Commit Graph

13083 Commits

Author SHA1 Message Date
adamk@chromium.org
ebd4b61f38 Add access check for observed objects
This change is mostly straightforward: for 'normal' sorts of change records,
simply don't deliver a changeRecord to a given observer callback if an access
the callback's Context is not allowed to "GET" or "HAS" changeRecord.name on
changeRecord.object, or if ACCESS_KEYS is disallowed.

For 'splice' records, the question of whether to hand it to an observer is trickier, since
there are multiple properties involved, and multiple types of possible information leakage.
Given that access-checked objects are very rare (only two in Blink, Window and Location),
and that they are not normally used as Arrays, it seems better to simply not emit any splice
records for such objects rather than spending lots of logic to attempt to avoid information
leakage for something that may never happen.

BUG=v8:2778
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/22962009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16663 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-11 20:03:54 +00:00
mstarzinger@chromium.org
718a6a9a9e Revert r16648, r16641, r16638 and r16637.
Original descriptions were:
- "Refactor and cleanup VirtualMemory."
- "Fix typo."
- "Deuglify V8_INLINE and V8_NOINLINE."
- "Don't align size on allocation granularity for unaligned ReserveRegion calls."

Reasons for the revert are:
- Our mjsunit test suite slower by a factor of 5(!) in release mode.
- Flaky cctest/test-alloc/CodeRange on all architectures and platforms.
- Tankage of Sunspider by about 6% overall (unverified).

TBR=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/23970004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16662 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-11 18:30:01 +00:00
mstarzinger@chromium.org
ebbd9c8ed7 Revert "Unify computation of load stubs in stub cache."
TBR=verwaest@chromium.org

Review URL: https://codereview.chromium.org/24095005

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16661 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-11 16:27:41 +00:00
mstarzinger@chromium.org
45a65d870d Unify computation of load stubs in stub cache.
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/23647011

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16660 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-11 15:44:09 +00:00
mstarzinger@chromium.org
8bf91ffe71 Revert "Use trampoline or handlified JSObject::SetLocalPropertyIgnoreAttributes".
This was reverted due to performance regressions on Sunspider and other
benchmarks due to double GCs caused by the trampoline.

R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/23435006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16659 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-11 15:16:56 +00:00
yangguo@chromium.org
ea43b5ea0c Make handle dereference check more precise.
R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/23578022

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16658 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-11 15:12:27 +00:00
palfia@homejinni.com
ef32bb4602 MIPS: remove most uses of Isolate::Current in arch specific files.
Port r16643 (b818da5)

BUG=
R=gergely@homejinni.com

Review URL: https://codereview.chromium.org/24108002

Patch from Balazs Kilvady <kilvadyb@homejinni.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16657 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-11 14:36:27 +00:00
palfia@homejinni.com
f81ac2662a MIPS: thread isolate for EntryHookTrampoline.
Port r16630 (e045054)

BUG=
R=gergely@homejinni.com

Review URL: https://codereview.chromium.org/23503050

Patch from Balazs Kilvady <kilvadyb@homejinni.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16656 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-11 14:15:18 +00:00
mstarzinger@chromium.org
5dc202d274 Revert "Handlify JSObject::AddProperty method" for performance.
TBR=verwaest@chromium.org

Review URL: https://codereview.chromium.org/23464069

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16655 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-11 13:42:57 +00:00
mvstanton@chromium.org
6790b83748 To diagnose chromium bug 284577, some additional CHECKS. TODOs are
added so these can be backed out once the cause of the bug is determined.

BUG=
R=hpayer@chromium.org

Review URL: https://codereview.chromium.org/23936007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16654 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-11 13:39:11 +00:00
verwaest@chromium.org
dcad4b8d08 Delete useless CompileStoreGlobal
StoreGlobal stubs are generated by Hydrogen now

BUG=
R=verwaest@chromium.org

Review URL: https://chromiumcodereview.appspot.com/23881004

Patch from Weiliang Lin <weiliang.lin2@gmail.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16653 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-11 13:34:07 +00:00
yangguo@chromium.org
64bb1800a5 Add assertion to UniqueValueId constructor.
R=verwaest@chromium.org
BUG=

Review URL: https://codereview.chromium.org/23781006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16652 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-11 13:00:27 +00:00
titzer@chromium.org
1610803b79 Improve alias analysis for HConstants (and fix small snafu in MustAlias).
BUG=
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/24107003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16651 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-11 12:59:07 +00:00
dslomov@chromium.org
488ba18a13 Clean-up v8::ArrayBuffer::Allocator interface
BUG=v8:2823
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/23514050

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16650 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-11 12:54:28 +00:00
yangguo@chromium.org
62ac593d5a Pass PC offset into runtime when compiling for OSR.
R=titzer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/23842004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16649 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-11 12:39:00 +00:00
bmeurer@chromium.org
0e7f6a296e Don't align size on allocation granularity for unaligned ReserveRegion calls.
Also add additional ASSERTs to help tracking the flaky
test-alloc/CodeRange in Windows.

R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/23542027

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16648 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-11 11:33:18 +00:00
mstarzinger@chromium.org
c570640334 Handlify JSObject::AddProperty method.
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/23883007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16647 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-11 11:00:36 +00:00
dcarney@chromium.org
bf503d5f76 thread isolate for logging calls
R=svenpanne@chromium.org
BUG=

Review URL: https://codereview.chromium.org/23710025

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16646 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-11 10:59:39 +00:00
titzer@chromium.org
8656dfdff9 Implement simplistic local alias analysis, which will be used in both check elimination and load elimination.
BUG=
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/23516010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16645 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-11 10:53:56 +00:00
rossberg@chromium.org
efd71c9999 performChange no longer takes a |receiver| argument.
The spec omits the receiver arg with the idea arrow functions with lexical |this| will obviate the need for it.

BUG=
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/23727006

Patch from Rafael Weinstein <rafaelw@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16644 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-11 10:52:20 +00:00
dcarney@chromium.org
0a6d15453c remove most uses of Isolate::Current in arch specific files
R=svenpanne@chromium.org
BUG=

Review URL: https://codereview.chromium.org/24031003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16643 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-11 10:51:06 +00:00
mstarzinger@chromium.org
ae7813cacf Use trampoline or handlified JSObject::SetLocalPropertyIgnoreAttributes.
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/24093002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16642 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-11 10:46:49 +00:00
bmeurer@chromium.org
b60d340e08 Deuglify V8_INLINE and V8_NOINLINE.
R=dslomov@chromium.org

Review URL: https://codereview.chromium.org/23494047

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16641 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-11 10:28:09 +00:00
bmeurer@chromium.org
b60b8c3b4b Fix leftover usage of OS::Allocate().
TBR=verwaest@chromium.org

Review URL: https://codereview.chromium.org/23514048

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16640 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-11 09:37:37 +00:00
titzer@chromium.org
562d8ddcb9 Remove dead strings from heap.h
BUG=
R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/23600023

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16639 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-11 08:58:38 +00:00
bmeurer@chromium.org
269ce960cf Fix typo.
TBR=verwaest@chromium.org

Review URL: https://codereview.chromium.org/23710023

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16638 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-11 08:56:33 +00:00
bmeurer@chromium.org
a797a35975 Refactor and cleanup VirtualMemory.
Remove a lot of platform duplication, and simplify the virtual
memory implementation. Also improve readability by avoiding bool
parameters for executability (use a dedicated Executability type
instead).

Get rid of the Isolate::UncheckedCurrent() call in the platform
code, as part of the Isolate TLS cleanup.

Use a dedicated random number generator for the address
randomization, instead of messing with the per-isolate random
number generators.

TEST=cctest/test-virtual-memory
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/23641009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16637 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-11 08:47:02 +00:00
dcarney@chromium.org
9a8344b1e7 some random isolate threading
R=svenpanne@chromium.org
BUG=

Review URL: https://codereview.chromium.org/23494046

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16636 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-11 08:39:38 +00:00
hpayer@chromium.org
4537c07354 Prepare push to trunk. Now working on version 3.21.14.
R=yangguo@chromium.org
BUG=

Review URL: https://codereview.chromium.org/23994004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16633 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-11 08:23:37 +00:00
dcarney@chromium.org
afabbe177d remove ISOLATE
R=svenpanne@chromium.org
BUG=

Review URL: https://codereview.chromium.org/23480067

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16632 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-11 07:28:47 +00:00
dcarney@chromium.org
cc2257b92a move HEAP to /test
R=svenpanne@chromium.org
BUG=

Review URL: https://codereview.chromium.org/23468021

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16631 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-11 07:14:41 +00:00
dcarney@chromium.org
c2bea784e1 thread isolate for EntryHookTrampoline
R=svenpanne@chromium.org
BUG=

Review URL: https://codereview.chromium.org/23587019

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16630 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-11 06:56:47 +00:00
adamk@chromium.org
9139e1a864 This patch implements optimized objectInfo structure which manages the set of observers associated with an object and the changeRecord types which they accept.
Observation in the normal case (Object.observe, default accept types, one observer) now allocates fewer objects and unobservation no longer needs to scan and splice an InternalArray -- making the combined speed of observe/unobserve about 200% faster.

This patch implements the following optimizations:

-objectInfo is initially created without any connected objects or arrays. The first observer is referenced directly by objectInfo, and when a second observer is added, changeObservers converts to a mapping of callbackPriority->observer, which allows for constant time registration/de-registration.

-observer.accept and objectInfo.performing are conceptually the same data-structure. This is now directly represented as an abstract "TypeMap" which can later be optimized to be a smi in common cases, (e.g:   https://codereview.chromium.org/19269007/).

-objectInfo observers are only represented by an object with an accept typeMap if the set of accept types is non-default

R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/19541010

Patch from Rafael Weinstein <rafaelw@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16629 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-10 18:13:54 +00:00
hpayer@chromium.org
f0f3ddc5c7 Check that AllocationMementos never get scavengend.
BUG=
R=mstarzinger@chromium.org, mvstanton@chromium.org

Review URL: https://codereview.chromium.org/24052003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16628 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-10 17:29:39 +00:00
yangguo@chromium.org
534434e616 a small fix: DependentCode contains check against related dependency group
BUG=
R=ulan@chromium.org, yangguo@chromium.org

Review URL: https://codereview.chromium.org/23648009

Patch from Weiliang Lin <weiliang.lin2@gmail.com>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16627 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-10 16:41:46 +00:00
mstarzinger@chromium.org
1c91d00bf7 Remove V8_WARN_UNUSED_RESULT for simple getters.
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/23629031

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16624 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-10 15:03:17 +00:00
mstarzinger@chromium.org
448d98e19d Use raw-to-handle trampoline in [Get/Set]HiddenPropertiesHashTable.
R=danno@chromium.org

Review URL: https://codereview.chromium.org/23629040

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16623 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-10 14:33:06 +00:00
dcarney@chromium.org
47e86b889e Get rid of most uses of 'Temporary macro' HEAP
R=svenpanne@chromium.org
BUG=

Review URL: https://codereview.chromium.org/23708030

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16622 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-10 14:30:36 +00:00
dcarney@chromium.org
ce687e4bed thread isolate for DebugMessage
R=svenpanne@chromium.org
BUG=

Review URL: https://codereview.chromium.org/23904012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16621 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-10 14:26:07 +00:00
rodolph.perfetta@gmail.com
2846d9f394 ARM: replace RegExpCEntryStub with DirectCEntryStub.
RegExpCEntryStub is therefore removed.

BUG=none
TEST=none
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/23468015

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16618 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-10 13:50:26 +00:00
bmeurer@chromium.org
7bb320087b Fix clang C++11 compiler warning.
TBR=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/23658034

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16617 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-10 13:39:53 +00:00
olivf@chromium.org
3483c257d2 Revert TranscendentalCacheStub changes in r16615.
BUG=
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/23889013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16616 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-10 13:28:21 +00:00
olivf@chromium.org
f1b908d566 Move ToInt conversions to the MacroAssembler for x64
+ Prevent truncating TaggedToI from bailing out.

(This is a port of r16464)

BUG=
R=titzer@chromium.org

Review URL: https://codereview.chromium.org/23938003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16615 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-10 12:37:30 +00:00
bmeurer@chromium.org
7f0f84c0a5 Fix MSVC compiler warning after commit r16612.
TBR=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/23534052

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16614 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-10 11:33:14 +00:00
svenpanne@chromium.org
527152aa5c Initialize forgotten Isolate member.
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/23769008

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16613 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-10 11:32:15 +00:00
bmeurer@chromium.org
eb381b9444 Introduce a RandonNumberGenerator class. Refactor the random/private_random uses in Isolate/Context.
The RandomNumberGenerator is a pseudorandom number generator
with 48-bit state. It is properly seeded using either

(1) the --random-seed if specified, or
(2) the entropy_source function if configured, or
(3) /dev/urandom if available, or
(4) falls back to Time and TimeTicks based seeding.

Each Isolate now contains a RandomNumberGenerator, which replaces
the previous private_random_seed.

Every native context still has its own random_seed. But this random
seed is now properly initialized during bootstrapping,
instead of on-demand initialization. This will allow us to cleanup
and speedup the HRandom implementation quite a lot (this is delayed
for a followup CL)!

Also stop messing with the system rand()/random(), which should
not be done from a library anyway! We probably re-seeded the
libc rand()/random() after the application (i.e. Chrome) already
seeded it (with better entropy than what we used).

Another followup CL will replace the use of the per-isolate
random number generator for the address randomization and
thereby get rid of the Isolate::UncheckedCurrent() usage in
the platform code.

TEST=cctest/test-random-number-generator,cctest/test-random
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/23548024

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16612 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-10 11:13:55 +00:00
loislo@chromium.org
f6b7ec4da0 HeapProfiler: very slow ~4min "take snapshot time" for 80MB gmail heap.
The reason of that is a number of cons strings in the app.
The app constructs a json string and as a result v8 heap has
a very long chain of cons strings.

Profiler counts all these strings as plain String objects and
assign the content of the strings as node names.

It required O(n^2) time and O(n^2) memory.

Solution: I introduced two new types, kConsString and kSliced string.
They do not use the content of the string for names. So the problem disappeared.

The heap profiler usability problem will be solved on Blink side.

BUG=285770
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/23460027

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16611 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-10 11:12:35 +00:00
titzer@chromium.org
8b280df422 Remove unused method HType::IsTagged().
BUG=
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/24087004

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16610 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-10 11:11:26 +00:00
yangguo@chromium.org
5a5f863f13 Fix concurrent osr.
InstallOptimizedCode aquires ownership on the compilation info and deletes
it on return, tearing down the attached zone.  The OptimizingCompiler
object is a zone object allocated in just that zone, so it also gets
deleted.  Effectively, InstallOptimizedCode cleans up when it's done, so
the OptimizingCompiler object it receives is invalidated afterwards.

R=titzer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/23769007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16609 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-10 11:09:22 +00:00
svenpanne@chromium.org
4ef84b9240 Add a ResourceConstraint for the embedder to specify that V8 is running on a memory constrained device.
This enables us to specialize certain operations such that we limit memory
usage on low-memory devices, without reducing performance on devices which
are not memory constrained.

BUG=chromium:280984
R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/23464022

Patch from Ross McIlroy <rmcilroy@chromium.org>.

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16608 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2013-09-10 10:57:00 +00:00