Skip to content

V
V8
Switch branch/tag
  1. 12 Apr, 2017 1 commit
  3. 11 Apr, 2017 2 commits
  5. 10 Apr, 2017 1 commit
    • Leszek Swirski's avatar
      [ignition] Add call bytecodes for undefined receiver · 751e8935
      Leszek Swirski authored 
      Adds a collection of call bytecodes which have an implicit undefined
receiver argument, for cases such as global calls where we know that the
receiver has to be undefined. This way we can skip an LdaUndefined,
decrease bytecode register pressure, and set a more accurate
ConvertReceiverMode on the interpreter and TurboFan call.

As a side effect, the "normal" Call bytecode now becomes a rare case
(only with calls and super property calls), so we get rid of its 0-2
argument special cases and modify CallProperty[N] to use the
NotNullOrUndefined ConvertReceiverMode.

Change-Id: I9374a32fefd66fc0251b5193bae7a6b7dc31eefc
Reviewed-on: https://chromium-review.googlesource.com/463287
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44530}
      751e8935
  7. 07 Apr, 2017 1 commit
  9. 03 Apr, 2017 1 commit
  11. 31 Mar, 2017 1 commit
  13. 29 Mar, 2017 2 commits
    • Caitlin Potter's avatar
      [cleanup] combine 3 ResumeGenerator stubs into one · 5615e5b8
      Caitlin Potter authored 
      This hopefully shrinks binary size a bit, at the cost of (slightly)
increasing the complexity of the ResumeGenerator stub. Includes ia32,
x64, mips, mips64, arm and arm64 ports.

BUG=v8:5855
R=rmcilroy@chromium.org, paul.lind@imgtec.com, bmeurer@chromium.org, neis@chromium.org

Change-Id: I848ce08afd828091a11e03c89d5be065ff557ef3
Reviewed-on: https://chromium-review.googlesource.com/461303
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: 's avatarBenedikt Meurer <bmeurer@chromium.org>
Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44244}
      5615e5b8
    • Caitlin Potter's avatar
      [async-iteration] implement AsyncGenerator · bf463c4d
      Caitlin Potter authored 
      - Introduce new struct AsyncGeneratorRequest, which holds
  information pertinent to resuming execution of an
  AsyncGenerator, such as the Promise associated with the async
  generator request. It is intended to be used as a singly
  linked list, and holds a pointer to the next item in te queue.

- Introduce JSAsyncGeneratorObject (subclass of
  JSGeneratorObject), which includes several new internal fields
  (`queue` which contains a singly linked list of
  AsyncGeneratorRequest objects, and `await_input` which
  contains the sent value from an Await expression (This is
  necessary to prevent function.sent (used by yield*) from
  having the sent value observably overwritten during
  execution).

- Modify SuspendGenerator to accept a set of Flags, which
  indicate whether the suspend is for a Yield or Await, and
  whether it takes place on an async generator or ES6
  generator.

- Introduce interpreter intrinsics and TF intrinsic lowering for
  accessing the await input of an async generator

- Modify the JSGeneratorStore operator to understand whether or
  not it's suspending for a normal yield, or an AsyncGenerator
  Await. This ensures appropriate registers are stored.

- Add versions of ResumeGeneratorTrampoline which store the
  input value in a different field depending on wether it's an
  AsyncGenerator Await resume, or an ordinary resume. Also modifies
  whether debug code will assert that the generator object is a
  JSGeneratorObject or a JSAsyncGeneratorObject depending on the
  resume type.

BUG=v8:5855
R=bmeurer@chromium.org, rmcilroy@chromium.org, jgruber@chromium.org,
littledan@chromium.org, neis@chromium.org
TBR=marja@chromium.org

Change-Id: I9d58df1d344465fc937fe7eed322424204497187
Reviewed-on: https://chromium-review.googlesource.com/446961
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
Reviewed-by: 's avatarHannes Payer <hpayer@chromium.org>
Reviewed-by: 's avatarBenedikt Meurer <bmeurer@chromium.org>
Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44240}
      bf463c4d
  15. 27 Mar, 2017 1 commit
  17. 20 Mar, 2017 1 commit
  19. 14 Mar, 2017 1 commit
  21. 04 Mar, 2017 1 commit
  23. 21 Feb, 2017 1 commit
  25. 15 Feb, 2017 1 commit
  27. 14 Feb, 2017 1 commit
    • vabr's avatar
      Fix TypeError message for Reflect.construct · b478e9c1
      vabr authored 
      If the Reflect.construct receives an argument expected to be a constructor,
and the argument is not a constructor, V8 currently declares that
Reflect.construct is not a function. It should instead say that the offending
argument is not a constructor.

This is the case for all ports of builtins
(Builtins::Generate_ReflectConstruct). All of them make an
attempt to at least pass the right argument to the TypeError parametrised
message, calling out the offending Reflect.construct argument. However,
Runtime::kThrowCalledNonCallable extracts the callsite from those arguments,
discarding the precise information.

This CL adds Runtime::kNotConstructor, which reports the arguments passed
to it, and the CL also modifies the ports of builtins to make use of
Runtime::kNotConstructor

BUG=v8:5671

Review-Url: https://codereview.chromium.org/2688393003
Cr-Commit-Position: refs/heads/master@{#43182}
      b478e9c1
  29. 13 Feb, 2017 1 commit
    • Michael Starzinger's avatar
      [turbofan] Correct lazy deopt by {JSCreate} operation. · 6ee0b6ce
      Michael Starzinger authored 
      This adds support for deoptimizing into the JSConstructStub after the
receiver instantiation but before the actual constructor invocation.
Such a deoptimization point is needed for cases where instantiation
might be observed (e.g. when new.target is a proxy) and hence might
trigger a deopt.

We use this new deoptimization point for the "after" frame-state the
inliner attaches to {JSCreate} nodes being inserted when constructor
calls are being inlined.

R=jarin@chromium.org
TEST=mjsunit/regress/regress-5638b
BUG=v8:5638

Change-Id: I7c72c807ee8fb76d12e0e9ccab86d970ab1a0efd
Reviewed-on: https://chromium-review.googlesource.com/440125Reviewed-by: 's avatarHannes Payer <hpayer@chromium.org>
Reviewed-by: 's avatarJaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43149}
      6ee0b6ce
  31. 07 Feb, 2017 1 commit
  33. 06 Feb, 2017 1 commit
    • mvstanton's avatar
      [TypeFeedbackVector] Root feedback vectors at function literal site. · aea3ce3d
      mvstanton authored 
      TypeFeedbackVectors are strongly rooted by a closure. However, in modern
JavaScript closures are created and abandoned more freely. An important
closure may not be present in the root-set at time of garbage collection,
even though we've cached optimized code and use it regularly. For
example, consider leaf functions in an event dispatching system. They may
well be "hot," but tragically non-present when we collect the heap.

Until now, we've relied on a weak root to cache the feedback vector in
this case. Since there is no way to signal intent or relative importance,
this weak root is as susceptible to clearing as any other weak root at
garbage collection time.

Meanwhile, the feedback vector has become more important. All of our
ICs store their data there. Literal and regex boilerplates are stored there.
If we lose the vector, then we not only lose optimized code built from
it, we also lose the very feedback which allowed us to create that optimized
code. Therefore it's vital to express that dependency through the root
set.

This CL does this by creating a strong link to a feedback
vector at the instantiation site of the function closure.
This instantiation site is in the code and feedback vector
of the outer closure.

BUG=v8:5456

Review-Url: https://codereview.chromium.org/2674593003
Cr-Commit-Position: refs/heads/master@{#42953}
      aea3ce3d
  35. 30 Jan, 2017 2 commits
  37. 26 Jan, 2017 1 commit
    • bmeurer's avatar
      [turbofan] Introduce JSCallForwardVarargs operator. · 69747e26
      bmeurer authored 
      We turn a JSCallFunction node for

  f.apply(receiver, arguments)

into a JSCallForwardVarargs node, when the arguments refers to the
arguments of the outermost optimized code object, i.e. not an inlined
arguments, and the apply method refers to Function.prototype.apply,
and there's no other user of arguments except in frame states.

We also replace the arguments node in the graph with a marker for
the Deoptimizer similar to Crankshaft to make sure we don't materialize
unused arguments just for the sake of deoptimization. We plan to replace
this with a saner EscapeAnalysis based solution soon.

R=jarin@chromium.org
BUG=v8:5267,v8:5726

Review-Url: https://codereview.chromium.org/2655233002
Cr-Commit-Position: refs/heads/master@{#42680}
      69747e26
  39. 25 Jan, 2017 1 commit
  41. 24 Jan, 2017 1 commit
  43. 23 Jan, 2017 1 commit
  45. 20 Jan, 2017 1 commit
  47. 19 Jan, 2017 3 commits
  49. 18 Jan, 2017 2 commits
  51. 17 Jan, 2017 3 commits
  53. 12 Jan, 2017 4 commits
  55. 03 Jan, 2017 1 commit
    • rmcilroy's avatar
      [Ignition] Teach CompileLazy about interpreted functions. · 72c37076
      rmcilroy authored 
      Currently the CompileLazy builtin checks the SFI expliciltly for FCG code. This means
if the SFI has bytecode we have to go through to the runtime to install the
interpreter entry trampoline into the JSFunction object.

Modify the builtin to always put the SFI code object into the JSFunction unless it's
the lazy compile stub on the SFI as well.

BUG=v8:4380

Review-Url: https://codereview.chromium.org/2583693003
Cr-Commit-Position: refs/heads/master@{#42034}
      72c37076
  57. 29 Dec, 2016 1 commit