In ia32 PushArgsAndConstruct builtin, we run out of registers and need to
temporarily store the data in the stack. In the earlier implementation,
a location outside the esp was used. This causes a problem if there is a
interrupt/signals which would use the same stack and corrupt the data that
is above the esp. This cl fixes it by pushing it onto the stack so that
the stack pointer is updated and hence the corruption will not happen. We
reuse the slot meant for receiver as a temporary store.
TBR=rmcilroy@chromium.org
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1750373002
Cr-Commit-Position: refs/heads/master@{#34397}
When we try to optimize a function with Crankshaft, but compilation
bails out, don't disable optimization for that function entirely,
just disable Crankshaft, so TurboFan will be used for the next attempt.
Thereby this widens the TurboFan intake valve.
Review URL: https://codereview.chromium.org/1751873002
Cr-Commit-Position: refs/heads/master@{#34396}
Adds the translation from optimized frame to bytecode offset
in FrameSummary. For interpreter, the bailout id represents the bytecode
array offset. So we can directly use the bailout id as the code offset
in the FrameSummary. Also updates mjsunit.status with more information
about failing tests.
BUG=v8:4280, v8:4689
LOG=N
Review URL: https://codereview.chromium.org/1740753002
Cr-Commit-Position: refs/heads/master@{#34393}
The preparser should ignore "use strong" if the --strong_mode flag
is not turned on, but this should not stop processing subsequent
directives.
R=rossberg@chromium.org
BUG=
LOG=N
Review URL: https://codereview.chromium.org/1752753002
Cr-Commit-Position: refs/heads/master@{#34392}
Similar to fullcodegen, Ignition now also marks a for-in statement as
slow (via the TypeFeedbackVector) when we have to call %ForInFilter,
i.e. we either have no enumeration cache or the receiver map changes
during an iteration of the for-in map.
R=mstarzinger@chromium.org
BUG=v8:3650
LOG=n
Review URL: https://codereview.chromium.org/1755563002
Cr-Commit-Position: refs/heads/master@{#34391}
We used to emit debug break location on block entry. This cannot be
ported to the interpreted as we do not emit bytecode for block entry.
This made no sense to begin with though, but accidentally added
break locations for var declarations.
With this change, the debugger no longer breaks at var declarations
without initialization. This is in accordance with the fact that the
interpreter does not emit bytecode for uninitialized var declarations.
Also fix the bytecode to match full-codegen's behavior wrt return
positions:
- there is a break location before the return statement, with the source
position of the return statement.
- right before the actual return, there is another break location. The
source position points to the end of the function.
R=rmcilroy@chromium.org, vogelheim@chromium.orgTBR=rossberg@chromium.org
BUG=v8:4690
LOG=N
Review URL: https://codereview.chromium.org/1744123003
Cr-Commit-Position: refs/heads/master@{#34388}
ArrayIteratorPrototype must not provide Symbol.iterator.
R=rossberg
BUG=
Review URL: https://codereview.chromium.org/1749093002
Cr-Commit-Position: refs/heads/master@{#34386}
The for-of-finalization CL incorrectly removed the input argument from
BuildIteratorClose. I'm reverting this, adding a regression test, and fixing an
existing test that was wrong.
BUG=
R=rossberg
Review URL: https://codereview.chromium.org/1750543002
Cr-Commit-Position: refs/heads/master@{#34384}
The code used to [[Get]] the first element twice instead of once, which can be
observed (one of the kangax tests does so).
R=rossberg
BUG=
Review URL: https://codereview.chromium.org/1747933002
Cr-Commit-Position: refs/heads/master@{#34383}
Reason for revert:
ARM64 GCStress failure
Original issue's description:
> [crankshaft] Inline hasOwnProperty when used in fast-case for-in
>
> e.g.,
>
> for (var k in o) {
> if (!o.hasOwnProperty(k)) continue;
> ...
> }
>
> without enumerable properties on the prototype chain of o.
>
> BUG=
>
> Committed: https://crrev.com/dec80752eb344dfeb85588e61ac0afd22b11aadb
> Cr-Commit-Position: refs/heads/master@{#34379}
TBR=bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1748143004
Cr-Commit-Position: refs/heads/master@{#34380}
e.g.,
for (var k in o) {
if (!o.hasOwnProperty(k)) continue;
...
}
without enumerable properties on the prototype chain of o.
BUG=
Review URL: https://codereview.chromium.org/1742253002
Cr-Commit-Position: refs/heads/master@{#34379}
Operations on word size data must be word sized, and not word32.
Currently this only generates worse code, but in the future, it
might even generate wrong code, so we should better get this right
from the beginning.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1748953004
Cr-Commit-Position: refs/heads/master@{#34378}
The only place in fullcodegen, where we know for sure that a for-in loop
entered the slow-path is right before the potential call to %ForInFilter.
So there's no point in also updating the mode eagerly during ForInPrepare.
R=yangguo@chromium.org
BUG=v8:3650
LOG=n
Review URL: https://codereview.chromium.org/1749033002
Cr-Commit-Position: refs/heads/master@{#34377}
This patch fixes %TypedArray%.from to follow the ES2016 draft spec
more precisely. Specifically, the input is first converted to an
ArrayLike, and then afterwards, the mapping function is run and the
results written into the TypedArray. This fixes a test262 test.
R=adamk
LOG=Y
BUG=v8:4782
Review URL: https://codereview.chromium.org/1743463004
Cr-Commit-Position: refs/heads/master@{#34373}
port d00da47b61462681b48e48bdff4a80a33da1a6d6(r34335)
original commit message:
The CompareICStub produces an untagged raw word value, which has to be
translated to true or false manually in the TurboFan code. But for lazy
bailout after the CompareIC, we immediately go back to fullcodegen or
Ignition with the raw value, to a location where both fullcodegen and
Ignition expect a boolean value, which might crash or in the worst case
(depending on the exact computation inside the CompareIC) could lead to
arbitrary memory access.
Short-term fix is to use the proper runtime functions (unified with the
interpreter now) for comparisons. Next task is to provide optimized
versions of these based on the CodeStubAssembler, which can then be used
via code stubs in TurboFan or directly in handlers in the interpreter.
BUG=
Review URL: https://codereview.chromium.org/1744923002
Cr-Commit-Position: refs/heads/master@{#34372}
Port fb59ea3334
Original commit message:
Since both null and undefined are also marked as undetectable now, we
can just test that bit instead of having the CompareNilIC try to collect
feedback to speed up the general case (without the undetectable bit
being used).
Drive-by-fix: Update the type system to match the new handling of
undetectable in the runtime.
R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1742333002
Cr-Commit-Position: refs/heads/master@{#34371}
The "each" slot is only actually used by ForIn, so this simply cleans
up a TODO of mine and removes an IsForOfStatement() call.
Review URL: https://codereview.chromium.org/1742013002
Cr-Commit-Position: refs/heads/master@{#34369}
This caused a runtime crash for Chrome built with clang on all
ChromeOs
arm32 platforms - ChromeOs chrome is using hardfp while this routine
returns false.
The fix is straightforward.
BUG=chromium:586219
TEST=built arm32 hardfp using clang and passed all tests.
LOG=N
Review URL: https://codereview.chromium.org/1733863002
Cr-Commit-Position: refs/heads/master@{#34367}
This is done by ensuring that the Arm64ClaimCSP instruction calls
AlignAndSetCSPForFrame when it's generated when the StackPointer() is set to
jssp.
LOG=N
Review URL: https://codereview.chromium.org/1746053002
Cr-Commit-Position: refs/heads/master@{#34365}
Rename the existing (patching) ToBooleanStub to ToBooleanICStub to match
our naming convention, and add a new TurboFan-powered ToBooleanStub,
which just does the ToBoolean conversion without any runtime call or
code patching, so we can use it for Ignition (and TurboFan).
Drive-by-fix: Add an Oddball::to_boolean field similar to the ones we
already have for to_string and to_number, so we don't need to actually
dispatch on the concrete Oddball at all.
R=epertoso@chromium.org, rmcilroy@chromium.org, yangguo@chromium.org
Review URL: https://codereview.chromium.org/1744163002
Cr-Commit-Position: refs/heads/master@{#34361}
Given that an additional map-check is inserted for function, we need to
check the underlying value.
BUG=
Review URL: https://codereview.chromium.org/1747753003
Cr-Commit-Position: refs/heads/master@{#34359}
This gets rid of the JavaScript wrapper. That way we can more quickly handle non-JSReceivers and indexed properties; and don't need to optimize the JavaScript wrapper either.
BUG=
Review URL: https://codereview.chromium.org/1742283002
Cr-Commit-Position: refs/heads/master@{#34356}
port fcb83f2015afe63449f7ab070558e0c7f2accb47(r34273)
original commit message:
This optimization does not give us much (see perf try bot results associated with this CL) but complicates things a lot. The main motivation is to avoid additional complexity in tail call optim
There are some pieces left in the deoptimizer, but I'll address this in a separate CL.
BUG=
Review URL: https://codereview.chromium.org/1750433002
Cr-Commit-Position: refs/heads/master@{#34353}
port 55b4df7357557eb16377ad9227e4e0a4224b7885(r34303)
original commit message:
Only use one set of %StrictEquals/%StrictNotEquals and
%Equals/%NotEquals runtime entries for both the interpreter
and the old-style CompareICStub. The long-term plan is to
update the CompareICStub to also return boolean values, and
even allow some more code sharing with the interpreter there.
BUG=
Review URL: https://codereview.chromium.org/1743123002
Cr-Commit-Position: refs/heads/master@{#34352}
Since both null and undefined are also marked as undetectable now, we
can just test that bit instead of having the CompareNilIC try to collect
feedback to speed up the general case (without the undetectable bit
being used).
Drive-by-fix: Update the type system to match the new handling of
undetectable in the runtime.
R=danno@chromium.org
Committed: https://crrev.com/666aec0348c8793e61c8633dee7ad29a514239ba
Cr-Commit-Position: refs/heads/master@{#34237}
Review URL: https://codereview.chromium.org/1722193002
Cr-Commit-Position: refs/heads/master@{#34344}
Port d00da47b61
Original commit message:
The CompareICStub produces an untagged raw word value, which has to be
translated to true or false manually in the TurboFan code. But for lazy
bailout after the CompareIC, we immediately go back to fullcodegen or
Ignition with the raw value, to a location where both fullcodegen and
Ignition expect a boolean value, which might crash or in the worst case
(depending on the exact computation inside the CompareIC) could lead to
arbitrary memory access.
Short-term fix is to use the proper runtime functions (unified with the
interpreter now) for comparisons. Next task is to provide optimized
versions of these based on the CodeStubAssembler, which can then be used
via code stubs in TurboFan or directly in handlers in the interpreter.
R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=v8:4788
LOG=n
Review URL: https://codereview.chromium.org/1745643002
Cr-Commit-Position: refs/heads/master@{#34341}
Reason for revert:
Original commit reverted.
Original issue's description:
> PPC: [compiler] Drop the CompareNilIC.
>
> Port 666aec0348
>
> Original commit message:
> Since both null and undefined are also marked as undetectable now, we
> can just test that bit instead of having the CompareNilIC try to collect
> feedback to speed up the general case (without the undetectable bit
> being used).
>
> Drive-by-fix: Update the type system to match the new handling of
> undetectable in the runtime.
>
> R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
> BUG=
>
> Committed: https://crrev.com/546ea6b8393a894f07597ade5ec1c7db02c1e425
> Cr-Commit-Position: refs/heads/master@{#34266}
TBR=bmeurer@chromium.org,joransiu@ca.ibm.com,jyan@ca.ibm.com,michael_dawson@ca.ibm.com
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=
Review URL: https://codereview.chromium.org/1736253003
Cr-Commit-Position: refs/heads/master@{#34340}
This reland fixes a bug by pulling properties off the utils object, so
that it can be garbage collected in nosnap builds.
Original commit message:
Intl has been somewhat of an oddball for how it integrates with V8.
One aspect is that it largely didn't use utils to install itself
into the snapshot, which led to some missing names, which new
test262 tests check for, and duplicated code. This patch brings
Intl a bit closer to how the rest of the builtins do things, though
not entirely as it is currently structured to do unusual things,
such as creating new constructors from JavaScript rather than C++.
New test262 tests check for some of the names that are added in
this patch.
R=adamk
CC=jshin
BUG=v8:4778
LOG=Y
Review URL: https://codereview.chromium.org/1745483002
Cr-Commit-Position: refs/heads/master@{#34337}
Port 3ef573e9f1
Original commit message:
Replace the somewhat awkward RestParamAccessStub, which would always
call into the runtime anyway with a proper FastNewRestParameterStub,
which is basically based on the code that was already there for strict
arguments object materialization. But for rest parameters we could
optimize even further (leading to 8-10x improvements for functions with
rest parameters), by fixing the internal formal parameter count:
Every SharedFunctionInfo has a formal_parameter_count field, which
specifies the number of formal parameters, and is used to decide whether
we need to create an arguments adaptor frame when calling a function
(i.e. if there's a mismatch between the actual and expected parameters).
Previously the formal_parameter_count included the rest parameter, which
was sort of unfortunate, as that meant that calling a function with only
the non-rest parameters still required an arguments adaptor (plus some
other oddities). Now with this CL we fix, so that we do no longer
include the rest parameter in that count. Thereby checking for rest
parameters is very efficient, as we only need to check whether there is
an arguments adaptor frame, and if not create an empty array, otherwise
check whether the arguments adaptor frame has more parameters than
specified by the formal_parameter_count.
The FastNewRestParameterStub is written in a way that it can be directly
used by Ignition as well, and with some tweaks to the TurboFan backends
and the CodeStubAssembler, we should be able to rewrite it as
TurboFanCodeStub in the near future.
Drive-by-fix: Refactor and unify the CreateArgumentsType which was
different in TurboFan and Ignition; now we have a single enum class
which is used in both TurboFan and Ignition.
TEST=test/mjsunit/harmony/destructuring, test/mjsunit/harmony/default-parameters,
test/mjsunit/harmony/default-parameters, test/mjsunit/es6/classes-subclass-builtins,
BUG=
Review URL: https://codereview.chromium.org/1734273003
Cr-Commit-Position: refs/heads/master@{#34336}
The CompareICStub produces an untagged raw word value, which has to be
translated to true or false manually in the TurboFan code. But for lazy
bailout after the CompareIC, we immediately go back to fullcodegen or
Ignition with the raw value, to a location where both fullcodegen and
Ignition expect a boolean value, which might crash or in the worst case
(depending on the exact computation inside the CompareIC) could lead to
arbitrary memory access.
Short-term fix is to use the proper runtime functions (unified with the
interpreter now) for comparisons. Next task is to provide optimized
versions of these based on the CodeStubAssembler, which can then be used
via code stubs in TurboFan or directly in handlers in the interpreter.
R=mstarzinger@chromium.org
BUG=v8:4788
LOG=n
Review URL: https://codereview.chromium.org/1738153002
Cr-Commit-Position: refs/heads/master@{#34335}
