The CallICStub has call-site specific knowledge about the receiver,
which we did not utilize; plus the CallICStub does in some case know
whether it is about to [[Call]] a function or potentially some other
callable. In the common case we actually know that the target is a
function and so we can use the CallFunction builtin directly instead
of redispatching in the Call builtin.
BUG=chromium:555127, v8:4413
LOG=n
Review URL: https://codereview.chromium.org/1470803002
Cr-Commit-Position: refs/heads/master@{#32163}
port c6d310da4d (r32151)
original commit message:
* Adds a PrepareForTailCall instruction that bumps the stack in the case that
the number of parameters passed to the callee causes the stack to exceed the
calleer's frame size.
* Uses the gap resolver to move the saved caller return address and frame
pointer to the approprate location in the tail-called frame.
BUG=
Review URL: https://codereview.chromium.org/1472703002
Cr-Commit-Position: refs/heads/master@{#32162}
port 2fc2cb99f5 (r32144)
original commit message:
The old code was not ready for properly initialize objects with non standard headers and non zero in-object properties number.
MacroAssembler::Allocate() implementations now return both start and end addresses of the new object (done by parameter renaming).
BUG=
Review URL: https://codereview.chromium.org/1467923002
Cr-Commit-Position: refs/heads/master@{#32161}
port ceade6cf23 (r32131)
original commit message:
This adds a new %NewArray runtime entry, which constructs a new JSArray
and does the subclassing correctly (to the same degree that %NewObject
does currently), and also deals properly with the AllocationSite
feedback mechanism. This runtime entry will be used by TurboFan and is
also used as a fallback in the subclassing case in the stub currently.
BUG=
Review URL: https://codereview.chromium.org/1462283003
Cr-Commit-Position: refs/heads/master@{#32160}
We should not be counting the bump pointer allocations done during scavenge as
the objects are copied. The inline allocation observers were getting unnecessary
notifications.
R=hpayer@chromium.org, ulan@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1465633002
Cr-Commit-Position: refs/heads/master@{#32153}
* Adds a PrepareForTailCall instruction that bumps the stack in the case that
the number of parameters passed to the callee causes the stack to exceed the
calleer's frame size.
* Uses the gap resolver to move the saved caller return address and frame
pointer to the approprate location in the tail-called frame.
BUG=v8:4076
LOG=n
Review URL: https://codereview.chromium.org/1455833004
Cr-Commit-Position: refs/heads/master@{#32151}
This will allow callers (e.g. the infra recipe) to check
which steps have been executed and monitor success/failure.
BUG=chromium:559141
LOG=n
NOTRY=true
Review URL: https://codereview.chromium.org/1463143004
Cr-Commit-Position: refs/heads/master@{#32150}
Original issue's description:
> Prepare to enable in-object properties in subclasses on a case by case basis.
>
> Minor cleanup in VisitorId selection.
>
> Committed: https://crrev.com/7c449a62edfc03aed84d94da323dcfe2b51a3600
> Cr-Commit-Position: refs/heads/master@{#32030}
This is a mostly clean reland.
Review URL: https://codereview.chromium.org/1459133002
Cr-Commit-Position: refs/heads/master@{#32148}
Introduce a JSCreateArray operator that represents the Array
constructor, and lower call and construct calls to the Array
constructor to JSCreateArray. Currently we don't yet replace
that with an inline allocation, but always use the specialized
stubs for the Array constructor.
This saves a lot of unnecessary deopts and elements transitions
because now we can actually consume the allocation site feedback
for the transitions.
R=mstarzinger@chromium.org
BUG=v8:4470
LOG=n
Review URL: https://codereview.chromium.org/1466643002
Cr-Commit-Position: refs/heads/master@{#32145}
The old code was not ready for properly initialize objects with non standard headers and non zero in-object properties number.
MacroAssembler::Allocate() implementations now return both start and end addresses of the new object (done by parameter renaming).
Review URL: https://codereview.chromium.org/1459083003
Cr-Commit-Position: refs/heads/master@{#32144}
This change introduces register re-mapping to avoid assignment hazards
in binary expressions. Expressions that cause problems typically have
the form y = x + (x = 4);. The problem occurs because the lhs value
evaluates to the register holding x. The rhs updates that register and
then applying the operation would use the new value as the lhs.
By tracking loads and stores in binary expressions the generator is now
able to detect when condition occurs and uses a temporary register for
the rhs value. When the binary expression evaluation is complete the
variable is updated with the latest temporary.
A new bytecode Mov performs this update without touching the
accumulator.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1412683011
Cr-Commit-Position: refs/heads/master@{#32141}
Argument allocation in typed lowering was producing
dangling effect chains. This patch fixes three sources
of dangling effect chains.
BUG=
Review URL: https://codereview.chromium.org/1447323005
Cr-Commit-Position: refs/heads/master@{#32140}
Adds support for the New, CallRuntime and CallJSRuntime bytecodes in
BytecodeGraphBuilder. Also adds BuildLoadObjectField,
BuildLoadGlobalObject and BuildLoadNativeContextField helpers.
Landed on behalf of rmcilroy.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1456483002
Cr-Commit-Position: refs/heads/master@{#32136}
If Math.random is called when creating the snapshot, we need seeds to
work with. Those seeds are going to be overwritten after deserializing
from the snapshot.
NOTRY=true
NOTREECHECKS=true
TBR=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1458003005
Cr-Commit-Position: refs/heads/master@{#32134}
This adds a new %NewArray runtime entry, which constructs a new JSArray
and does the subclassing correctly (to the same degree that %NewObject
does currently), and also deals properly with the AllocationSite
feedback mechanism. This runtime entry will be used by TurboFan and is
also used as a fallback in the subclassing case in the stub currently.
BUG=v8:3101, v8:3330
LOG=n
Review URL: https://codereview.chromium.org/1456423003
Cr-Commit-Position: refs/heads/master@{#32131}
The TruncateFloat64ToUint64 operator converts a float64 to an uint64 using
round-to-zero rounding mode (truncate). If the input value is outside uint64
range, then the result depends on the architecture. I provide an implementation for x64 and arm64.
@v8-ppc-ports and @v8-mips-ports, can you do the implementations for ppc64 and mips64?
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1457373002
Cr-Commit-Position: refs/heads/master@{#32127}
This removes some dead code from the function invocation code when the
arguments adaptor trampoline is called. This seems to be leftover code
from when we used to support calling code objects directly.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1455293004
Cr-Commit-Position: refs/heads/master@{#32126}
This changes all direct function calls in Crankshaft to pass undefined
via the register expected to hold the new.target value. Note that the
register is still ignored by all callees for now.
This is a preparatory CL to allows us passing new.target in a register
instead of via a side-channel through the construct stub frame.
R=bmeurer@chromium.org
BUG=v8:4544
LOG=n
Review URL: https://codereview.chromium.org/1459183002
Cr-Commit-Position: refs/heads/master@{#32125}
Following logic is using for getting function name in JSFunction::GetDebugName:
1. if function has displayName and its type is string then use it
2. if function has defined property Function.name as value and its type string then use it
3. otherwise use SharedFunctionInfo::DebugName as functionName.
JSFunction::GetDebugName is exposed in V8 API and in FunctionMirror interface.
BUG=chromium:17356
R=yangguo@chromium.org,mstarzinger@chromium.org
LOG=Y
Review URL: https://codereview.chromium.org/1449473005
Cr-Commit-Position: refs/heads/master@{#32124}
Fixing failures in cctest/test-assembler-mips/CVT on Mips32R2 without
FP64 support
BUG=
Review URL: https://codereview.chromium.org/1459763003
Cr-Commit-Position: refs/heads/master@{#32121}
This CL should be reverted after investigating the size chrasher.
BUG=chromium:556912
LOG=n
Review URL: https://codereview.chromium.org/1455273003
Cr-Commit-Position: refs/heads/master@{#32119}
Since {CancelAndWait} blocks on the tasks that are still present in the internal
hashmap, we are not allowed to remove the task upon trying to cancel it using
{TryAbort}.
The previous implementation suffered from a bug where:
1) The task was created and handed over to the platform.
2) The task was started by the platform, setting it to running state.
3) We called {TryAbort}, effectively removing it from the manager, but failing
to cancel (as it was already running)
4) All tasks finished running, indicating this with their own semaphore.
5) The platform was stuck (scheduling) before destroying the task.
6) Main thread finished its work, waiting for all the necessary tasks, and the
isolate terminated.
7) The platform destroyed the task, calling the destructor, calling into an
already freed isolate.
BUG=chromium:524425
LOG=N
Review URL: https://codereview.chromium.org/1460763004
Cr-Commit-Position: refs/heads/master@{#32118}
This changes the interface descriptor for the arguments adaptor to also
contain an explicit register for the new.target value. Note that the
stub still clobbers the register for now.
This is a preparatory CL to allows us passing new.target in a register
instead of via a side-channel through the construct stub frame.
R=bmeurer@chromium.org
BUG=v8:4544
LOG=n
Review URL: https://codereview.chromium.org/1457313002
Cr-Commit-Position: refs/heads/master@{#32117}