port e5edd66d07 (r32022)
original commit message:
This is the first part to refactoring the JSNativeContextSpecialization
class, which has grown way too big recently.
Also don't collect cross context feedback for the CallIC in general.
Neither TurboFan nor Crankshaft can make any use of cross context
JSFunction feedback that is collected by the CallIC, so there's no
point in gathering that feedback at all (it just complicates the
checking that is necessary in the compilers). What we should do
instead at some point (when Crankshaft becomes less important) is
to collect the SharedFunctionInfo as feedback for those cases.
BUG=
Review URL: https://codereview.chromium.org/1453033002
Cr-Commit-Position: refs/heads/master@{#32024}
This is the first part to refactoring the JSNativeContextSpecialization
class, which has grown way too big recently.
Also don't collect cross context feedback for the CallIC in general.
Neither TurboFan nor Crankshaft can make any use of cross context
JSFunction feedback that is collected by the CallIC, so there's no
point in gathering that feedback at all (it just complicates the
checking that is necessary in the compilers). What we should do
instead at some point (when Crankshaft becomes less important) is
to collect the SharedFunctionInfo as feedback for those cases.
R=yangguo@chromium.org
BUG=v8:4470
LOG=n
Review URL: https://codereview.chromium.org/1451273002
Cr-Commit-Position: refs/heads/master@{#32022}
- Removed PASS/FAIL line for arrow/rest params test which should now pass.
- Moved soon-to-be-changed tests about built-in prototypes as plain objects
to INVALID section (and noted that they'll be fixed with the
next test262 roll).
R=littledan@chromium.org
Review URL: https://codereview.chromium.org/1450243002
Cr-Commit-Position: refs/heads/master@{#32020}
All uses of Token::INIT also have access to the relevant VariableMode,
so there's no reason to have more than one token representing an
initializing assignment.
Review URL: https://codereview.chromium.org/1431873006
Cr-Commit-Position: refs/heads/master@{#32016}
While all allocated objects need to have correct alignment, this requirement
doesn't make a lot of sense for the allocation limit. Removing this assertion
would makes it possible to make the inline-allocation-observers accurate. This
could be done in other ways, but removing this assertion is the most elegant way
to go about it.
R=hpayer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1444883003
Cr-Commit-Position: refs/heads/master@{#32013}
This adds support for load/store access to FAST_HOLEY_ELEMENTS and
FAST_HOLEY_SMI_ELEMENTS backing stores. We don't currently fully support
the double holes, because we make some difficult assumptions in
Crankshaft there.
R=jarin@chromium.org
BUG=v8:4470
LOG=n
Review URL: https://codereview.chromium.org/1448903002
Cr-Commit-Position: refs/heads/master@{#32012}
This way we can properly cancel them on the main thread in case they never get
scheduled by the platform.
BUG=chromium:524425
LOG=N
CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg;tryserver.v8:v8_linux_gc_stress_dbg;tryserver.v8:v8_mac_gc_stress_dbg;tryserver.v8:v8_linux64_msan_rel;tryserver.v8:v8_linux64_tsan_rel;tryserver.v8:v8_mac64_asan_rel
Review URL: https://codereview.chromium.org/1446523003
Cr-Commit-Position: refs/heads/master@{#32007}
The TiesEven rounding mode rounds float64 numbers to the nearest
integer. If there are two nearest integers, then the number is rounded
to the even one. This is the default rounding mode according to
IEEE~754.
I implemented the operator on ia32, x64, arm, arm64, mips, and mips64.
I think there is a bug in the current implementation of the ppc
simulator, which kept me from implementing the operator on ppc.
According to my understanding of the ppc instruction manual, the FRIN
instruction provides the right behavior for Float64RoundTiesEven. In the
simulator, however, FRIN provides a different semantics. If there are
two nearest integers, then the simulator returns the one which is
further away form 0.
Review URL: https://codereview.chromium.org/1440293002
Cr-Commit-Position: refs/heads/master@{#32005}
Extend the ElementAccessInfo machinery with support for elements kind
transitions, which can be either in-place updates of the map (i.e. when
going from FAST_SMI_ELEMENTS to FAST_ELEMENTS) or instance migrations
utilizing the TransitionElementsKindStub.
R=jarin@chromium.org
BUG=v8:4470
LOG=n
Review URL: https://codereview.chromium.org/1452563002
Cr-Commit-Position: refs/heads/master@{#32003}
port 34b7b21d1d (r32000)
original commit message:
If inline allocation fails, we can just use the %NewObject fallback,
which will do the right thing. We don't need a dedicated fallback to
%AllocateInNewSpace.
BUG=
Review URL: https://codereview.chromium.org/1451603002
Cr-Commit-Position: refs/heads/master@{#32002}
port ff283f7ded (r31987)
original commit message:
* Limit triggering of tail calls to explicit use of a new inline runtime
function %_TailCall. %_TailCall works just like %_Call except for using
tail-calling mechanics (currently only in TF).
* Remove hack that recognized some specific usages of %_Call and converted them
into tail calls.
* Support tail calls for all calls where the number of callee stack parameters
is less than or equal to the number of caller stack parameters.
* Use the gap resolver to swizzle parameters and registers to tail calls.
BUG=
Review URL: https://codereview.chromium.org/1445023002
Cr-Commit-Position: refs/heads/master@{#32001}
If inline allocation fails, we can just use the %NewObject fallback,
which will do the right thing. We don't need a dedicated fallback to
%AllocateInNewSpace.
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/1440193003
Cr-Commit-Position: refs/heads/master@{#32000}
This change binds each {Cancelable} task to a so-called {CancelableTaskManager},
which is then used to handle concurrent cancelation as well as synchronizing
shutdown for already running tasks. Since ownership of tasks is transferred to
the platform executing a task (destructor), handling in the manager uses integer
ids. Note that this also mitigates (modulo integer size) the ABA problem.
All handling of {Cancelable} tasks is now encapsulated into the corresponding
manager, which is instantiated for each isolate.
R=hpayer@chromium.org
BUG=chromium:524425
LOG=N
CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg;tryserver.v8:v8_linux_gc_stress_dbg;tryserver.v8:v8_mac_gc_stress_dbg;tryserver.v8:v8_linux64_msan_rel;tryserver.v8:v8_linux64_tsan_rel;tryserver.v8:v8_mac64_asan_rel
Review URL: https://codereview.chromium.org/1409993012
Cr-Commit-Position: refs/heads/master@{#31997}
The previous code did not properly check for harmony const when
doing the dynamic redeclaration check. This was masked in the
test because each eval had an initializer, and the initializer was what
triggered the exception.
This patch tightens the test by removing initializers and fixes the bug in
DeclareLookupSlot.
Also change the test to use assertThrows where possible.
BUG=v8:4550
LOG=n
Review URL: https://codereview.chromium.org/1437003006
Cr-Commit-Position: refs/heads/master@{#31995}
Port ff283f7ded
Original commit message:
* Limit triggering of tail calls to explicit use of a new inline runtime
function %_TailCall. %_TailCall works just like %_Call except for using
tail-calling mechanics (currently only in TF).
* Remove hack that recognized some specific usages of %_Call and converted them
into tail calls.
* Support tail calls for all calls where the number of callee stack parameters
is less than or equal to the number of caller stack parameters.
* Use the gap resolver to swizzle parameters and registers to tail calls.
R=danno@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=v8:4076
LOG=n
Review URL: https://codereview.chromium.org/1442143002
Cr-Commit-Position: refs/heads/master@{#31994}
There is no need to require kRingbufferMaxSize samples for estimating the
compaction speed, as the number is already quite stable with a single sample
(which may include timings from compacting multiple pages).
R=hpayer@chromium.org
BUG=chromium:524425
LOG=N
Review URL: https://codereview.chromium.org/1440423002
Cr-Commit-Position: refs/heads/master@{#31993}
This CL introduces the following visitors:
1) RecordMigratedSlotVisitor which simplifies MarkCompactCollector::MigrateObject().
2) IteratePointersToFromSpaceVisitor which simplifies Heap::IteratePointersToFromSpace().
3) FindPointersToNewSpaceVisitor which simplifies StoreBuffer::IteratePointersToNewSpace().
These changes make the object's body descriptors the one and only place that knows how to traverse the object.
Review URL: https://codereview.chromium.org/1441453002
Cr-Commit-Position: refs/heads/master@{#31992}
We push the context and the js function onto the stack as part of the
frame construction. The register allocator is presented with virtual
registers for the above as defined from their corresponding registers. It
then goes on to spilling them somewhere else on the stack.
This means each function spends two redundant spills and two
unnecessary stack slots.
This change addresses this issue.
We present these parameters (context and function) to the register
allocator as an UnallocatedOperand having a "secondary storage". The
secondary storage is then associated to the live range as its
spill operand. We capture the definition of the live range so that we can
then commit the spill (in this case, eliminate) through a variation of the
mechanics of the CommitAssignment phase.
The register allocator validator also needed update to understand
UnallocatedOperands with a secondary storage.
The change renames the SpillAtDefinitionList and related APIs to better
capture their intent - the old names suggested spills happened upon
calling. In reality, potential spill locations were thus recorded, and later
committed (or not, in certain cases) after register allocation.
BUG= v8:4548
LOG=n
Review URL: https://codereview.chromium.org/1426943010
Cr-Commit-Position: refs/heads/master@{#31988}
* Limit triggering of tail calls to explicit use of a new inline runtime
function %_TailCall. %_TailCall works just like %_Call except for using
tail-calling mechanics (currently only in TF).
* Remove hack that recognized some specific usages of %_Call and converted them
into tail calls.
* Support tail calls for all calls where the number of callee stack parameters
is less than or equal to the number of caller stack parameters.
* Use the gap resolver to swizzle parameters and registers to tail calls.
BUG=v8:4076
LOG=n
Review URL: https://codereview.chromium.org/1439613003
Cr-Commit-Position: refs/heads/master@{#31987}
With do-expressions any expression used as a case label can turn into an
OSR entry-point. This means the value being switched over is renamed to
an OSR value and needs to be reloaded from the environment at each case.
R=rossberg@chromium.org
TEST=mjsunit/regress/regress-osr-in-case-label
Review URL: https://codereview.chromium.org/1438123007
Cr-Commit-Position: refs/heads/master@{#31986}
Adds an optimization to omit generating Ldar/Star if the same register
is loaded or stored from the accumulator in the earlier instruction.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1435283002
Cr-Commit-Position: refs/heads/master@{#31984}
This makes sure that inlining a constructor call to a function which
cannot be used as a constructor (e.g. strong mode function) still does
throw correctly when the implicit receiver is created.
R=bmeurer@chromium.org
TEST=mjsunit/regress/regress-inline-strong-as-construct
BUG=v8:4544
LOG=n
Review URL: https://codereview.chromium.org/1447443002
Cr-Commit-Position: refs/heads/master@{#31982}
This reverts commit b7db5cd9c7
(https://codereview.chromium.org/1324353002/).
Our internal dashboard shows that this patch has introduced massive (3x) performance regressions for string ops. This is probably due to it repeatedly invoking %_StringCharCodeAt in a loop, which is far from cheap (has to dispatch on one of our 30+ string representations each time).
TBR=dehrenberg@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1439083003
Cr-Commit-Position: refs/heads/master@{#31981}
1) Body descriptors moved to their own header files.
2) Missing body descriptors added.
3) Template versions of HeapObject::Iterate*() methods added.
4) Body descriptors support new kind of queries: IsValidSlot(offset) which can be used for invalid slots filtering.
This is a first step towards virtual and static visitors unification and support in-object properties in built-in (sub-)classes.
Review URL: https://codereview.chromium.org/1440243002
Cr-Commit-Position: refs/heads/master@{#31980}
The JSCallReducer runs together with inlining and tries to strength
reduce JSCallFunction nodes; currently it can fold
Function.prototype.call and Function.prototype.apply (with arguments),
and make it possible to inline across them.
In the case of Function.prototype.apply with arguments we still have to
leave the JSCreateArguments node in the graph because there might be
other (frame state) uses. Once escape analysis is ready, it will take
care of removing these nodes and adding appropriate transitions for the
deoptimizer.
R=jarin@chromium.org
BUG=v8:4551
LOG=n
Review URL: https://codereview.chromium.org/1445513002
Cr-Commit-Position: refs/heads/master@{#31979}
This aligns the naming of "new target" with the spec text throughout
TurboFan and the stack frame walker. The goal is to avoid unnecessary
confusion for people familiar with the spec.
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/1442643002
Cr-Commit-Position: refs/heads/master@{#31978}
This is necessary to allow more optimizations to take place between
the representation inference and change lowering. Perhaps we want
to rename SimplifiedLowering -> RepresentationInference and
ChangeLowering -> SimplifiedLowering.
Review URL: https://codereview.chromium.org/1439473003
Cr-Commit-Position: refs/heads/master@{#31976}