Moves the temporary register allocator out of the bytecode array
builder into TemporaryRegisterAllocator class and adds unittests.
Particular must be taken around the translation window boundary
motivating the addition of tests.
Also adds a Clear() method to IdentityMap() which is called by
the destructor. This allows classes to hold an IdentityMap if
they are zone allocated. Classes must call Clear() before the zone
is re-cycled or face v8 heap corruption.
BUG=v8:4280,v8:4675
LOG=N
Review URL: https://codereview.chromium.org/1651133002
Cr-Commit-Position: refs/heads/master@{#33686}
Move all the code that deals with falling back to object creation via
stubs to JSGenericLowering, where we can already deal well with stub
calls. This includes JSCreateLiteralArray, JSCreateLiteralObject,
JSCreateClosure, JSCreateFunctionContext and JSCreateArray.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1653353002
Cr-Commit-Position: refs/heads/master@{#33682}
We don't have proper test coverage for the no-deoptimization code paths
in the JSGlobalObjectSpecialization reducer, and we will properly never
have any use for that code, so it just adds complexity and code that
likely breaks over time (as its untested).
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1659463007
Cr-Commit-Position: refs/heads/master@{#33680}
If the architecture does not provide rounding instructions, then C
implementations of these rounding instructions are called. The C
implementations from math.h are used, function pointers are registered
as external references so that they can be call from the simulator.
R=titzer@chromium.org
BUG=575379
LOG=Y
Review URL: https://codereview.chromium.org/1661463002
Cr-Commit-Position: refs/heads/master@{#33677}
Reason for revert:
This test fails:
assertEquals(["as"], /^a[\u017F]/ui.exec("as"));
The reason is that we end up with a character class that is not stand alone, so we do not perform case folding on it correctly (with unicode flag).
Original issue's description:
> [regexp] implement /ui to mirror the implementation for /i.
>
> R=erik.corry@gmail.com, erikcorry@chromium.org
>
> Committed: https://crrev.com/eea1a4c003c559c99bcc9f08aa7eadf931975aad
> Cr-Commit-Position: refs/heads/master@{#33655}
TBR=erik.corry@gmail.com,erikcorry@chromium.org,erikcorry@google.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1661483002
Cr-Commit-Position: refs/heads/master@{#33676}
Avoid the hacking in JSIntrinsicLowering and provide a proper simplified
operator ObjectIsReceiver instead that is used to implement %_IsJSReceiver
which is used by our JavaScript builtins and the JSInliner.
R=jarin@chromium.org
BUG=v8:4544
LOG=n
Review URL: https://codereview.chromium.org/1657863004
Cr-Commit-Position: refs/heads/master@{#33675}
Previously ObjectTemplate::New() logic relied on the fact that all the accessor properties are already installed in the initial map of the function object of the constructor FunctionTemplate.
When the FunctionTemplate were instantiated the accessors of the instance templates from the whole inheritance chain were accumulated and added to the initial map.
ObjectTemplate::SetSetAccessor() used to explicitly ensure that the ObjectTemplate has a constructor and therefore an initial map to add all accessors to.
The new approach is to add all the accessors and data properties to the object exactly when the ObjectTemplate is instantiated. In order to keep it fast we now cache the object boilerplates in the Isolate::template_instantiations_cache (the former function_cache), so the object creation turns to be a deep copying of the boilerplate object.
This CL also prohibits non-primitive properties in ObjectTemplate to avoid potential cross-context leaks.
BUG=chromium:579009
LOG=Y
Review URL: https://codereview.chromium.org/1642223003
Cr-Commit-Position: refs/heads/master@{#33674}
(Trying to finish FastAccessorAssembler this week. This should make it easier to pick up the Blink side of this work later on.)
BUG=chromium:508898
SOUNDTRACK=http://youtu.be/i1EG-MKy4so
LOG=Y
Review URL: https://codereview.chromium.org/1620293002
Cr-Commit-Position: refs/heads/master@{#33671}
Now that the branch analysis result is no longer mutated by the graph
builder, it can be made const again to preserve immutability.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1656933006
Cr-Commit-Position: refs/heads/master@{#33669}
Also changes SKIP to FAIL to ensure we know when we have fixed a test.
BUG=v8:4280,v8:4680
LOG=N
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_arm64_dbg,v8_linux_arm_dbg
Review URL: https://codereview.chromium.org/1656803002
Cr-Commit-Position: refs/heads/master@{#33665}
After this change, the functionality of the CodeStubAssembler should be
sufficient to generate non-trivial stubs (e.g. the KeyedLoadIC) with control
flow, variables and probing of internal meta data structures.
Specifically this patch:
* introduces a Label class, which allows stubs to construct graphs that don't
have linear control graphs.
* introduces a Variable class. Variables can be bound to Node* values at
different points in a non-linear control flow graph. In conjunction with the
Label machinery, the CodeStubAssembler ensures that Phi nodes are inserted at
the "minimal" set of merge points.
* adds Tail calling support to other Stubs and to any arbitrary code whose
interface can be described by a CallInterfaceDescriptor.
* provides new macros for accessing FixedArray elements that are optimized for
use with Smi values.
Review URL: https://codereview.chromium.org/1649723002
Cr-Commit-Position: refs/heads/master@{#33664}
This function is called for every live object in new space. We statically know
which version to call, so let's use templates here and eliminite a branch at
runtime.
BUG=chromium:524425
LOG=N
Review URL: https://codereview.chromium.org/1659823002
Cr-Commit-Position: refs/heads/master@{#33662}
There's no point in having %_IsFunction as inline intrinsic, as it
is only used in non performance critical code, which is already full
of runtime calls anyway, so %IsFunction will do the trick as well.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1658123002
Cr-Commit-Position: refs/heads/master@{#33660}
So far TurboFan only calls %TraceExit for the implicit
return of undefined, when the function contains no explicit
return statement. To make --trace useful, we also need to
call %TraceExit for ReturnStatement.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1652013002
Cr-Commit-Position: refs/heads/master@{#33659}
This CL removes the Config templatization from the types. It is not
necessary anymore, after the HeapTypes have been removed.
The CL also changes the type hierarchy - the specific type kinds are
not inner classes of the Type class and they do not inherit from Type.
This is partly because it seems impossible to make this work without
templates. Instead, a new TypeBase class is introduced and all the
structural (i.e., non-bitset) types inherit from it.
The bitset type still requires the bit-munging hack and some nasty
reinterpret-casts to pretend bitsets are of type Type*. Additionally,
there is now the same hack for TypeBase - all pointers to the sub-types
of TypeBase are reinterpret-casted to Type*. This is to keep the type
constructors in inline method definitions (although it is unclear how
much that actually buys us).
In future, we would like to move to a model where we encapsulate Type*
into a class (or possibly use Type where we used to use Type*). This
would loosen the coupling between bitset size and pointer size, and
eventually we would be able to have more bits.
TBR=bradnelson@chromium.org
Review URL: https://codereview.chromium.org/1655833002
Cr-Commit-Position: refs/heads/master@{#33656}
We can constant-fold JSToNumber conversions during typed lowering
if the input is a known primitive constant (i.e. a string, oddball
or number). I.e. JSToNumber("123") can be constant-folded to 123.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1657213002
Cr-Commit-Position: refs/heads/master@{#33654}
Rolling v8/third_party/icu to 2b12f8775d66568f2b2e2bd8246efcfdff40d563
Rolling v8/tools/clang to fc5dab2a77e5a2c69f0095faba5f903d520f0bb5
TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
Review URL: https://codereview.chromium.org/1653153003
Cr-Commit-Position: refs/heads/master@{#33653}
port cb9b801069 (r33582)
original commit message:
The previous versions of Math.max and Math.min made it difficult to
optimize those (that's why we already have custom code in Crankshaft),
and due to lack of ideas what to do about the variable number of
arguments, we will probably need to stick in special code in TurboFan
as well; so inlining those builtins is off the table, hence there's no
real advantage in having them around as "not quite JS" with extra work
necessary in the optimizing compilers to still make those builtins
somewhat fast in cases where we cannot inline them (also there's a
tricky deopt loop in Crankshaft related to Math.min and Math.max, but
that will be dealt with later).
So to sum up: Instead of trying to make Math.max and Math.min semi-fast
in the optimizing compilers with weird work-arounds support %_Arguments
%_ArgumentsLength, we do provide the optimal code as native builtins
instead and call it a day (which gives a nice performance boost on some
benchmarks).
BUG=
Review URL: https://codereview.chromium.org/1659623003
Cr-Commit-Position: refs/heads/master@{#33652}
This patch adds a UseCounter for each of the following:
- Allowing duplicate sloppy-mode block-scoped function declarations
in the exact same scope
- for-in loops with an initializer
The patch also refactors some of the declaration code to clean it up and
enable the first counter, and adds additional unit tests to nail down
the semantics of edge cases of sloppy-mode block-scoped function declarations.
BUG=v8:4693,chromium:579395
LOG=N
R=adamk
Review URL: https://codereview.chromium.org/1633743003
Cr-Commit-Position: refs/heads/master@{#33650}
Improved flexibility for the perf runner, by adding option to
specify precisely shell binary.
NOTRY=true
Review URL: https://codereview.chromium.org/1659483003
Cr-Commit-Position: refs/heads/master@{#33649}
A class's name is its constructor's name, so there's no need to treat it separately,
either in the parser or in code generation. The main parser use of the name is
for ES2015 Function.name handling, and this patch also cleans up handling there
by adding a new IsAnonymousFunctionDefinition() method to Expression (the name
comes from the spec).
Also removed unused ParserTraits::DefaultConstructor method.
BUG=v8:3699
LOG=n
Review URL: https://codereview.chromium.org/1647213002
Cr-Commit-Position: refs/heads/master@{#33643}
The runtime call to Runtime::kReThrow does not need a frame-state node
attached, the frame-state input count is zero. This restructures the
graph builder to not instantiate a FrameStateBeforeAndAfter for it.
R=jarin@chromium.org
TEST=cctest/test-run-bytecode-graph-builder
BUG=v8:4674
LOG=n
Review URL: https://codereview.chromium.org/1654833002
Cr-Commit-Position: refs/heads/master@{#33641}
The notion of an unreachable environment is useful for a recursive
descent iteration (e.g. over an AST) where nodes are created on the
ascent path as well. For a flat iteration (e.g. over bytecode stream)
environments become unreachable at the end of a visitation function.
Hence any unreachable path can be represented by nulling the tracked
environment completely. This further reduces the number of redundant
nodes being created.
R=oth@chromium.org
Review URL: https://codereview.chromium.org/1650483003
Cr-Commit-Position: refs/heads/master@{#33639}
Set the bytecode array correctly in Runtime_SetCode.
This fixes issues with building the snapshot with ignition enabled.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1647913002
Cr-Commit-Position: refs/heads/master@{#33638}
