We currently assume that all prototype maps are stable, which is
not guaranteed for certain keyed access patterns. So we explicitly
disallow optimizing the element access there for now.
BUG=chromium:557807, v8:4470
R=jarin@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1456973004
Cr-Commit-Position: refs/heads/master@{#32101}
Rolling v8/build/gyp to e1133480da78cd4a23a8cec604d1d6d46dab35d6
Rolling v8/buildtools to 818123dac34899ec230840936fc15b8b2b5556f9
Rolling v8/tools/clang to 650a79a0bd9b486fa688d8a71ce00674e9e2c096
TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
Review URL: https://codereview.chromium.org/1456323002
Cr-Commit-Position: refs/heads/master@{#32100}
This is in preparation for the addition of --harmony-destructuring-assignment.
BUG=v8:811
LOG=n
Review URL: https://codereview.chromium.org/1450193002
Cr-Commit-Position: refs/heads/master@{#32098}
Now that we no longer require AllocationInfo::limit to be aligned [1], we can do
more accurate inline-allocation-observation. This lets us get notified when the
next allocation that crosses the step-size boundary is allocated.
Fixed the test-cases. They make significantly more sense now given the step
sizes and the number of times we get notifications. For example, with a step
size of 512, an allocation of 16kb results in 32 notifications instead of 30
now.
[1] https://codereview.chromium.org/1444883003R=hpayer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1448913003
Cr-Commit-Position: refs/heads/master@{#32091}
This fixes undefined behavior with the OpParameter helper in some of our
node matchers. There was a constness mismatch of the template parameter.
R=oth@chromium.org,mythria@chromium.org
Review URL: https://codereview.chromium.org/1453973004
Cr-Commit-Position: refs/heads/master@{#32087}
Replaces the UnboundedQueue (SP/SC) with LockedQueue (MP/MC). This is necessary
as we can have multiple tasks (on multiple platform threads) reporting code move
events.
Note that the sampling queue is not affected by this change.
BUG=chromium:524425
LOG=N
Review URL: https://codereview.chromium.org/1457483002
Cr-Commit-Position: refs/heads/master@{#32086}
When adding properties to the result object, that object's prototype chain should be ignored.
Review URL: https://codereview.chromium.org/1458873002
Cr-Commit-Position: refs/heads/master@{#32085}
This triggers TurboFan whenever functions containing spread expressions
of any kind are marked for optimization. Note that this increases the
set of functions being eligible for optimization.
R=rossberg@chromium.org,hablich@chromium.org
Review URL: https://codereview.chromium.org/1461603002
Cr-Commit-Position: refs/heads/master@{#32083}
This makes sure we are using the right signedness - either the input
specifies signedness or the use must declare it does not care.
This requires some hole-punching in for-in so that the
representation selector understands the smi-ness of index.
Moreover, phi needs to pass the truncation along (maybe
slightly scary).
Review URL: https://codereview.chromium.org/1455123002
Cr-Commit-Position: refs/heads/master@{#32081}
This ensures the class in question specifies the correct equality and
hashing function when instantiated. Note that this introduces two new
structs (i.e. OpEqualTo and OpHash) which can be used for defaults
within OpParameter as well.
R=titzer@chromium.org,bmeurer@chromium.org
TEST=cctest/test-operator
Review URL: https://codereview.chromium.org/1455913003
Cr-Commit-Position: refs/heads/master@{#32080}
This fixes the array literal expression stack tracking in the presence
of spread expressions. Deoptimization within a spread expression was
borked.
R=bmeurer@chromium.org
TEST=mjsunit/regress/regress-deopt-in-array-literal-spread
Review URL: https://codereview.chromium.org/1455953002
Cr-Commit-Position: refs/heads/master@{#32079}
...based on the 2-lock algorithm by M. Scott and M. Michael (1992).
BUG=chromium:524425
LOG=N
Review URL: https://codereview.chromium.org/1448283004
Cr-Commit-Position: refs/heads/master@{#32078}
Retrieve the native context/global object from the Node being
specialized in the JSNativeContextSpecialization and the
JSGlobalObjectSpecialization classes. For this we introduce two
new methods NodeProperties::GetSpecializationNativeContext and
NodeProperties::GetSpecializationGlobalObject, which walk up
the context chain and might in the end take the native context
from the outermost activation (if native context specialization
is enabled). This allows us to run the native context specialization
pass as part of the inlining phase without hacking some of that into
the JSInliner.
Also refactor the NodeProperties::GetSpecializationContext method
that was previously local to the JSContextSpecialization.
Also refactor two other oddities in JSNativeContextSpecialization.
R=jarin@chromium.org
BUG=v8:4470, v8:4493
LOG=n
Review URL: https://codereview.chromium.org/1451143005
Cr-Commit-Position: refs/heads/master@{#32076}
If the input type does not help us, we are conservative and truncate (rather than guessing signed).
Review URL: https://codereview.chromium.org/1455103002
Cr-Commit-Position: refs/heads/master@{#32075}
This CL brings us one step closer to untangle the runtime-gc dependency, i.e. RecordWrites should not be called from the runtime.
BUG=
Review URL: https://codereview.chromium.org/1456533002
Cr-Commit-Position: refs/heads/master@{#32074}
I found this optimization opportunity when analyzing some pathological
compile-time examples. When tying together live ranges across control
flow boundaries, we used to repeatedly check if the top level range was
spilled in deferred blocks or not. This proved to be a hotspot in such
cases (i.e. the pathological compile time ones).
Because the analysis needs to progress block by block and not live range by live range, we cannot feasibly save per-range information to
remove the hotspot. Instead, we save this information when
constructing LiveRangeBounds.
The result is 2.5 to 7% improvement in the pathological cases, and a few
similar bonuses in perf in a couple of other benchmarks.
Also, opportunistically removed the loop counting the number of child
ranges, since we have that count from the new (post - refactoring)
range numbering technique.
BUG=
Review URL: https://codereview.chromium.org/1412573009
Cr-Commit-Position: refs/heads/master@{#32071}
Lower access to byteOffset and byteLength getters on JSArrayBufferViews
and to length on JSTypedArrays. This requires a check to see whether the
backing JSArrayBuffer was neutered.
R=mstarzinger@chromium.org
BUG=v8:4470
LOG=n
Review URL: https://codereview.chromium.org/1453653003
Cr-Commit-Position: refs/heads/master@{#32070}
Port e5edd66d07
Original commit message:
This is the first part to refactoring the JSNativeContextSpecialization
class, which has grown way too big recently.
Also don't collect cross context feedback for the CallIC in general.
Neither TurboFan nor Crankshaft can make any use of cross context
JSFunction feedback that is collected by the CallIC, so there's no
point in gathering that feedback at all (it just complicates the
checking that is necessary in the compilers). What we should do
instead at some point (when Crankshaft becomes less important) is
to collect the SharedFunctionInfo as feedback for those cases.
R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=v8:4470
LOG=n
Review URL: https://codereview.chromium.org/1455663002
Cr-Commit-Position: refs/heads/master@{#32059}
