port e678a0f9a9 (r31358)
original commit message:
Use %_ToLength for TO_LENGTH, implemented via a ToLengthStub
that supports a fast path for small integers. Everything else is still
handled in the runtime.
BUG=
Review URL: https://codereview.chromium.org/1421803002
Cr-Commit-Position: refs/heads/master@{#31542}
port 7557dc5a70 (r31312).
original commit message:
This change add a new bytecode for operator new and implements it using
the Construct() builtin.
BUG=
Review URL: https://codereview.chromium.org/1423733002
Cr-Commit-Position: refs/heads/master@{#31518}
port 2d4aeaad2f (r31204).
original commit message:
The stack manipulation was expensive. Two virtual registers are better.
BUG=
Review URL: https://codereview.chromium.org/1410573003
Cr-Commit-Position: refs/heads/master@{#31504}
port 9c8262f11e (r31120).
original commit message:
When calling into C++ builtins, we need to make sure that the argument
count register contains the correct number of arguments, otherwise the
CEntryStub will not be able to leave the stack in the correct state.
BUG=
Review URL: https://codereview.chromium.org/1418533009
Cr-Commit-Position: refs/heads/master@{#31503}
port 75f6ad74b2 (r31089).
original commit message:
Adds support for calling runtime functions from the interpreter. Adds the
CallRuntime bytecode which takes a Runtime::FunctionId of the function to call
and the arguments in sequential registers. Adds a InterpreterCEntry builtin
to enable the interpreter to enter C++ code based on the functionId.
Also renames Builtin::PushArgsAndCall to Builtin::InterpreterPushArgsAndCall
and groups all the interpreter builtins together.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1418213002
Cr-Commit-Position: refs/heads/master@{#31502}
port 5cf1c0bcf6 (r31087).
original commit message:
Previous to this patch, both the lithium and TurboFan register
allocators tracked allocated registers by "indices", rather than
the register codes used elsewhere in the runtime. This patch
ensures that codes are used everywhere, and in the process cleans
up a bunch of redundant code and adds more structure to how the
set of allocatable registers is defined.
Some highlights of changes:
* TurboFan's RegisterConfiguration class moved to V8's top level
so that it can be shared with Crankshaft.
* Various "ToAllocationIndex" and related methods removed.
* Code that can be easily shared between Register classes on
different platforms is now shared.
* The list of allocatable registers on each platform is declared
as a list rather than implicitly via the register index <->
code mapping.
additional comment:
This patch must be work with CL https://codereview.chromium.org/1405673003/
and CL https://codereview.chromium.org/1413343002/
which provide the needed register allocation common code change in
v8 for this CL
BUG=
Review URL: https://codereview.chromium.org/1410393004
Cr-Commit-Position: refs/heads/master@{#31494}
Fills out some more of the function prologue support in the
interpreter. Deals with creation of arguments objects and throwing
IllegalRedeclarations if necessary. Also adds (untested) support for
this.function and new.target variable assignment.
Also fixes a bug in Frames::is_java_script() to deal with
interpreter frames correctly.
Cleans up comments in builtins InterpreterEntryTrampoline about
missing prologue support.
Adds the following bytecodes:
- CreateArgumentsSloppy
- CreateArgumentsStrict
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1412953007
Cr-Commit-Position: refs/heads/master@{#31486}
Adds support for creation of new local function contexts (or script context for
top-level code). As part of this, also adds support for context push/pop
operations using a ContextScope object in BytecodeGenerator. Adds the following
bytecodes:
- PushContext
- PopContext
Support for inner contexts and loading from / storing to context allocated
variables will come in a future CL.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1379793004
Cr-Commit-Position: refs/heads/master@{#31238}
Previous to this patch, both the lithium and TurboFan register
allocators tracked allocated registers by "indices", rather than
the register codes used elsewhere in the runtime. This patch
ensures that codes are used everywhere, and in the process cleans
up a bunch of redundant code and adds more structure to how the
set of allocatable registers is defined.
Some highlights of changes:
* TurboFan's RegisterConfiguration class moved to V8's top level
so that it can be shared with Crankshaft.
* Various "ToAllocationIndex" and related methods removed.
* Code that can be easily shared between Register classes on
different platforms is now shared.
* The list of allocatable registers on each platform is declared
as a list rather than implicitly via the register index <->
code mapping.
Committed: https://crrev.com/80bc6f6e11f79524e3f1ad05579583adfd5f18b2
Cr-Commit-Position: refs/heads/master@{#30913}
Committed: https://crrev.com/7b7a8205d9a00c678fb7a6e032a55fecbc1509cf
Cr-Commit-Position: refs/heads/master@{#31075}
Review URL: https://codereview.chromium.org/1287383003
Cr-Commit-Position: refs/heads/master@{#31087}
Reason for revert:
Failures on MIPS
Original issue's description:
> Remove register index/code indirection
>
> Previous to this patch, both the lithium and TurboFan register
> allocators tracked allocated registers by "indices", rather than
> the register codes used elsewhere in the runtime. This patch
> ensures that codes are used everywhere, and in the process cleans
> up a bunch of redundant code and adds more structure to how the
> set of allocatable registers is defined.
>
> Some highlights of changes:
>
> * TurboFan's RegisterConfiguration class moved to V8's top level
> so that it can be shared with Crankshaft.
> * Various "ToAllocationIndex" and related methods removed.
> * Code that can be easily shared between Register classes on
> different platforms is now shared.
> * The list of allocatable registers on each platform is declared
> as a list rather than implicitly via the register index <->
> code mapping.
>
> Committed: https://crrev.com/80bc6f6e11f79524e3f1ad05579583adfd5f18b2
> Cr-Commit-Position: refs/heads/master@{#30913}
>
> Committed: https://crrev.com/7b7a8205d9a00c678fb7a6e032a55fecbc1509cf
> Cr-Commit-Position: refs/heads/master@{#31075}
TBR=akos.palfi@imgtec.com,bmeurer@chromium.org,jarin@chromium.org,paul.lind@imgtec.com,titzer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1380863004
Cr-Commit-Position: refs/heads/master@{#31083}
Previous to this patch, both the lithium and TurboFan register
allocators tracked allocated registers by "indices", rather than
the register codes used elsewhere in the runtime. This patch
ensures that codes are used everywhere, and in the process cleans
up a bunch of redundant code and adds more structure to how the
set of allocatable registers is defined.
Some highlights of changes:
* TurboFan's RegisterConfiguration class moved to V8's top level
so that it can be shared with Crankshaft.
* Various "ToAllocationIndex" and related methods removed.
* Code that can be easily shared between Register classes on
different platforms is now shared.
* The list of allocatable registers on each platform is declared
as a list rather than implicitly via the register index <->
code mapping.
Committed: https://crrev.com/80bc6f6e11f79524e3f1ad05579583adfd5f18b2
Cr-Commit-Position: refs/heads/master@{#30913}
Review URL: https://codereview.chromium.org/1287383003
Cr-Commit-Position: refs/heads/master@{#31075}
It was supposed to be used by the CPU profiler. But as long as
these ranges are not built when profiler is not running, once
the profiler is started there're no ranges for already compiled
functions. So basically this code never worked.
As long as now CPU profiler uses another approach this code is no
longer needed.
Review URL: https://codereview.chromium.org/1376333003
Cr-Commit-Position: refs/heads/master@{#31056}
This CL also allows to use arbitrary number of feedback vector elements for particular slot kind.
Review URL: https://codereview.chromium.org/1370303004
Cr-Commit-Position: refs/heads/master@{#31050}
This enables linter checking for "readability/namespace" violations
during presubmit and instead marks the few known exceptions that we
allow explicitly.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1371083003
Cr-Commit-Position: refs/heads/master@{#31019}
port d8cdd6956a (r31000).
original commit message:
The LiteralsArray will soon hold a type feedback vector. Code treats it as an
ordinary fixed array, and needs to stop that.
BUG=
Review URL: https://codereview.chromium.org/1378793003
Cr-Commit-Position: refs/heads/master@{#31015}
port c90c60ba26 (r30940)
original commit message:
Make sure to always reference it indirectly. This allows us to make the vector
native-context dependent should we wish.
BUG=
Review URL: https://codereview.chromium.org/1369963002
Cr-Commit-Position: refs/heads/master@{#30954}
port 9b12ec9ac2 (r30919)
original commit message:
This lowers JSCreateArgument nodes to call the ArgumentsAccessStub for
help with materializing arguments objects when possible. Along the way
this changes the calling convention of said stub to take parameters in
registers instead of on the stack.
R=weiliang.lin@intel.com
BUG=
Review URL: https://codereview.chromium.org/1368873002
Cr-Commit-Position: refs/heads/master@{#30923}
Reason for revert:
Failures on greedy RegAlloc, Fuzzer
Original issue's description:
> Remove register index/code indirection
>
> Previous to this patch, both the lithium and TurboFan register
> allocators tracked allocated registers by "indices", rather than
> the register codes used elsewhere in the runtime. This patch
> ensures that codes are used everywhere, and in the process cleans
> up a bunch of redundant code and adds more structure to how the
> set of allocatable registers is defined.
>
> Some highlights of changes:
>
> * TurboFan's RegisterConfiguration class moved to V8's top level
> so that it can be shared with Crankshaft.
> * Various "ToAllocationIndex" and related methods removed.
> * Code that can be easily shared between Register classes on
> different platforms is now shared.
> * The list of allocatable registers on each platform is declared
> as a list rather than implicitly via the register index <->
> code mapping.
>
> Committed: https://crrev.com/80bc6f6e11f79524e3f1ad05579583adfd5f18b2
> Cr-Commit-Position: refs/heads/master@{#30913}
TBR=akos.palfi@imgtec.com,bmeurer@chromium.org,jarin@chromium.org,paul.lind@imgtec.com,titzer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1365073002
Cr-Commit-Position: refs/heads/master@{#30914}
Previous to this patch, both the lithium and TurboFan register
allocators tracked allocated registers by "indices", rather than
the register codes used elsewhere in the runtime. This patch
ensures that codes are used everywhere, and in the process cleans
up a bunch of redundant code and adds more structure to how the
set of allocatable registers is defined.
Some highlights of changes:
* TurboFan's RegisterConfiguration class moved to V8's top level
so that it can be shared with Crankshaft.
* Various "ToAllocationIndex" and related methods removed.
* Code that can be easily shared between Register classes on
different platforms is now shared.
* The list of allocatable registers on each platform is declared
as a list rather than implicitly via the register index <->
code mapping.
Review URL: https://codereview.chromium.org/1287383003
Cr-Commit-Position: refs/heads/master@{#30913}
port 8fe3ac0701 (30902).
original commit message:
There was already a bit on the Map named "function with prototype",
which basically meant that the Map was a map for a JSFunction that could
be used as a constructor. Now this CL generalizes that bit to
IsConstructor, which says that whatever (Heap)Object you are looking at
can be used as a constructor (i.e. the bit is also set for bound
functions that can be used as constructors and proxies that have a
[[Construct]] internal method).
This way we have a single chokepoint for IsConstructor checking, which
allows us to get rid of the various ways in which we tried to guess
whether something could be used as a constructor or not.
Drive-by-fix: Renamed IsConstructor on FunctionKind to
IsClassConstructor to resolve the weird name clash, and the
IsClassConstructor name also matches the spec.
BUG=
Review URL: https://codereview.chromium.org/1362313002
Cr-Commit-Position: refs/heads/master@{#30908}
port 556b522ac6 (r30883)
original commit message:
We somehow try to push some stuff on the stack when we detect a stack
overflow, that we don't need. Even worse we might access outside the
valid stack bounds. Since we don't need this, it's gone.
BUG=
Review URL: https://codereview.chromium.org/1367943002
Cr-Commit-Position: refs/heads/master@{#30907}
port 634d1d86d8 (r30874).
original commit message:
Now both Execution::Call and Execution::New can deal with any
kind of target and will raise a proper exception if the target is not
callable (which is not yet spec compliant for New, as we would
have to check IsConstructor instead, which we don't have yet).
Now we no longer need to do any of these weird call/construct
delegate gymnastics in C++, and we finally have a single true
bottleneck for Call/Construct abstract operations in the code
base, with only a few special handlings left in the compilers to
optimize the JSFunction case.
BUG=
Review URL: https://codereview.chromium.org/1362293002
Cr-Commit-Position: refs/heads/master@{#30904}
port 10c5f2e85e
original commit message:
Slow path for relational comparison of boolean primitive values
now goes through the runtime, which made the slow path even
slower than it already was. So in order to repair the regression,
we just track boolean feedback for comparisons and use that
to generate decent code in Crankshaft (not the best possible
code, but good enough for Crankshaft; TurboFan will be able
to do better on that).
BUG=
Review URL: https://codereview.chromium.org/1367523005
Cr-Commit-Position: refs/heads/master@{#30903}
port 1dfac69f1f (r30857).
original commit message:
Introduce new builtins Construct and ConstructFunction (in line
with the Call and CallFunction builtins that we already have) as
proper bottleneck for Construct and [[Construct]] on JSFunctions.
Use these builtins to support passing NewTarget from C++ to
JavaScript land.
Long-term we want the CallConstructStub to be used for
gathering feedback on entry to construction chain (i.e. the
initial new Foo), and use the Construct builtins to do the
actual work inside the construction chain (i.e. calling into
super and stuff).
BUG=
Review URL: https://codereview.chromium.org/1362573002
Cr-Commit-Position: refs/heads/master@{#30899}
port e56f265f6d (r30852).
original commit message:
Previously we only collected the known map for equality comparisons. But
if we also collect it for relational comparisons, we can inline a fast
path of ToPrimitive on the objects, which is especially interesting
since both sides have the same map.
For now we only inline a very limited subset of ToPrimitive in
Crankshaft, which is when the receiver map (and its prototype chain)
doesn't have @@toPrimitive, and both valueOf and toString are the
default versions on the %ObjectPrototype%. In this case the relational
comparison would reduce to a string comparison of "[object CLASS]" with
itself and so we can reduce that to a boolean constant plus map checks
on both left and right hand side, plus code dependencies on the
prototype chain. This repairs the regression on box2d.
BUG=
Review URL: https://codereview.chromium.org/1342243005
Cr-Commit-Position: refs/heads/master@{#30897}
port 8016547c8e (r30818).
original commit message:
The StringCompareStub used to take its parameters on the (JavaScript)
stack, which made it impossible to use in TurboFan. Actually
StringCompareStub was currently completely unused. This changes the
calling convention to something TurboFan compatible and introduces a
CallInterfaceDescriptor for StringCompareStub. It also changes
HStringCompareAndBranch to use the StringCompareStub instead of using
the full blown CompareICStub for a stupid string comparison.
BUG=
Review URL: https://codereview.chromium.org/1355983003
Cr-Commit-Position: refs/heads/master@{#30845}
port 593c655a3c (r30816).
original commit message:
This removes the weird COMPARE and COMPARE_STRONG JavaScript builtins
and replaces them with a proper C++ implementation in Object::Compare
and appropriate wrappers Object::LessThan, Object::GreaterThan, and
friends that are intended to be used by a true/false returning CompareIC
in the future, as well as the interpreter. As a short-term solution we
provide %Compare and %Compare_Strong entry points for the current
CompareIC that return the appropriate integer values expected by
fullcodegen currently.
Now the Abstract Relational Comparison is also using the correct
ToPrimitive implementation, which properly supports @@toPrimitive.
BUG=
Review URL: https://codereview.chromium.org/1353343002
Cr-Commit-Position: refs/heads/master@{#30844}
port b5588f48fd (r30767).
original commit message:
There isn't a plan to turn it on soon, so we'll take it out in favor of cleaner code.
BUG=
Review URL: https://codereview.chromium.org/1346043005
Cr-Commit-Position: refs/heads/master@{#30829}
port d5bbd45f04 (r30808).
oringial commit message:
Currently Execution::Call (and friends) still duplicate a lot of the
Call sequence logic that should be encapsulated in the Call and
CallFunction builtins. So the plan now is to switch Execution::Call
to accept any Callable and just pass that through to the Call builtin.
BUG=
Review URL: https://codereview.chromium.org/1350183005
Cr-Commit-Position: refs/heads/master@{#30828}
port a3d6f6cce3 (r30759).
original commit message:
Implement the String constructor completely as native builtin,
avoiding the need to do gymnastics in JavaScript builtin to
properly detect the no argument case (which is different from
the undefined argument case) and also allowing to just
tailcall through to ToString or SymbolDescriptiveString for
the common case. Also the JavaScript builtin was misleading
since the case for construct call was unused, but could be
triggered in a wrong way once we support tail calls from
constructor functions.
This refactoring allows us to properly implement subclassing
for String builtins, once we have the correct initial_map on
derived classes (it's merely a matter of using NewTarget
instead of the target register now).
This introduces a new %SymbolDescriptiveString runtime
entry, which is also used by Symbol.toString() now.
BUG=
Review URL: https://codereview.chromium.org/1349403002
Cr-Commit-Position: refs/heads/master@{#30826}
port 1e00bb57a2 (r30737).
original commit message:
(reason for revert/reland: patch incorrectly left --vector-stores flag
on, helpfully revealing some gcstress issues to look at, but they
don't need to block this CL).
Some pretty hacky code was used to carry out the tail-call
handler dispatch on ia32 vector stores due to a lack
of free registers. It really tanks performance. A better
approach is to use a virtual register on the isolate.
BUG=
Review URL: https://codereview.chromium.org/1344383002
Cr-Commit-Position: refs/heads/master@{#30781}
port 54bab695f5 (r30747).
original commit message:
Move the implementation of the Abstract Equality Comparison to the
runtime and thereby remove the EQUALS dispatcher builtin. Also remove
the various runtime entry points that were only used to support the
EQUALS builtin.
Now the Abstract Equality Comparison is also using the correct
ToPrimitive implementation, which properly supports @@toPrimitive.
BUG=
Review URL: https://codereview.chromium.org/1349623002
Cr-Commit-Position: refs/heads/master@{#30780}
port e7fb233946 (r30710).
original commit message:
Adds support for JS calls to the interpreter. In order to support
calls from the interpreter, the PushArgsAndCall builtin is added
which pushes a sequence of arguments onto the stack and calls
builtin::Call.
Adds the Call bytecode.
BUG=
Review URL: https://codereview.chromium.org/1334153004
Cr-Commit-Position: refs/heads/master@{#30745}
port eadfd66631 (r30706).
original commit message:
The String constructor was somewhat complex with a lot of micro
optimizations that are not relevant or even misguided. It would be
really hard to port that code to ES6, which requires String to be
subclassable. So as a first step we reduced the necessary complexity
to the bare minimum (also removing the last user of the fairly complex
MacroAssembler::LookupNumberStringCache method).
This also removes the counters for the String constructor, which
were not properly exposed anymore (and not kept in sync with inlined
versions of the String constructor anyway).
BUG=
Review URL: https://codereview.chromium.org/1336133003
Cr-Commit-Position: refs/heads/master@{#30744}
port 39604dda56 (r30693).
original commit message:
Just use a %ThrowStackOverflow runtime function instead, which
does the trick, especially since the Isolate already has a
preallocated StackOverflow error for that.
BUG=
Review URL: https://codereview.chromium.org/1344793002
Cr-Commit-Position: refs/heads/master@{#30741}
port 622fa0ea21 (r30691).
original commit message:
Currently we do this dance between the CallConstructStub, the
CALL_* builtins and the %GetConstructorDelegate, %GetProxyTrap,
and %Apply runtime functions for every [[Construct]] operation on
non-function callables. This is complexity is unnecessary, and can
be simplified to work without any JS builtin. This will also make it
a lot easier to implement ES6 compliant [[Construct]] for proxies.
Also sanitize the invariant for CallConstructStub, which up until now
always restored the context itself, but that force us to always create
another copy of all arguments in case of proxies and other callables,
so we can relax that constraint by making the caller restore the context
(this only affects fullcodegen, since the optimizing compilers already
properly restore the context anyway).
BUG=
Review URL: https://codereview.chromium.org/1341233002
Cr-Commit-Position: refs/heads/master@{#30740}
port ba7b641398 (r30649)
original commit message:
This CL makes do with a single dispatcher which inlines the special handling for the Array() call case, loading the allocation site found in the vector and c
BUG=
Review URL: https://codereview.chromium.org/1330993004
Cr-Commit-Position: refs/heads/master@{#30672}
There are now two runtime entries %NewClosure and %NewClosure_Tenured,
with the same signature (one parameter, the SharedFunctionInfo, and the
context of the caller).
Also remove the HFunctionLiteral special case instruction from Crankshaft,
as HCallWithDescriptor with FastNewClosureStub or HCallRuntime with
either %NewClosure or %NewClosure_Tenured can easily do that for you.
Also remove the redundant context parameter from the JSCreateClosure
operator, because every JS operator already takes a context input.
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_dbg
Review URL: https://codereview.chromium.org/1329293003
Cr-Commit-Position: refs/heads/master@{#30671}
port b37907ff7f (r30648).
original commit message:
The number of actual arguments should always be available, there's no
point in trying to optimize away a simple assignment of an immediate to
a register before some calls.
The main motivation is to have a consistent state at the beginning of every
function. Currently the arguments register (i.e. rax or eax) either contains
the number of arguments or some random garbage depending on whether
the callsite decided that the callee might need the information or not.
This causes trouble with runtime implementations of functions that
do not set internal_formal_parameter_count to the DontAdaptArguments
sentinel (we don't have any of those yet), but also makes it impossible
to sanity check the arguments in the callee, because the callee doesn't
know whether the caller decided to pass the number of arguments or
random garbage.
BUG=
Review URL: https://codereview.chromium.org/1335453002
Cr-Commit-Position: refs/heads/master@{#30669}
port ccbb4ff00f (r30629)
original commit message:
The new Call and CallFunction builtins supersede the current
CallFunctionStub (and CallIC magic) and will be the single bottleneck
for all calling, including the currently special Function.prototype.call
and Function.prototype.apply builtins, which had handwritten (and
not fully compliant) versions of CallFunctionStub, and also the
CallIC(s), which where also slightly different.
This also reduces the overhead for API function calls, which is still
unnecessary high, but let's do that step-by-step.
This also fixes a bunch of cases where the implicit ToObject for
sloppy receivers was done in the wrong context (in the caller
context instead of the callee context), which basically meant
that we allowed cross context access to %ObjectPrototype%.
BUG=
Review URL: https://codereview.chromium.org/1332703002
Cr-Commit-Position: refs/heads/master@{#30668}
port db2ba190db (r30634).
original commit message:
The semantics of the %_CallFunction intrinsic seem to be very unclear,
which resulted in a lot of bugs. Especially the combination with
%IsSloppyModeFunction is always a bug, because the receiver would be
wrapped in the wrong context. So the %IsSloppyModeFunction helper is
gone now, and many of the buggy uses of %_CallFunction are also
eliminated.
If you ever need to call something with a different receiver, then
%_Call is your friend now. It does what you want and implements the
call sequence fully (and correct).
Review URL: https://codereview.chromium.org/1336443002
Cr-Commit-Position: refs/heads/master@{#30667}
This CL is a fix for c0c3d866fb (r30606).
In r30606, initialization of FPU implementation is not moved to prologue
generation correctly.
BUG=
Review URL: https://codereview.chromium.org/1317643009
Cr-Commit-Position: refs/heads/master@{#30626}
port 40fbed0609 (r30581)
original commit message:
The last changes for vector store functionality, they are in 3 areas:
1) The new vector [keyed] store code stubs - implementation.
2) IC and handler compiler adjustments
3) Odds and ends. A change in ast.cc, a test update, a small Oracle fix.
BUG=
Review URL: https://codereview.chromium.org/1311413007
Cr-Commit-Position: refs/heads/master@{#30612}
port 8a378f46d5 (r30552)
original commit message:
This turns the has_instance_call_handler bit on Map into an is_callable
bit, that matches the spec definition of IsCallable (i.e. instances have
[[Call]] internal methods).
Also fix the typeof operator to properly say "function" for everything
that is callable.
Also remove the (unused) premature %_GetPrototype optimization from
Crankshaft, which just complicated the Map bit swap.
BUG=
Review URL: https://codereview.chromium.org/1310653004
Cr-Commit-Position: refs/heads/master@{#30609}
port 29ebcc3205 (r30496).
original commit message:
This CL introduces HPrologue instruction which does the context allocation work and supports deoptimization.
BUG=
Review URL: https://codereview.chromium.org/1308743005
Cr-Commit-Position: refs/heads/master@{#30606}
port fbad63669e (r30467)
original commit message:
The call protocol requires that the register dedicated to the number of
actual arguments (i.e. rax on x64) always contains the actual arguments.
That means after adapting arguments it should match the number of
expected arguments. But currently we pass some semi-random value
(usually some stack address) after adapting arguments.
It looks like this is currently not observable anywhere, because our
builtins and functions either don't look at the number of arguments and
just make hard coded (unchecked) assumptions, or are marked as "don't
adapt arguments", which bypasses the broken code in the trampoline for
arguments adaption. Nevertheless this should be fixed.
BUG=
Review URL: https://codereview.chromium.org/1304893010
Cr-Commit-Position: refs/heads/master@{#30605}
port 09de997b35 (r30442).
original commit message:
This adds a new ToString runtime function and a fast-path ToStringStub
(which is just a simple dispatcher for existing functionality), and also
implements %_ToName using the ToStringStub.
R=weiliang.lin@intel.com
BUG=
Review URL: https://codereview.chromium.org/1326473002
Cr-Commit-Position: refs/heads/master@{#30460}
port 5d975694e4 (r30403)
original commit message:
Adds support for parameters to the BytecodeArrayBuilder and BytecodeGenerator.
Parameters are accessed as negative interpreter registers.
R=weiliang.lin@intel.com
BUG=
Review URL: https://codereview.chromium.org/1324453003
Cr-Commit-Position: refs/heads/master@{#30440}
This is the first step towards a spec compliant ToPrimitive
implementation (and therefore spec compliant ToNumber, ToString,
ToName, and friends). It adds support for the @@toPrimitive
symbol that was introduced with ES2015, and also adds the new
Symbol.prototype[@@toPrimitive] and Date.prototype[@@toPrimitive]
initial properties.
There are now runtime functions for %ToPrimitive, %ToNumber and
%ToString, which do the right thing and should be used as fallbacks
instead of the hairy runtime.js implementations. I will do the
same for the other conversion operations mentioned by the spec in
follow up CLs. Once everything is in place we can look into
optimizing things further, so that we don't always call into the
runtime.
Also fixed Date.prototype.toJSON to be spec compliant.
R=mstarzinger@chromium.org, yangguo@chromium.org
BUG=v8:4307
LOG=y
Review URL: https://codereview.chromium.org/1306303003
Cr-Commit-Position: refs/heads/master@{#30434}
%_IsObject(foo) is equivalent to typeof foo === 'object' and has
exactly the same optimizations, so there's zero need for %_IsObject
in our code base.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1313903003
Cr-Commit-Position: refs/heads/master@{#30380}
port 5d875a57fa (r30342).
original commit message:
The previous hack with HInstanceOfKnownGlobal was not only slower,
but also very brittle and required a lot of weird hacks to support it. And
what's even more important it wasn't even correct (because a map check
on the lhs is never enough for instanceof).
The new implementation provides a sane runtime implementation
for InstanceOf plus a fast case in the InstanceOfStub, combined with
a proper specialization in the case of a known global in CrankShaft,
which does only the prototype chain walk (coupled with a code
dependency on the known global).
As a drive-by-fix: Also fix the incorrect Object.prototype.isPrototypeOf
implementation.
R=weiliang.lin@intel.com
BUG=
Review URL: https://codereview.chromium.org/1318663003
Cr-Commit-Position: refs/heads/master@{#30376}
For X87 platform, it has the same general register as ia32 and it will spill the
context to the stack too.
port bfdc22d7fc (r29325).
original commit message:
Passes the current context to bytecode interpreter handlers. This is held in the
context register on all architectures except for ia32 where there are too few
registers and it is instead spilled to the stack.
Also changes Load/StoreRegister to use kMachAnyTagged representation since they
should only ever hold tagged values.
BUG=
Review URL: https://codereview.chromium.org/1316583003
Cr-Commit-Position: refs/heads/master@{#30368}
port cbbaf9ea6a (r30224).
original commit message:
[turbofan] Unify referencing of stack slots
Previously, it was not possible to specify StackSlotOperands for all
slots in both the caller and callee stacks. Specifically, the region
of the callee's stack including the saved return address, frame
pointer, function pointer and context pointer could not be addressed
by the register allocator/gap resolver.
In preparation for better tail call support, which will use the gap
resolver to reconcile outgoing parameters, this change makes it
possible to address all slots on the stack, because slots in the
previously inaccessible dead zone may become parameter slots for
outgoing tail calls. All caller stack slots are accessible as they
were before, with slot -1 corresponding to the last stack
parameter. Stack slot indices >= 0 access the callee stack, with slot
0 corresponding to the callee's saved return address, 1 corresponding
to the saved frame pointer, 2 corresponding to the current function
context, 3 corresponding to the frame marker/JSFunction, and slots 4
and above corresponding to spill slots.
The following changes were specifically needed:
* Frame has been changed to explicitly manage three areas of the
callee frame, the fixed header, the spill slot area, and the
callee-saved register area.
* Conversions from stack slot indices to fp offsets all now go through
a common bottleneck: OptimizedFrame::StackSlotOffsetRelativeToFp
* The generation of deoptimization translation tables has been changed
to support the new stack slot indexing scheme. Crankshaft, which
doesn't support the new slot numbering in its register allocator,
must adapt the indexes when creating translation tables.
* Callee-saved parameters are now kept below spill slots, not above,
to support saving only the optimal set of used registers, which is
only known after register allocation is finished and spill slots
have been allocated.
BUG=
Review URL: https://codereview.chromium.org/1293103003
Cr-Commit-Position: refs/heads/master@{#30292}
port 00df60d1c6 (r30219).
original commit message:
Makes the following modifications to the interpreter builtins and
InterpreterAssembler:
- Adds an accumulator register and initializes it to undefined()
- Adds a register file pointer register and use it instead of FramePointer to
access registers
- Modifies builtin to support functions with 0 regiters in the register file
- Modifies builtin to Call rather than TailCall to first bytecode handler.
BUG=
Review URL: https://codereview.chromium.org/1304593002
Cr-Commit-Position: refs/heads/master@{#30289}
port f4c079d450 (r30107).
This is the appendix of 458dfe3b943edb3238917edfe9e2dde326cd1adb which misses
one modified file.
original commit message:
There's no need to have one InstanceType per SIMD primitive type (this
will not scale long-term). Also reduce the amount of code duplication
and make it more robust wrt adding new SIMD types.
BUG=
Review URL: https://codereview.chromium.org/1304963003
Cr-Commit-Position: refs/heads/master@{#30288}
port f4c079d450 (r30107).
original commit message:
There's no need to have one InstanceType per SIMD primitive type (this
will not scale long-term). Also reduce the amount of code duplication
and make it more robust wrt adding new SIMD types.
BUG=
Review URL: https://codereview.chromium.org/1286313003
Cr-Commit-Position: refs/heads/master@{#30241}
Add Object::StrictEquals to unify the implementation of strict equality
comparison in the runtime and the api (the api was already missing a
case for SIMD). Now we (almost) have a single bottleneck for strict
equality, we just need to reduce the amount of unnecessary complexity
for the code stub.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1298603002
Cr-Commit-Position: refs/heads/master@{#30186}
The operations were available on ARM64 and x86-32 but were unused.
It has been conjectured that nontemporals can be used for rowhammer-like bitflips more easily than regular load/store operations. It is therefore desirable to avoid generating these instructions in the future.
R= titzer, jochen, jln, Mark Seaborn, ruiq
Review URL: https://codereview.chromium.org/1276113002
Cr-Commit-Position: refs/heads/master@{#30139}
This tries to remove includes of "-inl.h" headers from normal ".h"
headers, thereby reducing the chance of any cyclic dependencies and
decreasing the average size of our compilation units.
Note that this change still leaves 7 violations of that rule in the
code. However there now is the "tools/check-inline-includes.sh" tool
detecting such violations.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1283033003
Cr-Commit-Position: refs/heads/master@{#30125}
This way we can greatly simplify the different variants of ToObject in
our codebase and make them more uniform and robust. Adding a new
primitive doesn't require finding and changing all those places again,
but it is sufficient to setup the constructor function index when
allocating the map.
We use the inobject properties field of Map, which is invalid primitive
maps anyway.
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/1276533003
Cr-Commit-Position: refs/heads/master@{#30119}
This is the first step of turning the v8.h file into a normal header
instead of an include-the-world header. The new rule is that no other
header files are allowed to include v8.h, which is enforced by DEPS.
Also the number of includes inside the v8.h file has been drastically
reduced. Basically the last missing piece is the inclusion of the big
objects-inl.h file.
This in turn makes many headers follow the IWYU principle.
R=bmeurer@chromium.org,hpayer@chromium.org,titzer@chromium.org
Review URL: https://codereview.chromium.org/1282503003
Cr-Commit-Position: refs/heads/master@{#30102}
port 1a5751f9b3 (r29956)
original commit message:
Since we need the notion of a dummy vector ic, we can use that to avoid
a special case of the IC constructor. Also, consolidate the two dummy
ICs into one.
BUG=
Review URL: https://codereview.chromium.org/1265113002
Cr-Commit-Position: refs/heads/master@{#29963}
This is the initial (big) step towards a more uniform implementation of
the ToObject abstract operation (ES6 7.1.13), where we have a fallback
implementation in JSReceiver::ToObject() and a fast (hydrogen) CodeStub
to deal with the fast case (we should be able to do more cleanup on this
in a followup CL). For natives we expose the abstract operation via a
%_ToObject intrinsic, also exposed via a macro TO_OBJECT, that unifies
the previous confusion with TO_OBJECT_INLINE, ToObject, TO_OBJECT,
$toObject and %$toObject. Now the whole implementation of the abstract
operation is context independent, meaning we don't need any magic in the
builtins object nor the native context.
R=mvstanton@chromium.org,yangguo@chromium.org
Review URL: https://codereview.chromium.org/1266013006
Cr-Commit-Position: refs/heads/master@{#29953}
port c5dd553cf3 (r29929).
original commit message:
Adds interpreter entry and exit trampoline builtins. Also implements the
Return bytecode handler and fixes a few bugs in InterpreterAssembler
highlighted by running on other architectures.
BUG=
Review URL: https://codereview.chromium.org/1271433002
Cr-Commit-Position: refs/heads/master@{#29943}
All runtime function get a context anyway, which is the same as the
explicit one in case of DeclareGlobals and DeclareLookupSlot. So
we can remove the additional parameter there.
As an additional bonus, improve the runtime interface to DeclareLookupSlot.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1261863002
Cr-Commit-Position: refs/heads/master@{#29923}
port 5dff4bdff0 (r29886).
original commit message:
No need to pass the name explicitly to the stubs; the runtime can
extract the name from the ScopeInfo (the extension of the
ScriptContext) on-demand easily without any performance impact.
BUG=
Review URL: https://codereview.chromium.org/1259063004
Cr-Commit-Position: refs/heads/master@{#29892}
port cac64b9f63 (r29881)
original commit message:
We don't need the hole check and slow runtime mode for read-only
properties this way.
BUG=
Review URL: https://codereview.chromium.org/1263473002
Cr-Commit-Position: refs/heads/master@{#29891}
In CL 0fe2fbd173 the implementation of
MathPow for all ports are unified and MathPow stub code is invoked.
So we move the direct runtime function call from full-codegen to MathPow
stub for X87 platform.
BUG=
Review URL: https://codereview.chromium.org/1258873002
Cr-Commit-Position: refs/heads/master@{#29865}
port d6ee366d5c (r29834).
original commit message:
This is the initial round of optimizations for the
LoadGlobalViaContextStub and StoreGlobalViaContextStub, basically
turning them into platform code stubs to avoid the Crankshaft overhead
in the fast case, and making the runtime interface cheaper.
BUG=
Review URL: https://codereview.chromium.org/1258513003
Cr-Commit-Position: refs/heads/master@{#29839}
port bc8041dc2b (r29811).
original commit message:
Previous to this CL, ICs used a slightly different code idiom
to get to C++ code from generated code than runtime intrinsics,
using an IC_Utility class that in essence provided exactly
the same functionality as Runtime::FunctionForId, but in its
own quirky way.
This CL unifies the two mechanisms, folding IC_Utility
away by making all IC entry points in C++ code, e.g. IC
miss handlers, full-fledged runtime intrinsics. This makes
it possible to eliminate a bunch of ad-hoc declarations and
adapters that the IC system had to needlessly re-invent.
As a bonus and the original reason for this yak-shave:
IC-related C++ runtime functions are now callable from
TurboFan.
BUG=
Review URL: https://codereview.chromium.org/1252903002
Cr-Commit-Position: refs/heads/master@{#29837}
port 3334b830a5 (r20813).
original commit message:
HydrogenCodeStubs consume stack arguments via descriptor.
All of this is controlled by the CallDescriptor. It's simply the case
that if you specify less registers than the function arity calls for,
the rest are assumed to be on the stack.
Bailout handlers accept these constant stack arguments too.
BUG=
Review URL: https://codereview.chromium.org/1258553002
Cr-Commit-Position: refs/heads/master@{#29836}
port 1f295980b7 (r29787).
original commit message:
This fixes a recent regression where the register holding the original
receiver was pushed onto the stack before the internal frame within the
CallStubInRecordCallTarget helper was created. That in turn confused
the stack walker when allocations in these stubs failed.
BUG=
Review URL: https://codereview.chromium.org/1247493004
Cr-Commit-Position: refs/heads/master@{#29828}
Previous to this CL, ICs used a slightly different code idiom
to get to C++ code from generated code than runtime intrinsics,
using an IC_Utility class that in essence provided exactly
the same functionality as Runtime::FunctionForId, but in its
own quirky way.
This CL unifies the two mechanisms, folding IC_Utility
away by making all IC entry points in C++ code, e.g. IC
miss handlers, full-fledged runtime intrinsics. This makes
it possible to eliminate a bunch of ad-hoc declarations and
adapters that the IC system had to needlessly re-invent.
As a bonus and the original reason for this yak-shave:
IC-related C++ runtime functions are now callable from
TurboFan.
Review URL: https://codereview.chromium.org/1248303002
Cr-Commit-Position: refs/heads/master@{#29811}
The layout of fixed typed array base is then capable of handling
external typed arrays as well. In a follow-up CL, I'll delete external
typed arrays, and use fixed typed array base instead
BUG=v8:3996
R=jarin@chromium.org,mstarzinger@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1248483007
Cr-Commit-Position: refs/heads/master@{#29786}
port 35c28ce0a7 (r29758).
original commit message:
Prior to this patch, we enter a global debug mode whenever a break point
is set. By entering this mode, all code is deoptimized and activated
frames are recompiled and redirected to newly compiled debug code.
After this patch, we only deoptimize/redirect for functions we want to
debug. Trigger for this is Debug::EnsureDebugInfo, and having DebugInfo
object attached to the SFI prevents optimization/inlining.
The result is that we can have optimized code for functions without break
points alongside functions that do have break points, which are not
optimized.
BUG=
Review URL: https://codereview.chromium.org/1249503002
Cr-Commit-Position: refs/heads/master@{#29765}
This will be used to compute the base pointer of the new unified
representation for both on-heap and external typed arrays. The idea is
that either the external or the tagged pointer is 0 (although in
practice, if the tagged pointer is non-0, the external pointer will
contain the offset from the start of the on-heap typed array to the data
in the on-heap typed array).
The HAdd is marked as depending on new-space promotion, as the tagged
pointer might move during GC, and so the result of the addition needs to
be recomputed.
BUG=v8:3996
R=jarin@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1244693002
Cr-Commit-Position: refs/heads/master@{#29760}
This adds the implicit function variable for a function literal to the
declarations list in scope analysis, instead of specially handling it
throughout all back-ends.
R=rossberg@chromium.org
Review URL: https://codereview.chromium.org/1245603003
Cr-Commit-Position: refs/heads/master@{#29754}
port 3285e3bf07 (r29719).
original commit message:
Additionally, push the allocation site or undefined independently of creatin
BUG=
Review URL: https://codereview.chromium.org/1229023003
Cr-Commit-Position: refs/heads/master@{#29723}
This CL exposes the constructor function, defines type related
information, and implements value type semantics.
It also refactors test/mjsunit/samevalue.js to test SameValue and SameValueZero.
TEST=test/mjsunit/harmony/simd.js, test/cctest/test-simd.cc
LOG=Y
BUG=v8:4124
Committed: https://crrev.com/e5ed3bee99807c502fa7d7a367ec401e16d3f773
Cr-Commit-Position: refs/heads/master@{#29689}
Review URL: https://codereview.chromium.org/1219943002
Cr-Commit-Position: refs/heads/master@{#29712}
This makes the implicit initializing assignment to 'this' performed
after a super constructor call explicit in the AST. It removes the
need to handle the special case where a CallExpression behaves like a
AssignmentExpression from various AstVisitor implementations.
R=rossberg@chromium.org
Review URL: https://codereview.chromium.org/1226123010
Cr-Commit-Position: refs/heads/master@{#29705}
original commit message:
This changes the calling convention of the CallConstructStub to take
the original constructor (i.e. new.target in JS-speak) in a register
instead of magically via the operand stack. For optimizing compilers
the operand stack doesn't exist, hence cannot be peeked into.
BUG=
Review URL: https://codereview.chromium.org/1235273003
Cr-Commit-Position: refs/heads/master@{#29695}
port fc9c5275c3 (r29672).
original commit message:
Debugger: use debug break slots to break at function exit.
By not having to patch the return sequence (we patch the debug
break slot right before it), we don't overwrite it and therefore
don't have to keep the original copy of the code around.
BUG=
Review URL: https://codereview.chromium.org/1236023007
Cr-Commit-Position: refs/heads/master@{#29694}
This CL exposes the constructor function, defines type related
information, and implements value type semantics.
It also refactors test/mjsunit/samevalue.js to test SameValue and SameValueZero.
TEST=test/mjsunit/harmony/simd.js, test/cctest/test-simd.cc
LOG=Y
BUG=v8:4124
Review URL: https://codereview.chromium.org/1219943002
Cr-Commit-Position: refs/heads/master@{#29689}
port 0a19e44925 (r29568)
original commit message:
If we do it too early, we might get a constant pool between the reloc info
and the actual slot.
Review URL: https://codereview.chromium.org/1228923003
Cr-Commit-Position: refs/heads/master@{#29642}
The new implemtation counts the number of calls (or continuations)
before the PC to find the corresponding PC in the new code.
R=mstarzinger@chromium.org
BUG=chromium:507070
LOG=N
Review URL: https://codereview.chromium.org/1235603002
Cr-Commit-Position: refs/heads/master@{#29636}
port 8965b683ce (r29561)
original commit message:
Break point at calls are currently set via IC. To change this, we
need to set debug break slots instead. We also need to distinguish
those debug break slots as calls to support step-in.
To implement this, we add a data field to debug break reloc info to
indicate non-call debug breaks or in case of call debug breaks, the
number of arguments. We can later use this to find the callee on the
evaluation stack in Debug::PrepareStep.
BUG=
Review URL: https://codereview.chromium.org/1233823002
Cr-Commit-Position: refs/heads/master@{#29630}
port 737b8573f8 (r29539)
original commit message:
- Add a TurboFanIC class, derived from TurboFanCodeStub, that
automatically distinguishes between versions of the IC called from
optimized and unoptimized code.
- Add appropriate InterfaceDescriptors for both the versions of the
stub called from unoptimized and optimized code
- Change the MathFloor TF stub generator to output either the
for-optimized or for-unoptimized version based on the minor_key
parameter.
BUG=
Review URL: https://codereview.chromium.org/1235823002
Cr-Commit-Position: refs/heads/master@{#29628}
- split relocation info for debug break slots for
- calls (with call arguments count as data)
- construct calls
- normal slots
- renamed DEBUG_BREAK into DEBUGGER_STATEMENT
- removed unused IC state for Debug stubs
R=ulan@chromium.org
BUG=v8:4269
LOG=N
Review URL: https://codereview.chromium.org/1232803002
Cr-Commit-Position: refs/heads/master@{#29603}
This CL also adds hydrogen stubs for global loads and global stores, full-codegen and TurboFan now uses this machinery.
Review URL: https://codereview.chromium.org/1224793002
Cr-Commit-Position: refs/heads/master@{#29592}
Note that there are currently no objects that require a pre-allocated
properties backing store, all such slots are in-object properties from
the begining. Hence {unused + pre_allocated - inobject == 0} holds.
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/1226203011
Cr-Commit-Position: refs/heads/master@{#29590}
This unifies the existing frame constants that are the same accross all
architectures. It also adds a new kOriginalConstructorOffset constant
for construct frames and uses is in full-codegen.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1220223005
Cr-Commit-Position: refs/heads/master@{#29509}
port 7015fd2053 (r29402)
original commit message:
Up until now the context register was listed explicitly in each stub's
CallInterfaceDescriptor. This was problematic, because it was listed
first in the list of register parameters--which is fine for Crankshaft,
which is more or less built to handle the context as the first
parameter-- but not ideal for TurboFan, which adds the context at
the end of all function parameters. Now the context register is no
longer in the register list and can be handled appropriately by both
compilers. Specifically, this allows the FunctionType specified for
each CallInterfaceDescriptor to exactly match the parameter register
list.
BUG=
Review URL: https://codereview.chromium.org/1216543004
Cr-Commit-Position: refs/heads/master@{#29433}
port 7a63bf77eb (r29358).
original commit message:
This makes new.target work in [[Call]] and [[Construct]] of ordinary
functions.
We achieve this by introducing a new construct stub for functions that
uses the new.target variable. The construct stub pushes the original
constructor just above the receiver in the construct frame.
BUG=
Review URL: https://codereview.chromium.org/1217083004
Cr-Commit-Position: refs/heads/master@{#29413}
port 876ae42598 (r29292).
original commit message:
The stack layout was different for different ports.
BUG=
Review URL: https://codereview.chromium.org/1219823002
Cr-Commit-Position: refs/heads/master@{#29412}
port c1a4f7477f (r29281).
original commit message:
The idea is that TurboFan can use this information for more intelligent
inlining.
BUG=
Review URL: https://codereview.chromium.org/1213723005
Cr-Commit-Position: refs/heads/master@{#29409}
port c019d7f498 (r29248).
original commit message:
Use big-boy Types to annotate interface descriptor parameters
- Thread Type::FunctionType through stubs and the TF pipeline.
- Augment Typer to decorate parameter nodes with types from
a Type::FunctionType associated with interface descriptors.
- Factor interface descriptors into platform-specific and
platform-independent components so that all descriptors share
a common Type::FunctionType for all platforms.
BUG=
Review URL: https://codereview.chromium.org/1210463002
Cr-Commit-Position: refs/heads/master@{#29406}
port 8196c28a94 (r29238).
original commit message:
JSConstructStub for subclass constructors instead locates new.target in
a known location on the stack.
BUG=
Review URL: https://codereview.chromium.org/1207613003
Cr-Commit-Position: refs/heads/master@{#29398}
port 882055ff6a (r29082).
The original CL covers part of X87 port. This CL addes the missing changes.
original commit message:
- fix truthfulness of comments
- use InitializeFieldsWithFiller more consistently
- use unsigned comparisons for pointers
No change in functionality intended.
Bonus: improve JavaScriptFrame::Print() for an enhanced debugging experience:
BUG=
Review URL: https://codereview.chromium.org/1210153007
Cr-Commit-Position: refs/heads/master@{#29397}
Revert "Revert relanded strong property access CL"
Regression issues should be solved. Initial patchset is the original, subsequent patchsets are the fixing modifications.
This reverts commit 4ac7be5656.
BUG=v8:3956
LOG=N
Review URL: https://codereview.chromium.org/1199983002
Cr-Commit-Position: refs/heads/master@{#29384}
Also fixes a crankshaft bug with strong implicit conversions.
It turns out that the implicit conversion of oddball values
is smushed into so many places in crankshaft that it would
have been pretty invasive surgery to make everything fall
out naturally.
BUG=v8:3956
LOG=N
Review URL: https://codereview.chromium.org/1216463003
Cr-Commit-Position: refs/heads/master@{#29381}
Speculative revert in the hopes of fixing serializer crashes seen in canary.
This reverts commit c166945083, as well as
followup change "Do not look for existing shared function info when compiling a new script."
(commit 7c43967bb7).
BUG=chromium:503552,v8:4132
TBR=yangguo@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1207583002
Cr-Commit-Position: refs/heads/master@{#29241}
port 2a3b057587 (r29175).
original commit message:
Built-in apply() performance benefits from an uninitialized IC.
BUG=
Review URL: https://codereview.chromium.org/1199913007
Cr-Commit-Position: refs/heads/master@{#29213}
port 17c8ffeaa3 (r29173)
original commit message:
Vector ICs: Turbofan vector store ic support
Turbofan needs to pass vector slots around for named and keyed stores.
Also, the CL addresses a missing slot for ClassLiterals.
BUG=
Review URL: https://codereview.chromium.org/1195793007
Cr-Commit-Position: refs/heads/master@{#29212}
Reason:
Regressions in various benchmarks.
Revert "Revert of Revert of [strong] Implement strong mode restrictions on property access (patchset #1 id:1 of https://codereview.chromium.org/1189153002/)"
This reverts commit 41405c0470.
Revert "X87: Revert of Revert of [strong] Implement strong mode restrictions on property access."
This reverts commit 48de5f4d6b.
Revert "Fix overlapping KeyedLoadIC bitfield."
This reverts commit 4e6c956abf.
Revert "MIPS64: Fix 'Revert of Revert of [strong] Implement strong mode restrictions on property access'."
This reverts commit 74f97b0d2a.
BUG=
Review URL: https://codereview.chromium.org/1199493002
Cr-Commit-Position: refs/heads/master@{#29166}
Each Script object now keeps a WeakFixedArray of SharedFunctionInfo
objects created from this script.
This way, when compiling a function, we do not create duplicate shared
function info objects when recompiling with either compiler.
This fixes a class of issues in the debugger, where we set break points
on one shared function info, but functions from duplicate shared function
infos are not affected.
LOG=N
BUG=v8:4132
Review URL: https://codereview.chromium.org/1183733006
Cr-Commit-Position: refs/heads/master@{#29151}
Implements the strong mode proposal's restrictions on property access.
To be fully explored in a followup: proxies, interceptors, access checks, load from super
BUG=v8:3956
LOG=N
Review URL: https://codereview.chromium.org/1168093002
Cr-Commit-Position: refs/heads/master@{#29109}
- fix truthfulness of comments
- use InitializeFieldsWithFiller more consistently
- use unsigned comparisons for pointers
No change in functionality intended.
Bonus: improve JavaScriptFrame::Print() for an enhanced debugging experience:
- print PC of each frame
- print the function's source also for optimized frames
Review URL: https://codereview.chromium.org/1186823003
Cr-Commit-Position: refs/heads/master@{#29082}
This patch includes the following changes.
1, Enable the turbofan backend support for X87 platform. It depends on previous CL: 3fdfebd26.
2, Enable the test cases which are disabled because turbofan for X87 was not enabled.
BUG=v8:4135
LOG=N
Review URL: https://codereview.chromium.org/1179763004
Cr-Commit-Position: refs/heads/master@{#29049}
This patch implements %_IsTypedArray in fullcodegen, Hydrogen and
Turbofan in order to implement fast type checks to enable ES6
TypedArray features and semantics efficiently.
R=adamk,titzer
LOG=Y
BUG=v8:4085
Review URL: https://codereview.chromium.org/1183213002
Cr-Commit-Position: refs/heads/master@{#29033}
port dd85444951 (r28839)
original commit message:
Boolean "is_strong" parameters have begun to proliferate across areas where
strong mode semantics are different. This CL repurposes the existing
ObjectStrength enum as a replacement for them.
BUG=
R=weiliang.lin@intel.com
Review URL: https://codereview.chromium.org/1173973002
Cr-Commit-Position: refs/heads/master@{#28952}
port 345fa142a9 (r28802).
port of r28769 overwrite some of r28802 so we port them again.
original commit message:
Before this we had 3 super related lexical bindings that got injected
into method bodies: .home_object, .this_function, and new.target.
With this change we get rid of the .home_object one in favor of using
.this_function[home_object_symbol] which allows some simplifications
throughout the code base.
BUG=
R=weiliang.lin@intel.com
Review URL: https://codereview.chromium.org/1173933005
Cr-Commit-Position: refs/heads/master@{#28949}
port e4782a9b46 (r28782)
original commit message:
Previously the %_DateField intrinsic would also check the object and
throw an exception if you happen to pass something that is not a valid
JSDate, which (a) violates our policy for instrinsics and (b) is hard to
optimize in TurboFan (even Crankshaft has a hard time, but there we will
never inline the relevant builtins, so it doesn't show up). The throwing
part is now a separate intrinsics %_ThrowIfNotADate that throws an
exception in full codegen and deoptimizes in Crankshaft, which means the
code for the current use cases is roughly the same (modulo some register
renamings/gap moves).
BUG=
R=weiliang.lin@intel.com
Review URL: https://codereview.chromium.org/1174913002
Cr-Commit-Position: refs/heads/master@{#28948}
port 4b8051a02a (r28769)
original commit message:
This splits the SuperReference AST node into SuperPropertyReference and
SuperCallReference. The super call reference node consists of three
unresolved vars to this, new.target and this_function. These gets
declared when the right function is entered and if it is in use. The
variables gets assigned in FullCodeGenerator::Generate.
This is a revert of the revert 88b1c9170a
BUG=
Review URL: https://codereview.chromium.org/1163983002
Cr-Commit-Position: refs/heads/master@{#28900}
port 450002f3a1 (r28749)
original commit message:
It's necessary to do this in order to know how many type feedback vector slots
we should allocate for the object literal.
BUG=
Review URL: https://codereview.chromium.org/1168563003
Cr-Commit-Position: refs/heads/master@{#28898}
- Introduce Assembler::DataAlign for table alignment in code object
- Fix several misuses of r8 (alias of the pool pointer register, pp)
- Fix calculation of pp in OSR/handler entry invocation
- Enable missing cases in deserializer
- Fix references to ool constant pools in comments.
R=rmcilroy@chromium.org, michael_dawson@ca.ibm.com
BUG=chromium:497180
LOG=N
Review URL: https://codereview.chromium.org/1155673005
Cr-Commit-Position: refs/heads/master@{#28873}
These values were computed by the parser and hence out of sync with any
visitor over the AST. Our AST visitor aborts visitation of statement
lists as soon as a jump statement has been reached. Now handler tables
are guaranteed to be dense and fully populated.
R=ishell@chromium.org
TEST=mjsunit/regress/regress-crbug-493290
BUG=chromium:493290
LOG=N
Review URL: https://codereview.chromium.org/1157213004
Cr-Commit-Position: refs/heads/master@{#28846}
Boolean "is_strong" parameters have begun to proliferate across areas where
strong mode semantics are different. This CL repurposes the existing
ObjectStrength enum as a replacement for them.
BUG=v8:3956
LOG=N
Review URL: https://codereview.chromium.org/1144183004
Cr-Commit-Position: refs/heads/master@{#28839}
This unifies methods Deoptimizer::DoTranslateCommand, Deotpimizer::DoTranslateObject and the arguments object materializer.
To unify these, we have to separate reading of the input frame from writing to the output frame because the argument materializer does not write to output frames.
Instead, we now deoptimize in following stages:
1. Read out the input frame/registers, decode them using the translations from the deoptimizer and store them in the deoptimizer (Deoptimizer::translated_state_). This is done in TranslatedState::Init.
2. Write out into the output frame buffer all the values that do not require allocation. We also remember references to the values that require materialization. As before, this is done in Deoptimizer::DoCompute*Frame method, but instead calling to DoTranslateCommand, we use the translated frame to obtain the values and write them to the output frames.
3. The platform specific code then sets up the output frames and calls into the deoptimization notification. This has not been changed at all.
4. Once the stack is setup, we handlify all the references in the saved translated values (TranslatedState::Prepare).
5. Finally, we materialize all the values we remembered in step (1) and write them to their frames on the stack (using the TranslatedValue::GetValue method).
BUG=
Review URL: https://codereview.chromium.org/1136223004
Cr-Commit-Position: refs/heads/master@{#28826}
Before this we had 3 super related lexical bindings that got injected
into method bodies: .home_object, .this_function, and new.target.
With this change we get rid of the .home_object one in favor of using
.this_function[home_object_symbol] which allows some simplifications
throughout the code base.
BUG=v8:3768
LOG=N
R=adamk@chromium.org, wingo@igalia.com
Review URL: https://codereview.chromium.org/1154103005
Cr-Commit-Position: refs/heads/master@{#28802}
Embed constant pools within their corresponding Code
objects.
This removes support for out-of-line constant pools in favor
of the new approach -- the main advantage being that it
eliminates the need to allocate and manage separate constant
pool array objects.
Currently supported on PPC and ARM. Enabled by default on
PPC only.
This yields a 6% improvment in Octane on PPC64.
R=bmeurer@chromium.org, rmcilroy@chromium.org, michael_dawson@ca.ibm.com
BUG=chromium:478811
LOG=Y
Review URL: https://codereview.chromium.org/1162993006
Cr-Commit-Position: refs/heads/master@{#28801}
This fixes a corner-case where arrow functions that require a context
allocate none, because there are no additional slots allocated. Note
that this didn't happen with true function scopes because they always
had at least the receiver slot.
The outcome was a context chain that no longer was in sync with the
scope chain, hence context slot loads were bogus. This is observable
using the DYNAMIC_LOCAL optimization in all compilers.
R=rossberg@chromium.org,wingo@igalia.com
TEST=mjsunit/harmony/regress/regress-4160
BUG=v8:4160
LOG=N
Review URL: https://codereview.chromium.org/1146063006
Cr-Commit-Position: refs/heads/master@{#28788}
port e2e47f30be (r28711)
original commit message:
[turbofan] First step towards sanitizing for-in and making it optimizable.
In a nutshell: The FILTER_KEY builtin is gone, and was replaced by a
simple runtime call to ForInFilter, which does everything and is even
cheaper (because FILTER_KEY used to call into the runtime anyway).
And ForInFilter returns either the name or undefined, which makes it
possible to remove the control flow construction from the AstGraphBuilder,
and thereby make both the initialization and the per-loop code of for-in
optimizable later (in typed lowering).
BUG=
Review URL: https://codereview.chromium.org/1144143005
Cr-Commit-Position: refs/heads/master@{#28748}
When compiling on a laptop I like to concatenate the small test files.
This makes a big difference to compile times. These changes make that
easier.
R=ulan@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1163803002
Cr-Commit-Position: refs/heads/master@{#28742}
port 388e791df9 (r28672).
original commit message:
The list of inlined functions is used in exactly two places - for live
edit and to prevent code flushing for inlined functions - and those are
fine with SharedFunctionInfo and don't require a closure.
This is one additional step towards inlining based on SharedFunctionInfo
instead of JSFunction.
BUG=
Review URL: https://codereview.chromium.org/1143003003
Cr-Commit-Position: refs/heads/master@{#28719}
port 5450fc07ba (r18659)
original commit message:
Also adapt code generation to pass the slot to the
store/keyed-store ic. AST nodes ObjectLiteral, Assignment,
ForEach, Call and CountOperation now include one or more
feedback vector ic slot ids.
BUG=
Review URL: https://codereview.chromium.org/1155383003
Cr-Commit-Position: refs/heads/master@{#28718}
port 44e9810345 (r28644)
original commit message:
When we enter a method that needs access to the [[HomeObject]]
we allocate a local variable `.home_object` and assign it the
value from the [[HomeObject]] private symbol. Something along
the lines of:
method() {
var .home_object = %ThisFunction()[home_object_symbol];
...
}
BUG=
Review URL: https://codereview.chromium.org/1158543004
Cr-Commit-Position: refs/heads/master@{#28717}
port eca5b5d7ab (r28622).
original commit message:
* Hash code is now just done with a private own symbol instead of the hidden string, which predates symbols.
* In the long run we should do all hidden properties this way and get rid of the
hidden magic 0-length string with the zero hash code. The advantages include
less complexity and being able to do things from JS in a natural way.
* Initially, the performance of weak set regressed, because it's a little harder
to do the lookup in C++. Instead of heroics in C++ to make things faster I
moved some functionality into JS and got the performance back. JS is supposed to be good at looking up named properties on objects.
* This also changes hash codes of Smis so that they are always Smis.
Performance figures are in the comments to the code review. Summary: Most of js-perf-test/Collections is neutral. Set and Map with object keys are 40-50% better. WeakMap is -5% and WeakSet is +9%.
In the code review comments is a patch with an example of the heroics we could do in C++ to make lookup faster (I hope we don't have to do this. Instead of checking for the property, then doing a new
In a similar vein we could give the magic zero hash code to the hash code
symbol. Then when we look up the hash code we would sometimes see the table
with all the hidden properties. This dual use of the field for either the hash
code or the table with all hidden properties and the hash code is rather ugly,
and this CL gets rid of it. I'd be loath to bring it back. On the benchmarks quoted above it's slightly slower than moving the hash code lookup to JS like in this CL.
One worry is that the benchmark results above are more monomorphic than real
world code, so may be overstating the performance benefits of moving to JS. I
think this is part of a general issue we have with handling polymorphic code in
JS and any solutions there will benefit this solution, which boils down to
regular property access. Any improvement there will lift all boats.
BUG=
Review URL: https://codereview.chromium.org/1153963010
Cr-Commit-Position: refs/heads/master@{#28716}
port 32de677805 (r29615)
original commit message:
The reason is that this information will be needed to compute the number of
vector ic slots done at numbering time.
BUG=
Review URL: https://codereview.chromium.org/1165693002
Cr-Commit-Position: refs/heads/master@{#28715}
port 9502e91adb (r28534)
original commit message:
This allows you to put iterables into your array literals
and the will get spread into the array.
let x = [0, ...range(1, 3)]; // [0, 1, 2]
This is done by treating the array literal up to the first
spread element as usual, including using a boiler plate
array, and then appending the remaining expressions and rest
expressions.
BUG=
Review URL: https://codereview.chromium.org/1152173002
Cr-Commit-Position: refs/heads/master@{#28606}
port a86384f192 (r28597).
original commit message:
Also introduce new interface descriptors for the trampoline and full
versions of those stubs.
Currently, the stubs aren't functional.
BUG=
Review URL: https://codereview.chromium.org/1148963003
Cr-Commit-Position: refs/heads/master@{#28605}
port 09aaf003a9 (r28516).
original commit message:
Also removed ornamentation like "VectorRaw" from stub names.
BUG=
Review URL: https://codereview.chromium.org/1152473003
Cr-Commit-Position: refs/heads/master@{#28532}
port 78f0452d31 (r28491)
original commit message:
Also check whether the arguments count is smaller than the number of
required parameters which is the same as the SharedFunctionInfo length.
BUG=
Review URL: https://codereview.chromium.org/1146103003
Cr-Commit-Position: refs/heads/master@{#28531}
port bd56d279b6 (R28340).
original commit message:
Make the parser handle references to "this" as unresolved variables, so the
same logic as for the rest of function parameters is used for the receiver.
Minor additions to the code generation handle copying the receiver to the
context, along with the rest of the function parameters.
Based on work by Adrian Perez de Castro <aperez@igalia.com>.
BUG=
Review URL: https://codereview.chromium.org/1136953010
Cr-Commit-Position: refs/heads/master@{#28390}
port 3bce9c3afb (r28359).
original commit message:
HMaybeGrowElements moves the situation where you actually have to grow
into deferred code. This means crankshaft doesn't have to spill registers
just to make the bounds comparison to see if it'll need to grow or not.
It makes the growing case a bit more expensive, but reduces the cost of
the general case.
BUG=
Review URL: https://codereview.chromium.org/1124093008
Cr-Commit-Position: refs/heads/master@{#28388}
port 3226e98020 (28346).
original commit message:
[strong] Check arity of functions
In strong mode it is an error to call a function with too few
arguments.
This is enforced inside the ArgumentsAdaptorTrampoline.
This does not yet handle rest parameter
BUG=
Review URL: https://codereview.chromium.org/1139913007
Cr-Commit-Position: refs/heads/master@{#28387}
port abc35080b3 (r28339)
original commit message:
This stub will be used as the basis of a Math.floor-specific CallIC to
detect and track calls to floor that return -0.
Along the way:
- Create a TurboFanCodeStub super class from which the StringLength and
MathRound TF stubs derive.
- Fix the ugly hack that passes the first stub parameter as the "this"
pointer in the the TF-compiled JS function.
- Fix bugs in the ia32/x64 disassembler.
BUG=
Review URL: https://codereview.chromium.org/1134323002
Cr-Commit-Position: refs/heads/master@{#28386}
Implements the strong mode proposal's restrictions on implicit conversions
for the binary >, >=, <, and <= operators.
BUG=v8:3956
LOG=N
Review URL: https://codereview.chromium.org/1130283002
Cr-Commit-Position: refs/heads/master@{#28370}
Reason for revert:
Shouldn't unconditionally load holes since it tanks performance. I'll change it in a follow-up to only do it if the IC ever saw it happen.
Original issue's description:
> Allow loading holes from holey smi arrays
>
> BUG=
>
> Committed: https://crrev.com/eab5bb5390fab79d063f29398377c6d181963dde
> Cr-Commit-Position: refs/heads/master@{#28298}
TBR=mvstanton@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1131203002
Cr-Commit-Position: refs/heads/master@{#28309}
Reason for revert:
original commit was reverted.
This reverts commit c3529ce501.
original issues's description:
> X87: Resolve references to "this" the same way as normal variables
>
> port 06a792b7cc (r28263).
>
> original commit message:
>
> Make the parser handle references to "this" as unresolved variables, so the
> same logic as for the rest of function parameters is used for the receiver.
> Minor additions to the code generation handle copying the receiver to the
> context, along with the rest of the function parameters.
>
> Based on work by Adrian Perez de Castro <aperez@igalia.com>
BUG=
Review URL: https://codereview.chromium.org/1130913005
Cr-Commit-Position: refs/heads/master@{#28307}
port 7798548a8f (r28260)
original commit message:
typeof was implemented as a runtime function. Calling it in
optimized code with a non-constant input becomes burdensome.
BUG=
Review URL: https://codereview.chromium.org/1124263005
Cr-Commit-Position: refs/heads/master@{#28279}
port 06a792b7cc (r28263).
original commit message:
Make the parser handle references to "this" as unresolved variables, so the
same logic as for the rest of function parameters is used for the receiver.
Minor additions to the code generation handle copying the receiver to the
context, along with the rest of the function parameters.
Based on work by Adrian Perez de Castro <aperez@igalia.com>
BUG=
Review URL: https://codereview.chromium.org/1124393002
Cr-Commit-Position: refs/heads/master@{#28278}
The Hydrogen representation for binops was never changed to care about the
language mode. We thought this was ok, but it turns out we need to keep track
of it to make sure inlining doesn't mess with the "strongness" of binops.
Also added more rigorous inlining testing.
BUG=v8:3956
LOG=N
Review URL: https://codereview.chromium.org/1123043002
Cr-Commit-Position: refs/heads/master@{#28253}
port cf53fed972 (r28242).
original commit message:
ArgumentsAdaptorStub for derived constructor (the one that needs
new.target) works in this way:
- If the constructor is invoked via the Construct stub, we know that
actual arguments always include new.target. ``arguments`` object
however should not include a new.target, therefore we remove it.
We achieve this by decrementing the argument count.
- If the constructor is invoked as a call, we do not care for a correct
``arguments`` array since the constructor will immediately throw on
entrance.
The bug is that the call could actually pass 0 actual arguments, but I
decrement unconditionally :(. The fix is to detect this case and avoid
decrementing. ``arguments`` is bogus, but it is ok as constructor
throws.
Long-term we should just remove mucking about with arguments for
new.target and just get it from the stack.
BUG=
Review URL: https://codereview.chromium.org/1124063002
Cr-Commit-Position: refs/heads/master@{#28246}
When comparing a symbol to istself using <, <=, > or >= we need to
throw a TypeError. This is correctly handled in the runtime function
so if we are comparing a symbol fall back to use the runtime.
BUG=v8:4073
LOG=Y
R=rossberg@chromium.org
Review URL: https://codereview.chromium.org/1125783002
Cr-Commit-Position: refs/heads/master@{#28226}
port 83a0af5500 (r28165).
original commit message:
VectorICs: built-in function apply should use an IC.
Handled a TODO that sent builtin function apply to the runtime on property get.
BUG=
Review URL: https://codereview.chromium.org/1119263002
Cr-Commit-Position: refs/heads/master@{#28189}
Just give internal ones an ArrayBuffer with a NULL backing store. This
simplifies the access checks a lot.
BUG=v8:3996
R=hpayer@chromium.org,verwaest@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1109353003
Cr-Commit-Position: refs/heads/master@{#28168}
An initial 'code age' state that will turn into a 'pre-aging' code age only after it was executed the first time.
BUG=470930
LOG=Y
Review URL: https://codereview.chromium.org/1107233004
Cr-Commit-Position: refs/heads/master@{#28162}
port caeb9004f0 (r28056)
original commit message:
If the array's map is the initial FastHoley array map, and the array prototype
chain is undisturbed and empty of elements, then keyed loads can convert the
load of a hole to undefined.
BUG=
Review URL: https://codereview.chromium.org/1104073003
Cr-Commit-Position: refs/heads/master@{#28128}
Implements the strong mode proposal's restrictions on
implicit conversions for binary arithmetic operations, not
including the + special case. Adds some infrastructure
for future implementation of the restrictions for other
operators.
BUG=v8:3956
LOG=N
Review URL: https://codereview.chromium.org/1092353002
Cr-Commit-Position: refs/heads/master@{#28045}
port 13459c1ae3 (r27857)
original commit message:
Array() in optimized code can create with wrong ElementsKind in corner cases.
Calling new Array(JSObject::kInitialMaxFastElementArray) in optimized code
makes a stub call that bails out due to the length. Currently, the bailout
code a) doesn't have the allocation site, and b) wouldn't use it if it did
because the length is perceived to be too high.
This CL passes the allocation site to the stub call (rather than undefined),
and alters the bailout code to utilize the feedback.
BUG=
Review URL: https://codereview.chromium.org/1088423002
Cr-Commit-Position: refs/heads/master@{#27875}
This adds a missing bailout id to a ForInStatement for when retrieving
and filtering a property name deoptimizes. This can happen with proxies
that have a getPropertyDescriptor trap.
R=jarin@chromium.org
TEST=mjsunit/for-in-opt
Review URL: https://codereview.chromium.org/1086083002
Cr-Commit-Position: refs/heads/master@{#27846}
port e0844a24d3 (r27793).
original commit message:
These options were added for a hydrogen code stub version of
the VectorIC dispatcher, which was discontinued.
BUG=
Review URL: https://codereview.chromium.org/1087573003
Cr-Commit-Position: refs/heads/master@{#27802}
The assembler code generated by the DeoptimizeIf(...) function under X87 is larger
and the distance between the link point and the bind point which has two DeoptimizeIf()
is larger then near link distance (127) for labels.
BUG=
Review URL: https://codereview.chromium.org/1065893003
Cr-Commit-Position: refs/heads/master@{#27801}
port 2d281e71ac (r27633)
original commit message:
Make --always-opt also optimize top-level code.
This enables eager optimization of top-level code with TurboFan and
extends test coverage by triggering it with the --always-opt flag.
Script contexts are now also properly allocated in TurboFan.
BUG=
Review URL: https://codereview.chromium.org/1077523002
Cr-Commit-Position: refs/heads/master@{#27693}
Reason for revert:
Revert the revert as this commit cannot be the cause for the closed tree.
Original issue's description:
> Revert of X87: Reimplement Maps and Sets in JS (patchset #1 id:1 of https://codereview.chromium.org/1066373002/)
>
> Reason for revert:
> Reverting as it resulted in a closed waterfall.
>
> Original issue's description:
> > X87: Reimplement Maps and Sets in JS
> >
> > port 909500aa1d (r27605)
> >
> > original commit message:
> > Previously, the only optimized code path for Maps and Sets was for String keys.
> > This was achieved through an implementation of various complex operations
> > in Hydrogen. This approach was neither scalable nor forward-compatible.
> >
> > This patch adds the necessary intrinsics to implement Maps and Sets almost entirely
> > in JS. The added intrinsics are:
> >
> > %_FixedArrayGet
> > %_FixedArraySet
> > %_TheHole
> > %_JSCollectionGetTable
> > %_StringGetRawHashField
> >
> > With these additions, as well as a few changes to what's exposed as runtime functions,
> > most of the C++ code backing Maps and Sets is gone (including both runtime code in
> > objects.cc and Crankshaft in hydrogen.cc).
> >
> > BUG=
> >
> > Committed: https://crrev.com/56600a35a49ffa5abcba66b14839089de3589ad9
> > Cr-Commit-Position: refs/heads/master@{#27681}
>
> TBR=weiliang.lin@intel.com,chunyang.dai@intel.com
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=
>
> Committed: https://crrev.com/a0486f128109443ed07802fb463c267e53533d81
> Cr-Commit-Position: refs/heads/master@{#27682}
TBR=weiliang.lin@intel.com,chunyang.dai@intel.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1077543002
Cr-Commit-Position: refs/heads/master@{#27685}
port 146598f44a (r27614)
original commit message:
Optimistically pushing a lot of arguments can run into the stack limit of the
process, at least on operating systems where this limit is close to the limit
that V8 sets for itself.
BUG=
Review URL: https://codereview.chromium.org/1069283002
Cr-Commit-Position: refs/heads/master@{#27684}
Reason for revert:
Reverting as it resulted in a closed waterfall.
Original issue's description:
> X87: Reimplement Maps and Sets in JS
>
> port 909500aa1d (r27605)
>
> original commit message:
> Previously, the only optimized code path for Maps and Sets was for String keys.
> This was achieved through an implementation of various complex operations
> in Hydrogen. This approach was neither scalable nor forward-compatible.
>
> This patch adds the necessary intrinsics to implement Maps and Sets almost entirely
> in JS. The added intrinsics are:
>
> %_FixedArrayGet
> %_FixedArraySet
> %_TheHole
> %_JSCollectionGetTable
> %_StringGetRawHashField
>
> With these additions, as well as a few changes to what's exposed as runtime functions,
> most of the C++ code backing Maps and Sets is gone (including both runtime code in
> objects.cc and Crankshaft in hydrogen.cc).
>
> BUG=
>
> Committed: https://crrev.com/56600a35a49ffa5abcba66b14839089de3589ad9
> Cr-Commit-Position: refs/heads/master@{#27681}
TBR=weiliang.lin@intel.com,chunyang.dai@intel.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1073723002
Cr-Commit-Position: refs/heads/master@{#27682}
port 909500aa1d (r27605)
original commit message:
Previously, the only optimized code path for Maps and Sets was for String keys.
This was achieved through an implementation of various complex operations
in Hydrogen. This approach was neither scalable nor forward-compatible.
This patch adds the necessary intrinsics to implement Maps and Sets almost entirely
in JS. The added intrinsics are:
%_FixedArrayGet
%_FixedArraySet
%_TheHole
%_JSCollectionGetTable
%_StringGetRawHashField
With these additions, as well as a few changes to what's exposed as runtime functions,
most of the C++ code backing Maps and Sets is gone (including both runtime code in
objects.cc and Crankshaft in hydrogen.cc).
BUG=
Review URL: https://codereview.chromium.org/1066373002
Cr-Commit-Position: refs/heads/master@{#27681}
port 16ee55097a (r27536)
original commit message:
Generate common StoreFastElementStubs ahead of time
BUG=
Review URL: https://codereview.chromium.org/1052413002
Cr-Commit-Position: refs/heads/master@{#27597}
port 7c347c545e (r27511)
original commit message:
A bug allows JSObject literals with elements to have the elements in the
boilerplate modified.
BUG=
Review URL: https://codereview.chromium.org/1057883004
Cr-Commit-Position: refs/heads/master@{#27595}
The original code will not update the IC info if one of parameter is SMI. It Can not handle Number + Smi.
BUG=
Review URL: https://codereview.chromium.org/1056663005
Cr-Commit-Position: refs/heads/master@{#27583}
port 38a719f965 (r27440)
original commit message:
This switches full-codegen to no longer push and pop StackHandler
markers onto the operand stack, but relies on a range-based handler
table instead. We only use StackHandlers in JSEntryStubs to mark the
transition from C to JS code.
Note that this makes deoptimization and OSR from within any try-block
work out of the box, makes the non-exception paths faster and should
overall be neutral on the memory footprint (pros).
On the other hand it makes the exception paths slower and actually
throwing and exception more expensive (cons).
BUG=
Review URL: https://codereview.chromium.org/1030283003
Cr-Commit-Position: refs/heads/master@{#27478}
port 6689cc27eb (r27377)
original commit message:
Handlers should be in charge of this work. The change uncovered a bug in
vector-ics related to keyed loads into strings. It's important for
StringCharCodeAtGenerator, a helper used in full code and in
LoadIndexedStringStub (a handler) to protect the vector and slot registers
when it makes a runtime call to convert a HeapNumber to a Smi.
It's still possible for the handler to MISS after this call, perhaps due
to out of bounds access. In that case, the vector and slot registers need
to be delivered safely to the MISS handler.
BUG=
Review URL: https://codereview.chromium.org/1033733005
Cr-Commit-Position: refs/heads/master@{#27461}
port e18e3cd4d8 (r27305)
original commit message:
[stubs] Add missing interface descriptor for the CompareIC.
BUG=
Review URL: https://codereview.chromium.org/1024553007
Cr-Commit-Position: refs/heads/master@{#27397}
port 16c8485a35 (r27269).
original commit message:
Replaces StoreGlobalCell / LoadGlobalCell with NamedField variants that use write barriers.
BUG=
Review URL: https://codereview.chromium.org/1013543004
Cr-Commit-Position: refs/heads/master@{#27395}
port 34a1a76ddf (r27235)
original commit message:
A hydrogen code stub is not the best approach because it builds a frame
and doesn't have the technology to discard roots at tail call exits.
Platform-specific stubs provide much better performance at this point.
BUG=
Review URL: https://codereview.chromium.org/1025073005
Cr-Commit-Position: refs/heads/master@{#27394}
port 15f8213809 (r27263)
original commit message:
This relands commit 96f79568a9.
This makes the Isolate::Throw logic not depend on a prediction of
whether an exception is caught or uncaught. Such a prediction is
inherently undecidable because a finally block can decide between
consuming or re-throwing an exception depending on arbitray control
flow.
There still is a conservative prediction mechanism in place that
components like the debugger or tracing can use for reporting.
With this change we can get rid of the StackHandler::kind field, a
pre-requisite to do table-based lookups of exception handlers.
BUG=
Review URL: https://codereview.chromium.org/1027413002
Cr-Commit-Position: refs/heads/master@{#27385}
port d4696c4841 (r27150)
original commit message:
This moves the decision whether to report a message or not to when
the pending exception is propagated instead of trying to preserve the
decision in a ThreadLocalTop field.
BUG=
Review URL: https://codereview.chromium.org/1028073002
Cr-Commit-Position: refs/heads/master@{#27360}
port f71e262683 (r27127)
original commit message:
Simplify pending message script handling.
This removes the separate tracking of the pending message script,
because that script is already stored in the message object and
duplicating it in the ThreadLocalTop makes it more brittle.
BUG=
R=weiliang.lin@intel.com
Review URL: https://codereview.chromium.org/1028993003
Cr-Commit-Position: refs/heads/master@{#27358}
port 36e69a916f (r27115)
original commit message:
This reduces the size of the StackHandler by yet another word. We no
longer need to keep track of the frame pointer, as the stack walk will
be able to recalculate it.
BUG=
Review URL: https://codereview.chromium.org/1030563002
Cr-Commit-Position: refs/heads/master@{#27357}
port 8d946b9c3f (r27106).
original commit message:
[es6] Throw TypeError for computed static prototype property name
The prototype of a class constructor function is read only. When we set
computed property names we were ignoring this and we were overriding the
property.
Since the prototype is the only possible own read only property on the
constructor function object we special case this so we do not have to
check this for every property in the class literal.
BUG=
Review URL: https://codereview.chromium.org/1028983002
Cr-Commit-Position: refs/heads/master@{#27356}
port e0aa8ebf93 (r27103).
original commit message:
This reduces the size of the StackHandler by one word. We no longer
need to keep track of the code object, as the stack walk finds it.
BUG=
R=weiliang.lin@intel.com
Review URL: https://codereview.chromium.org/1022403002
Cr-Commit-Position: refs/heads/master@{#27353}
port 1382879f29 (r27016).
oringinal commit message:
[turbofan] Implement throwing exceptions into TurboFan code.
This extends the stack unwinding logic to respect optimized frames
and perform a lookup in the handler table to find handlers. It also
contains fixes to the API call stubs to allow a stack walk while
promoting scheduled exceptions.
BUG=
Review URL: https://codereview.chromium.org/1023943002
Cr-Commit-Position: refs/heads/master@{#27342}
port 2ecdf736cf (r27014).
original commit message:
Fix exception for assignment to uninitialised const.
BUG=
Review URL: https://codereview.chromium.org/1028533002
Cr-Commit-Position: refs/heads/master@{#27332}
I found some strange split in deopt entry points generator.
The code for table entry generator had two classes.
It is safe to join these classes together and drop virtual.
BUG=
LOG=n
Review URL: https://codereview.chromium.org/1010413003
Cr-Commit-Position: refs/heads/master@{#27264}
This is the fifth part of https://codereview.chromium.org/1012633002
In this part we collect the offsets of deopt calls and save it into
an inlined function info.
On the Next:
Later when deopt happens we will get the offset of deopt call and
search it among inlined infos.
BUG=chromium:452067
LOG=n
Review URL: https://codereview.chromium.org/1011113004
Cr-Commit-Position: refs/heads/master@{#27258}
This ensures that there is only one stub that deals with unwinding the
stack. Having more than one place containing that logic is brittle and
error prone, especially when it is a corner case only for RangeErrors.
R=titzer@chromium.org
TEST=mjsunit/regress/regress-crbug-467047
BUG=chromium:467047
LOG=N
Review URL: https://codereview.chromium.org/1012103002
Cr-Commit-Position: refs/heads/master@{#27243}
the third part of the patch https://codereview.chromium.org/1012633002
this patch
1) moves DeoptInfo builder code to platform independent file lithium-codegen.cc
2) adds inlining_id property to HEnterInlined so we can use it on lithium level.
BUG=chromium:452067
LOG=n
Review URL: https://codereview.chromium.org/1011733005
Cr-Commit-Position: refs/heads/master@{#27231}
Fix the resulting warnings by renaming things apart.
BUG=v8:3947
LOG=n
Review URL: https://codereview.chromium.org/1009373002
Cr-Commit-Position: refs/heads/master@{#27219}
Reduces the amount of custom support code for Math functions in TurboFan
and allows for more general inlining (i.e. independent of parameter
types).
BUG=v8:3952
LOG=n
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1004083002
Cr-Commit-Position: refs/heads/master@{#27172}
Combined the various lists, the only slightly ugly thing is now the
distinction between intrinsics returning pairs and the rest, but
that's no big deal.
BUG=v8:3947
LOG=n
Review URL: https://codereview.chromium.org/989273003
Cr-Commit-Position: refs/heads/master@{#27135}
This reduces the size of the StackHandler by yet another word. We no
longer need to keep track of the frame pointer, as the stack walk will
be able to recalculate it.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/991893003
Cr-Commit-Position: refs/heads/master@{#27115}
This involved renaming apart a few more intrinsics. In the long run,
we want to clean up redundant intrinsics which just delegate.
BUG=v8:3947
LOG=n
Review URL: https://codereview.chromium.org/984963002
Cr-Commit-Position: refs/heads/master@{#27043}
Internal references are absolute addresses into the instruction
stream. Turn them into relative addresses when serializing and
back when deserializing to keep them valid.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/976623002
Cr-Commit-Position: refs/heads/master@{#27020}
This way, every function in those lists has one C++ implementation
called Runtime_##name. The previous distinction was confusing.
Review URL: https://codereview.chromium.org/983623002
Cr-Commit-Position: refs/heads/master@{#27010}
port 1a608493e5 (r26983)
original commit message:
Refactor BreakLocationIterator.
We now have BreakLocation::Iterator to iterate via RelocIterator, and
create a BreakLocation when we are done iterating. The reloc info is
stored in BreakLocation in a GC-safe way and instantiated on demand.
BUG=
Review URL: https://codereview.chromium.org/978183002
Cr-Commit-Position: refs/heads/master@{#27003}
We now have BreakLocation::Iterator to iterate via RelocIterator, and
create a BreakLocation when we are done iterating. The reloc info is
stored in BreakLocation in a GC-safe way and instantiated on demand.
R=ulan@chromium.org
BUG=v8:3924
LOG=N
Review URL: https://codereview.chromium.org/967323002
Cr-Commit-Position: refs/heads/master@{#26983}
Save Unknown position as zero in RelocInfo.
Remove copy constructor of SourcePosition because it is trivial.
Mechanical replace int raw_position with SourcePosition position.
BUG=452067
LOG=n
Review URL: https://codereview.chromium.org/959203002
Cr-Commit-Position: refs/heads/master@{#26916}
We accessed to cpu_profiler for tracking SharedFunctionInfo objects movements and used their addresses for generating function_id. Actually we could replace the manually generated shared_id by the pair script_id + position. In this case we can drop SharedFunctionInfo events support from cpu_profiler and remove the dependency.
BTW GetCallUid was used as an unique identifier of the function on the front-end side. Actually it is a hash which might not be unique. So I renamed GetCallUid with GetHash and implemented GetFunctionId method.
BUG=452067
LOG=n
Review URL: https://codereview.chromium.org/941973002
Cr-Commit-Position: refs/heads/master@{#26775}
ModuleDescriptor will end up holding the set of data described in the
spec as a "Module record". This introduces a little bit of confusion
with ModuleInfo, but I hope that'll become clearer over time.
Also removed the interface-printing flags. We probably want
Module-printing flags, but that can wait until we have more
Module-related structures.
BUG=v8:1569
LOG=n
Review URL: https://codereview.chromium.org/935723004
Cr-Commit-Position: refs/heads/master@{#26728}
This gets Variable and VariableProxy out of the business of worrying about
Interfaces.
At the same time, get rid of the notion of "module variables". In ES6, variables
that refer to modules will be simply be CONST bindings to module namespace
objects.
The only change in logic here is one more early error:
duplicate export names are now rejected.
BUG=v8:1569
LOG=n
Review URL: https://codereview.chromium.org/918373002
Cr-Commit-Position: refs/heads/master@{#26708}
port 2707d4c9f4 (r26628).
original commit message:
This CL fixes tests that no longer valid and also fixes two issues:
1. 'super()' in non derived constructors.
2. Failure to step into derived constructors.
BUG=
Review URL: https://codereview.chromium.org/920543005
Cr-Commit-Position: refs/heads/master@{#26647}
1) create beefy RelocInfo table when cpu profiler is active, so if a function
was optimized when profiler was active RelocInfo would get separate DeoptInfo
for the each deopt case.
2) push DeoptInfo from CodeEntry to ProfileNode.
When deopt happens we put the info collected on #1 into CodeEntry and record stack sample.
On the sampling thread we grab the deopt data and append it to the corresponding ProfileNode deopts list.
Sample profile dump.
[Top down]:
0 (root) 0 #1
1 29 #2
1 test 29 #3
2 opt_function 29 #4
2 opt_function 29 #5
deopted at 118 with reason 'not a heap number'
deopted at 137 with reason 'division by zero'
BUG=452067
LOG=n
Committed: https://crrev.com/ce8701b247d3c6604f24f17a90c02d17b4417f54
Cr-Commit-Position: refs/heads/master@{#26615}
Review URL: https://codereview.chromium.org/919953002
Cr-Commit-Position: refs/heads/master@{#26630}
To solence C++ compiler warnings because is_mutable_ is only for CHECK.
BUG=
Review URL: https://codereview.chromium.org/922673002
Cr-Commit-Position: refs/heads/master@{#26618}
Reason for revert:
static initializers broke the build
Original issue's description:
> CPUProfiler: Push deopt reason further to ProfileNode.
>
> 1) create beefy RelocInfo table when cpu profiler is active, so if a function
> was optimized when profiler was active RelocInfo would get separate DeoptInfo
> for the each deopt case.
>
> 2) push DeoptInfo from CodeEntry to ProfileNode.
> When deopt happens we put the info collected on #1 into CodeEntry and record stack sample.
> On the sampling thread we grab the deopt data and append it to the corresponding ProfileNode deopts list.
>
> Sample profile dump.
> [Top down]:
> 0 (root) 0 #1
> 1 29 #2
> 5 test 29 #3
> 3 opt_function 29 #4
> deopted at 52 with reason 'not a heap number'
> deopted at 71 with reason 'division by zero'
>
> BUG=452067
> LOG=n
>
> Committed: https://crrev.com/ce8701b247d3c6604f24f17a90c02d17b4417f54
> Cr-Commit-Position: refs/heads/master@{#26615}
TBR=jarin@chromium.org,svenpanne@chromium.org,yurys@chromium.org,alph@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=452067
Review URL: https://codereview.chromium.org/915173005
Cr-Commit-Position: refs/heads/master@{#26616}
1) create beefy RelocInfo table when cpu profiler is active, so if a function
was optimized when profiler was active RelocInfo would get separate DeoptInfo
for the each deopt case.
2) push DeoptInfo from CodeEntry to ProfileNode.
When deopt happens we put the info collected on #1 into CodeEntry and record stack sample.
On the sampling thread we grab the deopt data and append it to the corresponding ProfileNode deopts list.
Sample profile dump.
[Top down]:
0 (root) 0 #1
1 29 #2
5 test 29 #3
3 opt_function 29 #4
deopted at 52 with reason 'not a heap number'
deopted at 71 with reason 'division by zero'
BUG=452067
LOG=n
Review URL: https://codereview.chromium.org/919953002
Cr-Commit-Position: refs/heads/master@{#26615}
Previously, emitting two more more unique source positions at the same pc would
generate two or more RelocInfo entries. Now, only the last emitted source
position for any pc is added to the RelocInfo.
Review URL: https://codereview.chromium.org/908443002
Cr-Commit-Position: refs/heads/master@{#26608}
port bf49be39f3 (r26572)
original commit message:
new classes: implement new.target passing to superclass constructor
BUG=
Review URL: https://codereview.chromium.org/912233003
Cr-Commit-Position: refs/heads/master@{#26596}
port 5d68529be2 (r26546)
original commit message:
Parsing: Make Scope not know about Isolate.
Scope, like Parser, must be able to operate independent of Isolate and the V8
heap (for background parsing). After the heap-independent phase, there is a heap
dependent phase, during which we do operations such as scope anaylysis.
This CL makes the phases explicit by not telling Scope about the Isolate too
early (during the heap-independent phase, Scope should know nothing about
Isolate). This decreases the probability of accidental code changes which would
add heap-dependent operations into the heap-independent phase.
BUG=
R=weiliang.lin@intel.com
Review URL: https://codereview.chromium.org/913163003
Cr-Commit-Position: refs/heads/master@{#26590}
port 86cae1633c (r26545)
original commit message:
1) Deoptimizer::Reason was replaced with Deoptimizer::DeoptInfo
because it also has raw position. Also the old name clashes with DeoptReason enum.
2) c_entry_fp assignment call was added to EntryGenerator::Generate
So we can calculate sp and have a chance to record the stack for the deopting function.
btw it makes the test stable.
3) new kind of CodeEvents was added to cpu-profiler
4) GetDeoptInfo method was extracted from PrintDeoptLocation.
So it could be reused in cpu profiler.
BUG=
R=weiliang.lin@intel.com
Review URL: https://codereview.chromium.org/912403003
Cr-Commit-Position: refs/heads/master@{#26588}
1) Deoptimizer::Reason was replaced with Deoptimizer::DeoptInfo
because it also has raw position. Also the old name clashes with DeoptReason enum.
2) c_entry_fp assignment call was added to EntryGenerator::Generate
So we can calculate sp and have a chance to record the stack for the deopting function.
btw it makes the test stable.
3) new kind of CodeEvents was added to cpu-profiler
4) GetDeoptInfo method was extracted from PrintDeoptLocation.
So it could be reused in cpu profiler.
BUG=452067
LOG=n
Review URL: https://codereview.chromium.org/910773002
Cr-Commit-Position: refs/heads/master@{#26545}
port 2491a639bf (r26463)
original commit message:
Externalize deoptimization reasons.
1) The hardcoded strings were converted into DeoptReason enum.
2) Deopt comment were converted into a pair location and deopt reason entries so
the deopt reason tracking mode would less affect the size of the RelocInfo table and heap.
3) DeoptReason entry in RelocInfo reuses kCommentTag value and generates short entry in RelocInfo table.
BUG=
Review URL: https://codereview.chromium.org/867243005
Cr-Commit-Position: refs/heads/master@{#26526}
port 6fc97a1965 (r26420)
original commit message:
Retry "Use a WeakCell in the CallIC type vector."
The first try failed because I needed to make a better distinction
between clearing ICs according to policy at GC time or unconditional
clearing (say, via %ClearFunctionTypeFeedback).
It was also blocked by an issue in super constructor calls.
This fix (https://codereview.chromium.org/892113002/) needs to land
before checking in this CL.
BUG=
R=weiliang.lin@intel.com
Review URL: https://codereview.chromium.org/865713004
Cr-Commit-Position: refs/heads/master@{#26517}
port c7851da4ae (r26419)
original commit message:
Introduce LanguageMode, drop StrictMode.
This enables adding more language modes in the future.
For maximum flexibility, LanguageMode is a bitmask, so we're not restricted to
use a sequence of language modes which are progressively stricter, but we can
express the language mode as combination of features.
For now, LanguageMode can only be "sloppy" or "strict", and there are
STATIC_ASSERTS in places which need to change when more modes are added.
LanguageMode is a bit like the old LanguageMode when "extended" mode was still
around (see https://codereview.chromium.org/8417035 and
https://codereview.chromium.org/181543002 ) except that it's transmitted through
all the layers (there's no StrictModeFlag).
BUG=
R=weiliang.lin@intel.com
Review URL: https://codereview.chromium.org/902053005
Cr-Commit-Position: refs/heads/master@{#26514}
port 64f81870ee (r26414)
original commit message:
Super Constructor Calls need to use a vector slot, not an ic slot.
The Ast Call node is accustomed to using a vector IC slot for the
cases when it uses a CallIC. The super constructor work alters this
somewhat by using a CallConstructStub instead, however the
CallConstructStub expects a vector slot and not a vector ic slot.
This distinction needs to be maintained because slots and ic slots
have different clearing strategies and are handled differently.
BUG=
R=weiliang.lin@intel.com
Review URL: https://codereview.chromium.org/911513002
Cr-Commit-Position: refs/heads/master@{#26511}
port c65ae4f10c (r26346).
fix one spelling error introduced by this CL.
original commit message:
Reland "Initial switch to Chromium-style CHECK_* and DCHECK_* macros.".
BUG=
Review URL: https://codereview.chromium.org/886833006
Cr-Commit-Position: refs/heads/master@{#26507}
port 0deaa4b629 (r26340)
(code change in full-codegen-x87.cc is covered by r26340 ).
original commit message:
Initial switch to Chromium-style CHECK_* and DCHECK_* macros.
BUG=
Review URL: https://codereview.chromium.org/903353002
Cr-Commit-Position: refs/heads/master@{#26504}
port b18ad51079 (r26291)
original commit message:
additionally, make the interface match the JSFunction interface
BUG=
Review URL: https://codereview.chromium.org/906743002
Cr-Commit-Position: refs/heads/master@{#26503}
port 2a567faa3e (r26290)
original commit message:
Use a trampoline stub to load the type feedback vector for CallICs.
BUG=
Review URL: https://codereview.chromium.org/905983002
Cr-Commit-Position: refs/heads/master@{#26502}
port c7b09aac31 (r26252)
original commit message:
Along the way:
- Thread isolate parameter explicitly through code that used to
rely on getting it from the zone.
- Canonicalize the parameter position of isolate and zone for
affected code
- Change Hydrogen New<> instruction templates to automatically
pass isolate
BUG=
R=weiliang.lin@intel.com
Review URL: https://codereview.chromium.org/903183003
Cr-Commit-Position: refs/heads/master@{#26501}
1) The hardcoded strings were converted into DeoptReason enum.
2) Deopt comment were converted into a pair location and deopt reason entries so
the deopt reason tracking mode would less affect the size of the RelocInfo table and heap.
3) DeoptReason entry in RelocInfo reuses kCommentTag value and generates short entry in RelocInfo table.
BUG=452067
LOG=n
Committed: https://crrev.com/c49820e45b57f128a98690940875c049f612dde6
Cr-Commit-Position: refs/heads/master@{#26434}
Committed: https://crrev.com/ec42e002da03adb2db968dd5b7453341ddc59a5c
Cr-Commit-Position: refs/heads/master@{#26448}
Review URL: https://codereview.chromium.org/874323003
Cr-Commit-Position: refs/heads/master@{#26463}
Reason for revert:
This CL breaks RelocInfo::INTERNAL_REFERENCE (and maybe others that come after DEOPT_REASON), which is currently (mostly) unused on tip-of-tree, but will be used for jump tables soon(ish) and should therefore work. It seems to be a problem with implicitly assumptions about the number of reloc info modes. Needs further investigation.
Original issue's description:
> Externalize deoptimization reasons.
>
> 1) The hardcoded strings were converted into DeoptReason enum.
>
> 2) Deopt comment were converted into a pair location and deopt reason entries so
> the deopt reason tracking mode would less affect the size of the RelocInfo table and heap.
>
> 3) DeoptReason entry in RelocInfo reuses kCommentTag value and generates short entry in RelocInfo table.
>
> BUG=452067
> LOG=n
>
> Committed: https://crrev.com/c49820e45b57f128a98690940875c049f612dde6
> Cr-Commit-Position: refs/heads/master@{#26434}
>
> Committed: https://crrev.com/ec42e002da03adb2db968dd5b7453341ddc59a5c
> Cr-Commit-Position: refs/heads/master@{#26448}
TBR=alph@chromium.org,mstarzinger@chromium.org,svenpanne@chromium.org,yurys@chromium.org,loislo@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=452067
Review URL: https://codereview.chromium.org/900223002
Cr-Commit-Position: refs/heads/master@{#26457}
1) The hardcoded strings were converted into DeoptReason enum.
2) Deopt comment were converted into a pair location and deopt reason entries so
the deopt reason tracking mode would less affect the size of the RelocInfo table and heap.
3) DeoptReason entry in RelocInfo reuses kCommentTag value and generates short entry in RelocInfo table.
BUG=452067
LOG=n
Committed: https://crrev.com/c49820e45b57f128a98690940875c049f612dde6
Cr-Commit-Position: refs/heads/master@{#26434}
Review URL: https://codereview.chromium.org/874323003
Cr-Commit-Position: refs/heads/master@{#26448}
We used to have a parse error for conflicting property keys. This check
was removed to match ES6 (SpiderMonkey & Chakra already made this change).
Since this check was removed we ended up with a few new cases when
generating code. For example, accessors always generated code even if
those should have been shadowed by a data property.
BUG=v8:3856
LOG=Y
R=adamk, dslomov@chromium.org
Review URL: https://codereview.chromium.org/895693002
Cr-Commit-Position: refs/heads/master@{#26441}
Reason for revert:
it broke the build
Original issue's description:
> Externalize deoptimization reasons.
>
> 1) The hardcoded strings were converted into DeoptReason enum.
>
> 2) Deopt comment were converted into a pair location and deopt reason entries so
> the deopt reason tracking mode would less affect the size of the RelocInfo table and heap.
>
> 3) DeoptReason entry in RelocInfo reuses kCommentTag value and generates short entry in RelocInfo table.
>
> BUG=452067
> LOG=n
>
> Committed: https://crrev.com/c49820e45b57f128a98690940875c049f612dde6
> Cr-Commit-Position: refs/heads/master@{#26434}
TBR=alph@chromium.org,mstarzinger@chromium.org,svenpanne@chromium.org,yurys@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=452067
Review URL: https://codereview.chromium.org/892843007
Cr-Commit-Position: refs/heads/master@{#26435}
1) The hardcoded strings were converted into DeoptReason enum.
2) Deopt comment were converted into a pair location and deopt reason entries so
the deopt reason tracking mode would less affect the size of the RelocInfo table and heap.
3) DeoptReason entry in RelocInfo reuses kCommentTag value and generates short entry in RelocInfo table.
BUG=452067
LOG=n
Review URL: https://codereview.chromium.org/874323003
Cr-Commit-Position: refs/heads/master@{#26434}
This removes the duplicate property check from object literals.
Instead we repurpose the ObjectLiteralChecker into two cases, implemented
by two subclasses to ObjectLiteralCheckerBase called ObjectLiteralChecker
and ClassLiteralChecker.
The object literal checker now only checks for duplicate __proto__ fields in
object literals.
The class literal checker checks for duplicate constructors, non constructor
fields named constructor as well as static properties named prototype.
BUG=v8:3819
LOG=Y
R=adamk, dslomov@chromium.org
Review URL: https://codereview.chromium.org/873823003
Cr-Commit-Position: refs/heads/master@{#26336}
port bc3b2960e3 (r26172).
original commit message:
Fix issue with __proto__ when using ES6 object literals
It should be possible to create a concise method with the name
__proto__ without setting the [[Prototype]]. Similarly, property
name shorthands with the name __proto__ should define an own
property.
BUG=
R=weiliang.lin@intel.com
Review URL: https://codereview.chromium.org/856313002
Cr-Commit-Position: refs/heads/master@{#26179}
There is no need to embed function pointer in code.
BUG=v8:3823
LOG=N
Review URL: https://codereview.chromium.org/817483005
Cr-Commit-Position: refs/heads/master@{#26152}
port 6950ead0b0
original commit message:
split api call stubs into accessor and function call stubs
BUG=
Review URL: https://codereview.chromium.org/860593002
Cr-Commit-Position: refs/heads/master@{#26122}
port 74e38e34b3.
original commit message:
This adds support for computed property names, under the flag
--harmony-computed-property-names, for both object literals and classes.
This is a revert of the revert, 7d48fd9dc2.
BUG=
R=weiliang.lin@intel.com
Review URL: https://codereview.chromium.org/825593004
Cr-Commit-Position: refs/heads/master@{#26090}
This issue is exposed by CL https://codereview.chromium.org/807273003.
The DeoptimizeIf(...) function will generate more Assembler code and the
distance between the link point and the bind point is larger then near
link distance (127) for labels.
BUG=
Review URL: https://codereview.chromium.org/820963002
Cr-Commit-Position: refs/heads/master@{#25914}
port d211608a3e
original commit message:
[turbofan] Remove the no-context hack for JSToNumber.
The ToNumberStub is now able to handle all plain primitives (Numbers,
Booleans, Null, Undefined and Strings) without context access.
BUG=
Review URL: https://codereview.chromium.org/810683002
Cr-Commit-Position: refs/heads/master@{#25833}
This combines Map::DoneInobjectSlackTracking and Map::ConstructionCount into one more generic 4-bit counter.
Counter values from 15 down to 8 are used for in-object slack tracking, values from 7 down to 0 are free to be used for a new counter when in-object slack tracking is inactive.
Review URL: https://codereview.chromium.org/767253002
Cr-Commit-Position: refs/heads/master@{#25689}
This relands macroassembler instructions and weak cell caching and
does not include parts that caused "Linux ASan LSan" test failures.
BUG=v8:3663
LOG=N
Review URL: https://codereview.chromium.org/764003003
Cr-Commit-Position: refs/heads/master@{#25615}
port 6ac4de87a8
original commit message:
harmony-scoping: make assignment to 'const' a late error.
Per TC39 Nov 2014 decision. This patch also changes behavior for "legacy const":
assignments to sloppy const in strict mode is now also a type error. This fixes
v8:2243 and also brings us in compliance with other engines re assignment to function
names (see updated webkit test), but might have bigger implications. That change can
easily be reverted by changing Variable::IsSignallingAssignmentToConst.
BUG=
R=dslomov@chromium.org, weiliang.lin@intel.com
Review URL: https://codereview.chromium.org/763033002
Patch from Chunyang Dai <chunyang.dai@intel.com>.
Cr-Commit-Position: refs/heads/master@{#25532}
First step towards replacing PropertyType with two enums: {DATA,ACCESSOR} x {CONST,WRITABLE}.
Review URL: https://codereview.chromium.org/733253004
Cr-Commit-Position: refs/heads/master@{#25417}
port 47f55baeaf (r25397)
original commit message:
Re-land r25392 Use a stub in crankshaft for grow store arrays.
Code was vulnerable to different evaluation order in Clang.
BUG=
Review URL: https://codereview.chromium.org/739823002
Cr-Commit-Position: refs/heads/master@{#25414}
port 24a7ee877e1fe2ba0a52d69061946aeda7c26c10 (r25297)
original commit message:
Leaving a generator via an exception causes it to close
BUG=
R=weiliang.lin@intel.com
Review URL: https://codereview.chromium.org/724643002
Patch from Chunyang Dai <chunyang.dai@intel.com>.
Cr-Commit-Position: refs/heads/master@{#25316}
