Port 47502a238b
Original commit message:
Previously all contexts had a link to the global object, but what is
required in most cases (except for the global load, store and delete
case) is the native context.
This also removes the second dummy global object that was still linked
to every native context. We will add a different mechanism to ensure
that builtins do not pollute the actual global object during
bootstrapping.
Drive-by-fix: Unify some MacroAssembler magic and drop obsolete stuff.
R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1491433002
Cr-Commit-Position: refs/heads/master@{#32435}
SIMD.js potentially adds to the standard library passed into
asm.js modules. Splitting off the point where the SIMD object
would be referenced to allow work on SIMD typing to occur orthogonally.
Adding VariableInfo to allow tracking of simd constructors / check functions. Using this for fround.
BUG= https://code.google.com/p/v8/issues/detail?id=4203
TEST=test-asm-validator
R=titzer@chromium.org,aseemgarg@chromium.org
LOG=N
Looking at simd.js
Review URL: https://codereview.chromium.org/1473513004
Cr-Commit-Position: refs/heads/master@{#32431}
Port d3e5db0428
Original commit message:
Up until now we sometimes pass Smi 0 around as closure and expect the
runtime to translate that appropriately. But we need to be careful in
some places to not confuse the Smi 0 with a real closure. However, we
could instead just pass the correct closure extracted from the native
context.
This addresses three long-standing TODOs in the JSTypedLowering pass.
R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1490553002
Cr-Commit-Position: refs/heads/master@{#32430}
This fixes a corner-case in redeclaration handling, where the ES2015
early error case got mixed up with legacy const handling in the parser.
Redeclaration using ES2015 'let' and 'const' should be early errors,
but legacy 'const' redeclaration has historically been a runtime error,
and should stay that way until legacy 'const' is gone.
The fix here is uglier than it might be due to
https://code.google.com/p/v8/issues/detail?id=4577, which keeps us
from simplifying the mess of if/else-if in the current code.
BUG=v8:4576
LOG=n
Review URL: https://codereview.chromium.org/1485943002
Cr-Commit-Position: refs/heads/master@{#32429}
Port 3d004eeab2
Original commit message:
This passes the new.target value in a register instead of through a
side-channel via the construct stub. The interpreter entry trampoline
stores this value in a bytecode register so that it can be accessed
directly by the interpreter. The size of the interpreter stack frame
hence grows by one slot.
R=mstarzinger@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=v8:4544
LOG=n
Review URL: https://codereview.chromium.org/1487863002
Cr-Commit-Position: refs/heads/master@{#32425}
Port 5166987369
Original commit message:
Some highlights of this CL:
* Refactor the mutable state out of Frame into FrameAccessState,
which is maintained and updated during code generation to
record whether sp- or fp-based frame access is currently active
and how deep the stack on top of the frame is.
* The operand resultion in linkage.cc now uses FrameAccessState
to determine how to generate frame-accessing operands.
* Update all platforms to accurately track additionally pushed
stack slots (e.g. arguments for calls) in the FrameAccessState.
* Add a flag, --turbo_sp_frame_access, which forces all frame
access to be sp-based whenever possible. This will likely never
be used in production, but for testing it's useful in verifying
that the stack-tracking of each platform maintained in the
FrameAccessState is correct.
* Use sp-based frame access for gap resolving before tail
calls. This will allow for slightly more efficient restoration
of the frame pointer in the tail call in a later CL.
* Remove most ad hoc groping into CallDescriptors to
determine if a frame is needed, instead consistently use
predicates like needs_frame(), IsCFunctionCall() and
IsJSFunctionCall().
R=danno@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=v8:4076
LOG=n
Review URL: https://codereview.chromium.org/1484913003
Cr-Commit-Position: refs/heads/master@{#32420}
Shifts of integer values are in some contexts collapsed by the parser into single literal AST nodes, rather than a direct representation of the parse tree. Confirming this behavior in tests.
Integer TypedArrays are assumed to load and store "intish" values rather than more fine-grained type information. Reducing the precision of the typing information to match the spec and simplify the wasm generator.
The asm spec requires load and store values of various "float?", "floatish", "double?" and "intish" types to ensure undefined values are not visible and that float32 rounding occurs at the right time. More closely matching this.
Adding additional testing around unsigned / signed comparisons, loads and stores.
Adding addition debug mode printing when asserting about types fail.
BUG= https://code.google.com/p/v8/issues/detail?id=4203
TEST=test-asm-validator, wasm side tests
R=titzer@chromium.org,aseemgarg@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/1471073003
Cr-Commit-Position: refs/heads/master@{#32419}
This disregards the code age heuristic when deciding whether to flush
code so that GC stress mode is more likely to flush out potential races
between our various "invariants".
R=hpayer@chromium.org
Review URL: https://codereview.chromium.org/1483993002
Cr-Commit-Position: refs/heads/master@{#32414}
This removes an overly complex predicate from the IsFlushable check
within the marking visitor. By now all JSFunction objects reference a
valid Context object, also builtin functions can be recognized without
looking at the JSFunction object.
R=hpayer@chromium.org
Review URL: https://codereview.chromium.org/1482363002
Cr-Commit-Position: refs/heads/master@{#32412}
Restore frame pointer directly from stack rather than copying it and
restoring. Also restore return address register directly on platforms that
support it.
BUG=v8:4076
LOG=n
Review URL: https://codereview.chromium.org/1488553002
Cr-Commit-Position: refs/heads/master@{#32410}
an optomization to remove redundant cast operations.
1. Adds an optimization to remove redundant ToBoolean and ToName operations.
2. Adds implementation and tests for cast operatorts to bytecode graph builder.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1468003002
Cr-Commit-Position: refs/heads/master@{#32408}
This way we avoid the %_IsSmi magic that is required in TurboFan to
(efficiently) check abitrary context slots for smi 0. Checking against
"the hole" is common in the AstGraphBuilder and "the hole" is also used
to mark other context slots as not initialized.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1484723003
Cr-Commit-Position: refs/heads/master@{#32407}
Reason for revert:
Broken canary. Trying to find out root cause.
Original issue's description:
> Do not remove write barriers for stores of old space references in most recent old space allocation.
>
> BUG=chromium:561449
> LOG=n
>
> Committed: https://crrev.com/369778ec55a63ebe51e8fa8497edb5b681069b9b
> Cr-Commit-Position: refs/heads/master@{#32368}
TBR=ulan@chromium.org,bmeurer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:561449
Review URL: https://codereview.chromium.org/1482973003
Cr-Commit-Position: refs/heads/master@{#32406}
Reason for revert:
Broken canary. Trying to find out root cause.
Original issue's description:
> Introduce instance type for transition arrays.
>
> The motivation is to allow specialized marking visitor for transition arrays and collect all transition array in a list for post-processing in ClearNonLiveReferences.
>
> BUG=chromium:554488
> LOG=NO
>
> Committed: https://crrev.com/026095a3c7932573e1810b8064ec3008ed696601
> Cr-Commit-Position: refs/heads/master@{#32396}
TBR=mlippautz@chromium.org,jkummerow@chromium.org,ulan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:554488
Review URL: https://codereview.chromium.org/1483003002
Cr-Commit-Position: refs/heads/master@{#32404}
Adds support and tests for throw to bytecode graph builder.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1481763002
Cr-Commit-Position: refs/heads/master@{#32399}
This switches several builtin methods to use the ES6 new.target value
when determined whether being called as a constructor or not. This is
prepatory work for fully deprecating the aforementioned intrinsic.
R=rossberg@chromium.org
Review URL: https://codereview.chromium.org/1477073005
Cr-Commit-Position: refs/heads/master@{#32397}
The motivation is to allow specialized marking visitor for transition arrays and collect all transition array in a list for post-processing in ClearNonLiveReferences.
BUG=chromium:554488
LOG=NO
Review URL: https://codereview.chromium.org/1480873003
Cr-Commit-Position: refs/heads/master@{#32396}
Monotonicity is not required at the current setup, where we do backward pass through
the graph. However, for bidirectinal analysis, we'd better be sure that all the
input/use information is monotone.
The checker here is quite strict - it requires monotonicity in each of: use
representations, use truncation, output representation and output type. In future, we can
lower the requirements and use lexicographic ordering (e.g., on use truncation and
representation).
Review URL: https://codereview.chromium.org/1473733007
Cr-Commit-Position: refs/heads/master@{#32392}
Add initial support to optimize certain "prototype" loads from known
JSFunctions which have a prototype. This includes an appropriate typing
rule plus a matching rule for typed lowering.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1482213002
Cr-Commit-Position: refs/heads/master@{#32390}
port 47502a238b (r32381)
original commit message:
Previously all contexts had a link to the global object, but what is
required in most cases (except for the global load, store and delete
case) is the native context.
This also removes the second dummy global object that was still linked
to every native context. We will add a different mechanism to ensure
that builtins do not pollute the actual global object during
bootstrapping.
Drive-by-fix: Unify some MacroAssembler magic and drop obsolete stuff.
BUG=
Review URL: https://codereview.chromium.org/1481353002
Cr-Commit-Position: refs/heads/master@{#32387}
