Commit Graph

25283 Commits

Author SHA1 Message Date
bmeurer
359645f481 [runtime] Initial step towards switching Execution::Call to callable.
Currently Execution::Call (and friends) still duplicate a lot of the
Call sequence logic that should be encapsulated in the Call and
CallFunction builtins. So the plan now is to switch Execution::Call
to accept any Callable and just pass that through to the Call builtin.

CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_dbg
R=jarin@chromium.org
BUG=v8:4413
LOG=n

Review URL: https://codereview.chromium.org/1353723002

Cr-Commit-Position: refs/heads/master@{#30791}
2015-09-17 09:05:46 +00:00
neis
1328715977 Intersection of certain constants with bitsets was wrongly non-empty.
R=jarin
BUG=

Review URL: https://codereview.chromium.org/1343933002

Cr-Commit-Position: refs/heads/master@{#30790}
2015-09-17 08:52:10 +00:00
hpayer
1eeb41692a [heap] Inline record slot methods.
BUG=chromium:532784
LOG=n

Review URL: https://codereview.chromium.org/1347363002

Cr-Commit-Position: refs/heads/master@{#30789}
2015-09-17 08:44:24 +00:00
mlippautz
7a0a0b8b85 Revert of [heap] Introduce parallel compaction algorithm. (patchset #9 id:160001 of https://codereview.chromium.org/1343333002/ )
Reason for revert:
Check failed: https://chromegw.corp.google.com/i/client.v8/builders/V8%20Win64/builds/5535/steps/Check%20%28flakes%29/logs/IndependentWeakHandle

Original issue's description:
> [heap] Introduce parallel compaction algorithm.
>
> - The number of parallel tasks is still 1, i.e., we only compact on the main
>   thread.
> - Remove emergency memory (PagedSpace, and CodeRange)
> - Introduce partial compaction of pages.
> - Logic for multiple tasks is in place.
>
> BUG=chromium:524425
> LOG=N
>
> Committed: https://crrev.com/61ea4f55616d3f7bc2ce049a678f16f7475e03e0
> Cr-Commit-Position: refs/heads/master@{#30787}

TBR=hpayer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:524425

Review URL: https://codereview.chromium.org/1347873003

Cr-Commit-Position: refs/heads/master@{#30788}
2015-09-17 07:58:35 +00:00
mlippautz
61ea4f5561 [heap] Introduce parallel compaction algorithm.
- The number of parallel tasks is still 1, i.e., we only compact on the main
  thread.
- Remove emergency memory (PagedSpace, and CodeRange)
- Introduce partial compaction of pages.
- Logic for multiple tasks is in place.

BUG=chromium:524425
LOG=N

Review URL: https://codereview.chromium.org/1343333002

Cr-Commit-Position: refs/heads/master@{#30787}
2015-09-17 07:36:09 +00:00
bmeurer
7be2555151 Revert "[profiler] Make no frame region detection code more robust", "Fix ASAN after r30777" and "Fix MSAN warning after r30777 (try 2)"
This reverts commits 12c7bc9a22,
cb0b359225, and
a6e00c6a9f, because they introduced weird
flaky crashes in random places now at least in the arm simulator, where
it see that quite often now on different change sets, i.e. see

http://build.chromium.org/p/tryserver.v8/builders/v8_linux_arm_rel/builds/8138/steps/Check%20%28flakes%29/logs/LoadICFastApi_DirectC..

and

https://chromegw.corp.google.com/i/client.v8/builders/V8%20Linux%20-%20mipsel%20-%20sim/builds/2566/steps/Check%20%28flakes%29/logs/LoadICFastApi_DirectC..

for example.

TBR=alph@chromium.org
BUG=chromium:529931
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
LOG=N

Review URL: https://codereview.chromium.org/1354573002

Cr-Commit-Position: refs/heads/master@{#30786}
2015-09-17 06:31:30 +00:00
alph
a6e00c6a9f Fix MSAN warning after r30777 (try 2)
TBR=bmeurer,yurys
NOTRY=true

Review URL: https://codereview.chromium.org/1348493003

Cr-Commit-Position: refs/heads/master@{#30785}
2015-09-17 05:41:25 +00:00
mtrofin
af1508c64f [tubofan] Greedy: groupper -> grouper.
Small spelling fix.

Review URL: https://codereview.chromium.org/1352673002

Cr-Commit-Position: refs/heads/master@{#30784}
2015-09-17 03:55:15 +00:00
mtrofin
1145090ad5 [turbofan] Greedy: faster compile time.
Avoiding unnecessarily traversing conflicts when doing weight
comparisons. This reduced compile time regressions from a few
multiples to under 10% - at least for zlib.

Review URL: https://codereview.chromium.org/1346263004

Cr-Commit-Position: refs/heads/master@{#30783}
2015-09-17 03:54:03 +00:00
v8-autoroll
7a88581351 Update V8 DEPS.
Rolling v8/tools/clang to eea56c7ed84778edadbcd43f06793b0311a56b28

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review URL: https://codereview.chromium.org/1350993003

Cr-Commit-Position: refs/heads/master@{#30782}
2015-09-17 03:26:35 +00:00
chunyang.dai
ecc6e6c52c X87: Reland VectorICs: ia32 store ics need a virtual register.
port 1e00bb57a2 (r30737).

original commit message:

    (reason for revert/reland: patch incorrectly left --vector-stores flag
     on, helpfully revealing some gcstress issues to look at, but they
     don't need to block this CL).

    Some pretty hacky code was used to carry out the tail-call
    handler dispatch on ia32 vector stores due to a lack
    of free registers. It really tanks performance. A better
    approach is to use a virtual register on the isolate.

BUG=

Review URL: https://codereview.chromium.org/1344383002

Cr-Commit-Position: refs/heads/master@{#30781}
2015-09-17 01:25:36 +00:00
chunyang.dai
e97b1938dd X87: [runtime] Replace the EQUALS builtin with proper Object::Equals.
port 54bab695f5 (r30747).

original commit message:

    Move the implementation of the Abstract Equality Comparison to the
    runtime and thereby remove the EQUALS dispatcher builtin. Also remove
    the various runtime entry points that were only used to support the
    EQUALS builtin.

    Now the Abstract Equality Comparison is also using the correct
    ToPrimitive implementation, which properly supports @@toPrimitive.

BUG=

Review URL: https://codereview.chromium.org/1349623002

Cr-Commit-Position: refs/heads/master@{#30780}
2015-09-17 01:21:53 +00:00
alph
cb0b359225 Fix ASAN after r30777
TBR=bmeurer,yurys
NOTRY=true

Review URL: https://codereview.chromium.org/1349953002

Cr-Commit-Position: refs/heads/master@{#30779}
2015-09-17 00:56:46 +00:00
ofrobots
007baaedd3 improve allocation accounting for incremental mark
Add an assertion that allocated_bytes >= 0 in IncrementalMark::Step and then
make it pass. We were not being diligent in maintaining top_on_previous_step_
and as a result inaccurate, and even negative values of allocated_bytes were
being reported to Step.

BUG=
R=hpayer@chromium.org

Review URL: https://codereview.chromium.org/1274453002

Cr-Commit-Position: refs/heads/master@{#30778}
2015-09-17 00:55:37 +00:00
alph
12c7bc9a22 [profiler] Make no frame region detection code more robust
Upon collection of the stack trace if the current PC falls into
the frame building code, the top frame might be in a non-consistent
state. That leads to some of the frames could be missing from the
stack trace.

The patch makes it check instructions under current PC and if they
look like the frame setup/destroy code, it skips the entire sample.

Support for x86/x64

BUG=chromium:529931
LOG=N

Review URL: https://codereview.chromium.org/1341413002

Cr-Commit-Position: refs/heads/master@{#30777}
2015-09-17 00:12:23 +00:00
mtrofin
bd8c6ab042 [turbofan] Greedy: small fix in groupping algo.
This is a performance bug, not a functional bug: we were
losing grouping opportunities.

BUG=

Review URL: https://codereview.chromium.org/1342243003

Cr-Commit-Position: refs/heads/master@{#30776}
2015-09-16 21:43:34 +00:00
caitpotter88
15e7897bec [cleanup] refactor ParsePropertyDefinition for clarity
Some cleanup of ParsePropertyDefinition --- Replaces certain hacks with
more structured, clean code, and adds additional comments to aid in
comprehension of this tricky area of the ambiguous recursive descent
parser.

BUG=v8:3583
LOG=N
R=adamk, aperez, wingo, rossberg

Review URL: https://codereview.chromium.org/1348773004

Cr-Commit-Position: refs/heads/master@{#30775}
2015-09-16 21:27:39 +00:00
adamk
21bd456453 Disallow Object.observe calls on access-checked objects
We already disallowed observing the global proxy; now we also
disallow any observation of access-checked objects (regardless
of whether the access check would succeed or fail, since there's
not a good way to tell the embedder what kind of access is being
requested).

Also disallow Object.getNotifier for the same reasons.

BUG=chromium:531891
LOG=y

Review URL: https://codereview.chromium.org/1346813002

Cr-Commit-Position: refs/heads/master@{#30774}
2015-09-16 21:19:35 +00:00
domenic
d346834fdc Implement V8 extras utils object
This adds a utils object meant specifically for V8 extras, presenting a limited
API surface for doing things that would otherwise require %-functions.

BUG=v8:4276
LOG=Y
R=jochen@chromium.org,yangguo@chromium.org

Review URL: https://codereview.chromium.org/1343113003

Cr-Commit-Position: refs/heads/master@{#30773}
2015-09-16 21:00:58 +00:00
aperez
d4e1299f16 ES6: Array.prototype.slice and friends should use ToLength instead of ToUint32
Defines a new --harmony-tolength flag, and a ToLengthFlagged() runtime function,
that is used where ES6 requires ToLength(), but a pre-ES6 conversion existed
before. When the flag is disabled, the function uses TO_UINT32(), which is
the pre-ES6 behaviour. When the flag enabled, the ES6-compliant ToLength()
conversion is used.

Based on a patch initially from Diego Pino <dpino@igalia.com>

BUG=v8:3087
LOG=Y

Review URL: https://codereview.chromium.org/1309243003

Cr-Commit-Position: refs/heads/master@{#30772}
2015-09-16 18:01:52 +00:00
fedor
0d017282d3 [objects] do not visit ArrayBuffer's backing store
ArrayBuffer's backing store is a pointer to external heap, and can't be
treated as a heap object. Doing so will result in crashes, when the
backing store is unaligned.

See: https://github.com/nodejs/node/issues/2791

BUG=chromium:530531
R=mlippautz@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/1327403002

Cr-Commit-Position: refs/heads/master@{#30771}
2015-09-16 17:27:59 +00:00
karl
1e2aecf363 [es6] Optimize TypedArray.subarray()
````
var array = new Uint8Array(65000);
var startDate = Date.now();
var counter = 0;
while (counter++ < 50000000) {
  array.subarray(start, end);
}
var endDate = Date.now();
print(endDate - startDate);
````

4200 ms -> 3500 ms (16.67%)

BUG=

Review URL: https://codereview.chromium.org/1331993004

Cr-Commit-Position: refs/heads/master@{#30770}
2015-09-16 16:21:55 +00:00
caitpotter88
b444da41ad [es6] support get and set in shorthand properties
Add support for `get` and `set` as shorthand properties. Also
supports them for CoverInitializedName in BindingPatterns and (once implemented)
AssignmentPatterns.

BUG=v8:4412, v8:3584
LOG=N
R=adamk, aperez, wingo, rossberg

Review URL: https://codereview.chromium.org/1328083002

Cr-Commit-Position: refs/heads/master@{#30769}
2015-09-16 16:02:05 +00:00
mvstanton
afba4792df Extra code to diagnose a crash bug.
This will catch an invalid receiver before being passed to a load ic miss
handler in the runtime.

BUG=
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/1351493002

Cr-Commit-Position: refs/heads/master@{#30768}
2015-09-16 15:38:54 +00:00
mvstanton
b5588f48fd Remove --pretenure-call-new
There isn't a plan to turn it on soon, so we'll take it out in favor of cleaner code.

BUG=

Review URL: https://codereview.chromium.org/1202173002

Cr-Commit-Position: refs/heads/master@{#30767}
2015-09-16 15:12:43 +00:00
mstarzinger
2c54dbda35 [turbofan] Make arguments object materialization inlinable.
This makes sure that the arguments object materialization in the method
prologue is composable with respect to inlining. The generic runtime
functions materializing those objects now respect the deoptimization
information when reconstructing the original arguments.

R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/1340313003

Cr-Commit-Position: refs/heads/master@{#30766}
2015-09-16 13:04:34 +00:00
ivica.bogosavljevic
2d8d02f555 MIPS: Fixing floating point register clobbering
Fixing floating point register clobbering for MIPSr6 (32 and 64)
due to using of f31 floating point register as double compare register,
without saving the value of the register before using it.

TEST=cctest/test-debug/*
BUG=

Review URL: https://codereview.chromium.org/1346623002

Cr-Commit-Position: refs/heads/master@{#30765}
2015-09-16 12:15:31 +00:00
jarin
92903d0a19 [turbofan] Get rid of type lower bounds.
Review URL: https://codereview.chromium.org/1348073002

Cr-Commit-Position: refs/heads/master@{#30764}
2015-09-16 11:55:43 +00:00
vogelheim
1025d34acf Avoid excessive data copying for ExternalStreamingStream::SetBookmark.
BUG=v8:4422
R=jochen@chromium.org
LOG=Y

Review URL: https://codereview.chromium.org/1346613002

Cr-Commit-Position: refs/heads/master@{#30763}
2015-09-16 11:37:16 +00:00
bmeurer
04087a7e45 [builtins] Also simplify the Symbol constructor.
No need to rely on the %_IsConstructCall magic here, we can just
implement the Symbol constructor in C++ altogether (it was just a
stupid wrapper around %CreateSymbol anyway).

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1349643002

Cr-Commit-Position: refs/heads/master@{#30762}
2015-09-16 11:35:30 +00:00
mstarzinger
d0e77b2909 [turbofan] Add inlining guards to Runtime_NewArguments.
This adds debug code that makes sure that the runtime functions that
materialize arguments objects, {Runtime_New[Sloppy|Strict]Arguments},
are not being called from within an inlined scope. They would produce
wrong results and we should avoid producing code that does this.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1343763002

Cr-Commit-Position: refs/heads/master@{#30761}
2015-09-16 11:33:06 +00:00
mlippautz
6209753c74 Reland of "[heap] Concurrency support for heap book-keeping info"
Adds concurrency support for:
- MemoryChunk: Fragmentation counters
- MemoryChunk: High-water mark
- MemoryAllocator: Lowest and highest ever allocated addresses, size, and
  capacity

R=hpayer@chromium.org
BUG=chromium:524425
LOG=N

This reverts commit 0db34dbe81.

BUG=

Review URL: https://codereview.chromium.org/1346973002

Cr-Commit-Position: refs/heads/master@{#30760}
2015-09-16 11:18:25 +00:00
bmeurer
a3d6f6cce3 [builtins] Unify the String constructor.
Implement the String constructor completely as native builtin,
avoiding the need to do gymnastics in JavaScript builtin to
properly detect the no argument case (which is different from
the undefined argument case) and also allowing to just
tailcall through to ToString or SymbolDescriptiveString for
the common case. Also the JavaScript builtin was misleading
since the case for construct call was unused, but could be
triggered in a wrong way once we support tail calls from
constructor functions.

This refactoring allows us to properly implement subclassing
for String builtins, once we have the correct initial_map on
derived classes (it's merely a matter of using NewTarget
instead of the target register now).

This introduces a new %SymbolDescriptiveString runtime
entry, which is also used by Symbol.toString() now.

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1344893002

Cr-Commit-Position: refs/heads/master@{#30759}
2015-09-16 10:44:47 +00:00
mvstanton
905e008c52 Vector ICs: Hook up vectors in platform builtins to their SharedFunctionInfos.
BUG=v8:4423
LOG=N

Review URL: https://codereview.chromium.org/1342013003

Cr-Commit-Position: refs/heads/master@{#30758}
2015-09-16 10:09:00 +00:00
jochen
bf68348d8c Add myself to heap owners
R=hpayer@chromium.org
BUG=
NOTRY=true

Review URL: https://codereview.chromium.org/1350633003

Cr-Commit-Position: refs/heads/master@{#30757}
2015-09-16 07:31:54 +00:00
paul.lind
b4f9a95e6c MIPS64: Fix unittests (to not use invalid load representation).
Same as https://codereview.chromium.org/1340303002/

BUG=

Review URL: https://codereview.chromium.org/1339763005

Cr-Commit-Position: refs/heads/master@{#30756}
2015-09-15 21:28:30 +00:00
binji
f5bec4bcd4 [Atomics] Remove support for atomic accesses on floating-point values.
R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1318713007

Cr-Commit-Position: refs/heads/master@{#30755}
2015-09-15 21:25:14 +00:00
adamk
f44efd6b31 Fix spread operator in ArrayLiterals when nested in other literals
Mark ArrayLiterals utilizing the spread operator as non-simple.
This causes them to return false for IsCompileTimeValue, and thus
causes spread to work as expected in nested literals.

BUG=v8:4417
LOG=y

Review URL: https://codereview.chromium.org/1336123002

Cr-Commit-Position: refs/heads/master@{#30754}
2015-09-15 16:43:39 +00:00
jarin
edf6d2adbd [mips] Fix mips unittests (to not use invalid load representation).
Review URL: https://codereview.chromium.org/1340303002

Cr-Commit-Position: refs/heads/master@{#30753}
2015-09-15 15:50:44 +00:00
mlippautz
0db34dbe81 Revert of [heap] Concurrency support for heap book-keeping info (patchset #4 id:60001 of https://codereview.chromium.org/1340923004/ )
Reason for revert:
crashing: http://build.chromium.org/p/client.v8/builders/V8%20Win32%20-%20debug%20-%203/builds/4716

Original issue's description:
> [heap] Concurrency support for heap book-keeping info.
>
> Adds concurrency support for:
> - MemoryChunk: Fragmentation counters
> - MemoryChunk: High-water mark
> - MemoryAllocator: Lowest and highest ever allocated addresses, size, and
>   capacity
>
> R=hpayer@chromium.org
> BUG=chromium:524425
> LOG=N
>
> Committed: https://crrev.com/63190721cda4966e01d71e92a730ce48ea789fbc
> Cr-Commit-Position: refs/heads/master@{#30749}

TBR=hpayer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:524425

Review URL: https://codereview.chromium.org/1340323002

Cr-Commit-Position: refs/heads/master@{#30752}
2015-09-15 15:11:50 +00:00
mlippautz
4d6c4a3e22 Add barriers to atomic utils.
Loads get an acquire, store/cas a release. Increment gets a full barrier.

R=hpayer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1343883004

Cr-Commit-Position: refs/heads/master@{#30751}
2015-09-15 14:58:54 +00:00
bmeurer
e2f1c26982 [es6] Move builtin constructors for primitives to strict mode.
The ES6 specification says that "Built-in functions that are ECMAScript
function objects must be strict mode functions", which in particular
means that you can never test for them using the "caller" field of a
sloppy mode function.

CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg,v8_linux_nosnap_dbg
R=mstarzinger@chromium.org
BUG=v8:105
LOG=n

Review URL: https://codereview.chromium.org/1347663002

Cr-Commit-Position: refs/heads/master@{#30750}
2015-09-15 14:32:39 +00:00
mlippautz
63190721cd [heap] Concurrency support for heap book-keeping info.
Adds concurrency support for:
- MemoryChunk: Fragmentation counters
- MemoryChunk: High-water mark
- MemoryAllocator: Lowest and highest ever allocated addresses, size, and
  capacity

R=hpayer@chromium.org
BUG=chromium:524425
LOG=N

Review URL: https://codereview.chromium.org/1340923004

Cr-Commit-Position: refs/heads/master@{#30749}
2015-09-15 13:50:45 +00:00
mlippautz
2c17f1580b [heap] Extend mutex guards for CodeRange.
Previously the mutex only guarded free_list_. The extension covers also
allocation_list_.

BUG=chromium:524425
LOG=N

Review URL: https://codereview.chromium.org/1341293002

Cr-Commit-Position: refs/heads/master@{#30748}
2015-09-15 13:45:28 +00:00
bmeurer
54bab695f5 [runtime] Replace the EQUALS builtin with proper Object::Equals.
Move the implementation of the Abstract Equality Comparison to the
runtime and thereby remove the EQUALS dispatcher builtin. Also remove
the various runtime entry points that were only used to support the
EQUALS builtin.

Now the Abstract Equality Comparison is also using the correct
ToPrimitive implementation, which properly supports @@toPrimitive.

CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg,v8_linux_nosnap_dbg
R=mstarzinger@chromium.org
BUG=v8:4307
LOG=n

Review URL: https://codereview.chromium.org/1337993005

Cr-Commit-Position: refs/heads/master@{#30747}
2015-09-15 13:14:44 +00:00
hpayer
064be4c296 [heap] Move slots buffer into a separate file.
BUG=

Review URL: https://codereview.chromium.org/1343043002

Cr-Commit-Position: refs/heads/master@{#30746}
2015-09-15 12:35:20 +00:00
chunyang.dai
2b476800e1 X87: [Interpreter] Add support for JS calls.
port e7fb233946 (r30710).

original commit message:

    Adds support for JS calls to the interpreter. In order to support
    calls from the interpreter, the PushArgsAndCall builtin is added
    which pushes a sequence of arguments onto the stack and calls
    builtin::Call.

    Adds the Call bytecode.

BUG=

Review URL: https://codereview.chromium.org/1334153004

Cr-Commit-Position: refs/heads/master@{#30745}
2015-09-15 12:24:57 +00:00
chunyang.dai
353db40970 X87: [builtins] Simplify String constructor code.
port eadfd66631 (r30706).

original commit message:

    The String constructor was somewhat complex with a lot of micro
    optimizations that are not relevant or even misguided. It would be
    really hard to port that code to ES6, which requires String to be
    subclassable. So as a first step we reduced the necessary complexity
    to the bare minimum (also removing the last user of the fairly complex
    MacroAssembler::LookupNumberStringCache method).

    This also removes the counters for the String constructor, which
    were not properly exposed anymore (and not kept in sync with inlined
    versions of the String constructor anyway).

BUG=

Review URL: https://codereview.chromium.org/1336133003

Cr-Commit-Position: refs/heads/master@{#30744}
2015-09-15 12:16:52 +00:00
chunyang.dai
8c8c7523c2 X87: Make FlushICache part of Assembler(Base) and take Isolate as parameter.
port 9fc4fc141f (r30695).

BUG=

Review URL: https://codereview.chromium.org/1339293002

Cr-Commit-Position: refs/heads/master@{#30743}
2015-09-15 11:51:49 +00:00
mlippautz
7611c3b98b [heap] Let caller figure out target space for evacuation when compacting.
R=hpayer@chromium.org
BUG=chromium:524425
LOG=N

Review URL: https://codereview.chromium.org/1340253004

Cr-Commit-Position: refs/heads/master@{#30742}
2015-09-15 11:45:01 +00:00