an object to another map with "shifted" fields (for example as a result of generalizing immutable data property to a data field).
> This CL also adds useful machinery that helps triggering incremental write barriers.
>
> BUG=chromium:454297, chromium:465273
> LOG=Y
>
> Committed: https://crrev.com/6d0677d845c47ab9fa297de61d0e3d8e5480a02a
> Cr-Commit-Position: refs/heads/master@{#27141}
TBR=hpayer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:454297, chromium:465273
Review URL: https://codereview.chromium.org/1004623003
Cr-Commit-Position: refs/heads/master@{#27207}
ES6 specs the function length property (it was not part of ES5) and
it makes it configurable.
BUG=v8:3045
LOG=N
R=mstarzinger@chromium.org, adamk@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/993073002
Cr-Commit-Position: refs/heads/master@{#27190}
Error.stack contains function.name if its type is string.
Otherwise if function have inferred name then .stack contains it.
For functions from eval .stack property contains "eval".
LOG=N
BUG=chromium:17356
R=yurys@chromium.org
Review URL: https://codereview.chromium.org/919653002
Cr-Commit-Position: refs/heads/master@{#27186}
Since incremental marking hasn't completed yet at this point, we can't
use the MC's root visitor.
Also, we shouldn't hurry with incremental marking while
overapproximating
BUG=v8:3862
R=hpayer@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/997423002
Cr-Commit-Position: refs/heads/master@{#27184}
Platform ports that use this RelocInfo kind need to implement
set_target_internal_reference accordingly to distinguish between
INTERNAL_REFERENCE and INTERNAL_REFERENCE_ENCODED.
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/1000373003
Cr-Commit-Position: refs/heads/master@{#27177}
We previously had two nested SCRIPT_SCOPEs (used to be GLOBAL_SCOPES), but as
the lexical variable implementation changed, the inner one is no longer needed.
BUG=
Review URL: https://codereview.chromium.org/1002193002
Cr-Commit-Position: refs/heads/master@{#27176}
Reduces the amount of custom support code for Math functions in TurboFan
and allows for more general inlining (i.e. independent of parameter
types).
BUG=v8:3952
LOG=n
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1004083002
Cr-Commit-Position: refs/heads/master@{#27172}
Port 99f8d57f3c
Original commit message:
Basically recognize certain x < y ? x : y constructs and turn that into
Float64Min/Float64Max operations, if the target machine supports that.
On x86 we lower to (v)minsd/(v)maxsd.
BUG=
Review URL: https://codereview.chromium.org/1006513002
Cr-Commit-Position: refs/heads/master@{#27168}
e8b9f2d7 introduced a different cast which broke building on Illumos.
Revert to previous behavior for V8_OS_SOLARIS only.
Found on SmartOS while building with gcc 4.9.0.
edit1: adding jochen to reviewers since he was assigned through the issue tracker and danno since he seems to do a fair amount of cross-platform work
edit2: removing BUG reference because I don't understand what LOG needs to contain (and it seems to link to chromium and not the v8 repo). Please edit commit message as appropriate.
BUG=3935
LOG=n
Review URL: https://codereview.chromium.org/990063002
Cr-Commit-Position: refs/heads/master@{#27163}
Basically recognize certain x < y ? x : y constructs and turn that into
Float64Min/Float64Max operations, if the target machine supports that.
On x86 we lower to (v)minsd/(v)maxsd.
R=dcarney@chromium.org
Review URL: https://codereview.chromium.org/998283002
Cr-Commit-Position: refs/heads/master@{#27160}
Port d4696c4841
Original commit message:
This moves the decision whether to report a message or not to when
the pending exception is propagated instead of trying to preserve the
decision in a ThreadLocalTop field.
BUG=
Review URL: https://codereview.chromium.org/1004623002
Cr-Commit-Position: refs/heads/master@{#27158}
This introduces a choke point in the AstGraphBuilder for property
access creation. This makes it easier to enrich all such nodes with
additional side-table or debugging information.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1002713002
Cr-Commit-Position: refs/heads/master@{#27157}
It should be possible to cast a Value to Int32 without throwing an exception
when IsInt32() is true. Same for Uint32.
BUG=chromium:462402
LOG=Y
Review URL: https://codereview.chromium.org/1003663002
Cr-Commit-Position: refs/heads/master@{#27156}
This moves the decision whether to report a message or not to when
the pending exception is propagated instead of trying to preserve the
decision in a ThreadLocalTop field.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/998943003
Cr-Commit-Position: refs/heads/master@{#27150}
We can reduce the number of type feedback vector slots required, and
also reduce IC misses.
Review URL: https://codereview.chromium.org/1001533002
Cr-Commit-Position: refs/heads/master@{#27149}
A diamond is unused if the Merge node has no Phi/EffectPhi uses, exactly
two inputs, one IfTrue and one IfFalse, which have the same Branch
control input and no other uses except for the Merge. In this case the
diamond can safely be removed.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1000883003
Cr-Commit-Position: refs/heads/master@{#27148}
Since recursive modules are gone, only the top-level scope can have
module inner scopes. Rename Scope::AllocateModulesRecursively to
Scope::AllocateModules, and add test showing the module Variables
are still allocated appropriately in the top level scope.
BUG=v8:1569,v8:3940
LOG=n
Review URL: https://codereview.chromium.org/999893003
Cr-Commit-Position: refs/heads/master@{#27143}
The problem is that tagged slot could become a double slot after migrating of an object to another map with "shifted" fields (for example as a result of generalizing immutable data property to a data field).
This CL also adds useful machinery that helps triggering incremental write barriers.
BUG=chromium:454297, chromium:465273
LOG=Y
Review URL: https://codereview.chromium.org/988363002
Cr-Commit-Position: refs/heads/master@{#27141}
Port f71e262683
Original commit message:
This removes the separate tracking of the pending message script,
because that script is already stored in the message object and
duplicating it in the ThreadLocalTop makes it more brittle.
BUG=
Review URL: https://codereview.chromium.org/999763003
Cr-Commit-Position: refs/heads/master@{#27140}
Outside of runtime.h, only the distinction between intrinsics
returning pairs and those returning pairs is really meaningful, not
the internal traditional partitioning of them.
BUG=v8:3947
LOG=n
Review URL: https://codereview.chromium.org/997933003
Cr-Commit-Position: refs/heads/master@{#27137}
Combined the various lists, the only slightly ugly thing is now the
distinction between intrinsics returning pairs and the rest, but
that's no big deal.
BUG=v8:3947
LOG=n
Review URL: https://codereview.chromium.org/989273003
Cr-Commit-Position: refs/heads/master@{#27135}
I did some investigation and found that in the most cases
the old schema with the separate List for functions and inlines
gives us no memory benefits because more frequently we inlines
different functions into parent function. So the plain schema
wins a tens or even hundreds bytes a few thousand times.
The only drawback is that we will print the inlined body
the each time when we inline it. But is not a problem
because it happens only under FLAG_hydrogen_track_positions.
Also I added script_id to the structure, so it could be used later
by cpu-profiler.
BUG=chromium:452067
LOG=n
Review URL: https://codereview.chromium.org/996153003
Cr-Commit-Position: refs/heads/master@{#27134}
The external v8::TryCatch handler was computed eagerly and kept in
intact. This changes it to be computed lazily for simplicity and
readability of the code.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/997863003
Cr-Commit-Position: refs/heads/master@{#27132}
This recovers the performance loss for some ancient benchmarks.
Added some comments/UNIMPLEMENTED on the way.
BUG=v8:3947
LOG=n
Review URL: https://codereview.chromium.org/996153002
Cr-Commit-Position: refs/heads/master@{#27131}
This removes the separate tracking of the pending message script,
because that script is already stored in the message object and
duplicating it in the ThreadLocalTop makes it more brittle.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/995013005
Cr-Commit-Position: refs/heads/master@{#27127}
Contribution of PowerPC port (continuation of 422063005,
817143002,866843003, and 901083004). This patch updates
the ppc directories to make them current with changes in
common code as of today.
We had to exclude the test test-serialize/SerializeInternalReference
until we agree on the right way to add those changes for PPC as
outlined in the description in the google doc provided earlier.
We also had to exclude a couple of other tests due to new
failures seen since the last uplevel. We excluded as opposed
to waiting until we could investigate to maximize the chance
of getting PPC compiling in the google repos before new
breaking changes are made.
I'll note that before applying any of our changes the
mozilla part of quickcheck was already broken when using
the lastest repo content so I had to run without that
modified: src/compiler/ppc/code-generator-ppc.cc
modified: src/compiler/ppc/instruction-codes-ppc.h
modified: src/compiler/ppc/instruction-selector-ppc.cc
modified: src/ic/ppc/handler-compiler-ppc.cc
modified: src/ic/ppc/ic-compiler-ppc.cc
modified: src/ppc/assembler-ppc-inl.h
modified: src/ppc/assembler-ppc.cc
modified: src/ppc/assembler-ppc.h
modified: src/ppc/builtins-ppc.cc
modified: src/ppc/code-stubs-ppc.cc
modified: src/ppc/codegen-ppc.cc
modified: src/ppc/full-codegen-ppc.cc
modified: src/ppc/lithium-codegen-ppc.cc
modified: src/ppc/macro-assembler-ppc.cc
modified: src/ppc/macro-assembler-ppc.h
modified: test/cctest/cctest.status
R=danno@chromium.org, svenpanne@chromium.org
BUG=
Review URL: https://codereview.chromium.org/994533004
Cr-Commit-Position: refs/heads/master@{#27125}
We should be able to cast a Value to Boolean when IsBoolean() is true.
Review URL: https://codereview.chromium.org/990943003
Cr-Commit-Position: refs/heads/master@{#27124}
Port 36e69a916f
Original commit message:
This reduces the size of the StackHandler by yet another word. We no
longer need to keep track of the frame pointer, as the stack walk will
be able to recalculate it.
BUG=
Review URL: https://codereview.chromium.org/997663002
Cr-Commit-Position: refs/heads/master@{#27123}
Port e0aa8ebf93
Original commit message:
This reduces the size of the StackHandler by one word. We no longer
need to keep track of the code object, as the stack walk finds it.
BUG=
Review URL: https://codereview.chromium.org/990903008
Cr-Commit-Position: refs/heads/master@{#27120}
Port 8d946b9c3f
Original commit message:
The prototype of a class constructor function is read only. When we set
computed property names we were ignoring this and we were overriding the
property.
Since the prototype is the only possible own read only property on the
constructor function object we special case this so we do not have to
check this for every property in the class literal.
BUG=v8:3945
LOG=N
Review URL: https://codereview.chromium.org/993963003
Cr-Commit-Position: refs/heads/master@{#27119}
Port 022ea7e057
Original commit message:
Provide an intrinsic %MathFloor / %_MathFloor that is used to optimize
both Math.ceil and Math.floor, and use the JS inlining mechanism to
inline Math.ceil into TurboFan code. Although we need to touch code
outside of TurboFan to make this work, this does not affect the way we
handle Math.ceil and/or Math.floor in CrankShaft, because for CrankShaft
the old-style builtin function id based inlining still kicks in first.
Once this solution is stabilized, we can use it for Math.floor as well.
And once that is settled, we can establish it as the unified way to
inline builtins, and get rid of the specialized builtin function id
based inlining at some point.
Note that "builtin" applies to basically every piece of internal
JavaScript/intrinsics based code, so this also applies to the yet to be
defined JavaScript based code stubs and handlers.
BUG=v8:3953
LOG=n
Review URL: https://codereview.chromium.org/998503002
Cr-Commit-Position: refs/heads/master@{#27117}
This reduces the size of the StackHandler by yet another word. We no
longer need to keep track of the frame pointer, as the stack walk will
be able to recalculate it.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/991893003
Cr-Commit-Position: refs/heads/master@{#27115}
None of these fields is used in Blink. Embedder always can implement them using existing API.
BUG=chromium:465651
LOG=Y
Review URL: https://codereview.chromium.org/983833006
Cr-Commit-Position: refs/heads/master@{#27113}
Doing a runtime call should always be better than totally giving up
(unless we have fullcode-only intrinsics, which we'll probably never
have).
BUG=v8:3947
LOG=n
Review URL: https://codereview.chromium.org/997543002
Cr-Commit-Position: refs/heads/master@{#27110}
This makes sure that the pending message location is only tracked by
the message object, as only this is saved for finally-blocks. The
location information is duplicated and becomes stale.
R=titzer@chromium.org
TEST=maeh, not so much.
Review URL: https://codereview.chromium.org/987353002
Cr-Commit-Position: refs/heads/master@{#27109}
There are no stale store buffer pointers anymore. The sweeper thread can not be in conflict with store buffer processing.
BUG=
Review URL: https://codereview.chromium.org/993983002
Cr-Commit-Position: refs/heads/master@{#27107}
The prototype of a class constructor function is read only. When we set
computed property names we were ignoring this and we were overriding the
property.
Since the prototype is the only possible own read only property on the
constructor function object we special case this so we do not have to
check this for every property in the class literal.
BUG=v8:3945
LOG=N
R=mstarzinger@chromium.org, dslomov@chromium.org
Review URL: https://codereview.chromium.org/985643003
Cr-Commit-Position: refs/heads/master@{#27106}
We can do that now since we have the invariant that the store buffer always has valid slots after marking.
BUG=
Review URL: https://codereview.chromium.org/991853002
Cr-Commit-Position: refs/heads/master@{#27105}
This reduces the size of the StackHandler by one word. We no longer
need to keep track of the code object, as the stack walk finds it.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/985803002
Cr-Commit-Position: refs/heads/master@{#27103}
We can remove a few of them now (those which unconditionally bailout),
but this will be done in a separate CL to see any impact separately.
BUG=v8:3947
LOG=n
Review URL: https://codereview.chromium.org/993963002
Cr-Commit-Position: refs/heads/master@{#27102}
Note that this patch is not really a *solution*, it is just enough to
make the undefined behavior unobservable. The real fix would be being
much more correct about sizes and signedness in our code base...
BUG=chromium:464657
LOG=n
R=dcarney@chromium.org
Review URL: https://codereview.chromium.org/995743002
Cr-Commit-Position: refs/heads/master@{#27100}
The bits in CompilerHints are accessed via FunctionKindBits, and on the other
hand, with accessors defined by BOOL_ACCESSORS(SharedFunctionInfo,
compiler_hints, is_accessor_function, kIsAccessorFunction) etc.
So the bit order in FunctionKind must match CompilerHints.
This is not causing problems (yet) because there's no accessor for these two
bits, but if somebody adds one, things will go wrong.
R=dslomov@chromium.org
BUG=
Review URL: https://codereview.chromium.org/988413002
Cr-Commit-Position: refs/heads/master@{#27096}
We use slightly different schema for JumpTable on arm64 than for x64.
We do a branch (B) to the JumpTable from the code,
then a branch (B) to the end of jump table code
and then branch to the deoptimizer code with putting
the return address into lr register (Call which is actually Blr).
As a result the 'from' address in Deoptimizer always points to
the end of JumpTable code and we can get nothing from this information.
0) I moved save_doubles and needs_frame code out of for_loop.
1) I replaced B commands with Bl so we put different return addresses
to lr register for the different jump table entries and replaced
the final Call with Br which do not touch lr register.
Also I removed the last_entry check so we will always do the Bl
even for the last entry because we need the right address in lr.
I don't think that this will affect the performance because it
just one more branch for entire deopt mechanics.
BUG=chromium:452067
LOG=n
Review URL: https://codereview.chromium.org/984893003
Cr-Commit-Position: refs/heads/master@{#27094}
Provide an intrinsic %MathFloor / %_MathFloor that is used to optimize
both Math.ceil and Math.floor, and use the JS inlining mechanism to
inline Math.ceil into TurboFan code. Although we need to touch code
outside of TurboFan to make this work, this does not affect the way we
handle Math.ceil and/or Math.floor in CrankShaft, because for CrankShaft
the old-style builtin function id based inlining still kicks in first.
Once this solution is stabilized, we can use it for Math.floor as well.
And once that is settled, we can establish it as the unified way to
inline builtins, and get rid of the specialized builtin function id
based inlining at some point.
Note that "builtin" applies to basically every piece of internal
JavaScript/intrinsics based code, so this also applies to the yet to be
defined JavaScript based code stubs and handlers.
BUG=v8:3953
LOG=n
R=yangguo@chromium.org,svenpanne@chromium.org
Review URL: https://codereview.chromium.org/990963003
Cr-Commit-Position: refs/heads/master@{#27086}
Context specialization enables inlining (at least currently it is the
only enabler for inlining), but inlining enables more possibilities for
context specialization. So we really need to run them together.
This is especially important with the "module based builtins" that we're
working towards.
BUG=v8:3952
LOG=n
Review URL: https://codereview.chromium.org/988423004
Cr-Commit-Position: refs/heads/master@{#27085}
since the old style weakness is slated for removal, we might as well reuse the name to limit confusion. additionally I simplified the callback type to a enum to either get internal field values or not
this should be a non-breaking change with the exception of PhantomPersistentValueMap, which is unused.
R=jochen@chromium.org, erikcorry@chromium.org
BUG=
Review URL: https://codereview.chromium.org/989153003
Cr-Commit-Position: refs/heads/master@{#27084}
Rationale: separate the inputs and outputs of parsing + analysis from the business of compiling (i.e. generating machine code).
BUG=
Review URL: https://codereview.chromium.org/974213002
Cr-Commit-Position: refs/heads/master@{#27078}
The original code always returned the first entry from RelocInfo that matched with
bailout_id. But we may have a few different deopt reasons for one bailout_id.
So we need to get the one which matches with a particular call from JumpTable.
We can do this by checking not 'target_address' (it maps to bailout_id)
but 'from' address which maps to a particular JumpTable entry.
The test was reworked so it tests identical functions against different reasons.
BUG=chromium:452067
LOG=n
Review URL: https://codereview.chromium.org/984773003
Cr-Commit-Position: refs/heads/master@{#27076}
After establishing the invariant that the store buffer always has valid slots after marking, the store buffer integrity check is not needed anymore.
BUG=454157
LOG=n
Review URL: https://codereview.chromium.org/990173002
Cr-Commit-Position: refs/heads/master@{#27073}
This makes sure only the %_DeoptimizeNow intrinsic is inlined, and
not the %DeoptimizeNow one. It hence re-establishes the invariant
that JSIntrinsicLowering only deals with inline intrinsics.
R=jarin@chromium.org
TEST=mjsunit/compiler/eager-deopt-simple
Review URL: https://codereview.chromium.org/988333003
Cr-Commit-Position: refs/heads/master@{#27070}
The JSInliner used to load the context from the JSFunction node at
runtime, which introduced a HeapConstant (because we had to materialize
the JSFunction after context specialization) and a LoadField operation,
independent whether the inlinee actually uses the context. This is
rather cumbersome currently, and therefore this is now changed to just
embed the context constant instead. Once we do inlining based on
SharedFunctionInfo rather than JSFunction, we should reconsider this
decision and come up with a proper heuristic.
BUG=v8:3952
LOG=n
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/994523002
Cr-Commit-Position: refs/heads/master@{#27069}
The store buffer can contain stale store buffer entries, i.e., slot in dead objects pointing to new space objects. These slots are treaded as live slots which cause problems with non-pointer fields and makes concurrent sweeping complicated. Removing these pointers from the store buffer before it is used makes life easier.
BUG=
Review URL: https://codereview.chromium.org/985453003
Cr-Commit-Position: refs/heads/master@{#27068}
Reason for revert:
This doesn't do what it's supposed to do. The problem seems to lie on the blink side, people aren't reusing their FunctionTemplates (or creating them when not necessary).
Original issue's description:
> Don't overwrite existing serial numbers on the function template, otherwise instantiating the function for a new context causes the serial number to bump.
>
> Committed: https://crrev.com/1e638c3610ec6938e5fb16c42018642195782fb2
> Cr-Commit-Position: refs/heads/master@{#27048}
TBR=yangguo@chromium.org,dcarney@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/993533003
Cr-Commit-Position: refs/heads/master@{#27067}
Reason for revert:
It caused a lot of Canary crashes.
Original issue's description:
> Remove slots that point to unboxed doubles from the StoreBuffer/SlotsBuffer.
>
> The problem is that tagged slot could become a double slot after migrating of an object to another map with "shifted" fields (for example as a result of generalizing immutable data property to a data field).
> This CL also adds useful machinery that helps triggering incremental write barriers.
>
> BUG=chromium:454297
> LOG=Y
>
> Committed: https://crrev.com/9633ebabd405c264d33f603f8798c31f59418dcd
> Cr-Commit-Position: refs/heads/master@{#27054}
TBR=verwaest@chromium.org,hpayer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:454297
Review URL: https://codereview.chromium.org/991793002
Cr-Commit-Position: refs/heads/master@{#27063}
We mark certain builtins for inlining, and those should always be
inlined into optimized code (CrankShaft already handles it this way), so
we should support that in TurboFan as well. Currently this mainly
affects a certain set of Math functions, but once have the basics in
place we can extend this to any kind of builtin/code stub/accessor.
This adds a new flag --turbo_builtin_inlining (enabled by default), that
forces the inliner to always inline builtins marked for inlining, but
does not affect inlining of other functions (this is still controlled by
the --turbo-inlining flag).
BUG=v8:3952
LOG=n
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/993473002
Cr-Commit-Position: refs/heads/master@{#27059}
This is currently the cleanest approach to avoid the useless stack check
during inlining. We might be able to just remove the useless stack
checks later when we have a phase that also takes care of removing
redundant stack checks on loop back edges (which we do not generate
currently).
On the other hand, the flag introduced here might be useful when
building code stubs/builtins/dom stubs using JS based DSL, because you
certainly don't want a JS-level stack check in a code stub.
R=jarin@chromium.org
BUG=v8:3952
LOG=n
Review URL: https://codereview.chromium.org/994433002
Cr-Commit-Position: refs/heads/master@{#27058}
Loading the coefficients from a the constants typed array is currently
blocking inlining MathSin and MathCos into TurboFan generated code,
because there is no type feedback and hence TurboFan has to generate a
LOAD_IC for every coefficient.
R=yanggou@chromium.org
BUG=v8:3952
LOG=n
Review URL: https://codereview.chromium.org/989133002
Cr-Commit-Position: refs/heads/master@{#27057}
The key idea here is that the stack check should be explicit, such that
we can eliminate unnecessary stack checks after graph building and
potentially inlining.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/981243002
Cr-Commit-Position: refs/heads/master@{#27056}
The problem is that tagged slot could become a double slot after migrating of an object to another map with "shifted" fields (for example as a result of generalizing immutable data property to a data field).
This CL also adds useful machinery that helps triggering incremental write barriers.
BUG=chromium:454297
LOG=Y
Review URL: https://codereview.chromium.org/957273002
Cr-Commit-Position: refs/heads/master@{#27054}
Now the three intrinsic lists only differ in their compiler
support. Unifying the lists and making the logic what is supported in
which compiler local to the compilers themselves is handled in a
follow-up CL.
BUG=v8:3947
LOG=n
Review URL: https://codereview.chromium.org/983183002
Cr-Commit-Position: refs/heads/master@{#27046}
Original issue: https://codereview.chromium.org/980573002/
Simple transitions are now stored in a map's "transitions" field (as a WeakCell wrapping the target map); full TransitionArrays are used when that's not sufficient.
To encapsulate these storage format implementation details, functions for manipulating and querying transitions have been refactored to be static functions on the TransitionArray class, and take maps as inputs.
Review URL: https://codereview.chromium.org/988703002
Cr-Commit-Position: refs/heads/master@{#27044}
This involved renaming apart a few more intrinsics. In the long run,
we want to clean up redundant intrinsics which just delegate.
BUG=v8:3947
LOG=n
Review URL: https://codereview.chromium.org/984963002
Cr-Commit-Position: refs/heads/master@{#27043}
This keeps dying maps alive for FLAG_retain_maps_for_n_gc garbage collections
to increase chances of them being reused for new objects in future and
decrease number of deoptimizations.
BUG=v8:3664
LOG=N
TEST=cctest/test-heap/MapRetaining
Review URL: https://codereview.chromium.org/980523004
Cr-Commit-Position: refs/heads/master@{#27040}
This makes sure that any pending message is saved before entering
and restored after exiting a finally block. It also makes sure that
operand stacks are kept in sync to full-codegen.
R=bmeurer@chromium.org
TEST=cctest/test-run-jsexceptions/ThrowMessage
Review URL: https://codereview.chromium.org/979173002
Cr-Commit-Position: refs/heads/master@{#27036}
External references are encoded as a tuple of type and ID. This
requires both the external reference encode and the decoder to
create a mapping between the encoding and the external reference
table index.
Instead, we simply use the external reference table index as
encoding.
We now also assume that there are no duplicate entries. Existing
duplicates have been removed in this change.
R=vogelheim@chromium.org
Review URL: https://codereview.chromium.org/982773003
Cr-Commit-Position: refs/heads/master@{#27033}
This is introduced by 8d2e45669f (r26993)
original commit message:
First shot at eager deoptimization in Turbofan.
BUG=
Review URL: https://codereview.chromium.org/960973003
Cr-Commit-Position: refs/heads/master@{#27032}
Reason for revert:
x64 test failures
Original issue's description:
> Simplify and compact transitions storage
>
> Simple transitions are now stored in a map's "transitions" field (as a WeakCell wrapping the target map); full TransitionArrays are used when that's not sufficient.
> To encapsulate these storage format implementation details, functions for manipulating and querying transitions have been refactored to be static functions on the TransitionArray class, and take maps as inputs.
>
> Committed: https://crrev.com/45fbef7f2252fce10634931cb103ccc1fc95ae6a
> Cr-Commit-Position: refs/heads/master@{#27029}
TBR=verwaest@chromium.org,ulan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/982143002
Cr-Commit-Position: refs/heads/master@{#27030}
Simple transitions are now stored in a map's "transitions" field (as a WeakCell wrapping the target map); full TransitionArrays are used when that's not sufficient.
To encapsulate these storage format implementation details, functions for manipulating and querying transitions have been refactored to be static functions on the TransitionArray class, and take maps as inputs.
Review URL: https://codereview.chromium.org/980573002
Cr-Commit-Position: refs/heads/master@{#27029}
Port 4436c2642a
Original commit message:
This adds support for the double bits intrinsics to TurboFan, and is
a first step towards fast Math functions inlined into TurboFan code
or even compiled by themselves with TurboFan.
BUG=
Review URL: https://codereview.chromium.org/980073003
Cr-Commit-Position: refs/heads/master@{#27028}
Port 1382879f29
Original commit message:
This extends the stack unwinding logic to respect optimized frames
and perform a lookup in the handler table to find handlers. It also
contains fixes to the API call stubs to allow a stack walk while
promoting scheduled exceptions.
BUG=
Review URL: https://codereview.chromium.org/988463002
Cr-Commit-Position: refs/heads/master@{#27027}
There are no test cases for this piece of code and it is really hard to test. If this rare case triggers, we are anyway in an OOM situation and would crash probably soon afterwards.
BUG=
Review URL: https://codereview.chromium.org/977013003
Cr-Commit-Position: refs/heads/master@{#27026}
If function.name property has string type then stack frame will contain it otherwise DebugName from shared function info.
BUG=17356
LOG=Y
R=yurys@chromium.org
Review URL: https://codereview.chromium.org/917743002
Cr-Commit-Position: refs/heads/master@{#27025}
Internal references are absolute addresses into the instruction
stream. Turn them into relative addresses when serializing and
back when deserializing to keep them valid.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/976623002
Cr-Commit-Position: refs/heads/master@{#27020}
According to Source Map specification [1] source map url can be passed either as a magic comment at the end of script or as SourceMap http header. We already parse the former value and expose it on Script object. This change allows to unify the way we deal with source map urls received in http header by providing api for passing that url into the script being compiled.
source_map_url is intentionally not passed into CompilationCacheScript::Lookup. The cache is anyways disabled when debugger is on.
[1] https://docs.google.com/document/d/1U1RGAehQwRypUTovF1KRlpiOFze0b-_2gc6fAH0KY0k/edit
LOG=Y
BUG=chromium:462572
Review URL: https://codereview.chromium.org/983603003
Cr-Commit-Position: refs/heads/master@{#27017}
This extends the stack unwinding logic to respect optimized frames
and perform a lookup in the handler table to find handlers. It also
contains fixes to the API call stubs to allow a stack walk while
promoting scheduled exceptions.
R=jarin@chromium.org
TEST=cctest/test-run-jsexceptions
Review URL: https://codereview.chromium.org/969533004
Cr-Commit-Position: refs/heads/master@{#27016}
This way, every function in those lists has one C++ implementation
called Runtime_##name. The previous distinction was confusing.
Review URL: https://codereview.chromium.org/983623002
Cr-Commit-Position: refs/heads/master@{#27010}
This adds support for the double bits intrinsics to TurboFan, and is
a first step towards fast Math functions inlined into TurboFan code
or even compiled by themselves with TurboFan.
Review URL: https://codereview.chromium.org/974313002
Cr-Commit-Position: refs/heads/master@{#27006}
port 1a608493e5 (r26983)
original commit message:
Refactor BreakLocationIterator.
We now have BreakLocation::Iterator to iterate via RelocIterator, and
create a BreakLocation when we are done iterating. The reloc info is
stored in BreakLocation in a GC-safe way and instantiated on demand.
BUG=
Review URL: https://codereview.chromium.org/978183002
Cr-Commit-Position: refs/heads/master@{#27003}
Function name property is now standardized in ES6. It was a Mozilla proprietary
extension before. With ES6, the property was made configurable, so that it can
be used instead of another proprietary property, displayName.
This is a revert of revert c791d84112.
Last time this broke a Chrome browser test which has since been updated:
5f75a3be4c
BUG=v8:3333
LOG=N
R=mstarzinger@chromium.org,verwaest@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/977003004
Cr-Commit-Position: refs/heads/master@{#26996}
Port a820568b1f
Each call to emit_32 uses 5 constant pool slots:
* the "emit_32" string
* undefined (the receiver)
* the argument (heap number)
* the load IC
* the call IC
This change cuts that down 20% to 4, by loading the undefined from the heap roots.
BUG=
Review URL: https://codereview.chromium.org/963193005
Cr-Commit-Position: refs/heads/master@{#26995}
If we use HashMap::Lookup with insert=true, the returned entry may have
NULL as value. This could either mean that the value is 0, or that the
entry has just been inserted. This ambiguity can cause false negatives
in PartialCacheIndexMap::LookupOrInsert.
Also fix a TODO.
R=vogelheim@chromium.org
Review URL: https://codereview.chromium.org/974273002
Cr-Commit-Position: refs/heads/master@{#26994}
Experimental globals are simply flag values on the builtins object to
turn on/off harmony features. We still need to declare them even when
we don't turn on harmony features for the snapshot.
R=vogelheim@chromium.org
Review URL: https://codereview.chromium.org/978813002
Cr-Commit-Position: refs/heads/master@{#26992}
This makes sure that the implicit exception edges in the graph pass
the correct exception object and also fixes a bug in the dominance
relationship of the value entering the finally block and it's uses.
R=jarin@chromium.org
TEST=cctest/test-run-jsexceptions/FinallyBreak
Review URL: https://codereview.chromium.org/970253002
Cr-Commit-Position: refs/heads/master@{#26989}
Before the max_old_space_size was set for each space, which is not intuitive and not what we want. There is still a miss match between capacity and actual committed memory which should be cleaned up in a follow up cl.
BUG=
Review URL: https://codereview.chromium.org/979783002
Cr-Commit-Position: refs/heads/master@{#26985}
We now have BreakLocation::Iterator to iterate via RelocIterator, and
create a BreakLocation when we are done iterating. The reloc info is
stored in BreakLocation in a GC-safe way and instantiated on demand.
R=ulan@chromium.org
BUG=v8:3924
LOG=N
Review URL: https://codereview.chromium.org/967323002
Cr-Commit-Position: refs/heads/master@{#26983}
Re-installing experimental natives after deserialization causes failures if
said experimental native is already included in the snapshot. However, there
is no way to tell whether a certain harmony feature has been included.
Experimental natives may also be turned on/off on-demand, which a snapshot
that includes them would not support for all cases.
The simple solution for the meantime is to never include experimental natives
in the snapshot and initialize them after deserialization on-demand.
R=vogelheim@chromium.org
Review URL: https://codereview.chromium.org/981473002
Cr-Commit-Position: refs/heads/master@{#26982}
Each call to emit_32 uses 5 constant pool slots:
* the "emit_32" string
* undefined (the receiver)
* the argument (heap number)
* the load IC
* the call IC
This change cuts that down 20% to 4, by loading the undefined from the heap roots.
R=verwaest@chromium.org
BUG=
Review URL: https://codereview.chromium.org/980563002
Cr-Commit-Position: refs/heads/master@{#26979}
This is a follow-on to crrev.com/960883003, which fixed a memory leak in this code, but uncovered another, more subtle bug:
Previously, the code expected you would v8::V8::Initialize once, and v8::V8::Dispose once. The first bug was that in this case the holder_ variable would point to deallocated memory. The second bug was that once the snapshot was disposed, there was no way to get it back on a future Initialize. These are uncovered by the InitializeAndDisposeMultiple test case.
The fix is to keep memory to the raw snapshot and to then cleanly build & destroy the tables in Initialize & Dispose. Since sometimes setNativesBlob is called just after Initialize, that situation must be handled, too.
BUG=
Review URL: https://codereview.chromium.org/974943003
Cr-Commit-Position: refs/heads/master@{#26978}
Shouldn't make a difference in practice, but it's a bit more readable and it
gets the case of a 0 shift correct without undefined behavior.
BUG=463436
LOG=N
Review URL: https://codereview.chromium.org/975283002
Cr-Commit-Position: refs/heads/master@{#26975}
Bit-shifts have undefined behaviour if the shift amount is greater
or equal to the width of the type.
In this case the code would do imm32 >> 32 when rot == 0.
A newer version of Clang unrolled the loop, optimized the first
iteration away, causing the test suite to fail with:
#
# Fatal error in ../src/arm/assembler-arm.cc, line 1212
# Check failed: !rn.is(ip).
#
as well as crashing when running Chromium tests on Android (at least
we think this was the cause, see the bug).
BUG=463436, 444089
LOG=Y
Review URL: https://codereview.chromium.org/979633002
Cr-Commit-Position: refs/heads/master@{#26974}
Problem:
Excuting with flags as "--prof --logfile-per-isolate --logfile=/path/to/filename"
expected file name: /path/to/isolate-<isolate id>-filename
current result: isolate-<isolate id>-/path/to/filename
This patch makes the file name we expected.
Review URL: https://codereview.chromium.org/960813004
Cr-Commit-Position: refs/heads/master@{#26955}
Android doesn't have swap space so if the heap goes over the physical memory
size the system will just kill us. Applying the Heap::kPointerMultipler
to heap size could cause the max heap size to be larger than physical memory.
Instead use the defaults which are based on actual physical memory configured
by Api::ConfigureDefaults().
BUG=432909
LOG=N
Review URL: https://codereview.chromium.org/960213007
Cr-Commit-Position: refs/heads/master@{#26954}
TryInline needed position only for the case when we track positions.
We can drop the position argument and use the current position from GraphBuilder.
The only problem that it doesn't match with the inline point.
The reason of that was the fact that builder had moved the position forward by
visiting arguments expressions.
I fixed this by restoring the current positon in HOptimizedGraphBuilderWithPositions::Visit*
BUG=452067
LOG=n
Review URL: https://codereview.chromium.org/962593005
Cr-Commit-Position: refs/heads/master@{#26953}
Contribution of PowerPC port (continuation of 422063005, 817143002,
866843003, and 901083004. This patch updates the ppc directories
to make them current with changes in common code, removes the
optimization to use the ool constant pool, and excludes tests that
don't pass under the ppc simulator given a 240s timeout.
Subsequent patches will cover:
- remaining optimizations for PPC
- remaining AIX changes not resolved by 4.8 compiler (4.8 is only recently available for AIX)
- incremental updates required to ppc directories due to platform specific changes made
in google repos while we complete the above steps.
modified: src/compiler/ppc/code-generator-ppc.cc
modified: src/ic/ppc/handler-compiler-ppc.cc
modified: src/ppc/assembler-ppc-inl.h
modified: src/ppc/assembler-ppc.cc
modified: src/ppc/assembler-ppc.h
modified: src/ppc/builtins-ppc.cc
modified: src/ppc/code-stubs-ppc.cc
modified: src/ppc/debug-ppc.cc
modified: src/ppc/deoptimizer-ppc.cc
modified: src/ppc/frames-ppc.cc
modified: src/ppc/frames-ppc.h
modified: src/ppc/full-codegen-ppc.cc
modified: src/ppc/lithium-codegen-ppc.cc
modified: src/ppc/lithium-ppc.cc
modified: src/ppc/lithium-ppc.h
modified: src/ppc/macro-assembler-ppc.cc
modified: src/ppc/macro-assembler-ppc.h
modified: test/cctest/cctest.status
modified: test/mjsunit/mjsunit.status
R=danno@chromium.org, svenpanne@chromium.org
BUG=
Review URL: https://codereview.chromium.org/965823002
Cr-Commit-Position: refs/heads/master@{#26951}
On Intel targets, it is cheaper to load the context from the frame
instead of loading the context as a constant (which usually involves a
PropertyCell because the context is in new space when we compile the
function).
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/970803002
Cr-Commit-Position: refs/heads/master@{#26935}
On 64-bit targets, we can skip the write barrier for Store nodes if the
input is ChangeInt32ToTagged, because the value being stored is
definitely represented as a smi then.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/968113002
Cr-Commit-Position: refs/heads/master@{#26934}
