This is preparation for using TF to create builtins that handle variable number of
arguments and have to remove these arguments dynamically from the stack upon
return.
The gist of the changes:
- Added a second argument to the Return node which specifies the number of stack
slots to pop upon return in addition to those specified by the Linkage of the
compiled function.
- Removed Tail -> Non-Tail fallback in the instruction selector. Since TF now should
handles all tail-call cases except where the return value type differs, this fallback
was not really useful and in fact caused unexpected behavior with variable
sized argument popping, since it wasn't possible to materialize a Return node
with the right pop count from the TailCall without additional context.
- Modified existing Return generation to pass a constant zero as the additional
pop argument since the variable pop functionality
LOG=N
Review-Url: https://codereview.chromium.org/2446543002
Cr-Commit-Position: refs/heads/master@{#40699}
Delayed chunks in the unmapper are chunks that should be unmapped but could
potentially still be accessed by the sweeper (page header), hence their
unmapping is delayed.
During TearDown, however, we need to properly unmap those pages, i.e., check
that they can now be unmapped (should always hold) and properly unmap them.
BUG=chromium:656537
R=ulan@chromium.org
Review-Url: https://codereview.chromium.org/2472573003
Cr-Commit-Position: refs/heads/master@{#40698}
Only ARM should have fixed live range arrays for float / simd128.
LOG=N
BUG=v8:4124
Review-Url: https://codereview.chromium.org/2471533002
Cr-Commit-Position: refs/heads/master@{#40696}
port 5ef1bddf80 (r40690)
original commit message:
All vector ICs use the TypeFeedbackVector::ComputeCounts method now,
while the remaining patching ICs still use the traditional way of
counting on the TypeFeedbackInfo hanging off the fullcodegen code
object. This fixes the problem that counts were sometimes off.
BUG=
Drive-by-fix: Move FullCodeGenerator::CallIC to fullcodegen.cc.
Review-Url: https://codereview.chromium.org/2470063002
Cr-Commit-Position: refs/heads/master@{#40692}
Reason for revert:
Seems to break arm64 sim debug and blocks roll:
https://build.chromium.org/p/client.v8.ports/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20debug/builds/3294
Original issue's description:
> [turbofan] Support variable size argument removal in TF-generated functions
>
> This is preparation for using TF to create builtins that handle variable number of
> arguments and have to remove these arguments dynamically from the stack upon
> return.
>
> The gist of the changes:
> - Added a second argument to the Return node which specifies the number of stack
> slots to pop upon return in addition to those specified by the Linkage of the
> compiled function.
> - Removed Tail -> Non-Tail fallback in the instruction selector. Since TF now should
> handles all tail-call cases except where the return value type differs, this fallback
> was not really useful and in fact caused unexpected behavior with variable
> sized argument popping, since it wasn't possible to materialize a Return node
> with the right pop count from the TailCall without additional context.
> - Modified existing Return generation to pass a constant zero as the additional
> pop argument since the variable pop functionality
>
> LOG=N
TBR=bmeurer@chromium.org,mstarzinger@chromium.org,epertoso@chromium.org,danno@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
NOPRESUBMIT=true
Review-Url: https://codereview.chromium.org/2473643002
Cr-Commit-Position: refs/heads/master@{#40691}
All vector ICs use the TypeFeedbackVector::ComputeCounts method now,
while the remaining patching ICs still use the traditional way of
counting on the TypeFeedbackInfo hanging off the fullcodegen code
object. This fixes the problem that counts were sometimes off.
Drive-by-fix: Move FullCodeGenerator::CallIC to fullcodegen.cc.
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2472653002
Cr-Commit-Position: refs/heads/master@{#40690}
IC data handlers support most of the hot cases nowdays. Let's see if
the map-specific code cache still help us to improve things.
BUG=v8:5561
Review-Url: https://codereview.chromium.org/2462973003
Cr-Commit-Position: refs/heads/master@{#40685}
port 5319b50c85 (r40678)
original commit message:
This is preparation for using TF to create builtins that handle variable number of
arguments and have to remove these arguments dynamically from the stack upon
return.
The gist of the changes:
- Added a second argument to the Return node which specifies the number of stack
slots to pop upon return in addition to those specified by the Linkage of the
compiled function.
- Removed Tail -> Non-Tail fallback in the instruction selector. Since TF now should
handles all tail-call cases except where the return value type differs, this fallback
was not really useful and in fact caused unexpected behavior with variable
sized argument popping, since it wasn't possible to materialize a Return node
with the right pop count from the TailCall without additional context.
- Modified existing Return generation to pass a constant zero as the additional
pop argument since the variable pop functionality
BUG=
Review-Url: https://codereview.chromium.org/2469623002
Cr-Commit-Position: refs/heads/master@{#40684}
Both --harmony-object-values-entries and --harmony-object-own-property-descriptors
are on by default in v8 5.4, which has now shipped to
stable as Chrome 54.
R=caitp@igalia.com
Review-Url: https://codereview.chromium.org/2464733003
Cr-Commit-Position: refs/heads/master@{#40683}
Port 5319b50c85
Original commit message:
This is preparation for using TF to create builtins that handle variable number of
arguments and have to remove these arguments dynamically from the stack upon
return.
The gist of the changes:
- Added a second argument to the Return node which specifies the number of stack
slots to pop upon return in addition to those specified by the Linkage of the
compiled function.
- Removed Tail -> Non-Tail fallback in the instruction selector. Since TF now should
handles all tail-call cases except where the return value type differs, this fallback
was not really useful and in fact caused unexpected behavior with variable
sized argument popping, since it wasn't possible to materialize a Return node
with the right pop count from the TailCall without additional context.
- Modified existing Return generation to pass a constant zero as the additional
pop argument since the variable pop functionality
R=danno@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com
BUG=
LOG=N
Review-Url: https://codereview.chromium.org/2462173002
Cr-Commit-Position: refs/heads/master@{#40682}
We only need included categories list, excluded categories list will only work
if we use regular expression in categories list, which is not supported in V8.
TBR=jochen@chromium.org
Review-Url: https://codereview.chromium.org/2462143002
Cr-Commit-Position: refs/heads/master@{#40681}
This is preparation for using TF to create builtins that handle variable number of
arguments and have to remove these arguments dynamically from the stack upon
return.
The gist of the changes:
- Added a second argument to the Return node which specifies the number of stack
slots to pop upon return in addition to those specified by the Linkage of the
compiled function.
- Removed Tail -> Non-Tail fallback in the instruction selector. Since TF now should
handles all tail-call cases except where the return value type differs, this fallback
was not really useful and in fact caused unexpected behavior with variable
sized argument popping, since it wasn't possible to materialize a Return node
with the right pop count from the TailCall without additional context.
- Modified existing Return generation to pass a constant zero as the additional
pop argument since the variable pop functionality
LOG=N
Review-Url: https://codereview.chromium.org/2446543002
Cr-Commit-Position: refs/heads/master@{#40678}
This function is implemented in other JavaScript shells
BUG=None
R=titzer
Review-Url: https://codereview.chromium.org/2458963003
Cr-Commit-Position: refs/heads/master@{#40677}
While this seems like it should be true, the array buffer is not actually
neutered until the end of cloning. This is so that, if an exception is thrown
during serialization, the original array buffer is not left neutered. As a
result, Blink will not have neutered the buffer.
This fixes some DCHECK failures during layout tests.
BUG=chromium:148757
Review-Url: https://codereview.chromium.org/2466563002
Cr-Commit-Position: refs/heads/master@{#40675}
This CL adds support for primitive maps to
1) PrototypeIterator,
2) PropertyHandlerCompiler::CheckPrototypes(),
3) Map::GetOrCreatePrototypeChainValidityCell(),
4) Prototype checks in data-driven ICs.
BUG=v8:5561
Review-Url: https://codereview.chromium.org/2466553002
Cr-Commit-Position: refs/heads/master@{#40673}
This exposes a couple of broken tests that used to silently throw within
the listener. Mark these as failing for now
BUG=v8:5330, v8:5581
Review-Url: https://codereview.chromium.org/2460833002
Cr-Commit-Position: refs/heads/master@{#40672}
Using a global proxy (e.g. 'window.f', 'w.f' or 'this.f') is considerably slower than evaluating just 'f'. This CL aims to perform the necessary checks at compile time and inline the accesses.
This is a follow-on CL to crrev.com/2369933005:
- The initial upload is crrev.com/2369933005 + a rebase.
- The remaining issues are the fixes requested by the reviewers on that CL.
BUG=chromium:634276, chromium:654716, chromium:656959
Committed: https://crrev.com/8f43d748272536117008aa6a1b53ea52126261c1
Committed: https://crrev.com/041314524952a3c1bc71bd3beafbbb37319f1d22
Review-Url: https://codereview.chromium.org/2403003002
Cr-Original-Original-Commit-Position: refs/heads/master@{#40153}
Cr-Original-Commit-Position: refs/heads/master@{#40365}
Cr-Commit-Position: refs/heads/master@{#40671}
ZeroConstant is a NumberConstant, so does not get matched
in IntMatchers, which results in missing some opportunities
in instruction selection. Use IntPtrConstant instead, which
generates an Int32Constant or an Int64Constant depending on
the word size.
BUG=
Review-Url: https://codereview.chromium.org/2467473002
Cr-Commit-Position: refs/heads/master@{#40669}
Similar to what crankshaft does, we introduce a mapcheck if necessary and a call to the CallApiCallbackStub.
BUG=
Review-Url: https://codereview.chromium.org/2458643002
Cr-Commit-Position: refs/heads/master@{#40664}
This enables Ignition unconditionally for all code that is destined for
optimization with TurboFan. This ensures all optimization attempts will
go through the BytecodeGraphBuilder and that the AstGraphBuilder pipe is
dried out in practice.
patch from issue 2427953002 at patchset 120001 (http://crrev.com/2427953002#ps120001)
R=mvstanton@chromium.org,rmcilroy@chromium.org
Review-Url: https://codereview.chromium.org/2453973004
Cr-Commit-Position: refs/heads/master@{#40663}
Conflicting type feedback on Load/StoreICs can lead to out-of-bounds
field access, which is essentially dead code, but EscapeAnalysis was
confused about those. For now, mark the objects as escaping in these
cases, middle-term we want to deal better with this kind of compile-
time known dead code.
BUG=chromium:658185,v8:4586
R=jarin@chromium.org
Review-Url: https://codereview.chromium.org/2459273002
Cr-Commit-Position: refs/heads/master@{#40662}
This patch implements TracingCategoryObserver to set global flag when a V8
specific category is enabled. Previously, we set a global flag each time when we
encounter a top level trace event, and use it as a global check. With this
patch, we can set a group of flags when tracing is enabled; besides, we make
V8 tracing feature use V8 flags instead of defining its own flag in a messy way.
With this patch, whatever V8 flag we want to imply in tracing, we define another
integer flag, and the original V8 flag will set it to 0x01 when passing by
commandline, tracing will set it to 0x10 when we start tracing and reset the bit
when we stop tracing.
Review-Url: https://codereview.chromium.org/2436273002
Cr-Commit-Position: refs/heads/master@{#40659}
These are added to the sampler stack trace when RCS are
enabled.
Resource name for a RCS frame is reported as "V8Runtime".
Counter names match ones from src/counters.h
BUG=chromium:660428
Review-Url: https://codereview.chromium.org/2461003002
Cr-Commit-Position: refs/heads/master@{#40658}
When Chromium and V8 use the same version of inspector_protocol, any protocol change takes at least 4 patches and 3 waiting for rolls.
To simplify this process we need to have two diffrent versions of inspector_protocol in Chromium and V8. Current state of inspector_protocol was extracted into separate repository [1]. This CL puts last version of inspector_protocol into third_party/inspector_protocol and removes dependency on inspector_protocol in Webkit.
[1] https://chromium.googlesource.com/deps/inspector_protocol/
BUG=chromium:637032
R=dgozman@chromium.org
CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_precise_blink_rel
Review-Url: https://codereview.chromium.org/2447323002
Cr-Commit-Position: refs/heads/master@{#40655}
Previously we reset runtime counters and dump them when we enter, exit top level
trace events respectively. However, there is gap between two top level trace
events and runtime counters may be activated, resetting the counters makes the
accumulated time inaccurate, and we may end up with negative time due to the
nature of how we accumulate time.
This patch fixes this problem by only resetting counters when there's no
counters active, and before dump counters, we traverse current active counters
to calculate their time, and then restart their timer.
BUG=chromium:658145
Review-Url: https://codereview.chromium.org/2457523002
Cr-Commit-Position: refs/heads/master@{#40653}
Reason for revert:
Seems to block rolling:
https://codereview.chromium.org/2447393005/
Original issue's description:
> [heap] Concurrent store buffer processing.
>
> BUG=chromium:648973, chromium:648568
TBR=ulan@chromium.org,mlippautz@chromium.org,hpayer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:648973, chromium:648568
Review-Url: https://codereview.chromium.org/2449853010
Cr-Commit-Position: refs/heads/master@{#40650}
