This patch fixes an obscure edge case for functions defined as the
direct body of a for-of/for-in loop, such as the following:
for (foo in []) function foo() { return foo; }
Here, the first occurrence of foo should point to the outer scope;
however, before this patch, it pointed to the inner foo in an
invalid way which caused an assertion about the scope chain to fail.
This patch fixes the scope chain by inserting an extra scope for
the body of the loop, not including the header.
BUG=chromium:542099
LOG=N
R=rossberg
Review URL: https://codereview.chromium.org/1396663004
Cr-Commit-Position: refs/heads/master@{#31268}
This CL re-purposes ValueEffect and Finish as delimiters for regions
that are scheduled atomically (renamed to BeginRegion, FinishRegion).
The BeginRegion node takes and produces an effect. For the uses that do
not care about the placement in the effect chain, it is ok to feed
graph->start() as an effect input.
The FinishRegion takes a value and an effect and produces a value and
an effect. It is important that any value or effect produced inside the
region is not used outside the region. The FinishRegion node is the only
way to smuggle an effect and a value out.
At the moment, this does not support control flow inside the region. Control flow would be hard.
During scheduling we do some sanity check, but the checks are not exhaustive. Here is what we check:
- the effect chain between begin and finish is linear (no splitting,
single effect input and output).
- any value produced is consumed by the FinishRegion node.
- no control flow outputs.
Review URL: https://codereview.chromium.org/1399423002
Cr-Commit-Position: refs/heads/master@{#31265}
Support negate with shifted input on ARM64 by supporting lhs zero registers for
binary operations, and removing explicit Neg instruction support.
Review URL: https://codereview.chromium.org/1404093003
Cr-Commit-Position: refs/heads/master@{#31263}
Replaces the use of KeyedStoreICGeneric with a vector based KeyedStoreIC for
array literal computed stores now that there is a feedback vector slot for
these expressions. Removes KeyedStoreICGeneric bytecode since this is no
longer necessary.
BUG=v8:4280
LOG=N
TBR=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1400353002
Cr-Commit-Position: refs/heads/master@{#31262}
Previously, any AstVisitor subclasses which wanted to make use of
the shared stack overflow checking code needed to depend on Isolate.
With this patch, it will be easy to create a second InitializeAstVisitor
overload taking a stack_limit directly, for use in code that has no
Isolate available (such as code running in the parser).
AstVisitor subclasses which depended upon the isolate() accessor have
been fixed to either have their own isolate_ member or get it from
somewhere else convenient.
Review URL: https://codereview.chromium.org/1387383005
Cr-Commit-Position: refs/heads/master@{#31260}
It is used by AstGraphBuilder (TF) and BytecodeGenerator (Ignition), so is no
longer a full-codegen datastructure. Removes full-codegen.h dependency from
compiler/ and interpreter/
Review URL: https://codereview.chromium.org/1393393003
Cr-Commit-Position: refs/heads/master@{#31256}
Perform native context specialization immediately after graph
construction (also after inlinee graph construction). This way
we can do unified inlining before we go to typing and typed
lowering. And we will get better typing due to constants and
(checked) type feedback.
R=mstarzinger@chromium.org
BUG=v8:4470
LOG=n
Review URL: https://codereview.chromium.org/1404123002
Cr-Commit-Position: refs/heads/master@{#31255}
Adds Object literal support to the interpreter. Adds the following bytecodes:
- ToName
- CreateObjectLiteral.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1386313005
Cr-Commit-Position: refs/heads/master@{#31253}
This is a first prototype for a rudimentary inlining heuristic allowing
enabling of general inlining based existing budget flags. Also note that
this approach does not yet work for multi-level inlining, for now the
list of candidates is processed exactly once.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1406543002
Cr-Commit-Position: refs/heads/master@{#31249}
Fix mina instruction in mips32 and mips64 simulator according to IEEE 754-2008 standard
BUG=
Review URL: https://codereview.chromium.org/1402923002
Cr-Commit-Position: refs/heads/master@{#31243}
The lack of a vector slot for the keyed store operation in filling in
non-constant array literal properties led to undesirable contortions in
compilers downwind of full-codegen. The use of a single slot to initialize all
the array elements is sufficient.
BUG=
Review URL: https://codereview.chromium.org/1405503002
Cr-Commit-Position: refs/heads/master@{#31242}
Adds array literal support to the interpreter. Currently constructed
array elements don't have type feedback slots, so also adds support for
generic keyed store operations.
Adds the following bytecodes:
- CreateArrayLiteral
- KeyedStoreICGeneric
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1400753003
Cr-Commit-Position: refs/heads/master@{#31240}
Adds support for creation of new local function contexts (or script context for
top-level code). As part of this, also adds support for context push/pop
operations using a ContextScope object in BytecodeGenerator. Adds the following
bytecodes:
- PushContext
- PopContext
Support for inner contexts and loading from / storing to context allocated
variables will come in a future CL.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1379793004
Cr-Commit-Position: refs/heads/master@{#31238}
The flag for deactivating break points also affects stepping, since both
are implemented via debug break slots. Fixing this by introducing a new
flag solely responsible for deactivating actual break points.
R=mvstanton@chromium.org
BUG=chromium:119800
LOG=N
Review URL: https://codereview.chromium.org/1402913002
Cr-Commit-Position: refs/heads/master@{#31236}
- Fairly (round-robin) divide available memory upon compaction tasks.
- Ensure an upper limit (of memory) since dividing is O(n) for n free-space
nodes.
- Refill from free lists managed by sweeper once a compaction space becomes
empty.
Assumption for dividing memory: Memory in the free lists is sparse upon starting
compaction (which means that only few nodes are available), except for memory
reducer GCs, which happen in idle time though (so it's less of a problem).
BUG=chromium:524425
LOG=N
Review URL: https://codereview.chromium.org/1382003002
Cr-Commit-Position: refs/heads/master@{#31234}
This adds a workaround that zeroes out semaphores before they are
initialized. Some versions of sem_init (e.g. GLIBC_2.0) fail to fully
zero out the semaphore, leading to {errno == ENOSYS} with subsequent
sem_timedwait calls.
R=machenbach@chromium.org
BUG=chromium:536813
LOG=n
Review URL: https://codereview.chromium.org/1407463002
Cr-Commit-Position: refs/heads/master@{#31232}
Adds function literal support and add support for OTHER_CALLS which can be
made when calling a function literal.
Adds the CreateClosure bytecode.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1396693003
Cr-Commit-Position: refs/heads/master@{#31231}
This moves JavaScript source files that are bundled with V8 into a
separate directory. The goal is to improve code readability and also
being able to formalize ideal reviewers by subsequently adding the
OWNERS file. These files almost exclusively contain implementations
of methods fully specified by ES6.
Note that files in the "debug" directory as well as the "d8.js" file
aren't affected by this change.
R=rossberg@chromium.org
Review URL: https://codereview.chromium.org/1398733002
Cr-Commit-Position: refs/heads/master@{#31230}
Looking up 'name' and 'message' properties at the same time and loading
the properties later can cause assertion failure if one of the properties
is an accessor and calling it changes the holder map. That may invalidate
the other lookup.
R=jkummerow@chromium.org
BUG=chromium:542101
LOG=N
Review URL: https://codereview.chromium.org/1403923002
Cr-Commit-Position: refs/heads/master@{#31229}
This fixes a regression in Octane's pdf.js after r30818. The bug itself
has been present for a long time, but StringCompareStub wasn't actually
used until r30818 so it went unnoticed.
Review URL: https://codereview.chromium.org/1399983002
Cr-Commit-Position: refs/heads/master@{#31227}
This changes hashing and comparison functions for JSCreateClosure
operators to be based in the handle location instead of the referenced
object identity. This is in sync with all other JS operators.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1388233007
Cr-Commit-Position: refs/heads/master@{#31225}
Before this CL, we created one live range per successive set of
deferred blocks. For scenarios with many such blocks, this creates
an upfront pressure for the register allocator to deal with many ranges.
Linear sorts ranges, which is a super-linear operation.
The change places all deferred intervals into one range, meaning that,
at most, there will be twice as many live ranges as the original set. In
pathological cases (benchmarks/Compile/slow_nbody1.js), this change
halves the compilation time. We see some improvements elsewhere,
notably SQLite at ~4-5%.
We may be able to avoid the subsequent merge. Its cost is the
additional ranges it may need to create. The sole reason for the merge
phase is to provide an unchanged view of the world to the subsequent
phases. With the at-most-one splinter model, we may be able to teach
the other phases about splintering - should we find perf hindrances
due to merging.
Review URL: https://codereview.chromium.org/1391023007
Cr-Commit-Position: refs/heads/master@{#31224}
For live ranges with many use positions, such as those encountered in
some unity asm.js code, this change significantly reduces compile time
(e.g. benchmarks/Compile/slow_nbody1.js: from ~6s to 2s). The
improvement is solely due to regressions (fixed by this CL) due to
splintering.
This CL does not fully address compile time problems for large
functions in Turbofan, but constitutes a step in the right direction.
Review URL: https://codereview.chromium.org/1386253004
Cr-Commit-Position: refs/heads/master@{#31220}
Previously, name conflicts between var and let declarations were only
made into exceptions if they were visible at parse-time. This patch adds
runtime checks so that sloppy-mode direct eval can't introduce conflicting
var declarations. The change is implemented by traversing the scope chain
when a direct eval introduces a var declaration to look for conflicting
let declarations, up to the function boundary.
BUG=v8:4454
R=adamk
LOG=Y
Review URL: https://codereview.chromium.org/1382513003
Cr-Commit-Position: refs/heads/master@{#31211}
-Bitwise Or
-Bitwise Xor
-Bitwise And
Adds the above bytecodes, support to BytecodeGenerator and BytecodeArrayBuilder to enable it's use, it's implementation and tests.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1386133002
Cr-Commit-Position: refs/heads/master@{#31210}
Reason for revert:
This still breaks Inbox.
Original issue's description:
> Stage --harmony_sloppy_function
>
> This patch turns on ES2015-style function hoisting semantics in
> staging. --harmony_sloppy_function was previously staged, leading
> to a number of bugs being filed and the staging being reversed;
> important bugs have been fixed, so it is time to try again.
>
> R=adamk
> LOG=Y
> BUG=v8:4285
>
> Committed: https://crrev.com/333e27fd99f8187c97e62b9538529900f0a30668
> Cr-Commit-Position: refs/heads/master@{#31190}
TBR=adamk@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4285
Review URL: https://codereview.chromium.org/1402763003
Cr-Commit-Position: refs/heads/master@{#31206}
Adds support for following operators
-Shift left
-Shift right
-Shift right logical
Adds the above bytecodes, support to BytecodeGenerator and BytecodeArrayBuilder
to enable it's use, it's implementation and tests.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1392913002
Cr-Commit-Position: refs/heads/master@{#31205}
The stack manipulation was expensive. Two virtual registers are better.
BUG=
Review URL: https://codereview.chromium.org/1376933006
Cr-Commit-Position: refs/heads/master@{#31204}
Scope has no subclasses, so "protected" should just be "private". And
there is no ParserFactory class, so making it a friend doesn't buy us
anything.
Review URL: https://codereview.chromium.org/1393303005
Cr-Commit-Position: refs/heads/master@{#31201}
Fixes clang on windows warning:
..\..\v8\src\base\platform\platform-win32.cc(836,1) :
error: function declared 'noreturn' should not return
[-Werror,-Winvalid-noreturn]
CQ_INCLUDE_TRYBOTS=tryserver.chromium.win:win_clang_rel,win_clang_x64_rel
Review URL: https://codereview.chromium.org/1390193003
Cr-Commit-Position: refs/heads/master@{#31194}
This patch turns on ES2015-style function hoisting semantics in
staging. --harmony_sloppy_function was previously staged, leading
to a number of bugs being filed and the staging being reversed;
important bugs have been fixed, so it is time to try again.
R=adamk
LOG=Y
BUG=v8:4285
Review URL: https://codereview.chromium.org/1393423002
Cr-Commit-Position: refs/heads/master@{#31190}
Make the end position of a regexp literal the first character following the regexp. This matches the behaviour of number literals and string literals, as well as single-character tokens.
This change corrects the lazy-parsing of arrow functions with concise bodies, whose last token is a regular expression literal.
BUG=v8:4474
LOG=N
R=wingo@igalia.com, adamk@chromium.org, rossberg@chromium.org
Review URL: https://codereview.chromium.org/1389313003
Cr-Commit-Position: refs/heads/master@{#31189}
Reason for revert:
This contains bugs, as found by mstarzinger. Reverting until we can find a clean fix (maybe it should be an inline function instead of a macro).
Original issue's description:
> Use simple/fast macro version of MinMax in JS
>
> Use the simple macro version of {Min, Max} where possible to
> improve performance
>
> Follow-up to CR: https://codereview.chromium.org/1331993004
>
> BUG=
>
> Committed: https://crrev.com/27c96c26212a10bb7f19f7bf3ff793b31bbad354
> Cr-Commit-Position: refs/heads/master@{#31162}
TBR=jkummerow@chromium.org,mstarzinger@chromium.org,karl@skomski.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1394303003
Cr-Commit-Position: refs/heads/master@{#31187}
Without that, it has a few false positives about out-of-bounds array accesses.
Also makes the clang static-analyzer happy.
Original code review from Sven Panne:
https://codereview.chromium.org/790723002/
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_arm_dbg,v8_linux_arm64_dbg,v8_mac64_dbg,v8_win_compile_dbg,v8_linux_gcc_rel
Review URL: https://codereview.chromium.org/1393023003
Cr-Commit-Position: refs/heads/master@{#31185}
This will allow exploration of possibilities like passing around buffer base and length.
BUG=None
TEST=test-multiple-return
LOG=N
R=mtrofin@chromium.org,titzer@chromium.org
Review URL: https://codereview.chromium.org/1391333003
Cr-Commit-Position: refs/heads/master@{#31184}
This adds support to also lower stores to global property cells in state
kConstant or kConstantType, where we need to deoptimize eagerly in case
we have a value/type mismatch.
Also fixes bugs in the construction of the frame states in the
AstGraphBuilder.
R=jarin@chromium.org
BUG=v8:4470
LOG=n
Review URL: https://codereview.chromium.org/1398723002
Cr-Commit-Position: refs/heads/master@{#31178}
This fixes several warnings when cross-building using GCC (since r31087,
5cf1c0b).
In particular, CPURegister::code() now returns 'int', matching the other
platforms (and the coding style guide). The rest of the patch consists
of similar changes to make this work.
BUG=
Review URL: https://codereview.chromium.org/1393043003
Cr-Commit-Position: refs/heads/master@{#31176}
This change removes the unswept free bytes counter.
The new approach
- directly decrements allocated memory and capacity before sweeping (using live
bytes from the marker), and
- adds back capacity during refilling a free list.
This is another pre-work for moving around free lists while keeping the counters
in a sane state.
The previous approach allowed us to nail down how much memory is to-be-swept.
However, there were no users of this as we only used it do decrement it from
allocated memory (which still accounted for dead objects). If we want to keep
track of unswept free bytes in a space during compaction we can introduce a
separate new concurrent counter for this purpose.
BUG=chromium:524425
LOG=N
Review URL: https://codereview.chromium.org/1380723002
Cr-Commit-Position: refs/heads/master@{#31175}
There's no need for a dedicated ToBoolean builtin in JavaScript, since
ToBoolean(x) can easily be expressed in JavaScript as !!x, which has the
additional advantage that the compilers are able to properly optimize
that (out of the box).
Review URL: https://codereview.chromium.org/1400463002
Cr-Commit-Position: refs/heads/master@{#31172}
For property cells with cell type kConstantType, we can compute an
appropriate JavaScript type based on the current value of that cell.
Numbers cannot use Type::Of here, because the type might be too precise,
so we handle smi and heap number specially.
R=jarin@chromium.org
BUG=v8:4470
LOG=n
Review URL: https://codereview.chromium.org/1400483002
Cr-Commit-Position: refs/heads/master@{#31171}
Reason for revert:
Breaks Arm debug.
Original issue's description:
> Reland: Introduce a V8_NORETURN macro and use it to make GCC 4.9.2 happy again.
>
> Without that, it has a few false positives about out-of-bounds array accesses.
> Also makes the clang static-analyzer happy.
>
> Original code review from Sven Panne:
> https://codereview.chromium.org/790723002/
>
> CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_arm_dbg,v8_linux_arm64_dbg,v8_mac64_dbg,v8_win_compile_dbg
>
> Committed: https://crrev.com/93ae81101af68d81b7af84ea4046ea849e605116
> Cr-Commit-Position: refs/heads/master@{#31163}
TBR=jochen@chromium.org,karl@skomski.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1398643002
Cr-Commit-Position: refs/heads/master@{#31167}
Implements support for declaring global variables. Also adds support for loading
from and storing to both global and unallocated global variables. Adds the
following bytecodes:
- StoreGlobal
- LoadContextSlot
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1378523005
Cr-Commit-Position: refs/heads/master@{#31166}
Add a flag to explicitly filter scripts in ignition and use it for the test262
variant. The previous approach of overloading ignition-filter meant that only
top-level code was getting compiled through ignition.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1396493002
Cr-Commit-Position: refs/heads/master@{#31164}
Without that, it has a few false positives about out-of-bounds array accesses.
Also makes the clang static-analyzer happy.
Original code review from Sven Panne:
https://codereview.chromium.org/790723002/
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_arm_dbg,v8_linux_arm64_dbg,v8_mac64_dbg,v8_win_compile_dbg
Review URL: https://codereview.chromium.org/1383053005
Cr-Commit-Position: refs/heads/master@{#31163}
In ES5, ToObject was called on elements before invoking the
.toLocaleString() method on them. ES2015 specifies that ToObject is
not called. A test262 test verifies this change. This patch
implements the new ES2015 behavior. It is verified by the test262 test
built-ins/Array/prototype/toLocaleString/primitive_this_value_getter
R=adamk
Review URL: https://codereview.chromium.org/1390893003
Cr-Commit-Position: refs/heads/master@{#31160}
In ES2015, section 20.3.1.15, TimeClip (an internal algorihtm which is
called when normalizing Date representations) is specified to add 0
to its result, which converts -0 into +0. This patch adds that conversion
to the Date code. It is verified by the test262 test
built-ins/Date/TimeClip_negative_zero
R=adamk
Review URL: https://codereview.chromium.org/1387293002
Cr-Commit-Position: refs/heads/master@{#31159}
Calling LowerInlineAllocationLimit from the bottom of Heap::Scavenge seems to be
a no-op.
new_space_.LowerInlineAllocationLimit(
new_space_.inline_allocation_limit_step());
LowerInlineAllocatoinLimit does the following things:
1. Set the inline_allocation_limit_step_ to the passed in value. No-op.
2. Calls UpdateInlineAllocationLimit(0). This is unnecessary here as it has
already been called when new_space_.ResetAllocationInfo was called above.
3. Sets top_on_previous_step_. This again is unnecessary as it gets reached by
ResetAllocationInfo as well.
BUG=
R=hpayer@chromium.org,ulan@chromium.org
Review URL: https://codereview.chromium.org/1390013002
Cr-Commit-Position: refs/heads/master@{#31156}
Previously, arrow function scopes had a separate ScopeType. However,
Scope::DeserializeScopeChain() erroneously deserialized ARROW_SCOPE
ScopeInfos as FUNCTION_SCOPE. This could lead to bugs such as the
attached one, where "super" was disallowed where it should have
been allowed.
This patch utilizes the Scope's FunctionKind to distinguish arrow
functions from others. Besides fixing the above bug, this also
simplifies code in various places that had to deal with two different
ScopeTypes both of which meant "function".
BUG=v8:4466
LOG=n
Review URL: https://codereview.chromium.org/1386253002
Cr-Commit-Position: refs/heads/master@{#31154}
This makes it explicit when the --ignition-filter pattern should be
applied to the script name instead of the function name by using a
proper "s:{name}" pattern. It also hardcodes it to be a prefix match
instead of an exact match, because that is all we need for test262.
R=rmcilroy@chromium.org
Review URL: https://codereview.chromium.org/1389353002
Cr-Commit-Position: refs/heads/master@{#31153}
Allow access to Array Iterator through the API, in order to simplify
setting up interfaces which use these methods. This applies to
WebIDL interfaces with "length" attributes returning integer types and
a getter taking an unsigned long type.
BUG=
LOG=N
R=adamk@chromium.org
Review URL: https://codereview.chromium.org/1378403004
Cr-Commit-Position: refs/heads/master@{#31152}
This separates the core machinery and the heuristics involved with
inlining functions calls. So far the heuristic only respects our
%SetForceInlineFlag hint, but it will the place where general inlining
heuristics can live without impeding clarity of the core machinery.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1391903002
Cr-Commit-Position: refs/heads/master@{#31150}
Untangles committed memory from capacity in a given space and unifies accounting
for all spaces.
Pre-work for parallel compaction.
R=hpayer@chromium.org
BUG=chromium:524425
LOG=N
Review URL: https://codereview.chromium.org/1388383002
Cr-Commit-Position: refs/heads/master@{#31149}
Introduce a new JSGlobalSpecialization advanced reducer that runs
during the initial inlining and context specialization, and specializes
the graph to the globals of the native context. Currently we assume
that we do not inline cross native context, but long-term we will grab
the global object from the JSLoadGlobal/JSStoreGlobal feedback (with the
new global load/store ICs that are currently in the workings), and then
this whole specialization will be fully compositional even across
cross-context inlining.
Note that we cannot really handle most of the stores to global object
property cells because TurboFan doesn't have a mechanism to enforce
certain representations. Also note that we cannot yet fully benefit
from the type feedback collected on the global object property cells,
because the type system cannot deal with maps in a reasonable way.
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_rel
R=jarin@chromium.org
BUG=v8:4470
LOG=n
Committed: https://crrev.com/6fbf7903f94924ea066af481719898bd9667b6eb
Cr-Commit-Position: refs/heads/master@{#31139}
Review URL: https://codereview.chromium.org/1387393002
Cr-Commit-Position: refs/heads/master@{#31148}
- Reflect.deleteProperty
- Reflect.get
- Reflect.has
- Reflect.isExtensible
Reflect.get doesn't support the receiver argument yet, and
some of the others don't support proxies yet.
R=rossberg
BUG=v8:3931
LOG=n
Review URL: https://codereview.chromium.org/1379313002
Cr-Commit-Position: refs/heads/master@{#31146}
Reason for revert:
Breaks GC stress: http://build.chromium.org/p/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/1984/steps/Bisect%20c5528ac1.Retry/logs/regress-crbug-450960
Original issue's description:
> [turbofan] Add initial support for global specialization.
>
> Introduce a new JSGlobalSpecialization advanced reducer that runs
> during the initial inlining and context specialization, and specializes
> the graph to the globals of the native context. Currently we assume
> that we do not inline cross native context, but long-term we will grab
> the global object from the JSLoadGlobal/JSStoreGlobal feedback (with the
> new global load/store ICs that are currently in the workings), and then
> this whole specialization will be fully compositional even across
> cross-context inlining.
>
> Note that we cannot really handle most of the stores to global object
> property cells because TurboFan doesn't have a mechanism to enforce
> certain representations. Also note that we cannot yet fully benefit
> from the type feedback collected on the global object property cells,
> because the type system cannot deal with maps in a reasonable way.
>
> CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_rel
> R=jarin@chromium.org
> BUG=v8:4470
> LOG=n
>
> Committed: https://crrev.com/6fbf7903f94924ea066af481719898bd9667b6eb
> Cr-Commit-Position: refs/heads/master@{#31139}
TBR=jarin@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4470
Review URL: https://codereview.chromium.org/1390073004
Cr-Commit-Position: refs/heads/master@{#31144}
Thus TypeFeedbackMetadata can now be shared between different native contexts.
Review URL: https://codereview.chromium.org/1384673002
Cr-Commit-Position: refs/heads/master@{#31143}
Adds support for compiling top level code to bytecode to be run in the
interpreter.
Also moves PassesFilter to String:: so that it can be used to filter top
level script names as well as functions (used in
https://codereview.chromium.org/1379093002/)
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1372293005
Cr-Commit-Position: refs/heads/master@{#31142}
Introduce a new JSGlobalSpecialization advanced reducer that runs
during the initial inlining and context specialization, and specializes
the graph to the globals of the native context. Currently we assume
that we do not inline cross native context, but long-term we will grab
the global object from the JSLoadGlobal/JSStoreGlobal feedback (with the
new global load/store ICs that are currently in the workings), and then
this whole specialization will be fully compositional even across
cross-context inlining.
Note that we cannot really handle most of the stores to global object
property cells because TurboFan doesn't have a mechanism to enforce
certain representations. Also note that we cannot yet fully benefit
from the type feedback collected on the global object property cells,
because the type system cannot deal with maps in a reasonable way.
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_rel
R=jarin@chromium.org
BUG=v8:4470
LOG=n
Review URL: https://codereview.chromium.org/1387393002
Cr-Commit-Position: refs/heads/master@{#31139}
Reason for revert:
Suspected to cause crbug.com/539892
Original issue's description:
> improve perf_basic_prof filename reporting
>
> The buffer used for appending filenames to the string printed to the
> perf_basic_prof log was unnecessarily too small. Bump it up to be at least
> kUtf8BufferSize.
>
> Truncation of filenames makes it really hard to work with profiles gathered on
> Node.js. Because of the way Node.js works, you can have node module dependencies
> in deeply nested directories. The last thing you want when investigating a
> performance problem is to have script names be truncated.
>
> This patch is a stop-gap. Ideally, I want no truncation of the filename at all
> and use a dynamically growing buffer. That would be a larger change, and I
> wanted to have a quick fix available that can be back-ported to Node.js LTS
> release.
>
> R=yangguo@chromium.org,yurys@chromium.org
> BUG=
>
> Committed: https://crrev.com/03ef3cd004c2fd31ae7e48772f106df67b8c2feb
> Cr-Commit-Position: refs/heads/master@{#31092}
TBR=yangguo@chromium.org,yurys@chromium.org,ofrobots@google.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1390923004
Cr-Commit-Position: refs/heads/master@{#31137}
Optimizing global constants such as "NaN", "Infinity" and "undefined" is
best performed during graph building. Then the optimization and lowering
passes only need to deal with real loads in case of JSLoadGlobal.
R=mstarzinger@chromium.org
BUG=v8:4470
LOG=n
Review URL: https://codereview.chromium.org/1384953002
Cr-Commit-Position: refs/heads/master@{#31135}
Adds support for strict mode load / store ICs and cleans up BinaryOp and
CompareOp to only trigger an UNIMPLEMENTED abort if called with STRONG
mode (which is the only language mode which has different compare/binary ops.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1385623002
Cr-Commit-Position: refs/heads/master@{#31134}
Symbols marked as "well-known" now return an undefined value when loaded with a failed access check, instead of throwing.
Currently, only @@isConcatSpreadable is marked as well-known, until the correct behaviour is properly specified.
BUG=v8:4289, 507553
LOG=N
R=adamk@chromium.org, jochen@chromium.org, verwaest@chromium.org
Review URL: https://codereview.chromium.org/1230793002
Cr-Commit-Position: refs/heads/master@{#31131}
Reason for revert:
[Sheriff] Speculative revert due to crbug.com/539814
Original issue's description:
> Changed scavenge GC to collect unmodified references
>
> Added a scavenge GC pass that collects unmodified references instead of
> processing object groups. This mode can be controlled by setting
> FLAG_scavenge_remove_unmodified_objects. By default this is turned off.
> Also, modified a test case to suit the handle the new GC pass.
>
> BUG=v8:4421
> LOG=N
>
> Committed: https://crrev.com/6254019238a853c9f3c09d615ba153043f6957c7
> Cr-Commit-Position: refs/heads/master@{#31102}
TBR=jochen@chromium.org,rmcilroy@chromium.org,mythria@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4421,chromium:539814
Review URL: https://codereview.chromium.org/1388133002
Cr-Commit-Position: refs/heads/master@{#31130}
Previously, cases like
var [foo]
led to a parser crash because the parser tried to do something with
the initializer, which was not syntactically present.
This patch fixes the parser issue (implicitly creating an undefined
initializer) and inserts a check for array destructuring that the
right-hand side is coercible to an object, so it can have iterator
methods called on it safely.
BUG=v8:4462
LOG=Y
R=adamk
Review URL: https://codereview.chromium.org/1384413002
Cr-Commit-Position: refs/heads/master@{#31128}
ASLR is much weaker in a 2GB address space. Plus the vast
majority of 32-bit Windows hosts are XP, which don't have
ASLR anyway. So, avoid the fragmentation and skip it in
this case.
BUG=chromium:394591
LOG=Y
R=jochen@chromium.org
Review URL: https://codereview.chromium.org/1385023002
Cr-Commit-Position: refs/heads/master@{#31127}
Implementations and tests for typeof, void, and logical not.
Add missing string type to Object::TypeOf.
BUG=v8:4280
LOG=NO
Review URL: https://codereview.chromium.org/1390483002
Cr-Commit-Position: refs/heads/master@{#31124}
When calling into C++ builtins, we need to make sure that the argument
count register contains the correct number of arguments, otherwise the
CEntryStub will not be able to leave the stack in the correct state.
R=ishell@chromium.org
BUG=v8:4413
LOG=n
Review URL: https://codereview.chromium.org/1391543002
Cr-Commit-Position: refs/heads/master@{#31120}
Previously, using legacy const in for-of/in loops led to a check-fail
in the parser. This was due to the fact that the destructuring bind
led to an undefined initialization to undefined in the parser, which
caused the for loop code to go down a strange path. This patch
eliminates the undefined initialization in variables declared in
for-in/of loops, so that that path is not used and the error is
fixed.
BUG=v8:4461
LOG=Y
R=adamk
Review URL: https://codereview.chromium.org/1385913003
Cr-Commit-Position: refs/heads/master@{#31117}
* Promise.resolve is now works with subclasses
* Spec removed [[PromiseConstructor]] now can simply use constructor
* Promise.resolve ignores species
R=littledan@chromium.org,domenic@chromium.org
BUG=v8:4161,v8:4341
LOG=Y
Review URL: https://codereview.chromium.org/1362773002
Cr-Commit-Position: refs/heads/master@{#31116}
This patch prohibits lexical bindings from being called 'let', even in
sloppy mode, following the ES2015 specification. The change affects
multiple cases of lexical bindings, including simple let/const declarations
and both kinds of for loops. var and legacy const bindings still permit
the name to be let, including in destructuring cases. Tests are added to
verify, though some cases are commented out since they led to (pre-existing)
crashes.
BUG=v8:4403
R=adamk
LOG=Y
Review URL: https://codereview.chromium.org/1371263003
Cr-Commit-Position: refs/heads/master@{#31115}
Port 5cf1c0bcf6
Original commit message:
Previous to this patch, both the lithium and TurboFan register
allocators tracked allocated registers by "indices", rather than
the register codes used elsewhere in the runtime. This patch
ensures that codes are used everywhere, and in the process cleans
up a bunch of redundant code and adds more structure to how the
set of allocatable registers is defined.
Some highlights of changes:
* TurboFan's RegisterConfiguration class moved to V8's top level
so that it can be shared with Crankshaft.
* Various "ToAllocationIndex" and related methods removed.
* Code that can be easily shared between Register classes on
different platforms is now shared.
* The list of allocatable registers on each platform is declared
as a list rather than implicitly via the register index <->
code mapping.
R=danno@chromium.org, bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1381383002
Cr-Commit-Position: refs/heads/master@{#31114}
Clang builds on Windows were failing with:
..\..\v8\src\register-configuration.cc(85,17) : error: unqualified friend
declaration referring to type outside of the nearest enclosing namespace is
a Microsoft extension; add a nested name specifier
[-Werror,-Wmicrosoft-unqualified-friend]
friend struct Register;
^
::v8::internal::
How did it work on non-Windows? The friend declarations were declaring
new Register and DoubleRegister structs in the current namespace, instead
of refering the existing classes in the outer namespce.
The code isn't referencing any private members of these classes anyway,
so let's drop the friend declarations.
BUG=82385
LOG=n
Review URL: https://codereview.chromium.org/1389723002
Cr-Commit-Position: refs/heads/master@{#31113}
The --abort-on-uncaught-exception command line switch makes
Isolate::Throw abort if the error being thrown cannot be caught by a
try/catch block.
Embedders may want to use other mechanisms than try/catch blocks to
handle uncaught exceptions. For instance, Node.js has "domain" objects
that have error handlers that can handle uncaught exception like
following:
var d = domain.create();
d.on('error', function onError(err) {
console.log('Handling error');
});
d.run(function() {
throw new Error("boom");
});
These error handlers are called by isolates' message listeners.
If --abort-on-uncaught-exception is *not* used, the isolate's
message listener will be called, which will in turn call the domain's
error handler. The process will output 'Handling error' and will exit
successfully (not due to an uncaught exception). This is the behavior
that Node.js users expect.
However, if --abort-on-uncaught-exception is used and when throwing an
error within a domain that has an error handler, the process will abort
and the domain's error handler will not be called. This is not the
behavior that Node.js users expect.
Having a SetAbortOnUncaughtExceptionCallback API allows embedders to
determine when it's not appropriate to abort and instead handle the
exception via the isolate's message listener.
In the example above, Node.js would set a custom callback with
SetAbortOnUncaughtExceptionCallback that would be implemented as
following (the sample code has been simplified to remove what's not
relevant to this change):
bool ShouldAbortOnUncaughtException(Isolate* isolate) {
return !IsDomainActive();
}
Now when --abort-on-uncaught-exception is used, Isolate::Throw would
call that callback and determine that it should not abort if a domain
with an error handler is active. Instead, the isolate's message listener
would be called and the error would be handled by the domain's error
handler.
I believe this can also be useful for other embedders.
BUG=
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1375933003
Cr-Commit-Position: refs/heads/master@{#31111}
The log-utils.h file uses va_list but doesn't require the header. This CL
adds the needed header to remove a compiler error we've seen when doing some
bisecting.
Review URL: https://codereview.chromium.org/1383483004
Cr-Commit-Position: refs/heads/master@{#31110}
Clusterfuzz testing discovered that sloppy-mode block-scoped function
declarations introduce lexically-scoped variables in scopes that were
thrown away under the expectation that no lexically-scoped variables
were introduced. These cases are:
for (;;) function foo() {}
for (x in y) function foo() {}
This patch ensures that a block is created in those cases to hold the
lexically scoped variable. Usually, scope analysis should discover that
that block is not important, and it should not have a runtime
representation.
BUG=chromium:536750,chromium:536751
LOG=Y
R=adamk
Review URL: https://codereview.chromium.org/1382123002
Cr-Commit-Position: refs/heads/master@{#31109}
Without that, it has a few false positives about out-of-bounds array accesses.
Also makes the clang static-analyzer happy.
Original code review from Sven Panne:
https://codereview.chromium.org/790723002/
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_arm_dbg,v8_linux_arm64_dbg,v8_mac64_dbg,v8_win_compile_dbg
Review URL: https://codereview.chromium.org/1384873002
Cr-Commit-Position: refs/heads/master@{#31105}
This removes the lookup-inl.h header file, which actually would break
compilation if included more than once in the codebase. It only holds
methods used solely in the lookup.cc compilation unit.
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/1375843004
Cr-Commit-Position: refs/heads/master@{#31104}
Added a scavenge GC pass that collects unmodified references instead of
processing object groups. This mode can be controlled by setting
FLAG_scavenge_remove_unmodified_objects. By default this is turned off.
Also, modified a test case to suit the handle the new GC pass.
BUG=v8:4421
LOG=N
Review URL: https://codereview.chromium.org/1358703003
Cr-Commit-Position: refs/heads/master@{#31102}
Port 75f6ad74b2
Original commit message:
Adds support for calling runtime functions from the interpreter. Adds the
CallRuntime bytecode which takes a Runtime::FunctionId of the function to call
and the arguments in sequential registers. Adds a InterpreterCEntry builtin
to enable the interpreter to enter C++ code based on the functionId.
Also renames Builtin::PushArgsAndCall to Builtin::InterpreterPushArgsAndCall
and groups all the interpreter builtins together.
R=rmcilroy@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1384483004
Cr-Commit-Position: refs/heads/master@{#31098}
The change in question caused regressions on GC-heavy benchmarks,
presumably due to the added indirection that is taken within hot code
like the marking visitor.
This is a manual revert due to conflicts.
This reverts commit 4f55b83012.
R=hpayer@chromium.org
BUG=chromium:539273
LOG=n
Review URL: https://codereview.chromium.org/1386863002
Cr-Commit-Position: refs/heads/master@{#31097}
Now there are two functions, one corresponding to the spec's
[[PreventExtensions]] and one corresponding to Object.preventExtensions.
They differ in what they return.
This CL is in preparation of implementing Reflect.preventExtensions.
R=rossberg
BUG=
Review URL: https://codereview.chromium.org/1377103005
Cr-Commit-Position: refs/heads/master@{#31096}
Fixes:
../../test/cctest/compiler/test-js-typed-lowering.cc:224:14:
error: ‘kJSTypes’ defined but not used [-Werror=unused-variable]
static Type* kJSTypes[] = {Type::Undefined(), Type::Null(), Type::Boolean(),
../../src/bignum.cc: In member function
‘void v8::internal::Bignum::AssignDecimalString(Vector<const char>)’:
../../src/bignum.cc:80:6: error: assuming signed overflow does not occur when
assuming that (X + c) < X is always false [-Werror=strict-overflow]
../../src/compiler/ia32/code-generator-ia32.cc:1366:3:
required from here ../../src/base/logging.h:123:26:
error: comparison between signed and unsigned integer expressions
[-Werror=sign-compare] DEFINE_CHECK_OP_IMPL(EQ, ==)
BUG=
Review URL: https://codereview.chromium.org/1371823002
Cr-Commit-Position: refs/heads/master@{#31095}
The buffer used for appending filenames to the string printed to the
perf_basic_prof log was unnecessarily too small. Bump it up to be at least
kUtf8BufferSize.
Truncation of filenames makes it really hard to work with profiles gathered on
Node.js. Because of the way Node.js works, you can have node module dependencies
in deeply nested directories. The last thing you want when investigating a
performance problem is to have script names be truncated.
This patch is a stop-gap. Ideally, I want no truncation of the filename at all
and use a dynamically growing buffer. That would be a larger change, and I
wanted to have a quick fix available that can be back-ported to Node.js LTS
release.
R=yangguo@chromium.org,yurys@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1388543002
Cr-Commit-Position: refs/heads/master@{#31092}
Adds support for calling runtime functions from the interpreter. Adds the
CallRuntime bytecode which takes a Runtime::FunctionId of the function to call
and the arguments in sequential registers. Adds a InterpreterCEntry builtin
to enable the interpreter to enter C++ code based on the functionId.
Also renames Builtin::PushArgsAndCall to Builtin::InterpreterPushArgsAndCall
and groups all the interpreter builtins together.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1362383002
Cr-Commit-Position: refs/heads/master@{#31089}
Previous to this patch, both the lithium and TurboFan register
allocators tracked allocated registers by "indices", rather than
the register codes used elsewhere in the runtime. This patch
ensures that codes are used everywhere, and in the process cleans
up a bunch of redundant code and adds more structure to how the
set of allocatable registers is defined.
Some highlights of changes:
* TurboFan's RegisterConfiguration class moved to V8's top level
so that it can be shared with Crankshaft.
* Various "ToAllocationIndex" and related methods removed.
* Code that can be easily shared between Register classes on
different platforms is now shared.
* The list of allocatable registers on each platform is declared
as a list rather than implicitly via the register index <->
code mapping.
Committed: https://crrev.com/80bc6f6e11f79524e3f1ad05579583adfd5f18b2
Cr-Commit-Position: refs/heads/master@{#30913}
Committed: https://crrev.com/7b7a8205d9a00c678fb7a6e032a55fecbc1509cf
Cr-Commit-Position: refs/heads/master@{#31075}
Review URL: https://codereview.chromium.org/1287383003
Cr-Commit-Position: refs/heads/master@{#31087}
Properly share both the constructor and the non-constructor maps
for bound functions. Previously we had only the non-constructor
map shared on the native context, and we had to create a new map
for every bound function whose [[BoundTargetFunction]] is a
constructor (in the ES6 sense).
This should repair the most recent regression on Speedometer.
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_dbg
R=jarin@chromium.org
BUG=chromium:536114,chromium:535408,v8:4430
LOG=n
Review URL: https://codereview.chromium.org/1379323002
Cr-Commit-Position: refs/heads/master@{#31086}
Reason for revert:
Failures on MIPS
Original issue's description:
> Remove register index/code indirection
>
> Previous to this patch, both the lithium and TurboFan register
> allocators tracked allocated registers by "indices", rather than
> the register codes used elsewhere in the runtime. This patch
> ensures that codes are used everywhere, and in the process cleans
> up a bunch of redundant code and adds more structure to how the
> set of allocatable registers is defined.
>
> Some highlights of changes:
>
> * TurboFan's RegisterConfiguration class moved to V8's top level
> so that it can be shared with Crankshaft.
> * Various "ToAllocationIndex" and related methods removed.
> * Code that can be easily shared between Register classes on
> different platforms is now shared.
> * The list of allocatable registers on each platform is declared
> as a list rather than implicitly via the register index <->
> code mapping.
>
> Committed: https://crrev.com/80bc6f6e11f79524e3f1ad05579583adfd5f18b2
> Cr-Commit-Position: refs/heads/master@{#30913}
>
> Committed: https://crrev.com/7b7a8205d9a00c678fb7a6e032a55fecbc1509cf
> Cr-Commit-Position: refs/heads/master@{#31075}
TBR=akos.palfi@imgtec.com,bmeurer@chromium.org,jarin@chromium.org,paul.lind@imgtec.com,titzer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1380863004
Cr-Commit-Position: refs/heads/master@{#31083}
Reason for revert:
Now breaking arm32 debug bot (worked locally even with --debug-code, so I'll need to figure out what's different on the bot)
Original issue's description:
> [Interpreter] Add CallRuntime support to the interpreter.
>
> Adds support for calling runtime functions from the interpreter. Adds the
> CallRuntime bytecode which takes a Runtime::FunctionId of the function to call
> and the arguments in sequential registers. Adds a InterpreterCEntry builtin
> to enable the interpreter to enter C++ code based on the functionId.
>
> Also renames Builtin::PushArgsAndCall to Builtin::InterpreterPushArgsAndCall
> and groups all the interpreter builtins together.
>
> BUG=v8:4280
> LOG=N
>
TBR=bmeurer@chromium.org,oth@chromium.org,mstarzinger@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4280
Review URL: https://codereview.chromium.org/1379933003
Cr-Commit-Position: refs/heads/master@{#31078}
Adds support for calling runtime functions from the interpreter. Adds the
CallRuntime bytecode which takes a Runtime::FunctionId of the function to call
and the arguments in sequential registers. Adds a InterpreterCEntry builtin
to enable the interpreter to enter C++ code based on the functionId.
Also renames Builtin::PushArgsAndCall to Builtin::InterpreterPushArgsAndCall
and groups all the interpreter builtins together.
BUG=v8:4280
LOG=N
Committed: https://crrev.com/40e8424b744f8b6e3e1d93e20f23487419911dfc
Cr-Commit-Position: refs/heads/master@{#31064}
Review URL: https://codereview.chromium.org/1362383002
Cr-Commit-Position: refs/heads/master@{#31076}
Previous to this patch, both the lithium and TurboFan register
allocators tracked allocated registers by "indices", rather than
the register codes used elsewhere in the runtime. This patch
ensures that codes are used everywhere, and in the process cleans
up a bunch of redundant code and adds more structure to how the
set of allocatable registers is defined.
Some highlights of changes:
* TurboFan's RegisterConfiguration class moved to V8's top level
so that it can be shared with Crankshaft.
* Various "ToAllocationIndex" and related methods removed.
* Code that can be easily shared between Register classes on
different platforms is now shared.
* The list of allocatable registers on each platform is declared
as a list rather than implicitly via the register index <->
code mapping.
Committed: https://crrev.com/80bc6f6e11f79524e3f1ad05579583adfd5f18b2
Cr-Commit-Position: refs/heads/master@{#30913}
Review URL: https://codereview.chromium.org/1287383003
Cr-Commit-Position: refs/heads/master@{#31075}
This lowers JSCreateFunctionContext nodes to call the above stub for
help with allocating function contexts when possible. It also contains
an implementation for inlined allocations of such contexts, which is
still behind a flag until inlined allocations are ready for prime time.
TEST=unittests/JSTypedLoweringTest.JSCreateFunctionContext
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/1380113002
Cr-Commit-Position: refs/heads/master@{#31068}
Reason for revert:
Broke Arm64 bot (CEntry stub is trying to pop arguments off stack when argv_in_reg, so I need to fix this).
Original issue's description:
> [Interpreter] Add CallRuntime support to the interpreter.
>
> Adds support for calling runtime functions from the interpreter. Adds the
> CallRuntime bytecode which takes a Runtime::FunctionId of the function to call
> and the arguments in sequential registers. Adds a InterpreterCEntry builtin
> to enable the interpreter to enter C++ code based on the functionId.
>
> Also renames Builtin::PushArgsAndCall to Builtin::InterpreterPushArgsAndCall
> and groups all the interpreter builtins together.
>
> BUG=v8:4280
> LOG=N
>
> Committed: https://crrev.com/40e8424b744f8b6e3e1d93e20f23487419911dfc
> Cr-Commit-Position: refs/heads/master@{#31064}
TBR=bmeurer@chromium.org,oth@chromium.org,mstarzinger@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4280
Review URL: https://codereview.chromium.org/1387543002
Cr-Commit-Position: refs/heads/master@{#31066}
Adds support for calling runtime functions from the interpreter. Adds the
CallRuntime bytecode which takes a Runtime::FunctionId of the function to call
and the arguments in sequential registers. Adds a InterpreterCEntry builtin
to enable the interpreter to enter C++ code based on the functionId.
Also renames Builtin::PushArgsAndCall to Builtin::InterpreterPushArgsAndCall
and groups all the interpreter builtins together.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1362383002
Cr-Commit-Position: refs/heads/master@{#31064}
Adds support for short operands, starting with kIdx16. Introduces
BytecodeTraits to enable compile time determination of various traits for a
bytecode, such as size, operands, etc. Reworks BytecodeIterator,
BytecodeArrayBuilder and Bytecodes::Decode to support 16 bit operands. Adds
support to Interpreter to load 16 bit operands.
Also fixes a bug with ToBoolean where it wouldn't get emitted at the start
of a block, and added a test.
BytecodeTraits template magic inspired by oth@chromium.org.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1370893002
Cr-Commit-Position: refs/heads/master@{#31058}
It was supposed to be used by the CPU profiler. But as long as
these ranges are not built when profiler is not running, once
the profiler is started there're no ranges for already compiled
functions. So basically this code never worked.
As long as now CPU profiler uses another approach this code is no
longer needed.
Review URL: https://codereview.chromium.org/1376333003
Cr-Commit-Position: refs/heads/master@{#31056}
Introduce %_ToNumber intrinsic, which just calls to the existing
ToNumberStub, and remove all uses of our custom JavaScript plus
intrinsics based ToNumber and friends.
Also replace the TO_NUMBER_INLINE macro with TO_NUMBER,
which is currently a wrapper for %_ToNumber. Newly written JS
code should use TO_NUMBER (similar to TO_STRING, TO_INT32,
and friends).
Also finally remove the DefaultString/DefaultNumber builtins, which
are basically the ES5 version of ToPrimitive. Now all code uses the
ES6 version, which is implemented in Object::ToPrimitive and
JSReceiver::ToPrimitive in C++.
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg,v8_linux_nosnap_dbg
R=jarin@chromium.org
BUG=v8:4307
LOG=n
Review URL: https://codereview.chromium.org/1384443002
Cr-Commit-Position: refs/heads/master@{#31054}
Improve bytecode generation for if when there's no else clause.
Display target addresses for jump instructions in
Bytecode::Disassemble().
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1373903005
Cr-Commit-Position: refs/heads/master@{#31052}
This CL also allows to use arbitrary number of feedback vector elements for particular slot kind.
Review URL: https://codereview.chromium.org/1370303004
Cr-Commit-Position: refs/heads/master@{#31050}
We need to do other things with this bindings object, like store a feedback vector. Therefore, it's a good time to wrap it up in a helper class.
BUG=
Review URL: https://codereview.chromium.org/1369293003
Cr-Commit-Position: refs/heads/master@{#31044}
Var-bindings may shadow parameters from a non-simple parameter list. When that happens: they create separate bindings, but are initialised with the respective parameter value. Thus:
(function(x, f = () => x) { var x; var y = x; x = 2; return [x, y, f()] })(1) --> [2, 1, 1]
This CL implements that by inserting a suitable assignment for every shadwowing var-variable (e.g., x = outer_x above) at the beginning of the function's body block.
R=adamk@chromium.org
BUG=v8:4440,v8:811
LOG=N
Review URL: https://codereview.chromium.org/1371333004
Cr-Commit-Position: refs/heads/master@{#31042}
- Wasted bytes are now accounted where they accrue, i.e., the corresponding free
list. The amount of waste is transferred by concatenating free lists.
- During concatenation, free lists are no longer locked on FreeListCategory
level, but in the FreeList itself, simplifying the sync between contained nodes
and wasted bytes (which are effectively dropped nodes).
This is pre-work for properly moving memory to compaction spaces, which requires
correct accounting of wasted memory.
BUG=chromium:524425
LOG=N
Review URL: https://codereview.chromium.org/1379833002
Cr-Commit-Position: refs/heads/master@{#31040}
The ES2015 spec is missing an extension of sloppy-mode block-scoped function
behavior to the global scope in scripts, as well as to eval. This patch
brings that hoisting to those two areas. The behavior is not perfectly
spec-compliant since properties created on the global scope should be
set as enumerable even if they are non-enumerable previously, but the
attributes will not be modified if the property already exists under
this patch.
BUG=v8:4441
LOG=Y
R=adamk
TEST=reddit comment functionality seems to be fixed
Review URL: https://codereview.chromium.org/1376623002
Cr-Commit-Position: refs/heads/master@{#31037}
- No need to call AsVariableProxy() on a VariableProxy
- Reduce AST visitor boilerplate using pre-existing macro
(and re-alphabetize the list of non-patterns).
R=littledan@chromium.org
Review URL: https://codereview.chromium.org/1376633005
Cr-Commit-Position: refs/heads/master@{#31032}
Arrow functions have been enabled by default since the 4.5 branch.
Review URL: https://codereview.chromium.org/1373633002
Cr-Commit-Position: refs/heads/master@{#31031}
Besides matching the spec, this matches the behavior of Firefox and Edge.
BUG=v8:3699
LOG=n
CQ_INCLUDE_TRYBOTS=tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1377603006
Cr-Commit-Position: refs/heads/master@{#31030}
The current implemention breaks sloppy mode code that uses function
declarations inside blocks at top-level. Work is ongoing on a patch
to fix this issue, but in the meantime it seems reasonable to move
the feature out of staging.
Manual revert of commit 6e07f5a75b.
R=littledan@chromium.org
BUG=chromium:535836
LOG=y
Review URL: https://codereview.chromium.org/1375213005
Cr-Commit-Position: refs/heads/master@{#31029}
Added ScopeDetails.name field for closure scopes. It contains function's debug name of current context of scope.
BUG=493156
LOG=Y
R=yurys@chromium.org,yangguo@chromium.org
Review URL: https://codereview.chromium.org/1375813002
Cr-Commit-Position: refs/heads/master@{#31028}
Port 8fe3ac0701
Original commit message:
There was already a bit on the Map named "function with prototype",
which basically meant that the Map was a map for a JSFunction that could
be used as a constructor. Now this CL generalizes that bit to
IsConstructor, which says that whatever (Heap)Object you are looking at
can be used as a constructor (i.e. the bit is also set for bound
functions that can be used as constructors and proxies that have a
[[Construct]] internal method).
This way we have a single chokepoint for IsConstructor checking, which
allows us to get rid of the various ways in which we tried to guess
whether something could be used as a constructor or not.
Drive-by-fix: Renamed IsConstructor on FunctionKind to
IsClassConstructor to resolve the weird name clash, and the
IsClassConstructor name also matches the spec.
R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=v8:4413, v8:4430
LOG=n
Review URL: https://codereview.chromium.org/1382673002
Cr-Commit-Position: refs/heads/master@{#31027}
Port 634d1d86d8
Original commit message:
Now both Execution::Call and Execution::New can deal with any
kind of target and will raise a proper exception if the target is not
callable (which is not yet spec compliant for New, as we would
have to check IsConstructor instead, which we don't have yet).
Now we no longer need to do any of these weird call/construct
delegate gymnastics in C++, and we finally have a single true
bottleneck for Call/Construct abstract operations in the code
base, with only a few special handlings left in the compilers to
optimize the JSFunction case.
R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=v8:4430, v8:4413
LOG=n
Review URL: https://codereview.chromium.org/1374683006
Cr-Commit-Position: refs/heads/master@{#31025}
Continuing unification of properties/elements handling, the new
LookupIterator::PropertyOrElement(..., Handle<Object> key, ...) takes
any Object and does the required ToPrimitive/ToName/ToArrayIndex
conversions on it.
Review URL: https://codereview.chromium.org/1375943002
Cr-Commit-Position: refs/heads/master@{#31023}
This enables linter checking for "readability/namespace" violations
during presubmit and instead marks the few known exceptions that we
allow explicitly.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1371083003
Cr-Commit-Position: refs/heads/master@{#31019}
This moves some methods of IncrementalMarking from the inlined header
into the compilation unit. The methods in question are either not hot
or are being called through a non-inline function already.
R=hpayer@chromium.org
Review URL: https://codereview.chromium.org/1380523002
Cr-Commit-Position: refs/heads/master@{#31017}
Previous debug refactoring changes removed uses of has_break_points_, but
omitted removing the field itself. This is not necessary anymore.
R=yangguo@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1382443002
Cr-Commit-Position: refs/heads/master@{#31016}
port d8cdd6956a (r31000).
original commit message:
The LiteralsArray will soon hold a type feedback vector. Code treats it as an
ordinary fixed array, and needs to stop that.
BUG=
Review URL: https://codereview.chromium.org/1378793003
Cr-Commit-Position: refs/heads/master@{#31015}
This prevents the internal incremental-marking.h to be usable outisde
of the "heap" directory. The logic inside that component is only useful
within the GC and is now properly encapsulated.
R=hpayer@chromium.org
Review URL: https://codereview.chromium.org/1374203002
Cr-Commit-Position: refs/heads/master@{#31010}
This changes the operators for JSCreate[Block|Script]Context to take
their ScopeInfo as a static parameter as opposed to a value input and
in turn allows for easier access to that parameter during lowerings.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1379593002
Cr-Commit-Position: refs/heads/master@{#31009}
It is not safe to access memory below sp, and this is also forbidden by
the ABI. When pushing, we must either use an atomic operation (such as
vstm+db_w) or move sp before writing the data.
This patch fixes one stack access, and also adds vpush and vpop helpers
to simplify similar code.
BUG=
Review URL: https://codereview.chromium.org/1378563002
Cr-Commit-Position: refs/heads/master@{#31008}
The NodeProperties helpers are here to stay and won't go away anytime
soon. This removes a TODO from the graph verifier in that regard.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1375923002
Cr-Commit-Position: refs/heads/master@{#31007}
This is necessary because these operators can read heap (equality can actually write heap when flattening strings).
BUG=v8:4446
LOG=n
Review URL: https://codereview.chromium.org/1374683002
Cr-Commit-Position: refs/heads/master@{#31005}
- Remove the hack the resets the new space top pointer from SeqString::Truncate.
- Remove NewSpace::set_top completely as there are no callers (and there should
be no!)
R=hpayer@chromium.org
BUG=chromium:536163
LOG=N
Review URL: https://codereview.chromium.org/1376753002
Cr-Commit-Position: refs/heads/master@{#31004}
The LiteralsArray will soon hold a type feedback vector. Code treats it as an
ordinary fixed array, and needs to stop that.
BUG=
Review URL: https://codereview.chromium.org/1374723002
Cr-Commit-Position: refs/heads/master@{#31000}
This is mostly removing dead code and also dropping MUST_USE_RESULT
annotations from methods that cannot throw an exception anyways.
R=hpayer@chromium.org
Review URL: https://codereview.chromium.org/1370153002
Cr-Commit-Position: refs/heads/master@{#30995}
The return value is expected to be the number of padding slots added to the frame. However, the original logic would return -1 if padding was required, so insufficient stack space would be reserved.
This function now returns either 0 or 1, as the existing calling code expects.
BUG=
Review URL: https://codereview.chromium.org/1369303002
Cr-Commit-Position: refs/heads/master@{#30994}
This adds ES6 compliant Object::ToInteger, Object::ToInt32,
Object::ToUint32 and Object::ToLength, and replaces the old
Execution wrappers of those abstract operations (which were
not using the correct ToPrimitive).
This also introduces proper %ToInteger and %ToLength runtime
entries, with a fast path %_ToInteger supported in fullcodegen
and Crankshaft (for now). Internal JavaScript code should use
TO_INTEGER and TO_LENGTH respectively.
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg,v8_linux_nosnap_dbg
BUG=v8:4307
LOG=n
Review URL: https://codereview.chromium.org/1378533002
Cr-Commit-Position: refs/heads/master@{#30993}
When all heuristics fail, we run a "last resort" heuristic. Before, it was
splitting at the first found splittable position either before or after a
use position. That turns out to be too naive: it may split in loops, when
alternative split positions exist outside loops.
This change chooses a "before" use case location that is outside the
loop.
Review URL: https://codereview.chromium.org/1372213005
Cr-Commit-Position: refs/heads/master@{#30990}
The comparison operators and ToBoolean are implemented by calling into
the runtime. There are new runtime methods are prefixed with Interpreter
to make use case clear.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1369123002
Cr-Commit-Position: refs/heads/master@{#30983}
Reason for revert:
This CL breaks cross-compiling to arm.
Original issue's description:
> Introduce a V8_NORETURN macro and use it to make GCC 4.9.2 happy again.
>
> Without that, it has a few false positives about out-of-bounds array accesses.
> Also makes the clang static-analyzer happy.
>
> Original code review from Sven Panne:
> https://codereview.chromium.org/790723002/
>
> Committed: https://crrev.com/0b48b2a8ebfc791a36f4ec1f299f46db76265a3a
> Cr-Commit-Position: refs/heads/master@{#30977}
TBR=jochen@chromium.org,bmeurer@chromium.org,jkummerow@chromium.org,karl@skomski.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1370203002
Cr-Commit-Position: refs/heads/master@{#30982}
The main changes are:
- Fix treatment of loops, which was incorrect and sometimes resulted in
the wrong completion value.
- Get rid of unnecessary variables.
This is in preparation of implementing ES6 completion semantics.
R=rossberg
BUG=
Review URL: https://codereview.chromium.org/1362333002
Cr-Commit-Position: refs/heads/master@{#30981}
Replacing it with SMI_ACCESSORS.
This change makes accesses to Smi fields in objects more regular (the
accessors now always consume/return an int rather than a Smi*), which
avoids a bunch of manual Smi::FromInt() and Smi::value() conversions,
and is a step on the way towards being able to generate objects-inl.h.
Review URL: https://codereview.chromium.org/1371893002
Cr-Commit-Position: refs/heads/master@{#30975}
This is a second step towards merging FeedbackVectorSlot and FeedbackVectorICSlot.
Review URL: https://codereview.chromium.org/1376443002
Cr-Commit-Position: refs/heads/master@{#30971}
This is a trivial spinoff of the more complicated CL splitting up memory:
https://codereview.chromium.org/1365743003/
- Parallel compaction is still off.
- We now compute the number of parallel compaction tasks, depending on the
evacuation candidate list, the number of cores, and some hard limit.
BUG=chromium:524425
LOG=N
Review URL: https://codereview.chromium.org/1371923002
Cr-Commit-Position: refs/heads/master@{#30965}
This is a first step towards merging FeedbackVectorSlot and FeedbackVectorICSlot.
Review URL: https://codereview.chromium.org/1369973002
Cr-Commit-Position: refs/heads/master@{#30964}
The internal ConvertToString helper was using the wrong ToPrimitive,
actually the old ES5 like DefaultString, and it also prematurely
optimized for no real benefit.
BUG=v8:4307
LOG=n
Review URL: https://codereview.chromium.org/1370943002
Cr-Commit-Position: refs/heads/master@{#30956}
