port e0129d0f87 (r33986)
original commit message:
Turn the fast case of ArgumentsAccessStub into a new stub
FastNewSloppyArgumentsStub, which is similar to the existing
FastNewStrictArgumentsStub, although not polished yet, and the slow
case always went to the runtime anyway, so we can just directly emit
a runtime call there.
BUG=
Review URL: https://codereview.chromium.org/1701983004
Cr-Commit-Position: refs/heads/master@{#34062}
port 09d845354742a90fc0596262eb5cbaac169e5ed9(r33925)
original commit message:
The FastNewStrictArgumentsStub is very similar to the recently added
FastNewRestParameterStub, it's actually almost a copy of it, except that
it doesn't have the fast case we have for the empty rest parameter. This
patch improves strict arguments in TurboFan and fullcodegen by up to 10x
compared to the previous version.
Also introduce proper JSSloppyArgumentsObject and JSStrictArgumentsObject
for the in-object properties instead of having them as constants in the
Heap class.
Drive-by-fix: Use this stub and the FastNewRestParameterStub in the
interpreter to avoid the runtime call overhead for strict arguments
and rest parameter creation.
BUG=
Review URL: https://codereview.chromium.org/1706703002
Cr-Commit-Position: refs/heads/master@{#34055}
Replaces the push of the dispatch table on the interpreted stack frame with a
push of the bytecode array. This enables the debugger to replace the bytecode
array with a patched version containing breakpoints.
BUG=v8:4690
LOG=N
Review URL: https://codereview.chromium.org/1699013002
Cr-Commit-Position: refs/heads/master@{#34032}
port d1c28849c77892ec74e58891aba44d5bfda8c0ba(r33873)
original commit message:
Moves InterpreterAssembler out of the compiler directory and into the
interpreter directory. Makes InterpreterAssembler as subclass of
CodeStubAssembler.
As part of this change, the special bytecode dispatch linkage type
is removed and instead we use a InterfaceDispatchDescriptor and
a normal CodeStub linkage type.
Removes a bunch of duplicated logic in InterpreterAssembler and
instead uses the CodeStubAssembler logic. Refactors Interpreter
with these changes.
Modifies CodeStubAssembler to add the extra operations required
by the Interpreter (extra call types, raw memory access and some extra
binary ops). Also adds the ability for subclasses to add extra
prologue and epilogue operations around calls, which is required
for the Interpreter.
BUG=
Review URL: https://codereview.chromium.org/1696263002
Cr-Commit-Position: refs/heads/master@{#34011}
port 5de27c343bbf898ca87246caa1e83e533ec44561(r33865)
original commit message:
Calls use registers for target, new_target and argument count.
We don't always respect argument count. It didn't bite us in the past
because the code paths where we clobbered it never used it, though
in future it could be an issue.
BUG=
Review URL: https://codereview.chromium.org/1698823002
Cr-Commit-Position: refs/heads/master@{#33984}
This is mostly preparation for allowing the function closure to be materialized.
As a drive-by fix, I have added ignition source position support to the frame inspector (this fixed some ignition test failures).
Review URL: https://codereview.chromium.org/1698743002
Cr-Commit-Position: refs/heads/master@{#33975}
port 3ef573e9f127345cd9d04d7f9f5e51bf169ae103(r33809)
original commit message:
Replace the somewhat awkward RestParamAccessStub, which would always
call into the runtime anyway with a proper FastNewRestParameterStub,
which is basically based on the code that was already there for strict
arguments object materialization. But for rest parameters we could
optimize even further (leading to 8-10x improvements for functions with
rest parameters), by fixing the internal formal parameter count:
Every SharedFunctionInfo has a formal_parameter_count field, which
specifies the number of formal parameters, and is used to decide whether
we need to create an arguments adaptor frame when calling a function
(i.e. if there's a mismatch between the actual and expected parameters).
Previously the formal_parameter_count included the rest parameter, which
was sort of unfortunate, as that meant that calling a function with only
the non-rest parameters still required an arguments adaptor (plus some
other oddities). Now with this CL we fix, so that we do no longer
include the rest parameter in that count. Thereby checking for rest
parameters is very efficient, as we only need to check whether there is
an arguments adaptor frame, and if not create an empty array, otherwise
check whether the arguments adaptor frame has more parameters than
specified by the formal_parameter_count.
The FastNewRestParameterStub is written in a way that it can be directly
used by Ignition as well, and with some tweaks to the TurboFan backends
and the CodeStubAssembler, we should be able to rewrite it as
TurboFanCodeStub in the near future.
Drive-by-fix: Refactor and unify the CreateArgumentsType which was
different in TurboFan and Ignition; now we have a single enum class
which is used in both TurboFan and Ignition.
BUG=
Review URL: https://codereview.chromium.org/1696063002
Cr-Commit-Position: refs/heads/master@{#33971}
port cfbd25617cfb8177bbb6377280e23ec356eb2373(r33857)
original commit message:
Preparing the young generation for (real) non-contiguous backing memory, this
change removes object masks that are used to compute containment in semi and new
space. The masks are replaced by lookups for object tags and page headers, where
possible.
Details:
- Use the fast checks (page header lookups) for containment in regular code.
- Use the slow version that masks out the page start adress and iterates all
pages of a space for debugging/verification.
- The slow version works for off-heap/unmapped memory.
- Encapsulate all checks for the old->new barrier in Heap::RecordWrite().
BUG=
Review URL: https://codereview.chromium.org/1698803002
Cr-Commit-Position: refs/heads/master@{#33970}
This removes support for the %Arguments and %ArgumentsLength runtime
entries and their intrinsic counterparts. If you need variable arguments
in any builtin, either use (strict) arguments object or rest parameters,
which are both compositional across inlining (in TurboFan), and not that
much slower compared to the %_Arguments hackery.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1688163004
Cr-Commit-Position: refs/heads/master@{#33943}
Saves and restores the dispatch pointer during calls to enable the debugger to
switch the dispatch table used by a function during it's execution.
Also moves the accumulator and context nodes to be Variables so that they will
be properly merged across branches.
BUG=v8:4280,v8:4690
LOG=N
Review URL: https://codereview.chromium.org/1684073002
Cr-Commit-Position: refs/heads/master@{#33894}
This removes uses of JSFunction by the (proper) deoptimizer. This will be useful
when we escape analyze JSFunction away. Unfortunately, the debugger still needs
JSFunction, so escape analysis would not work yet.
Review URL: https://codereview.chromium.org/1686183003
Cr-Commit-Position: refs/heads/master@{#33891}
Moves InterpreterAssembler out of the compiler directory and into the
interpreter directory. Makes InterpreterAssembler as subclass of
CodeStubAssembler.
As part of this change, the special bytecode dispatch linkage type
is removed and instead we use a InterfaceDispatchDescriptor and
a normal CodeStub linkage type.
Removes a bunch of duplicated logic in InterpreterAssembler and
instead uses the CodeStubAssembler logic. Refactors Interpreter
with these changes.
Modifies CodeStubAssembler to add the extra operations required
by the Interpreter (extra call types, raw memory access and some extra
binary ops). Also adds the ability for subclasses to add extra
prologue and epilogue operations around calls, which is required
for the Interpreter.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1673333004
Cr-Commit-Position: refs/heads/master@{#33873}
The break location heavily relies on relocation info. This change
abstracts that away. Currently there is only one implementation for
this interface, for JIT code. Future changes will introduce an
implementation to iterate bytecode arrays.
R=rmcilroy@chromium.org, vogelheim@chromium.org
BUG=v8:4690
LOG=N
Review URL: https://codereview.chromium.org/1682853003
Cr-Commit-Position: refs/heads/master@{#33869}
Marking as undetectable makes abstract equality of null, undefined, and
other undetectable objects easier. Supporting it in the generic compare
IC significantly speeds up dynamic comparison between those values and
JSReceivers by not falling back to the runtime.
MIPS port contributed by Balazs Kilvady <balazs.kilvady@imgtec.com>
Review URL: https://codereview.chromium.org/1683643002
Cr-Commit-Position: refs/heads/master@{#33858}
The flag in question is a debug-only flag supported by full-codegen and
Crankshaft only. In it's current form there are some unresolved issues:
- The flag is defeated by inlining in Crankshaft.
- The flag is not supported by TurboFan.
- The flag is not supported by Ignition.
Instead of addressing the above issues and increasing maintenance cost
for all backends and also given the "slim" test coverage, this CL fully
removes the support from all backends.
R=bmeurer@chromium.org,jkummerow@chromium.org
Review URL: https://codereview.chromium.org/1676263002
Cr-Commit-Position: refs/heads/master@{#33817}
Generally we only care whether the next object is a hidden prototype.
It's simpler to check whether the current object has a hidden prototype
instead of walking to the next prototype and checking its map.
BUG=
Review URL: https://codereview.chromium.org/1675223002
Cr-Commit-Position: refs/heads/master@{#33816}
This replaces the global remembered set with per-page remembered sets.
Each page in the old space, map space, and large object space keeps track of
the set of slots in the page pointing to the new space.
The data structure for storing slot sets is a two-level bitmap, which allows
us to remove the store buffer overflow and SCAN_ON_SCAVENGE logic.
Design doc: https://goo.gl/sMKCf7
BUG=chromium:578883
LOG=NO
Review URL: https://codereview.chromium.org/1608583002
Cr-Commit-Position: refs/heads/master@{#33806}
Previously ObjectTemplate::New() logic relied on the fact that all the accessor properties are already installed in the initial map of the function object of the constructor FunctionTemplate.
When the FunctionTemplate were instantiated the accessors of the instance templates from the whole inheritance chain were accumulated and added to the initial map.
ObjectTemplate::SetSetAccessor() used to explicitly ensure that the ObjectTemplate has a constructor and therefore an initial map to add all accessors to.
The new approach is to add all the accessors and data properties to the object exactly when the ObjectTemplate is instantiated. In order to keep it fast we now cache the object boilerplates in the Isolate::template_instantiations_cache (the former function_cache), so the object creation turns to be a deep copying of the boilerplate object.
BUG=chromium:579009
LOG=Y
Committed: https://crrev.com/6a118774244d087b5979e9291d628a994f21d59d
Cr-Commit-Position: refs/heads/master@{#33674}
Review URL: https://codereview.chromium.org/1642223003
Cr-Commit-Position: refs/heads/master@{#33798}
Reason for revert:
Bugs with chromium api natives, must revert for now.
Original issue's description:
> X87: Type Feedback Vector lives in the closure.
>
> port bb31db3ad6 (r33741)
>
> original commit message:
> (RELAND: the problem before was a missing write barrier for adding the code
> entry to the new closure. It's been addressed with a new macro instruction
> and test. The only change to this CL is the addition of two calls to
> __ RecordWriteCodeEntryField() in the platform CompileLazy builtin.)
>
> We get less "pollution" of type feedback if we have one vector per native
> context, rather than one for the whole system. This CL moves the vector
> appropriately.
>
> We rely more heavily on the Optimized Code Map in the SharedFunctionInfo. The
> vector actually lives in the first slot of the literals array (indeed there is
> great commonality between those arrays, they can be thought of as the same
> thing). So we make greater effort to ensure there is a valid literals array
> after compilation.
>
> This meant, for performance reasons, that we needed to extend
> FastNewClosureStub to support creating closures with literals. And ultimately,
> it drove us to move the optimized code map lookup out of FastNewClosureStub
> and into the compile lazy builtin.
>
> The heap change is trivial so I TBR Hannes for it...
> Also, Yang has had a look at the debugger changes already and approved 'em. So he is TBR style too.
> And Benedikt reviewed it as well.
>
> BUG=
>
> Committed: https://crrev.com/25bfba9329b93cb8ebefe1446e024005a4227a93
> Cr-Commit-Position: refs/heads/master@{#33759}
TBR=chunyang.dai@intel.com,weiliang.lin@intel.com,zhengxing.li@intel.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1673613002
Cr-Commit-Position: refs/heads/master@{#33764}
port bb31db3ad6 (r33741)
original commit message:
(RELAND: the problem before was a missing write barrier for adding the code
entry to the new closure. It's been addressed with a new macro instruction
and test. The only change to this CL is the addition of two calls to
__ RecordWriteCodeEntryField() in the platform CompileLazy builtin.)
We get less "pollution" of type feedback if we have one vector per native
context, rather than one for the whole system. This CL moves the vector
appropriately.
We rely more heavily on the Optimized Code Map in the SharedFunctionInfo. The
vector actually lives in the first slot of the literals array (indeed there is
great commonality between those arrays, they can be thought of as the same
thing). So we make greater effort to ensure there is a valid literals array
after compilation.
This meant, for performance reasons, that we needed to extend
FastNewClosureStub to support creating closures with literals. And ultimately,
it drove us to move the optimized code map lookup out of FastNewClosureStub
and into the compile lazy builtin.
The heap change is trivial so I TBR Hannes for it...
Also, Yang has had a look at the debugger changes already and approved 'em. So he is TBR style too.
And Benedikt reviewed it as well.
BUG=
Review URL: https://codereview.chromium.org/1672643002
Cr-Commit-Position: refs/heads/master@{#33759}
Moves the stack check from the function entry trampoline to instead be
after function activation using an explicit StackCheck bytecode. Also
add stack checks on back edges of loops.
BUG=v8:4280,v8:4678
LOG=N
Review URL: https://codereview.chromium.org/1665853002
Cr-Commit-Position: refs/heads/master@{#33730}
Reason for revert:
Fails a lot of layout tests and blocks the roll. Can be easily reproduced with a local Chromium checkout.
Reference: https://codereview.chromium.org/1652413003/
Original issue's description:
> [api] Make ObjectTemplate::SetNativeDataProperty() work even if the ObjectTemplate does not have a constructor.
>
> Previously ObjectTemplate::New() logic relied on the fact that all the accessor properties are already installed in the initial map of the function object of the constructor FunctionTemplate.
> When the FunctionTemplate were instantiated the accessors of the instance templates from the whole inheritance chain were accumulated and added to the initial map.
> ObjectTemplate::SetSetAccessor() used to explicitly ensure that the ObjectTemplate has a constructor and therefore an initial map to add all accessors to.
>
> The new approach is to add all the accessors and data properties to the object exactly when the ObjectTemplate is instantiated. In order to keep it fast we now cache the object boilerplates in the Isolate::template_instantiations_cache (the former function_cache), so the object creation turns to be a deep copying of the boilerplate object.
>
> This CL also prohibits non-primitive properties in ObjectTemplate to avoid potential cross-context leaks.
>
> BUG=chromium:579009
> LOG=Y
>
> Committed: https://crrev.com/6a118774244d087b5979e9291d628a994f21d59d
> Cr-Commit-Position: refs/heads/master@{#33674}
TBR=verwaest@chromium.org,ishell@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:579009
Review URL: https://codereview.chromium.org/1660263003
Cr-Commit-Position: refs/heads/master@{#33698}
Previously ObjectTemplate::New() logic relied on the fact that all the accessor properties are already installed in the initial map of the function object of the constructor FunctionTemplate.
When the FunctionTemplate were instantiated the accessors of the instance templates from the whole inheritance chain were accumulated and added to the initial map.
ObjectTemplate::SetSetAccessor() used to explicitly ensure that the ObjectTemplate has a constructor and therefore an initial map to add all accessors to.
The new approach is to add all the accessors and data properties to the object exactly when the ObjectTemplate is instantiated. In order to keep it fast we now cache the object boilerplates in the Isolate::template_instantiations_cache (the former function_cache), so the object creation turns to be a deep copying of the boilerplate object.
This CL also prohibits non-primitive properties in ObjectTemplate to avoid potential cross-context leaks.
BUG=chromium:579009
LOG=Y
Review URL: https://codereview.chromium.org/1642223003
Cr-Commit-Position: refs/heads/master@{#33674}
port cb9b801069 (r33582)
original commit message:
The previous versions of Math.max and Math.min made it difficult to
optimize those (that's why we already have custom code in Crankshaft),
and due to lack of ideas what to do about the variable number of
arguments, we will probably need to stick in special code in TurboFan
as well; so inlining those builtins is off the table, hence there's no
real advantage in having them around as "not quite JS" with extra work
necessary in the optimizing compilers to still make those builtins
somewhat fast in cases where we cannot inline them (also there's a
tricky deopt loop in Crankshaft related to Math.min and Math.max, but
that will be dealt with later).
So to sum up: Instead of trying to make Math.max and Math.min semi-fast
in the optimizing compilers with weird work-arounds support %_Arguments
%_ArgumentsLength, we do provide the optimal code as native builtins
instead and call it a day (which gives a nice performance boost on some
benchmarks).
BUG=
Review URL: https://codereview.chromium.org/1659623003
Cr-Commit-Position: refs/heads/master@{#33652}
This adds debug code to the interpreter entry trampoline to ensure that
the called bytecode handler will never return, but instead tear down the
frame with a proper exit trampoline eventually.
R=rmcilroy@chromium.org
Review URL: https://codereview.chromium.org/1642063002
Cr-Commit-Position: refs/heads/master@{#33585}
This currently works since we never call set_target_cell when we have to record slots for evacuation. It would break with black allocation.
BUG=chromium:561449
LOG=n
Review URL: https://codereview.chromium.org/1643573003
Cr-Commit-Position: refs/heads/master@{#33575}
port 6131ab1edd (r33509)
original commit message:
This CL implements PrepareForTailCall() mentioned in ES6 spec for full codegen, Crankshaft and Turbofan.
When debugger is active tail calls are disabled.
Tail calling can be enabled by --harmony-tailcalls flag.
BUG=
Review URL: https://codereview.chromium.org/1637163003
Cr-Commit-Position: refs/heads/master@{#33549}
Rename IntepreterExceptionEntryHandler builtin to InterpreterEnterBytecodeDispatch
and use it as the return address when building interpreter frames during deopt.
This ensures that we restart execution of the outer frame at the correct
bytecode.
BUG=v8:4280,v8:4678
LOG=N
Review URL: https://codereview.chromium.org/1633633002
Cr-Commit-Position: refs/heads/master@{#33512}
port a0878333de4dd090f9d8987e1698a9eef9cc7219(r33460)
original commit message:
We already had hand-written optimized code for %_ToName in fullcodegen,
but the optimizing compilers always went to the runtime for %_ToName,
which is pretty bad for many of our builtins. So this CL moves the
existing native code to a ToNameStub (similar to the existing
ToStringStub), and uses the ToNameStub consistently in all compilers to
actually implement %_ToName.
BUG=
Review URL: https://codereview.chromium.org/1622793006
Cr-Commit-Position: refs/heads/master@{#33483}
port ca51c204e1ab1519e2c623a74fad117577c37732(r33463)
original commit message:
This fixes the broken return address when the exception handler within
interpreted bytecode is being entered via stack unwinding. The address
in question will never actually be taken, but our stack walker uses this
address to determine whether a frame is interpreted.
BUG=
Review URL: https://codereview.chromium.org/1632453002
Cr-Commit-Position: refs/heads/master@{#33482}
Change the interpreter to always store the current context in the frame's
context slot instead of the function context. This makes it possible to
restore the correct context during deopt.
BUG=v8:4678,v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1604923002
Cr-Commit-Position: refs/heads/master@{#33477}
When accessor getter callback is called the v8::PropertyCallbackInfo::ShouldThrowOnError() is always false, since according to ES6 there's no difference between strict and non-strict property loads. For the setter case the v8::PropertyCallbackInfo::ShouldThrowOnError() returns true if the property is set in strict context.
Interceptors follow same idea: for getter, enumerator and query callbacks the v8::PropertyCallbackInfo::ShouldThrowOnError() is always false, and for setter and deleter callback the v8::PropertyCallbackInfo::ShouldThrowOnError() returns true in strict context.
This CL also cleans up the CallApiGetterStub and removes bogus asserts from [arm] Push(reg1, reg2, ..., regN) that prevented from pushing a set of registers containing duplicates.
BUG=v8:4267
LOG=Y
Committed: https://crrev.com/1d3e837fcbbd9d9fd5e72dfe85dfd47c025f3c9f
Cr-Commit-Position: refs/heads/master@{#33438}
Review URL: https://codereview.chromium.org/1587073003
Cr-Commit-Position: refs/heads/master@{#33461}
Reason for revert:
[Sheriff] Breaks layout tests. Please fix upstream.
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/4077
Original issue's description:
> Array length reduction should throw in strict mode if it can't delete an element.
>
> When accessor getter callback is called the v8::PropertyCallbackInfo::ShouldThrowOnError() is always false, since according to ES6 there's no difference between strict and non-strict property loads. For the setter case the v8::PropertyCallbackInfo::ShouldThrowOnError() returns true if the property is set in strict context.
>
> Interceptors follow same idea: for getter, enumerator and query callbacks the v8::PropertyCallbackInfo::ShouldThrowOnError() is always false, and for setter and deleter callback the v8::PropertyCallbackInfo::ShouldThrowOnError() returns true in strict context.
>
> This CL also cleans up the CallApiGetterStub and removes bogus asserts from [arm] Push(reg1, reg2, ..., regN) that prevented from pushing a set of registers containing duplicates.
>
> BUG=v8:4267
> LOG=Y
>
> Committed: https://crrev.com/1d3e837fcbbd9d9fd5e72dfe85dfd47c025f3c9f
> Cr-Commit-Position: refs/heads/master@{#33438}
TBR=verwaest@chromium.org,ishell@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4267
Review URL: https://codereview.chromium.org/1611313003
Cr-Commit-Position: refs/heads/master@{#33444}
When accessor getter callback is called the v8::PropertyCallbackInfo::ShouldThrowOnError() is always false, since according to ES6 there's no difference between strict and non-strict property loads. For the setter case the v8::PropertyCallbackInfo::ShouldThrowOnError() returns true if the property is set in strict context.
Interceptors follow same idea: for getter, enumerator and query callbacks the v8::PropertyCallbackInfo::ShouldThrowOnError() is always false, and for setter and deleter callback the v8::PropertyCallbackInfo::ShouldThrowOnError() returns true in strict context.
This CL also cleans up the CallApiGetterStub and removes bogus asserts from [arm] Push(reg1, reg2, ..., regN) that prevented from pushing a set of registers containing duplicates.
BUG=v8:4267
LOG=Y
Review URL: https://codereview.chromium.org/1587073003
Cr-Commit-Position: refs/heads/master@{#33438}
port 0b3066b8f5 (r33414)
original commit message:
This implements a first prototype of stack unwinding for interpreted
frames. The unwinding machinery performs a range-based lookup in the
given handler table and potentially continues dispatching at the handler
offset. Note that this does not yet correctly restore the context to the
correct value when the handler is being entered.
BUG=
Review URL: https://codereview.chromium.org/1616613002
Cr-Commit-Position: refs/heads/master@{#33425}
In many places we over-specify runtime-calls by explicitly mentioning
again the argument count. Except for var-args runtime-functions we can
easily deduce this from the parameters in runtime.h.
BUG=
Review URL: https://codereview.chromium.org/1596293003
Cr-Commit-Position: refs/heads/master@{#33363}
port 84f8a506e2 (r33334)
original commit message:
Adds a ForInPrepare Runtime function which returns a triple of
cache_type, cache_array and cache_length.
This requires adding support to CEntryStub to call runtime functions
which return a ObjectTriple - a struct containing three Object*
pointers. Also did some cleanup of the x64 CEntryStub to avoid
replicated code.
Replaces the interpreter's use of the ad-hock InterpreterForInPrepare
Runtime function with ForInPrepare in preparation for fixing deopt in
BytecodeGraphBuilder for ForIn (which will be done in a followup CL).
MIPS port contributed by Balazs Kilvady <balazs.kilvady@imgtec.com>.
BUG=
Review URL: https://codereview.chromium.org/1603493002
Cr-Commit-Position: refs/heads/master@{#33352}
When derived constructors return a non-object (or not undefined) we
currently throw an exception directly in the callee context. This was
achieved by desugaring the return statement for derived classes. To
be spec compliamnt a separate ConstructStubForDerived is introduced.
Instead of trowing directly, the desugared return statement inside
a derived constructor only returns an integer to indicate an incompatible
result.
BUG=v8:4509
LOG=n
Review URL: https://codereview.chromium.org/1593553002
Cr-Commit-Position: refs/heads/master@{#33336}
This splits out the SourcePosition class into a separate header file.
Reason for this refactoring is that said class is mostly used by the
Crankshaft compiler and not needed for all compilers. Also having the
assembler depend on the class creates a dependency cycle.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1581083009
Cr-Commit-Position: refs/heads/master@{#33325}
CompatibleReceiverCheck used by the HandleFastApiCall builtin was terminating with failure upon encountering a hidden prototype.
It should actually stop iterating on the first non-hidden prototype.
BUG=
Review URL: https://codereview.chromium.org/1576423003
Cr-Commit-Position: refs/heads/master@{#33294}
port 322ffda30d (r33265)
original commit message:
Also migrate the Number constructor to a native builtin, using the
same mechanism already used by the String constructor. Otherwise just
parsing and compiling the Number constructor to optimized code already
eats 2ms on desktop for no good reason, and the resulting optimized
code is not even close to awesome.
Drive-by-fix: Use correct context for the [[Construct]] case of the
String constructor as well, and share some code with it.
BUG=
Review URL: https://codereview.chromium.org/1581313002
Cr-Commit-Position: refs/heads/master@{#33280}
port 12bcba1543 (r33258)
original commit message:
The API functions are always in sloppy mode, so receiver is always a
JSReceiver once the actual call trampoline runs, no need to check again
in various places.
BUG=
Review URL: https://codereview.chromium.org/1582173002
Cr-Commit-Position: refs/heads/master@{#33278}
Failing to do so results in out-of-date marking information, because live bytes
is not properly adjusted.
This CL adds support for right trimming ByteArray and properly DCHECKs that we
do not left trim ByteArray (as we already do for FixedTypedArrayBase).
BUG=
Review URL: https://codereview.chromium.org/1577263003
Cr-Commit-Position: refs/heads/master@{#33252}
This CL changes the color for encoding black and grey. Moreover, it introduces a higher level live object iterator.
BUG=chromium:561449
LOG=n
Review URL: https://codereview.chromium.org/1517993003
Cr-Commit-Position: refs/heads/master@{#33208}
port fc5c7e0486 (r33172)
original commit message:
There's no reason to have JavaScript wrappers for those accessors,
since the meat is already in hand-written native code (via %_DateField).
First step now to put them into native builtins. Next step will be to
completely remove %_DateField.
BUG=
Review URL: https://codereview.chromium.org/1576813003
Cr-Commit-Position: refs/heads/master@{#33196}
port a94d6d6ede (r33108)
original commit message:
The mode requires an extra register, and since we aren't supporting it now, we can dispense with it.
BUG=
Review URL: https://codereview.chromium.org/1561943002
Cr-Commit-Position: refs/heads/master@{#33147}
port 82ca2a414deb4221100562a0fb2af0f216c4c3ef(r33084)
original commit message:
This is preferable because in TurboFan we need to call it, and can't pass
untagged external pointers on the stack.
BUG=
Review URL: https://codereview.chromium.org/1557283002
Cr-Commit-Position: refs/heads/master@{#33102}
port b889d79de1e9af4719228536c736351c5680f25e(r33066)
original commit message:
In the vast majority of the cases when we call into the runtime we use
the default number of arguments. Hence, there is not need to specify it
again. This CL also removes TailCallExternalReference as there were no
users.
BUG=
Review URL: https://codereview.chromium.org/1559693002
Cr-Commit-Position: refs/heads/master@{#33070}
counts specified in runtime.h.
In the vast majority of the cases when we call into the runtime we use
the default number of arguments. Hence, there is not need to specify it
again. This CL also removes TailCallExternalReference as there were no
users.
BUG=
Review URL: https://codereview.chromium.org/1553703002
Cr-Commit-Position: refs/heads/master@{#33066}
JumpToExternalReference ignored the passed-in result_size argument, which
defaulted to 1. This change updates all users to not use a result_size.
BUG=
Review URL: https://codereview.chromium.org/1550923002
Cr-Commit-Position: refs/heads/master@{#33059}
When calling into C++ for a ConstructStub, we need to enter the target
context manually currently, which seems to be too fragile and easy to
forget. So instead of doing that manually, we just always enter the
correct context in the trampoline.
Drive-by-fix: Trivial cleanups for some builtins.
R=cbruni@chromium.org
Review URL: https://codereview.chromium.org/1551473002
Cr-Commit-Position: refs/heads/master@{#33051}
port 97def8070c (r33044)
original commit message:
According to the ES2015 specification, bound functions are exotic
objects, and thus don't need to be implemented as JSFunctions. So
we introduce a new JSBoundFunction type to represent bound functions
and make them optimizable. This already improves the performance of
calling or constructing bound functions by 10-100x depending on the
use case because we avoid the crazy dance between JavaScript and C++
that was implemented in v8natives.js previously.
There's still room for improvement in the performance of actually
creating bound functions, which is also relevant in practice, but
we already have a plan how to accomplish that later.
The mips/mips64 ports were contributed by akos.palfi@imgtec.com.
BUG=
Review URL: https://codereview.chromium.org/1548253002
Cr-Commit-Position: refs/heads/master@{#33046}
port d3f074b231 (r33024)
original commit message:
We'll be able to optimize rest parameters in TurboFan similarly to the arguments array. This CL restores the previous behavior, and a follow-on will enable TurboFan optimization.
(TBR for rossberg since we discussed the revert beforehand. The only changes are a few lines related to tests and rebasing.)
BUG=
Review URL: https://codereview.chromium.org/1545053002
Cr-Commit-Position: refs/heads/master@{#33034}
port 4acca53e62cdfe6f3c495c87ca7d3c8fe1059f01(r32996)
original commit message:
There's actually no point trying to do Function.prototype.toString in
JavaScript, as it always calls into C++ at least once, so it only
complicates things (esp. once we start optimizing bound functions).
Drive-by-fix: Rename FunctionApply and FunctionCall builtins to also
reflect the fact that these are builtins in the Function.prototype and
not on Function itself.
BUG=
Review URL: https://codereview.chromium.org/1548483003
Cr-Commit-Position: refs/heads/master@{#33017}
port b10d24ff2c685835e203075de4f11e12cd3d33cc(r32971)
original commit message:
Adds support for generating deoptimization translations for interpreter
stack frames, and building interpreter frames for these translations
when a function deopts. Also adds builtins for
InterpreterNotifyDeoptimized which resume the function's continuation at
the correct point in the interpreter after deopt.
MIPS patch contributed by balazs.kilvady@igmtec.com
BUG=
Review URL: https://codereview.chromium.org/1543433002
Cr-Commit-Position: refs/heads/master@{#32981}
port 5bd4832492 (r32929)
original commit message:
Introduce a new Apply builtin that forms a correct and optimizable foundation for the Function.prototype.apply, Reflect.construct and Reflect.apply builtins
(which properly does the PrepareForTailCall as required by the ES2015 spec). The new Apply builtin avoids going to the runtime if it is safe to just access
the backing store elements of the argArray, i.e. if you pass a JSArray with no holes, or an unmapped, unmodified sloppy or strict arguments object.
mips/mips64 ports by Balazs Kilvady <balazs.kilvady@imgtec.com>;
BUG=
Review URL: https://codereview.chromium.org/1534543003
Cr-Commit-Position: refs/heads/master@{#32960}
port 2c75e3d2ab (r32903)
original commit message:
We can no longer just walk the prototype chain without doing proper access-checks. When installing a proxy as the __proto__ of the global object we might accidentally end up invoking cross-realm code
without access-checks (see proxies-cross-realm-ecxeption.js).
BUG=
Review URL: https://codereview.chromium.org/1534663002
Cr-Commit-Position: refs/heads/master@{#32924}
port 025d476cf5 (r32906)
original commit message:
Adds a slot for the bytecode offset to interpreter stack frames and
saves it on calls, and restores after calls.
Also fixes RawMachineAssembler::Return() to call MergeControlToEnd.
BUG=
Review URL: https://codereview.chromium.org/1535613003
Cr-Commit-Position: refs/heads/master@{#32922}
We can no longer just walk the prototype chain without doing proper access-checks. When installing a proxy as the __proto__ of the global object we might accidentally end up invoking cross-realm code without access-checks (see proxies-cross-realm-ecxeption.js).
Review URL: https://codereview.chromium.org/1521953002
Cr-Commit-Position: refs/heads/master@{#32903}
Reason for revert:
Need to figure out a better solution for this.
Original issue's description:
> Removes the Callee parameter from FunctionCallbackInfo.
>
> This will help us to instantiate AccessorPair's getters and setters only when they are needed.
>
> BUG=
>
> Committed: https://crrev.com/2fe34ebdcdee0f21b88daa4098a7918e91abb8fb
> Cr-Commit-Position: refs/heads/master@{#32759}
TBR=jochen@chromium.org,verwaest@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1520843002
Cr-Commit-Position: refs/heads/master@{#32787}
No need to have an indirection to get to the initial JSArray maps from
the native context; we only cache the fast elements maps anyway, so
those could live on the native context directly. This will also
integrate nicely with the load/store propagation in TurboFan (once we
propagate the immutable flag for FieldAccess as well).
Drive-by-fix: Also don't embed any of the initial JSArray maps in
TurboFan generated code when allocating a new JSArray, but instead
always load the appropriate map from the native context. This way
we ensure that we never leak a reference to one of those maps and
its as efficient as embedding a constant map.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1516433005
Cr-Commit-Position: refs/heads/master@{#32779}
This will help us to instantiate AccessorPair's getters and setters only when they are needed.
BUG=
Review URL: https://codereview.chromium.org/1510483002
Cr-Commit-Position: refs/heads/master@{#32759}
Lower JSCallConstruct with known target JSFunction to a direct call to
the target's construct_stub, and JSCallConstruct with function target to
direct call to ConstructFunction builtin.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1517593003
Cr-Commit-Position: refs/heads/master@{#32735}
port 2b63d6b079 (r32693)
original commit message:
It's cumbersome to maintain IC profiler statistics all the time.
Let's just do it as needed.
BUG=
Review URL: https://codereview.chromium.org/1511903002
Cr-Commit-Position: refs/heads/master@{#32697}
This makes the implementations of MacroAssembler::InvokeBuiltin go
through the InvokeFunctionCode helper on all architectures. This helper
knows how to correctly set up all registers (i.e. argument count and the
new target value).
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1488303008
Cr-Commit-Position: refs/heads/master@{#32646}
port 0ed0878041 (r32642)
original commit message:
There's no reason to limit the CompareIC to (known) JSObject instances,
as all JSReceivers behave the same wrt. abstract and strict equality.
So remove this historical limitation and track JSReceivers instead.
BUG=
Review URL: https://codereview.chromium.org/1501373003
Cr-Commit-Position: refs/heads/master@{#32645}
port e89e08ca14 (r32599)
original commit message:
Reason for revert:
Seems to be (mostly) responsible for the most recent Speedometer regression, not 100% sure. Let's see what the bots have to say.
Original issue's description:
> Provide call counts for constructor calls, surface them as a vector IC.
>
> CallIC and CallConstructStub look so alike, at least in the feedback they gather even if the implementation differs...and CallIC has such a nice way of surfacing the feedback (CallICNexus), that ther
>
> BUG=
>
> Committed: https://crrev.com/66d5a9df62da458a51e8c7ed1811dc9660f4f418
> Cr-Commit-Position: refs/heads/master@{#32452}
additional description:
Revert "X87: Provide call counts for constructor calls, surface them as a vector IC." as r32599 does
This reverts commit 54a9d349db.
BUG=
Review URL: https://codereview.chromium.org/1506723002
Cr-Commit-Position: refs/heads/master@{#32638}
port eaa0e59611 (r32550)
original commit message:
This drops the specific slot containing the new.target value from our
construct stub frames. This side-channel has been deprecated and will
no longer be accessed by any consumers.
BUG=
Review URL: https://codereview.chromium.org/1504703002
Cr-Commit-Position: refs/heads/master@{#32636}
port 0e95683376 (r32549)
original commit message:
Whenever the InstanceOfStub finds a proxy (either passed as object or
somewhere on the prototype chain), it should bailout to the
%HasInPrototypeChain runtime function, which will do the right thing
(soonish).
BUG=
Review URL: https://codereview.chromium.org/1508553002
Cr-Commit-Position: refs/heads/master@{#32634}
port 5d38d6819c (r32547)
original commit message:
It didn't support subclassing case at all and in non-subclassing case the runtime
allocation didn't do the slack tracking step.
BUG=
Review URL: https://codereview.chromium.org/1506713002
Cr-Commit-Position: refs/heads/master@{#32633}
port 531dde9f80 (r32516)
original commit message:
The new step-in implementation no longer tries to predict the step-in
target, so we don't need the arguments count nor call type anymore.
BUG=
Review URL: https://codereview.chromium.org/1493993002
Cr-Commit-Position: refs/heads/master@{#32540}
port 3e7e3ed726 (r32508)
original commit message:
* Add a sibling interface to InterpreterAssembler called
CodeStubAssembler which provides a wrapper around the
RawMachineAssembler and is intented to make it easy to build
efficient cross-platform code stubs. Much of the implementation
of CodeStubAssembler is shamelessly stolen from the
InterpreterAssembler, and the idea is to eventually merge the
two interfaces somehow, probably moving the
InterpreterAssembler interface over to use the
CodeStubAssembler. Short-term, however, the two interfaces
shall remain decoupled to increase our velocity developing the
two systems in parallel.
* Implement the StringLength stub in TurboFan with the new
CodeStubAssembler. Replace and remove the old Hydrogen-stub
version.
* Remove a whole slew of machinery to support JavaScript-style
code stub generation, since it ultimately proved unwieldy,
brittle and baroque. This cleanup includes removing the shared
code stub context, several example stubs and a tangle of build
file changes.
BUG=
Review URL: https://codereview.chromium.org/1492213002
Cr-Commit-Position: refs/heads/master@{#32538}
Sanitize ConstructStub handling and add a test case to ensure that the
Symbol constructor is using the correct context.
R=jarin@chromium.org
BUG=v8:4413
LOG=n
Review URL: https://codereview.chromium.org/1489323002
Cr-Commit-Position: refs/heads/master@{#32491}
port d2f78c6b79 (r32476)
original commit message:
This becomes visible if an exception is thrown by the constructor.
We do this on "new Array(3.5)", throwing a RangeError.
BUG=
Review URL: https://codereview.chromium.org/1491153002
Cr-Commit-Position: refs/heads/master@{#32489}
port 66d5a9df62 (r32452)
original commit message:
CallIC and CallConstructStub look so alike, at least in the feedback they gather even if the implementation differs...and CallIC has such a nice way of surfacing the feedback (CallICNexus), that there
BUG=
Review URL: https://codereview.chromium.org/1491063003
Cr-Commit-Position: refs/heads/master@{#32488}
port 9e6448813d (r32407)
original commit message:
This way we avoid the %_IsSmi magic that is required in TurboFan to
(efficiently) check abitrary context slots for smi 0. Checking against
"the hole" is common in the AstGraphBuilder and "the hole" is also used
to mark other context slots as not initialized.
BUG=
Review URL: https://codereview.chromium.org/1486913002
Cr-Commit-Position: refs/heads/master@{#32441}
port 47502a238b (r32381)
original commit message:
Previously all contexts had a link to the global object, but what is
required in most cases (except for the global load, store and delete
case) is the native context.
This also removes the second dummy global object that was still linked
to every native context. We will add a different mechanism to ensure
that builtins do not pollute the actual global object during
bootstrapping.
Drive-by-fix: Unify some MacroAssembler magic and drop obsolete stuff.
BUG=
Review URL: https://codereview.chromium.org/1481353002
Cr-Commit-Position: refs/heads/master@{#32387}
Moves all files related to AST and scopes into ast/,
and all files related to scanner & parser to parsing/.
Also eliminates a couple of spurious dependencies.
R=mstarzinger@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1481613002
Cr-Commit-Position: refs/heads/master@{#32351}
port 3d004eeab2 (r32264)
original commit message:
This passes the new.target value in a register instead of through a
side-channel via the construct stub. The interpreter entry trampoline
stores this value in a bytecode register so that it can be accessed
directly by the interpreter. The size of the interpreter stack frame
hence grows by one slot.
BUG=
Review URL: https://codereview.chromium.org/1475043003
Cr-Commit-Position: refs/heads/master@{#32309}
This is the initial step towards refactoring the regexp literation
creation code to make it less obscure and more similar to the mechanism
we use to create array and object literals. There's now a new runtime
entry %CreateRegExpLiteral with the same interface as the entries for
array and object literals, except that we still pass the flags as
string.
Instead of embedding the hand written native to clone JSRegExp instances
we now have a FastCloneRegExpStub, which behaves similar to the other
FastCloneShallowArrayStub and FastCloneShallowObjectStub that we already
had.
R=mlippautz@chromium.org, yangguo@chromium.org
Review URL: https://codereview.chromium.org/1475823003
Cr-Commit-Position: refs/heads/master@{#32255}
port 0ef5ad5ab9 (r32219)
original commit message:
This CL also fixed register usages in MacroAssembler::Allocate() broken by 2fc2cb99 (r32144).
BUG=
Review URL: https://codereview.chromium.org/1473763003
Cr-Commit-Position: refs/heads/master@{#32245}
port 0fb2edd15d (r32217)
original commit message:
We still share the code globally, but if we wanted, it would be easy to
make it per isolate now
BUG=
Review URL: https://codereview.chromium.org/1477683002
Cr-Commit-Position: refs/heads/master@{#32242}
port 7c45b00529 (r32203)
original commit message:
This passes the new.target value in a register instead of through a
side-channel via the construct stub. Note that only TurboFan code uses
the register value so far, but unoptimized code will be switched soon.
BUG=
Review URL: https://codereview.chromium.org/1477663002
Cr-Commit-Position: refs/heads/master@{#32240}
We still share the code globally, but if we wanted, it would be easy to
make it per isolate now
BUG=v8:2487
R=yangguo@chromium.org,jkummerow@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1468313004
Cr-Commit-Position: refs/heads/master@{#32217}
port 374b6ea210 (r32172)
original commit message:
There's no point in collecting feedback for super constructor calls,
because in all (interesting) cases we can gather (better) feedback from
other sources (i.e. via inlining or via using a LOAD_IC to get to the
[[Prototype]] of the target). So CallConstructStub is now only used
for new Foo(...args) sites where we want to collect feedback in the
baseline compiler. The optimizing compilers, Reflect.construct and
super constructor calls use the Construct builtin directly, which allows
us to remove some weird code from the CallConstructStub (and opens the
possibility for more code sharing with the CallICStub, maybe even going
for a ConstructICStub).
Also remove the 100% redundant HCallNew instruction, which is just a
wrapper for the Construct builtin anyway (indirectly via the
CallConstructStub).
Drive-by-fix: Drop unused has_function_cache bit on Code objects.
BUG=
Review URL: https://codereview.chromium.org/1471193002
Cr-Commit-Position: refs/heads/master@{#32197}
port c1e7c8d972 (r32171)
original commit message:
This ensures that the ArgumentsAdaptorTrampoline does not clobber the
new.target value, but rather passes it through to the callee unaltered.
Note that callees do not yet use the new.target value so far.
This is a preparatory CL to allows us passing new.target in a register
instead of via a side-channel through the construct stub frame.
BUG=
Review URL: https://codereview.chromium.org/1475523002
Cr-Commit-Position: refs/heads/master@{#32192}
port d80fd48e5d (r32163)
original commit message:
The CallICStub has call-site specific knowledge about the receiver,
which we did not utilize; plus the CallICStub does in some case know
whether it is about to [[Call]] a function or potentially some other
callable. In the common case we actually know that the target is a
function and so we can use the CallFunction builtin directly instead
of redispatching in the Call builtin.
BUG=
Review URL: https://codereview.chromium.org/1467123002
Cr-Commit-Position: refs/heads/master@{#32167}
port 2fc2cb99f5 (r32144)
original commit message:
The old code was not ready for properly initialize objects with non standard headers and non zero in-object properties number.
MacroAssembler::Allocate() implementations now return both start and end addresses of the new object (done by parameter renaming).
BUG=
Review URL: https://codereview.chromium.org/1467923002
Cr-Commit-Position: refs/heads/master@{#32161}
port ceade6cf23 (r32131)
original commit message:
This adds a new %NewArray runtime entry, which constructs a new JSArray
and does the subclassing correctly (to the same degree that %NewObject
does currently), and also deals properly with the AllocationSite
feedback mechanism. This runtime entry will be used by TurboFan and is
also used as a fallback in the subclassing case in the stub currently.
BUG=
Review URL: https://codereview.chromium.org/1462283003
Cr-Commit-Position: refs/heads/master@{#32160}
This removes some dead code from the function invocation code when the
arguments adaptor trampoline is called. This seems to be leftover code
from when we used to support calling code objects directly.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1455293004
Cr-Commit-Position: refs/heads/master@{#32126}
This changes the interface descriptor for the arguments adaptor to also
contain an explicit register for the new.target value. Note that the
stub still clobbers the register for now.
This is a preparatory CL to allows us passing new.target in a register
instead of via a side-channel through the construct stub frame.
R=bmeurer@chromium.org
BUG=v8:4544
LOG=n
Review URL: https://codereview.chromium.org/1457313002
Cr-Commit-Position: refs/heads/master@{#32117}
This adds an explicit parameter to the call descriptor having kind
kJSCallFunction representing the new.target value. Note that for now
this parameter is not yet passed in and hence cannot be used yet. Also
contains some refactoring of how parameter index value are calculated,
establishing Linkage as the central point for such index computations.
This is a preparatory CL to allows us passing new.target in a register
instead of via a side-channel through the construct stub frame.
R=bmeurer@chromium.org
BUG=v8:4544
LOG=n
Review URL: https://codereview.chromium.org/1461973002
Cr-Commit-Position: refs/heads/master@{#32112}
port e5edd66d07 (r32022)
original commit message:
This is the first part to refactoring the JSNativeContextSpecialization
class, which has grown way too big recently.
Also don't collect cross context feedback for the CallIC in general.
Neither TurboFan nor Crankshaft can make any use of cross context
JSFunction feedback that is collected by the CallIC, so there's no
point in gathering that feedback at all (it just complicates the
checking that is necessary in the compilers). What we should do
instead at some point (when Crankshaft becomes less important) is
to collect the SharedFunctionInfo as feedback for those cases.
BUG=
Review URL: https://codereview.chromium.org/1453033002
Cr-Commit-Position: refs/heads/master@{#32024}
port 34b7b21d1d (r32000)
original commit message:
If inline allocation fails, we can just use the %NewObject fallback,
which will do the right thing. We don't need a dedicated fallback to
%AllocateInNewSpace.
BUG=
Review URL: https://codereview.chromium.org/1451603002
Cr-Commit-Position: refs/heads/master@{#32002}
port 2b4cb2a140 (r31873)
original commit message:
The %StringCharFromCode and %CharFromCode runtime function perform
exactly the same task, so we need only one of them.
BUG=
Review URL: https://codereview.chromium.org/1432063002
Cr-Commit-Position: refs/heads/master@{#31909}
port 7c3396d01c (r31871)
original commit message:
Introduce receiver conversion mode specialization for the Call and
CallFunction builtins, so we can specialize the builtin functionality
(actually an optimization only) based on static information from the
callsite (this is basically a superset of the optimizations that were
available with the CallFunctionStub and CallICStub, except that these
optimizations are correct now).
This fixes a regression introduced by the removal of CallFunctionStub,
for programs that call a lot.
BUG=
Review URL: https://codereview.chromium.org/1431133002
Cr-Commit-Position: refs/heads/master@{#31884}
Adds a test that the receiver for sloppy mode functions is replaced with
the global proxy when called with an undefined receiever.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1410113008
Cr-Commit-Position: refs/heads/master@{#31854}
port 44c44521ae (r31823).
original commit message:
This fixes receiver conversion since the Call builtin does it correctly.
BUG=
Review URL: https://codereview.chromium.org/1416673009
Cr-Commit-Position: refs/heads/master@{#31848}
port ab84025977 (r31790).
original commit message:
The current implementation of classes throws the TypeError at the wrong
point, after activating a new context when directly calling a class
constructor. According to the spec, the TypeError has to be thrown
in the caller context.
BUG=
Review URL: https://codereview.chromium.org/1419793007
Cr-Commit-Position: refs/heads/master@{#31815}
The callees are expected to properly set the number of actual
arguments passed to the callee, which is now represented correctly
in the TurboFan graphs by a new Parameter right before the context
Parameter. Currently this is only being used for outgoing calls.
Note that this requires disabling two of the TF code stub tests,
because of the JavaScript graphs are not automagically compatible
with abitrary (incoming) code stub interface descriptors. If we
want to support JS code stubs at all, then we need to find a sane
way to feed in this information.
Drive-by-fix: Don't insert a direct call to a classConstructor.
R=mstarzinger@chromium.org
BUG=v8:4413, v8:4428
LOG=n
Review URL: https://codereview.chromium.org/1410633006
Cr-Commit-Position: refs/heads/master@{#31789}
port 4490ce8520 (r31701).
original commit message:
Original issue's description:
> [es6] Better support for built-ins subclassing.
>
> Create proper initial map for original constructor (new.target) instead of doing prototype
> transition on the base constructor's initial map. This approach fixes in-object slack tracking
> for subclass instances.
> This CL also fixes subclassing from String.
>
> BUG=v8:3101, v8:3330
> LOG=Y
>
> Committed: https://crrev.com/cd5f48302a502154a0106d12e3066bd563c6340c
> Cr-Commit-Position: refs/heads/master@{#31680}
It also fixes typed array map smashing done during typed array initialization.
BUG=
Review URL: https://codereview.chromium.org/1432483003
Cr-Commit-Position: refs/heads/master@{#31704}
Ensure that we save the BytecodeArray register in the InterpreterEntryTrampoline
before calling out to the kStackGuard runtime function.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1426863005
Cr-Commit-Position: refs/heads/master@{#31650}
port e678a0f9a9 (r31358)
original commit message:
Use %_ToLength for TO_LENGTH, implemented via a ToLengthStub
that supports a fast path for small integers. Everything else is still
handled in the runtime.
BUG=
Review URL: https://codereview.chromium.org/1421803002
Cr-Commit-Position: refs/heads/master@{#31542}
port 7557dc5a70 (r31312).
original commit message:
This change add a new bytecode for operator new and implements it using
the Construct() builtin.
BUG=
Review URL: https://codereview.chromium.org/1423733002
Cr-Commit-Position: refs/heads/master@{#31518}
port 2d4aeaad2f (r31204).
original commit message:
The stack manipulation was expensive. Two virtual registers are better.
BUG=
Review URL: https://codereview.chromium.org/1410573003
Cr-Commit-Position: refs/heads/master@{#31504}
port 9c8262f11e (r31120).
original commit message:
When calling into C++ builtins, we need to make sure that the argument
count register contains the correct number of arguments, otherwise the
CEntryStub will not be able to leave the stack in the correct state.
BUG=
Review URL: https://codereview.chromium.org/1418533009
Cr-Commit-Position: refs/heads/master@{#31503}
port 75f6ad74b2 (r31089).
original commit message:
Adds support for calling runtime functions from the interpreter. Adds the
CallRuntime bytecode which takes a Runtime::FunctionId of the function to call
and the arguments in sequential registers. Adds a InterpreterCEntry builtin
to enable the interpreter to enter C++ code based on the functionId.
Also renames Builtin::PushArgsAndCall to Builtin::InterpreterPushArgsAndCall
and groups all the interpreter builtins together.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1418213002
Cr-Commit-Position: refs/heads/master@{#31502}
port 5cf1c0bcf6 (r31087).
original commit message:
Previous to this patch, both the lithium and TurboFan register
allocators tracked allocated registers by "indices", rather than
the register codes used elsewhere in the runtime. This patch
ensures that codes are used everywhere, and in the process cleans
up a bunch of redundant code and adds more structure to how the
set of allocatable registers is defined.
Some highlights of changes:
* TurboFan's RegisterConfiguration class moved to V8's top level
so that it can be shared with Crankshaft.
* Various "ToAllocationIndex" and related methods removed.
* Code that can be easily shared between Register classes on
different platforms is now shared.
* The list of allocatable registers on each platform is declared
as a list rather than implicitly via the register index <->
code mapping.
additional comment:
This patch must be work with CL https://codereview.chromium.org/1405673003/
and CL https://codereview.chromium.org/1413343002/
which provide the needed register allocation common code change in
v8 for this CL
BUG=
Review URL: https://codereview.chromium.org/1410393004
Cr-Commit-Position: refs/heads/master@{#31494}
Fills out some more of the function prologue support in the
interpreter. Deals with creation of arguments objects and throwing
IllegalRedeclarations if necessary. Also adds (untested) support for
this.function and new.target variable assignment.
Also fixes a bug in Frames::is_java_script() to deal with
interpreter frames correctly.
Cleans up comments in builtins InterpreterEntryTrampoline about
missing prologue support.
Adds the following bytecodes:
- CreateArgumentsSloppy
- CreateArgumentsStrict
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1412953007
Cr-Commit-Position: refs/heads/master@{#31486}
Adds support for creation of new local function contexts (or script context for
top-level code). As part of this, also adds support for context push/pop
operations using a ContextScope object in BytecodeGenerator. Adds the following
bytecodes:
- PushContext
- PopContext
Support for inner contexts and loading from / storing to context allocated
variables will come in a future CL.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1379793004
Cr-Commit-Position: refs/heads/master@{#31238}
Previous to this patch, both the lithium and TurboFan register
allocators tracked allocated registers by "indices", rather than
the register codes used elsewhere in the runtime. This patch
ensures that codes are used everywhere, and in the process cleans
up a bunch of redundant code and adds more structure to how the
set of allocatable registers is defined.
Some highlights of changes:
* TurboFan's RegisterConfiguration class moved to V8's top level
so that it can be shared with Crankshaft.
* Various "ToAllocationIndex" and related methods removed.
* Code that can be easily shared between Register classes on
different platforms is now shared.
* The list of allocatable registers on each platform is declared
as a list rather than implicitly via the register index <->
code mapping.
Committed: https://crrev.com/80bc6f6e11f79524e3f1ad05579583adfd5f18b2
Cr-Commit-Position: refs/heads/master@{#30913}
Committed: https://crrev.com/7b7a8205d9a00c678fb7a6e032a55fecbc1509cf
Cr-Commit-Position: refs/heads/master@{#31075}
Review URL: https://codereview.chromium.org/1287383003
Cr-Commit-Position: refs/heads/master@{#31087}
Reason for revert:
Failures on MIPS
Original issue's description:
> Remove register index/code indirection
>
> Previous to this patch, both the lithium and TurboFan register
> allocators tracked allocated registers by "indices", rather than
> the register codes used elsewhere in the runtime. This patch
> ensures that codes are used everywhere, and in the process cleans
> up a bunch of redundant code and adds more structure to how the
> set of allocatable registers is defined.
>
> Some highlights of changes:
>
> * TurboFan's RegisterConfiguration class moved to V8's top level
> so that it can be shared with Crankshaft.
> * Various "ToAllocationIndex" and related methods removed.
> * Code that can be easily shared between Register classes on
> different platforms is now shared.
> * The list of allocatable registers on each platform is declared
> as a list rather than implicitly via the register index <->
> code mapping.
>
> Committed: https://crrev.com/80bc6f6e11f79524e3f1ad05579583adfd5f18b2
> Cr-Commit-Position: refs/heads/master@{#30913}
>
> Committed: https://crrev.com/7b7a8205d9a00c678fb7a6e032a55fecbc1509cf
> Cr-Commit-Position: refs/heads/master@{#31075}
TBR=akos.palfi@imgtec.com,bmeurer@chromium.org,jarin@chromium.org,paul.lind@imgtec.com,titzer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1380863004
Cr-Commit-Position: refs/heads/master@{#31083}
Previous to this patch, both the lithium and TurboFan register
allocators tracked allocated registers by "indices", rather than
the register codes used elsewhere in the runtime. This patch
ensures that codes are used everywhere, and in the process cleans
up a bunch of redundant code and adds more structure to how the
set of allocatable registers is defined.
Some highlights of changes:
* TurboFan's RegisterConfiguration class moved to V8's top level
so that it can be shared with Crankshaft.
* Various "ToAllocationIndex" and related methods removed.
* Code that can be easily shared between Register classes on
different platforms is now shared.
* The list of allocatable registers on each platform is declared
as a list rather than implicitly via the register index <->
code mapping.
Committed: https://crrev.com/80bc6f6e11f79524e3f1ad05579583adfd5f18b2
Cr-Commit-Position: refs/heads/master@{#30913}
Review URL: https://codereview.chromium.org/1287383003
Cr-Commit-Position: refs/heads/master@{#31075}
It was supposed to be used by the CPU profiler. But as long as
these ranges are not built when profiler is not running, once
the profiler is started there're no ranges for already compiled
functions. So basically this code never worked.
As long as now CPU profiler uses another approach this code is no
longer needed.
Review URL: https://codereview.chromium.org/1376333003
Cr-Commit-Position: refs/heads/master@{#31056}
This CL also allows to use arbitrary number of feedback vector elements for particular slot kind.
Review URL: https://codereview.chromium.org/1370303004
Cr-Commit-Position: refs/heads/master@{#31050}
This enables linter checking for "readability/namespace" violations
during presubmit and instead marks the few known exceptions that we
allow explicitly.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1371083003
Cr-Commit-Position: refs/heads/master@{#31019}
port d8cdd6956a (r31000).
original commit message:
The LiteralsArray will soon hold a type feedback vector. Code treats it as an
ordinary fixed array, and needs to stop that.
BUG=
Review URL: https://codereview.chromium.org/1378793003
Cr-Commit-Position: refs/heads/master@{#31015}
port c90c60ba26 (r30940)
original commit message:
Make sure to always reference it indirectly. This allows us to make the vector
native-context dependent should we wish.
BUG=
Review URL: https://codereview.chromium.org/1369963002
Cr-Commit-Position: refs/heads/master@{#30954}
port 9b12ec9ac2 (r30919)
original commit message:
This lowers JSCreateArgument nodes to call the ArgumentsAccessStub for
help with materializing arguments objects when possible. Along the way
this changes the calling convention of said stub to take parameters in
registers instead of on the stack.
R=weiliang.lin@intel.com
BUG=
Review URL: https://codereview.chromium.org/1368873002
Cr-Commit-Position: refs/heads/master@{#30923}
Reason for revert:
Failures on greedy RegAlloc, Fuzzer
Original issue's description:
> Remove register index/code indirection
>
> Previous to this patch, both the lithium and TurboFan register
> allocators tracked allocated registers by "indices", rather than
> the register codes used elsewhere in the runtime. This patch
> ensures that codes are used everywhere, and in the process cleans
> up a bunch of redundant code and adds more structure to how the
> set of allocatable registers is defined.
>
> Some highlights of changes:
>
> * TurboFan's RegisterConfiguration class moved to V8's top level
> so that it can be shared with Crankshaft.
> * Various "ToAllocationIndex" and related methods removed.
> * Code that can be easily shared between Register classes on
> different platforms is now shared.
> * The list of allocatable registers on each platform is declared
> as a list rather than implicitly via the register index <->
> code mapping.
>
> Committed: https://crrev.com/80bc6f6e11f79524e3f1ad05579583adfd5f18b2
> Cr-Commit-Position: refs/heads/master@{#30913}
TBR=akos.palfi@imgtec.com,bmeurer@chromium.org,jarin@chromium.org,paul.lind@imgtec.com,titzer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1365073002
Cr-Commit-Position: refs/heads/master@{#30914}
Previous to this patch, both the lithium and TurboFan register
allocators tracked allocated registers by "indices", rather than
the register codes used elsewhere in the runtime. This patch
ensures that codes are used everywhere, and in the process cleans
up a bunch of redundant code and adds more structure to how the
set of allocatable registers is defined.
Some highlights of changes:
* TurboFan's RegisterConfiguration class moved to V8's top level
so that it can be shared with Crankshaft.
* Various "ToAllocationIndex" and related methods removed.
* Code that can be easily shared between Register classes on
different platforms is now shared.
* The list of allocatable registers on each platform is declared
as a list rather than implicitly via the register index <->
code mapping.
Review URL: https://codereview.chromium.org/1287383003
Cr-Commit-Position: refs/heads/master@{#30913}
port 8fe3ac0701 (30902).
original commit message:
There was already a bit on the Map named "function with prototype",
which basically meant that the Map was a map for a JSFunction that could
be used as a constructor. Now this CL generalizes that bit to
IsConstructor, which says that whatever (Heap)Object you are looking at
can be used as a constructor (i.e. the bit is also set for bound
functions that can be used as constructors and proxies that have a
[[Construct]] internal method).
This way we have a single chokepoint for IsConstructor checking, which
allows us to get rid of the various ways in which we tried to guess
whether something could be used as a constructor or not.
Drive-by-fix: Renamed IsConstructor on FunctionKind to
IsClassConstructor to resolve the weird name clash, and the
IsClassConstructor name also matches the spec.
BUG=
Review URL: https://codereview.chromium.org/1362313002
Cr-Commit-Position: refs/heads/master@{#30908}
port 556b522ac6 (r30883)
original commit message:
We somehow try to push some stuff on the stack when we detect a stack
overflow, that we don't need. Even worse we might access outside the
valid stack bounds. Since we don't need this, it's gone.
BUG=
Review URL: https://codereview.chromium.org/1367943002
Cr-Commit-Position: refs/heads/master@{#30907}
port 634d1d86d8 (r30874).
original commit message:
Now both Execution::Call and Execution::New can deal with any
kind of target and will raise a proper exception if the target is not
callable (which is not yet spec compliant for New, as we would
have to check IsConstructor instead, which we don't have yet).
Now we no longer need to do any of these weird call/construct
delegate gymnastics in C++, and we finally have a single true
bottleneck for Call/Construct abstract operations in the code
base, with only a few special handlings left in the compilers to
optimize the JSFunction case.
BUG=
Review URL: https://codereview.chromium.org/1362293002
Cr-Commit-Position: refs/heads/master@{#30904}
port 10c5f2e85e
original commit message:
Slow path for relational comparison of boolean primitive values
now goes through the runtime, which made the slow path even
slower than it already was. So in order to repair the regression,
we just track boolean feedback for comparisons and use that
to generate decent code in Crankshaft (not the best possible
code, but good enough for Crankshaft; TurboFan will be able
to do better on that).
BUG=
Review URL: https://codereview.chromium.org/1367523005
Cr-Commit-Position: refs/heads/master@{#30903}
port 1dfac69f1f (r30857).
original commit message:
Introduce new builtins Construct and ConstructFunction (in line
with the Call and CallFunction builtins that we already have) as
proper bottleneck for Construct and [[Construct]] on JSFunctions.
Use these builtins to support passing NewTarget from C++ to
JavaScript land.
Long-term we want the CallConstructStub to be used for
gathering feedback on entry to construction chain (i.e. the
initial new Foo), and use the Construct builtins to do the
actual work inside the construction chain (i.e. calling into
super and stuff).
BUG=
Review URL: https://codereview.chromium.org/1362573002
Cr-Commit-Position: refs/heads/master@{#30899}
port e56f265f6d (r30852).
original commit message:
Previously we only collected the known map for equality comparisons. But
if we also collect it for relational comparisons, we can inline a fast
path of ToPrimitive on the objects, which is especially interesting
since both sides have the same map.
For now we only inline a very limited subset of ToPrimitive in
Crankshaft, which is when the receiver map (and its prototype chain)
doesn't have @@toPrimitive, and both valueOf and toString are the
default versions on the %ObjectPrototype%. In this case the relational
comparison would reduce to a string comparison of "[object CLASS]" with
itself and so we can reduce that to a boolean constant plus map checks
on both left and right hand side, plus code dependencies on the
prototype chain. This repairs the regression on box2d.
BUG=
Review URL: https://codereview.chromium.org/1342243005
Cr-Commit-Position: refs/heads/master@{#30897}
port 8016547c8e (r30818).
original commit message:
The StringCompareStub used to take its parameters on the (JavaScript)
stack, which made it impossible to use in TurboFan. Actually
StringCompareStub was currently completely unused. This changes the
calling convention to something TurboFan compatible and introduces a
CallInterfaceDescriptor for StringCompareStub. It also changes
HStringCompareAndBranch to use the StringCompareStub instead of using
the full blown CompareICStub for a stupid string comparison.
BUG=
Review URL: https://codereview.chromium.org/1355983003
Cr-Commit-Position: refs/heads/master@{#30845}
port 593c655a3c (r30816).
original commit message:
This removes the weird COMPARE and COMPARE_STRONG JavaScript builtins
and replaces them with a proper C++ implementation in Object::Compare
and appropriate wrappers Object::LessThan, Object::GreaterThan, and
friends that are intended to be used by a true/false returning CompareIC
in the future, as well as the interpreter. As a short-term solution we
provide %Compare and %Compare_Strong entry points for the current
CompareIC that return the appropriate integer values expected by
fullcodegen currently.
Now the Abstract Relational Comparison is also using the correct
ToPrimitive implementation, which properly supports @@toPrimitive.
BUG=
Review URL: https://codereview.chromium.org/1353343002
Cr-Commit-Position: refs/heads/master@{#30844}
port b5588f48fd (r30767).
original commit message:
There isn't a plan to turn it on soon, so we'll take it out in favor of cleaner code.
BUG=
Review URL: https://codereview.chromium.org/1346043005
Cr-Commit-Position: refs/heads/master@{#30829}
port d5bbd45f04 (r30808).
oringial commit message:
Currently Execution::Call (and friends) still duplicate a lot of the
Call sequence logic that should be encapsulated in the Call and
CallFunction builtins. So the plan now is to switch Execution::Call
to accept any Callable and just pass that through to the Call builtin.
BUG=
Review URL: https://codereview.chromium.org/1350183005
Cr-Commit-Position: refs/heads/master@{#30828}
port a3d6f6cce3 (r30759).
original commit message:
Implement the String constructor completely as native builtin,
avoiding the need to do gymnastics in JavaScript builtin to
properly detect the no argument case (which is different from
the undefined argument case) and also allowing to just
tailcall through to ToString or SymbolDescriptiveString for
the common case. Also the JavaScript builtin was misleading
since the case for construct call was unused, but could be
triggered in a wrong way once we support tail calls from
constructor functions.
This refactoring allows us to properly implement subclassing
for String builtins, once we have the correct initial_map on
derived classes (it's merely a matter of using NewTarget
instead of the target register now).
This introduces a new %SymbolDescriptiveString runtime
entry, which is also used by Symbol.toString() now.
BUG=
Review URL: https://codereview.chromium.org/1349403002
Cr-Commit-Position: refs/heads/master@{#30826}
port 1e00bb57a2 (r30737).
original commit message:
(reason for revert/reland: patch incorrectly left --vector-stores flag
on, helpfully revealing some gcstress issues to look at, but they
don't need to block this CL).
Some pretty hacky code was used to carry out the tail-call
handler dispatch on ia32 vector stores due to a lack
of free registers. It really tanks performance. A better
approach is to use a virtual register on the isolate.
BUG=
Review URL: https://codereview.chromium.org/1344383002
Cr-Commit-Position: refs/heads/master@{#30781}
port 54bab695f5 (r30747).
original commit message:
Move the implementation of the Abstract Equality Comparison to the
runtime and thereby remove the EQUALS dispatcher builtin. Also remove
the various runtime entry points that were only used to support the
EQUALS builtin.
Now the Abstract Equality Comparison is also using the correct
ToPrimitive implementation, which properly supports @@toPrimitive.
BUG=
Review URL: https://codereview.chromium.org/1349623002
Cr-Commit-Position: refs/heads/master@{#30780}
port e7fb233946 (r30710).
original commit message:
Adds support for JS calls to the interpreter. In order to support
calls from the interpreter, the PushArgsAndCall builtin is added
which pushes a sequence of arguments onto the stack and calls
builtin::Call.
Adds the Call bytecode.
BUG=
Review URL: https://codereview.chromium.org/1334153004
Cr-Commit-Position: refs/heads/master@{#30745}
port eadfd66631 (r30706).
original commit message:
The String constructor was somewhat complex with a lot of micro
optimizations that are not relevant or even misguided. It would be
really hard to port that code to ES6, which requires String to be
subclassable. So as a first step we reduced the necessary complexity
to the bare minimum (also removing the last user of the fairly complex
MacroAssembler::LookupNumberStringCache method).
This also removes the counters for the String constructor, which
were not properly exposed anymore (and not kept in sync with inlined
versions of the String constructor anyway).
BUG=
Review URL: https://codereview.chromium.org/1336133003
Cr-Commit-Position: refs/heads/master@{#30744}
port 39604dda56 (r30693).
original commit message:
Just use a %ThrowStackOverflow runtime function instead, which
does the trick, especially since the Isolate already has a
preallocated StackOverflow error for that.
BUG=
Review URL: https://codereview.chromium.org/1344793002
Cr-Commit-Position: refs/heads/master@{#30741}
port 622fa0ea21 (r30691).
original commit message:
Currently we do this dance between the CallConstructStub, the
CALL_* builtins and the %GetConstructorDelegate, %GetProxyTrap,
and %Apply runtime functions for every [[Construct]] operation on
non-function callables. This is complexity is unnecessary, and can
be simplified to work without any JS builtin. This will also make it
a lot easier to implement ES6 compliant [[Construct]] for proxies.
Also sanitize the invariant for CallConstructStub, which up until now
always restored the context itself, but that force us to always create
another copy of all arguments in case of proxies and other callables,
so we can relax that constraint by making the caller restore the context
(this only affects fullcodegen, since the optimizing compilers already
properly restore the context anyway).
BUG=
Review URL: https://codereview.chromium.org/1341233002
Cr-Commit-Position: refs/heads/master@{#30740}
port ba7b641398 (r30649)
original commit message:
This CL makes do with a single dispatcher which inlines the special handling for the Array() call case, loading the allocation site found in the vector and c
BUG=
Review URL: https://codereview.chromium.org/1330993004
Cr-Commit-Position: refs/heads/master@{#30672}
There are now two runtime entries %NewClosure and %NewClosure_Tenured,
with the same signature (one parameter, the SharedFunctionInfo, and the
context of the caller).
Also remove the HFunctionLiteral special case instruction from Crankshaft,
as HCallWithDescriptor with FastNewClosureStub or HCallRuntime with
either %NewClosure or %NewClosure_Tenured can easily do that for you.
Also remove the redundant context parameter from the JSCreateClosure
operator, because every JS operator already takes a context input.
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_dbg
Review URL: https://codereview.chromium.org/1329293003
Cr-Commit-Position: refs/heads/master@{#30671}
port b37907ff7f (r30648).
original commit message:
The number of actual arguments should always be available, there's no
point in trying to optimize away a simple assignment of an immediate to
a register before some calls.
The main motivation is to have a consistent state at the beginning of every
function. Currently the arguments register (i.e. rax or eax) either contains
the number of arguments or some random garbage depending on whether
the callsite decided that the callee might need the information or not.
This causes trouble with runtime implementations of functions that
do not set internal_formal_parameter_count to the DontAdaptArguments
sentinel (we don't have any of those yet), but also makes it impossible
to sanity check the arguments in the callee, because the callee doesn't
know whether the caller decided to pass the number of arguments or
random garbage.
BUG=
Review URL: https://codereview.chromium.org/1335453002
Cr-Commit-Position: refs/heads/master@{#30669}
port ccbb4ff00f (r30629)
original commit message:
The new Call and CallFunction builtins supersede the current
CallFunctionStub (and CallIC magic) and will be the single bottleneck
for all calling, including the currently special Function.prototype.call
and Function.prototype.apply builtins, which had handwritten (and
not fully compliant) versions of CallFunctionStub, and also the
CallIC(s), which where also slightly different.
This also reduces the overhead for API function calls, which is still
unnecessary high, but let's do that step-by-step.
This also fixes a bunch of cases where the implicit ToObject for
sloppy receivers was done in the wrong context (in the caller
context instead of the callee context), which basically meant
that we allowed cross context access to %ObjectPrototype%.
BUG=
Review URL: https://codereview.chromium.org/1332703002
Cr-Commit-Position: refs/heads/master@{#30668}
port db2ba190db (r30634).
original commit message:
The semantics of the %_CallFunction intrinsic seem to be very unclear,
which resulted in a lot of bugs. Especially the combination with
%IsSloppyModeFunction is always a bug, because the receiver would be
wrapped in the wrong context. So the %IsSloppyModeFunction helper is
gone now, and many of the buggy uses of %_CallFunction are also
eliminated.
If you ever need to call something with a different receiver, then
%_Call is your friend now. It does what you want and implements the
call sequence fully (and correct).
Review URL: https://codereview.chromium.org/1336443002
Cr-Commit-Position: refs/heads/master@{#30667}
This CL is a fix for c0c3d866fb (r30606).
In r30606, initialization of FPU implementation is not moved to prologue
generation correctly.
BUG=
Review URL: https://codereview.chromium.org/1317643009
Cr-Commit-Position: refs/heads/master@{#30626}
port 40fbed0609 (r30581)
original commit message:
The last changes for vector store functionality, they are in 3 areas:
1) The new vector [keyed] store code stubs - implementation.
2) IC and handler compiler adjustments
3) Odds and ends. A change in ast.cc, a test update, a small Oracle fix.
BUG=
Review URL: https://codereview.chromium.org/1311413007
Cr-Commit-Position: refs/heads/master@{#30612}
port 8a378f46d5 (r30552)
original commit message:
This turns the has_instance_call_handler bit on Map into an is_callable
bit, that matches the spec definition of IsCallable (i.e. instances have
[[Call]] internal methods).
Also fix the typeof operator to properly say "function" for everything
that is callable.
Also remove the (unused) premature %_GetPrototype optimization from
Crankshaft, which just complicated the Map bit swap.
BUG=
Review URL: https://codereview.chromium.org/1310653004
Cr-Commit-Position: refs/heads/master@{#30609}
port 29ebcc3205 (r30496).
original commit message:
This CL introduces HPrologue instruction which does the context allocation work and supports deoptimization.
BUG=
Review URL: https://codereview.chromium.org/1308743005
Cr-Commit-Position: refs/heads/master@{#30606}
port fbad63669e (r30467)
original commit message:
The call protocol requires that the register dedicated to the number of
actual arguments (i.e. rax on x64) always contains the actual arguments.
That means after adapting arguments it should match the number of
expected arguments. But currently we pass some semi-random value
(usually some stack address) after adapting arguments.
It looks like this is currently not observable anywhere, because our
builtins and functions either don't look at the number of arguments and
just make hard coded (unchecked) assumptions, or are marked as "don't
adapt arguments", which bypasses the broken code in the trampoline for
arguments adaption. Nevertheless this should be fixed.
BUG=
Review URL: https://codereview.chromium.org/1304893010
Cr-Commit-Position: refs/heads/master@{#30605}
port 09de997b35 (r30442).
original commit message:
This adds a new ToString runtime function and a fast-path ToStringStub
(which is just a simple dispatcher for existing functionality), and also
implements %_ToName using the ToStringStub.
R=weiliang.lin@intel.com
BUG=
Review URL: https://codereview.chromium.org/1326473002
Cr-Commit-Position: refs/heads/master@{#30460}
port 5d975694e4 (r30403)
original commit message:
Adds support for parameters to the BytecodeArrayBuilder and BytecodeGenerator.
Parameters are accessed as negative interpreter registers.
R=weiliang.lin@intel.com
BUG=
Review URL: https://codereview.chromium.org/1324453003
Cr-Commit-Position: refs/heads/master@{#30440}
This is the first step towards a spec compliant ToPrimitive
implementation (and therefore spec compliant ToNumber, ToString,
ToName, and friends). It adds support for the @@toPrimitive
symbol that was introduced with ES2015, and also adds the new
Symbol.prototype[@@toPrimitive] and Date.prototype[@@toPrimitive]
initial properties.
There are now runtime functions for %ToPrimitive, %ToNumber and
%ToString, which do the right thing and should be used as fallbacks
instead of the hairy runtime.js implementations. I will do the
same for the other conversion operations mentioned by the spec in
follow up CLs. Once everything is in place we can look into
optimizing things further, so that we don't always call into the
runtime.
Also fixed Date.prototype.toJSON to be spec compliant.
R=mstarzinger@chromium.org, yangguo@chromium.org
BUG=v8:4307
LOG=y
Review URL: https://codereview.chromium.org/1306303003
Cr-Commit-Position: refs/heads/master@{#30434}
%_IsObject(foo) is equivalent to typeof foo === 'object' and has
exactly the same optimizations, so there's zero need for %_IsObject
in our code base.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1313903003
Cr-Commit-Position: refs/heads/master@{#30380}
port 5d875a57fa (r30342).
original commit message:
The previous hack with HInstanceOfKnownGlobal was not only slower,
but also very brittle and required a lot of weird hacks to support it. And
what's even more important it wasn't even correct (because a map check
on the lhs is never enough for instanceof).
The new implementation provides a sane runtime implementation
for InstanceOf plus a fast case in the InstanceOfStub, combined with
a proper specialization in the case of a known global in CrankShaft,
which does only the prototype chain walk (coupled with a code
dependency on the known global).
As a drive-by-fix: Also fix the incorrect Object.prototype.isPrototypeOf
implementation.
R=weiliang.lin@intel.com
BUG=
Review URL: https://codereview.chromium.org/1318663003
Cr-Commit-Position: refs/heads/master@{#30376}
For X87 platform, it has the same general register as ia32 and it will spill the
context to the stack too.
port bfdc22d7fc (r29325).
original commit message:
Passes the current context to bytecode interpreter handlers. This is held in the
context register on all architectures except for ia32 where there are too few
registers and it is instead spilled to the stack.
Also changes Load/StoreRegister to use kMachAnyTagged representation since they
should only ever hold tagged values.
BUG=
Review URL: https://codereview.chromium.org/1316583003
Cr-Commit-Position: refs/heads/master@{#30368}
port cbbaf9ea6a (r30224).
original commit message:
[turbofan] Unify referencing of stack slots
Previously, it was not possible to specify StackSlotOperands for all
slots in both the caller and callee stacks. Specifically, the region
of the callee's stack including the saved return address, frame
pointer, function pointer and context pointer could not be addressed
by the register allocator/gap resolver.
In preparation for better tail call support, which will use the gap
resolver to reconcile outgoing parameters, this change makes it
possible to address all slots on the stack, because slots in the
previously inaccessible dead zone may become parameter slots for
outgoing tail calls. All caller stack slots are accessible as they
were before, with slot -1 corresponding to the last stack
parameter. Stack slot indices >= 0 access the callee stack, with slot
0 corresponding to the callee's saved return address, 1 corresponding
to the saved frame pointer, 2 corresponding to the current function
context, 3 corresponding to the frame marker/JSFunction, and slots 4
and above corresponding to spill slots.
The following changes were specifically needed:
* Frame has been changed to explicitly manage three areas of the
callee frame, the fixed header, the spill slot area, and the
callee-saved register area.
* Conversions from stack slot indices to fp offsets all now go through
a common bottleneck: OptimizedFrame::StackSlotOffsetRelativeToFp
* The generation of deoptimization translation tables has been changed
to support the new stack slot indexing scheme. Crankshaft, which
doesn't support the new slot numbering in its register allocator,
must adapt the indexes when creating translation tables.
* Callee-saved parameters are now kept below spill slots, not above,
to support saving only the optimal set of used registers, which is
only known after register allocation is finished and spill slots
have been allocated.
BUG=
Review URL: https://codereview.chromium.org/1293103003
Cr-Commit-Position: refs/heads/master@{#30292}
port 00df60d1c6 (r30219).
original commit message:
Makes the following modifications to the interpreter builtins and
InterpreterAssembler:
- Adds an accumulator register and initializes it to undefined()
- Adds a register file pointer register and use it instead of FramePointer to
access registers
- Modifies builtin to support functions with 0 regiters in the register file
- Modifies builtin to Call rather than TailCall to first bytecode handler.
BUG=
Review URL: https://codereview.chromium.org/1304593002
Cr-Commit-Position: refs/heads/master@{#30289}
port f4c079d450 (r30107).
This is the appendix of 458dfe3b943edb3238917edfe9e2dde326cd1adb which misses
one modified file.
original commit message:
There's no need to have one InstanceType per SIMD primitive type (this
will not scale long-term). Also reduce the amount of code duplication
and make it more robust wrt adding new SIMD types.
BUG=
Review URL: https://codereview.chromium.org/1304963003
Cr-Commit-Position: refs/heads/master@{#30288}
port f4c079d450 (r30107).
original commit message:
There's no need to have one InstanceType per SIMD primitive type (this
will not scale long-term). Also reduce the amount of code duplication
and make it more robust wrt adding new SIMD types.
BUG=
Review URL: https://codereview.chromium.org/1286313003
Cr-Commit-Position: refs/heads/master@{#30241}
Add Object::StrictEquals to unify the implementation of strict equality
comparison in the runtime and the api (the api was already missing a
case for SIMD). Now we (almost) have a single bottleneck for strict
equality, we just need to reduce the amount of unnecessary complexity
for the code stub.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1298603002
Cr-Commit-Position: refs/heads/master@{#30186}
The operations were available on ARM64 and x86-32 but were unused.
It has been conjectured that nontemporals can be used for rowhammer-like bitflips more easily than regular load/store operations. It is therefore desirable to avoid generating these instructions in the future.
R= titzer, jochen, jln, Mark Seaborn, ruiq
Review URL: https://codereview.chromium.org/1276113002
Cr-Commit-Position: refs/heads/master@{#30139}
This tries to remove includes of "-inl.h" headers from normal ".h"
headers, thereby reducing the chance of any cyclic dependencies and
decreasing the average size of our compilation units.
Note that this change still leaves 7 violations of that rule in the
code. However there now is the "tools/check-inline-includes.sh" tool
detecting such violations.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1283033003
Cr-Commit-Position: refs/heads/master@{#30125}
This way we can greatly simplify the different variants of ToObject in
our codebase and make them more uniform and robust. Adding a new
primitive doesn't require finding and changing all those places again,
but it is sufficient to setup the constructor function index when
allocating the map.
We use the inobject properties field of Map, which is invalid primitive
maps anyway.
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/1276533003
Cr-Commit-Position: refs/heads/master@{#30119}
This is the first step of turning the v8.h file into a normal header
instead of an include-the-world header. The new rule is that no other
header files are allowed to include v8.h, which is enforced by DEPS.
Also the number of includes inside the v8.h file has been drastically
reduced. Basically the last missing piece is the inclusion of the big
objects-inl.h file.
This in turn makes many headers follow the IWYU principle.
R=bmeurer@chromium.org,hpayer@chromium.org,titzer@chromium.org
Review URL: https://codereview.chromium.org/1282503003
Cr-Commit-Position: refs/heads/master@{#30102}
port 1a5751f9b3 (r29956)
original commit message:
Since we need the notion of a dummy vector ic, we can use that to avoid
a special case of the IC constructor. Also, consolidate the two dummy
ICs into one.
BUG=
Review URL: https://codereview.chromium.org/1265113002
Cr-Commit-Position: refs/heads/master@{#29963}
This is the initial (big) step towards a more uniform implementation of
the ToObject abstract operation (ES6 7.1.13), where we have a fallback
implementation in JSReceiver::ToObject() and a fast (hydrogen) CodeStub
to deal with the fast case (we should be able to do more cleanup on this
in a followup CL). For natives we expose the abstract operation via a
%_ToObject intrinsic, also exposed via a macro TO_OBJECT, that unifies
the previous confusion with TO_OBJECT_INLINE, ToObject, TO_OBJECT,
$toObject and %$toObject. Now the whole implementation of the abstract
operation is context independent, meaning we don't need any magic in the
builtins object nor the native context.
R=mvstanton@chromium.org,yangguo@chromium.org
Review URL: https://codereview.chromium.org/1266013006
Cr-Commit-Position: refs/heads/master@{#29953}
port c5dd553cf3 (r29929).
original commit message:
Adds interpreter entry and exit trampoline builtins. Also implements the
Return bytecode handler and fixes a few bugs in InterpreterAssembler
highlighted by running on other architectures.
BUG=
Review URL: https://codereview.chromium.org/1271433002
Cr-Commit-Position: refs/heads/master@{#29943}
All runtime function get a context anyway, which is the same as the
explicit one in case of DeclareGlobals and DeclareLookupSlot. So
we can remove the additional parameter there.
As an additional bonus, improve the runtime interface to DeclareLookupSlot.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1261863002
Cr-Commit-Position: refs/heads/master@{#29923}
port 5dff4bdff0 (r29886).
original commit message:
No need to pass the name explicitly to the stubs; the runtime can
extract the name from the ScopeInfo (the extension of the
ScriptContext) on-demand easily without any performance impact.
BUG=
Review URL: https://codereview.chromium.org/1259063004
Cr-Commit-Position: refs/heads/master@{#29892}
port cac64b9f63 (r29881)
original commit message:
We don't need the hole check and slow runtime mode for read-only
properties this way.
BUG=
Review URL: https://codereview.chromium.org/1263473002
Cr-Commit-Position: refs/heads/master@{#29891}
