The DataView constructor calls into C++ anyway, and is easier to deal
with this way, especially since we don't have the half initialized
object floating through JavaScript.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1712163002
Cr-Commit-Position: refs/heads/master@{#34145}
This CL also enhances a "tail-call-megatest" which now tests product of the following cases:
1) tail caller is inlined/not-inlined
2) tail callee is inlined/not-inlined
3) tail caller has an arguments adaptor frame above or not
4) tail callee has an arguments adaptor frame above or not
5) tail callee is a sloppy/strict/possibly eval/bound/proxy function
6) tail calling via normal call/function.apply/function.call
BUG=v8:4698
LOG=N
Review URL: https://codereview.chromium.org/1711863002
Cr-Commit-Position: refs/heads/master@{#34143}
In theory, we could connect the nodes when doing
the schedule-in-the-middle pass, but that would require creating two
versions of the operator (effectful and pure). I believe we do not
lose anything by wiring the node up eagerly.
Review URL: https://codereview.chromium.org/1709093002
Cr-Commit-Position: refs/heads/master@{#34141}
Reason for revert:
Failure keeps lurking around after the revert. I'll reland, sorry for the inconvenience!
Original issue's description:
> Revert of Sampling heap profiler data structure changes (patchset #10 id:180001 of https://codereview.chromium.org/1697903002/ )
>
> Reason for revert:
> [Sheriff] Speculative revert for cpu profiler crashes on chromebooks:
> https://build.chromium.org/p/client.v8/builders/V8%20Arm%20-%20debug/builds/549
> https://build.chromium.org/p/client.v8/builders/V8%20Arm%20-%20debug/builds/550
>
> Original issue's description:
> > Sampling heap profiler data structure changes
> >
> > Previously, the sampling heap profiler stored a list of samples and then
> > built a tree representation when the profile was queried by calling
> > GetAllocationProfile. This change reduces duplication by removing stacks
> > from all samples. Also, less information is stored in the tree
> > maintained by the profiler and remaining information (script name, line
> > no, etc) is resolved when a profile is requested.
> >
> > BUG=
> >
> > Committed: https://crrev.com/cdd55e2a3717723492d76f66810bf56b8de7f198
> > Cr-Commit-Position: refs/heads/master@{#34119}
>
> TBR=ofrobots@google.com,ulan@chromium.org,hpayer@chromium.org,mattloring@google.com
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=
>
> Committed: https://crrev.com/4578e52aefb8c4727742ce2e254613e482fdad1f
> Cr-Commit-Position: refs/heads/master@{#34128}
TBR=ofrobots@google.com,ulan@chromium.org,hpayer@chromium.org,mattloring@google.com
# Skipping CQ checks because original CL landed less than 1 days ago.
Review URL: https://codereview.chromium.org/1714493003
Cr-Commit-Position: refs/heads/master@{#34140}
This reducer doesn't really add value, because:
(a) it is only concerned with JSCallFunction and JSToNumber, but when
we get to it, all JSCallFunction nodes will have been replaced by
Call nodes, and in the not so far future, we will also have
replaced almost all JSToNumber nodes with better code,
(b) and the reducer tries to be smart and use one of the outermost
contexts, but that might not be beneficial always; actually it
might even create longer live ranges and lead to more spilling
in some cases.
But most importantly, the JSContextRelaxation currently blocks inlining
based on SharedFunctionInfo, because it requires the inliner to check
the native context, which in turn requires JSFunction knowledge. So I'm
removing this reducer for now to unblock the more important inliner
changes.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1715633002
Cr-Commit-Position: refs/heads/master@{#34139}
No need to limit JSCreate inlining to JS_OBJECT_TYPE, since we can
handle everything that the FastNewObjectStub can deal with. Also we
don't need to restrict the number of inobject properties, as that is
already taken care of by the runtime anyways (limited by the initial
slack for the constructor).
And last but not least, we can of course inline allocations for
subclasses as long as the new.target is a JSFunction and it's initial
map's constructor points back to the target (same condition as for
the FastNewObjectStub fast case).
R=jarin@chromium.org
BUG=v8:4493
LOG=n
Review URL: https://codereview.chromium.org/1711883003
Cr-Commit-Position: refs/heads/master@{#34138}
Move the already existing fast case for %NewObject into a dedicated
FastNewObjectStub that we can utilize in places where we would otherwise
fallback to %NewObject immediately, which is rather expensive.
Also use FastNewObjectStub as the generic implementation of JSCreate,
which should make constructor inlining based on SharedFunctionInfo (w/o
specializing to a concrete closure) viable soon.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1708313002
Cr-Commit-Position: refs/heads/master@{#34136}
Ideally the JSInliner should not be concerned with JSFunction's at all,
but only look at the SharedFunctionInfo. This reduces the uses of the
concrete closure to two remaining cases, which we plan to fix soonish
too.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1714803002
Cr-Commit-Position: refs/heads/master@{#34135}
port 55071954bc (r34114)
original commit message:
Frame slots indexes numbers are used more consistently for
computation in both TurboFan and Crankshaft. Specifically,
Crankshaft now uses frame slot indexes in LChunk, removing
the need for some special-case maths when building the
deoptimization translation table.
BUG=
Review URL: https://codereview.chromium.org/1714763002
Cr-Commit-Position: refs/heads/master@{#34134}
Various syntactic forms now cause functions to have names where they
didn't before. Per the upcoming changes to the toString spec, only
a name that was literally part of a function's expression or declaration
is meant to be reflected in toString. This also happens to be the same
set of names that V8 currently outputs (without the --harmony-function-name
flag).
This required distinguishing anonymous FunctionExpressions from other sorts
of function definitions (like methods and getters/setters) in the AST, parser,
and at runtime.
The patch also takes the opportunity to remove one more argument (and enum)
from FunctionLiteral, as well as adding a special factory method for the
case of a FunctionLiteral representing toplevel or eval'd code.
BUG=v8:4760
LOG=n
Review URL: https://codereview.chromium.org/1712833002
Cr-Commit-Position: refs/heads/master@{#34132}
In ES2015, Date.prototype.toGMTString is simply an alias of
Date.prototype.toUTCString, so it has the same identity as a function and
doesn't have its own name. Firefox has already shipped this behavior.
Previously, we copied JSC behavior by making it a separate function.
This change makes an addition test262 test pass.
BUG=v8:4708
LOG=Y
R=adamk
Review URL: https://codereview.chromium.org/1709373002
Cr-Commit-Position: refs/heads/master@{#34131}
Reason for revert:
See Domenic's comment on the V8 bug.
Original issue's description:
> Use displayName in Error.stack rendering if present.
>
> BUG=v8:4761
> LOG=y
>
> Committed: https://crrev.com/953874e974037e7e96ef282a7078760ccc905878
> Cr-Commit-Position: refs/heads/master@{#34105}
TBR=jochen@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4761
Review URL: https://codereview.chromium.org/1713663002
Cr-Commit-Position: refs/heads/master@{#34129}
Reason for revert:
[Sheriff] Speculative revert for cpu profiler crashes on chromebooks:
https://build.chromium.org/p/client.v8/builders/V8%20Arm%20-%20debug/builds/549https://build.chromium.org/p/client.v8/builders/V8%20Arm%20-%20debug/builds/550
Original issue's description:
> Sampling heap profiler data structure changes
>
> Previously, the sampling heap profiler stored a list of samples and then
> built a tree representation when the profile was queried by calling
> GetAllocationProfile. This change reduces duplication by removing stacks
> from all samples. Also, less information is stored in the tree
> maintained by the profiler and remaining information (script name, line
> no, etc) is resolved when a profile is requested.
>
> BUG=
>
> Committed: https://crrev.com/cdd55e2a3717723492d76f66810bf56b8de7f198
> Cr-Commit-Position: refs/heads/master@{#34119}
TBR=ofrobots@google.com,ulan@chromium.org,hpayer@chromium.org,mattloring@google.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1708363002
Cr-Commit-Position: refs/heads/master@{#34128}
This frees up one bit in FunctionKind, which I plan to make slightly
more syntactic info about functions available in SharedFunctionInfo
(needed for ES2015 Function.name support).
BUG=v8:3956, v8:4760
LOG=n
Review URL: https://codereview.chromium.org/1704223002
Cr-Commit-Position: refs/heads/master@{#34125}
I extended the Int64Lowering to lower calls, loads, stores, returns, and
parameters and apply the lowering on both the test function TF graph and
the WasmRunner TF graph.
The lowering of calls also requires an adjustment of the call descriptor.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1704033002
Cr-Commit-Position: refs/heads/master@{#34121}
Previously, the sampling heap profiler stored a list of samples and then
built a tree representation when the profile was queried by calling
GetAllocationProfile. This change reduces duplication by removing stacks
from all samples. Also, less information is stored in the tree
maintained by the profiler and remaining information (script name, line
no, etc) is resolved when a profile is requested.
BUG=
Review URL: https://codereview.chromium.org/1697903002
Cr-Commit-Position: refs/heads/master@{#34119}
Frame slots indexes numbers are used more consistently for
computation in both TurboFan and Crankshaft. Specifically,
Crankshaft now uses frame slot indexes in LChunk, removing
the need for some special-case maths when building the
deoptimization translation table.
LOG=N
R=mstarzinger@chromium.org
Committed: https://crrev.com/81423b84dbb2eaf7e1a57b0f6029fc8e643b4755
Cr-Commit-Position: refs/heads/master@{#34078}
Review URL: https://codereview.chromium.org/1702593002
Cr-Commit-Position: refs/heads/master@{#34114}
Moves the accumulator value on-heap to be restored in the
InterpreterNotifyDeopt handler rather than explicitly
setting the accumulator register. This allows it to be
materialized correctly if required.
BUG=v8:4678
LOG=N
Review URL: https://codereview.chromium.org/1707133003
Cr-Commit-Position: refs/heads/master@{#34113}
Implements iterator finalisation by desugaring for-of loops with an additional try-finally wrapper. See comment in parser.cc for details.
Also improved some AST printing facilities while there.
@Ross, I had to disable the bytecode generation test for for-of, because it got completely out of hand after this change (the new bytecode has 150+ lines). See the TODO that I assigned to you.
Patch set 1 is WIP patch by Georg (http://crrev.com/1695583003), patch set 2 relative changes.
@Georg, FYI, I changed the following:
- Moved try-finally out of the loop body, for performance, and in order to be able to handle `continue` correctly.
- Fixed scope management in ParseForStatement, which was the cause for the variable allocation failure.
- Fixed pre-existing zone initialisation bug in rewriter, which caused the crashes.
- Enabled all tests, adjusted a few others, added a couple more.
BUG=v8:2214
LOG=Y
Review URL: https://codereview.chromium.org/1695393003
Cr-Commit-Position: refs/heads/master@{#34111}
Unstructured control flow caused by excpetion leads to a wrong x87 FPU stack
state in TurboFan's exception handler.
This patch is to reset the x87 FPU stack state when calling the TurboFan's exception
handler from the CEntryStub.
BUG=
Review URL: https://codereview.chromium.org/1702383005
Cr-Commit-Position: refs/heads/master@{#34109}
In case when F inlined normal call to G which tail calls H we should not write translation for G for the tail call site.
Otherwise we will see G in a stack trace inside H.
This CL also adds a "megatest" which tests product of the following cases:
1) tail caller is inlined/not-inlined
2) tail callee is inlined/not-inlined
3) tail caller has an arguments adaptor frame above or not
4) tail callee has an arguments adaptor frame above or not
5) tail callee is a normal/bound/proxy function
Note that tests for not yet supported cases are not run for now.
BUG=v8:4698
LOG=N
Review URL: https://codereview.chromium.org/1709583002
Cr-Commit-Position: refs/heads/master@{#34108}
The BufferedRawMachineAssemblerTester caused problems for the
Int64Lowering. Instead we construct a TF graph now which is compiled by
Pipeline::GenerateCodeForTesting.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1702023002
Cr-Commit-Position: refs/heads/master@{#34107}
By short-cutting the DefineOwnProperty machinery similar to how ForceSet
does it, we should get a few cycles out of this heavily used API.
BUG=chromium:569668
R=verwaest@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1702353002
Cr-Commit-Position: refs/heads/master@{#34102}
port 32b4bc1382 (r34083)
original commit message:
This CL introduces two new bytecodes TailCall and TailCallWide.
BUG=
Review URL: https://codereview.chromium.org/1703233003
Cr-Commit-Position: refs/heads/master@{#34100}
This CL adds a TRACE_EVENT where there is an isolated LOG, a HistogramTimer
or a TimerEvent.
Once we have a d8 tracing controller, all TimerEvents will be removed since
they do not provide an added value over TRACE_EVENTs. HistogramTimers will
remain, but their functionality will be limited to Histograms only.
BUG=v8:4562
LOG=N
Review URL: https://codereview.chromium.org/1707563002
Cr-Commit-Position: refs/heads/master@{#34099}
We already have a proper abstraction for dealing with subclassable
builtins, namely JSObject::New, so we should use that instead of
inlining this rather complex code sequence multiple times.
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/1709563003
Cr-Commit-Position: refs/heads/master@{#34094}
This is not currently implemented in the simulator, just the assembler and
disassembler.
BUG=v8:4614
LOG=y
Review URL: https://codereview.chromium.org/1699173003
Cr-Commit-Position: refs/heads/master@{#34093}
This patch adds the newly added support for contexts in V8 Tracing, as well
as use it to mark all the entry points for a V8 Isolate.
BUG=v8:4565
LOG=N
Review URL: https://codereview.chromium.org/1686233002
Cr-Commit-Position: refs/heads/master@{#34092}
I replaced the hidden string with hidden_properties_symbol, so we don't
need the extra hash-check anymore. This is slightly faster anyway.
BUG=
Review URL: https://codereview.chromium.org/1707653003
Cr-Commit-Position: refs/heads/master@{#34086}
This intrinsic was only supported in fullcodegen, and is actually no
longer relevant for SunSpider peak performance it seems, so let's get
rid of it and maybe just implement Array.prototype.join with a fast
path at some point instead.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1708523002
Cr-Commit-Position: refs/heads/master@{#34084}
This CL introduces two new bytecodes TailCall and TailCallWide.
BUG=v8:4698,v8:4687
LOG=N
Review URL: https://codereview.chromium.org/1698273003
Cr-Commit-Position: refs/heads/master@{#34083}
This removes the CompilationInfo field from the BytecodeGraphBuilder
class. The intention is to reduce the risk of using uninitialized or
unavailable values from the CompilationInfo (e.g. values that are only
available after parsing).
R=rmcilroy@chromium.org
Review URL: https://codereview.chromium.org/1704913002
Cr-Commit-Position: refs/heads/master@{#34081}
There's no need to have inline platform code for this intrinsic, which
is only used when generating a descriptive string for an error, the
runtime call is just fine here.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1706743002
Cr-Commit-Position: refs/heads/master@{#34080}
Frame slots indexes numbers are used more consistently for
computation in both TurboFan and Crankshaft. Specifically,
Crankshaft now uses frame slot indexes in LChunk, removing
the need for some special-case maths when building the
deoptimization translation table.
LOG=N
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1702593002
Cr-Commit-Position: refs/heads/master@{#34078}
This removes the language mode parameter from all JSCall operators. The
information is no longer used anywhere and is not threaded through the
interpreter bytecode. We should only thread it through the bytecode if
it has a semantic impact on the compilation.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1709493002
Cr-Commit-Position: refs/heads/master@{#34073}
Everything that HCallStub does can easily be done using the more general
HCallWithDescriptor, so there's no need to have this dedicated
instruction around.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1705633004
Cr-Commit-Position: refs/heads/master@{#34072}
If sweeping is in progress then we need to filter out slots in free space after
array trimming, because the sweeper will add the free space into free list.
This CL also fixes a bug in SlotSet::RemoveRange.
BUG=chromium:587004
LOG=NO
TBR=hpayer@chromium.org
Review URL: https://codereview.chromium.org/1701963003
Cr-Commit-Position: refs/heads/master@{#34071}
There's no point in having the setup or the toString/valueOf methods in
JavaScript. The full setup can be done during bootstrapping when the
Boolean constructor is created, and the prototype methods don't benefit
from JS + %_ at all.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1701273003
Cr-Commit-Position: refs/heads/master@{#34068}
Port fd8fd05cc5
Original commit message:
This functionality is useful for stubs that need to walk the stack. The new
machine operator, LoadParentFramePointer doesn't force the currently compiling
method to have a frame in contrast to LoadFramePointer. Instead, it adapts
accordingly when frame elision is possible, making efficient stack walks
possible without incurring a performance penalty for small stubs that can
benefit from frame elision.
BUG=
Review URL: https://codereview.chromium.org/1701933003
Cr-Commit-Position: refs/heads/master@{#34066}
port fd8fd05cc5 (r34014)
original commit message:
This functionality is useful for stubs that need to walk the stack. The new
machine operator, LoadParentFramePointer dosn't force the currently compiling
method to have a frame in contrast to LoadFramePointer. Instead, it adapts
accordingly when frame elision is possible, making efficient stack walks
possible without incurring a performance penalty for small stubs that can
benefit from frame elision.
BUG=
Review URL: https://codereview.chromium.org/1705673002
Cr-Commit-Position: refs/heads/master@{#34064}
port e0129d0f87 (r33986)
original commit message:
Turn the fast case of ArgumentsAccessStub into a new stub
FastNewSloppyArgumentsStub, which is similar to the existing
FastNewStrictArgumentsStub, although not polished yet, and the slow
case always went to the runtime anyway, so we can just directly emit
a runtime call there.
BUG=
Review URL: https://codereview.chromium.org/1701983004
Cr-Commit-Position: refs/heads/master@{#34062}
CPU profiler probes stack frame to find if it's in a valid
state. Under simulator it might happen the frame is not
initialized and MSAN repors that. That's totally ok.
Suppress the warning.
BUG=v8:4751
LOG=N
Review URL: https://codereview.chromium.org/1700533003
Cr-Commit-Position: refs/heads/master@{#34061}
port 09d845354742a90fc0596262eb5cbaac169e5ed9(r33925)
original commit message:
The FastNewStrictArgumentsStub is very similar to the recently added
FastNewRestParameterStub, it's actually almost a copy of it, except that
it doesn't have the fast case we have for the empty rest parameter. This
patch improves strict arguments in TurboFan and fullcodegen by up to 10x
compared to the previous version.
Also introduce proper JSSloppyArgumentsObject and JSStrictArgumentsObject
for the in-object properties instead of having them as constants in the
Heap class.
Drive-by-fix: Use this stub and the FastNewRestParameterStub in the
interpreter to avoid the runtime call overhead for strict arguments
and rest parameter creation.
BUG=
Review URL: https://codereview.chromium.org/1706703002
Cr-Commit-Position: refs/heads/master@{#34055}
port e519e6fadfaf7242231f4dcb45910f60304e26fc(r33886)
original commit message:
1) Update profiling counters in Full codegen.
2) Call Runtime::kTraceTailCall when tracing is on
test/mjsunit/es6/tail-call-simple.js is disabled for now, because Turbofan does not fully support TCO yet.
BUG=
Review URL: https://codereview.chromium.org/1706673002
Cr-Commit-Position: refs/heads/master@{#34054}
Port fd8fd05cc5
Original commit message:
This functionality is useful for stubs that need to walk the stack. The new
machine operator, LoadParentFramePointer dosn't force the currently compiling
method to have a frame in contrast to LoadFramePointer. Instead, it adapts
accordingly when frame elision is possible, making efficient stack walks
possible without incurring a performance penalty for small stubs that can
benefit from frame elision.
R=danno@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1700323002
Cr-Commit-Position: refs/heads/master@{#34049}
This avoids spending lots of time in Scope::RemoveUnresolved for very long
variable declaration lists.
BUG=v8:4699
LOG=n
Review URL: https://codereview.chromium.org/1655313003
Cr-Commit-Position: refs/heads/master@{#34047}
Port 09d8453547
More fix after 3b980234c8
Original commit message:
The FastNewStrictArgumentsStub is very similar to the recently added
FastNewRestParameterStub, it's actually almost a copy of it, except that
it doesn't have the fast case we have for the empty rest parameter. This
patch improves strict arguments in TurboFan and fullcodegen by up to 10x
compared to the previous version.
Also introduce proper JSSloppyArgumentsObject and JSStrictArgumentsObject
for the in-object properties instead of having them as constants in the
Heap class.
Drive-by-fix: Use this stub and the FastNewRestParameterStub in the
interpreter to avoid the runtime call overhead for strict arguments
and rest parameter creation.
BUG=
Review URL: https://codereview.chromium.org/1699183002
Cr-Commit-Position: refs/heads/master@{#34043}
Various places assume that GetExpression returns the locals for a frame.
Modify InterpretedFrames such that GetExpression(0) returns the first
local, not the fixed parts of the interpreter frame.
BUG=v8:4690,v8:4680
LOG=N
Review URL: https://codereview.chromium.org/1697223003
Cr-Commit-Position: refs/heads/master@{#34040}
Reduces time for ConstantArrayBuilderTest.AllocateAllEntries from 21000ms to 106ms in
debug mode.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1696363002
Cr-Commit-Position: refs/heads/master@{#34038}
Drive-by-fix: Remove the (now) unused %_SetValueOf and %_JSValueGetValue
intrinsics from the various compilers and the runtime.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1698343002
Cr-Commit-Position: refs/heads/master@{#34037}
Replaces the push of the dispatch table on the interpreted stack frame with a
push of the bytecode array. This enables the debugger to replace the bytecode
array with a patched version containing breakpoints.
BUG=v8:4690
LOG=N
Review URL: https://codereview.chromium.org/1699013002
Cr-Commit-Position: refs/heads/master@{#34032}
This new class provides a unified interface for recording and iterating slots in store and slots buffers:
RememberedSet<OLD_TO_NEW>::Insert(page, slot);
RememberedSet<OLD_TO_OLD>::Insert(page, slot);
RememberedSet<OLD_TO_NEW>::Iterate(heap, callback);
RememberedSet<OLD_TO_OLD>::Iterate(heap, callback);
After this change the store buffer is responsible only for collecting slots from the generated code.
Subsequent CLs will remove the slots buffer.
BUG=chromium:578883
LOG=NO
Review URL: https://codereview.chromium.org/1683653002
Cr-Commit-Position: refs/heads/master@{#34031}
Before this CL, the context of the parent frame was used when deoptimizing a
stub failure rather than the context value passed to the stub itself. In order
to guarantee that the right context is passed to the runtime upon stub failure,
this CL adds the context explicitly to the stub's environment that's used to
compute the failure deoptimizing translations. The context can then be extracted
during deoptimization translation to ensure that the precise context that was
passed to the stub is also passed to the runtime.
R=jarin@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/1694183003
Cr-Commit-Position: refs/heads/master@{#34030}
Support SBFX in the instruction selector for sign-extension patterns like
Sar(Shl(x, a), b), where a and b are immediate values.
BUG=
Review URL: https://codereview.chromium.org/1695293002
Cr-Commit-Position: refs/heads/master@{#34029}
Reason for revert:
Tanks Mandreel-latency.
Original issue's description:
> Tweak type info threshold.
>
> Let the world know (if it cares) that this is the kind of
> silliness that JS engines have to partake in if they want
> to look good on Sunspider (this should give 5% overall).
>
> Committed: https://crrev.com/4f62af4234e8ad74abd8e4cd3e492f7727efc768
> Cr-Commit-Position: refs/heads/master@{#33866}
TBR=yangguo@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
Review URL: https://codereview.chromium.org/1699063002
Cr-Commit-Position: refs/heads/master@{#34027}
Before this fix, we always ended up calling Runtime_LoadPropertyWithInterceptor, which caused the performance regression reported in http://crbug.com/585764.
BUG=585764
LOG=y
Review URL: https://codereview.chromium.org/1699913002
Cr-Commit-Position: refs/heads/master@{#34025}
EnsureJSArrayWithWritableFastElements
Having several handles pointing to the backing store of an array that gets
left-trimmed might cause the gc to start marking a stale-handle still pointing
to the old backing-store start. By introducing a separate handle scope for
EnsureJSArrayWithWritableFastElements we avoid this issue. Additionally a
SLOW_DCHECK in Heap::LeftTrimFixedArray ensurse that there are no more than one
active handle pointing to the backing store.
BUG=chr:585787
LOG=n
Review URL: https://codereview.chromium.org/1699733003
Cr-Commit-Position: refs/heads/master@{#34022}
The LazyBailout operator (modelled as a nop-call) was introduced for
placing a deoptimization point into exception handlers. Now that we are
no longer re-entering lazy deoptimized code, the support can be removed.
R=jarin@chromium.org
BUG=v8:4195
LOG=n
Review URL: https://codereview.chromium.org/1697503002
Cr-Commit-Position: refs/heads/master@{#34020}
Reason for revert:
Seems to tank stuff.
Original issue's description:
> [turbofan] Combine GenericLoweringPhase and ChangeLoweringPhase.
>
> There's no need to use a dedicated ChangeLoweringPhase before we go to
> GenericLoweringPhase; instead that change lowering (which is really
> simplified lowering by now) should run together with generic lowering.
>
> R=jarin@chromium.org
>
> Committed: https://crrev.com/0835ed9caf44427755065eb45f9187678ec9844c
> Cr-Commit-Position: refs/heads/master@{#34008}
TBR=jarin@chromium.org,bmeurer@google.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1698273002
Cr-Commit-Position: refs/heads/master@{#34019}
Fixes a bug in Ignition on Arm64 where lr gets trashed in StaContextSlot
which causes the stack walker to get confused and crash.
BUG=v8:4680
LOG=N
Review URL: https://codereview.chromium.org/1694263002
Cr-Commit-Position: refs/heads/master@{#34016}
This was actually only necessary for dealing with %_Arguments and
%_ArgumentsLength in Crankshaft, which have been removed recently,
so there's no need to keep this piece of awesomeness around any
longer.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1695193003
Cr-Commit-Position: refs/heads/master@{#34015}
This functionality is useful for stubs that need to walk the stack. The new
machine operator, LoadParentFramePointer dosn't force the currently compiling
method to have a frame in contrast to LoadFramePointer. Instead, it adapts
accordingly when frame elision is possible, making efficient stack walks
possible without incurring a performance penalty for small stubs that can
benefit from frame elision.
R=bmeurer@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/1695313002
Cr-Commit-Position: refs/heads/master@{#34014}
port 4ff159bd28be36a39a1f8416cdf8fccafd3c2f95(r33880)
original commit message:
Add dedicated %LoadLookupSlot, %LoadLookupSlotInsideTypeof,
%LoadLookupSlotForCall, %StoreLookupSlot_Sloppy and
%StoreLookupSlot_Strict runtime entry points and use them
appropriately in the various compilers. This way we can
finally drop the machine operators from the JS graph level
completely in TurboFan.
Also drop the funky JSLoadDynamic operator from TurboFan,
which was by now just a small wrapper around the runtime
call to %LoadLookupSlot.
BUG=
Review URL: https://codereview.chromium.org/1694343002
Cr-Commit-Position: refs/heads/master@{#34012}
port d1c28849c77892ec74e58891aba44d5bfda8c0ba(r33873)
original commit message:
Moves InterpreterAssembler out of the compiler directory and into the
interpreter directory. Makes InterpreterAssembler as subclass of
CodeStubAssembler.
As part of this change, the special bytecode dispatch linkage type
is removed and instead we use a InterfaceDispatchDescriptor and
a normal CodeStub linkage type.
Removes a bunch of duplicated logic in InterpreterAssembler and
instead uses the CodeStubAssembler logic. Refactors Interpreter
with these changes.
Modifies CodeStubAssembler to add the extra operations required
by the Interpreter (extra call types, raw memory access and some extra
binary ops). Also adds the ability for subclasses to add extra
prologue and epilogue operations around calls, which is required
for the Interpreter.
BUG=
Review URL: https://codereview.chromium.org/1696263002
Cr-Commit-Position: refs/heads/master@{#34011}
There's no need to use a dedicated ChangeLoweringPhase before we go to
GenericLoweringPhase; instead that change lowering (which is really
simplified lowering by now) should run together with generic lowering.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1697133002
Cr-Commit-Position: refs/heads/master@{#34008}
Port 09d8453547
Original commit message:
The FastNewStrictArgumentsStub is very similar to the recently added
FastNewRestParameterStub, it's actually almost a copy of it, except that
it doesn't have the fast case we have for the empty rest parameter. This
patch improves strict arguments in TurboFan and fullcodegen by up to 10x
compared to the previous version.
Also introduce proper JSSloppyArgumentsObject and JSStrictArgumentsObject
for the in-object properties instead of having them as constants in the
Heap class.
Drive-by-fix: Use this stub and the FastNewRestParameterStub in the
interpreter to avoid the runtime call overhead for strict arguments
and rest parameter creation.
BUG=
Review URL: https://codereview.chromium.org/1698173002
Cr-Commit-Position: refs/heads/master@{#34003}
V8 tracks already most useful information, but lacks proper tracing scopes
that make it possible to distinguish certain events from each other.
- add trace-scope to track lazy-parsing due to optimization
- add trace-scope to track code optimization
BUG=
Review URL: https://codereview.chromium.org/1661883003
Cr-Commit-Position: refs/heads/master@{#34002}
The GraphTrimmer should not ever see a dead node, except for the roots
that are explicitly fed into it. To defend against this, turn the
condition into a DCHECK.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1698883003
Cr-Commit-Position: refs/heads/master@{#34001}
Eventually compiler.h might need to depend on the Pipeline to manage its
life cycle for concurrent recompilation, so we should not have the
cyclic include dependency here.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1698113002
Cr-Commit-Position: refs/heads/master@{#34000}
Harvesting maps from the stub cache for megamorphic ICs is both slow
(linear in the size of the stub cache) and imprecise (as it finds all
maps that have a cached handler for the given property name).
In the canonical megamorphic situation, this type feedback is useless
anyway. The interesting case is when we can filter it down to a single
map; however in these cases it is often possible to derive this map
just by looking at the HGraph, which is both faster and more reliable.
Review URL: https://codereview.chromium.org/1669213003
Cr-Commit-Position: refs/heads/master@{#33998}
for the special case where the same register is used as both left and
right input.
Review URL: https://codereview.chromium.org/1695283002
Cr-Commit-Position: refs/heads/master@{#33996}
Passing floating point params to/from C has never quite worked correctly,
but we've never enforced the restriction early in the CallDescriptor
creation process because of unittests. Fix unittests to make their own
simple call descriptors and not rely on the C ones.
R=bmeurer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1701593003
Cr-Commit-Position: refs/heads/master@{#33993}
Properly type String.prototype.concat, String.prototype.charCodeAt,
and String.prototype.toLowerCase/toUpperCase in TurboFan. Also assign
better type to %_StringCharFromCode.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1701673002
Cr-Commit-Position: refs/heads/master@{#33991}
Improve instruction selector for mask and shift operations by using cheaper
instructions where possible, in preference to UBFX.
Reverted because it was suspected of causing a couple of flaky tests to fail,
but investigation suggests this is unlikely.
Original review: https://codereview.chromium.org/1677023002
BUG=
Review URL: https://codereview.chromium.org/1684073006
Cr-Commit-Position: refs/heads/master@{#33988}
Turn the fast case of ArgumentsAccessStub into a new stub
FastNewSloppyArgumentsStub, which is similar to the existing
FastNewStrictArgumentsStub, although not polished yet, and the slow
case always went to the runtime anyway, so we can just directly emit
a runtime call there.
R=mstarzinger@chromium.org
Committed: https://crrev.com/55b0b4f6d572531eec00ab6ebd8f6feb7c584e04
Cr-Commit-Position: refs/heads/master@{#33973}
Review URL: https://codereview.chromium.org/1695633003
Cr-Commit-Position: refs/heads/master@{#33986}
port 5de27c343bbf898ca87246caa1e83e533ec44561(r33865)
original commit message:
Calls use registers for target, new_target and argument count.
We don't always respect argument count. It didn't bite us in the past
because the code paths where we clobbered it never used it, though
in future it could be an issue.
BUG=
Review URL: https://codereview.chromium.org/1698823002
Cr-Commit-Position: refs/heads/master@{#33984}
Add a section identifier for declaring a start function as an index into
the function table. (This could also be done as a decl flag on the
function, but don't feel strongly here, since we probably want to redo
this when adding an import/export section.)
The start function must accept no parameters. Its return value is
currently ignored.
R=binji@chromium.org,bradnelson@chromium.org
BUG=chromium:575167
LOG=Y
Review URL: https://codereview.chromium.org/1692173002
Cr-Commit-Position: refs/heads/master@{#33978}
Adds support for ES6 super keyword and performing loads, stores, and
calls to super class members.
Implements SetHomeObject and enables ThisFunctionVariable.
BUG=v8:4280,v8:4682
LOG=N
Review URL: https://codereview.chromium.org/1689573004
Cr-Commit-Position: refs/heads/master@{#33977}
This is mostly preparation for allowing the function closure to be materialized.
As a drive-by fix, I have added ignition source position support to the frame inspector (this fixed some ignition test failures).
Review URL: https://codereview.chromium.org/1698743002
Cr-Commit-Position: refs/heads/master@{#33975}
Initially we were unable to address certain stack slots in the callee
part of the frame, including the function marker, therefore we had to
hack a reload of the function register into the OSR prologue. Now that
we are able to address all stack slots, we no longer need this hack.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1666073002
Cr-Commit-Position: refs/heads/master@{#33974}
Turn the fast case of ArgumentsAccessStub into a new stub
FastNewSloppyArgumentsStub, which is similar to the existing
FastNewStrictArgumentsStub, although not polished yet, and the slow
case always went to the runtime anyway, so we can just directly emit
a runtime call there.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1695633003
Cr-Commit-Position: refs/heads/master@{#33973}
This adds initial support for inline allocation of object and array
literals to the JSCreateLowering pass. It's basically identical to
what Crankshaft does.
This also unstages the TurboFan escape analysis, as the lowering seems
to trigger a bunch of bugs in it; those bugs will be fixed separately,
and we will re-enable escape analysis afterwards.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1698783002
Cr-Commit-Position: refs/heads/master@{#33972}
port 3ef573e9f127345cd9d04d7f9f5e51bf169ae103(r33809)
original commit message:
Replace the somewhat awkward RestParamAccessStub, which would always
call into the runtime anyway with a proper FastNewRestParameterStub,
which is basically based on the code that was already there for strict
arguments object materialization. But for rest parameters we could
optimize even further (leading to 8-10x improvements for functions with
rest parameters), by fixing the internal formal parameter count:
Every SharedFunctionInfo has a formal_parameter_count field, which
specifies the number of formal parameters, and is used to decide whether
we need to create an arguments adaptor frame when calling a function
(i.e. if there's a mismatch between the actual and expected parameters).
Previously the formal_parameter_count included the rest parameter, which
was sort of unfortunate, as that meant that calling a function with only
the non-rest parameters still required an arguments adaptor (plus some
other oddities). Now with this CL we fix, so that we do no longer
include the rest parameter in that count. Thereby checking for rest
parameters is very efficient, as we only need to check whether there is
an arguments adaptor frame, and if not create an empty array, otherwise
check whether the arguments adaptor frame has more parameters than
specified by the formal_parameter_count.
The FastNewRestParameterStub is written in a way that it can be directly
used by Ignition as well, and with some tweaks to the TurboFan backends
and the CodeStubAssembler, we should be able to rewrite it as
TurboFanCodeStub in the near future.
Drive-by-fix: Refactor and unify the CreateArgumentsType which was
different in TurboFan and Ignition; now we have a single enum class
which is used in both TurboFan and Ignition.
BUG=
Review URL: https://codereview.chromium.org/1696063002
Cr-Commit-Position: refs/heads/master@{#33971}
port cfbd25617cfb8177bbb6377280e23ec356eb2373(r33857)
original commit message:
Preparing the young generation for (real) non-contiguous backing memory, this
change removes object masks that are used to compute containment in semi and new
space. The masks are replaced by lookups for object tags and page headers, where
possible.
Details:
- Use the fast checks (page header lookups) for containment in regular code.
- Use the slow version that masks out the page start adress and iterates all
pages of a space for debugging/verification.
- The slow version works for off-heap/unmapped memory.
- Encapsulate all checks for the old->new barrier in Heap::RecordWrite().
BUG=
Review URL: https://codereview.chromium.org/1698803002
Cr-Commit-Position: refs/heads/master@{#33970}
When we specialize to the native context, we can replace loads of the
NATIVE_CONTEXT_INDEX in any known context with the appropriate native
context for that context. This allows us to constant-fold and further
optimize things like %reflect_construct, which are inserted by the
parser.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1697513003
Cr-Commit-Position: refs/heads/master@{#33965}
Older versions of Emscripten appear to emit Asm.js containing:
HEAP8[x] with x in int
As opposed to the spec legal construct:
HEAP8[x>>0] with x in int
As older programs and even benchmarks such as Embenchen
include these constructs, support them for compatibility.
BUG= https://code.google.com/p/v8/issues/detail?id=4203
TEST=test-asm-validator,mjsunit/asm-wasm
R=aseemgarg@chromium.org,titzer@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/1692713006
Cr-Commit-Position: refs/heads/master@{#33964}
Port 09d8453547
Original commit message:
The FastNewStrictArgumentsStub is very similar to the recently added
FastNewRestParameterStub, it's actually almost a copy of it, except that
it doesn't have the fast case we have for the empty rest parameter. This
patch improves strict arguments in TurboFan and fullcodegen by up to 10x
compared to the previous version.
Also introduce proper JSSloppyArgumentsObject and JSStrictArgumentsObject
for the in-object properties instead of having them as constants in the
Heap class.
Drive-by-fix: Use this stub and the FastNewRestParameterStub in the
interpreter to avoid the runtime call overhead for strict arguments
and rest parameter creation.
R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1696743002
Cr-Commit-Position: refs/heads/master@{#33963}
This is hopefully the last in a series of cleanup patches around
destructuring assignment. It simplifies the ParseAssignmentExpression
API, making the callers call CheckDestructuringElement() where appropriate.
CheckDestructuringElement has been further simplified to only emit the
errors that the parser depends on it emitting.
I've also beefed up the test coverage in test-parsing.cc to
handling all the destructuring flags being on, which caught an oddity
in how we disallow initializers in spreads in patterns (we need to treat
RewritableAssignmentExpressions as Assignments for the purpose of
error checking).
Finally, I added a few helper methods to ParserBase to handle a few
classes of expressions (assignments and literals-as-patterns).
Review URL: https://codereview.chromium.org/1696603002
Cr-Commit-Position: refs/heads/master@{#33961}
This change expands allocation sampling to include old, map, code, and large object spaces. This involved refactoring much of the observation logic out of NewSpace into Space and overriding as needed in sub-classes.
Additionally, the sampling heap profiler now maintains a pair of heap observers. One observer is used for observing new space and resetting the inline allocation limit to be periodically notified of allocations. The other observes allocation across the other spaces where there is no additional work required to observe allocations.
Tests have been updated to ensure that allocations are observed correctly for Paged and LargeObject spaces.
R=ofrobots@google.com, hpayer@chromium.org, ulan@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1625753002
Cr-Commit-Position: refs/heads/master@{#33959}
Recent flake happened bacause all the samples landed into native code.
The patch makes sure we collect enough JS samples.
BUG=v8:4751
LOG=N
Review URL: https://codereview.chromium.org/1695663002
Cr-Commit-Position: refs/heads/master@{#33953}
Adds JumpIfNotHoleConstant and JumpIfNotHoleConstantWide bytecodes
and removes JumpIfHole bytecode.
In situations with large numbers of constants, the generator would
fail because an 8-bit constant could not be reserved for
JumpIfHole/JumpIfNotHole and so a 16-bit constant would be reserved.
Then when patching the bytecode the patcher would discover there was
no wide constant variant of the emitted jump.
BUG=v8:4280,v8:4680
LOG=N
Review URL: https://codereview.chromium.org/1697473002
Cr-Commit-Position: refs/heads/master@{#33952}
This avoids having to read the context and call through from the inlined
path in the JSReceiver case.
BUG=
Review URL: https://codereview.chromium.org/1698463002
Cr-Commit-Position: refs/heads/master@{#33949}
There are only two uses of %_ObjectEquals left, which should actually
use strict equality instead, so there's no need to keep this special
logic at all.
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/1692193002
Cr-Commit-Position: refs/heads/master@{#33948}
This removes support for the %Arguments and %ArgumentsLength runtime
entries and their intrinsic counterparts. If you need variable arguments
in any builtin, either use (strict) arguments object or rest parameters,
which are both compositional across inlining (in TurboFan), and not that
much slower compared to the %_Arguments hackery.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1688163004
Cr-Commit-Position: refs/heads/master@{#33943}
The idea here is to perform the handler lookup in the deoptimizer, and then take the information from the handler table to build the catch handler frame in the deoptimizer. Specifically, we use the pc offset, context location and stack height (in full-code) to tweak the output frame.
Sadly, this still requires nasty voodoo for the liveness analyzer so that it keeps variables alive if they are used in the catch handler.
Review URL: https://codereview.chromium.org/1416543006
Cr-Commit-Position: refs/heads/master@{#33936}
There's only one last user of %_Arguments and %_ArgumentsLength left,
the rest was updated to either strict mode arguments object or to not
use arguments at all.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1692003003
Cr-Commit-Position: refs/heads/master@{#33935}
This was causing code like:
REX.W cmpq r9,r8
setzl r8l
movzxbl r8,r8
REX.W cmpq r8,0x0
jz 185
(note the cmpq instead of cmpl above) on x64 instead of:
REX.W cmpq r9,r8
jnz 149
http://crrev.com/1677503002 is now obsolete and has been reverted.
Review URL: https://codereview.chromium.org/1685183003
Cr-Commit-Position: refs/heads/master@{#33934}
Reason for revert:
No fix needed, original CL was perfectly fine!
Original issue's description:
> Revert of [interpreter] Correctly thread through catch prediction. (patchset #1 id:1 of https://codereview.chromium.org/1690973002/ )
>
> Reason for revert:
> Depends on the reverted https://codereview.chromium.org/1691723002
>
> Original issue's description:
> > [interpreter] Correctly thread through catch prediction.
> >
> > This change correctly sets the {CatchPrediction} field in exception
> > handler tables for bytecode and optimized code. It also adds tests
> > independent of promise handling for this prediction, to ensure all our
> > backends are in sync on their prediction.
> >
> > R=rmcilroy@chromium.org,yangguo@chromium.org
> > TEST=mjsunit/compiler/debug-catch-prediction
> > BUG=v8:4674
> > LOG=n
> >
> > Committed: https://crrev.com/ba55f5594cb0b4a1a1e9b35d87fe54afe2d93f3b
> > Cr-Commit-Position: refs/heads/master@{#33906}
>
> TBR=rmcilroy@chromium.org,yangguo@chromium.org,mstarzinger@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:4674
>
> Committed: https://crrev.com/c5229b311968fd638a6cd537c341b1055eb7be97
> Cr-Commit-Position: refs/heads/master@{#33922}
TBR=rmcilroy@chromium.org,yangguo@chromium.org,adamk@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4674
Review URL: https://codereview.chromium.org/1689113004
Cr-Commit-Position: refs/heads/master@{#33933}
Reason for revert:
No fix needed, original CL was perfectly fine!
Original issue's description:
> Revert of [interpreter] Make d8's TryCatch block be verbose. (patchset #3 id:40001 of https://codereview.chromium.org/1691723002/ )
>
> Reason for revert:
> [Sheriff] Speculative revert. Breaks
> https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/3944
>
> Somehow 3a2fbc3a4e seems to hide it again and then 699e1081a6 lets it show up again.
>
> Reproduced locally.
>
> Original issue's description:
> > [interpreter] Make d8's TryCatch block be verbose.
> >
> > This changes "d8" to no longer report exceptions as being "caught" when
> > it comes to the catch prediction mechanism in our debugger. This treats
> > scripts as being truly top-level when it comes to exception handling and
> > will allow us to properly test the catch prediction mechanism using just
> > mjsunit tests alone.
> >
> > R=yangguo@chromium.org
> > BUG=v8:4674
> > LOG=n
> >
> > Committed: https://crrev.com/fb1de271a6bc2c89a1682db8c151cf5fcda86c45
> > Cr-Commit-Position: refs/heads/master@{#33898}
>
> TBR=yangguo@chromium.org,mstarzinger@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:4674
>
> Committed: https://crrev.com/f9eef1f33d2e5cde8cb948424e7ebf509090aa59
> Cr-Commit-Position: refs/heads/master@{#33921}
TBR=yangguo@chromium.org,machenbach@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4674
Review URL: https://codereview.chromium.org/1692133002
Cr-Commit-Position: refs/heads/master@{#33931}
The FastNewStrictArgumentsStub is very similar to the recently added
FastNewRestParameterStub, it's actually almost a copy of it, except that
it doesn't have the fast case we have for the empty rest parameter. This
patch improves strict arguments in TurboFan and fullcodegen by up to 10x
compared to the previous version.
Also introduce proper JSSloppyArgumentsObject and JSStrictArgumentsObject
for the in-object properties instead of having them as constants in the
Heap class.
Drive-by-fix: Use this stub and the FastNewRestParameterStub in the
interpreter to avoid the runtime call overhead for strict arguments
and rest parameter creation.
R=jarin@chromium.orgTBR=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1693513002
Cr-Commit-Position: refs/heads/master@{#33925}
Reason for revert:
Depends on the reverted https://codereview.chromium.org/1691723002
Original issue's description:
> [interpreter] Correctly thread through catch prediction.
>
> This change correctly sets the {CatchPrediction} field in exception
> handler tables for bytecode and optimized code. It also adds tests
> independent of promise handling for this prediction, to ensure all our
> backends are in sync on their prediction.
>
> R=rmcilroy@chromium.org,yangguo@chromium.org
> TEST=mjsunit/compiler/debug-catch-prediction
> BUG=v8:4674
> LOG=n
>
> Committed: https://crrev.com/ba55f5594cb0b4a1a1e9b35d87fe54afe2d93f3b
> Cr-Commit-Position: refs/heads/master@{#33906}
TBR=rmcilroy@chromium.org,yangguo@chromium.org,mstarzinger@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4674
Review URL: https://codereview.chromium.org/1695613002
Cr-Commit-Position: refs/heads/master@{#33922}
Reason for revert:
[Sheriff] Speculative revert. Breaks
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/3944
Somehow 3a2fbc3a4e seems to hide it again and then 699e1081a6 lets it show up again.
Reproduced locally.
Original issue's description:
> [interpreter] Make d8's TryCatch block be verbose.
>
> This changes "d8" to no longer report exceptions as being "caught" when
> it comes to the catch prediction mechanism in our debugger. This treats
> scripts as being truly top-level when it comes to exception handling and
> will allow us to properly test the catch prediction mechanism using just
> mjsunit tests alone.
>
> R=yangguo@chromium.org
> BUG=v8:4674
> LOG=n
>
> Committed: https://crrev.com/fb1de271a6bc2c89a1682db8c151cf5fcda86c45
> Cr-Commit-Position: refs/heads/master@{#33898}
TBR=yangguo@chromium.org,mstarzinger@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4674
Review URL: https://codereview.chromium.org/1694523003
Cr-Commit-Position: refs/heads/master@{#33921}
The path used by that option only comes into play when default parameters
are allowed but destructuring assignment is disallowed. Removing it
allows the removal of one implementation of ParseExpression, and makes
it clearer which code will be dead once all the destructuring flags
are removed.
Also made the |flags| param strongly typed instead of an int.
Review URL: https://codereview.chromium.org/1691653002
Cr-Commit-Position: refs/heads/master@{#33918}
This allows the helper to avoid write barriers while copying, speeding up Object.keys by 5-10%.
BUG=
Review URL: https://codereview.chromium.org/1690953002
Cr-Commit-Position: refs/heads/master@{#33916}
Several minor cleanups to error handling in expression parsing:
- Remove duplication of binding and assignment error reporting.
- RecordBindingPatternError calls are changed to shorter BindingPatternUnexpectedToken
calls where possible.
- No-op error recording calls are removed.
Review URL: https://codereview.chromium.org/1688833004
Cr-Commit-Position: refs/heads/master@{#33915}
This fact is depended upon by, at least, Parser::ParseLazy, and quite
likely by other code. There was already code in %FunctionSetName
enforcing this invariant. This patch adds similar code to
Factory::NewSharedFunctionInfo().
BUG=v8:4659
LOG=n
Review URL: https://codereview.chromium.org/1686193003
Cr-Commit-Position: refs/heads/master@{#33914}
Fixes a register-clobbering problem. The Branch() instruction can overwrite the 'at' register, so it can't be used as scratch in Allocate(). Added DCHECK to avoid this in the future.
BUG=
Review URL: https://codereview.chromium.org/1687173006
Cr-Commit-Position: refs/heads/master@{#33912}
Instead of doing a full function body traversal we collect return expressions and mark them after function parsing.
And since we rewrite do-expressions so that the result is explicitly assigned to a result variable the statements marking will never hit so I removed it from the AST.
BUG=v8:4698
LOG=N
Review URL: https://codereview.chromium.org/1693523002
Cr-Commit-Position: refs/heads/master@{#33911}
Apparently, this BytecodeArrayIterator method was missed during the
previous refactor. No other (collateral) change was done.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1691433002
Cr-Commit-Position: refs/heads/master@{#33909}
- Remove unused methods that we should never actually use like SetArea() or
set_size().
- Live bytes are now reported with --trace-live-bytes and not gc-verbose.
BUG=chromium:581076
LOG=N
Review URL: https://codereview.chromium.org/1686413002
Cr-Commit-Position: refs/heads/master@{#33908}
This replaces the bytecode in question with a runtime call within the
bytecode stream. The tradeoff is to safe one bytecode opcode for more
expensive encoding of lookup slot deletion.
R=rmcilroy@chromium.org
Review URL: https://codereview.chromium.org/1690913002
Cr-Commit-Position: refs/heads/master@{#33907}
This change correctly sets the {CatchPrediction} field in exception
handler tables for bytecode and optimized code. It also adds tests
independent of promise handling for this prediction, to ensure all our
backends are in sync on their prediction.
R=rmcilroy@chromium.org,yangguo@chromium.org
TEST=mjsunit/compiler/debug-catch-prediction
BUG=v8:4674
LOG=n
Review URL: https://codereview.chromium.org/1690973002
Cr-Commit-Position: refs/heads/master@{#33906}
By keeping track of the stack of counters we can properly subtract the
subcounter times and properly measure the own-time spent in each runtime
function. This is useful to get more details for builtins like HandleApiCall
which are typical top-level entries for chome which previously prevent
measurements of sub-calls to builtins/runtime functions.
BUG=
Review URL: https://codereview.chromium.org/1681943002
Cr-Commit-Position: refs/heads/master@{#33901}
Reason for revert:
[Sheriff] Breaks the tree:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20builder/builds/13892
Blamelists are wrong because of overloaded master. The trybots on this CL might have been outdated by the time of commit... Please rebase and retry.
Original issue's description:
> [Interpreter] Rename GetCountOperand to GetRegisterCountOperand.
>
> Apparently, this BytecodeArrayIterator method was missed during the
> previous refactor. No other (collateral) change was done.
>
> BUG=v8:4280
> LOG=N
>
> Committed: https://crrev.com/3781ca79f5c48b55d7f0bf6df370ec11515a1466
> Cr-Commit-Position: refs/heads/master@{#33897}
TBR=oth@chromium.org,rmcilroy@chromium.org,mstarzinger@chromium.org,ssanfilippo@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4280
Review URL: https://codereview.chromium.org/1690963002
Cr-Commit-Position: refs/heads/master@{#33900}
This changes "d8" to no longer report exceptions as being "caught" when
it comes to the catch prediction mechanism in our debugger. This treats
scripts as being truly top-level when it comes to exception handling and
will allow us to properly test the catch prediction mechanism using just
mjsunit tests alone.
R=yangguo@chromium.org
BUG=v8:4674
LOG=n
Review URL: https://codereview.chromium.org/1691723002
Cr-Commit-Position: refs/heads/master@{#33898}
Apparently, this BytecodeArrayIterator method was missed during the
previous refactor. No other (collateral) change was done.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1691433002
Cr-Commit-Position: refs/heads/master@{#33897}
In the case of a simple fast-mode receiver without fancy properties, we
can just walk over the descriptor array to find all its initial property
names. As long as the map stays the same, we can also use that
descriptor array to figure out how to handle the properties.
This speeds up
https://github.com/kpdecker/six-speed/tree/master/tests/object-assign by
~2x.
BUG=
Review URL: https://codereview.chromium.org/1688953004
Cr-Commit-Position: refs/heads/master@{#33895}
Saves and restores the dispatch pointer during calls to enable the debugger to
switch the dispatch table used by a function during it's execution.
Also moves the accumulator and context nodes to be Variables so that they will
be properly merged across branches.
BUG=v8:4280,v8:4690
LOG=N
Review URL: https://codereview.chromium.org/1684073002
Cr-Commit-Position: refs/heads/master@{#33894}
Additionally list C++ builtins as well under --runtime_call_stats.
Let's try to keep all counters in one place, that makes it a bit
easier to maintain and especially discard unused ones.
BUG=
Committed: https://crrev.com/6bc71431995d49d4ca4a2ea9c75e5add5f345225
Cr-Commit-Position: refs/heads/master@{#33847}
Review URL: https://codereview.chromium.org/1678973002
Cr-Commit-Position: refs/heads/master@{#33893}
This removes uses of JSFunction by the (proper) deoptimizer. This will be useful
when we escape analyze JSFunction away. Unfortunately, the debugger still needs
JSFunction, so escape analysis would not work yet.
Review URL: https://codereview.chromium.org/1686183003
Cr-Commit-Position: refs/heads/master@{#33891}
Reason for revert:
failing gc-stress tests
Original issue's description:
> Reland of [counters] moving runtime counters to counter.h (patchset #1 id:1 of https://codereview.chromium.org/1681923003/ )
>
> Reason for revert:
> This CL was not the cause for the TSAN failures, the instruction-selector backend for x64 emitted a wrong compare which accidentally showed up with tsan + code moves.
> The instruction-selectors changes have been reverted with https://codereview.chromium.org/1693433002
>
> Original issue's description:
> > Revert of [counters] moving runtime counters to counter.h (patchset #1 id:1 of https://codereview.chromium.org/1678973002/ )
> >
> > Reason for revert:
> > [Sheriff] Breaks TSAN:
> > https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20TSAN/builds/7727
> >
> > Original issue's description:
> > > [counters] moving runtime counters to counter.h
> > >
> > > Additionally list C++ builtins as well under --runtime_call_stats.
> > > Let's try to keep all counters in one place, that makes it a bit
> > > easier to maintain and especially discard unused ones.
> > >
> > > BUG=
> > >
> > > Committed: https://crrev.com/6bc71431995d49d4ca4a2ea9c75e5add5f345225
> > > Cr-Commit-Position: refs/heads/master@{#33847}
> >
> > TBR=jarin@chromium.org,cbruni@chromium.org
> > # Skipping CQ checks because original CL landed less than 1 days ago.
> > NOPRESUBMIT=true
> > NOTREECHECKS=true
> > NOTRY=true
> > BUG=
> >
> > Committed: https://crrev.com/2d669b96639517cfc33e6fc6d4c3814587bc7366
> > Cr-Commit-Position: refs/heads/master@{#33848}
>
> TBR=jarin@chromium.org,machenbach@chromium.org
> # Not skipping CQ checks because original CL landed more than 1 days ago.
> BUG=
>
> Committed: https://crrev.com/ad943fe44ede22b90b871e1233334dff5ff545c3
> Cr-Commit-Position: refs/heads/master@{#33887}
TBR=jarin@chromium.org,machenbach@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1687313002
Cr-Commit-Position: refs/heads/master@{#33889}
Reason for revert:
This CL was not the cause for the TSAN failures, the instruction-selector backend for x64 emitted a wrong compare which accidentally showed up with tsan + code moves.
The instruction-selectors changes have been reverted with https://codereview.chromium.org/1693433002
Original issue's description:
> Revert of [counters] moving runtime counters to counter.h (patchset #1 id:1 of https://codereview.chromium.org/1678973002/ )
>
> Reason for revert:
> [Sheriff] Breaks TSAN:
> https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20TSAN/builds/7727
>
> Original issue's description:
> > [counters] moving runtime counters to counter.h
> >
> > Additionally list C++ builtins as well under --runtime_call_stats.
> > Let's try to keep all counters in one place, that makes it a bit
> > easier to maintain and especially discard unused ones.
> >
> > BUG=
> >
> > Committed: https://crrev.com/6bc71431995d49d4ca4a2ea9c75e5add5f345225
> > Cr-Commit-Position: refs/heads/master@{#33847}
>
> TBR=jarin@chromium.org,cbruni@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=
>
> Committed: https://crrev.com/2d669b96639517cfc33e6fc6d4c3814587bc7366
> Cr-Commit-Position: refs/heads/master@{#33848}
TBR=jarin@chromium.org,machenbach@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=
Review URL: https://codereview.chromium.org/1688783005
Cr-Commit-Position: refs/heads/master@{#33887}
1) Update profiling counters in Full codegen.
2) Call Runtime::kTraceTailCall when tracing is on
test/mjsunit/es6/tail-call-simple.js is disabled for now, because Turbofan does not fully support TCO yet.
BUG=v8:4698
LOG=N
Review URL: https://codereview.chromium.org/1670133002
Cr-Commit-Position: refs/heads/master@{#33886}
This CL also removes tail call support made so far from Crankshaft.
BUG=v8:4698
LOG=N
Review URL: https://codereview.chromium.org/1683793004
Cr-Commit-Position: refs/heads/master@{#33885}
Reason for revert:
Code like the example given in the CL description was produced, for example, by code-stub-assembler.cc.
Reverting this, and try to fix the root cause instead.
Original issue's description:
> [turbofan] Fixes the code generation for branches on x64 when the condition is Word64Equal.
>
> Before:
>
> REX.W cmpq r9,r8
> setzl r8l
> movzxbl r8,r8
> REX.W cmpq r8,0x0
> jz 185
>
> After:
>
> REX.W cmpq r9,r8
> jnz 149
>
> Committed: https://crrev.com/75cc8352d06aada2e9131fdae793299ef73fb639
> Cr-Commit-Position: refs/heads/master@{#33784}
TBR=bmeurer@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
Review URL: https://codereview.chromium.org/1693433002
Cr-Commit-Position: refs/heads/master@{#33884}
JS_FRAME_FUNCTION can be expressed using the STACK_SLOT translation.
Review URL: https://codereview.chromium.org/1688023003
Cr-Commit-Position: refs/heads/master@{#33882}
There are a bunch of places in our builtins where we use %_Arguments and
%_ArgumentsLength for no good reason, as arguments object and/or rest
parameter is as good and performant in these cases. Now the only uses
of %_Arguments and %_ArgumentsLength left are in string.js, which
requires dedicated investigation.
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_dbg
R=yangguo@chromium.org
Committed: https://crrev.com/2160429fd458e3c095475e718c97f77ac90d906f
Cr-Commit-Position: refs/heads/master@{#33834}
Review URL: https://codereview.chromium.org/1678953004
Cr-Commit-Position: refs/heads/master@{#33881}
Add dedicated %LoadLookupSlot, %LoadLookupSlotInsideTypeof,
%LoadLookupSlotForCall, %StoreLookupSlot_Sloppy and
%StoreLookupSlot_Strict runtime entry points and use them
appropriately in the various compilers. This way we can
finally drop the machine operators from the JS graph level
completely in TurboFan.
Also drop the funky JSLoadDynamic operator from TurboFan,
which was by now just a small wrapper around the runtime
call to %LoadLookupSlot.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1683103002
Cr-Commit-Position: refs/heads/master@{#33880}
Port cfbd25617c
Original commit message:
Preparing the young generation for (real) non-contiguous backing memory, this
change removes object masks that are used to compute containment in semi and new
space. The masks are replaced by lookups for object tags and page headers, where
possible.
Details:
- Use the fast checks (page header lookups) for containment in regular code.
- Use the slow version that masks out the page start adress and iterates all
pages of a space for debugging/verification.
- The slow version works for off-heap/unmapped memory.
- Encapsulate all checks for the old->new barrier in Heap::RecordWrite().
R=mlippautz@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=chromium:581412
LOG=N
Review URL: https://codereview.chromium.org/1687113002
Cr-Commit-Position: refs/heads/master@{#33877}
Black allocation during scavenges will push objects on the marking deque that point to to-space. They should not be cleared.
BUG=chromium:561449
LOG=n
Review URL: https://codereview.chromium.org/1683983003
Cr-Commit-Position: refs/heads/master@{#33875}
The previous implementation used GetRawOperand(), which allows a nicely
unified handling of all scalar types, but returns an unsigned type.
Because of this, generate-bytecode-expectations couldn't properly handle
negative numbers.
This commit differentiate between different types of scalar operands and
uses the appropriate getter from i::interpreter::BytecodeArrayIterator,
thus correctly handling signed types where needed.
Two new helpers have been added to i::interpreter::Bytecodes:
* IsImmediateOperandType()
* IsIndexOperandType()
with the intuitive semantic.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1684113002
Cr-Commit-Position: refs/heads/master@{#33874}
Moves InterpreterAssembler out of the compiler directory and into the
interpreter directory. Makes InterpreterAssembler as subclass of
CodeStubAssembler.
As part of this change, the special bytecode dispatch linkage type
is removed and instead we use a InterfaceDispatchDescriptor and
a normal CodeStub linkage type.
Removes a bunch of duplicated logic in InterpreterAssembler and
instead uses the CodeStubAssembler logic. Refactors Interpreter
with these changes.
Modifies CodeStubAssembler to add the extra operations required
by the Interpreter (extra call types, raw memory access and some extra
binary ops). Also adds the ability for subclasses to add extra
prologue and epilogue operations around calls, which is required
for the Interpreter.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1673333004
Cr-Commit-Position: refs/heads/master@{#33873}
The break location heavily relies on relocation info. This change
abstracts that away. Currently there is only one implementation for
this interface, for JIT code. Future changes will introduce an
implementation to iterate bytecode arrays.
R=rmcilroy@chromium.org, vogelheim@chromium.org
BUG=v8:4690
LOG=N
Review URL: https://codereview.chromium.org/1682853003
Cr-Commit-Position: refs/heads/master@{#33869}
Let the world know (if it cares) that this is the kind of
silliness that JS engines have to partake in if they want
to look good on Sunspider (this should give 5% overall).
Review URL: https://codereview.chromium.org/1684093002
Cr-Commit-Position: refs/heads/master@{#33866}
Calls use registers for target, new_target and argument count.
We don't always respect argument count. It didn't bite us in the past
because the code paths where we clobbered it never used it, though
in future it could be an issue.
BUG=
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1683593003
Cr-Commit-Position: refs/heads/master@{#33865}
The field in question is only needed when the optimizing compiler is
triggered via OSR. All other paths (e.g. from bytecode stream) should
not rely on the unoptimized code being present.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1685633002
Cr-Commit-Position: refs/heads/master@{#33860}
If Array.from is passed an iterable, then it will copy the contents
to the newly created Array (or subclass). The iteration protocol here
includes calling IteratorClose if the loop is exited early due to an
exception thrown. This patch converts Array.from to use a for-of loop
rather than explicitly invoking the iteration protocol so that, when
IteratorClose is invoked on early for-of exit, then Array.from will
call IteratorClose in the appropriate case.
R=neis
LOG=Y
BUG=v8:4739
Review URL: https://codereview.chromium.org/1686433003
Cr-Commit-Position: refs/heads/master@{#33859}
Marking as undetectable makes abstract equality of null, undefined, and
other undetectable objects easier. Supporting it in the generic compare
IC significantly speeds up dynamic comparison between those values and
JSReceivers by not falling back to the runtime.
MIPS port contributed by Balazs Kilvady <balazs.kilvady@imgtec.com>
Review URL: https://codereview.chromium.org/1683643002
Cr-Commit-Position: refs/heads/master@{#33858}
Preparing the young generation for (real) non-contiguous backing memory, this
change removes object masks that are used to compute containment in semi and new
space. The masks are replaced by lookups for object tags and page headers, where
possible.
Details:
- Use the fast checks (page header lookups) for containment in regular code.
- Use the slow version that masks out the page start adress and iterates all
pages of a space for debugging/verification.
- The slow version works for off-heap/unmapped memory.
- Encapsulate all checks for the old->new barrier in Heap::RecordWrite().
BUG=chromium:581412
LOG=N
Review URL: https://codereview.chromium.org/1632913003
Cr-Commit-Position: refs/heads/master@{#33857}
This makes sure we can run through the TurboFan pipeline without having
to parse the source when using the bytecode stream as input. This path
is now being tested by the BytecodeGraphTester helper.
R=titzer@chromium.org,rmcilroy@chromium.org
Review URL: https://codereview.chromium.org/1679313002
Cr-Commit-Position: refs/heads/master@{#33856}
Fix JSLoadGlobal/JSStoreGlobal, JSLoadNamed/JSStoreNamed and
JSLoadProperty/JSStoreProperty to take the current function closure
instead of the type feedback as input, and load the feedback vector
from the closure as required (in JSGenericLowering). There's still
JSLoadDynamic left to be done, and then we don't have any machine
operators in the initial JS graph left.
There'll be more refactoring on the JSGenericLowering in a follow-up
CL, which takes care of the current code duplication and also tries
to use the more efficient LoadIC/KeyedLoadIC instead of the current
LoadICInOptimizedCode/KeyedLoadICInOptimizedCode (and same for store
ICs) whenever possible.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1683043002
Cr-Commit-Position: refs/heads/master@{#33854}
This threads the language mode from the bytecode to the node creation
site in the bytecode graph builder. It only adapts the places where such
threading is applicable without considering strong mode. The remaining
uses of the language mode accessors are only required because of strong
mode.
R=mythria@chromium.org
Review URL: https://codereview.chromium.org/1678103004
Cr-Commit-Position: refs/heads/master@{#33852}
Reason for revert:
Possibly causing Mozilla test failures - will investigate.
Original issue's description:
> [turbofan] ARM: Improve AND instruction selection
>
> Improve instruction selector for mask and shift operations by using cheaper
> instructions where possible, in preference to UBFX.
>
> BUG=
>
> Committed: https://crrev.com/53d9c12977f07f55b6f2a72128b8d02c4c857845
> Cr-Commit-Position: refs/heads/master@{#33843}
TBR=bmeurer@chromium.org,jarin@chromium.org,danno@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1681953003
Cr-Commit-Position: refs/heads/master@{#33850}
Instead of only sweeping a specific space, let tasks work together once they have
swept their corresponding space.
BUG=
Review URL: https://codereview.chromium.org/1678863002
Cr-Commit-Position: refs/heads/master@{#33849}
Additionally list C++ builtins as well under --runtime_call_stats.
Let's try to keep all counters in one place, that makes it a bit
easier to maintain and especially discard unused ones.
BUG=
Review URL: https://codereview.chromium.org/1678973002
Cr-Commit-Position: refs/heads/master@{#33847}
Improve instruction selector for mask and shift operations by using cheaper
instructions where possible, in preference to UBFX.
BUG=
Review URL: https://codereview.chromium.org/1677023002
Cr-Commit-Position: refs/heads/master@{#33843}
The function in question can already return an empty handle in the case
of failures. This makes that contract explicit by using MaybeHandle like
all other compiler API functions.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1590963002
Cr-Commit-Position: refs/heads/master@{#33839}
When doing advance at the start of an unanchored unicode regexp,
we do not have to care about surrogate pairs. If we actually advance
into the middle of a surrogate pair, the only choice is to also
consume trail surrogate as nothing else can match from there.
This reduces the emitted code slightly. By not having choice in the
loop, we do not have to push backtrack onto the stack, preventing
stack overflow.
R=erik.corry@gmail.com, erikcorry@chromium.org
Review URL: https://codereview.chromium.org/1676293003
Cr-Commit-Position: refs/heads/master@{#33838}
