Reland "[turbofan] inline %StringIteratorPrototype%.next in JSBuiltinReducer"

Reland "[turbofan] inline %StringIteratorPrototype%.next in JSBuiltinReducer"

Reland https://codereview.chromium.org/2373983004/, reverted in
4e5a4d9352e7254b349216075d8dc37bf4ffa217.

Reason: CL is not responsible for Win32 Debug failures (see https://build.chromium.org/p/client.v8/builders/V8%20Win32%20-%20debug/builds/5031)

------------------------------------------------------------------------------

Implement the logic for StringIterator.prototype.next in the JSBuiltinReducer in order to allow inlining when the receiver is a JS_STRING_ITERATOR_TYPE map, built ontop of the SimplifiedOperators StringCharCodeAt and the newly added StringFromCodePoint.

Also introduces a new StringFromCodePoint simplified op which may be useful for other String builtins, such as String.fromCodePoint()

BUG=v8:5388
TBR=bmeurer@chromium.org, mstarzinger@chromium.org

Committed: https://crrev.com/f5871336e25209b968c49acaa9bdb9e234437496
Cr-Commit-Position: refs/heads/master@{#40008}

[caitp, 2016-10-05 18:15:45]

Description was changed from

==========
Reland "[turbofan] inline %StringIteratorPrototype%.next in JSBuiltinReducer"

Reland https://codereview.chromium.org/2373983004/, reverted in
4e5a4d9352e7254b349216075d8dc37bf4ffa217.

Reason: CL is not responsible for Win32 Debug failures (see
https://build.chromium.org/p/client.v8/builders/V8%20Win32%20-%20debug/builds...)

------------------------------------------------------------------------------

Implement the logic for StringIterator.prototype.next in the JSBuiltinReducer in
order to allow inlining when the receiver is a JS_STRING_ITERATOR_TYPE map,
built ontop of the SimplifiedOperators StringCharCodeAt and the newly added
StringFromCodePoint.

Also introduces a new StringFromCodePoint simplified op which may be useful for
other String builtins, such as String.fromCodePoint()

BUG=v8:5388
R=bmeurer@chromium.org, mstarzinger@chromium.org
==========

to

==========
Reland "[turbofan] inline %StringIteratorPrototype%.next in JSBuiltinReducer"

Reland https://codereview.chromium.org/2373983004/, reverted in
4e5a4d9352e7254b349216075d8dc37bf4ffa217.

Reason: CL is not responsible for Win32 Debug failures (see
https://build.chromium.org/p/client.v8/builders/V8%20Win32%20-%20debug/builds...)

------------------------------------------------------------------------------

Implement the logic for StringIterator.prototype.next in the JSBuiltinReducer in
order to allow inlining when the receiver is a JS_STRING_ITERATOR_TYPE map,
built ontop of the SimplifiedOperators StringCharCodeAt and the newly added
StringFromCodePoint.

Also introduces a new StringFromCodePoint simplified op which may be useful for
other String builtins, such as String.fromCodePoint()

BUG=v8:5388
TBR=bmeurer@chromium.org, mstarzinger@chromium.org
==========

[caitp, 2016-10-05 18:15:53]

The CQ bit was checked by caitp@igalia.com

[commit-bot: I haz the power, 2016-10-05 18:16:02]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-10-05 18:46:00]

Description was changed from

==========
Reland "[turbofan] inline %StringIteratorPrototype%.next in JSBuiltinReducer"

Reland https://codereview.chromium.org/2373983004/, reverted in
4e5a4d9352e7254b349216075d8dc37bf4ffa217.

Reason: CL is not responsible for Win32 Debug failures (see
https://build.chromium.org/p/client.v8/builders/V8%20Win32%20-%20debug/builds...)

------------------------------------------------------------------------------

Implement the logic for StringIterator.prototype.next in the JSBuiltinReducer in
order to allow inlining when the receiver is a JS_STRING_ITERATOR_TYPE map,
built ontop of the SimplifiedOperators StringCharCodeAt and the newly added
StringFromCodePoint.

Also introduces a new StringFromCodePoint simplified op which may be useful for
other String builtins, such as String.fromCodePoint()

BUG=v8:5388
TBR=bmeurer@chromium.org, mstarzinger@chromium.org
==========

to

==========
Reland "[turbofan] inline %StringIteratorPrototype%.next in JSBuiltinReducer"

Reland https://codereview.chromium.org/2373983004/, reverted in
4e5a4d9352e7254b349216075d8dc37bf4ffa217.

Reason: CL is not responsible for Win32 Debug failures (see
https://build.chromium.org/p/client.v8/builders/V8%20Win32%20-%20debug/builds...)

------------------------------------------------------------------------------

Implement the logic for StringIterator.prototype.next in the JSBuiltinReducer in
order to allow inlining when the receiver is a JS_STRING_ITERATOR_TYPE map,
built ontop of the SimplifiedOperators StringCharCodeAt and the newly added
StringFromCodePoint.

Also introduces a new StringFromCodePoint simplified op which may be useful for
other String builtins, such as String.fromCodePoint()

BUG=v8:5388
TBR=bmeurer@chromium.org, mstarzinger@chromium.org
==========

[commit-bot: I haz the power, 2016-10-05 18:46:01]

Committed patchset #1 (id:1)

[commit-bot: I haz the power, 2016-10-05 18:46:21]

Description was changed from

==========
Reland "[turbofan] inline %StringIteratorPrototype%.next in JSBuiltinReducer"

Reland https://codereview.chromium.org/2373983004/, reverted in
4e5a4d9352e7254b349216075d8dc37bf4ffa217.

Reason: CL is not responsible for Win32 Debug failures (see
https://build.chromium.org/p/client.v8/builders/V8%20Win32%20-%20debug/builds...)

------------------------------------------------------------------------------

Implement the logic for StringIterator.prototype.next in the JSBuiltinReducer in
order to allow inlining when the receiver is a JS_STRING_ITERATOR_TYPE map,
built ontop of the SimplifiedOperators StringCharCodeAt and the newly added
StringFromCodePoint.

Also introduces a new StringFromCodePoint simplified op which may be useful for
other String builtins, such as String.fromCodePoint()

BUG=v8:5388
TBR=bmeurer@chromium.org, mstarzinger@chromium.org
==========

to

==========
Reland "[turbofan] inline %StringIteratorPrototype%.next in JSBuiltinReducer"

Reland https://codereview.chromium.org/2373983004/, reverted in
4e5a4d9352e7254b349216075d8dc37bf4ffa217.

Reason: CL is not responsible for Win32 Debug failures (see
https://build.chromium.org/p/client.v8/builders/V8%20Win32%20-%20debug/builds...)

------------------------------------------------------------------------------

Implement the logic for StringIterator.prototype.next in the JSBuiltinReducer in
order to allow inlining when the receiver is a JS_STRING_ITERATOR_TYPE map,
built ontop of the SimplifiedOperators StringCharCodeAt and the newly added
StringFromCodePoint.

Also introduces a new StringFromCodePoint simplified op which may be useful for
other String builtins, such as String.fromCodePoint()

BUG=v8:5388
TBR=bmeurer@chromium.org, mstarzinger@chromium.org

Committed: https://crrev.com/f5871336e25209b968c49acaa9bdb9e234437496
Cr-Commit-Position: refs/heads/master@{#40008}
==========

[commit-bot: I haz the power, 2016-10-05 18:46:22]

Patchset 1 (id:??) landed as
https://crrev.com/f5871336e25209b968c49acaa9bdb9e234437496
Cr-Commit-Position: refs/heads/master@{#40008}

[adamk, 2016-10-07 21:49:03]

adamk@chromium.org changed reviewers:
+ adamk@chromium.org

[adamk, 2016-10-07 21:49:04]

https://codereview.chromium.org/2394823003/diff/1/src/compiler/simplified-ope...
File src/compiler/simplified-operator.cc (right):

https://codereview.chromium.org/2394823003/diff/1/src/compiler/simplified-ope...
src/compiler/simplified-operator.cc:341: return
OpParameter<UnicodeEncoding>(op);
This call is failing under the CFI build:

../../src/compiler/operator.h:216:10: runtime error: control flow integrity
check for type 'v8::internal::compiler::Operator1<v8::internal::UnicodeEncoding,
v8::internal::compiler::OpEqualTo<v8::internal::UnicodeEncoding>,
v8::internal::compiler::OpHash<v8::internal::UnicodeEncoding> >' failed during
cast to unrelated type (vtable address 0x000000dff620)
0x000000dff620: note: vtable is of type
'v8::internal::compiler::SimplifiedOperatorGlobalCache::StringFromCodePointOperator<(v8::internal::UnicodeEncoding)0>'
 00 00 00 00  50 08 a8 00 00 00 00 00  b0 32 ad 00 00 00 00 00  80 08 a8 00 00
00 00 00  b0 08 a8 00
              ^ 
    #0 0xacc5d2 in v8::internal::UnicodeEncoding const&
v8::internal::compiler::OpParameter<v8::internal::UnicodeEncoding>(v8::internal::compiler::Operator
const*)
/b/build/slave/linux64-cfi/build/v8/out/Release/../../src/compiler/operator.h:217:9
    #1 0x4a82d8 in
v8::internal::compiler::UnicodeEncodingOf(v8::internal::compiler::Operator
const*)
/b/build/slave/linux64-cfi/build/v8/out/Release/../../src/compiler/simplified-operator.cc:341:10
[snip]

See
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20-%20cfi/builds...
for details. Unclear to me why this fails only for this case and not other calls
of OpParameter() calls, unless those failures are either suppressed or not
covered by tests.

[adamk, 2016-10-07 21:52:26]

https://codereview.chromium.org/2394823003/diff/1/src/compiler/simplified-ope...
File src/compiler/simplified-operator.cc (right):

https://codereview.chromium.org/2394823003/diff/1/src/compiler/simplified-ope...
src/compiler/simplified-operator.cc:341: return
OpParameter<UnicodeEncoding>(op);
On 2016/10/07 21:49:04, adamk wrote:
> This call is failing under the CFI build:
> 
> ../../src/compiler/operator.h:216:10: runtime error: control flow integrity
> check for type
'v8::internal::compiler::Operator1<v8::internal::UnicodeEncoding,
> v8::internal::compiler::OpEqualTo<v8::internal::UnicodeEncoding>,
> v8::internal::compiler::OpHash<v8::internal::UnicodeEncoding> >' failed during
> cast to unrelated type (vtable address 0x000000dff620)
> 0x000000dff620: note: vtable is of type
>
'v8::internal::compiler::SimplifiedOperatorGlobalCache::StringFromCodePointOperator<(v8::internal::UnicodeEncoding)0>'
>  00 00 00 00  50 08 a8 00 00 00 00 00  b0 32 ad 00 00 00 00 00  80 08 a8 00 00
> 00 00 00  b0 08 a8 00
>               ^ 
>     #0 0xacc5d2 in v8::internal::UnicodeEncoding const&
>
v8::internal::compiler::OpParameter<v8::internal::UnicodeEncoding>(v8::internal::compiler::Operator
> const*)
>
/b/build/slave/linux64-cfi/build/v8/out/Release/../../src/compiler/operator.h:217:9
>     #1 0x4a82d8 in
> v8::internal::compiler::UnicodeEncodingOf(v8::internal::compiler::Operator
> const*)
>
/b/build/slave/linux64-cfi/build/v8/out/Release/../../src/compiler/simplified-operator.cc:341:10
> [snip]
> 
> See
>
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20-%20cfi/builds...
> for details. Unclear to me why this fails only for this case and not other
calls
> of OpParameter() calls, unless those failures are either suppressed or not
> covered by tests.

Actually, this looks like we just need to make StringFromCodePoint subclass
Operator1 instead of Operator. Will see if I can throw together a fix.

[caitp, 2016-10-07 21:54:39]

On 2016/10/07 21:52:26, adamk wrote:
>
https://codereview.chromium.org/2394823003/diff/1/src/compiler/simplified-ope...
> File src/compiler/simplified-operator.cc (right):
> 
>
https://codereview.chromium.org/2394823003/diff/1/src/compiler/simplified-ope...
> src/compiler/simplified-operator.cc:341: return
> OpParameter<UnicodeEncoding>(op);
> On 2016/10/07 21:49:04, adamk wrote:
> > This call is failing under the CFI build:
> > 
> > ../../src/compiler/operator.h:216:10: runtime error: control flow integrity
> > check for type
> 'v8::internal::compiler::Operator1<v8::internal::UnicodeEncoding,
> > v8::internal::compiler::OpEqualTo<v8::internal::UnicodeEncoding>,
> > v8::internal::compiler::OpHash<v8::internal::UnicodeEncoding> >' failed
during
> > cast to unrelated type (vtable address 0x000000dff620)
> > 0x000000dff620: note: vtable is of type
> >
>
'v8::internal::compiler::SimplifiedOperatorGlobalCache::StringFromCodePointOperator<(v8::internal::UnicodeEncoding)0>'
> >  00 00 00 00  50 08 a8 00 00 00 00 00  b0 32 ad 00 00 00 00 00  80 08 a8 00
00
> > 00 00 00  b0 08 a8 00
> >               ^ 
> >     #0 0xacc5d2 in v8::internal::UnicodeEncoding const&
> >
>
v8::internal::compiler::OpParameter<v8::internal::UnicodeEncoding>(v8::internal::compiler::Operator
> > const*)
> >
>
/b/build/slave/linux64-cfi/build/v8/out/Release/../../src/compiler/operator.h:217:9
> >     #1 0x4a82d8 in
> > v8::internal::compiler::UnicodeEncodingOf(v8::internal::compiler::Operator
> > const*)
> >
>
/b/build/slave/linux64-cfi/build/v8/out/Release/../../src/compiler/simplified-operator.cc:341:10
> > [snip]
> > 
> > See
> >
>
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20-%20cfi/builds...
> > for details. Unclear to me why this fails only for this case and not other
> calls
> > of OpParameter() calls, unless those failures are either suppressed or not
> > covered by tests.
> 
> Actually, this looks like we just need to make StringFromCodePoint subclass
> Operator1 instead of Operator. Will see if I can throw together a fix.

Oop, good catch. If you send the patch, that would be great.