This CL fixes a long-standing bug with Object.keys where the enumerability
check was omitted if the [ownKeys] trap is not present. The only distinction the
KeyAccumulator needs is whether it collects keys for for-in (is_for_in_) or not.
ForInFilter performs a separate step to filter out non-enumerable keys later-on
while in all the other use-cases we have to filter keys.
BUG=v8:1543, v8:5250
Review-Url: https://codereview.chromium.org/2176113009
Cr-Commit-Position: refs/heads/master@{#38199}
This is another step towards lazily allocating them in the block state.
ClassLiteral should also have a lazy block-scope for the outermost scope,
but currently that doesn't work due to the parameter initializer rewriter
and minor implementation details in ignition and turbofan.
BUG=v8:5209
Review-Url: https://codereview.chromium.org/2166843003
Cr-Commit-Position: refs/heads/master@{#38196}
This removes the frame state input representing the before-state from
nodes having any shift operator. Any lowering that woult insert number
conversions of the inputs has already been disabled when deoptimization
is enabled, because the frame state layout is no longer known.
R=epertoso@chromium.org
BUG=v8:5021
Review-Url: https://codereview.chromium.org/2190743003
Cr-Commit-Position: refs/heads/master@{#38194}
Rather than finalizing after rewriting do-expressions, we rewrite in the
outer scope if the block scope was finalized. Rewriting do expressions
cannot introduce any new nodes that requires the block to stay around,
so finalizing before and after is equivalent. (Only a temporary is
introduced which always ends up in a ClosureScope)
BUG=v8:5209
R=rossberg@chromium.org, caitpotter88@gmail.com, adamk@chromium.org
Review-Url: https://codereview.chromium.org/2167713004
Cr-Commit-Position: refs/heads/master@{#38193}
Allow inlining of getters and setters into TurboFan optimized code.
This just adds the basic machinery required to essentially inline
the setter and getter dispatch code for the (keyed) load/store ICs.
There'll be follow up CLs to also actually inline some of the interesting
accessor functions itself, like the byteLength and friends for the
TypedArrays.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2198473002
Cr-Commit-Position: refs/heads/master@{#38192}
This introduces a bunch of new tests that test various aspects of
accessor inlining in TurboFan (without the actual inlining), and does
the appropriate fixes to the AstGraphBuilder. The actual inlining CL
will land separately (so we don't need to revert the tests and fixes
if the accessor CL has to be reverted).
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2197913002
Cr-Commit-Position: refs/heads/master@{#38191}
Rolling v8/build to 94ae8edf4860b0dfa8ac200d36bcbf11bdd72763
Rolling v8/tools/mb to d1d562a498b7b48a283d168df902007f33ac1413
TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
Review-Url: https://codereview.chromium.org/2194113002
Cr-Commit-Position: refs/heads/master@{#38189}
Rolling v8/build to 1054b60d5e758646a073b0363f3629fa2d953de8
Rolling v8/tools/mb to 0bee3440355ce5cf573b41999b2cbc0e1bcdc415
TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
Review-Url: https://codereview.chromium.org/2195743006
Cr-Commit-Position: refs/heads/master@{#38188}
We have a similar optimization for unchecked integer modulus, which
already boosted some asm.js use cases. Now this optimization is almost
as effcient as Crankshafts known power of 2 right hand side optimization
for modulus, but it can still deal with any rhs (except 0), and doesn't
require the interpreter to also collect known power of two rhs feedback.
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2200453002
Cr-Commit-Position: refs/heads/master@{#38187}
Rolling v8/build to 452f5acf78e953dc1829c334ee06d38a05e2ef18
Rolling v8/buildtools to 1b96e1a41d3d22b24ee8da769c20849e9a002ed2
Rolling v8/third_party/icu to ef5c735307d0f86c7622f69620994c9468beba99
Rolling v8/tools/mb to 6594b0cbcc2fb1da0ca90e9e5f2b01fc6e576a99
TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
Review-Url: https://codereview.chromium.org/2197593003
Cr-Commit-Position: refs/heads/master@{#38186}
Rolling v8/build to 92c13104dd5f9f25e115e382d5ab8af33a8b883f
Rolling v8/third_party/instrumented_libraries to f15768d7fdf68c0748d20738184120c8ab2e6db7
Rolling v8/tools/mb to ca9b59f105c3457e5ac5ba2f5a04d435436fa5de
TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
Review-Url: https://codereview.chromium.org/2188413003
Cr-Commit-Position: refs/heads/master@{#38184}
RuntimeCallStats::Print invokes this function many times. The uses of
STL all get inlined as a result, causing the Print() function to take up
156KB of binary size. Out-of-lining this method reduces the size to
under 18KB!
BUG=v8:5240
Review-Url: https://codereview.chromium.org/2188953003
Cr-Commit-Position: refs/heads/master@{#38182}
This gets rid of the Star bytecodes that were always dispatched to from
ToObject.
ToObject now outputs to register instead of to the accumulator and
ForInPrepare gets the receiver object from an input register.
BUG=v8:4820
LOG=n
Review-Url: https://codereview.chromium.org/2189463006
Cr-Commit-Position: refs/heads/master@{#38177}
Drive-by fix: actually match the hint in the IsSpeculativeBinopMatcher.
Review-Url: https://codereview.chromium.org/2191883002
Cr-Commit-Position: refs/heads/master@{#38176}
Sometimes, the compiler will inline this function and unroll the loop.
Forcing this to never be inlined reduces the compiled size of the
function from a potential 170KB to around 39KB.
BUG=v8:5240
Review-Url: https://codereview.chromium.org/2194843002
Cr-Commit-Position: refs/heads/master@{#38172}
The test was calling OptimizeFunctionOnNextCall on a function before
ever executing it - crankshaft therefore didn't have any type info and
was generating a soft deoptimization bailout. Make sure we execute the
function before calling OptimizeFunctionOnNextCall to avoid this issue.
BUG=
Review-Url: https://codereview.chromium.org/2168603003
Cr-Commit-Position: refs/heads/master@{#38171}
So far we always create explicit control flow for map checks during
JSNativeContextSpecialization, or in the monomorphic case we used a
CheckIf combined with a map comparison. In either case we cannot
currently effectively utilize the map check information during load
elimination to optimize (polymorphic) map checks and elements kind
transitions.
With the introduction of CheckMaps, we can now start optimizing map
checks in a more effective fashion. This CL doesn't change anything
in that direction yet, but merely changes the fundamental mechanism.
This also removes the stable map optimization from the Typer, where
it was always a bit odd, and puts it into the typed lowering and
the native context specialization instead.
R=epertoso@chromium.org
BUG=v8:4930,v8:5141
Review-Url: https://codereview.chromium.org/2196653002
Cr-Commit-Position: refs/heads/master@{#38166}
Paritally revert standalone.gypi changes in a451bd1a68 and introduce a new separate variable for the mkpeephole.
On big-endian MIPS, qemu is used to build the snapshot,
because there's no simulator support for big-endian MIPS.
BUG=
Committed: https://crrev.com/928d2395c3fdf836cf9961cde96e6b274a6b1e20
Review-Url: https://codereview.chromium.org/2172653002
Cr-Original-Commit-Position: refs/heads/master@{#38103}
Cr-Commit-Position: refs/heads/master@{#38165}
Also make it possible to use the background parser from a character
stream. The External{One,Two}ByteStringUtf16CharacterStreams work both
on foreground and background threads.
BUG=v8:5215
R=marja@chromium.org,vogelheim@chromium.org
Review-Url: https://codereview.chromium.org/2195603002
Cr-Commit-Position: refs/heads/master@{#38162}
This adds preliminary support for on-stack replacement from Ignition to
optimized code generated by TurboFan to the runtime profiler. Involved
heuristics (e.g. code size allowance) have been taken from existing code
without any re-evaluation in the new setting.
R=rmcilroy@chromium.org
BUG=v8:4764
Review-Url: https://codereview.chromium.org/2182183005
Cr-Commit-Position: refs/heads/master@{#38159}
Previously, the stack property was set up in JS as read-only; but since
it had a JS setter, writability was ignored and writing to stack was
possible.
This is no longer the case now that stack is either an actual data
property, or is associated with C++ accessors. Explicitly set the
property as writable to preserve old behavior.
BUG=5245
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2190313002
Cr-Commit-Position: refs/heads/master@{#38158}
The keyed load/store lowering is too aggressive when it comes to element
vs. property access. If we cannot find a cached name on the IC we
automatically assume that it's an element access, i.e. we assume that
the key that is passed to the keyed access must be a valid array index
then. But this is not true for megamorphic keyed load/store ICs, which
do not have a cached name (because the IC saw different names), and thus
use a different mechanism to indicate that it's a non-element access.
Review-Url: https://codereview.chromium.org/2195583002
Cr-Commit-Position: refs/heads/master@{#38155}
In contrast to the generic stream, this character stream works without
accessing the heap, and can be used on a background thread.
BUG=v8:5215
R=vogelheim@chromium.org,marja@chromium.org
Review-Url: https://codereview.chromium.org/2184393002
Cr-Commit-Position: refs/heads/master@{#38154}
Rolling v8/build to 5240573aa6f46cfee690cdf7c6d9544e1841f502
Rolling v8/tools/mb to f2acac06c11447a7155d476d61f140f18a4a8066
TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
Review-Url: https://codereview.chromium.org/2196593002
Cr-Commit-Position: refs/heads/master@{#38153}
port 2c7efba658 (r38129)
original commit message:
Reason for revert:
Still crashing.
Original issue's description:
> [heap] Reland "Remove black pages and use black areas instead."
>
> BUG=chromium:630969,chromium:630386
> LOG=n
>
> Committed: https://crrev.com/9e37a07c8de0a20ef2681e26824ff4d329102603
> Cr-Commit-Position: refs/heads/master@{#38057}
BUG=
Review-Url: https://codereview.chromium.org/2192113002
Cr-Commit-Position: refs/heads/master@{#38152}
A "--minimal" flag turns off all optimizing compilers and activates the
interpreter. The idea is that with this flag activated, only the
platform-specific stubs and a Turbofan implementation must be complete to start
d8 and run the bulk of the tests. Note that although this flag is constructed as
a runtime flag, it must be set to true when building the snapshot and therefore
creates a compile-time dependency.
BUG=chromium:608675
Review-Url: https://codereview.chromium.org/2189663002
Cr-Commit-Position: refs/heads/master@{#38150}
