We have a bottleneck around storing elements in the array and object prototypes,
but the Push() and Unshift() builtins don't respect them.
Fix this exactly to the level of existing support for stores.
BUG=v8:4043
LOG=N
NOTRY=true
Review URL: https://codereview.chromium.org/1066003003
Cr-Commit-Position: refs/heads/master@{#27943}
The embedder has to take appropriate steps to ensure that the
ArrayBuffer doesn't die while it's accessing the pointer, e.g. keep a
Local handle to it around
BUG=none
R=dslomov@chromium.org
LOG=y
Review URL: https://codereview.chromium.org/1095083002
Cr-Commit-Position: refs/heads/master@{#27942}
External strings are serialized as internal strings. The current way
of collecting stats is slightly wrong. We ought to use the map and
size passed to SerializePrologue.
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/1092253003
Cr-Commit-Position: refs/heads/master@{#27931}
Two last forms supported in this patch:
- 'import' ModuleSpecifier
- 'export' '*' 'from' ModuleSpecifier.
BUG=v8:1569
LOG=n
Review URL: https://codereview.chromium.org/1094963002
Cr-Commit-Position: refs/heads/master@{#27927}
There is a bug with SupportsFlexibleFloorAndRound on Arm64. Turn it off for
now until we figure out a proper solution.
BUG=chromium:476477
LOG=Y
Review URL: https://codereview.chromium.org/1093863002
Cr-Commit-Position: refs/heads/master@{#27925}
This is first step towards adding V8 heap statistics to the memory
tracing infrastructure. For being able to get useful memory number into
the memory dump, v8 needs to provide an external api needs to obtain
more information about the heap. So, this Cl extends the api to give
information about the memory allocated and used in the spaces.
BUG=466141, 476013
LOG=Y
Review URL: https://codereview.chromium.org/1058253003
Cr-Commit-Position: refs/heads/master@{#27919}
This flag is intended as a staging flag for TurboFan. It serves as a
single flag that always enables a most recent configuration of TurboFan
for test suites and benchmarks, without needing to update test drivers.
R=titzer@chromium.org,machenbach@chromium.org
Review URL: https://codereview.chromium.org/1094573002
Cr-Commit-Position: refs/heads/master@{#27896}
Port 13459c1ae3
Original commit message:
Calling new Array(JSObject::kInitialMaxFastElementArray) in optimized code
makes a stub call that bails out due to the length. Currently, the bailout
code a) doesn't have the allocation site, and b) wouldn't use it if it did
because the length is perceived to be too high.
This CL passes the allocation site to the stub call (rather than undefined),
and alters the bailout code to utilize the feedback.
R=mvstanton@chromium.org, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1089913002
Cr-Commit-Position: refs/heads/master@{#27895}
Port 35a67b745d
Original commit message:
Thanks to some careful assumptions, we can examine the object found at
vector[slot] and trust it's a heap object where the second field is
either a map if it's a WeakCell, or definitely not a map if it's a
Symbol, String or FixedArray. Use this to save a memory read.
BUG=
Review URL: https://codereview.chromium.org/1053843003
Cr-Commit-Position: refs/heads/master@{#27757}
Review URL: https://codereview.chromium.org/1083413003
Cr-Commit-Position: refs/heads/master@{#27893}
The previous restrictions were overshooting (didn't allow a class to refer to a
later class under any circumstances); after this CL we're undershooting (allow
referring to any class from inside a method).
Implementing the correct checks (allow referring only if the class declarations
are in a consecutive block and if there's no dependency cycle) will be
implemented as a follow up.
BUG=v8:3956
LOG=N
Review URL: https://codereview.chromium.org/1087543004
Cr-Commit-Position: refs/heads/master@{#27888}
Implements the strong mode proposal's restrictions on the syntax of the
switch statement. Also fixes a minor bug with empty statements in strong
mode and improves StrongUndefinedArrow parser synch tests.
BUG=v8:3956
LOG=N
Review URL: https://codereview.chromium.org/1084983002
Cr-Commit-Position: refs/heads/master@{#27885}
DoParseProgram doesn't appear to need to receive toplevel scopes as
arguments; it can properly set the end_position of the scopes to the
scanner's position after parsing is complete.
R=marja@chromium.org
BUG=
LOG=N
Review URL: https://codereview.chromium.org/1091743002
Cr-Commit-Position: refs/heads/master@{#27880}
port 0179ec5797 (r27846).
original commit message:
The cells are stored on prototypes (in their map's PrototypeInfo). When a
prototype object changes its map, then both its own validity cell and those
of all "downsstream" prototypes are invalidated; handlers for a given receiver
embed the currently valid cell for that receiver's prototype during their
compilation and check it on execution.
BUG=
Review URL: https://codereview.chromium.org/1090803002
Cr-Commit-Position: refs/heads/master@{#27877}
port 13459c1ae3 (r27857)
original commit message:
Array() in optimized code can create with wrong ElementsKind in corner cases.
Calling new Array(JSObject::kInitialMaxFastElementArray) in optimized code
makes a stub call that bails out due to the length. Currently, the bailout
code a) doesn't have the allocation site, and b) wouldn't use it if it did
because the length is perceived to be too high.
This CL passes the allocation site to the stub call (rather than undefined),
and alters the bailout code to utilize the feedback.
BUG=
Review URL: https://codereview.chromium.org/1088423002
Cr-Commit-Position: refs/heads/master@{#27875}
This fixes a race where
- mutator changes the fixed array length by trimming it,
- sweeper thread reads the length of the fixed array.
Also rename FROM_GC and FROM_MUTATOR to be more precise.
BUG=chromium:462908
LOG=NO
Review URL: https://codereview.chromium.org/1034163002
Cr-Commit-Position: refs/heads/master@{#27869}
This breaks the (evacuation -> slots buffer overflow -> abort -> new GC -> evacuation) cycle for popular pages.
BUG=
Review URL: https://codereview.chromium.org/1037433002
Cr-Commit-Position: refs/heads/master@{#27868}
Reason for revert:
Seems to cause performance regressions.
Original issue's description:
> [x64] Use xorl to materialize smi zero.
>
> Before we always loaded smi zero via a movabs with a 64-bit immediate,
> which is pretty expensive compared to the xorl.
>
> R=jarin@chromium.org
>
> Committed: https://crrev.com/f236777bfe6e080ff1ead6baf847cc9b6bb4f9cb
> Cr-Commit-Position: refs/heads/master@{#27829}
TBR=jarin@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:477592
LOG=n
Review URL: https://codereview.chromium.org/1059543004
Cr-Commit-Position: refs/heads/master@{#27867}
Split interface and implementation of ControlEquivalence and add a
dedicated trace flag --trace-turbo-ceq to make it reusable outside the
scheduler.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1056093005
Cr-Commit-Position: refs/heads/master@{#27862}
This reverts commit 8c98cc074e
because it causes flaky failures in the dromaeo.jslibeventprototype
benchmark on Linux/Windows and consistent failures on Android.
Also reverts the followup "Remove kForInStatementIsNotFastCase bailout reason"
(commit ba24e67696) to avoid breaking the build.
BUG=chromium:476592
TBR=verwaest@chromium.org
LOG=y
Review URL: https://codereview.chromium.org/1066663005
Cr-Commit-Position: refs/heads/master@{#27859}
Calling new Array(JSObject::kInitialMaxFastElementArray) in optimized code
makes a stub call that bails out due to the length. Currently, the bailout
code a) doesn't have the allocation site, and b) wouldn't use it if it did
because the length is perceived to be too high.
This CL passes the allocation site to the stub call (rather than undefined),
and alters the bailout code to utilize the feedback.
BUG=
Review URL: https://codereview.chromium.org/1086873003
Cr-Commit-Position: refs/heads/master@{#27857}
In ES6 function name and length are configurable. However, the length
and name properties of the poison pill function must not be
configurable.
BUG=v8:4011
LOG=N
R=adamk@chromium.org, rossberg@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1061393002
Cr-Commit-Position: refs/heads/master@{#27855}
enum defaults to signed on win, and kTagged has 1<<31 causing
warning.
Full errors:
d:\src\cr3\src\v8\src\types.cc(1259): error C2220: warning treated as error - no 'object' file generated
d:\src\cr3\src\v8\src\types.cc(1241): note: while compiling class template member function 'void v8::internal::TypeImpl<v8::internal::ZoneTypeConfig>::BitsetType::Print(std::ostream &,v8::internal::TypeImpl<v8::internal::ZoneTypeConfig>::bitset)'
d:\src\cr3\src\v8\src\types.cc(1283): note: see reference to function template instantiation 'void v8::internal::TypeImpl<v8::internal::ZoneTypeConfig>::BitsetType::Print(std::ostream &,v8::internal::TypeImpl<v8::internal::ZoneTypeConfig>::bitset)' being compiled
d:\src\cr3\src\v8\src\types.cc(1355): note: see reference to class template instantiation 'v8::internal::TypeImpl<v8::internal::ZoneTypeConfig>::BitsetType' being compiled
d:\src\cr3\src\v8\src\types.cc(1259): warning C4838: conversion from 'int' to 'const v8::internal::TypeImpl<v8::internal::ZoneTypeConfig>::bitset' requires a narrowing conversion
d:\src\cr3\src\v8\src\types.cc(1259): note: to simplify migration, consider the temporary use of /Wv:18 flag with the version of the compiler with which you used to build without warnings
d:\src\cr3\src\v8\src\types.cc(323): warning C4838: conversion from '' to 'v8::internal::TypeImpl<v8::internal::ZoneTypeConfig>::bitset' requires a narrowing conversion
d:\src\cr3\src\v8\src\types.cc(323): note: to simplify migration, consider the temporary use of /Wv:18 flag with the version of the compiler with which you used to build without warnings
d:\src\cr3\src\v8\src\types.cc(315): note: while compiling class template static data member 'const v8::internal::TypeImpl<v8::internal::ZoneTypeConfig>::BitsetType::Boundary v8::internal::TypeImpl<v8::internal::ZoneTypeConfig>::BitsetType::BoundariesArray[]'
d:\src\cr3\src\v8\src\types.cc(1259): warning C4838: conversion from 'int' to 'const v8::internal::TypeImpl<v8::internal::HeapTypeConfig>::bitset' requires a narrowing conversion
d:\src\cr3\src\v8\src\types.cc(1259): note: to simplify migration, consider the temporary use of /Wv:18 flag with the version of the compiler with which you used to build without warnings
d:\src\cr3\src\v8\src\types.cc(1241): note: while compiling class template member function 'void v8::internal::TypeImpl<v8::internal::HeapTypeConfig>::BitsetType::Print(std::ostream &,v8::internal::TypeImpl<v8::internal::HeapTypeConfig>::bitset)'
d:\src\cr3\src\v8\src\types.cc(1283): note: see reference to function template instantiation 'void v8::internal::TypeImpl<v8::internal::HeapTypeConfig>::BitsetType::Print(std::ostream &,v8::internal::TypeImpl<v8::internal::HeapTypeConfig>::bitset)' being compiled
d:\src\cr3\src\v8\src\types.cc(1359): note: see reference to class template instantiation 'v8::internal::TypeImpl<v8::internal::HeapTypeConfig>::BitsetType' being compiled
d:\src\cr3\src\v8\src\types.cc(323): warning C4838: conversion from '' to 'v8::internal::TypeImpl<v8::internal::HeapTypeConfig>::bitset' requires a narrowing conversion
d:\src\cr3\src\v8\src\types.cc(323): note: to simplify migration, consider the temporary use of /Wv:18 flag with the version of the compiler with which you used to build without warnings
d:\src\cr3\src\v8\src\types.cc(315): note: while compiling class template static data member 'const v8::internal::TypeImpl<v8::internal::HeapTypeConfig>::BitsetType::Boundary v8::internal::TypeImpl<v8::internal::HeapTypeConfig>::BitsetType::BoundariesArray[]'
LOG=N
R=jochen@chromium.org
BUG=440500
Review URL: https://codereview.chromium.org/1055933004
Cr-Commit-Position: refs/heads/master@{#27854}
Port 0179ec5797
Original commit message:
The cells are stored on prototypes (in their map's PrototypeInfo). When a prototype object changes its map, then both its own validity cell and those of all "downstream" prototypes are invalidated; handlers for a given receiver embed the currently valid cell for that receiver's prototype during their compilation and check it on execution.
R=michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1091563002
Cr-Commit-Position: refs/heads/master@{#27849}
AFAICT none of these can actually be triggered currently; but it's still good to harden the code a little.
Review URL: https://codereview.chromium.org/1058533007
Cr-Commit-Position: refs/heads/master@{#27848}
DoParseProgram doesn't appear to need to receive toplevel scopes as
arguments; it can properly set the end_position of the scopes to the
scanner's position after parsing is complete.
R=marja@chromium.org
BUG=
LOG=N
Review URL: https://codereview.chromium.org/1058363003
Cr-Commit-Position: refs/heads/master@{#27847}
This adds a missing bailout id to a ForInStatement for when retrieving
and filtering a property name deoptimizes. This can happen with proxies
that have a getPropertyDescriptor trap.
R=jarin@chromium.org
TEST=mjsunit/for-in-opt
Review URL: https://codereview.chromium.org/1086083002
Cr-Commit-Position: refs/heads/master@{#27846}
The cells are stored on prototypes (in their map's PrototypeInfo). When a prototype object changes its map, then both its own validity cell and those of all "downstream" prototypes are invalidated; handlers for a given receiver embed the currently valid cell for that receiver's prototype during their compilation and check it on execution.
Review URL: https://codereview.chromium.org/908213002
Cr-Commit-Position: refs/heads/master@{#27845}
- make ParallelMove into a ZoneVector, removing an annoying level of indirection
- make MoveOperands hold InstructionOperands instead of pointers, so there's no more operand aliasing for moves
- opens up possibility of storing MachineType in allocated operands
R=bmeurer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1081373002
Cr-Commit-Position: refs/heads/master@{#27842}
This fixes TSAN failure caused by race between:
- optimizing compiler thread setting climit
- and json parser reading climit in the main thread.
BUG=
Review URL: https://codereview.chromium.org/1031223004
Cr-Commit-Position: refs/heads/master@{#27840}
The embedder can control how many threads it wants to use via the
v8::Platform implementation. V8 internally doesn't spin up threads
anymore. If the embedder doesn't want to use any threads at all, it's
v8::Platform implementation must either run the background jobs on
the foreground thread, or the embedder should specify --predictable
BUG=none
R=yangguo@chromium.org
LOG=y
Review URL: https://codereview.chromium.org/1064723005
Cr-Commit-Position: refs/heads/master@{#27833}
Add a finalize incremental marking mode for CollectAllGarbage to finalize incremental marking when incremental marking is in progress, but we want a full gc at a given CollectAllGarbage call site.
Default mode for CollectAllGarbage is finalize incremental marking and perform a full GC.
BUG=
Review URL: https://codereview.chromium.org/1082973003
Cr-Commit-Position: refs/heads/master@{#27831}
Port 5d2de78a77
Original commit message:
It's cheaper to materialize heap constants by loading from the roots
array instead of embedding the constant into the instruction stream, at
least on x64, arm and arm64.
Drive-by-fix: Also cleanup the materialize constant from frame
optimization.
R=michael_dawson@ca.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1075303003
Cr-Commit-Position: refs/heads/master@{#27823}
It's cheaper to materialize heap constants by loading from the roots
array instead of embedding the constant into the instruction stream, at
least on x64, arm and arm64.
Drive-by-fix: Also cleanup the materialize constant from frame
optimization.
R=dcarney@chromium.org
Review URL: https://codereview.chromium.org/1088913002
Cr-Commit-Position: refs/heads/master@{#27818}
If a major gc happens between allocation and initialization of the
buffer, it might be already in old space. Since we need the list of
buffers to be sorted from new to old, we keep track of the last buffer
and put old buffers to the end
BUG=chromium:476032
R=hpayer@chromium.org,dslomov@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1079923003
Cr-Commit-Position: refs/heads/master@{#27811}
Instead of modifying a context chain and then modifying it back, causing
potential mismatches, we clone the inner context chain and evaluate
the expression in this cloned context. We then copy all local variable
values back if needed.
R=yangguo@chromium.org,yurys@chromium.org
Review URL: https://codereview.chromium.org/1088503003
Cr-Commit-Position: refs/heads/master@{#27809}
port e0844a24d3 (r27793).
original commit message:
These options were added for a hydrogen code stub version of
the VectorIC dispatcher, which was discontinued.
BUG=
Review URL: https://codereview.chromium.org/1087573003
Cr-Commit-Position: refs/heads/master@{#27802}
The assembler code generated by the DeoptimizeIf(...) function under X87 is larger
and the distance between the link point and the bind point which has two DeoptimizeIf()
is larger then near link distance (127) for labels.
BUG=
Review URL: https://codereview.chromium.org/1065893003
Cr-Commit-Position: refs/heads/master@{#27801}
This avoids both a mysterious boolean argument ("insert") and lets
non-mutating lookups skip passing an allocator (in one such case,
we were passing a scary-looking ZoneAllocationPolicy(NULL)!).
Review URL: https://codereview.chromium.org/1074943002
Cr-Commit-Position: refs/heads/master@{#27799}
Does not entirely disallow the use of 'eval' as an identifier in strong mode,
as originally proposed.
BUG=v8:3956
LOG=N
Review URL: https://codereview.chromium.org/1059273004
Cr-Commit-Position: refs/heads/master@{#27796}
Use fsub rather than fadd to avoid stripping the sign from minus zero.
Fixes mjsunit/result-table-min and mjsunit/result-table-max test failures.
R=michael_dawson@ca.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1084583003
Cr-Commit-Position: refs/heads/master@{#27794}
They are content with a dummy vector, as MISSES won't result in
changing the real vector/slot at all.
BUG=
Review URL: https://codereview.chromium.org/1067573003
Cr-Commit-Position: refs/heads/master@{#27788}
rename to ReferenceMap
use ZoneVector for storage
drop dead code
BUG=
Review URL: https://codereview.chromium.org/1081053002
Cr-Commit-Position: refs/heads/master@{#27785}
This allows the embedder to decide whether it's worthwhile to copy the
contents to avoid materializing a buffer.
BUG=v8:3996
R=dslomov@chromium.org,kbr@chromium.org
LOG=y
Review URL: https://codereview.chromium.org/1084513002
Cr-Commit-Position: refs/heads/master@{#27782}
Deoptimization infrastructure already handles it correctly.
This change fixes repetitive deoptimizations in the code like this:
var u32 = new Uint32Array(1);
u32[0] = -1;
function tr(x) { return x|0; }
function ld() { return tr(u32[0]); }
while (true) ld();
Currently inlined tr will contain HArgumentsObject that is considered uint32-unsafe use and prevents u32[0] from becoming uint32 load - instead a speculative int32 load is generated which just deopts.
BUG=
Review URL: https://codereview.chromium.org/1077113002
Cr-Commit-Position: refs/heads/master@{#27781}
This makes the compilers agree on the source position of a message
generated by "throw new Error()", it points to the beginning of the
throw directive.
R=titzer@chromium.org
TEST=message/regress/regress-3995
BUG=v8:3995
LOG=N
Review URL: https://codereview.chromium.org/1049703002
Cr-Commit-Position: refs/heads/master@{#27775}
This tweak was already present in CrankShaft for the non-AVX case. As it
turns out, it's also relevant even with AVX. Now the same optimization
is applied in case of TurboFan as well.
R=dcarney@chromium.org
Review URL: https://codereview.chromium.org/1081033003
Cr-Commit-Position: refs/heads/master@{#27774}
This commit is a precursor to making lazy arrow function parsing use
similar logic to function(){} argument parsing.
R=arv@chromium.org
BUG=4020
LOG=N
Review URL: https://codereview.chromium.org/1078093002
Cr-Commit-Position: refs/heads/master@{#27773}
The ES6 specification does not explicitly state the attributes for the
'next' and 'throw' property descriptors, so their values are defined by
Section 17 [1]:
> Every other data property described in clauses 18 through 26 and in
> Annex B.2 has the attributes
> { [[Writable]]: true, [[Enumerable]]: false, [[Configurable]]: true }
> unless otherwise specified.
[1]
https://people.mozilla.org/~jorendorff/es6-draft.html#sec-ecmascript-standard-built-in-objects
BUG=v8:3986
LOG=N
R=wingo,arv
Review URL: https://codereview.chromium.org/1051363003
Cr-Commit-Position: refs/heads/master@{#27770}
Reason for revert:
Test failures in string-index and regress-1187524.
This reverts commit b45a664f7b.
BUG=
Review URL: https://codereview.chromium.org/1050943004
Cr-Commit-Position: refs/heads/master@{#27769}
When debugging Handle leaks in io.js we found it very convenient to be
able to Seal some specific (root in our case) scope to prevent Handle
allocations in it, and easily find leakage.
R=yangguo
BUG=
Review URL: https://codereview.chromium.org/1079713002
Cr-Commit-Position: refs/heads/master@{#27766}
Port 725cdc533c
Original commit message:
This reduces the overhead of recursive calls when context specialization
is enabled. Based on this it might be possible to further reduce the
overhead by also specializing the call itself.
As a drive-by-fix, port the fast context materialization optimization to
arm and arm64, that was previously only supported on x64 and ia32.
R=mbrandy@us.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1078183002
Cr-Commit-Position: refs/heads/master@{#27762}
Port 35a67b745d
Original commit message:
Thanks to some careful assumptions, we can examine the object found at
vector[slot] and trust it's a heap object where the second field is
either a map if it's a WeakCell, or definitely not a map if it's a
Symbol, String or FixedArray. Use this to save a memory read.
BUG=
Review URL: https://codereview.chromium.org/1053843003
Cr-Commit-Position: refs/heads/master@{#27757}
Implements the strong mode proposal's static restrictions on the use of the
identifier 'undefined', for arrow functions. Assumes these restrictions are
intended to be identical to the restrictions on the use of 'eval and 'arguments'
in strict mode. In addition, Location variables inconsistantly named (e.g.
dupe_error_loc vs dupe_loc) are now consistently named the shorter way.
Baseline: https://codereview.chromium.org/1070633002
BUG=v8:3956
LOG=N
Review URL: https://codereview.chromium.org/1060883004
Cr-Commit-Position: refs/heads/master@{#27756}
identifier. Delete unused (and now incorrect) function IsValidStrictVariable.
Implements the strong mode proposal's static restrictions on the use of the
identifier 'undefined'. Assumes these restrictions are intended to be identical
to the restrictions on the use of 'eval' and 'arguments' in strict mode. The
AllowEvalOrArgumentsAsIdentifier enum has been renamed to
AllowRestrictedIdentifiers as logic involving it is now also used for this case.
BUG=v8:3956
LOG=N
Review URL: https://codereview.chromium.org/1070633002
Cr-Commit-Position: refs/heads/master@{#27744}
I don't have a repro, but it seems that when we are close to the stack limit,
CollectEvacuationCandidates' local variables can blow the limit. To avoid
this, instead of always allocating a 2000-pointer-sizes array on the stack,
use a std::vector (which stores its elements on the heap), and while we're
at it, only allocate as many elements as we actually need.
Review URL: https://codereview.chromium.org/1073123002
Cr-Commit-Position: refs/heads/master@{#27742}
Currently we always generate a diamond in the graph builder for every
legacy const context slot, which we cannot get rid of until late control
reduction, even if we know after context specialization that the slot is
already initialized.
Now we generate a select instead, which the CommonOperatorReducer
happily removes during typed lowering. This greatly speeds up asm.js
code generated by Emscripten with the new POINTER_MASKING mode.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1072353002
Cr-Commit-Position: refs/heads/master@{#27739}
This makes sure Crankshaft respects interceptors in the global object
even when they shadow a constant global property.
R=verwaest@chromium.org
TEST=cctest/test-api-interceptors/PrePropertyHandler
Review URL: https://codereview.chromium.org/1070803002
Cr-Commit-Position: refs/heads/master@{#27733}
Ideally we would not need the StoreWriteBarrier instructions at all,
but represent the RecordWrite functionality as machine subgraph, but
that'll take some time to get there. In the mean time we can have a
shorter instruction sequence on Intel platforms by recognizing immediate
indices here.
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/1075103002
Cr-Commit-Position: refs/heads/master@{#27731}
Port 35a67b745d
Original commit message:
Thanks to some careful assumptions, we can examine the object found at
vector[slot] and trust it's a heap object where the second field is
either a map if it's a WeakCell, or definitely not a map if it's a
Symbol, String or FixedArray. Use this to save a memory read.
R=mbrandy@us.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1059133005
Cr-Commit-Position: refs/heads/master@{#27728}
Port 9af9f1d026
Original commit message:
These operators compute the absolute floating point value of some
arbitrary input, and are implemented without any branches (i.e. using
vabs on arm, and andps/andpd on x86).
R=mbrandy@us.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1072963002
Cr-Commit-Position: refs/heads/master@{#27727}
Port 2d281e71ac
Original commit message:
This enables eager optimization of top-level code with TurboFan and
extends test coverage by triggering it with the --always-opt flag.
Script contexts are now also properly allocated in TurboFan.
R=titzer@chromium.org, mstarzinger@chromium.org,mbrandy@us.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1052123005
Cr-Commit-Position: refs/heads/master@{#27726}
When ObjectToString is installed on Object.prototype twice (once in v8natives.js, and once in harmony-tostring.js), this pollutes old code spaces on some devices. To prevent this, the function is only installed once, preventing test failures when the --harmony-tostring flag is flipped on by default.
BUG=v8:3502
LOG=N
R=arv@chromium.org
Review URL: https://codereview.chromium.org/1072083002
Cr-Commit-Position: refs/heads/master@{#27720}
Port 146598f44a
Original commit message:
Optimistically pushing a lot of arguments can run into the stack limit of the process, at least on operating systems where this limit is close to the limit that V8 sets for itself.
R=mbrandy@us.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1073893002
Cr-Commit-Position: refs/heads/master@{#27719}
This is a workaround to make the debugger happy about TurboFan frames
when the debugger causes frame inspection. Note that this can happen
because the debugger can be activated while there still are optimized
TurboFan activations on the stack.
R=ishell@chromium.org
BUG=chromium:465298
TEST=mjsunit/regress/regress-crbug-465298
LOG=N
Review URL: https://codereview.chromium.org/1074793003
Cr-Commit-Position: refs/heads/master@{#27717}
These comparisons are only meant to be done by AstValueFactory itself (in
its string_table_ operations), so make the Compare() function a private
member of AstValueFactory.
All other clients of AstRawStrings should compare them by pointer value.
There were only two clients which failed to abide by this rule, one
recently-added (in ModuleDescriptor) and the other in Literal::Match
(in ast.cc, added in https://code.google.com/p/v8/source/detail?r=24396).
Review URL: https://codereview.chromium.org/1069423003
Cr-Commit-Position: refs/heads/master@{#27715}
Reason for revert:
Causes test failures on ARM bots related to cells and write barriers.
Original issue's description:
> Merge cellspace into old pointer space
>
> BUG=
>
> Committed: https://crrev.com/4e7163ce05f135918205c7855ae60a48e5d46cc5
> Cr-Commit-Position: refs/heads/master@{#27707}
TBR=hpayer@chromium.org,balazs.kilvady@imgtec.com,yangguo@chromium.org,verwaest@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1053243003
Cr-Commit-Position: refs/heads/master@{#27711}
Escaping used to happen lazily, implemented in an accessor property.
However, native implementation of RegExp methods use .source as well.
This leads to performance regressions. Now we do it eagerly instead.
R=jkummerow@chromium.org
BUG=chromium:436447
LOG=N
Review URL: https://codereview.chromium.org/1070093002
Cr-Commit-Position: refs/heads/master@{#27705}
Port 725cdc533c
Original commit message:
This reduces the overhead of recursive calls when context specialization
is enabled. Based on this it might be possible to further reduce the
overhead by also specializing the call itself.
As a drive-by-fix, port the fast context materialization optimization to
arm and arm64, that was previously only supported on x64 and ia32.
BUG=
Review URL: https://codereview.chromium.org/1074743002
Cr-Commit-Position: refs/heads/master@{#27700}
This is preparatory work to have MachineTypes encoded in AllocatedOperands.
Review URL: https://codereview.chromium.org/1075863002
Cr-Commit-Position: refs/heads/master@{#27698}
This is a very simple dead store elimination that removes StoreField
nodes which are immediately followed by other StoreField nodes that
store to the same field. Ideally there should be a fully featured store
elimination, which walks over the effect graph starting from the end,
but there are some technical difficulties to solve before we can get to
that, esp. we need to think about "effect producing" operators like
ValueEffect first. Once we have that, it is trivial to remove this temporary
poor man's store elimination.
R=dcarney@chromium.org
Review URL: https://codereview.chromium.org/1070003002
Cr-Commit-Position: refs/heads/master@{#27697}
port 2d281e71ac (r27633)
original commit message:
Make --always-opt also optimize top-level code.
This enables eager optimization of top-level code with TurboFan and
extends test coverage by triggering it with the --always-opt flag.
Script contexts are now also properly allocated in TurboFan.
BUG=
Review URL: https://codereview.chromium.org/1077523002
Cr-Commit-Position: refs/heads/master@{#27693}
- ConstantOperand was using a too-small field too store its virtual register
- drop ConvertTo, replace it with simple copy
- split AllocatedOperand off from Immediate and Constant to make assignment clearer, also paving the way for small Immediates
- put zone first in *Operand::New
- driveby: drop delayed ssa deconstruction experiment
R=titzer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1050803002
Cr-Commit-Position: refs/heads/master@{#27692}
VS 2015 supplies a conforming snprintf implementation, so #define
snprintf is no longer needed. Also, VS 2015 checks for #define of
snprintf and treats it as a fatal error.
LOG=Y
R=jarin@chromium.org
BUG=440500
Review URL: https://codereview.chromium.org/1078453002
Cr-Commit-Position: refs/heads/master@{#27690}
This reduces the overhead of recursive calls when context specialization
is enabled. Based on this it might be possible to further reduce the
overhead by also specializing the call itself.
As a drive-by-fix, port the fast context materialization optimization to
arm and arm64, that was previously only supported on x64 and ia32.
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/1072743002
Cr-Commit-Position: refs/heads/master@{#27686}
Reason for revert:
Revert the revert as this commit cannot be the cause for the closed tree.
Original issue's description:
> Revert of X87: Reimplement Maps and Sets in JS (patchset #1 id:1 of https://codereview.chromium.org/1066373002/)
>
> Reason for revert:
> Reverting as it resulted in a closed waterfall.
>
> Original issue's description:
> > X87: Reimplement Maps and Sets in JS
> >
> > port 909500aa1d (r27605)
> >
> > original commit message:
> > Previously, the only optimized code path for Maps and Sets was for String keys.
> > This was achieved through an implementation of various complex operations
> > in Hydrogen. This approach was neither scalable nor forward-compatible.
> >
> > This patch adds the necessary intrinsics to implement Maps and Sets almost entirely
> > in JS. The added intrinsics are:
> >
> > %_FixedArrayGet
> > %_FixedArraySet
> > %_TheHole
> > %_JSCollectionGetTable
> > %_StringGetRawHashField
> >
> > With these additions, as well as a few changes to what's exposed as runtime functions,
> > most of the C++ code backing Maps and Sets is gone (including both runtime code in
> > objects.cc and Crankshaft in hydrogen.cc).
> >
> > BUG=
> >
> > Committed: https://crrev.com/56600a35a49ffa5abcba66b14839089de3589ad9
> > Cr-Commit-Position: refs/heads/master@{#27681}
>
> TBR=weiliang.lin@intel.com,chunyang.dai@intel.com
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=
>
> Committed: https://crrev.com/a0486f128109443ed07802fb463c267e53533d81
> Cr-Commit-Position: refs/heads/master@{#27682}
TBR=weiliang.lin@intel.com,chunyang.dai@intel.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1077543002
Cr-Commit-Position: refs/heads/master@{#27685}
port 146598f44a (r27614)
original commit message:
Optimistically pushing a lot of arguments can run into the stack limit of the
process, at least on operating systems where this limit is close to the limit
that V8 sets for itself.
BUG=
Review URL: https://codereview.chromium.org/1069283002
Cr-Commit-Position: refs/heads/master@{#27684}
Reason for revert:
Reverting as it resulted in a closed waterfall.
Original issue's description:
> X87: Reimplement Maps and Sets in JS
>
> port 909500aa1d (r27605)
>
> original commit message:
> Previously, the only optimized code path for Maps and Sets was for String keys.
> This was achieved through an implementation of various complex operations
> in Hydrogen. This approach was neither scalable nor forward-compatible.
>
> This patch adds the necessary intrinsics to implement Maps and Sets almost entirely
> in JS. The added intrinsics are:
>
> %_FixedArrayGet
> %_FixedArraySet
> %_TheHole
> %_JSCollectionGetTable
> %_StringGetRawHashField
>
> With these additions, as well as a few changes to what's exposed as runtime functions,
> most of the C++ code backing Maps and Sets is gone (including both runtime code in
> objects.cc and Crankshaft in hydrogen.cc).
>
> BUG=
>
> Committed: https://crrev.com/56600a35a49ffa5abcba66b14839089de3589ad9
> Cr-Commit-Position: refs/heads/master@{#27681}
TBR=weiliang.lin@intel.com,chunyang.dai@intel.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1073723002
Cr-Commit-Position: refs/heads/master@{#27682}
port 909500aa1d (r27605)
original commit message:
Previously, the only optimized code path for Maps and Sets was for String keys.
This was achieved through an implementation of various complex operations
in Hydrogen. This approach was neither scalable nor forward-compatible.
This patch adds the necessary intrinsics to implement Maps and Sets almost entirely
in JS. The added intrinsics are:
%_FixedArrayGet
%_FixedArraySet
%_TheHole
%_JSCollectionGetTable
%_StringGetRawHashField
With these additions, as well as a few changes to what's exposed as runtime functions,
most of the C++ code backing Maps and Sets is gone (including both runtime code in
objects.cc and Crankshaft in hydrogen.cc).
BUG=
Review URL: https://codereview.chromium.org/1066373002
Cr-Commit-Position: refs/heads/master@{#27681}
Port 9af9f1d026
Original commit message:
These operators compute the absolute floating point value of some
arbitrary input, and are implemented without any branches (i.e. using
vabs on arm, and andps/andpd on x86).
BUG=
Review URL: https://codereview.chromium.org/1073463003
Cr-Commit-Position: refs/heads/master@{#27679}
Although all this code might be moved around later, it's a good idea
to unhackify it now. :-)
Review URL: https://codereview.chromium.org/1067193004
Cr-Commit-Position: refs/heads/master@{#27672}
This allows loopy TurboFan code to be interrupted by placing a stack
check (i.e. JSStackCheck node) into each loop. Note that we currently
limit this to non-asm.js code. Also note that stack checks are actually
placed after loop headers and not at back-branches, which allows us to
reuse existing BailoutIds from Crankshaft.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1065923002
Cr-Commit-Position: refs/heads/master@{#27666}
These operators compute the absolute floating point value of some
arbitrary input, and are implemented without any branches (i.e. using
vabs on arm, and andps/andpd on x86).
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/1066393002
Cr-Commit-Position: refs/heads/master@{#27662}
Perhaps we should throw an exception and/or change our external API to
use a MaybeLocal, but that would be a bigger change. For now, we just
return undefined when something goes wrong with the DebugContext,
which is good enough to avoid crashing.
BUG=chromium:474538
LOG=y
Review URL: https://codereview.chromium.org/1065213002
Cr-Commit-Position: refs/heads/master@{#27650}
This is a follow-up to 2d281e71ac and prevents bailouts on empty
script contexts in Crankshaft, which don't need allocation. Only
non-empty script contexts should cause a bailout.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1063373003
Cr-Commit-Position: refs/heads/master@{#27649}
Performance measurements show that the position independent code is
usually slightly faster than the position dependent code, and there
seems to be no noticable regression.
This also gets rid of a lot of support code that was only required to allow
embedding labels into the code stream. And it implies that neither the GC
nor the deserializer need to do anything for jump tables.
R=svenpanne@chromium.org
BUG=v8:3872
LOG=n
Review URL: https://codereview.chromium.org/1069633002
Cr-Commit-Position: refs/heads/master@{#27646}
Port 2d281e71ac
Original commit message:
This enables eager optimization of top-level code with TurboFan and
extends test coverage by triggering it with the --always-opt flag.
Script contexts are now also properly allocated in TurboFan.
BUG=
Review URL: https://codereview.chromium.org/1066843005
Cr-Commit-Position: refs/heads/master@{#27643}
The ES6 grammar forbids the initialization of variable declarations in IterationStatements.
This CL will report `for (var x = y in z)` as a SyntaxError in strict mode (as done in JSC). It is possible that this could break sites in sloppy mode, and so that change can wait.
BUG=
R=
LOG=N
Review URL: https://codereview.chromium.org/1033823002
Cr-Commit-Position: refs/heads/master@{#27639}
Also wrap templates.js in an IIFE to avoid unnecessary pollution
of the builtins object.
Review URL: https://codereview.chromium.org/1067903004
Cr-Commit-Position: refs/heads/master@{#27638}
Port 146598f44a
Original commit message:
Optimistically pushing a lot of arguments can run into the stack limit of the process, at least on operating systems where this limit is close to the limit that V8 sets for itself.
BUG=chromium:469768
LOG=y
Review URL: https://codereview.chromium.org/1066843003
Cr-Commit-Position: refs/heads/master@{#27634}