Fix bug in simulator which incorrectly interpreted the operands
for SQEBR (Float32 sqrt) as 64-bit doubles. Add missing
disassembler case for SQEBR as well.
R=jyan@ca.ibm.com,michael_dawson@ca.ibm.com,mbrandy@us.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1837263003
Cr-Commit-Position: refs/heads/master@{#35119}
This patch adds fast paths for @@replace and @@split that call into
the old, side-effect free (and faster) versions of those builtin
operations when possible (roughly, when the receiver is a RegExp
and the 'exec' method is untampered). Also add some micro-optimizations
that further improve performance.
Taken altogether, this takes us from a ~70% regression on the Octane
RegExp benchmark to a ~9% regression.
The test262.status lines for RegExps has been reorganized to make it
clearer the status of individual tests. More work will likely be
required to increase spec compliance before the --harmony-regexp-exec
flag is shipped; some of that work is happening on the spec side.
BUG=v8:4602
LOG=y
Review URL: https://codereview.chromium.org/1836123002
Cr-Commit-Position: refs/heads/master@{#35118}
This method returns contextDebugId for function. We can't use context_data from FunctionMirror.prototype.script because it can be incorrect when compilation cache is used and one script object was used for JSFunctions in different contexts.
BUG=chromium:595206
LOG=Y
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1840713002
Cr-Commit-Position: refs/heads/master@{#35117}
AArch64 kernels older than 3.18 presented a different cpuinfo format
than what V8 expects. Most of V8's logic still works, but it misreads
the "CPU architecture" field.
BUG=
Review URL: https://codereview.chromium.org/1841733002
Cr-Commit-Position: refs/heads/master@{#35114}
This avoids redundant casts, loss of precision, and potential overflows.
BUG=chromium:597310
LOG=NO
Review URL: https://codereview.chromium.org/1841043002
Cr-Commit-Position: refs/heads/master@{#35113}
Updates the prologue_offset value in LCodeGen::GeneratePrologue after
generating ahi/aghi.
prologue_offset is used in FindCodeAgeSequence. Failing to update
prologue_offset will result in failing to correctly identify the code
aging sequence (young).
R=joransiu@ca.ibm.com, mbrandy@us.ibm.com, michael_dawson@ca.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1843673002
Cr-Commit-Position: refs/heads/master@{#35112}
The CodeGenerator sequence for kS390_Div64 was incorrectly defaulting
to the 32-bit divide sequence. That case has been fixed to use the
proper 64-bit divide (DSGR).
Fix bug in DLGR simulation where the register number was being used as
operands instead of the values in those registers.
R=jyan@ca.ibm.com,michael_dawson@ca.ibm.com,mbrandy@us.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1844563002
Cr-Commit-Position: refs/heads/master@{#35110}
Fix bug in simulator which incorrectly interpreted the operands
for CEBR (Float32 compare) as 64-bit doubles. Add missing
disassembler case for CEBR as well.
R=jyan@ca.ibm.com,michael_dawson@ca.ibm.com,mbrandy@us.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1844473002
Cr-Commit-Position: refs/heads/master@{#35106}
Now instead of saving all event details in the ring buffer,
we save only the bytes and duration.
This reduces the GCTracer size from 20K to 3K and simplifies code.
BUG=chromium:597310
LOG=NO
Review URL: https://codereview.chromium.org/1830723004
Cr-Commit-Position: refs/heads/master@{#35104}
I can't express my disbelief when I saw it getting a raw context
object from the runtime. Luckily this is not used anywhere.
R=neis@chromium.org
Review URL: https://codereview.chromium.org/1844543002
Cr-Commit-Position: refs/heads/master@{#35102}
This fixes another bug in Array.prototype.sort (when the array is not a
JSArray and there is a proxy on the prototype chain).
R=cbruni@chromium.org
BUG=chromium:596866
LOG=n
Review URL: https://codereview.chromium.org/1842563004
Cr-Commit-Position: refs/heads/master@{#35101}
Thus DevTools will be able to disable tail call elimination dynamically upon user's choice.
BUG=v8:4698
LOG=N
Review URL: https://codereview.chromium.org/1837513002
Cr-Commit-Position: refs/heads/master@{#35098}
If we don't write fillers, we crash during PagedSpace verification when we try
to iterate over dead memory (unused folded allocation slots).
BUG=v8:4871,chromium:580959
LOG=N
Review URL: https://codereview.chromium.org/1837163002
Cr-Commit-Position: refs/heads/master@{#35097}
In JavaScript code and stubs, JSSP mirrors the CSP but may be unaligned.
But in WASM code only CSP is used, like native code, and it must be
aligned.
Calls into WASM from JS need to carefully align the C stack
pointer (csp) and restore the previous JSSP, while calls from WASM
to JS need to compute a new JSSP and restore their CSP after the
call.
R=ahaas@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1811283003
Cr-Commit-Position: refs/heads/master@{#35096}
Fix and re-enable the flexible representation for Math.floor (which is used to
implement Math.ceil) and Math.round, which allows Math.floor and Math.round to
return double results instead of int32, and therefore allows values outside
the int32 range, especially -0 is now a valid result, which doesn't deopt.
Also port this feature to x64 and ia32 when the CPU supports the SSE4.1
extension.
This addresses all the known deoptimization loops related to Math.round
in the Kraken benchmark suite, and seems to also address most of the
deoptimization loops related to Math.floor in the Oort Online benchmark.
Drive-by-fix: Import the regression tests for the broken HMathFloorOfDiv
optimization that caused the initial revert of the feature (for arm64 only
back then).
BUG=chromium:476477,v8:2890,v8:4059
R=jarin@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1841513003
Cr-Commit-Position: refs/heads/master@{#35094}
This fixes support for debug info in perf. Thanks to Stephane Eranian for
identifying the problem - debug info event has to be emitted before the
code load event. It also seems that perf does not yet support the shorthand
for repeated source files in the debug info entry ("\xff\0"), so I changed
it to always write the script name.
Review URL: https://codereview.chromium.org/1843563002
Cr-Commit-Position: refs/heads/master@{#35092}
Difference from --perf-basic-prof:
- correctly attributes samples when code space gets reused (when unused code object dies and a new code objects is allocated at the same place).
- outputs compiled machine code for instruction-level profile.
Just like --perf-basic-prof, the file writer is not synchronized (even worse, there is a per-isolate file handle), so we will run into trouble with multiple isolates. However, this patch is still an improvement on --perf-basic-prof, and it should be fine to replace ll-prof.
The patch also introduces experimental support for debug info, but it does not seem to be picked by the perf tool.
Usage:
You need the perf tool from Linux kernel >4.5. Then run:
$ perf record -k mono d8 --perf-prof <your JS file>
$ perf inject -j -i perf.data -o perf.data.jitted
$ perf report -i perf.data.jitted
Some explanations:
The "-k mono" switch from "perf record" tells the perf tool to use the monotonic clock for perf sample timestamping. The "perf inject -j" command injects the collected code events into the perf data file, writing the output into perf.data.jitted. The perf report command then creates the report.
Review URL: https://codereview.chromium.org/1809203007
Cr-Commit-Position: refs/heads/master@{#35091}
The NumberFloor operator matches exactly the semantics of the Math.floor
builtin on Numbers. It uses hardware rounding instructions if available,
but provides a full fallback solution that is compatible with Math.floor.
The lowering is optimizable based on types if needed later, i.e. we
already optimize it for the case that the input is already an Integer
(in the EcmaScript sense, including NaN and -0), but we could add more
optimizations, like combining NumberFloor and NumberDivide in the
future, if necessary.
R=jarin@chromium.org
BUG=v8:2890,v8:4059
LOG=n
Review URL: https://codereview.chromium.org/1843533003
Cr-Commit-Position: refs/heads/master@{#35090}
The timezone part of the Date string representation might contain
non-ASCII characters depending on the exact platform configuration,
so we cannot safely assume that the whole date string is ASCII
encoded.
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
R=yangguo@chromium.org
BUG=chromium:581925
LOG=n
Review URL: https://codereview.chromium.org/1838063002
Cr-Commit-Position: refs/heads/master@{#35089}
The getter RegExp.prototype.source is specified in ES2015 to throw when
called on a non-RegExp instance, such as RegExp.prototype. We had previously
put in a compatibility workaround for all RegExp getters to make them
throw on access specifically with RegExp.prototype as the receiver; however,
we only have evidence that this is needed for properties other than source.
This patch removes the compatibility workaround for get RegExp.prototype.source
and gives it semantics precisely as per the ES2015 specification.
R=adamk
BUG=chromium:581577,v8:4827
LOG=Y
Review URL: https://codereview.chromium.org/1837843002
Cr-Commit-Position: refs/heads/master@{#35086}
Previously, they would check for Symbol.match/Symbol.search, and then
do another check for Symbol.match in the RegExp constructor. This patch
avoids the second one by skipping the RegExp constructor, as the spec does.
Review URL: https://codereview.chromium.org/1840723002
Cr-Commit-Position: refs/heads/master@{#35085}
This way we avoid the second deoptimization for the Math.floor and
Math.ceil builtins when -0 is involved. We still deoptimize the inlined
Crankshaft version in various cases, that's a separate issue.
The algorithm used for implement CodeStubAssembler::Float64Floor is
vaguely based on the fast math version used in the libm of various BSDs,
but had to be reengineered to match the EcmaScript specification.
R=epertoso@chromium.org
BUG=v8:2890, v8:4059
LOG=n
Review URL: https://codereview.chromium.org/1828253002
Cr-Commit-Position: refs/heads/master@{#35083}
Clang optimizes away CheckOverflowForIntSub at any opt
level (includes -O1, -O2, -O3) into a false statement,
resulting in incorrect values being returned. As the C++
standard considers overflows to be undefined behaviour,
this is technically correct as compilers can assume that
overflows never occur, but problematic in our case (where
overflows do occur, and a specific result is expected).
This change replaces the original check with a call to a
function that is optimized in a manner that returns correct output.
R=michael_dawson@ca.ibm.com,jyan@ca.ibm.com,mtbrandyberry@ca.ibm.com,joransiu@ca.ibm.com,danno@chromium.org,jkummerow@chromium.org,jochen@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1826043002
Cr-Commit-Position: refs/heads/master@{#35082}
Add support for optimizing objects with elements, which do not invoke JS and
cannot change the shape of the Object.
BUG=v8:4663
LOG=N
Review URL: https://codereview.chromium.org/1767113004
Cr-Commit-Position: refs/heads/master@{#35081}
It's been on since M49. Also moved tests from harmony -> es6,
one of which was merged with another test of the same name.
While moving stuff over to regexp.js, I also noticed that there
were unused calls to %FunctionSetName and %SetNativeFlag (those
calls are already handled by InstallGetter()).
Review URL: https://codereview.chromium.org/1838563003
Cr-Commit-Position: refs/heads/master@{#35076}
"IS_RECEIVER" used to be called "IS_SPEC_OBJECT", which might be a better
name: it's what the spec means when it says "Type(O) is Object".
R=littledan@chromium.org
BUG=v8:4602
LOG=n
Review URL: https://codereview.chromium.org/1838593002
Cr-Commit-Position: refs/heads/master@{#35075}
Use macro instructions for min, max ops to get the same functionality on
pre-r6 and r6 targets.
BUG=
TEST=mjsunit/math-min-max, cctest/test-macro-assembler-mips64/min_max_nan, cctest/test-macro-assembler-mips/min_max_nan, cctest/test-assembler-mips64/min_max, cctest/test-assembler-mips/min_max
Review URL: https://codereview.chromium.org/1694833002
Cr-Commit-Position: refs/heads/master@{#35073}
Port b6419fa229
Now implemented as a builtin that delegates to the InstanceOfStub. That
stub was parameterized to fallback to either Runtime_InstanceOf or to
Runtime_OrdinaryHasInstance depending on the --harmony-instanceof flag.
Once the feature stabilizes and the flag is no longer needed, we can get
rid of this parameterization again.
BUG=v8:4447
LOG=n
Review URL: https://codereview.chromium.org/1832053002
Cr-Commit-Position: refs/heads/master@{#35072}
This is another set of changes that replace JR and JALR instructions
with JIC and JIALC for mips32r6. Macroassembler Jump and Call functions
now use JIC and JIALC if branch delay slot is not used. Code patching is
adjusted to work with new changes and few minor fixes are added.
BUG=
Review URL: https://codereview.chromium.org/1807263003
Cr-Commit-Position: refs/heads/master@{#35071}
