This patch fixes an obscure edge case for functions defined as the
direct body of a for-of/for-in loop, such as the following:
for (foo in []) function foo() { return foo; }
Here, the first occurrence of foo should point to the outer scope;
however, before this patch, it pointed to the inner foo in an
invalid way which caused an assertion about the scope chain to fail.
This patch fixes the scope chain by inserting an extra scope for
the body of the loop, not including the header.
BUG=chromium:542099
LOG=N
R=rossberg
Review URL: https://codereview.chromium.org/1396663004
Cr-Commit-Position: refs/heads/master@{#31268}
This CL re-purposes ValueEffect and Finish as delimiters for regions
that are scheduled atomically (renamed to BeginRegion, FinishRegion).
The BeginRegion node takes and produces an effect. For the uses that do
not care about the placement in the effect chain, it is ok to feed
graph->start() as an effect input.
The FinishRegion takes a value and an effect and produces a value and
an effect. It is important that any value or effect produced inside the
region is not used outside the region. The FinishRegion node is the only
way to smuggle an effect and a value out.
At the moment, this does not support control flow inside the region. Control flow would be hard.
During scheduling we do some sanity check, but the checks are not exhaustive. Here is what we check:
- the effect chain between begin and finish is linear (no splitting,
single effect input and output).
- any value produced is consumed by the FinishRegion node.
- no control flow outputs.
Review URL: https://codereview.chromium.org/1399423002
Cr-Commit-Position: refs/heads/master@{#31265}
The AccessorsTable has a non-deterministic iteration order depending on the
random seed. This means that the order of the accessor defines could vary
and the test which tried to set accessors on two different properties
could flakly fail due to the order not being as expected. To fix this I make
the test only do a setter on one property (the test-interpreter.cc test
does the check on multiple property accessors
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1404793002
Cr-Commit-Position: refs/heads/master@{#31264}
Support negate with shifted input on ARM64 by supporting lhs zero registers for
binary operations, and removing explicit Neg instruction support.
Review URL: https://codereview.chromium.org/1404093003
Cr-Commit-Position: refs/heads/master@{#31263}
Replaces the use of KeyedStoreICGeneric with a vector based KeyedStoreIC for
array literal computed stores now that there is a feedback vector slot for
these expressions. Removes KeyedStoreICGeneric bytecode since this is no
longer necessary.
BUG=v8:4280
LOG=N
TBR=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1400353002
Cr-Commit-Position: refs/heads/master@{#31262}
Previously, any AstVisitor subclasses which wanted to make use of
the shared stack overflow checking code needed to depend on Isolate.
With this patch, it will be easy to create a second InitializeAstVisitor
overload taking a stack_limit directly, for use in code that has no
Isolate available (such as code running in the parser).
AstVisitor subclasses which depended upon the isolate() accessor have
been fixed to either have their own isolate_ member or get it from
somewhere else convenient.
Review URL: https://codereview.chromium.org/1387383005
Cr-Commit-Position: refs/heads/master@{#31260}
It is used by AstGraphBuilder (TF) and BytecodeGenerator (Ignition), so is no
longer a full-codegen datastructure. Removes full-codegen.h dependency from
compiler/ and interpreter/
Review URL: https://codereview.chromium.org/1393393003
Cr-Commit-Position: refs/heads/master@{#31256}
Perform native context specialization immediately after graph
construction (also after inlinee graph construction). This way
we can do unified inlining before we go to typing and typed
lowering. And we will get better typing due to constants and
(checked) type feedback.
R=mstarzinger@chromium.org
BUG=v8:4470
LOG=n
Review URL: https://codereview.chromium.org/1404123002
Cr-Commit-Position: refs/heads/master@{#31255}
Adds Object literal support to the interpreter. Adds the following bytecodes:
- ToName
- CreateObjectLiteral.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1386313005
Cr-Commit-Position: refs/heads/master@{#31253}
This is a first prototype for a rudimentary inlining heuristic allowing
enabling of general inlining based existing budget flags. Also note that
this approach does not yet work for multi-level inlining, for now the
list of candidates is processed exactly once.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1406543002
Cr-Commit-Position: refs/heads/master@{#31249}
Fix mina instruction in mips32 and mips64 simulator according to IEEE 754-2008 standard
BUG=
Review URL: https://codereview.chromium.org/1402923002
Cr-Commit-Position: refs/heads/master@{#31243}
The lack of a vector slot for the keyed store operation in filling in
non-constant array literal properties led to undesirable contortions in
compilers downwind of full-codegen. The use of a single slot to initialize all
the array elements is sufficient.
BUG=
Review URL: https://codereview.chromium.org/1405503002
Cr-Commit-Position: refs/heads/master@{#31242}
Adds array literal support to the interpreter. Currently constructed
array elements don't have type feedback slots, so also adds support for
generic keyed store operations.
Adds the following bytecodes:
- CreateArrayLiteral
- KeyedStoreICGeneric
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1400753003
Cr-Commit-Position: refs/heads/master@{#31240}
Adds support for creation of new local function contexts (or script context for
top-level code). As part of this, also adds support for context push/pop
operations using a ContextScope object in BytecodeGenerator. Adds the following
bytecodes:
- PushContext
- PopContext
Support for inner contexts and loading from / storing to context allocated
variables will come in a future CL.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1379793004
Cr-Commit-Position: refs/heads/master@{#31238}
The flag for deactivating break points also affects stepping, since both
are implemented via debug break slots. Fixing this by introducing a new
flag solely responsible for deactivating actual break points.
R=mvstanton@chromium.org
BUG=chromium:119800
LOG=N
Review URL: https://codereview.chromium.org/1402913002
Cr-Commit-Position: refs/heads/master@{#31236}
- Fairly (round-robin) divide available memory upon compaction tasks.
- Ensure an upper limit (of memory) since dividing is O(n) for n free-space
nodes.
- Refill from free lists managed by sweeper once a compaction space becomes
empty.
Assumption for dividing memory: Memory in the free lists is sparse upon starting
compaction (which means that only few nodes are available), except for memory
reducer GCs, which happen in idle time though (so it's less of a problem).
BUG=chromium:524425
LOG=N
Review URL: https://codereview.chromium.org/1382003002
Cr-Commit-Position: refs/heads/master@{#31234}
This adds a workaround that zeroes out semaphores before they are
initialized. Some versions of sem_init (e.g. GLIBC_2.0) fail to fully
zero out the semaphore, leading to {errno == ENOSYS} with subsequent
sem_timedwait calls.
R=machenbach@chromium.org
BUG=chromium:536813
LOG=n
Review URL: https://codereview.chromium.org/1407463002
Cr-Commit-Position: refs/heads/master@{#31232}
Adds function literal support and add support for OTHER_CALLS which can be
made when calling a function literal.
Adds the CreateClosure bytecode.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1396693003
Cr-Commit-Position: refs/heads/master@{#31231}
This moves JavaScript source files that are bundled with V8 into a
separate directory. The goal is to improve code readability and also
being able to formalize ideal reviewers by subsequently adding the
OWNERS file. These files almost exclusively contain implementations
of methods fully specified by ES6.
Note that files in the "debug" directory as well as the "d8.js" file
aren't affected by this change.
R=rossberg@chromium.org
Review URL: https://codereview.chromium.org/1398733002
Cr-Commit-Position: refs/heads/master@{#31230}
Looking up 'name' and 'message' properties at the same time and loading
the properties later can cause assertion failure if one of the properties
is an accessor and calling it changes the holder map. That may invalidate
the other lookup.
R=jkummerow@chromium.org
BUG=chromium:542101
LOG=N
Review URL: https://codereview.chromium.org/1403923002
Cr-Commit-Position: refs/heads/master@{#31229}
This fixes a regression in Octane's pdf.js after r30818. The bug itself
has been present for a long time, but StringCompareStub wasn't actually
used until r30818 so it went unnoticed.
Review URL: https://codereview.chromium.org/1399983002
Cr-Commit-Position: refs/heads/master@{#31227}
This changes hashing and comparison functions for JSCreateClosure
operators to be based in the handle location instead of the referenced
object identity. This is in sync with all other JS operators.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1388233007
Cr-Commit-Position: refs/heads/master@{#31225}
Before this CL, we created one live range per successive set of
deferred blocks. For scenarios with many such blocks, this creates
an upfront pressure for the register allocator to deal with many ranges.
Linear sorts ranges, which is a super-linear operation.
The change places all deferred intervals into one range, meaning that,
at most, there will be twice as many live ranges as the original set. In
pathological cases (benchmarks/Compile/slow_nbody1.js), this change
halves the compilation time. We see some improvements elsewhere,
notably SQLite at ~4-5%.
We may be able to avoid the subsequent merge. Its cost is the
additional ranges it may need to create. The sole reason for the merge
phase is to provide an unchanged view of the world to the subsequent
phases. With the at-most-one splinter model, we may be able to teach
the other phases about splintering - should we find perf hindrances
due to merging.
Review URL: https://codereview.chromium.org/1391023007
Cr-Commit-Position: refs/heads/master@{#31224}
For live ranges with many use positions, such as those encountered in
some unity asm.js code, this change significantly reduces compile time
(e.g. benchmarks/Compile/slow_nbody1.js: from ~6s to 2s). The
improvement is solely due to regressions (fixed by this CL) due to
splintering.
This CL does not fully address compile time problems for large
functions in Turbofan, but constitutes a step in the right direction.
Review URL: https://codereview.chromium.org/1386253004
Cr-Commit-Position: refs/heads/master@{#31220}
