If left or right is guaranteed at compile-time to be an undetectable object, use HIsUndetectableAndBranch on the other side.
BUG=
Review URL: https://codereview.chromium.org/1775163005
Cr-Commit-Position: refs/heads/master@{#34616}
- Eliminate stubs with a variable number of arguments.
(That only worked due to their very limited use. These
stubs' interface descriptors were basically lying
about their number of args, which will fail when used
generically.)
- Fix all CallApi*Stubs' interface descriptors to no
longer lie about their arguments.
- Unify CallApi*Stub, for * in Function, Accessor,
FunctionWithFixedArgs.
(Since these are now all doing the same thing.)
- Rename the unified stub (and interface descriptors) to
*ApiCallback*, since that's really what they're doing.
- Refuse inlining an API callback if its number of
parameters exceeds the supported number of args.
BUG=
Review URL: https://codereview.chromium.org/1748123003
Cr-Commit-Position: refs/heads/master@{#34614}
This CL allows the sweeper to free up all memory >= free list item size (3 words). This may reduce memory consumption (especially in map space), but may be worse for allocation order as soon as we start using the tiny category.
This CL is just a first step in the right direction. A follow up CL will add customizable free list categories for each old space.
BUG=chromium:587026
LOG=n
Review URL: https://codereview.chromium.org/1774953003
Cr-Commit-Position: refs/heads/master@{#34612}
In case when F was called with incompatible number of arguments (and therefore
the arguments adator frame was created), F inlines a tail call of G which then
deopts the deoptimizer should also remove the arguments adaptor frame for F.
This CL adds required machinery to the deoptimizer.
BUG=v8:4698
LOG=N
Review URL: https://codereview.chromium.org/1768263004
Cr-Commit-Position: refs/heads/master@{#34610}
The current implementation does not consider the case when the context of
the control scope and the current context differ. It is possible that they are
different in some cases for example: with statements. This cl fixes this.
BUG=v8:4280,v8:4680
LOG=N
Review URL: https://codereview.chromium.org/1768123002
Cr-Commit-Position: refs/heads/master@{#34609}
After fixing the memory barrier for maps (https://codereview.chromium.org/1714513003), we are using a temp register for the map case. The temp register should not be aliased with the stored value (otherwise we perform the mem barrier check with a wrong value). This CL makes sure it is not aliased.
BUG=chromium:590074
LOG=n
Review URL: https://codereview.chromium.org/1775083002
Cr-Commit-Position: refs/heads/master@{#34607}
With this, the test runner automatically merges sancov
files after testing. There's no need to do this by some
external infrastructure.
In a future CL, we could even merge during testing to lift
harddisk pressure.
BUG=chromium:568949
LOG=n
NOTRY=true
Review URL: https://codereview.chromium.org/1776123002
Cr-Commit-Position: refs/heads/master@{#34606}
This CL modifies the following to be LEB128:
* Function table indices
* Import table signature indices
* Export table function indices
* Function signature param count
* br/br_if break depth
* br_table target count
* block/loop expression count
Still to do:
* Import/export names (LEB128 count + inline data)
* Data segments (LEB128 offset + size + inline data)
* Function header stuff (should seperate into function sig and body sections)
* Memory access alignment + offset (still discussing)
BUG=
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1775873002
Cr-Commit-Position: refs/heads/master@{#34603}
This mechanism was used to ensure that functions ended up as constants on the map of prototypes defined using object literals, e.g.,:
function.prototype = {
method: function() { ... }
}
Nowadays we treat prototypes specially, and make all their functions constants when an object turns prototype. Hence this special custom code isn't necessary anymore.
This also affects boilerplates that do not become prototypes. Their functions will not be constants but fields instead. Calling their methods will slow down. However, multiple instances of the same boilerplate will stay monomorphic. We'll have to see what the impact is for such objects, but preliminary benchmarks do not show this as an important regression.
BUG=chromium:593008
LOG=n
Review URL: https://codereview.chromium.org/1772423002
Cr-Commit-Position: refs/heads/master@{#34602}
A previous spec compliance fix for TypedArrays caused a ~4x performance
regression. This patch removes the regression by calling out
to a path within the runtime which implements array copying more
efficiently.
BUG=chromium:592007
R=adamk
LOG=Y
Review URL: https://codereview.chromium.org/1767893002
Cr-Commit-Position: refs/heads/master@{#34601}
The initial species protector hooked into property declaration in an
incomplete place, and missed definitions of accessors. This patch repairs
them by calling out to update the protector from an additional location.
R=adamk
CC=verwaest,cbruni
BUG=v8:4093
LOG=Y
Review URL: https://codereview.chromium.org/1746323002
Cr-Commit-Position: refs/heads/master@{#34599}
The below instructions were fixed so that the produced condition
codes in simulator matched behaviour in native s390 CPUs:
CFDBR
CGDBR
CGEBR
CFEBR
CLFDBR
CLGDBR
CLGEBR
Also implemented the CLFEBR instruction in s390 simulator.
(Copypaste of 1763663003, which was pointing at wrong branch - should be master, not lkgr)
R=danno@chromium.org,jkummerow@chromium.org,jochen@chromium.org,joransiu@ca.ibm.com,michael_dawson@ca.ibm.com,mbrandy@us.ibm.com,jyan@ca.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1773813002
Cr-Commit-Position: refs/heads/master@{#34598}
We have compatibility workarounds to return 'undefined' on accessors
to RegExp.prototype. This patch adds two UseCounters for two categories
of this non-spec-compliant path:
- source
- ignorecase, multiline, global
R=yangguo
BUG=chromium:581577
LOG=Y
Review URL: https://codereview.chromium.org/1762423002
Cr-Commit-Position: refs/heads/master@{#34597}
This adds the number of properties to be expected within the boilerplate
object for object literals to the TurboFan IR. The reason is that this
length can no longer be easily inferred from just the constants array.
The length is potentially non-zero for empty object literals and might
also diverge in the presence of constant functions or duplicate property
names.
For future safety and for symmetry reasons, the same change was applied
to array literals as well, even though inferring the length from the
constant elements is still possible there.
R=verwaest@chromium.org
BUG=chromium:593008
LOG=n
Review URL: https://codereview.chromium.org/1772803003
Cr-Commit-Position: refs/heads/master@{#34594}
port 2aae579cf0 (r34566)
original commit message:
In case when F tail calls G we should also remove the potential arguments adaptor frame for F.
This CL introduces two new machine instructions ArchTailCallCodeObjectFromJSFunction and ArchTailCallJSFunctionFromJSFunction which (unlike existing ArchTailCallCodeObject and ArchTailCallJSFunction)
also drop arguments adaptor frame if it exists right before jumping to the target function.
BUG=
Review URL: https://codereview.chromium.org/1777563002
Cr-Commit-Position: refs/heads/master@{#34593}
port ddc626e1cf (r34546)
original commit message:
I64Shl is lowered to a new turbofan operator, WasmWord64Shl. The new
operator takes 3 inputs, the low-word input, the high-word input, and
the shift, and produces 2 output, the low-word output and the high-word
output.
At the moment I implemented the lowering only for ia32, but I think the
CL is already big enough. I will add the other platforms in separate
CLs.
BUG=
Review URL: https://codereview.chromium.org/1773083002
Cr-Commit-Position: refs/heads/master@{#34591}
port 22938040fd (r34542)
original commit message:
HInvokeFunction and HApplyArguments instructions now support tail calling.
Inlining of calls at tail position is not supported yet and therefore still disabled.
The tail-call-megatest was modified so that the usages of "arguments" object do not disable Crankshaft.
BUG=
Review URL: https://codereview.chromium.org/1767343003
Cr-Commit-Position: refs/heads/master@{#34590}
Port 2aae579cf0
Original commit message:
In case when F tail calls G we should also remove the potential arguments adaptor frame for F.
This CL introduces two new machine instructions ArchTailCallCodeObjectFromJSFunction and
ArchTailCallJSFunctionFromJSFunction which (unlike existing ArchTailCallCodeObject and
ArchTailCallJSFunction) also drop arguments adaptor frame if it exists right before jumping
to the target function.
R=ishell@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=v8:4698
LOG=N
Review URL: https://codereview.chromium.org/1773053002
Cr-Commit-Position: refs/heads/master@{#34589}
BailoutId points to the next bytecode in the bytecode array. Code offset
is set to one less than the bail out id. This would point to the end of the
current instruction. Since we use it only for summarizing the frame and to
compute the source position, it should be safe to set it to the end of current
instruction.
BUG=v8:4280, v8:4689
LOG=N
Review URL: https://codereview.chromium.org/1763783003
Cr-Commit-Position: refs/heads/master@{#34580}
This is a pure refactoring and renaming of methods in the compiler API
with the goal to increase readability. Also the compiler API is moved to
the top of the file, as it is the central piece in that file.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1766623004
Cr-Commit-Position: refs/heads/master@{#34579}
This adds sanitizer-coverage compilation, test-runner
features and post processing.
Sanitizer coverage is expected to be used together with
asan.
During test runner execution, the produced sancov files
are disambiguated and match the pattern:
<executable name>.test.<test id>.sancov.
Two additional scripts are added for merging raw sancov
files and for generating json data containing all
instrumented lines + all covered lines from merged sancov
files. Both scripts use multiprocessing for speed.
The json data will later be uploaded to google storage
for further use, e.g. to show coverage data in rietveld.
Sancov documentation:
http://clang.llvm.org/docs/SanitizerCoverage.html
BUG=chromium:568949
LOG=n
NOTRY=true
TEST=python -m unittest sancov_formatter_test
TEST=python -m unittest sancov_merger_test
Review URL: https://codereview.chromium.org/1737263003
Cr-Commit-Position: refs/heads/master@{#34578}
This changes the compiler API that finalizes a previously queued
optimization job on the main thread, to not deal with code objects
directly. This is in sync with the rest of the API now.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1773663003
Cr-Commit-Position: refs/heads/master@{#34577}
Before this CL, various code stubs used different techniques
for marking their frames to enable stack-crawling and other
access to data in the frame. All of them were based on a abuse
of the "standard" frame representation, e.g. storing the a
context pointer immediately below the frame's fp, and a
function pointer after that. Although functional, this approach
tends to make stubs and builtins do an awkward, unnecessary
dance to appear like standard frames, even if they have
nothing to do with JavaScript execution.
This CL attempts to improve this by:
* Ensuring that there are only two fundamentally different
types of frames, a "standard" frame and a "typed" frame.
Standard frames, as before, contain both a context and
function pointer. Typed frames contain only a minimum
of a smi marker in the position immediately below the fp
where the context is in standard frames.
* Only interpreted, full codegen, and optimized Crankshaft and
TurboFan JavaScript frames use the "standard" format. All
other frames use the type frame format with an explicit
marker.
* Typed frames can contain one or more values below the
type marker. There is new magic macro machinery in
frames.h that simplifies defining the offsets of these fields
in typed frames.
* A new flag in the CallDescriptor enables specifying whether
a frame is a standard frame or a typed frame. Secondary
register location spilling is now only enabled for standard
frames.
* A zillion places in the code have been updated to deal with
the fact that most code stubs and internal frames use the
typed frame format. This includes changes in the
deoptimizer, debugger, and liveedit.
* StandardFrameConstants::kMarkerOffset is deprecated,
(CommonFrameConstants::kContextOrFrameTypeOffset
and StandardFrameConstants::kFrameOffset are now used
in its stead).
LOG=N
Review URL: https://codereview.chromium.org/1696043002
Cr-Commit-Position: refs/heads/master@{#34571}
Rolling v8/build/gyp to 61259d585ce99d9de8b35188cd0025bdbcb58411
Rolling v8/tools/clang to 7f949627a42e2b8b229522ab74de5b1b6a1ced3e
TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
Review URL: https://codereview.chromium.org/1768263003
Cr-Commit-Position: refs/heads/master@{#34568}