This will randomly break compilation units that don't happen to #define
DCHECK before v8-util.h is included.
BUG=chromium:688155
Change-Id: I7abdaf87c8bb7aca995d9e6e7ef8b4faff0dc50c
Reviewed-on: https://chromium-review.googlesource.com/447002
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Daniel Cheng <dcheng@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43455}
Make MarkerIs[Not]FrameType actually use their argument instead of a
fixed value for the stack frame type.
Review-Url: https://codereview.chromium.org/2709953002
Cr-Commit-Position: refs/heads/master@{#43454}
Inline the Array.isArray builtin during typed lowering, which generates
ideal code for the common case (non-JSProxy arg), and use the existing
%ArrayIsArray runtime function for the JSProxy case just like in baseline.
BUG=v8:5267
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2719023002
Cr-Commit-Position: refs/heads/master@{#43453}
When an instance of a constructor goes dictionary mode, this changes the initial map
of that constructor to also be in dictionary mode. This avoids spurious hidden class
creation, that also results in IC misses.
BUG=
Change-Id: I0e70f822ac345d0224f2092ec473621a603d4cc5
Reviewed-on: https://chromium-review.googlesource.com/446361
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43452}
In spec review, the Intl constructor fallback semantics ended
up changing a bit; this patch updates V8 to the newest semantics.
BUG=v8:4360,v8:4870
Review-Url: https://codereview.chromium.org/2618533002
Cr-Commit-Position: refs/heads/master@{#43448}
This extends the existing typer for JS-level comparisons to also be
applied on simplified-level number comparisons. Now that nodes having
such operators are introduced early during graph construction, precise
type information has become more important.
R=jarin@chromium.org
TEST=unittests/TyperTest
Change-Id: Ibcfda36cadf72381b3c63138dd8ad2f6b1f7fbba
Reviewed-on: https://chromium-review.googlesource.com/445879
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43447}
Nodes having the {Throw} operator are just used as terminators for
control-flow leaving the function body with an exception completion,
they turn into basic-block terminators within the schedule. Actually
raising an exception is done solely via runtime calls. Hence {Throw}
nodes no longer need any value input.
R=bmeurer@chromium.org
Change-Id: Id6d8e46b12c4b84f4e7a8ac96623c8efb1f27b26
Reviewed-on: https://chromium-review.googlesource.com/446501
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43445}
Don't just blindly bake in CallIC feedback in the JSCallReducer,
but instead try to estimate first whether it makes sense to bake
it in (and risk potential eager deoptimization exits). We already
didn't use the CallIC feedback when the call target is a known
constant, but we should also not use it if the target is a
JSCreateClosure node or a Phi of known constants / JSCreateClosure
nodes.
R=jarin@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2721483003
Cr-Commit-Position: refs/heads/master@{#43443}
Calling AstNode::Print() from within gdb, e.g. during bytecode
generation, sometimes results in a CHECK failure due to handle
dereferencing being disallowed. This is very frustrating.
Since this function is purely for debugging and not called anywhere in
the code base, I'm now explicitly adding an AllowHandleDereference scope
to it.
R=adamk@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2711003007
Cr-Commit-Position: refs/heads/master@{#43439}
Currently, ArrayIncludes handles the hypothetical case of an array with
a fast ElementsKind and non-SMI length. This should not happen (and is checked
against in JSArray::JSArrayVerify of objects_debug.cc).
Therefore this CL replaces that handling with a CSA_ASSERT that the length is
indeed SMI.
The CL also simplifies loading of the (SMI) length on 64 bit architectures by
using LoadAndUntagObjectField instead of LoadObjectField+SmiToWord.
BUG=v8:5985
Review-Url: https://codereview.chromium.org/2714193002
Cr-Commit-Position: refs/heads/master@{#43433}
Currently, Generate_ArrayIndexOf handles the hypothetical case of an array with
a fast ElementsKind and non-SMI length. This should not happen (and is checked
against in JSArray::JSArrayVerify of objects_debug.cc).
Therefore this CL replaces that handling with a CSA_ASSERT that the length is
indeed SMI.
The CL also simplifies loading of the (SMI) length on 64 bit architectures by
using LoadAndUntagObjectField instead of LoadObjectField+SmiToWord.
The CL does not add new tests, because test/mjsunit/array-length.js should
cover this already.
BUG=v8:5985
Review-Url: https://codereview.chromium.org/2714173002
Cr-Commit-Position: refs/heads/master@{#43431}
- Renames Create ops to Splat.
- Adds machine operators to initialize all SIMD machine types.
Boolean vector types may need initialization, so provide zero
operators.
LOG=N
BUG=v8:4124,695330
Review-Url: https://codereview.chromium.org/2719483002
Cr-Commit-Position: refs/heads/master@{#43430}
Node.js doesn't build because v8_extra_library_files is
used but not defined in v8.gyp.
We can probably clean up the build file and properly
delete v8_extra_library_files, just want to get the integration
build green again.
TBR=adamk@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2720483002
Cr-Commit-Position: refs/heads/master@{#43429}
- If no comparison function is given for %TypedArray%.prototype.sort,
sort the typedarray using std::sort in C++. This gets 20 times more
benchmark score in Float64Array.
- Move ValidateTypedArray in builtin-typedarray.cc to static inline
method of JSTypedArray class.
BUG=v8:5953
Review-Url: https://codereview.chromium.org/2693043009
Cr-Commit-Position: refs/heads/master@{#43427}
Now that no harmony-flagged features are implemented in experimental
JS, most of this is simply dead code.
As PostExperimentals() is no longer needed, I also removed the use of
Import() in the debug context, allowing the deletion of PostDebug()
along with PostExperimentals(); cleanup code is moved to the
end of PostNatives.
Also gets rid of some longer-dead code in prologue.js related to
TypedArrays, and some duplicate code for setting up SharedArrayBuffer
builtins.
Review-Url: https://codereview.chromium.org/2705293004
Cr-Commit-Position: refs/heads/master@{#43418}
The DescriptorInterceptor should intercept all
Object.getOwnPropertyDescriptor calls. This CL fixes
the interceptor's behavior if the iterator state is
ACCESS_CHECK.
BUG=
Review-Url: https://codereview.chromium.org/2707263002
Cr-Commit-Position: refs/heads/master@{#43417}
Marking it as callable makes typeof return 'function' instead of
'object' when invoked on a remote context or object.
BUG=chromium:527190
Review-Url: https://codereview.chromium.org/2715593002
Cr-Commit-Position: refs/heads/master@{#43416}
If the RHS is 0 and we have Smi feedback, speculate that the result (the LHS)
will continue to be in the Unsigned31 range. This helps us avoid converting
the result to double when merging with Signed32.
R=jarin@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2709423002
Cr-Commit-Position: refs/heads/master@{#43415}
This is a refactoring CL in preparation for implementing asynchronous compilation.
It moves all the compilation-related functionality to a helper class which will
make it easier to split into background and foreground tasks which is needed
for concurrent/synchronous execution of compilation.
R=clemensh@chromium.org,ahaas@chromium.org
BUG=v8:6003
Review-Url: https://codereview.chromium.org/2710603006
Cr-Commit-Position: refs/heads/master@{#43413}
Adds a perf test for constructing a TypedArray from a regular array,
and from a pre-made ArrayBuffer. Runs both new tests with default and
future configurations for comparison.
BUG=v8:5977
Change-Id: Idd132ca879702c54b2947a0e57ed8fe782f2767f
Reviewed-on: https://chromium-review.googlesource.com/446342
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43412}
This is also needed so that PreParser doesn't need to gather more data for arrow
function params in order to create the uninteresting varblock scopes matching
the scopes created in Parser::BuildParameterInitializationBlock.
This cancels the changes in https://chromium-review.googlesource.com/c/444747
which make PreParser create uninteresting scopes for the normal (non-arrow)
function "eval in default param" case.
R=vogelheim@chromium.org
BUG=v8:5516
Change-Id: I8957ac0796d8738c63492f7928bca6f00e4b4241
Reviewed-on: https://chromium-review.googlesource.com/446339
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43411}
This is a preliminary cleanup necessary for the actual fix of the associated issue.
BUG=chromium:688734
Change-Id: Iecd39ed4cef34c6cc5d9652c5569e048f0db46af
Reviewed-on: https://chromium-review.googlesource.com/446341
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43410}
The only remaining allowed occurence of a context is in WASM_TO_JS
code, which is regenerated for each instance.
This CL removes all the rest, to avoid subtle bugs where we might
forget to patch it. By renaming the BuildCallToRuntime method, we make
sure that noone accidentially calls the version which embeds a context.
For consistency, I even remove it from the WasmRunInterpreter stub,
which is never reused for new instantiations.
R=titzer@chromium.org
Review-Url: https://codereview.chromium.org/2708743003
Cr-Commit-Position: refs/heads/master@{#43409}
In instruction selector, in the reduction of Word64And(Word64Shr(val,0),
0xFFF...) to EXT instruction, the case where shift value is 0 and mask is
0xFFFFFFFFFFFFFFFF was not supported. We now generate NOP for this case
since no bit extraction is necessary.
We implement the same behavior for MIPS32 even though there are no tests
that are failing.
TEST=cctest/test-run-machops/Regression5951
BUG=
Review-Url: https://codereview.chromium.org/2718433002
Cr-Commit-Position: refs/heads/master@{#43408}
We can make Heap::UpdateAllocationSite cheaper for TurboFan, because
there's no need to check for allocation mementos on Strings in case of
the TurboFan pipeline.
R=mvstanton@chromium.org
Review-Url: https://codereview.chromium.org/2710303002
Cr-Commit-Position: refs/heads/master@{#43407}
