Commit Graph

27098 Commits

Author SHA1 Message Date
jkummerow
c3688c1aec Implement JSProxy::GetOwnPropertyDescriptor.
Next step: expose it to JS and test it.

BUG=v8:1543
LOG=n
R=cbruni@chromium.org

Review URL: https://codereview.chromium.org/1439353004

Cr-Commit-Position: refs/heads/master@{#32006}
2015-11-16 11:59:56 +00:00
ahaas
dffecf31fc [turbofan] Added the optional Float64RoundTiesEven operator to turbofan.
The TiesEven rounding mode rounds float64 numbers to the nearest
integer. If there are two nearest integers, then the number is rounded
to the even one.  This is the default rounding mode according to
IEEE~754.

I implemented the operator on ia32, x64, arm, arm64, mips, and mips64.

I think there is a bug in the current implementation of the ppc
simulator, which kept me from implementing the operator on ppc.
According to my understanding of the ppc instruction manual, the FRIN
instruction provides the right behavior for Float64RoundTiesEven. In the
simulator, however, FRIN provides a different semantics. If there are
two nearest integers, then the simulator returns the one which is
further away form 0.

Review URL: https://codereview.chromium.org/1440293002

Cr-Commit-Position: refs/heads/master@{#32005}
2015-11-16 11:31:40 +00:00
ahaas
1389b9f53c [turbofan] Added the optional Float64RoundUp operator to turbofan.
I implemented it on x64, ia32, arm, arm64, mips, mips64, and ppc.

Review URL: https://codereview.chromium.org/1444583002

Cr-Commit-Position: refs/heads/master@{#32004}
2015-11-16 10:37:44 +00:00
bmeurer
5679180576 [turbofan] Add support for elements kind transitions.
Extend the ElementAccessInfo machinery with support for elements kind
transitions, which can be either in-place updates of the map (i.e. when
going from FAST_SMI_ELEMENTS to FAST_ELEMENTS) or instance migrations
utilizing the TransitionElementsKindStub.

R=jarin@chromium.org
BUG=v8:4470
LOG=n

Review URL: https://codereview.chromium.org/1452563002

Cr-Commit-Position: refs/heads/master@{#32003}
2015-11-16 10:15:59 +00:00
zhengxing.li
43ef9bc632 X87: [builtins] One runtime fallback is enough for the String constructor.
port 34b7b21d1d (r32000)

  original commit message:
  If inline allocation fails, we can just use the %NewObject fallback,
  which will do the right thing. We don't need a dedicated fallback to
  %AllocateInNewSpace.

BUG=

Review URL: https://codereview.chromium.org/1451603002

Cr-Commit-Position: refs/heads/master@{#32002}
2015-11-16 04:33:16 +00:00
zhengxing.li
1dcf534c2c X87: [turbofan] Better and more sane support for tail calls
port ff283f7ded (r31987)

    original commit message:
    * Limit triggering of tail calls to explicit use of a new inline runtime
      function %_TailCall. %_TailCall works just like %_Call except for using
      tail-calling mechanics (currently only in TF).
    * Remove hack that recognized some specific usages of %_Call and converted them
      into tail calls.
    * Support tail calls for all calls where the number of callee stack parameters
      is less than or equal to the number of caller stack parameters.
    * Use the gap resolver to swizzle parameters and registers to tail calls.

BUG=

Review URL: https://codereview.chromium.org/1445023002

Cr-Commit-Position: refs/heads/master@{#32001}
2015-11-16 04:31:23 +00:00
bmeurer
34b7b21d1d [builtins] One runtime fallback is enough for the String constructor.
If inline allocation fails, we can just use the %NewObject fallback,
which will do the right thing. We don't need a dedicated fallback to
%AllocateInNewSpace.

R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/1440193003

Cr-Commit-Position: refs/heads/master@{#32000}
2015-11-15 19:19:29 +00:00
paul.lind
2058991122 Fix gcc 4.9.2 signed-compare error.
From 60e7ea8a99 / https://codereview.chromium.org/1409993012

BUG=

Review URL: https://codereview.chromium.org/1442143003

Cr-Commit-Position: refs/heads/master@{#31999}
2015-11-15 12:48:19 +00:00
v8-autoroll
1f4d9ecf6b Update V8 DEPS.
Rolling v8/build/gyp to 33b351b2eda8facc464c89213fc8cd9919666c05

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review URL: https://codereview.chromium.org/1441243006

Cr-Commit-Position: refs/heads/master@{#31998}
2015-11-15 02:26:50 +00:00
mlippautz
60e7ea8a99 Add {CancelableTaskManager} to handle {Cancelable} concurrent tasks.
This change binds each {Cancelable} task to a so-called {CancelableTaskManager},
which is then used to handle concurrent cancelation as well as synchronizing
shutdown for already running tasks.  Since ownership of tasks is transferred to
the platform executing a task (destructor), handling in the manager uses integer
ids. Note that this also mitigates (modulo integer size) the ABA problem.

All handling of {Cancelable} tasks is now encapsulated into the corresponding
manager, which is instantiated for each isolate.

R=hpayer@chromium.org
BUG=chromium:524425
LOG=N
CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg;tryserver.v8:v8_linux_gc_stress_dbg;tryserver.v8:v8_mac_gc_stress_dbg;tryserver.v8:v8_linux64_msan_rel;tryserver.v8:v8_linux64_tsan_rel;tryserver.v8:v8_mac64_asan_rel

Review URL: https://codereview.chromium.org/1409993012

Cr-Commit-Position: refs/heads/master@{#31997}
2015-11-14 01:20:14 +00:00
mbrandy
61a39335c6 Fix "[turbofan] Spill rsi and rdi in their existing locations."
Commit 20f3a07782 broke platforms using
embedded constant pools due to assumptions regarding stack frame
layout.

R=mtrofin@chromium.org, bmeurer@chromium.org, jarin@chromium.org, michael_dawson@ca.ibm.com
BUG=v8:4548
LOG=n

Review URL: https://codereview.chromium.org/1442273002

Cr-Commit-Position: refs/heads/master@{#31996}
2015-11-13 22:51:53 +00:00
adamk
fd3ff03da2 Fix harmony sloppy block scoping dynamic redeclaration check
The previous code did not properly check for harmony const when
doing the dynamic redeclaration check. This was masked in the
test because each eval had an initializer, and the initializer was what
triggered the exception.

This patch tightens the test by removing initializers and fixes the bug in
DeclareLookupSlot.

Also change the test to use assertThrows where possible.

BUG=v8:4550
LOG=n

Review URL: https://codereview.chromium.org/1437003006

Cr-Commit-Position: refs/heads/master@{#31995}
2015-11-13 21:04:15 +00:00
mbrandy
cf2f6b80cb PPC: [turbofan] Better and more sane support for tail calls
Port ff283f7ded

Original commit message:
    * Limit triggering of tail calls to explicit use of a new inline runtime
      function %_TailCall. %_TailCall works just like %_Call except for using
      tail-calling mechanics (currently only in TF).
    * Remove hack that recognized some specific usages of %_Call and converted them
      into tail calls.
    * Support tail calls for all calls where the number of callee stack parameters
      is less than or equal to the number of caller stack parameters.
    * Use the gap resolver to swizzle parameters and registers to tail calls.

R=danno@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=v8:4076
LOG=n

Review URL: https://codereview.chromium.org/1442143002

Cr-Commit-Position: refs/heads/master@{#31994}
2015-11-13 20:36:56 +00:00
mlippautz
c0d310bdf8 [heap] Do not require kRingBufferMaxSize samples for estimating compaction speed
There is no need to require kRingbufferMaxSize samples for estimating the
compaction speed, as the number is already quite stable with a single sample
(which may include timings from compacting multiple pages).

R=hpayer@chromium.org
BUG=chromium:524425
LOG=N

Review URL: https://codereview.chromium.org/1440423002

Cr-Commit-Position: refs/heads/master@{#31993}
2015-11-13 20:25:23 +00:00
ishell
5ba9ea1802 Avoid manual object's body traversal in GC.
This CL introduces the following visitors:
1) RecordMigratedSlotVisitor which simplifies MarkCompactCollector::MigrateObject().
2) IteratePointersToFromSpaceVisitor which simplifies Heap::IteratePointersToFromSpace().
3) FindPointersToNewSpaceVisitor which simplifies StoreBuffer::IteratePointersToNewSpace().

These changes make the object's body descriptors the one and only place that knows how to traverse the object.

Review URL: https://codereview.chromium.org/1441453002

Cr-Commit-Position: refs/heads/master@{#31992}
2015-11-13 19:11:48 +00:00
mbrandy
06336a7d41 PPC: Fix simulation of floating point <-> integer conversion.
Avoid unnecessary casts to double as this my mistakenly alter NaN bits.

R=ahaas@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1445603002

Cr-Commit-Position: refs/heads/master@{#31991}
2015-11-13 18:57:49 +00:00
jkummerow
b9760afead Split ValidateAndApplyPropertyDescriptor out of OrdinaryDefineOwnProperty
In preparation for JSProxy::GetOwnProperty.

R=cbruni@chromium.org

Review URL: https://codereview.chromium.org/1443683003

Cr-Commit-Position: refs/heads/master@{#31990}
2015-11-13 17:18:31 +00:00
adamk
e971005638 Run the materialized literal reindexer on default parameter initializers
R=rossberg@chromium.org
BUG=chromium:554865
LOG=n

Review URL: https://codereview.chromium.org/1442653004

Cr-Commit-Position: refs/heads/master@{#31989}
2015-11-13 17:11:05 +00:00
mtrofin
20f3a07782 [turbofan] Spill rsi and rdi in their existing locations.
We push the context and the js function onto the stack as part of the
frame construction. The register allocator is presented with virtual
registers for the above as defined from their corresponding registers. It
then goes on to spilling them somewhere else on the stack.

This means each function spends two redundant spills and two
unnecessary stack slots.

This change addresses this issue.

We present these parameters (context and function) to the register
allocator as an UnallocatedOperand having a "secondary storage". The
secondary storage is then associated to the live range as its
spill operand. We capture the definition of the live range so that we can
then commit the spill (in this case, eliminate) through a variation of the
mechanics of the CommitAssignment phase.

The register allocator validator also needed update to understand
UnallocatedOperands with a secondary storage.

The change renames the SpillAtDefinitionList and related APIs to better
capture their intent - the old names suggested spills happened upon
calling. In reality, potential spill locations were thus recorded, and later
committed (or not, in certain cases) after register allocation.

BUG= v8:4548
LOG=n

Review URL: https://codereview.chromium.org/1426943010

Cr-Commit-Position: refs/heads/master@{#31988}
2015-11-13 16:34:22 +00:00
danno
ff283f7ded [turbofan] Better and more sane support for tail calls
* Limit triggering of tail calls to explicit use of a new inline runtime
  function %_TailCall. %_TailCall works just like %_Call except for using
  tail-calling mechanics (currently only in TF).
* Remove hack that recognized some specific usages of %_Call and converted them
  into tail calls.
* Support tail calls for all calls where the number of callee stack parameters
  is less than or equal to the number of caller stack parameters.
* Use the gap resolver to swizzle parameters and registers to tail calls.

BUG=v8:4076
LOG=n

Review URL: https://codereview.chromium.org/1439613003

Cr-Commit-Position: refs/heads/master@{#31987}
2015-11-13 16:08:30 +00:00
mstarzinger
c42f188ce2 [turbofan] Fix OSR entry in case label.
With do-expressions any expression used as a case label can turn into an
OSR entry-point. This means the value being switched over is renamed to
an OSR value and needs to be reloaded from the environment at each case.

R=rossberg@chromium.org
TEST=mjsunit/regress/regress-osr-in-case-label

Review URL: https://codereview.chromium.org/1438123007

Cr-Commit-Position: refs/heads/master@{#31986}
2015-11-13 16:05:28 +00:00
hablich
f25e0f2f26 Update version to 4.9
TBR=machenbach@chromium.org
NOTRY=true

Review URL: https://codereview.chromium.org/1443673002

Cr-Commit-Position: refs/heads/master@{#31985}
2015-11-13 14:27:28 +00:00
mythria
f665c823dd [Interpreter] Adds an optimization to remove redundant Ldar/Star.
Adds an optimization to omit generating Ldar/Star if the same register
is loaded or stored from the accumulator in the earlier instruction.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1435283002

Cr-Commit-Position: refs/heads/master@{#31984}
2015-11-13 14:15:35 +00:00
cbruni
24e058d0ed [runtime] support new Proxy() instead of Proxy.create and install getPrototypeOf trap
LOG=N
BUG=v8:1543

Review URL: https://codereview.chromium.org/1417063011

Cr-Commit-Position: refs/heads/master@{#31983}
2015-11-13 14:14:07 +00:00
mstarzinger
83e9ea1e49 [turbofan] Ensure inlined constructor calls still throw.
This makes sure that inlining a constructor call to a function which
cannot be used as a constructor (e.g. strong mode function) still does
throw correctly when the implicit receiver is created.

R=bmeurer@chromium.org
TEST=mjsunit/regress/regress-inline-strong-as-construct
BUG=v8:4544
LOG=n

Review URL: https://codereview.chromium.org/1447443002

Cr-Commit-Position: refs/heads/master@{#31982}
2015-11-13 14:05:48 +00:00
rossberg
84b4e1d433 Revert "[es6] Optimize String{Starts, Ends}With"
This reverts commit b7db5cd9c7
(https://codereview.chromium.org/1324353002/).

Our internal dashboard shows that this patch has introduced massive (3x) performance regressions for string ops. This is probably due to it repeatedly invoking %_StringCharCodeAt in a loop, which is far from cheap (has to dispatch on one of our 30+ string representations each time).

TBR=dehrenberg@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1439083003

Cr-Commit-Position: refs/heads/master@{#31981}
2015-11-13 13:18:13 +00:00
ishell
138eb324ea Object's body descriptors refactoring.
1) Body descriptors moved to their own header files.
2) Missing body descriptors added.
3) Template versions of HeapObject::Iterate*() methods added.
4) Body descriptors support new kind of queries: IsValidSlot(offset) which can be used for invalid slots filtering.

This is a first step towards virtual and static visitors unification and support in-object properties in built-in (sub-)classes.

Review URL: https://codereview.chromium.org/1440243002

Cr-Commit-Position: refs/heads/master@{#31980}
2015-11-13 12:32:30 +00:00
bmeurer
55c07a8b2f [turbofan] Introduce JSCallReducer to strength reduce JSCallFunction nodes.
The JSCallReducer runs together with inlining and tries to strength
reduce JSCallFunction nodes; currently it can fold
Function.prototype.call and Function.prototype.apply (with arguments),
and make it possible to inline across them.

In the case of Function.prototype.apply with arguments we still have to
leave the JSCreateArguments node in the graph because there might be
other (frame state) uses. Once escape analysis is ready, it will take
care of removing these nodes and adding appropriate transitions for the
deoptimizer.

R=jarin@chromium.org
BUG=v8:4551
LOG=n

Review URL: https://codereview.chromium.org/1445513002

Cr-Commit-Position: refs/heads/master@{#31979}
2015-11-13 12:20:01 +00:00
mstarzinger
83a6ab85cc [turbofan] Rename "original constructor" to "new target".
This aligns the naming of "new target" with the spec text throughout
TurboFan and the stack frame walker. The goal is to avoid unnecessary
confusion for people familiar with the spec.

R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/1442643002

Cr-Commit-Position: refs/heads/master@{#31978}
2015-11-13 11:53:38 +00:00
yangguo
a7e50a5e06 [JSON stringifier] Reintroduce fast path with bail out to slow path.
R=verwaest@chromium.org
BUG=chromium:554946
LOG=N

Review URL: https://codereview.chromium.org/1442963002

Cr-Commit-Position: refs/heads/master@{#31977}
2015-11-13 10:09:47 +00:00
jarin
95cb324adb [turbofan] Move simplified alloc, load and store lowering to change lowering.
This is necessary to allow more optimizations to take place between
the representation inference and change lowering. Perhaps we want
to rename SimplifiedLowering -> RepresentationInference and
ChangeLowering -> SimplifiedLowering.

Review URL: https://codereview.chromium.org/1439473003

Cr-Commit-Position: refs/heads/master@{#31976}
2015-11-13 08:12:14 +00:00
bmeurer
47396c4142 [turbofan] Don't abort inlining on first failed attempt.
Continue with the other candidates in case of a failed attempt to inline
a certain candidate.

TBR=mstarzinger@chromium.org
BUG=v8:4493
LOG=n

Review URL: https://codereview.chromium.org/1435373002

Cr-Commit-Position: refs/heads/master@{#31975}
2015-11-13 04:51:08 +00:00
v8-autoroll
d8d5676e62 Update V8 DEPS.
Rolling v8/buildtools to 3ba3ca22ec610fe95683f6bfdeea9d90c768abd7

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review URL: https://codereview.chromium.org/1436393003

Cr-Commit-Position: refs/heads/master@{#31974}
2015-11-13 04:19:56 +00:00
akos.palfi
01d77cc39b MIPS64: Implemented the RoundUint64ToFloat64 TurboFan operator for x64 and arm64.
Port 857cd4c1f0

BUG=

Review URL: https://codereview.chromium.org/1439053003

Cr-Commit-Position: refs/heads/master@{#31973}
2015-11-13 00:50:35 +00:00
neis
69d218c03f [proxies] Remove "fix" functionality, add (still unused) target property.
BUG=

Review URL: https://codereview.chromium.org/1427743011

Cr-Commit-Position: refs/heads/master@{#31972}
2015-11-12 22:12:06 +00:00
caitpotter88
fa9c39eead [Intl] create new instances when new.target is undefined
BUG=v8:4360
LOG=N
R=littledan@chromium.org

Review URL: https://codereview.chromium.org/1440593003

Cr-Commit-Position: refs/heads/master@{#31971}
2015-11-12 21:46:24 +00:00
mlippautz
ccae6b51a1 [heap] Fix type conversion in gc tracer
R=hpayer@chromium.org

Review URL: https://codereview.chromium.org/1438313002

Cr-Commit-Position: refs/heads/master@{#31970}
2015-11-12 19:41:53 +00:00
ahaas
71348aa2a0 [x64] Fixed a rounding error on x64 for the Uint64ToF64 conversion.
The least significant bit of the input value may affect the result of
the conversion through rounding. We OR the least significant with the
second least significant bit to preserve it over the SHR instruction.

R=titzer@chromium.org

Review URL: https://codereview.chromium.org/1435203003

Cr-Commit-Position: refs/heads/master@{#31969}
2015-11-12 19:36:16 +00:00
yangguo
6df9a1db8c [JSON stringifier] Correctly load array elements.
BUG=chromium:554946
LOG=y
R=jkummerow@chromium.org, jochen@chromium.org

Review URL: https://codereview.chromium.org/1435083003

Cr-Commit-Position: refs/heads/master@{#31968}
2015-11-12 19:30:58 +00:00
mbrandy
f83b8a61cf Skip test-run-machops/RunComputedCodeObject on AIX and PPC64BE.
This test, as written, is invalid on platforms which use function
descriptors.

See https://codereview.chromium.org/1377423002/ for background.

R=mstarzinger@chromium.org, titzer@chromium.org, michael_dawson@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1438803002

Cr-Commit-Position: refs/heads/master@{#31967}
2015-11-12 19:10:32 +00:00
adamk
b0b97da506 [cleanup] Remove un-scoped ParseBlock from Parser
Because the Scope will be optimized away by the call to
FinalizeBlockScope in the case where there are no lexical
declarations in the block, this should have no effect on
anything downstream from the Parser, and simply removes
duplicate parsing code.

Due to the change from ParseStatement to ParseStatementListItem,
this will result in slightly different error messages for
lexical declarations in sloppy mode (until those are shipped).

R=littledan@chromium.org, rossberg@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1433743005

Cr-Commit-Position: refs/heads/master@{#31966}
2015-11-12 17:41:37 +00:00
adamk
e752f964b6 Ship --harmony-default-parameters
BUG=v8:2160
LOG=y

Review URL: https://codereview.chromium.org/1438753002

Cr-Commit-Position: refs/heads/master@{#31965}
2015-11-12 15:59:13 +00:00
evan.lucas
bc2e393b4c [tools] Make gen-postmortem-metadata.py more reliable
Instead of basing matches off of whitespace, walk the inheritance chain and include any classes that inherit from Object.

R=machenbach@chromium.org,jkummerow@chromium.org
NOTRY=true

Review URL: https://codereview.chromium.org/1435643002

Cr-Commit-Position: refs/heads/master@{#31964}
2015-11-12 14:48:04 +00:00
mbrandy
59a0641820 Fix test-heap/LargeObjectSlotRecording.
Remove hard-coded assumption of large object size threshold.

This test fails on PPC in version 4.7 where the threshold is derived
directly from the allocator's pagesize.

R=hpayer@chromium.org, mstarzinger@chromium.org, michael_dawson@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1440723002

Cr-Commit-Position: refs/heads/master@{#31963}
2015-11-12 14:33:19 +00:00
jkummerow
d001cd5665 [proxies] Teach ToPropertyDescriptor to deal with Proxies
BUG=v8:1543
LOG=n

Review URL: https://codereview.chromium.org/1438233002

Cr-Commit-Position: refs/heads/master@{#31962}
2015-11-12 14:17:51 +00:00
fedor
2b6d07abb2 tools: fix typo in postmortem generator
BUG=
R=machenbach

Review URL: https://codereview.chromium.org/1439763002

Cr-Commit-Position: refs/heads/master@{#31961}
2015-11-12 14:11:32 +00:00
bmeurer
c55161bf16 [turbofan] Add support for %_IsSpecObject intrinsic lowering.
Now JSIntrinsicLowering can also lower %_IsSpecObject intrinsics to a
diamond.

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1436943005

Cr-Commit-Position: refs/heads/master@{#31960}
2015-11-12 14:05:49 +00:00
ishell
722e19efd6 Fixing --verify-predictable mode.
This CL fixes several sources of non-predictability by making Platform::MonotonicallyIncreasingTime() the only bottleneck for all time-querying functions and providing PredictablePlatform implementation.

Review URL: https://codereview.chromium.org/1415383004

Cr-Commit-Position: refs/heads/master@{#31959}
2015-11-12 13:43:04 +00:00
bmeurer
0b0581421e [turbofan] Make inlining heuristic less greedy.
Only inline one candidate per iteration to make sure we really inline
the stuff that is called most often.

R=mstarzinger@chromium.org
BUG=v8:4493, v8:4544
LOG=n

Review URL: https://codereview.chromium.org/1439773003

Cr-Commit-Position: refs/heads/master@{#31958}
2015-11-12 13:28:19 +00:00
bmeurer
c4e19c7d8d [turbofan] Lower JSCreate to an inline allocation in JSTypedLowering.
This adds initial support for fast inline allocations of JSObject
instances. It currently has exactly the same limitations as Crankshaft.

R=mstarzinger@chromium.org
BUG=v8:4544
LOG=n

Review URL: https://codereview.chromium.org/1441573004

Cr-Commit-Position: refs/heads/master@{#31957}
2015-11-12 12:57:32 +00:00