For holey/growing keyed stores, we need to check that there are no
setters in the prototype chain and protect against changes to that
via code dependencies.
R=verwaest@chromium.org
BUG=v8:5275,v8:5276
Review-Url: https://codereview.chromium.org/2231683002
Cr-Commit-Position: refs/heads/master@{#38514}
Implement Bovc and Bnvc instruction macros in macro assembler.
The change 6f920d7d59 revealed an issue with AddBranchOvf for mips R6.
All branching instructions other than BOVC and BNVC are handled by Branch macro, which assures
correct handling of long and short branches. As a consequence, AddBranchOvf for R6 was working correctly
only before trampoline was emitted, but the case of long branch was not handled at all. Implemented
instruction macros enable proper handling of BOVC and BNVC in cases when long branching is needed.
TEST=test/intl/general/case-mapping.js
BUG=
Review-Url: https://codereview.chromium.org/2225323002
Cr-Commit-Position: refs/heads/master@{#38513}
This introduces initial support to handle keyed load access to
String primitives. This is accomplished via the existing operators
StringCharCodeAt and StringFromCharCode, which we already use to
optimize String.prototype.charCodeAt and String.fromCharCode.
R=yangguo@chromium.org
BUG=v8:5267
Review-Url: https://codereview.chromium.org/2232483002
Cr-Commit-Position: refs/heads/master@{#38512}
Rolling v8/build to e1fa1d72e5795ddcaff4ded5b083b1b08e52023a
Rolling v8/third_party/WebKit/Source/platform/inspector_protocol to eaa4c48e31e9f79fb6c4b665dc789dac0f0fb125
Rolling v8/third_party/icu to 53ce631655a61aaaa42b43b4d64abe23e9b8d71f
Rolling v8/tools/mb to d4f0973ff21ab990fed45c3803731c77197d65c8
TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
Review-Url: https://codereview.chromium.org/2234653002
Cr-Commit-Position: refs/heads/master@{#38511}
Currently we have V8 RuntimeCallStats that is independently from tracing when
running d8 with flag --runtime_call_stats. This patch embeds V8 runtime call
stats into tracing, by having a global table of runtime call counters each
isolate, resetting the table each time we enter a top level trace event, and
dumping the table for each top level trace event. This will make trace file more
compat, as well as enable runtime call stats in tracing system.
This patch adds ~5% overhead to V8 when the category is enabled, we measure the
overhead by running a script when category is enabled.
BUG=v8:5089
Committed: https://crrev.com/d014866173eaa2b548c566217b2c94b1d49385fa
Committed: https://crrev.com/1ca3b73bba4a7253ca8eeef39321d70e7d414331
Committed: https://crrev.com/3f936a5b17754783e92d2146eaf66c88a78ee45b
Review-Url: https://codereview.chromium.org/2187693002
Cr-Original-Original-Original-Commit-Position: refs/heads/master@{#38270}
Cr-Original-Original-Commit-Position: refs/heads/master@{#38314}
Cr-Original-Commit-Position: refs/heads/master@{#38403}
Cr-Commit-Position: refs/heads/master@{#38510}
It can now deal with multiple objects at the same time (but no
aliasing), and it propagates store information upwards across effect
chain splits.
R=jarin
BUG=
Review-Url: https://codereview.chromium.org/2159303002
Cr-Commit-Position: refs/heads/master@{#38509}
This avoids direct scope() accesses and allows us to redirect it over ScopeState.
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2226243002
Cr-Commit-Position: refs/heads/master@{#38507}
Block scopes don't need any special treatment here (it's unclear
to me why they ever did). And the has_forced_context_allocation() check
seems, according to our tests, to only have been necessary for proper
handling of 'with' scopes. This patch instead uses the "is_used" bit
to keep track of variables that are accessed from within a with.
R=neis@chromium.org
Review-Url: https://codereview.chromium.org/2220293003
Cr-Commit-Position: refs/heads/master@{#38505}
If a whole scope has forced context allocation, MustAllocateInContext()
already takes care of returning true for all variables, there's no need
to individually call ForceContextAllocation() on them.
R=neis@chromium.org
Review-Url: https://codereview.chromium.org/2222843005
Cr-Commit-Position: refs/heads/master@{#38504}
We assumed we could use a do..while, but the requested amount of slots could've
been 0 and we already started at MIN_CONTEXT_SLOTS. In that case the loop
should've been skipped.
Review-Url: https://codereview.chromium.org/2227723003
Cr-Commit-Position: refs/heads/master@{#38499}
Drive-by-fix: mark isolates as const in stack-allocated scopes
BUG=chromium:630217
Review-Url: https://codereview.chromium.org/2220993003
Cr-Commit-Position: refs/heads/master@{#38496}
On the debug info, we have a list of existing break points. When we
step in the debugger, we flood the function with one-shot break points.
Afterwards, we clear these one-shots by clearing all break locations.
Previously, while clearing break locations, we would skip ones that have
actual break points. Now we clear all break locations, and then reapply
break points. This is necessary for the next step, when we encode break
point info by source position, and not code offset. Encoding by code
offset would mean that break points are dependent on the code kind we
use.
R=jgruber@chromium.org
BUG=v8:5265
Review-Url: https://codereview.chromium.org/2221333002
Cr-Commit-Position: refs/heads/master@{#38492}
When we compile a growing store in TurboFan, we don't pass a (native)
context to the %GrowArrayElements fallback function, as the whole logic
is actually context independent. However, that means that we need to
bailout early in case the object is a prototype, which requires context
dependent checks in the array protector code.
R=cbruni@chromium.org
BUG=chromium:635798
Review-Url: https://codereview.chromium.org/2224253003
Cr-Commit-Position: refs/heads/master@{#38491}
Reason for revert:
crashing on ToT
Original issue's description:
> [heap] Enable black allocation when finalizing incremental marking.
>
> BUG=chromium:630386
>
> Committed: https://crrev.com/bb4e028648a27a6958afc9b5040366b899cda50d
> Cr-Commit-Position: refs/heads/master@{#38487}
TBR=mlippautz@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:630386
Review-Url: https://codereview.chromium.org/2223423003
Cr-Commit-Position: refs/heads/master@{#38490}
We lowered JSConvertReceiver using JSToObject, w/o connecting the
JSToObject to the control chain (which is fine since that ToObject
cannot throw). But then the lowering of the JSToObject would insert
an IfSuccess, which is immediately dead, since it is not used. This
was fine in a sense that it didn't seem to crash anything, but we
now want to do more aggressive checking if IfSuccess/IfException
nodes and so we need to fix this sloppyness in the lowerings.
R=mstarzinger@chromium.org
Review-Url: https://codereview.chromium.org/2228783003
Cr-Commit-Position: refs/heads/master@{#38484}
Avoids the always generated Star bytecodes after ObjectLiteral.
BUG=v4:4820
LOG=n
Review-Url: https://codereview.chromium.org/2216023003
Cr-Commit-Position: refs/heads/master@{#38480}
Previously, we would output \x5c to escape a backslash, but this is
invalid JSON and it would crash Turbolizer. Use \u005c instead.
BUG=
Review-Url: https://codereview.chromium.org/2224913002
Cr-Commit-Position: refs/heads/master@{#38479}
Use common CodeStubAssembler routines for FixedArray-copying builtin.
Also cleanup a few shared pieces of code along the way.
BUG=chromium:608675
Review-Url: https://codereview.chromium.org/2220673002
Cr-Commit-Position: refs/heads/master@{#38478}
- Remove Declaration::initialization(), move logic into parser.
The backends should only care about the actual initialization flag on the
variable.
- Introduce DeclareVariable convenience function that covers most cases of
variable declarations.
R=adamk@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2223843002
Cr-Commit-Position: refs/heads/master@{#38477}
These were the final remnants of error code written in JavaScript.
BUG=
Review-Url: https://codereview.chromium.org/2222893002
Cr-Commit-Position: refs/heads/master@{#38475}
Reason for revert:
Times out webgl errors: https://bugs.chromium.org/p/chromium/issues/detail?id=635545
Original issue's description:
> [KeyedLoadIC] Support Smi "handlers" for element loads
>
> This is an experiment as far as performance is concerned. If Smi-configured
> element loading directly from the dispatcher stub is fast enough, then we
> can stop compiling LoadFastElementStubs (and drop the corresponding code).
>
> Committed: https://crrev.com/c9308147b341596de2733039223918a6202afa5f
> Cr-Commit-Position: refs/heads/master@{#38377}
BUG=chromium:635545
TBR=ishell@chromium.org,jkummerow@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
Review-Url: https://codereview.chromium.org/2222273003
Cr-Commit-Position: refs/heads/master@{#38473}
Sanitize the typing rules for the various supported Math builtins, and
add appropriate typing rules for various Number, String, Object and global
builtins as well.
R=franzih@chromium.org
Review-Url: https://codereview.chromium.org/2222053002
Cr-Commit-Position: refs/heads/master@{#38472}
Rolling v8/build to a348ac1d0bd4d6f42bf36f88904a52da2df9d899
Rolling v8/buildtools to 33a32b8aa2b7274d246fcf85ce8f762cf4291418
Rolling v8/tools/clang to 29b1d8ac90f12e64aa1604a14486f5ef383fe29e
Rolling v8/tools/mb to 7bf9c40acdef35ded30efc4b237d2d3946842126
TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
Review-Url: https://codereview.chromium.org/2223183003
Cr-Commit-Position: refs/heads/master@{#38469}
port 6768456db5 (r38395)
original commit message:
The old code was using VariableMode, but that signal is both
over-pessimistic (some CONST and LET variables need no hole-initialization)
and inconsistent with other uses of the InitializationFlag enum (such
as %LoadLookupSlot).
This changes no observable behavior, but removes unnecessary hole
initialization and hole checks in a few places, including
block-scoped function declarations, super property lookups,
and new.target.
BUG=
Review-Url: https://codereview.chromium.org/2223803002
Cr-Commit-Position: refs/heads/master@{#38468}
Collect type feedback for subtract operation in interpreter. Also use it in
bytecode-graph-bulder to set the correct Hint for subtract operation.
BUG=v8:5273
LOG=N
Review-Url: https://codereview.chromium.org/2221833002
Cr-Commit-Position: refs/heads/master@{#38467}