- 23 Oct, 2017 12 commits
-
-
Ivica Bogosavljevic authored
Bug: Change-Id: I79ddd65af022a22929131fcfc062e15300de04bd Reviewed-on: https://chromium-review.googlesource.com/732661Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Peter Marshall <petermarshall@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#48823}
-
Ulan Degenbaev authored
This reverts commit 00ba1dca. Reason for revert: perf regressions crbug.com/774903 Original change's description: > [heap] Disable map retaining optimization. > > The optimization keeps dying maps alive for several GCs to mitigate > code deoptimization with weak maps. > > This patch disables the optimization to see if it still needed. > > Bug: > Change-Id: Ie5717967ad56858e6ae546c90fde73e8d5bcc4ec > Reviewed-on: https://chromium-review.googlesource.com/712598 > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Commit-Queue: Ulan Degenbaev <ulan@chromium.org> > Cr-Commit-Position: refs/heads/master@{#48458} TBR=ulan@chromium.org,mlippautz@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Change-Id: Id57d7239a041b03e02a35ccbf5830ff9838a6246 Reviewed-on: https://chromium-review.googlesource.com/733017Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#48822}
-
Choongwoo Han authored
- Fix a wrong type casting triggered when a given array's length is zero - Add a regression test case Bug: chromium:777182, chromium:768775 Change-Id: I615b73e9d7bad657c872c96c7a204efe355d8289 Reviewed-on: https://chromium-review.googlesource.com/732865Reviewed-by: Peter Marshall <petermarshall@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#48821}
-
Benedikt Meurer authored
This adds a new InstanceOfIC where the TestInstanceOf bytecode collects constant feedback about the right-hand side of instanceof operators, including both JSFunction and JSBoundFunction instances. TurboFan then uses the feedback to optimize instanceof in places where the right-hand side is not a known constant (known to TurboFan). This addresses the odd performance cliff that we see with instanceof in functions with multiple closures. It was discovered as one of the main bottlenecks on the uglify-es test in the web-tooling-benchmark. The uglify-es test (run in separation) is ~18% faster with this change. On the micro-benchmark in the tracking bug we go from instanceofSingleClosure_Const: 69 ms. instanceofSingleClosure_Class: 246 ms. instanceofMultiClosure: 246 ms. instanceofParameter: 246 ms. to instanceofSingleClosure_Const: 70 ms. instanceofSingleClosure_Class: 75 ms. instanceofMultiClosure: 76 ms. instanceofParameter: 73 ms. boosting performance by roughly 3.6x and thus effectively removing the performance cliff around instanceof. Bug: v8:6936, v8:6971 Change-Id: Ib88dbb9eaef9cafa4a0e260fbbde73427a54046e Reviewed-on: https://chromium-review.googlesource.com/730686 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#48820}
-
Clemens Hammacher authored
There are wasm operations which operate on floats or double, but they need to preserve the exact bit pattern. Thus they cannot be stored and passed as float or double, since that might flip the signaling NaN bit. This CL extends WasmValue to store floats and doubles as bit pattern, and adds accessors to extract them as Float32 or Float64. The interpreter is changed to execute certain operations (i32.abs, i32.neg, i64.abs, i64.neg, f32.reinterpret/i32, f64.reinterpret/i64) on boxed floats. R=titzer@chromium.org Bug: v8:6954 Change-Id: I0251d1a67b6caf593194d4eb292a325cdd3f20cf Reviewed-on: https://chromium-review.googlesource.com/730716 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Ben Titzer <titzer@chromium.org> Cr-Commit-Position: refs/heads/master@{#48819}
-
Choongwoo Han authored
Remove checking detached buffer of a validated typed array in %TypedArray%.prototype.slice. Now, JSTypedArray::Validate checks if the new typed array's buffer is detached or not. Bug: v8:5929 Change-Id: I381e33e3995ae10cc2907a7141a64ec9f97c742f Reviewed-on: https://chromium-review.googlesource.com/721399Reviewed-by: Peter Marshall <petermarshall@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#48818}
-
Ulan Degenbaev authored
Currently the concurrent marker iterates all fields in JSObjects up to the instance size defined by the map. This can lead to a race when the object transitions to unboxed double field. Bug: chromium:774644 Change-Id: I01a69240869217127769bba9ff1c49dc5a81fa9c Reviewed-on: https://chromium-review.googlesource.com/730717Reviewed-by: Hannes Payer <hpayer@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#48817}
-
Clemens Hammacher authored
Even static constant fields need to have definitions outside of the class scope if a reference to them is passed. This CL fixes link errors which occured on an independent CL (https://crrev.com/c/730716). Drive-by: Make the fields constexpr. R=mstarzinger@chromium.org Change-Id: Iff5dd1f3d41ddfba0c20531dbecd63c1d4c670e8 Reviewed-on: https://chromium-review.googlesource.com/732114Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#48816}
-
Jakob Gruber authored
This reverts commit 14165a47. Reason for revert: Fix is incomplete, will reland soon. Original change's description: > [proxy] Fix invalid call to getter in [[Get/Set]] > > Fixes the implementation of step 9 in the Proxy's internal [[Get]] > method: > > Let targetDesc be ? target.[[GetOwnProperty]](P) > > If P is an accessor, this should not result in a call to the getter. > Likewise in [[Set]]. > > https://tc39.github.io/ecma262/#sec-proxy-object-internal-methods-and-internal-slots-get-p-receiver > > Bug: chromium:776338 > Change-Id: Ic06b7eeac6a1ef9606ddda6fa9d6d58b709702fb > Reviewed-on: https://chromium-review.googlesource.com/731123 > Reviewed-by: Georg Neis <neis@chromium.org> > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/master@{#48813} TBR=neis@chromium.org,jgruber@chromium.org Change-Id: I92a11791b3c6a73ada1f72fe4193c25e7a054746 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:776338 Reviewed-on: https://chromium-review.googlesource.com/732877Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#48815}
-
Michael Achenbach authored
NOTRY=true Bug: v8:6918, chromium:747960 Change-Id: I0a83cd1eebfe4082399dc1d26dbdf7ff3ef1f158 Reviewed-on: https://chromium-review.googlesource.com/731044Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#48814}
-
jgruber authored
Fixes the implementation of step 9 in the Proxy's internal [[Get]] method: Let targetDesc be ? target.[[GetOwnProperty]](P) If P is an accessor, this should not result in a call to the getter. Likewise in [[Set]]. https://tc39.github.io/ecma262/#sec-proxy-object-internal-methods-and-internal-slots-get-p-receiver Bug: chromium:776338 Change-Id: Ic06b7eeac6a1ef9606ddda6fa9d6d58b709702fb Reviewed-on: https://chromium-review.googlesource.com/731123Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#48813}
-
Jaroslav Sevcik authored
This tracks instance type in load elimination, so that it can be used to prune control flow with unreachable states. (This is a cut down version of https://chromium-review.googlesource.com/c/v8/v8/+/727761), the regression should be addressed by the map invalidation fix from https://chromium-review.googlesource.com/c/v8/v8/+/730705.) Bug: v8:6396 Change-Id: I3acab16ebbc0f1f16c7900a8d307deb84e1cb618 Reviewed-on: https://chromium-review.googlesource.com/732307 Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#48812}
-
- 22 Oct, 2017 3 commits
-
-
Georg Neis authored
The information that such functions must be parsed in module mode didn't get properly propagated. Also refactor some related code to make it more robust. In particular, set parsing_module_ at parser construction time only. Bug: v8:1569, v8:6919 Change-Id: Id136fb15c240373cad07c82025b778d0c0c43148 Reviewed-on: https://chromium-review.googlesource.com/716478 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Marja Hölttä <marja@chromium.org> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#48811}
-
Jaroslav Sevcik authored
This introduces unreachable state into load elimination. We mark state as unreachable if we know statically that a map check would fail. When processing effect phis, we disconnect unreachable state's control from the effect phi's merge, and point it to RuntimeAbort. The control input to the merge is then updated with Dead. Dead code elimination prunes the merge, phis and effect phis. Bug: v8:6396 Change-Id: I01874b576e548747a915c7b645b96ebaa6f6700d Reviewed-on: https://chromium-review.googlesource.com/730754 Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#48810}
-
v8-autoroll authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/b0569ad..ab1bd6e TBR=machenbach@chromium.org,hablich@chromium.org Change-Id: I739d94985d1a60e1dd9dcb3ea4e69c2b159f3de3 Reviewed-on: https://chromium-review.googlesource.com/732024Reviewed-by: v8 autoroll <v8-autoroll@chromium.org> Commit-Queue: v8 autoroll <v8-autoroll@chromium.org> Cr-Commit-Position: refs/heads/master@{#48809}
-
- 21 Oct, 2017 3 commits
-
-
Adam Klein authored
Now that gclient is much quieter about its output (see crbug.com/772741), these always-emitted messages make it louder than necessary. Change-Id: I864676c4ca57d4c060f7f58bc770d8d670695639 Reviewed-on: https://chromium-review.googlesource.com/731118Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#48808}
-
Yang Guo authored
R=jgruber@chromium.org, verwaest@chromium.org Change-Id: I5b607e9c121accafff0c65fc74b073a873f749af Reviewed-on: https://chromium-review.googlesource.com/721665Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#48807}
-
v8-autoroll authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/2d90a29..b0569ad Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/76a8dd7..22e74eb Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/dce4014..12ba14e TBR=machenbach@chromium.org,hablich@chromium.org Change-Id: I674a1d61a8ba738a239fc8fcbd0499d82279fae0 Reviewed-on: https://chromium-review.googlesource.com/732023Reviewed-by: v8 autoroll <v8-autoroll@chromium.org> Commit-Queue: v8 autoroll <v8-autoroll@chromium.org> Cr-Commit-Position: refs/heads/master@{#48806}
-
- 20 Oct, 2017 22 commits
-
-
Camillo Bruni authored
Implicitly escape all output that is passed to Log::MessageBuilder. We escape non-printable characters and the log field separator ',' using the \x00 and \u0000 escape sequences. Example: Before: event-foo,"space: ","comma: ,","double quotes: """ After: event-foo,space: ,comma: \x2C,double quotes: " This might slightly impact human readability of the log files in extreme cases. However, most strings do not contain any escaped characters. Bug: Change-Id: Ic78f6d9932367d02f9f3c3f70b41b5c283bdf880 Reviewed-on: https://chromium-review.googlesource.com/728332 Commit-Queue: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#48805}
-
Camillo Bruni authored
This is a reland of 06ff9e97 Original change's description: > [logging] Use OFStream for log events > > This simplifies a few operations and removes the size limitations > implied by the message buffer used. > > Change-Id: I8b873a0ffa399a037ff5c2501ba4b68158810968 > Reviewed-on: https://chromium-review.googlesource.com/724285 > Commit-Queue: Camillo Bruni <cbruni@chromium.org> > Reviewed-by: Adam Klein <adamk@chromium.org> > Cr-Commit-Position: refs/heads/master@{#48766} Change-Id: Iafda1c88d9180d188d6b8bd7d03d6d27100538d8 Reviewed-on: https://chromium-review.googlesource.com/731107 Commit-Queue: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#48804}
-
Mathias Bynens authored
The CheckObjectCoercible abstract operation was renamed to RequireObjectCoercible a while ago. https://tc39.github.io/ecma262/#sec-requireobjectcoercible This patch updates our macro name accordingly. BUG=v8:3577,v8:6921 Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng Change-Id: I1301b650aba67fda46bb2167d9ebd0c63840466c Reviewed-on: https://chromium-review.googlesource.com/730495 Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#48803}
-
Mathias Bynens authored
BUG=v8:6921 Change-Id: I8facfcc3ecef094843a86789d3aea75ff6b04b16 Reviewed-on: https://chromium-review.googlesource.com/731382Reviewed-by: Adam Klein <adamk@chromium.org> Commit-Queue: Mathias Bynens <mathias@chromium.org> Cr-Commit-Position: refs/heads/master@{#48802}
-
Jan Krems authored
Use an intrinsic for GetImportMetaObject and generate bytecode for the case where import.meta has been initialized already. This way the runtime method will only be called once per module. Bug: v8:6693 Change-Id: If661e88e6accfb1c5795e37a80582d04f6dd87dd Reviewed-on: https://chromium-review.googlesource.com/716536Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#48801}
-
Mathias Bynens authored
The spec got rid of `CheckObjectCoercible` a while back, and so should we. This change is not observable in most of the affected cases since `ToObject` is up near the top of most Array method algorithms. An example of an observable effect of this change occurs for the following input: Array.prototype.sort.call(null, 1); Behavior before applying the patch (incorrect message): TypeError: Array.prototype.sort called on null or undefined Expected behavior: TypeError: The comparison function must be either a function or undefined This patch removes `CheckObjectCoercible` and adds tests to ensure the few observable cases are addressed correctly. The patch also adds a missing `ToObject(this)` to `Array.prototype.lastIndexOf` which would otherwise become observable as a result of `CheckObjectCoercible` being removed. BUG=v8:3577,v8:6921 Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel Change-Id: Ia086095076c4bf4d8d58dab26bc28df02994ed01 Reviewed-on: https://chromium-review.googlesource.com/718577Reviewed-by: Adam Klein <adamk@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Mathias Bynens <mathias@chromium.org> Cr-Commit-Position: refs/heads/master@{#48800}
-
Kris Selden authored
Bug: v8:6968 Change-Id: Ibb19e96b6ce8ad56356ab6c4fb6bbc588bbb7420 Reviewed-on: https://chromium-review.googlesource.com/729248 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#48799}
-
Jakob Kummerow authored
as well as "BitwiseOp". Builtins and Interpreter bytecode handlers need quite a bit of similar functionality with minor differences. This CL factors out and generalizes the TaggedToNumeric[WithFeedback] and the TaggedToWord[OrBigInt][WithFeedback] groups of helpers into one shared implementation each in the CodeStubAssembler. Bug: v8:6921 Change-Id: Iae5dcc4c50c7fde3423f801cb5484de337381ce6 Reviewed-on: https://chromium-review.googlesource.com/721606 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#48798}
-
Jakob Kummerow authored
Whitespace-only strings count as empty too. This behavior is different from BigInt.parseInt(""), which throws a SyntaxError. Bug: v8:6791, v8:6957 Change-Id: I6671c803f3ba83e23c3e0cad81d3af29dba61c9f Reviewed-on: https://chromium-review.googlesource.com/727301Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#48797}
-
Tobias Tebbi authored
- Introduce the new union type UnionType<T1,T2>, used for Number and Numeric. Similarly, PairType<T1,T2> is used for a Turbofan operation with two results. Further details in the design doc: https://docs.google.com/document/d/10foP3m7SDWyFfbda96iEJ_XYOLQdd32AeoP8SD1cTcs/edit#heading=h.bghdno28mr7u - Allow to derive the MachineType from a static type. This allows to select the right MachineType when performing a load/store. - Disallow casts (UncheckedCast() or CAST()) when the target and origin type have no overlap. New cast ReinterpretCast() is an UncheckedCast without this check. - Caveat of this CL: Checked casts (CAST()) are not possible for UnionType<T1,T2> with the exception of Number (due to the existence of Number in OBJECT_TYPE_LIST and the existence of an IsNumber() function in the runtime). Bug: v8:6949 Change-Id: I21a683d1341f69cebd8a347f545b454b463c52ad Reviewed-on: https://chromium-review.googlesource.com/723320 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#48796}
-
Ulan Degenbaev authored
The motivation for the new field is to provide race-free way to iterate used in-object properties of a JSObject in concurrent marker. This CL keeps the new field in sync with the unused_property_fields and subsequent CL will remove unused_property_fields. Bug: chromium:774644 Change-Id: I0971f079094d58d3a57415834c43c09427dacc77 Reviewed-on: https://chromium-review.googlesource.com/726639 Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#48795}
-
Michael Achenbach authored
This adds a wrapper script for run-tests.py that continues support for iterating over multiple modes and architectures. This also fixes a bug of the auto-detect target in gyp. Bug: chromium:772804 Change-Id: I61ff47b12e1925e010d822327a8aae8c402f435d Reviewed-on: https://chromium-review.googlesource.com/730225 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org> Cr-Commit-Position: refs/heads/master@{#48794}
-
Ben L. Titzer authored
[wasm] Fix signature canonicalization for error case. The decoder should not attempt to insert null signatures into the SignatureMap. R=ahaas@chromium.org Bug: chromium:775366 Change-Id: I0fbc0547dbf00fd25d37271a03b6756481a4c6a1 Reviewed-on: https://chromium-review.googlesource.com/730752Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Ben Titzer <titzer@chromium.org> Cr-Commit-Position: refs/heads/master@{#48793}
-
Michael Lippautz authored
Bug: chromium:738865 Change-Id: I17f01ae4e4c854a8ca674f4fa1647d281ecede9c Reviewed-on: https://chromium-review.googlesource.com/730743Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#48792}
-
Mike Stanton authored
And less Node *. The creeping introduction of types. Bug: v8:6949 Change-Id: I8a559ef03e14ede8110faa4c456bbb9ce6cf56ca Reviewed-on: https://chromium-review.googlesource.com/730467Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/heads/master@{#48791}
-
Pierre Langlois authored
Arm64's implementation of `TurboAssembler::Abort()` supports printing the bailout reason to the standard output without calling to the runtime. For this to work, we need access to the host's printf function so we can call it directly. In the general case, `Abort` does call the runtime, however, we cannot do it if we want to abort from inside CEntryStub. Bug: v8:6939 Change-Id: I2a57603cdc182a45cf770f405bd6ae449f40a047 Reviewed-on: https://chromium-review.googlesource.com/730746Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Pierre Langlois <pierre.langlois@arm.com> Cr-Commit-Position: refs/heads/master@{#48790}
-
Mike Stanton authored
If the input array is a JSArray with fast elements, it makes sense to create an output array of the same ElementsKind when possible. Bug: v8:1956 Change-Id: Ie9c937cf1751ccbbbe7cc76f40e1e1a0328ed37c Reviewed-on: https://chromium-review.googlesource.com/730748 Commit-Queue: Michael Stanton <mvstanton@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#48789}
-
Jaroslav Sevcik authored
Bug: v8:6396 Change-Id: I73a686bc5dc4849ca3f0addca513f7a0173ce0b3 Reviewed-on: https://chromium-review.googlesource.com/730710 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#48788}
-
Mostyn Bramley-Moore authored
Bug: chromium:770684 Change-Id: I4e4efc10dad1d3bb438fddc74098b36a6b9e1054 Reviewed-on: https://chromium-review.googlesource.com/730203Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Mostyn Bramley-Moore <mostynb@vewd.com> Cr-Commit-Position: refs/heads/master@{#48787}
-
Mike Stanton authored
JSClassOf may lower to a call to a builtin, and needs to be modeled in a way that the effect chain can be maintained. Bug: v8:6929 Change-Id: Ida332e6d85e2eb8b33fcad810d195ef3e897ccb0 Reviewed-on: https://chromium-review.googlesource.com/727204Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/heads/master@{#48786}
-
Jaroslav Sevcik authored
Instead we only change the map for the node being checked. This also changes AbstractMaps to look through renames for keys. That might theoretically lead to seeing less precise types for MayAlias tests, the hope is it does not matter much. Bug: v8:6396 Change-Id: I28a067080a3bc58c62a9dd5a76dce1aa348d8e0c Reviewed-on: https://chromium-review.googlesource.com/730705Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#48785}
-
Benedikt Meurer authored
In the special case of KeyedLoadIC, where the key that is passed in is a Name that is always the same we only checked for identity in both the stub and the TurboFan case, which works fine for symbols and internalized strings, but doesn't really work with non-internalized strings, where the identity check will fail, the runtime will internalize the string, and the IC will then see the original internalized string again and not progress in the feedback lattice. This leads to tricky deoptimization loops in TurboFan and constantly missing ICs. This adds fixes the stub to always try to internalize strings first when the identity check fails and then doing the check again. If the name is not found in the string table we miss, since in that case the string cannot match the previously recorded feedback name (which is always a unique name). In TurboFan we represent this checks with new CheckEqualsSymbol and CheckEqualsInternalizedString operators, which validate the previously recorded feedback, and the CheckEqualsInternalizedString operator does the attempt to internalize the input. Bug: v8:6936, v8:6948, v8:6969 Change-Id: I3f3b4a587c67f00f7c4b60d239eb98a9626fe04a Reviewed-on: https://chromium-review.googlesource.com/730224Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#48784}
-