EnsureJSArrayWithWritableFastElements
Having several handles pointing to the backing store of an array that gets
left-trimmed might cause the gc to start marking a stale-handle still pointing
to the old backing-store start. By introducing a separate handle scope for
EnsureJSArrayWithWritableFastElements we avoid this issue. Additionally a
SLOW_DCHECK in Heap::LeftTrimFixedArray ensurse that there are no more than one
active handle pointing to the backing store.
BUG=chr:585787
LOG=n
Review URL: https://codereview.chromium.org/1699733003
Cr-Commit-Position: refs/heads/master@{#34022}
The LazyBailout operator (modelled as a nop-call) was introduced for
placing a deoptimization point into exception handlers. Now that we are
no longer re-entering lazy deoptimized code, the support can be removed.
R=jarin@chromium.org
BUG=v8:4195
LOG=n
Review URL: https://codereview.chromium.org/1697503002
Cr-Commit-Position: refs/heads/master@{#34020}
Reason for revert:
Seems to tank stuff.
Original issue's description:
> [turbofan] Combine GenericLoweringPhase and ChangeLoweringPhase.
>
> There's no need to use a dedicated ChangeLoweringPhase before we go to
> GenericLoweringPhase; instead that change lowering (which is really
> simplified lowering by now) should run together with generic lowering.
>
> R=jarin@chromium.org
>
> Committed: https://crrev.com/0835ed9caf44427755065eb45f9187678ec9844c
> Cr-Commit-Position: refs/heads/master@{#34008}
TBR=jarin@chromium.org,bmeurer@google.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1698273002
Cr-Commit-Position: refs/heads/master@{#34019}
Fixes a bug in Ignition on Arm64 where lr gets trashed in StaContextSlot
which causes the stack walker to get confused and crash.
BUG=v8:4680
LOG=N
Review URL: https://codereview.chromium.org/1694263002
Cr-Commit-Position: refs/heads/master@{#34016}
This was actually only necessary for dealing with %_Arguments and
%_ArgumentsLength in Crankshaft, which have been removed recently,
so there's no need to keep this piece of awesomeness around any
longer.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1695193003
Cr-Commit-Position: refs/heads/master@{#34015}
This functionality is useful for stubs that need to walk the stack. The new
machine operator, LoadParentFramePointer dosn't force the currently compiling
method to have a frame in contrast to LoadFramePointer. Instead, it adapts
accordingly when frame elision is possible, making efficient stack walks
possible without incurring a performance penalty for small stubs that can
benefit from frame elision.
R=bmeurer@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/1695313002
Cr-Commit-Position: refs/heads/master@{#34014}
port 4ff159bd28be36a39a1f8416cdf8fccafd3c2f95(r33880)
original commit message:
Add dedicated %LoadLookupSlot, %LoadLookupSlotInsideTypeof,
%LoadLookupSlotForCall, %StoreLookupSlot_Sloppy and
%StoreLookupSlot_Strict runtime entry points and use them
appropriately in the various compilers. This way we can
finally drop the machine operators from the JS graph level
completely in TurboFan.
Also drop the funky JSLoadDynamic operator from TurboFan,
which was by now just a small wrapper around the runtime
call to %LoadLookupSlot.
BUG=
Review URL: https://codereview.chromium.org/1694343002
Cr-Commit-Position: refs/heads/master@{#34012}
port d1c28849c77892ec74e58891aba44d5bfda8c0ba(r33873)
original commit message:
Moves InterpreterAssembler out of the compiler directory and into the
interpreter directory. Makes InterpreterAssembler as subclass of
CodeStubAssembler.
As part of this change, the special bytecode dispatch linkage type
is removed and instead we use a InterfaceDispatchDescriptor and
a normal CodeStub linkage type.
Removes a bunch of duplicated logic in InterpreterAssembler and
instead uses the CodeStubAssembler logic. Refactors Interpreter
with these changes.
Modifies CodeStubAssembler to add the extra operations required
by the Interpreter (extra call types, raw memory access and some extra
binary ops). Also adds the ability for subclasses to add extra
prologue and epilogue operations around calls, which is required
for the Interpreter.
BUG=
Review URL: https://codereview.chromium.org/1696263002
Cr-Commit-Position: refs/heads/master@{#34011}
There's no need to use a dedicated ChangeLoweringPhase before we go to
GenericLoweringPhase; instead that change lowering (which is really
simplified lowering by now) should run together with generic lowering.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1697133002
Cr-Commit-Position: refs/heads/master@{#34008}
Port 09d8453547
Original commit message:
The FastNewStrictArgumentsStub is very similar to the recently added
FastNewRestParameterStub, it's actually almost a copy of it, except that
it doesn't have the fast case we have for the empty rest parameter. This
patch improves strict arguments in TurboFan and fullcodegen by up to 10x
compared to the previous version.
Also introduce proper JSSloppyArgumentsObject and JSStrictArgumentsObject
for the in-object properties instead of having them as constants in the
Heap class.
Drive-by-fix: Use this stub and the FastNewRestParameterStub in the
interpreter to avoid the runtime call overhead for strict arguments
and rest parameter creation.
BUG=
Review URL: https://codereview.chromium.org/1698173002
Cr-Commit-Position: refs/heads/master@{#34003}
V8 tracks already most useful information, but lacks proper tracing scopes
that make it possible to distinguish certain events from each other.
- add trace-scope to track lazy-parsing due to optimization
- add trace-scope to track code optimization
BUG=
Review URL: https://codereview.chromium.org/1661883003
Cr-Commit-Position: refs/heads/master@{#34002}
The GraphTrimmer should not ever see a dead node, except for the roots
that are explicitly fed into it. To defend against this, turn the
condition into a DCHECK.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1698883003
Cr-Commit-Position: refs/heads/master@{#34001}
Eventually compiler.h might need to depend on the Pipeline to manage its
life cycle for concurrent recompilation, so we should not have the
cyclic include dependency here.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1698113002
Cr-Commit-Position: refs/heads/master@{#34000}
Harvesting maps from the stub cache for megamorphic ICs is both slow
(linear in the size of the stub cache) and imprecise (as it finds all
maps that have a cached handler for the given property name).
In the canonical megamorphic situation, this type feedback is useless
anyway. The interesting case is when we can filter it down to a single
map; however in these cases it is often possible to derive this map
just by looking at the HGraph, which is both faster and more reliable.
Review URL: https://codereview.chromium.org/1669213003
Cr-Commit-Position: refs/heads/master@{#33998}
for the special case where the same register is used as both left and
right input.
Review URL: https://codereview.chromium.org/1695283002
Cr-Commit-Position: refs/heads/master@{#33996}
Passing floating point params to/from C has never quite worked correctly,
but we've never enforced the restriction early in the CallDescriptor
creation process because of unittests. Fix unittests to make their own
simple call descriptors and not rely on the C ones.
R=bmeurer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1701593003
Cr-Commit-Position: refs/heads/master@{#33993}
Properly type String.prototype.concat, String.prototype.charCodeAt,
and String.prototype.toLowerCase/toUpperCase in TurboFan. Also assign
better type to %_StringCharFromCode.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1701673002
Cr-Commit-Position: refs/heads/master@{#33991}
Improve instruction selector for mask and shift operations by using cheaper
instructions where possible, in preference to UBFX.
Reverted because it was suspected of causing a couple of flaky tests to fail,
but investigation suggests this is unlikely.
Original review: https://codereview.chromium.org/1677023002
BUG=
Review URL: https://codereview.chromium.org/1684073006
Cr-Commit-Position: refs/heads/master@{#33988}
Turn the fast case of ArgumentsAccessStub into a new stub
FastNewSloppyArgumentsStub, which is similar to the existing
FastNewStrictArgumentsStub, although not polished yet, and the slow
case always went to the runtime anyway, so we can just directly emit
a runtime call there.
R=mstarzinger@chromium.org
Committed: https://crrev.com/55b0b4f6d572531eec00ab6ebd8f6feb7c584e04
Cr-Commit-Position: refs/heads/master@{#33973}
Review URL: https://codereview.chromium.org/1695633003
Cr-Commit-Position: refs/heads/master@{#33986}
port 5de27c343bbf898ca87246caa1e83e533ec44561(r33865)
original commit message:
Calls use registers for target, new_target and argument count.
We don't always respect argument count. It didn't bite us in the past
because the code paths where we clobbered it never used it, though
in future it could be an issue.
BUG=
Review URL: https://codereview.chromium.org/1698823002
Cr-Commit-Position: refs/heads/master@{#33984}
Add a section identifier for declaring a start function as an index into
the function table. (This could also be done as a decl flag on the
function, but don't feel strongly here, since we probably want to redo
this when adding an import/export section.)
The start function must accept no parameters. Its return value is
currently ignored.
R=binji@chromium.org,bradnelson@chromium.org
BUG=chromium:575167
LOG=Y
Review URL: https://codereview.chromium.org/1692173002
Cr-Commit-Position: refs/heads/master@{#33978}
Adds support for ES6 super keyword and performing loads, stores, and
calls to super class members.
Implements SetHomeObject and enables ThisFunctionVariable.
BUG=v8:4280,v8:4682
LOG=N
Review URL: https://codereview.chromium.org/1689573004
Cr-Commit-Position: refs/heads/master@{#33977}
This is mostly preparation for allowing the function closure to be materialized.
As a drive-by fix, I have added ignition source position support to the frame inspector (this fixed some ignition test failures).
Review URL: https://codereview.chromium.org/1698743002
Cr-Commit-Position: refs/heads/master@{#33975}
Initially we were unable to address certain stack slots in the callee
part of the frame, including the function marker, therefore we had to
hack a reload of the function register into the OSR prologue. Now that
we are able to address all stack slots, we no longer need this hack.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1666073002
Cr-Commit-Position: refs/heads/master@{#33974}
Turn the fast case of ArgumentsAccessStub into a new stub
FastNewSloppyArgumentsStub, which is similar to the existing
FastNewStrictArgumentsStub, although not polished yet, and the slow
case always went to the runtime anyway, so we can just directly emit
a runtime call there.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1695633003
Cr-Commit-Position: refs/heads/master@{#33973}
This adds initial support for inline allocation of object and array
literals to the JSCreateLowering pass. It's basically identical to
what Crankshaft does.
This also unstages the TurboFan escape analysis, as the lowering seems
to trigger a bunch of bugs in it; those bugs will be fixed separately,
and we will re-enable escape analysis afterwards.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1698783002
Cr-Commit-Position: refs/heads/master@{#33972}
port 3ef573e9f127345cd9d04d7f9f5e51bf169ae103(r33809)
original commit message:
Replace the somewhat awkward RestParamAccessStub, which would always
call into the runtime anyway with a proper FastNewRestParameterStub,
which is basically based on the code that was already there for strict
arguments object materialization. But for rest parameters we could
optimize even further (leading to 8-10x improvements for functions with
rest parameters), by fixing the internal formal parameter count:
Every SharedFunctionInfo has a formal_parameter_count field, which
specifies the number of formal parameters, and is used to decide whether
we need to create an arguments adaptor frame when calling a function
(i.e. if there's a mismatch between the actual and expected parameters).
Previously the formal_parameter_count included the rest parameter, which
was sort of unfortunate, as that meant that calling a function with only
the non-rest parameters still required an arguments adaptor (plus some
other oddities). Now with this CL we fix, so that we do no longer
include the rest parameter in that count. Thereby checking for rest
parameters is very efficient, as we only need to check whether there is
an arguments adaptor frame, and if not create an empty array, otherwise
check whether the arguments adaptor frame has more parameters than
specified by the formal_parameter_count.
The FastNewRestParameterStub is written in a way that it can be directly
used by Ignition as well, and with some tweaks to the TurboFan backends
and the CodeStubAssembler, we should be able to rewrite it as
TurboFanCodeStub in the near future.
Drive-by-fix: Refactor and unify the CreateArgumentsType which was
different in TurboFan and Ignition; now we have a single enum class
which is used in both TurboFan and Ignition.
BUG=
Review URL: https://codereview.chromium.org/1696063002
Cr-Commit-Position: refs/heads/master@{#33971}
port cfbd25617cfb8177bbb6377280e23ec356eb2373(r33857)
original commit message:
Preparing the young generation for (real) non-contiguous backing memory, this
change removes object masks that are used to compute containment in semi and new
space. The masks are replaced by lookups for object tags and page headers, where
possible.
Details:
- Use the fast checks (page header lookups) for containment in regular code.
- Use the slow version that masks out the page start adress and iterates all
pages of a space for debugging/verification.
- The slow version works for off-heap/unmapped memory.
- Encapsulate all checks for the old->new barrier in Heap::RecordWrite().
BUG=
Review URL: https://codereview.chromium.org/1698803002
Cr-Commit-Position: refs/heads/master@{#33970}
When we specialize to the native context, we can replace loads of the
NATIVE_CONTEXT_INDEX in any known context with the appropriate native
context for that context. This allows us to constant-fold and further
optimize things like %reflect_construct, which are inserted by the
parser.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1697513003
Cr-Commit-Position: refs/heads/master@{#33965}
Older versions of Emscripten appear to emit Asm.js containing:
HEAP8[x] with x in int
As opposed to the spec legal construct:
HEAP8[x>>0] with x in int
As older programs and even benchmarks such as Embenchen
include these constructs, support them for compatibility.
BUG= https://code.google.com/p/v8/issues/detail?id=4203
TEST=test-asm-validator,mjsunit/asm-wasm
R=aseemgarg@chromium.org,titzer@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/1692713006
Cr-Commit-Position: refs/heads/master@{#33964}
Port 09d8453547
Original commit message:
The FastNewStrictArgumentsStub is very similar to the recently added
FastNewRestParameterStub, it's actually almost a copy of it, except that
it doesn't have the fast case we have for the empty rest parameter. This
patch improves strict arguments in TurboFan and fullcodegen by up to 10x
compared to the previous version.
Also introduce proper JSSloppyArgumentsObject and JSStrictArgumentsObject
for the in-object properties instead of having them as constants in the
Heap class.
Drive-by-fix: Use this stub and the FastNewRestParameterStub in the
interpreter to avoid the runtime call overhead for strict arguments
and rest parameter creation.
R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1696743002
Cr-Commit-Position: refs/heads/master@{#33963}
This is hopefully the last in a series of cleanup patches around
destructuring assignment. It simplifies the ParseAssignmentExpression
API, making the callers call CheckDestructuringElement() where appropriate.
CheckDestructuringElement has been further simplified to only emit the
errors that the parser depends on it emitting.
I've also beefed up the test coverage in test-parsing.cc to
handling all the destructuring flags being on, which caught an oddity
in how we disallow initializers in spreads in patterns (we need to treat
RewritableAssignmentExpressions as Assignments for the purpose of
error checking).
Finally, I added a few helper methods to ParserBase to handle a few
classes of expressions (assignments and literals-as-patterns).
Review URL: https://codereview.chromium.org/1696603002
Cr-Commit-Position: refs/heads/master@{#33961}
This change expands allocation sampling to include old, map, code, and large object spaces. This involved refactoring much of the observation logic out of NewSpace into Space and overriding as needed in sub-classes.
Additionally, the sampling heap profiler now maintains a pair of heap observers. One observer is used for observing new space and resetting the inline allocation limit to be periodically notified of allocations. The other observes allocation across the other spaces where there is no additional work required to observe allocations.
Tests have been updated to ensure that allocations are observed correctly for Paged and LargeObject spaces.
R=ofrobots@google.com, hpayer@chromium.org, ulan@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1625753002
Cr-Commit-Position: refs/heads/master@{#33959}
Recent flake happened bacause all the samples landed into native code.
The patch makes sure we collect enough JS samples.
BUG=v8:4751
LOG=N
Review URL: https://codereview.chromium.org/1695663002
Cr-Commit-Position: refs/heads/master@{#33953}
Adds JumpIfNotHoleConstant and JumpIfNotHoleConstantWide bytecodes
and removes JumpIfHole bytecode.
In situations with large numbers of constants, the generator would
fail because an 8-bit constant could not be reserved for
JumpIfHole/JumpIfNotHole and so a 16-bit constant would be reserved.
Then when patching the bytecode the patcher would discover there was
no wide constant variant of the emitted jump.
BUG=v8:4280,v8:4680
LOG=N
Review URL: https://codereview.chromium.org/1697473002
Cr-Commit-Position: refs/heads/master@{#33952}
This avoids having to read the context and call through from the inlined
path in the JSReceiver case.
BUG=
Review URL: https://codereview.chromium.org/1698463002
Cr-Commit-Position: refs/heads/master@{#33949}
There are only two uses of %_ObjectEquals left, which should actually
use strict equality instead, so there's no need to keep this special
logic at all.
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/1692193002
Cr-Commit-Position: refs/heads/master@{#33948}
This removes support for the %Arguments and %ArgumentsLength runtime
entries and their intrinsic counterparts. If you need variable arguments
in any builtin, either use (strict) arguments object or rest parameters,
which are both compositional across inlining (in TurboFan), and not that
much slower compared to the %_Arguments hackery.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1688163004
Cr-Commit-Position: refs/heads/master@{#33943}
The idea here is to perform the handler lookup in the deoptimizer, and then take the information from the handler table to build the catch handler frame in the deoptimizer. Specifically, we use the pc offset, context location and stack height (in full-code) to tweak the output frame.
Sadly, this still requires nasty voodoo for the liveness analyzer so that it keeps variables alive if they are used in the catch handler.
Review URL: https://codereview.chromium.org/1416543006
Cr-Commit-Position: refs/heads/master@{#33936}
There's only one last user of %_Arguments and %_ArgumentsLength left,
the rest was updated to either strict mode arguments object or to not
use arguments at all.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1692003003
Cr-Commit-Position: refs/heads/master@{#33935}
This was causing code like:
REX.W cmpq r9,r8
setzl r8l
movzxbl r8,r8
REX.W cmpq r8,0x0
jz 185
(note the cmpq instead of cmpl above) on x64 instead of:
REX.W cmpq r9,r8
jnz 149
http://crrev.com/1677503002 is now obsolete and has been reverted.
Review URL: https://codereview.chromium.org/1685183003
Cr-Commit-Position: refs/heads/master@{#33934}
Reason for revert:
No fix needed, original CL was perfectly fine!
Original issue's description:
> Revert of [interpreter] Correctly thread through catch prediction. (patchset #1 id:1 of https://codereview.chromium.org/1690973002/ )
>
> Reason for revert:
> Depends on the reverted https://codereview.chromium.org/1691723002
>
> Original issue's description:
> > [interpreter] Correctly thread through catch prediction.
> >
> > This change correctly sets the {CatchPrediction} field in exception
> > handler tables for bytecode and optimized code. It also adds tests
> > independent of promise handling for this prediction, to ensure all our
> > backends are in sync on their prediction.
> >
> > R=rmcilroy@chromium.org,yangguo@chromium.org
> > TEST=mjsunit/compiler/debug-catch-prediction
> > BUG=v8:4674
> > LOG=n
> >
> > Committed: https://crrev.com/ba55f5594cb0b4a1a1e9b35d87fe54afe2d93f3b
> > Cr-Commit-Position: refs/heads/master@{#33906}
>
> TBR=rmcilroy@chromium.org,yangguo@chromium.org,mstarzinger@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:4674
>
> Committed: https://crrev.com/c5229b311968fd638a6cd537c341b1055eb7be97
> Cr-Commit-Position: refs/heads/master@{#33922}
TBR=rmcilroy@chromium.org,yangguo@chromium.org,adamk@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4674
Review URL: https://codereview.chromium.org/1689113004
Cr-Commit-Position: refs/heads/master@{#33933}
Reason for revert:
No fix needed, original CL was perfectly fine!
Original issue's description:
> Revert of [interpreter] Make d8's TryCatch block be verbose. (patchset #3 id:40001 of https://codereview.chromium.org/1691723002/ )
>
> Reason for revert:
> [Sheriff] Speculative revert. Breaks
> https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/3944
>
> Somehow 3a2fbc3a4e seems to hide it again and then 699e1081a6 lets it show up again.
>
> Reproduced locally.
>
> Original issue's description:
> > [interpreter] Make d8's TryCatch block be verbose.
> >
> > This changes "d8" to no longer report exceptions as being "caught" when
> > it comes to the catch prediction mechanism in our debugger. This treats
> > scripts as being truly top-level when it comes to exception handling and
> > will allow us to properly test the catch prediction mechanism using just
> > mjsunit tests alone.
> >
> > R=yangguo@chromium.org
> > BUG=v8:4674
> > LOG=n
> >
> > Committed: https://crrev.com/fb1de271a6bc2c89a1682db8c151cf5fcda86c45
> > Cr-Commit-Position: refs/heads/master@{#33898}
>
> TBR=yangguo@chromium.org,mstarzinger@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:4674
>
> Committed: https://crrev.com/f9eef1f33d2e5cde8cb948424e7ebf509090aa59
> Cr-Commit-Position: refs/heads/master@{#33921}
TBR=yangguo@chromium.org,machenbach@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4674
Review URL: https://codereview.chromium.org/1692133002
Cr-Commit-Position: refs/heads/master@{#33931}
The FastNewStrictArgumentsStub is very similar to the recently added
FastNewRestParameterStub, it's actually almost a copy of it, except that
it doesn't have the fast case we have for the empty rest parameter. This
patch improves strict arguments in TurboFan and fullcodegen by up to 10x
compared to the previous version.
Also introduce proper JSSloppyArgumentsObject and JSStrictArgumentsObject
for the in-object properties instead of having them as constants in the
Heap class.
Drive-by-fix: Use this stub and the FastNewRestParameterStub in the
interpreter to avoid the runtime call overhead for strict arguments
and rest parameter creation.
R=jarin@chromium.orgTBR=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1693513002
Cr-Commit-Position: refs/heads/master@{#33925}
Reason for revert:
Depends on the reverted https://codereview.chromium.org/1691723002
Original issue's description:
> [interpreter] Correctly thread through catch prediction.
>
> This change correctly sets the {CatchPrediction} field in exception
> handler tables for bytecode and optimized code. It also adds tests
> independent of promise handling for this prediction, to ensure all our
> backends are in sync on their prediction.
>
> R=rmcilroy@chromium.org,yangguo@chromium.org
> TEST=mjsunit/compiler/debug-catch-prediction
> BUG=v8:4674
> LOG=n
>
> Committed: https://crrev.com/ba55f5594cb0b4a1a1e9b35d87fe54afe2d93f3b
> Cr-Commit-Position: refs/heads/master@{#33906}
TBR=rmcilroy@chromium.org,yangguo@chromium.org,mstarzinger@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4674
Review URL: https://codereview.chromium.org/1695613002
Cr-Commit-Position: refs/heads/master@{#33922}
Reason for revert:
[Sheriff] Speculative revert. Breaks
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/3944
Somehow 3a2fbc3a4e seems to hide it again and then 699e1081a6 lets it show up again.
Reproduced locally.
Original issue's description:
> [interpreter] Make d8's TryCatch block be verbose.
>
> This changes "d8" to no longer report exceptions as being "caught" when
> it comes to the catch prediction mechanism in our debugger. This treats
> scripts as being truly top-level when it comes to exception handling and
> will allow us to properly test the catch prediction mechanism using just
> mjsunit tests alone.
>
> R=yangguo@chromium.org
> BUG=v8:4674
> LOG=n
>
> Committed: https://crrev.com/fb1de271a6bc2c89a1682db8c151cf5fcda86c45
> Cr-Commit-Position: refs/heads/master@{#33898}
TBR=yangguo@chromium.org,mstarzinger@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4674
Review URL: https://codereview.chromium.org/1694523003
Cr-Commit-Position: refs/heads/master@{#33921}
The path used by that option only comes into play when default parameters
are allowed but destructuring assignment is disallowed. Removing it
allows the removal of one implementation of ParseExpression, and makes
it clearer which code will be dead once all the destructuring flags
are removed.
Also made the |flags| param strongly typed instead of an int.
Review URL: https://codereview.chromium.org/1691653002
Cr-Commit-Position: refs/heads/master@{#33918}
This allows the helper to avoid write barriers while copying, speeding up Object.keys by 5-10%.
BUG=
Review URL: https://codereview.chromium.org/1690953002
Cr-Commit-Position: refs/heads/master@{#33916}
Several minor cleanups to error handling in expression parsing:
- Remove duplication of binding and assignment error reporting.
- RecordBindingPatternError calls are changed to shorter BindingPatternUnexpectedToken
calls where possible.
- No-op error recording calls are removed.
Review URL: https://codereview.chromium.org/1688833004
Cr-Commit-Position: refs/heads/master@{#33915}
This fact is depended upon by, at least, Parser::ParseLazy, and quite
likely by other code. There was already code in %FunctionSetName
enforcing this invariant. This patch adds similar code to
Factory::NewSharedFunctionInfo().
BUG=v8:4659
LOG=n
Review URL: https://codereview.chromium.org/1686193003
Cr-Commit-Position: refs/heads/master@{#33914}
Fixes a register-clobbering problem. The Branch() instruction can overwrite the 'at' register, so it can't be used as scratch in Allocate(). Added DCHECK to avoid this in the future.
BUG=
Review URL: https://codereview.chromium.org/1687173006
Cr-Commit-Position: refs/heads/master@{#33912}
Instead of doing a full function body traversal we collect return expressions and mark them after function parsing.
And since we rewrite do-expressions so that the result is explicitly assigned to a result variable the statements marking will never hit so I removed it from the AST.
BUG=v8:4698
LOG=N
Review URL: https://codereview.chromium.org/1693523002
Cr-Commit-Position: refs/heads/master@{#33911}
Apparently, this BytecodeArrayIterator method was missed during the
previous refactor. No other (collateral) change was done.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1691433002
Cr-Commit-Position: refs/heads/master@{#33909}
- Remove unused methods that we should never actually use like SetArea() or
set_size().
- Live bytes are now reported with --trace-live-bytes and not gc-verbose.
BUG=chromium:581076
LOG=N
Review URL: https://codereview.chromium.org/1686413002
Cr-Commit-Position: refs/heads/master@{#33908}
This replaces the bytecode in question with a runtime call within the
bytecode stream. The tradeoff is to safe one bytecode opcode for more
expensive encoding of lookup slot deletion.
R=rmcilroy@chromium.org
Review URL: https://codereview.chromium.org/1690913002
Cr-Commit-Position: refs/heads/master@{#33907}
This change correctly sets the {CatchPrediction} field in exception
handler tables for bytecode and optimized code. It also adds tests
independent of promise handling for this prediction, to ensure all our
backends are in sync on their prediction.
R=rmcilroy@chromium.org,yangguo@chromium.org
TEST=mjsunit/compiler/debug-catch-prediction
BUG=v8:4674
LOG=n
Review URL: https://codereview.chromium.org/1690973002
Cr-Commit-Position: refs/heads/master@{#33906}
By keeping track of the stack of counters we can properly subtract the
subcounter times and properly measure the own-time spent in each runtime
function. This is useful to get more details for builtins like HandleApiCall
which are typical top-level entries for chome which previously prevent
measurements of sub-calls to builtins/runtime functions.
BUG=
Review URL: https://codereview.chromium.org/1681943002
Cr-Commit-Position: refs/heads/master@{#33901}
Reason for revert:
[Sheriff] Breaks the tree:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20builder/builds/13892
Blamelists are wrong because of overloaded master. The trybots on this CL might have been outdated by the time of commit... Please rebase and retry.
Original issue's description:
> [Interpreter] Rename GetCountOperand to GetRegisterCountOperand.
>
> Apparently, this BytecodeArrayIterator method was missed during the
> previous refactor. No other (collateral) change was done.
>
> BUG=v8:4280
> LOG=N
>
> Committed: https://crrev.com/3781ca79f5c48b55d7f0bf6df370ec11515a1466
> Cr-Commit-Position: refs/heads/master@{#33897}
TBR=oth@chromium.org,rmcilroy@chromium.org,mstarzinger@chromium.org,ssanfilippo@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4280
Review URL: https://codereview.chromium.org/1690963002
Cr-Commit-Position: refs/heads/master@{#33900}
This changes "d8" to no longer report exceptions as being "caught" when
it comes to the catch prediction mechanism in our debugger. This treats
scripts as being truly top-level when it comes to exception handling and
will allow us to properly test the catch prediction mechanism using just
mjsunit tests alone.
R=yangguo@chromium.org
BUG=v8:4674
LOG=n
Review URL: https://codereview.chromium.org/1691723002
Cr-Commit-Position: refs/heads/master@{#33898}
Apparently, this BytecodeArrayIterator method was missed during the
previous refactor. No other (collateral) change was done.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1691433002
Cr-Commit-Position: refs/heads/master@{#33897}
In the case of a simple fast-mode receiver without fancy properties, we
can just walk over the descriptor array to find all its initial property
names. As long as the map stays the same, we can also use that
descriptor array to figure out how to handle the properties.
This speeds up
https://github.com/kpdecker/six-speed/tree/master/tests/object-assign by
~2x.
BUG=
Review URL: https://codereview.chromium.org/1688953004
Cr-Commit-Position: refs/heads/master@{#33895}
Saves and restores the dispatch pointer during calls to enable the debugger to
switch the dispatch table used by a function during it's execution.
Also moves the accumulator and context nodes to be Variables so that they will
be properly merged across branches.
BUG=v8:4280,v8:4690
LOG=N
Review URL: https://codereview.chromium.org/1684073002
Cr-Commit-Position: refs/heads/master@{#33894}
Additionally list C++ builtins as well under --runtime_call_stats.
Let's try to keep all counters in one place, that makes it a bit
easier to maintain and especially discard unused ones.
BUG=
Committed: https://crrev.com/6bc71431995d49d4ca4a2ea9c75e5add5f345225
Cr-Commit-Position: refs/heads/master@{#33847}
Review URL: https://codereview.chromium.org/1678973002
Cr-Commit-Position: refs/heads/master@{#33893}
This removes uses of JSFunction by the (proper) deoptimizer. This will be useful
when we escape analyze JSFunction away. Unfortunately, the debugger still needs
JSFunction, so escape analysis would not work yet.
Review URL: https://codereview.chromium.org/1686183003
Cr-Commit-Position: refs/heads/master@{#33891}
Reason for revert:
failing gc-stress tests
Original issue's description:
> Reland of [counters] moving runtime counters to counter.h (patchset #1 id:1 of https://codereview.chromium.org/1681923003/ )
>
> Reason for revert:
> This CL was not the cause for the TSAN failures, the instruction-selector backend for x64 emitted a wrong compare which accidentally showed up with tsan + code moves.
> The instruction-selectors changes have been reverted with https://codereview.chromium.org/1693433002
>
> Original issue's description:
> > Revert of [counters] moving runtime counters to counter.h (patchset #1 id:1 of https://codereview.chromium.org/1678973002/ )
> >
> > Reason for revert:
> > [Sheriff] Breaks TSAN:
> > https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20TSAN/builds/7727
> >
> > Original issue's description:
> > > [counters] moving runtime counters to counter.h
> > >
> > > Additionally list C++ builtins as well under --runtime_call_stats.
> > > Let's try to keep all counters in one place, that makes it a bit
> > > easier to maintain and especially discard unused ones.
> > >
> > > BUG=
> > >
> > > Committed: https://crrev.com/6bc71431995d49d4ca4a2ea9c75e5add5f345225
> > > Cr-Commit-Position: refs/heads/master@{#33847}
> >
> > TBR=jarin@chromium.org,cbruni@chromium.org
> > # Skipping CQ checks because original CL landed less than 1 days ago.
> > NOPRESUBMIT=true
> > NOTREECHECKS=true
> > NOTRY=true
> > BUG=
> >
> > Committed: https://crrev.com/2d669b96639517cfc33e6fc6d4c3814587bc7366
> > Cr-Commit-Position: refs/heads/master@{#33848}
>
> TBR=jarin@chromium.org,machenbach@chromium.org
> # Not skipping CQ checks because original CL landed more than 1 days ago.
> BUG=
>
> Committed: https://crrev.com/ad943fe44ede22b90b871e1233334dff5ff545c3
> Cr-Commit-Position: refs/heads/master@{#33887}
TBR=jarin@chromium.org,machenbach@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1687313002
Cr-Commit-Position: refs/heads/master@{#33889}
Reason for revert:
This CL was not the cause for the TSAN failures, the instruction-selector backend for x64 emitted a wrong compare which accidentally showed up with tsan + code moves.
The instruction-selectors changes have been reverted with https://codereview.chromium.org/1693433002
Original issue's description:
> Revert of [counters] moving runtime counters to counter.h (patchset #1 id:1 of https://codereview.chromium.org/1678973002/ )
>
> Reason for revert:
> [Sheriff] Breaks TSAN:
> https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20TSAN/builds/7727
>
> Original issue's description:
> > [counters] moving runtime counters to counter.h
> >
> > Additionally list C++ builtins as well under --runtime_call_stats.
> > Let's try to keep all counters in one place, that makes it a bit
> > easier to maintain and especially discard unused ones.
> >
> > BUG=
> >
> > Committed: https://crrev.com/6bc71431995d49d4ca4a2ea9c75e5add5f345225
> > Cr-Commit-Position: refs/heads/master@{#33847}
>
> TBR=jarin@chromium.org,cbruni@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=
>
> Committed: https://crrev.com/2d669b96639517cfc33e6fc6d4c3814587bc7366
> Cr-Commit-Position: refs/heads/master@{#33848}
TBR=jarin@chromium.org,machenbach@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=
Review URL: https://codereview.chromium.org/1688783005
Cr-Commit-Position: refs/heads/master@{#33887}
1) Update profiling counters in Full codegen.
2) Call Runtime::kTraceTailCall when tracing is on
test/mjsunit/es6/tail-call-simple.js is disabled for now, because Turbofan does not fully support TCO yet.
BUG=v8:4698
LOG=N
Review URL: https://codereview.chromium.org/1670133002
Cr-Commit-Position: refs/heads/master@{#33886}
This CL also removes tail call support made so far from Crankshaft.
BUG=v8:4698
LOG=N
Review URL: https://codereview.chromium.org/1683793004
Cr-Commit-Position: refs/heads/master@{#33885}
Reason for revert:
Code like the example given in the CL description was produced, for example, by code-stub-assembler.cc.
Reverting this, and try to fix the root cause instead.
Original issue's description:
> [turbofan] Fixes the code generation for branches on x64 when the condition is Word64Equal.
>
> Before:
>
> REX.W cmpq r9,r8
> setzl r8l
> movzxbl r8,r8
> REX.W cmpq r8,0x0
> jz 185
>
> After:
>
> REX.W cmpq r9,r8
> jnz 149
>
> Committed: https://crrev.com/75cc8352d06aada2e9131fdae793299ef73fb639
> Cr-Commit-Position: refs/heads/master@{#33784}
TBR=bmeurer@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
Review URL: https://codereview.chromium.org/1693433002
Cr-Commit-Position: refs/heads/master@{#33884}
JS_FRAME_FUNCTION can be expressed using the STACK_SLOT translation.
Review URL: https://codereview.chromium.org/1688023003
Cr-Commit-Position: refs/heads/master@{#33882}
There are a bunch of places in our builtins where we use %_Arguments and
%_ArgumentsLength for no good reason, as arguments object and/or rest
parameter is as good and performant in these cases. Now the only uses
of %_Arguments and %_ArgumentsLength left are in string.js, which
requires dedicated investigation.
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_dbg
R=yangguo@chromium.org
Committed: https://crrev.com/2160429fd458e3c095475e718c97f77ac90d906f
Cr-Commit-Position: refs/heads/master@{#33834}
Review URL: https://codereview.chromium.org/1678953004
Cr-Commit-Position: refs/heads/master@{#33881}
Add dedicated %LoadLookupSlot, %LoadLookupSlotInsideTypeof,
%LoadLookupSlotForCall, %StoreLookupSlot_Sloppy and
%StoreLookupSlot_Strict runtime entry points and use them
appropriately in the various compilers. This way we can
finally drop the machine operators from the JS graph level
completely in TurboFan.
Also drop the funky JSLoadDynamic operator from TurboFan,
which was by now just a small wrapper around the runtime
call to %LoadLookupSlot.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1683103002
Cr-Commit-Position: refs/heads/master@{#33880}
Port cfbd25617c
Original commit message:
Preparing the young generation for (real) non-contiguous backing memory, this
change removes object masks that are used to compute containment in semi and new
space. The masks are replaced by lookups for object tags and page headers, where
possible.
Details:
- Use the fast checks (page header lookups) for containment in regular code.
- Use the slow version that masks out the page start adress and iterates all
pages of a space for debugging/verification.
- The slow version works for off-heap/unmapped memory.
- Encapsulate all checks for the old->new barrier in Heap::RecordWrite().
R=mlippautz@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=chromium:581412
LOG=N
Review URL: https://codereview.chromium.org/1687113002
Cr-Commit-Position: refs/heads/master@{#33877}
Black allocation during scavenges will push objects on the marking deque that point to to-space. They should not be cleared.
BUG=chromium:561449
LOG=n
Review URL: https://codereview.chromium.org/1683983003
Cr-Commit-Position: refs/heads/master@{#33875}
The previous implementation used GetRawOperand(), which allows a nicely
unified handling of all scalar types, but returns an unsigned type.
Because of this, generate-bytecode-expectations couldn't properly handle
negative numbers.
This commit differentiate between different types of scalar operands and
uses the appropriate getter from i::interpreter::BytecodeArrayIterator,
thus correctly handling signed types where needed.
Two new helpers have been added to i::interpreter::Bytecodes:
* IsImmediateOperandType()
* IsIndexOperandType()
with the intuitive semantic.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1684113002
Cr-Commit-Position: refs/heads/master@{#33874}
Moves InterpreterAssembler out of the compiler directory and into the
interpreter directory. Makes InterpreterAssembler as subclass of
CodeStubAssembler.
As part of this change, the special bytecode dispatch linkage type
is removed and instead we use a InterfaceDispatchDescriptor and
a normal CodeStub linkage type.
Removes a bunch of duplicated logic in InterpreterAssembler and
instead uses the CodeStubAssembler logic. Refactors Interpreter
with these changes.
Modifies CodeStubAssembler to add the extra operations required
by the Interpreter (extra call types, raw memory access and some extra
binary ops). Also adds the ability for subclasses to add extra
prologue and epilogue operations around calls, which is required
for the Interpreter.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1673333004
Cr-Commit-Position: refs/heads/master@{#33873}
The break location heavily relies on relocation info. This change
abstracts that away. Currently there is only one implementation for
this interface, for JIT code. Future changes will introduce an
implementation to iterate bytecode arrays.
R=rmcilroy@chromium.org, vogelheim@chromium.org
BUG=v8:4690
LOG=N
Review URL: https://codereview.chromium.org/1682853003
Cr-Commit-Position: refs/heads/master@{#33869}
Let the world know (if it cares) that this is the kind of
silliness that JS engines have to partake in if they want
to look good on Sunspider (this should give 5% overall).
Review URL: https://codereview.chromium.org/1684093002
Cr-Commit-Position: refs/heads/master@{#33866}
Calls use registers for target, new_target and argument count.
We don't always respect argument count. It didn't bite us in the past
because the code paths where we clobbered it never used it, though
in future it could be an issue.
BUG=
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1683593003
Cr-Commit-Position: refs/heads/master@{#33865}
The field in question is only needed when the optimizing compiler is
triggered via OSR. All other paths (e.g. from bytecode stream) should
not rely on the unoptimized code being present.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1685633002
Cr-Commit-Position: refs/heads/master@{#33860}
If Array.from is passed an iterable, then it will copy the contents
to the newly created Array (or subclass). The iteration protocol here
includes calling IteratorClose if the loop is exited early due to an
exception thrown. This patch converts Array.from to use a for-of loop
rather than explicitly invoking the iteration protocol so that, when
IteratorClose is invoked on early for-of exit, then Array.from will
call IteratorClose in the appropriate case.
R=neis
LOG=Y
BUG=v8:4739
Review URL: https://codereview.chromium.org/1686433003
Cr-Commit-Position: refs/heads/master@{#33859}
Marking as undetectable makes abstract equality of null, undefined, and
other undetectable objects easier. Supporting it in the generic compare
IC significantly speeds up dynamic comparison between those values and
JSReceivers by not falling back to the runtime.
MIPS port contributed by Balazs Kilvady <balazs.kilvady@imgtec.com>
Review URL: https://codereview.chromium.org/1683643002
Cr-Commit-Position: refs/heads/master@{#33858}
Preparing the young generation for (real) non-contiguous backing memory, this
change removes object masks that are used to compute containment in semi and new
space. The masks are replaced by lookups for object tags and page headers, where
possible.
Details:
- Use the fast checks (page header lookups) for containment in regular code.
- Use the slow version that masks out the page start adress and iterates all
pages of a space for debugging/verification.
- The slow version works for off-heap/unmapped memory.
- Encapsulate all checks for the old->new barrier in Heap::RecordWrite().
BUG=chromium:581412
LOG=N
Review URL: https://codereview.chromium.org/1632913003
Cr-Commit-Position: refs/heads/master@{#33857}
This makes sure we can run through the TurboFan pipeline without having
to parse the source when using the bytecode stream as input. This path
is now being tested by the BytecodeGraphTester helper.
R=titzer@chromium.org,rmcilroy@chromium.org
Review URL: https://codereview.chromium.org/1679313002
Cr-Commit-Position: refs/heads/master@{#33856}
Fix JSLoadGlobal/JSStoreGlobal, JSLoadNamed/JSStoreNamed and
JSLoadProperty/JSStoreProperty to take the current function closure
instead of the type feedback as input, and load the feedback vector
from the closure as required (in JSGenericLowering). There's still
JSLoadDynamic left to be done, and then we don't have any machine
operators in the initial JS graph left.
There'll be more refactoring on the JSGenericLowering in a follow-up
CL, which takes care of the current code duplication and also tries
to use the more efficient LoadIC/KeyedLoadIC instead of the current
LoadICInOptimizedCode/KeyedLoadICInOptimizedCode (and same for store
ICs) whenever possible.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1683043002
Cr-Commit-Position: refs/heads/master@{#33854}
This threads the language mode from the bytecode to the node creation
site in the bytecode graph builder. It only adapts the places where such
threading is applicable without considering strong mode. The remaining
uses of the language mode accessors are only required because of strong
mode.
R=mythria@chromium.org
Review URL: https://codereview.chromium.org/1678103004
Cr-Commit-Position: refs/heads/master@{#33852}
Reason for revert:
Possibly causing Mozilla test failures - will investigate.
Original issue's description:
> [turbofan] ARM: Improve AND instruction selection
>
> Improve instruction selector for mask and shift operations by using cheaper
> instructions where possible, in preference to UBFX.
>
> BUG=
>
> Committed: https://crrev.com/53d9c12977f07f55b6f2a72128b8d02c4c857845
> Cr-Commit-Position: refs/heads/master@{#33843}
TBR=bmeurer@chromium.org,jarin@chromium.org,danno@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1681953003
Cr-Commit-Position: refs/heads/master@{#33850}
Instead of only sweeping a specific space, let tasks work together once they have
swept their corresponding space.
BUG=
Review URL: https://codereview.chromium.org/1678863002
Cr-Commit-Position: refs/heads/master@{#33849}
Additionally list C++ builtins as well under --runtime_call_stats.
Let's try to keep all counters in one place, that makes it a bit
easier to maintain and especially discard unused ones.
BUG=
Review URL: https://codereview.chromium.org/1678973002
Cr-Commit-Position: refs/heads/master@{#33847}
Improve instruction selector for mask and shift operations by using cheaper
instructions where possible, in preference to UBFX.
BUG=
Review URL: https://codereview.chromium.org/1677023002
Cr-Commit-Position: refs/heads/master@{#33843}
The function in question can already return an empty handle in the case
of failures. This makes that contract explicit by using MaybeHandle like
all other compiler API functions.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1590963002
Cr-Commit-Position: refs/heads/master@{#33839}
When doing advance at the start of an unanchored unicode regexp,
we do not have to care about surrogate pairs. If we actually advance
into the middle of a surrogate pair, the only choice is to also
consume trail surrogate as nothing else can match from there.
This reduces the emitted code slightly. By not having choice in the
loop, we do not have to push backtrack onto the stack, preventing
stack overflow.
R=erik.corry@gmail.com, erikcorry@chromium.org
Review URL: https://codereview.chromium.org/1676293003
Cr-Commit-Position: refs/heads/master@{#33838}
This is a temporary workaround for bytecodes which are not guaranteed
to actually use the frame states being created for them. One example
for this are runtime calls to intrinsics, or to runtime functions for
which the frame state count is zero in Linkage::FrameStateInputCount.
This will eventually be reworked into a more generic mechanism that
attaches frame states in the BytecodeGraphBuilder::VisitBytecodes
iteration method itself, instead of in the individual visitors.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1676293002
Cr-Commit-Position: refs/heads/master@{#33836}
Reason for revert:
Breaks tree
Original issue's description:
> [builtins] Remove bunch of uses of %_Arguments and %_ArgumentsLength.
>
> There are a bunch of places in our builtins where we use %_Arguments and
> %_ArgumentsLength for no good reason, as arguments object and/or rest
> parameter is as good and performant in these cases. Now the only uses
> of %_Arguments and %_ArgumentsLength left are in string.js, which
> requires dedicated investigation.
>
> R=yangguo@chromium.org
>
> Committed: https://crrev.com/2160429fd458e3c095475e718c97f77ac90d906f
> Cr-Commit-Position: refs/heads/master@{#33834}
TBR=yangguo@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1677063005
Cr-Commit-Position: refs/heads/master@{#33835}
There are a bunch of places in our builtins where we use %_Arguments and
%_ArgumentsLength for no good reason, as arguments object and/or rest
parameter is as good and performant in these cases. Now the only uses
of %_Arguments and %_ArgumentsLength left are in string.js, which
requires dedicated investigation.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1678953004
Cr-Commit-Position: refs/heads/master@{#33834}
By now only the default %TypedArray%.prototype.sort compare function
and the JS implementation of SameValueZero were still using the odd
%_IsMinusZero intrinsic, whose semantics both included a number check
(actually HeapNumber test) plus testing if the heap number stores the
special -0 value. In both cases we already know that we deal with
number so we can reduce it to a simple number test for -0, which can
be expressed via dividing 1 by that value and checking the sign of
the result. In case of the compare function, we can be even smarter
and work with the reciprocal values in case x and y are equal to 0
(although long term we should probably rewrite the fast case for
the typed array sorting function in C++ anyway, which will be way,
way faster than our handwritten callback-style, type-feedback
polluted JS implementation).
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1680783002
Cr-Commit-Position: refs/heads/master@{#33833}
Port 3ef573e9f1
Original commit message:
Replace the somewhat awkward RestParamAccessStub, which would always
call into the runtime anyway with a proper FastNewRestParameterStub,
which is basically based on the code that was already there for strict
arguments object materialization. But for rest parameters we could
optimize even further (leading to 8-10x improvements for functions with
rest parameters), by fixing the internal formal parameter count:
Every SharedFunctionInfo has a formal_parameter_count field, which
specifies the number of formal parameters, and is used to decide whether
we need to create an arguments adaptor frame when calling a function
(i.e. if there's a mismatch between the actual and expected parameters).
Previously the formal_parameter_count included the rest parameter, which
was sort of unfortunate, as that meant that calling a function with only
the non-rest parameters still required an arguments adaptor (plus some
other oddities). Now with this CL we fix, so that we do no longer
include the rest parameter in that count. Thereby checking for rest
parameters is very efficient, as we only need to check whether there is
an arguments adaptor frame, and if not create an empty array, otherwise
check whether the arguments adaptor frame has more parameters than
specified by the formal_parameter_count.
The FastNewRestParameterStub is written in a way that it can be directly
used by Ignition as well, and with some tweaks to the TurboFan backends
and the CodeStubAssembler, we should be able to rewrite it as
TurboFanCodeStub in the near future.
Drive-by-fix: Refactor and unify the CreateArgumentsType which was
different in TurboFan and Ignition; now we have a single enum class
xwhich is used in both TurboFan and Ignition.
R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=v8:2159
LOG=n
Review URL: https://codereview.chromium.org/1677223002
Cr-Commit-Position: refs/heads/master@{#33829}
This patch moves Symbol.species support to the "experimental JavaScript
features" flag. While @@species is still a performance hit, it doesn't seem
like it would make the web unusably slow; shipping would still have to
wait on fixing the performance regression, but staging this version should
yield valuable web compatibility information.
R=cbruni
BUG=v8:4093
LOG=Y
Review URL: https://codereview.chromium.org/1678143002
Cr-Commit-Position: refs/heads/master@{#33827}
ES2016 TypedArray subclassing semantics break the Node.js Buffer module,
also used on the web. I wrote a pull request against the web and Node
versions to fix the issue, but the pull request has not yet been granted,
and this is blocking shipping the change. For now, this patch extends the
web compatibility workaround to the --harmony-species flag, so that
Symbol.species and associated subclassing semantics can ship independently.
R=cbruni
BUG=v8:4665
LOG=Y
Review URL: https://codereview.chromium.org/1678123002
Cr-Commit-Position: refs/heads/master@{#33826}
Port bb883395a8
Original commit message:
This replaces the global remembered set with per-page remembered sets.
Each page in the old space, map space, and large object space keeps track of
the set of slots in the page pointing to the new space.
The data structure for storing slot sets is a two-level bitmap, which allows
us to remove the store buffer overflow and SCAN_ON_SCAVENGE logic.
Design doc: https://goo.gl/sMKCf7R=ulan@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=chromium:578883
LOG=NO
Review URL: https://codereview.chromium.org/1679873003
Cr-Commit-Position: refs/heads/master@{#33823}
This allows us to remove the somewhat awkward BuildLoadObjectField
from the BytecodeGraphBuilder and also allows us to simplify the
bytecode stream for class literals.
R=oth@chromium.org
Review URL: https://codereview.chromium.org/1678103002
Cr-Commit-Position: refs/heads/master@{#33820}
Adds implementation and tests to support const/let variables in the
interpreter.
BUG=v8:4280,v8:4679
LOG=N
Review URL: https://codereview.chromium.org/1634153002
Cr-Commit-Position: refs/heads/master@{#33819}
Previously, Object.values() and Object.entries() were piggy-backing on
Object.keys(). This meant that they would pre-filter non-enumerable properties,
violating the runtime behaviour of the methods. Unfortunately, this does not
match the current proposal text.
Also incorporates several tests verifying this behaviour based on tests included
in the ChakraCore implementation.
In this reland, the new patch fills up the longer-lasting FixedArray with
`undefined` to avoid the crash in Heap::Verify().
Originally reviewed at https://codereview.chromium.org/1637753004
BUG=v8:4663
LOG=N
R=adamk@chromium.org, rossberg@chromium.org, littledan@chromium.org
Review URL: https://codereview.chromium.org/1673673002
Cr-Commit-Position: refs/heads/master@{#33818}
The flag in question is a debug-only flag supported by full-codegen and
Crankshaft only. In it's current form there are some unresolved issues:
- The flag is defeated by inlining in Crankshaft.
- The flag is not supported by TurboFan.
- The flag is not supported by Ignition.
Instead of addressing the above issues and increasing maintenance cost
for all backends and also given the "slim" test coverage, this CL fully
removes the support from all backends.
R=bmeurer@chromium.org,jkummerow@chromium.org
Review URL: https://codereview.chromium.org/1676263002
Cr-Commit-Position: refs/heads/master@{#33817}
Generally we only care whether the next object is a hidden prototype.
It's simpler to check whether the current object has a hidden prototype
instead of walking to the next prototype and checking its map.
BUG=
Review URL: https://codereview.chromium.org/1675223002
Cr-Commit-Position: refs/heads/master@{#33816}
This allows us to remove the somewhat awkward BuildLoadObjectField
from the AstGraphBuilder and also allows us to simplify fullcodegen
for class literals.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1679813002
Cr-Commit-Position: refs/heads/master@{#33815}
This moves the JSCreate related functionality from JSTypedLowering into
a dedicated JSCreateLowering reducer. This is in preparation of landing
the support for optimized literals in TurboFan, which would blow up
JSTypedLowering quite seriously otherwise.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1678833002
Cr-Commit-Position: refs/heads/master@{#33813}
The serializer collects objects in iteration order, not in allocation
order. This means that the deserializer will put these objects in
iteration order onto the reserved pages as well. There is no guarantee
that objects that were on the first page will end up on the first page
after deserialization.
Until now we got lucky, since we only ever need one space per page for
the default snapshot. For roots, the iteration order and allocation
order also do not differ enough to cause any issue for immortal
immovable root objects. These objects need to stay on the first page of
its allocated space to not move.
However, let's make sure it stays this way, and we realize soon enough
if this assumption does not hold.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1675553002
Cr-Commit-Position: refs/heads/master@{#33810}
Replace the somewhat awkward RestParamAccessStub, which would always
call into the runtime anyway with a proper FastNewRestParameterStub,
which is basically based on the code that was already there for strict
arguments object materialization. But for rest parameters we could
optimize even further (leading to 8-10x improvements for functions with
rest parameters), by fixing the internal formal parameter count:
Every SharedFunctionInfo has a formal_parameter_count field, which
specifies the number of formal parameters, and is used to decide whether
we need to create an arguments adaptor frame when calling a function
(i.e. if there's a mismatch between the actual and expected parameters).
Previously the formal_parameter_count included the rest parameter, which
was sort of unfortunate, as that meant that calling a function with only
the non-rest parameters still required an arguments adaptor (plus some
other oddities). Now with this CL we fix, so that we do no longer
include the rest parameter in that count. Thereby checking for rest
parameters is very efficient, as we only need to check whether there is
an arguments adaptor frame, and if not create an empty array, otherwise
check whether the arguments adaptor frame has more parameters than
specified by the formal_parameter_count.
The FastNewRestParameterStub is written in a way that it can be directly
used by Ignition as well, and with some tweaks to the TurboFan backends
and the CodeStubAssembler, we should be able to rewrite it as
TurboFanCodeStub in the near future.
Drive-by-fix: Refactor and unify the CreateArgumentsType which was
different in TurboFan and Ignition; now we have a single enum class
which is used in both TurboFan and Ignition.
R=jarin@chromium.org, rmcilroy@chromium.orgTBR=rossberg@chromium.org
BUG=v8:2159
LOG=n
Review URL: https://codereview.chromium.org/1676883002
Cr-Commit-Position: refs/heads/master@{#33809}
Fix failures on MIPS simulator because incomplete
handling of MTHC1 and MFHC1 in Fp32 mode
Fix failures on older kernels that have problems with
MTHC1 and MFHC1 in kernel FPU emulation
Original issue's description:
> Revert of MIPS: Add FPXX support to MIPS32R2 (patchset #3
> id:40001 of https://codereview.chromium.org/1586223004/ )
>
> Reason for revert:
> Revert patch due to a number of failures appearing on the > MIPS v8 simulator
>
> Original issue's description:
>> MIPS: Add FPXX support to MIPS32R2
>>
>> The JIT code generated by V8 is FPXX compliant
>> when v8 compiled with FPXX flag. This allows the code to
>> run in both FP=1 and FP=0 mode. It also alows v8 to be used
>> as a library by both FP32 and FP64 binaries.
>>
>> BUG=
>>
>> Committed: https://crrev.com/95110dde666158a230a823fd50a68558ad772320
>> Cr-Commit-Position: refs/heads/master@{#33576}
BUG=
Review URL: https://codereview.chromium.org/1659883002
Cr-Commit-Position: refs/heads/master@{#33808}
This replaces the global remembered set with per-page remembered sets.
Each page in the old space, map space, and large object space keeps track of
the set of slots in the page pointing to the new space.
The data structure for storing slot sets is a two-level bitmap, which allows
us to remove the store buffer overflow and SCAN_ON_SCAVENGE logic.
Design doc: https://goo.gl/sMKCf7
BUG=chromium:578883
LOG=NO
Review URL: https://codereview.chromium.org/1608583002
Cr-Commit-Position: refs/heads/master@{#33806}
The preallocated JSAccessorPropertyDescriptor, JSDataPropertyDescriptor and
JSIteratorResult had the constructor field unset, which in turn causes
GetCreationContext() to fail for those instances.
R=verwaest@chromium.org
BUG=v8:4738
LOG=n
Review URL: https://codereview.chromium.org/1676823002
Cr-Commit-Position: refs/heads/master@{#33802}
It's fine to use JS_OBJECT_TYPE for JSIteratorResult and only have a
preallocated initial map for them to avoid unnecessary polymorphism
from generators / builtin iterators. The instance type doesn't
provide any advantage, since we always have to treat JSIteratorResult
objects as regular JSObjects later.
R=yangguo@chromium.orgTBR=hpayer@chromium.org
Review URL: https://codereview.chromium.org/1680513002
Cr-Commit-Position: refs/heads/master@{#33800}
Previously ObjectTemplate::New() logic relied on the fact that all the accessor properties are already installed in the initial map of the function object of the constructor FunctionTemplate.
When the FunctionTemplate were instantiated the accessors of the instance templates from the whole inheritance chain were accumulated and added to the initial map.
ObjectTemplate::SetSetAccessor() used to explicitly ensure that the ObjectTemplate has a constructor and therefore an initial map to add all accessors to.
The new approach is to add all the accessors and data properties to the object exactly when the ObjectTemplate is instantiated. In order to keep it fast we now cache the object boilerplates in the Isolate::template_instantiations_cache (the former function_cache), so the object creation turns to be a deep copying of the boilerplate object.
BUG=chromium:579009
LOG=Y
Committed: https://crrev.com/6a118774244d087b5979e9291d628a994f21d59d
Cr-Commit-Position: refs/heads/master@{#33674}
Review URL: https://codereview.chromium.org/1642223003
Cr-Commit-Position: refs/heads/master@{#33798}
port 334d17946c (r33780)
original commit message:
This change should unify handling of finally blocks in Turbofan's
AstGraphBuilder and in full-code. This should enable smooth deoptimization
from finally blocks.
BUG=
Review URL: https://codereview.chromium.org/1675003002
Cr-Commit-Position: refs/heads/master@{#33794}
We assume split-edge form throughout the register allocation pipeline,
so added validation in isel.
BUG=
Review URL: https://codereview.chromium.org/1668953002
Cr-Commit-Position: refs/heads/master@{#33789}
The call can be used by the embedder to provide information on the workers
executing background tasks.
BUG=chromium:524425
LOG=N
Review URL: https://codereview.chromium.org/1664203004
Cr-Commit-Position: refs/heads/master@{#33788}
Reason for revert:
[Sheriff] Breaks gc stress:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20gc%20stress/builds/1642
Original issue's description:
> [es7] refactor and fix Object.values() / Object.entries()
>
> Previously, Object.values() and Object.entries() were piggy-backing on
> Object.keys(). This meant that they would pre-filter non-enumerable properties,
> violating the runtime behaviour of the methods. Unfortunately, this does not
> match the current proposal text.
>
> Also incorporates several tests verifying this behaviour based on tests included
> in the ChakraCore implementation.
>
> BUG=v8:4663
> LOG=N
> R=adamk@chromium.org, rossberg@chromium.org, littledan@chromium.org
>
> Committed: https://crrev.com/5c5ccd9d7f8693990d1a9eb26ba3a94f376dcf0b
> Cr-Commit-Position: refs/heads/master@{#33782}
TBR=littledan@chromium.org,adamk@chromium.org,cbruni@chromium.org,rossberg@chromium.org,caitpotter88@gmail.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4663
Review URL: https://codereview.chromium.org/1675663002
Cr-Commit-Position: refs/heads/master@{#33787}
Previously, Object.values() and Object.entries() were piggy-backing on
Object.keys(). This meant that they would pre-filter non-enumerable properties,
violating the runtime behaviour of the methods. Unfortunately, this does not
match the current proposal text.
Also incorporates several tests verifying this behaviour based on tests included
in the ChakraCore implementation.
BUG=v8:4663
LOG=N
R=adamk@chromium.org, rossberg@chromium.org, littledan@chromium.org
Review URL: https://codereview.chromium.org/1637753004
Cr-Commit-Position: refs/heads/master@{#33782}
This change should unify handling of finally blocks in Turbofan's
AstGraphBuilder and in full-code. This should enable smooth deoptimization
from finally blocks.
Review URL: https://codereview.chromium.org/1663323003
Cr-Commit-Position: refs/heads/master@{#33780}
This makes the field in question more generic by renaming it from the
previous "depth" to "data". Pure refactoring, no function change.
R=rmcilroy@chromium.org,yangguo@chromium.org
Review URL: https://codereview.chromium.org/1670983003
Cr-Commit-Position: refs/heads/master@{#33779}
The CL 33579 (https://codereview.chromium.org/1618343002) use code offsets instead of raw PC where possible.
But the offset maybe come from an optimized frame, not the un-optimized frame that FromCodeOffset and BreakIndexFromCodeOffset function expect.
So The offset from optimized frame can't be used in FromCodeOffset and BreakIndexFromCodeOffset function.
This CL use the frame summary to find the corresponding code offset in unoptimized code according to Yang's suggestion.
Review URL: https://codereview.chromium.org/1663113002
Cr-Commit-Position: refs/heads/master@{#33778}
Trying to sort a string should throw a TypeError, proper handling
of elements just needs to get out of the way.
BUG=chromium:584188
LOG=n
R=cbruni@chromium.org
Review URL: https://codereview.chromium.org/1670153002
Cr-Commit-Position: refs/heads/master@{#33777}
Reason for revert:
Must revert for now due to chromium api natives issues.
Original issue's description:
> Type Feedback Vector lives in the closure
>
> (RELAND: the problem before was a missing write barrier for adding the code
> entry to the new closure. It's been addressed with a new macro instruction
> and test. The only change to this CL is the addition of two calls to
> __ RecordWriteCodeEntryField() in the platform CompileLazy builtin.)
>
> We get less "pollution" of type feedback if we have one vector per native
> context, rather than one for the whole system. This CL moves the vector
> appropriately.
>
> We rely more heavily on the Optimized Code Map in the SharedFunctionInfo. The
> vector actually lives in the first slot of the literals array (indeed there is
> great commonality between those arrays, they can be thought of as the same
> thing). So we make greater effort to ensure there is a valid literals array
> after compilation.
>
> This meant, for performance reasons, that we needed to extend
> FastNewClosureStub to support creating closures with literals. And ultimately,
> it drove us to move the optimized code map lookup out of FastNewClosureStub
> and into the compile lazy builtin.
>
> The heap change is trivial so I TBR Hannes for it...
> Also, Yang has had a look at the debugger changes already and approved 'em. So he is TBR style too.
> And Benedikt reviewed it as well.
>
> TBR=hpayer@chromium.org, yangguo@chromium.org, bmeurer@chromium.org
>
> BUG=
>
> Committed: https://crrev.com/bb31db3ad6de16f86a61f6c7bbfd3274e3d957b5
> Cr-Commit-Position: refs/heads/master@{#33741}
TBR=bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1670813005
Cr-Commit-Position: refs/heads/master@{#33766}
Reason for revert:
issues with chromium api natives, must revert for now, thanks.
Original issue's description:
> PPC: Type Feedback Vector lives in the closure
>
> Port bb31db3ad6
>
> Original commit message:
> (RELAND: the problem before was a missing write barrier for adding the code
> entry to the new closure. It's been addressed with a new macro instruction
> and test. The only change to this CL is the addition of two calls to
> __ RecordWriteCodeEntryField() in the platform CompileLazy builtin.)
>
> We get less "pollution" of type feedback if we have one vector per native
> context, rather than one for the whole system. This CL moves the vector
> appropriately.
>
> We rely more heavily on the Optimized Code Map in the SharedFunctionInfo. The
> vector actually lives in the first slot of the literals array (indeed there is
> great commonality between those arrays, they can be thought of as the same
> thing). So we make greater effort to ensure there is a valid literals array
> after compilation.
>
> This meant, for performance reasons, that we needed to extend
> FastNewClosureStub to support creating closures with literals. And ultimately,
> it drove us to move the optimized code map lookup out of FastNewClosureStub
> and into the compile lazy builtin.
>
> The heap change is trivial so I TBR Hannes for it...
> Also, Yang has had a look at the debugger changes already and approved 'em. So he is TBR style too.
> And Benedikt reviewed it as well.
>
> R=mvstanton@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
> BUG=
>
> Committed: https://crrev.com/753ad25efa4790ea7c80aceecfa223c3436ca36f
> Cr-Commit-Position: refs/heads/master@{#33753}
TBR=joransiu@ca.ibm.com,jyan@ca.ibm.com,michael_dawson@ca.ibm.com,mbrandy@us.ibm.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1673623002
Cr-Commit-Position: refs/heads/master@{#33765}
Reason for revert:
Bugs with chromium api natives, must revert for now.
Original issue's description:
> X87: Type Feedback Vector lives in the closure.
>
> port bb31db3ad6 (r33741)
>
> original commit message:
> (RELAND: the problem before was a missing write barrier for adding the code
> entry to the new closure. It's been addressed with a new macro instruction
> and test. The only change to this CL is the addition of two calls to
> __ RecordWriteCodeEntryField() in the platform CompileLazy builtin.)
>
> We get less "pollution" of type feedback if we have one vector per native
> context, rather than one for the whole system. This CL moves the vector
> appropriately.
>
> We rely more heavily on the Optimized Code Map in the SharedFunctionInfo. The
> vector actually lives in the first slot of the literals array (indeed there is
> great commonality between those arrays, they can be thought of as the same
> thing). So we make greater effort to ensure there is a valid literals array
> after compilation.
>
> This meant, for performance reasons, that we needed to extend
> FastNewClosureStub to support creating closures with literals. And ultimately,
> it drove us to move the optimized code map lookup out of FastNewClosureStub
> and into the compile lazy builtin.
>
> The heap change is trivial so I TBR Hannes for it...
> Also, Yang has had a look at the debugger changes already and approved 'em. So he is TBR style too.
> And Benedikt reviewed it as well.
>
> BUG=
>
> Committed: https://crrev.com/25bfba9329b93cb8ebefe1446e024005a4227a93
> Cr-Commit-Position: refs/heads/master@{#33759}
TBR=chunyang.dai@intel.com,weiliang.lin@intel.com,zhengxing.li@intel.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1673613002
Cr-Commit-Position: refs/heads/master@{#33764}
port dbd8640813 (r33744)
original commit message:
Note: This is currently only used by yield*, we still need to support it in
other places (such as for-of loops). It can be used manually of course.
(This CL does not touch the full-codegen implementation of yield* because that
code is already dead. The yield* desugaring already supports return and doesn't
need to be touched.)
BUG=
Review URL: https://codereview.chromium.org/1671783002
Cr-Commit-Position: refs/heads/master@{#33760}
port bb31db3ad6 (r33741)
original commit message:
(RELAND: the problem before was a missing write barrier for adding the code
entry to the new closure. It's been addressed with a new macro instruction
and test. The only change to this CL is the addition of two calls to
__ RecordWriteCodeEntryField() in the platform CompileLazy builtin.)
We get less "pollution" of type feedback if we have one vector per native
context, rather than one for the whole system. This CL moves the vector
appropriately.
We rely more heavily on the Optimized Code Map in the SharedFunctionInfo. The
vector actually lives in the first slot of the literals array (indeed there is
great commonality between those arrays, they can be thought of as the same
thing). So we make greater effort to ensure there is a valid literals array
after compilation.
This meant, for performance reasons, that we needed to extend
FastNewClosureStub to support creating closures with literals. And ultimately,
it drove us to move the optimized code map lookup out of FastNewClosureStub
and into the compile lazy builtin.
The heap change is trivial so I TBR Hannes for it...
Also, Yang has had a look at the debugger changes already and approved 'em. So he is TBR style too.
And Benedikt reviewed it as well.
BUG=
Review URL: https://codereview.chromium.org/1672643002
Cr-Commit-Position: refs/heads/master@{#33759}
Adds a new runtime function, %DefineDataPropertyInLiteral, which
takes a fifth argument specifying whether the property and value
are syntactically such that the value is a function (or class)
literal that should have its name set at runtime.
The new runtime call also allows us to eliminate the now-redundant
%DefineClassMethod runtime function.
This should get much less ugly once we can desugar the "dynamic"
part of object literals in the parser (but that work is currently
blocked on having a performant way of desugaring literals).
BUG=v8:3699, v8:3761
LOG=n
Review URL: https://codereview.chromium.org/1626423003
Cr-Commit-Position: refs/heads/master@{#33756}
Port dbd8640813
Original commit message:
Note: This is currently only used by yield*, we still need to support it in
other places (such as for-of loops). It can be used manually of course.
(This CL does not touch the full-codegen implementation of yield* because that
code is already dead. The yield* desugaring already supports return and doesn't
need to be touched.)
R=neis@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=v8:3566
LOG=y
Review URL: https://codereview.chromium.org/1664413002
Cr-Commit-Position: refs/heads/master@{#33754}
Port bb31db3ad6
Original commit message:
(RELAND: the problem before was a missing write barrier for adding the code
entry to the new closure. It's been addressed with a new macro instruction
and test. The only change to this CL is the addition of two calls to
__ RecordWriteCodeEntryField() in the platform CompileLazy builtin.)
We get less "pollution" of type feedback if we have one vector per native
context, rather than one for the whole system. This CL moves the vector
appropriately.
We rely more heavily on the Optimized Code Map in the SharedFunctionInfo. The
vector actually lives in the first slot of the literals array (indeed there is
great commonality between those arrays, they can be thought of as the same
thing). So we make greater effort to ensure there is a valid literals array
after compilation.
This meant, for performance reasons, that we needed to extend
FastNewClosureStub to support creating closures with literals. And ultimately,
it drove us to move the optimized code map lookup out of FastNewClosureStub
and into the compile lazy builtin.
The heap change is trivial so I TBR Hannes for it...
Also, Yang has had a look at the debugger changes already and approved 'em. So he is TBR style too.
And Benedikt reviewed it as well.
R=mvstanton@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1671553002
Cr-Commit-Position: refs/heads/master@{#33753}
There might be several ExternalCallbackScope's created
during the native callback. Remove the assert that is not
aligned with that.
Moreover this iterator must work for any kind of
stacks including corrupted ones.
BUG=v8:4705
LOG=N
Review URL: https://codereview.chromium.org/1663193003
Cr-Commit-Position: refs/heads/master@{#33751}
This bit was ostensibly being used to provide appropriate syntax
errors for invalid destructuring assignment patterns, but adding a
single call to RecordPatternError() (in place of
BindingPatternUnexpectedToken()) seems to have replaced the need for it.
Review URL: https://codereview.chromium.org/1665043002
Cr-Commit-Position: refs/heads/master@{#33750}
Also various related cleanup in ParseVariableDeclarations(). The only
changes in logic are explained below:
- We were redundantly checking for parenthesized binding patterns;
these are already ruled out by BindingPatternUnexpectedToken()
calls in the places where we hit an LPAREN.
- There's no need to default-initialize a LET-mode variable in a
for-each loop, just as there isn't for CONST or CONST_LEGACY
(ParseForStatement will take care of properly initializing all
of the above).
Review URL: https://codereview.chromium.org/1661193002
Cr-Commit-Position: refs/heads/master@{#33749}
Note: This is currently only used by yield*, we still need to support it in
other places (such as for-of loops). It can be used manually of course.
(This CL does not touch the full-codegen implementation of yield* because that
code is already dead. The yield* desugaring already supports return and doesn't
need to be touched.)
BUG=v8:3566
LOG=y
Review URL: https://codereview.chromium.org/1639343005
Cr-Commit-Position: refs/heads/master@{#33744}
(RELAND: the problem before was a missing write barrier for adding the code
entry to the new closure. It's been addressed with a new macro instruction
and test. The only change to this CL is the addition of two calls to
__ RecordWriteCodeEntryField() in the platform CompileLazy builtin.)
We get less "pollution" of type feedback if we have one vector per native
context, rather than one for the whole system. This CL moves the vector
appropriately.
We rely more heavily on the Optimized Code Map in the SharedFunctionInfo. The
vector actually lives in the first slot of the literals array (indeed there is
great commonality between those arrays, they can be thought of as the same
thing). So we make greater effort to ensure there is a valid literals array
after compilation.
This meant, for performance reasons, that we needed to extend
FastNewClosureStub to support creating closures with literals. And ultimately,
it drove us to move the optimized code map lookup out of FastNewClosureStub
and into the compile lazy builtin.
The heap change is trivial so I TBR Hannes for it...
Also, Yang has had a look at the debugger changes already and approved 'em. So he is TBR style too.
And Benedikt reviewed it as well.
TBR=hpayer@chromium.org, yangguo@chromium.org, bmeurer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1668103002
Cr-Commit-Position: refs/heads/master@{#33741}
Unstructured control flow caused by excpetion handling leads to a wrong x87 stack
state. This patch is to reset the x87 state at the hanlder entry point.
Thanks for help from weiliang.lin@intel.com.
BUG=
Review URL: https://codereview.chromium.org/1668463006
Cr-Commit-Position: refs/heads/master@{#33738}
Synchronize calls in the heap iterator have been put there for the
serializer, which never actually made use of them. This CL fixes that.
R=vogelheim@chromium.org
Review URL: https://codereview.chromium.org/1667063002
Cr-Commit-Position: refs/heads/master@{#33736}
This CL deals with yield* by desugaring it in the parser. Hence the
full-codegen implementation of it becomes obsolete and can be removed in a
future CL.
The only change in semantics should be that the results of the iterator's next
and throw methods are checked to be objects, which didn't happen before but is
required by the spec.
BUG=
Review URL: https://codereview.chromium.org/1643903003
Cr-Commit-Position: refs/heads/master@{#33735}
Code compiled during snapshot are overwhelmingly for functions
that are only used for bootstrapping. It makes no sense to
include them in the startup snapshot, which bloats up the snapshot size
and slows down deserialization.
Snapshot sizes for comparison, for ia32:
w/o --ignition: 484k
w/ --ignition: 537k
bytecode removed: 489k
R=rmcilroy@chromium.org,mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1667693002
Cr-Commit-Position: refs/heads/master@{#33734}
This implements proper context switching while unwinding the stack due
to an exception being handled in interpreted code. The context under
which the handler is scoped is being preserved in a dedicated register
while the try-block is running. Both, the stack unwinding machinery as
well as the graph builder, restore the context from that register.
R=rmcilroy@chromium.org,bmeurer@chromium.org
BUG=v8:4674
LOG=n
Review URL: https://codereview.chromium.org/1665833002
Cr-Commit-Position: refs/heads/master@{#33733}
Moves the stack check from the function entry trampoline to instead be
after function activation using an explicit StackCheck bytecode. Also
add stack checks on back edges of loops.
BUG=v8:4280,v8:4678
LOG=N
Review URL: https://codereview.chromium.org/1665853002
Cr-Commit-Position: refs/heads/master@{#33730}
This is also a refactoring of the merge function in
escape analysis.
BUG=v8:4586
LOG=n
Review URL: https://codereview.chromium.org/1654163003
Cr-Commit-Position: refs/heads/master@{#33728}
This cleans up and simplifyies handling the bytes followin an opcode
with little helper structs that will be useful in the interpreter and
already have been in keeping OpcodeArity and OpcodeLength up to date
with the decoder.
R=bradnelson@chromium.org, ahaas@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1664883002
Cr-Commit-Position: refs/heads/master@{#33723}
The goal of the Int64Reducer is to replace all int64 nodes in a tf graph
with a set of int32 nodes such that 64 bit tf functions can be executed
on 32 bit platforms. At the moment the Int64Reducer only replaces
Int64Constants, TruncateInt64ToInt32, and Word64And.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1655883002
Cr-Commit-Position: refs/heads/master@{#33721}
The spec requires all Math functions to first call ToNumber on all
arguments before doing any other observable operation. So early
return in case of Infinity is not valid.
Drive-by-fix: Remove the use of %_Arguments / %_ArgumentsLength and
use (strict) arguments instead of allocating a temporary InternalArray
explicitly.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1669773002
Cr-Commit-Position: refs/heads/master@{#33717}
No need to micro-optimize here, and in almost all cases here, using
arguments should result in roughly the same code w/ Crankshaft anyway.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1664513007
Cr-Commit-Position: refs/heads/master@{#33716}
So far, we've been moving down gaps wholesale. This change moves
individual move operations instead. This improves some benchmarks,
and should overall reduce code size, because it improves the chance of
reducing the number of moves.
For example, there are improvements on x64 in Emscripten (Bullet, in
particular) , JetStream geomean, Embenchen (zlib).
In the process of making this change, I noticed we can separate the
tasks performed by the move optimizer, as follows:
- group gaps into 1
- push gaps down, jumping instructions (these 2 were together before)
- merge blocks (and then push gaps down)
- finalize
We can do without a finalization list. This avoids duplicating storage -
we already have the list of instructions; it also simplifies the logic, since,
with this change, we may process an instruction's gap twice.
Compile time doesn't regress much (see pathological cases), but we
may want to avoid the allocations of the few sets used in the new code.
I'll do that in a subsequent change.
BUG=
Review URL: https://codereview.chromium.org/1634093002
Cr-Commit-Position: refs/heads/master@{#33715}
This removes --harmony-completion, --harmony-concat-spreadable, and
--harmony-tolength and moves the appropriate tests from harmony/ to es6/.
Review URL: https://codereview.chromium.org/1667453002
Cr-Commit-Position: refs/heads/master@{#33712}
Unifies the meaning of kRegCount8 and kRegCount16 across bytecodes.
Call and CallJSRuntime had a slightly different use of the register
count operand. From this change forth, register count operands are
always based off of the previous register operand.
BUG=v8:4280,v8:4675
LOG=N
Review URL: https://codereview.chromium.org/1659023002
Cr-Commit-Position: refs/heads/master@{#33707}
Adds implementation and tests for with statement to interprter.
BUG=v8:4280,v8:4684
LOG=N
Review URL: https://codereview.chromium.org/1656863002
Cr-Commit-Position: refs/heads/master@{#33705}
This clears the currently pending message object whenever a try-block or
a finally-block is being entered in interpreted code. The intention is
to avoid memory leaks introduced by the message object. Also the message
object is being restored when a finally-block exits.
R=rmcilroy@chromium.org
TEST=cctest/test-heap/MessageObjectLeak
BUG=v8:4674
LOG=n
Review URL: https://codereview.chromium.org/1651993002
Cr-Commit-Position: refs/heads/master@{#33704}
This was inconsistent in the spec in case of has vs get, set. Removing
receiver==holder simplifies the lookup; so tentatively removing this
additional check which was broken until yesterday anyway. See
https://github.com/tc39/ecma262/issues/347 for more information.
Review URL: https://codereview.chromium.org/1660903002
Cr-Commit-Position: refs/heads/master@{#33701}
Reason for revert:
Fails a lot of layout tests and blocks the roll. Can be easily reproduced with a local Chromium checkout.
Reference: https://codereview.chromium.org/1652413003/
Original issue's description:
> [api] Make ObjectTemplate::SetNativeDataProperty() work even if the ObjectTemplate does not have a constructor.
>
> Previously ObjectTemplate::New() logic relied on the fact that all the accessor properties are already installed in the initial map of the function object of the constructor FunctionTemplate.
> When the FunctionTemplate were instantiated the accessors of the instance templates from the whole inheritance chain were accumulated and added to the initial map.
> ObjectTemplate::SetSetAccessor() used to explicitly ensure that the ObjectTemplate has a constructor and therefore an initial map to add all accessors to.
>
> The new approach is to add all the accessors and data properties to the object exactly when the ObjectTemplate is instantiated. In order to keep it fast we now cache the object boilerplates in the Isolate::template_instantiations_cache (the former function_cache), so the object creation turns to be a deep copying of the boilerplate object.
>
> This CL also prohibits non-primitive properties in ObjectTemplate to avoid potential cross-context leaks.
>
> BUG=chromium:579009
> LOG=Y
>
> Committed: https://crrev.com/6a118774244d087b5979e9291d628a994f21d59d
> Cr-Commit-Position: refs/heads/master@{#33674}
TBR=verwaest@chromium.org,ishell@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:579009
Review URL: https://codereview.chromium.org/1660263003
Cr-Commit-Position: refs/heads/master@{#33698}
Reason for revert:
Bisection results show that this was not the culprit.
Original issue's description:
> Revert of [heap] Simplify distribution of remaining memory during sweeping & compaction (patchset #2 id:80001 of https://codereview.chromium.org/1653973003/ )
>
> Reason for revert:
> Very likely blocking roll: https://codereview.chromium.org/1652413003/
>
> Original issue's description:
> > [heap] Simplify distribution of remaining memory during sweeping & compaction
> >
> > BUG=chromium:524425
> > LOG=N
> >
> > Committed: https://crrev.com/f72923526ccaa8faef5c977267b0c074c4a44dfa
> > Cr-Commit-Position: refs/heads/master@{#33668}
>
> TBR=hpayer@chromium.org,mlippautz@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=chromium:524425
>
> Committed: https://crrev.com/a9441b0e7a2a56c2047482a3cc66e3ca2255444b
> Cr-Commit-Position: refs/heads/master@{#33695}
TBR=hpayer@chromium.org,mlippautz@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:524425
Review URL: https://codereview.chromium.org/1663013002
Cr-Commit-Position: refs/heads/master@{#33696}
This includes 2 fixes:
1) We didn't properly advance the holder when checking whether
Receiver==Holder, so we'd inadvertently block loading the property if
the first property we find is on the typed array.
2) Reflect.get may cause any object on the prototype chain of the holder
to be the receiver; so we need to recheck for this special state for
each object we perform lookup on.
Review URL: https://codereview.chromium.org/1651913005
Cr-Commit-Position: refs/heads/master@{#33689}
Moves the temporary register allocator out of the bytecode array
builder into TemporaryRegisterAllocator class and adds unittests.
Particular must be taken around the translation window boundary
motivating the addition of tests.
Also adds a Clear() method to IdentityMap() which is called by
the destructor. This allows classes to hold an IdentityMap if
they are zone allocated. Classes must call Clear() before the zone
is re-cycled or face v8 heap corruption.
BUG=v8:4280,v8:4675
LOG=N
Review URL: https://codereview.chromium.org/1651133002
Cr-Commit-Position: refs/heads/master@{#33686}
Move all the code that deals with falling back to object creation via
stubs to JSGenericLowering, where we can already deal well with stub
calls. This includes JSCreateLiteralArray, JSCreateLiteralObject,
JSCreateClosure, JSCreateFunctionContext and JSCreateArray.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1653353002
Cr-Commit-Position: refs/heads/master@{#33682}
We don't have proper test coverage for the no-deoptimization code paths
in the JSGlobalObjectSpecialization reducer, and we will properly never
have any use for that code, so it just adds complexity and code that
likely breaks over time (as its untested).
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1659463007
Cr-Commit-Position: refs/heads/master@{#33680}
If the architecture does not provide rounding instructions, then C
implementations of these rounding instructions are called. The C
implementations from math.h are used, function pointers are registered
as external references so that they can be call from the simulator.
R=titzer@chromium.org
BUG=575379
LOG=Y
Review URL: https://codereview.chromium.org/1661463002
Cr-Commit-Position: refs/heads/master@{#33677}
Reason for revert:
This test fails:
assertEquals(["as"], /^a[\u017F]/ui.exec("as"));
The reason is that we end up with a character class that is not stand alone, so we do not perform case folding on it correctly (with unicode flag).
Original issue's description:
> [regexp] implement /ui to mirror the implementation for /i.
>
> R=erik.corry@gmail.com, erikcorry@chromium.org
>
> Committed: https://crrev.com/eea1a4c003c559c99bcc9f08aa7eadf931975aad
> Cr-Commit-Position: refs/heads/master@{#33655}
TBR=erik.corry@gmail.com,erikcorry@chromium.org,erikcorry@google.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1661483002
Cr-Commit-Position: refs/heads/master@{#33676}
Avoid the hacking in JSIntrinsicLowering and provide a proper simplified
operator ObjectIsReceiver instead that is used to implement %_IsJSReceiver
which is used by our JavaScript builtins and the JSInliner.
R=jarin@chromium.org
BUG=v8:4544
LOG=n
Review URL: https://codereview.chromium.org/1657863004
Cr-Commit-Position: refs/heads/master@{#33675}
Previously ObjectTemplate::New() logic relied on the fact that all the accessor properties are already installed in the initial map of the function object of the constructor FunctionTemplate.
When the FunctionTemplate were instantiated the accessors of the instance templates from the whole inheritance chain were accumulated and added to the initial map.
ObjectTemplate::SetSetAccessor() used to explicitly ensure that the ObjectTemplate has a constructor and therefore an initial map to add all accessors to.
The new approach is to add all the accessors and data properties to the object exactly when the ObjectTemplate is instantiated. In order to keep it fast we now cache the object boilerplates in the Isolate::template_instantiations_cache (the former function_cache), so the object creation turns to be a deep copying of the boilerplate object.
This CL also prohibits non-primitive properties in ObjectTemplate to avoid potential cross-context leaks.
BUG=chromium:579009
LOG=Y
Review URL: https://codereview.chromium.org/1642223003
Cr-Commit-Position: refs/heads/master@{#33674}
(Trying to finish FastAccessorAssembler this week. This should make it easier to pick up the Blink side of this work later on.)
BUG=chromium:508898
SOUNDTRACK=http://youtu.be/i1EG-MKy4so
LOG=Y
Review URL: https://codereview.chromium.org/1620293002
Cr-Commit-Position: refs/heads/master@{#33671}
Now that the branch analysis result is no longer mutated by the graph
builder, it can be made const again to preserve immutability.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1656933006
Cr-Commit-Position: refs/heads/master@{#33669}
After this change, the functionality of the CodeStubAssembler should be
sufficient to generate non-trivial stubs (e.g. the KeyedLoadIC) with control
flow, variables and probing of internal meta data structures.
Specifically this patch:
* introduces a Label class, which allows stubs to construct graphs that don't
have linear control graphs.
* introduces a Variable class. Variables can be bound to Node* values at
different points in a non-linear control flow graph. In conjunction with the
Label machinery, the CodeStubAssembler ensures that Phi nodes are inserted at
the "minimal" set of merge points.
* adds Tail calling support to other Stubs and to any arbitrary code whose
interface can be described by a CallInterfaceDescriptor.
* provides new macros for accessing FixedArray elements that are optimized for
use with Smi values.
Review URL: https://codereview.chromium.org/1649723002
Cr-Commit-Position: refs/heads/master@{#33664}
This function is called for every live object in new space. We statically know
which version to call, so let's use templates here and eliminite a branch at
runtime.
BUG=chromium:524425
LOG=N
Review URL: https://codereview.chromium.org/1659823002
Cr-Commit-Position: refs/heads/master@{#33662}
There's no point in having %_IsFunction as inline intrinsic, as it
is only used in non performance critical code, which is already full
of runtime calls anyway, so %IsFunction will do the trick as well.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1658123002
Cr-Commit-Position: refs/heads/master@{#33660}
So far TurboFan only calls %TraceExit for the implicit
return of undefined, when the function contains no explicit
return statement. To make --trace useful, we also need to
call %TraceExit for ReturnStatement.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1652013002
Cr-Commit-Position: refs/heads/master@{#33659}
This CL removes the Config templatization from the types. It is not
necessary anymore, after the HeapTypes have been removed.
The CL also changes the type hierarchy - the specific type kinds are
not inner classes of the Type class and they do not inherit from Type.
This is partly because it seems impossible to make this work without
templates. Instead, a new TypeBase class is introduced and all the
structural (i.e., non-bitset) types inherit from it.
The bitset type still requires the bit-munging hack and some nasty
reinterpret-casts to pretend bitsets are of type Type*. Additionally,
there is now the same hack for TypeBase - all pointers to the sub-types
of TypeBase are reinterpret-casted to Type*. This is to keep the type
constructors in inline method definitions (although it is unclear how
much that actually buys us).
In future, we would like to move to a model where we encapsulate Type*
into a class (or possibly use Type where we used to use Type*). This
would loosen the coupling between bitset size and pointer size, and
eventually we would be able to have more bits.
TBR=bradnelson@chromium.org
Review URL: https://codereview.chromium.org/1655833002
Cr-Commit-Position: refs/heads/master@{#33656}
We can constant-fold JSToNumber conversions during typed lowering
if the input is a known primitive constant (i.e. a string, oddball
or number). I.e. JSToNumber("123") can be constant-folded to 123.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1657213002
Cr-Commit-Position: refs/heads/master@{#33654}
port cb9b801069 (r33582)
original commit message:
The previous versions of Math.max and Math.min made it difficult to
optimize those (that's why we already have custom code in Crankshaft),
and due to lack of ideas what to do about the variable number of
arguments, we will probably need to stick in special code in TurboFan
as well; so inlining those builtins is off the table, hence there's no
real advantage in having them around as "not quite JS" with extra work
necessary in the optimizing compilers to still make those builtins
somewhat fast in cases where we cannot inline them (also there's a
tricky deopt loop in Crankshaft related to Math.min and Math.max, but
that will be dealt with later).
So to sum up: Instead of trying to make Math.max and Math.min semi-fast
in the optimizing compilers with weird work-arounds support %_Arguments
%_ArgumentsLength, we do provide the optimal code as native builtins
instead and call it a day (which gives a nice performance boost on some
benchmarks).
BUG=
Review URL: https://codereview.chromium.org/1659623003
Cr-Commit-Position: refs/heads/master@{#33652}
This patch adds a UseCounter for each of the following:
- Allowing duplicate sloppy-mode block-scoped function declarations
in the exact same scope
- for-in loops with an initializer
The patch also refactors some of the declaration code to clean it up and
enable the first counter, and adds additional unit tests to nail down
the semantics of edge cases of sloppy-mode block-scoped function declarations.
BUG=v8:4693,chromium:579395
LOG=N
R=adamk
Review URL: https://codereview.chromium.org/1633743003
Cr-Commit-Position: refs/heads/master@{#33650}
A class's name is its constructor's name, so there's no need to treat it separately,
either in the parser or in code generation. The main parser use of the name is
for ES2015 Function.name handling, and this patch also cleans up handling there
by adding a new IsAnonymousFunctionDefinition() method to Expression (the name
comes from the spec).
Also removed unused ParserTraits::DefaultConstructor method.
BUG=v8:3699
LOG=n
Review URL: https://codereview.chromium.org/1647213002
Cr-Commit-Position: refs/heads/master@{#33643}
The runtime call to Runtime::kReThrow does not need a frame-state node
attached, the frame-state input count is zero. This restructures the
graph builder to not instantiate a FrameStateBeforeAndAfter for it.
R=jarin@chromium.org
TEST=cctest/test-run-bytecode-graph-builder
BUG=v8:4674
LOG=n
Review URL: https://codereview.chromium.org/1654833002
Cr-Commit-Position: refs/heads/master@{#33641}
The notion of an unreachable environment is useful for a recursive
descent iteration (e.g. over an AST) where nodes are created on the
ascent path as well. For a flat iteration (e.g. over bytecode stream)
environments become unreachable at the end of a visitation function.
Hence any unreachable path can be represented by nulling the tracked
environment completely. This further reduces the number of redundant
nodes being created.
R=oth@chromium.org
Review URL: https://codereview.chromium.org/1650483003
Cr-Commit-Position: refs/heads/master@{#33639}
Set the bytecode array correctly in Runtime_SetCode.
This fixes issues with building the snapshot with ignition enabled.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1647913002
Cr-Commit-Position: refs/heads/master@{#33638}
This simplifies the branch analysis we perform on the bytecode stream
down to the bare minimum that we need to build graphs. Note that we
still record all branch targets, even though only the backwards ones
would be needed, but this is essentially for free and might be useful
eventually.
R=oth@chromium.org
Review URL: https://codereview.chromium.org/1646873004
Cr-Commit-Position: refs/heads/master@{#33635}
The reachability of a bytecode is implied by a live environment reaching
the bytecode during the abstract control flow simulation of the bytecode
iteration perfromed by the graph builder. There is no need to compute it
upfront anymore.
Also, the upfront computation was only an approximation when it came to
the reachability of an exception handler. This is why several tests for
translation of exception handlers can now be enabled.
R=oth@chromium.org
Review URL: https://codereview.chromium.org/1645293003
Cr-Commit-Position: refs/heads/master@{#33634}
This simplifies how the BytecodeGraphBuilder simulates control flow by
reversing the propagation direction to forwards propagation. This is the
same direction as the data flow which is also a forward propagation. In
this way the analysis information needed at merge points is drastically
reduced while still retaining the same simulation power.
In short: We push down environments instead of pulling them.
R=oth@chromium.org
Review URL: https://codereview.chromium.org/1641893004
Cr-Commit-Position: refs/heads/master@{#33633}
NonPatternRewrite was called more than once for the same AST
in the case of (computed) key expressions present in object
literals. As an example, in:
var x = { [[...42]]: 17 };
the array containing the spread would be desugared first and
then the resulting do-expression would again be desugared.
This could be problematic if a computed key expression contains
large nested array/object literals.
R=rossberg@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1645023002
Cr-Commit-Position: refs/heads/master@{#33632}
This patch ships the first part of RegExp subclassing--defining
Symbol.{match,replace,search,split}, but keeping their original
definitions which are restricted to a RegExp receiver and do not
call out to the core 'exec' method. This is being shipped separately
because the two sets of extension points are separate features with
separate functionality. The amount of behavior which is held behind
the flag is very small, just exposing the symbols as properties of
Symbol--the behavior that the String methods call out to these Symbol
properties has already been shipping unflagged.
R=yangguo@chromium.org
BUG=v8:4305,v8:4343,v8:4344,v8:4345
LOG=Y
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1652793002
Cr-Commit-Position: refs/heads/master@{#33629}
In the debugger we are interested in getting the context for the
current frame, which is usually a function context. To do that,
we used to call Context::declaration_context, which may also
return a block context. This is wrong and can lead to crashes.
Instead, we now use a newly introduced Context::closure_context,
which skips block contexts. This works fine for the debugger,
since we have other means to find and materialize block contexts.
R=rossberg@chromium.org
BUG=chromium:582051
LOG=N
Review URL: https://codereview.chromium.org/1648263002
Cr-Commit-Position: refs/heads/master@{#33627}
Associate a type with foreign functions at their callsite.
Associate a type with foreign variables.
More pervasively forbid computation in the module body.
Confirm foreign call arguments are exports.
Pass zone to more Type constructors, for consistency.
BUG= https://code.google.com/p/v8/issues/detail?id=4203
TEST=test-asm-validator
R=aseemgarg@chromium.org,titzer@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/1643003004
Cr-Commit-Position: refs/heads/master@{#33622}
Port cb9b801069
Original commit message:
The previous versions of Math.max and Math.min made it difficult to
optimize those (that's why we already have custom code in Crankshaft),
and due to lack of ideas what to do about the variable number of
arguments, we will probably need to stick in special code in TurboFan
as well; so inlining those builtins is off the table, hence there's no
real advantage in having them around as "not quite JS" with extra work
necessary in the optimizing compilers to still make those builtins
somewhat fast in cases where we cannot inline them (also there's a
tricky deopt loop in Crankshaft related to Math.min and Math.max, but
that will be dealt with later).
So to sum up: Instead of trying to make Math.max and Math.min semi-fast
in the optimizing compilers with weird work-arounds support %_Arguments
%_ArgumentsLength, we do provide the optimal code as native builtins
instead and call it a day (which gives a nice performance boost on some
benchmarks).
R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1648353002
Cr-Commit-Position: refs/heads/master@{#33618}
Port 0637f5f64c
Original commit message:
If we deoptimize from TurboFan or Crankshaft into the body of a for-in
loop and that for-in mode then switches to slow mode (i.e. has to call
%ForInFilter), we have to record that feedback, because otherwise we
might actually OSR into that loop assuming that it's fast mode still,
or even worse recompile the function later when we call it again w/o
having rerun the for-in loop in fullcodegen from the beginning (where
was previously the only place we could learn).
R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=v8:3650
LOG=n
Review URL: https://codereview.chromium.org/1644383002
Cr-Commit-Position: refs/heads/master@{#33617}
String wrappers (new String("foo")) are special objects: their string
characters are accessed like elements, and they also have an elements
backing store. This used to require a bunch of explicit checks like:
if (obj->IsJSValue() && JSValue::cast(obj)->value()->IsString()) {
/* Handle string characters */
}
// Handle regular elements (for string wrappers and other objects)
obj->GetElementsAccessor()->Whatever(...);
This CL introduces new ElementsKinds for string wrapper objects (one for
fast elements, one for dictionary elements), which allow folding the
special-casing into new StringWrapperElementsAccessors.
No observable change in behavior is intended.
Review URL: https://codereview.chromium.org/1612323003
Cr-Commit-Position: refs/heads/master@{#33616}
Previously, String.prototype.normalize constructed its ICU input
string as a null-terminated string. This creates a bug for strings
which contain a null byte, which is allowed in ECMAScript. This
patch constructs the ICU string based on its length so that the
entire string is normalized.
R=jshin@chromium.org
BUG=v8:4654
LOG=Y
Review URL: https://codereview.chromium.org/1645223003
Cr-Commit-Position: refs/heads/master@{#33614}
If we deoptimize from TurboFan or Crankshaft into the body of a for-in
loop and that for-in mode then switches to slow mode (i.e. has to call
%ForInFilter), we have to record that feedback, because otherwise we
might actually OSR into that loop assuming that it's fast mode still,
or even worse recompile the function later when we call it again w/o
having rerun the for-in loop in fullcodegen from the beginning (where
was previously the only place we could learn).
R=mstarzinger@chromium.org
BUG=v8:3650
LOG=n
Review URL: https://codereview.chromium.org/1638303008
Cr-Commit-Position: refs/heads/master@{#33612}
Port cb9b801069
Original commit message:
The previous versions of Math.max and Math.min made it difficult to
optimize those (that's why we already have custom code in Crankshaft),
and due to lack of ideas what to do about the variable number of
arguments, we will probably need to stick in special code in TurboFan
as well; so inlining those builtins is off the table, hence there's no
real advantage in having them around as "not quite JS" with extra work
necessary in the optimizing compilers to still make those builtins
somewhat fast in cases where we cannot inline them (also there's a
tricky deopt loop in Crankshaft related to Math.min and Math.max, but
that will be dealt with later).
So to sum up: Instead of trying to make Math.max and Math.min semi-fast
in the optimizing compilers with weird work-arounds support %_Arguments
%_ArgumentsLength, we do provide the optimal code as native builtins
instead and call it a day (which gives a nice performance boost on some
benchmarks).
BUG=
Review URL: https://codereview.chromium.org/1643973002
Cr-Commit-Position: refs/heads/master@{#33611}
Also remove duplicate code Disassemble, which is already done in TF pipeline.
BUG=
Review URL: https://codereview.chromium.org/1634653002
Cr-Commit-Position: refs/heads/master@{#33610}
The for-in slow mode implementation in Crankshaft unconditionally
deoptimizes when %ForInFilter returns undefined instead of just
skipping the item. Even worse, there's nothing we can learn from
that deopt, so we will eventually optimize again and hit exactly
the same problem again once we get back to optimized code.
R=mvstanton@chromium.org
BUG=v8:3650
LOG=n
Review URL: https://codereview.chromium.org/1647093002
Cr-Commit-Position: refs/heads/master@{#33609}
This refactors how the BytecodeArrayIterator is passed to visitation
methods on the BytecodeGraphBuilder. We no longer pass it explicitly,
but use the field accessor instead. Note that const-ness is still
preserved and visitation methods are still not able to mutate the
iterator. The main goal of this refactoring is increased readability.
R=rmcilroy@chromium.org
Review URL: https://codereview.chromium.org/1642893004
Cr-Commit-Position: refs/heads/master@{#33607}
This moves the definition of the Environment class into the compilation
unit because it is only used there and not needed outside, the header
doesn't need to expose it.
R=rmcilroy@chromium.org
Review URL: https://codereview.chromium.org/1644103002
Cr-Commit-Position: refs/heads/master@{#33605}
Reason for revert:
problems on Mac64
Original issue's description:
> [turbofan] Add the StackSlot operator to turbofan.
>
> The StackSlot operator allows to allocate a spill slot on the stack. We
> are going to use this operator to pass floats through pointers to c
> functions, which we need for floating point rounding in the case where
> the architecture does not provide rounding instructions.
>
> R=titzer@chromium.org, v8-arm-ports@googlegroups.com, v8-ppc-ports@googlegroups.com, v8-mips-ports@googlegroups.com
>
> Committed: https://crrev.com/7a693437787090d62d937b862e29521debcc5223
> Cr-Commit-Position: refs/heads/master@{#33600}
TBR=titzer@chromium.org,v8-arm-ports@googlegroups.com,v8-mips-ports@googlegroups.com,v8-ppc-ports@googlegroups.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1644283002
Cr-Commit-Position: refs/heads/master@{#33601}
So far the for-in slow path in Crankshaft unconditionally called
%ForInFilter for every iteration of the for-in loop, without paying
attention to the possible enum cache equipped receiver map. So even
though we iterate the enum cache FixedArray associated with the map
we don't check the map, but always go to %ForInFilter. This would be
perfectly fine if the enum cache FixedArray would be immutable, but
due to some funny GC/runtime interaction kicking in, the enum cache
can be right trimmed while we are iterating it, and the only way to
detect this is to ensure that we check the map when accessing the
enum cache.
BUG=v8:3650,v8:4715
LOG=n
Review URL: https://codereview.chromium.org/1650493002
Cr-Commit-Position: refs/heads/master@{#33599}
This is to fix a bug in the bytecode graph builder. This cl adds a new merge
node before we copy the environment on conditional/unconditional jumps. Since
these environments could be merged later, we add a place holder merge so that
the control dependencies are correctly merged. If we do not have a merge node
we may incorrectly merge the dependencies into the previous block.
For ex: test-run-variables/ContextStoreVariables in cctests.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1641143002
Cr-Commit-Position: refs/heads/master@{#33591}
avoid jump threading erasing the reconstruction of a frame, if the
frame was elided.
BUG=
Review URL: https://codereview.chromium.org/1642823002
Cr-Commit-Position: refs/heads/master@{#33590}
Compilation dependencies for O32 ABI are removed from the code and now
compilation will be done according n64 ABI only.
TEST=
BUG=
Review URL: https://codereview.chromium.org/1638303005
Cr-Commit-Position: refs/heads/master@{#33589}
