Commit Graph

40663 Commits

Author SHA1 Message Date
v8-autoroll
ca52989d78 Update V8 DEPS.
Rolling v8/build: bf51d56..97e4bb9

Rolling v8/buildtools: ee9c3a7..9a65473

Rolling v8/third_party/catapult: 57e600c..c2d7f3a

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Change-Id: I07f5b7705651eec34733919182793ee6981b067c
Reviewed-on: https://chromium-review.googlesource.com/541056
Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46021}
2017-06-20 03:31:49 +00:00
Bill Budge
4ee4918195 Revert "[wasm] Throttle the amount of unfinished work to avoid OOM"
This reverts commit 1280954d3a.

Reason for revert: Speculative, GC stress bots started taking much longer after this change.

Original change's description:
> [wasm] Throttle the amount of unfinished work to avoid OOM
> 
> It is possible that the foreground task is unable to clear the
> scheduled unfinished work, eventually leading to an OOM.
> 
> We use either code_range on 64 bit, or the capacity of the code space,
> as a heuristic for how much memory to use for compilation.
> 
> Bug: v8:6492, chromium:732010
> Change-Id: I1e4c0825351a42fa0b8369ccc41800ac3445563d
> Reviewed-on: https://chromium-review.googlesource.com/535017
> Commit-Queue: Brad Nelson <bradnelson@chromium.org>
> Reviewed-by: Brad Nelson <bradnelson@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#46017}

TBR=bradnelson@chromium.org,mtrofin@chromium.org,ahaas@chromium.org

Change-Id: I8883cee7f77667530bc50f91bfb468c485e6f7f2
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6492, chromium:732010
Reviewed-on: https://chromium-review.googlesource.com/540270
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46020}
2017-06-19 23:06:43 +00:00
Ross McIlroy
40f9cf49d7 [Perf] Add ExpressionDepth test.
Adds a 'performance' test which tracks the number of expressions
which can be nested before the compiler runs out of stack space.
This isn't really a performance test, but is created as a js-perf-test
to enable regression tracking in the dashboards.

Change-Id: Iee0c00df53b38b083e2dde09676ac9b13e439461
Reviewed-on: https://chromium-review.googlesource.com/539419
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46019}
2017-06-19 20:50:00 +00:00
Bill Budge
22aad80e0b [ARM64] Implement WebAssembly SIMD opcodes for ARM64.
BUG: v8:6020
Change-Id: I7280827aa9a493677253cc2fbd42be8173b55b7a
Reviewed-on: https://chromium-review.googlesource.com/534956
Reviewed-by: Martyn Capewell <martyn.capewell@arm.com>
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46018}
2017-06-19 19:55:06 +00:00
Mircea Trofin
1280954d3a [wasm] Throttle the amount of unfinished work to avoid OOM
It is possible that the foreground task is unable to clear the
scheduled unfinished work, eventually leading to an OOM.

We use either code_range on 64 bit, or the capacity of the code space,
as a heuristic for how much memory to use for compilation.

Bug: v8:6492, chromium:732010
Change-Id: I1e4c0825351a42fa0b8369ccc41800ac3445563d
Reviewed-on: https://chromium-review.googlesource.com/535017
Commit-Queue: Brad Nelson <bradnelson@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46017}
2017-06-19 19:29:57 +00:00
gdeepti
631c429f9a [wasm] SIMD/Atomics ops update to use the right prefix opcodes
- Use correct prefixes for SIMD/Atomics ops
 - S128 LoadMem/StoreMem should not use 0xc0/0xc1 opcodes, these are now
 being used for sign extension
 - S128 LoadMem/StoreMem should use prefixed opcodes

BUG=v8:6020

Review-Url: https://codereview.chromium.org/2943773002
Cr-Commit-Position: refs/heads/master@{#46016}
2017-06-19 19:23:11 +00:00
Sathya Gunasekaran
ea241630ae [parser] Better error msg for destructuring non iterable
This patch updates the error positition and the error msg.

Previously,

  → ./out.gn/x64.release/d8 test.js
  test.js:1: TypeError: undefined is not a function
  var [a] = {};
  ^
  TypeError: undefined is not a function
      at test.js:1:1


With this patch,

  → ./out.gn/x64.release/d8 test.js
  test.js:1: TypeError: [Symbol.iterator] is not a function
  var [a] = {};
            ^
  TypeError: [Symbol.iterator] is not a function
      at test.js:1:11

Bug: v8:5532
Change-Id: Ib066e8ec8a53fdf06cce491bde4b1d0c6d564cbc
Reviewed-on: https://chromium-review.googlesource.com/539024
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46015}
2017-06-19 17:44:21 +00:00
Michael Lippautz
0fed926bf4 [heap] Merge remembered set updating
Merge OLD_TO_OLD and OLD_TO_NEW per page. This enables removing atomic
operations for the slot updates, effectively removing the need for
fences.

Bug: chromium:651354
Change-Id: I9e318bef06c403b135d638cf94fda9569dcf0e36
Reviewed-on: https://chromium-review.googlesource.com/539338
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46014}
2017-06-19 17:34:01 +00:00
Clemens Hammacher
13f0ef5b1b [wasm] Only emit StackCheck if function might call
For functions without any calls, there is no value in executing a stack
check. The current frame is materialized at that point anyway.
Note that for loops, we still emit additional stack checks in the loop
header.

For unity, the reduction in code size is moderate (0.53%), as only 4000
of the 34000 functions are leaf functions (no calls). However, we also
save some compile time and gain performance, so this is still worth
doing it.

Drive-by: Fix the effect chain generated in {StackCheck()}.

R=mstarzinger@chromium.org, ahaas@chromium.org

Change-Id: Ia6ec58d0ea46de02634c923cdf8e6e08d8902c59
Reviewed-on: https://chromium-review.googlesource.com/533333
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46013}
2017-06-19 16:44:30 +00:00
Peter Marshall
71582719c1 [cleanup] Audit uses of InstallWithIntrinsicDefaultProto.
We only need to use this for certain Intrinsics defined in the spec.
This CL removes unnecessary uses.

Bug: v8:6474
Change-Id: I13a9f0c57d877dd65a883a38f9683d55623030d3
Reviewed-on: https://chromium-review.googlesource.com/529224
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46012}
2017-06-19 15:58:43 +00:00
Michael Lippautz
658609c92a [heap] Avoid fences when inserting into slot sets within the GC
This avoids emitting the costly barriers on arm.

Bug: chromium:651354
Change-Id: Ibb29e58f7c41aab37ed5c4971b2a754b4ecd7155
Reviewed-on: https://chromium-review.googlesource.com/533337
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46011}
2017-06-19 15:01:04 +00:00
Ulan Degenbaev
02a80f0d24 [heap] Refactor markbits atomics.
Change-Id: If0f80ceac9582f5bd0f9177db67b2a833fa8c8cd
Reviewed-on: https://chromium-review.googlesource.com/539418
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46010}
2017-06-19 14:31:59 +00:00
Michael Starzinger
bbdf4b964e [compiler] Simplify {Compiler::EnsureBaselineCode} a bit.
R=rmcilroy@chromium.org
BUG=v8:6408

Change-Id: I724a14e4f3b9395eed5d56ec3b5f7be835e9390a
Reviewed-on: https://chromium-review.googlesource.com/539595
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46009}
2017-06-19 14:10:30 +00:00
Camillo Bruni
83625051b3 [runtime] Remove unused CreateArrayLiteralStubBailout runtime function
Change-Id: I0aa40ce54833c81a15a6dd0010b2eeb46799a984
Reviewed-on: https://chromium-review.googlesource.com/539519
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46008}
2017-06-19 13:51:04 +00:00
Michael Lippautz
13869d7920 [heap] Avoid some inline definitions in Heap
Move obvious candidates to the cc file.

Bug: 
Change-Id: I9b2bca0ed1f2836a4873760d6677a9c0dff9c064
Reviewed-on: https://chromium-review.googlesource.com/538664
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46007}
2017-06-19 13:49:59 +00:00
jgruber
95882f0edc [coverage] Add continuation counters
Track execution counts of the continuations of block structures (e.g.
IfStatements) to capture cases in which execution does not continue after a
block. For example:

for (;;) {
  return;
}
// Never reached, tracked by continuation counter.

A continuation counter only has a start position; it's range is implicitly
until the next sibling range or the end of the parent range.

Bug: v8:6000
Change-Id: I8e8f1f5b140b64c86754b916e626eb50f0707d70
Reviewed-on: https://chromium-review.googlesource.com/530846
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46006}
2017-06-19 13:44:09 +00:00
Toon Verwaest
2325ef535f [ic] Fix stub-cached access to use the dereffed thin-string.
If we pass in thin-string into a keyed load, the underlying internalized string is used to find the handler. However, the thin string itself was used to interpret the handler. Since the thin string itself isn't unique, this caused existing properties on the prototype chain to not be found in case of dictionary-mode prototypes.

Bug: chromium:731193
Change-Id: Ic98d3789ecf9175e17d9c898ab13231aad59efcc
Reviewed-on: https://chromium-review.googlesource.com/539596
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46005}
2017-06-19 13:33:19 +00:00
Loo Rong Jie
f609f04ae8 std::iterator is deprecated in C++17
Bug: v8:6494
Change-Id: Ie6f91c3bad38e467dd047f4d2848473cc4085c2a
Reviewed-on: https://chromium-review.googlesource.com/536397
Commit-Queue: Loo Rong Jie <loorongjie@gmail.com>
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46004}
2017-06-19 13:25:59 +00:00
Camillo Bruni
ee188afe69 [literals] Migrate deprecated sub-literals on the first run
It might happen that we deprecate the map of previous sub-literals if we create
literals with the same map several times. This is usually the case for
configuration arrays.

Bug: chromium:734051
Change-Id: I82284e5aae632286135b2092816d776d229c65af
Reviewed-on: https://chromium-review.googlesource.com/538665
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46003}
2017-06-19 13:17:19 +00:00
jgruber
642ce1f8ae [cleanup] Remove unused CodeFactory::StringFromCharCode
Bug: v8:6474
Change-Id: Ia20250d74c94bf2568ad044795188db583b7f36c
Reviewed-on: https://chromium-review.googlesource.com/539555
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46002}
2017-06-19 12:49:09 +00:00
Miran.Karic
37b461a932 MIPS64: Add optimizations to li and Dsubu macro.
Here we optimize Dsubu by instead of loading imm and subtracting, we
load -imm and perform addition when loading -imm takes less instructions
than loading imm. Similarily li is optimized by loading -imm and
performing addition or loading ~imm and inverting bits using nor when
one of these loads takes two instructions less than loading imm, saving
at least one instruction. Tests are adjusted to cover these
optimizations.

BUG=
TEST=cctest/test-assembler-mips/li_macro
     cctest/test-assembler-mips/Dsubu

Review-Url: https://codereview.chromium.org/2909913002
Cr-Commit-Position: refs/heads/master@{#46001}
2017-06-19 12:20:17 +00:00
jgruber
79fe6e3ec7 [generator] Don't adapt arguments for next/return/throw
Mechanical change to remove argument adaption (should be a tad faster
this way). Especially next is called without arguments in the common
case.

Bug: v8:6354, v8:6369
Change-Id: I4180caabfc4c1bbf1a10a881dcbcd41e03614b27
Reviewed-on: https://chromium-review.googlesource.com/535453
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46000}
2017-06-19 11:14:31 +00:00
Peter Marshall
a1baf2657b [builtins] Allow large allocations when unboxing double arrays.
Large allocations would fail due to the flag not being set.

Bug: chromium:732836
Change-Id: I31686e382386a2d08582c86b29dc8f89841040d1
Reviewed-on: https://chromium-review.googlesource.com/535563
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45999}
2017-06-19 11:08:01 +00:00
jgruber
166a52ff1f [regexp] Micro-optimize block ordering in RegExp.p.exec
Minor differences in how we dispatch on the regexp type
(IRREGEXP,ATOM,NOT_COMPILED) make significant differences in benchmark
performance. A simple switch turns out to be the best alternative.

BUG=chromium:734035, v8:6462

Change-Id: I09c613658e828b9fd1e3082624ef692b8b4a0c5f
Reviewed-on: https://chromium-review.googlesource.com/539295
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45998}
2017-06-19 10:35:39 +00:00
Leszek Swirski
24b7026d73 [compiler] Drive optimizations with feedback vector (reland)
For interpreted functions, use the optimized code slot in the feedback
vector to store an optimization marker (optimize/in optimization queue)
rather than changing the JSFunction's code object. Then, adapt the
self-healing mechanism to also dispatch based on this optimization
marker. Similarly, replace SFI marking with optimization marker checks
in CompileLazy.

This allows JSFunctions to share optimization information (replacing
shared function marking) without leaking this information across native
contexts. Non I+TF functions (asm.js or --no-turbo) use a
CheckOptimizationMarker shim which generalises the old
CompileOptimized/InOptimizationQueue builtins and also checks the same
optimization marker as CompileLazy and InterpreterEntryTrampoline.

This is a reland of https://chromium-review.googlesource.com/c/509716

Change-Id: I02b790544596562373da4c9c9f6afde5fb3bcffe
Reviewed-on: https://chromium-review.googlesource.com/535460
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45997}
2017-06-19 10:33:59 +00:00
Michael Starzinger
fea10e322f [turbofan] Remove dead (and scary) {OsrHelper} constructor.
R=neis@chromium.org

Change-Id: I23298e2c0adcfdc4e6e963e98cde641bef9cdb5b
Reviewed-on: https://chromium-review.googlesource.com/539296
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45996}
2017-06-19 10:31:10 +00:00
Michael Starzinger
5524aca31a [crankshaft] Remove dead {TypeFeedbackOracle}.
R=mvstanton@chromium.org
BUG=v8:6408

Change-Id: I228d276670a3540cdc593442ae79084b84a915d3
Reviewed-on: https://chromium-review.googlesource.com/538617
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45995}
2017-06-19 10:28:00 +00:00
Wiktor Garbacz
de9269f3c3 Reland#2 [parser] Refactor streaming scanner streams.
Unify, simplify logic, reduce UTF8 specific handling.

Intend of this is also to have stream views.
Stream views can be used concurrently by multiple threads, but
only one thread may fetch new data from the underlying source.
This together with unified stream view creation is intended to be
used for parse tasks.

BUG=v8:6093

Change-Id: I83c6f1e6ad280c28da690da41c466dfcbb7915e6
Reviewed-on: https://chromium-review.googlesource.com/535474
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45994}
2017-06-19 10:18:01 +00:00
jarin
d6c9e534c8 [ic] Make prototypes fast when storing through keyed store IC.
Toon suggested this as a mitigation to the problem of prototype fast mode switching invalidating prototype chain validity cell, and thus sending keyed store ICs to megamorphic state.

BUG=chromium:723479

Review-Url: https://codereview.chromium.org/2943313002
Cr-Commit-Position: refs/heads/master@{#45993}
2017-06-19 10:17:30 +00:00
hpayer
0d2ed6c328 [heap] Allow a minimum semi-space size of 512K.
This CL also reduces the minimum semi-space size to 512K.

BUG=chromium:716032
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_rel_ng

Review-Url: https://codereview.chromium.org/2942543002
Cr-Commit-Position: refs/heads/master@{#45992}
2017-06-19 10:16:13 +00:00
Michael Starzinger
bc717ae84b [ast] Remove BailoutId and TypeFeedbackId from AST.
This removes both {BailoutId} as well as {TypeFeedbackId} numbers from
almost all AST nodes. The only exception are {IterationStatement} nodes
which still require an ID for on-stack replacement support.

R=verwaest@chromium.org
BUG=v8:6409

Change-Id: I5f7b7673ae5797b9cbc9741144d304f0d31d4446
Reviewed-on: https://chromium-review.googlesource.com/538792
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45991}
2017-06-19 09:01:03 +00:00
Georg Neis
f626d5df7e [compiler] Make OsrHelper a member of PipelineData.
... in order to avoid creating an OsrHelper during code assembly,
because its constructor accesses the heap.

Bug: v8:6048
Change-Id: I3bf592a5a0f91752a9f5ec35982f962445512bb7
Reviewed-on: https://chromium-review.googlesource.com/530370
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45990}
2017-06-19 08:14:23 +00:00
bmeurer
53b6f27674 [turbofan] Do constant-folding of JSHasInPrototypeChain early.
We need to constant-fold JSHasInPrototypeChain nodes early during
inlining, otherwise we already miss a couple of optimization
opportunities if we wait until after typing. This moves the
constant-folding part of the JSHasInPrototypeChain lowering back to
JSNativeContextSpecialization, where it was before the changes in
https://codereview.chromium.org/2934893002 (part of
JSOrdinaryHasInstance lowering back then).

BUG=v8:5269,v8:5989,v8:6483,chromium:733158
R=jgruber@chromium.org

Review-Url: https://codereview.chromium.org/2943293002
Cr-Commit-Position: refs/heads/master@{#45989}
2017-06-19 08:00:07 +00:00
bmeurer
a9b9c7ab8c [objects] Relax JSBoundFunction verification.
The heap verifier does certain invariant checks on JSBoundFunction
objects, i.e. it assumes that the bound_target_function is a proper
JSReceiver. The Deoptimizer cannot maintain this invariant, because it
first allocates the JSBoundFunction in an invalid state and only
afterwards fix up the state. But the GC (and thus the heap verifier)
can observe this invalid state why materializing field values, so
we need to relax the verification slightly.

BUG=chromium:729573,chromium:732176
R=mstarzinger@chromium.org

Review-Url: https://codereview.chromium.org/2933283002
Cr-Commit-Position: refs/heads/master@{#45988}
2017-06-19 07:09:06 +00:00
v8-autoroll
8a32788f39 Update V8 DEPS.
Rolling v8/build: c6f78e9..bf51d56

Rolling v8/third_party/catapult: 59a182b..57e600c

Rolling v8/tools/clang: a248bd9..7659b77

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Change-Id: Ifc9e2d8d7e1f2a1b223ffa3b20d55b1880eb88e7
Reviewed-on: https://chromium-review.googlesource.com/538261
Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45987}
2017-06-19 03:26:50 +00:00
Sathya Gunasekaran
0831927a33 [Collections] Implement OrderedHashMap::Add
Bug: v8:5717
Change-Id: I6bed5f36b7d32cd893c4d1cb1bcc9f21b7fac2f1
Reviewed-on: https://chromium-review.googlesource.com/527932
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45986}
2017-06-17 00:51:03 +00:00
Leszek Swirski
86b3b92230 [profiler] Don't cast bytecode array to avoid heap DCHECKs
When iterating over stack frames in the cpu profiler, don't perform any
object casts that have heap-testing DCHECKs. Instead, access values on
the frame by offsets directly, and only check their tags for validity.

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ia54b18f8ab947c1827f17483806104f0d1d34136
Reviewed-on: https://chromium-review.googlesource.com/536973
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45985}
2017-06-16 17:02:56 +00:00
Toon Verwaest
8bc4fe57a4 [runtime] Get rid of unnecessary DictionaryDetailsAtPut
Bug: 
Change-Id: I87b2c33dbf537aae949b25b2cd56fd20985e5980
Reviewed-on: https://chromium-review.googlesource.com/538659
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45984}
2017-06-16 16:25:04 +00:00
Toon Verwaest
e94a97ffb8 [runtime] Drop unnecessary NameDictionaryBase
This class contained a by-now unnecessary optimization of FindEntry. Since we always deal with internalized names by now anyway, there's no need to micro-optimize locally (it's a nop).

Bug: 
Change-Id: I5a0046bcd23e2cb77c5902e850bac6211bd5518f
Reviewed-on: https://chromium-review.googlesource.com/538581
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45983}
2017-06-16 16:07:48 +00:00
Mythri
18d05c8727 [Interpreter] Refactor arithmetic bytecode handlers.
The Smi versions of arithmetic bytecodes (AddSmi, SubSmi, MulSmi,
DivSmi, ModSmi) have a fast path for Smi case and call to a builtin
on the slow path. However, this builtin is only used by these bytecode
handlers. This cl removes the builtins and inlines them into
bytecode handlers. This will also save few checks in the slow-path.

Subtract, multiply, divide and modulus also share the same checks to 
collect type feedback on several cases. This cl also refactors them
to share the same code.

Also removed a couple of TODOs that are no longer relevant.

Bug: v8:4280, v8:6474
Change-Id: Id23bd61c2074564a1beacb0632165f52370ff226
Reviewed-on: https://chromium-review.googlesource.com/530845
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45982}
2017-06-16 14:39:52 +00:00
Camillo Bruni
c2c4de293f [runtime] Handle deprecated boilerplate maps correctly
With the introduction of the fast-cloning double fields in the CSA stub for
literals we forgot to check for deprecated maps. As a result every subsequent
IC-miss would have to migrate the objects from such boilerplates.

This CL makes sure we don't use the deprecated map when copying boilerplates,
thus restoring the original behavior.

Bug: v8:6211 chromium:728682
Change-Id: If9ea1e0c5c6fb4236cb7a82ea33306a600925ac3
Reviewed-on: https://chromium-review.googlesource.com/538677
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45981}
2017-06-16 12:51:10 +00:00
Camillo Bruni
2850bdd727 [CSA] Use IsHeapNumber helper in older CSA code
Change-Id: I224ea998eccf8fa18766b71962d487bb02768c78
Reviewed-on: https://chromium-review.googlesource.com/518146
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45980}
2017-06-16 12:06:18 +00:00
Camillo Bruni
1539f12568 [CSA] Use IsSetWord32 and IsClearWord32 helpers
Change-Id: If9debcecd714494e24adf895eb077d5ba51528d2
Reviewed-on: https://chromium-review.googlesource.com/535619
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45979}
2017-06-16 11:51:04 +00:00
Michael Starzinger
e48a2ef590 [crankshaft] Remove HOptimizedGraphBuilder and friends.
R=jarin@chromium.org
BUG=v8:6408

Change-Id: I1bc4f8f5ba37cf8a3632939356f56231ccc3226f
Reviewed-on: https://chromium-review.googlesource.com/535458
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45978}
2017-06-16 11:45:34 +00:00
Tobias Tebbi
a969ab67f8 [turbofan] teach escape analysis about oddly occurring NumberLessThan node
Bug: chromium:733181
Change-Id: If5b0bc8592ba71962237814ad521499afda22edf
Reviewed-on: https://chromium-review.googlesource.com/538653
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45977}
2017-06-16 11:00:40 +00:00
Michael Lippautz
c4ca06f3dc [heap] Cleanup page initialization
Remove dead code on the way.

Bug: v8:6474
Change-Id: I7edb4277bc53ee92edf9523b943492782ec6efac
Reviewed-on: https://chromium-review.googlesource.com/538652
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45976}
2017-06-16 10:53:40 +00:00
Camillo Bruni
015edc60ff [runtime] Don't store object literal boilerplates on first run
Storing the boilerplate on the first run leads to memory ovehead for code
that is run only once. Hence we directly return the creating literal on the
first run and only start creating copies from the second run on.

Bug: v8:6211
Change-Id: I69b96d124a5b594b991fdbcc76dbf935d973ffad
Reviewed-on: https://chromium-review.googlesource.com/530688
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45975}
2017-06-16 10:43:19 +00:00
Mythri
97b8ab3342 Reset profiler ticks when the type feedback changes.
Profiler ticks are reset when the type feedback changes for Load / Store ICs.
This cl extends this to other operations as well. This allows us to tier up
functions when the feedback vectors are stable. This is the first step for
a set of follow up cls that will change the heuristics used in
runtime-profiler.

Bug: 
Change-Id: I875209712c6161e425a03475c14890a49155c0e1
Reviewed-on: https://chromium-review.googlesource.com/529165
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45974}
2017-06-16 09:41:27 +00:00
jarin
126451d319 [turbofan] Refactor property access building.
This is in preparation for lowering monomorphic loads during graph building.

This essentially moves the parts that will be shared to a separate class/file
(proparty-access-builder.(cc|h)).

I should say that we will not want to do accessor inlining during graph
building because that would require us to create frame states
(which is the thing we would like to avoid doing).

Review-Url: https://codereview.chromium.org/2936673005
Cr-Commit-Position: refs/heads/master@{#45973}
2017-06-16 09:34:04 +00:00
Michael Starzinger
e47f37ebd0 [runtime] Fix detection of construct frames in stack traces.
This removes the heuristic from {JSStackFrame::IsConstructor} that tried
to infer whether a frame was called as a constructor or not from the
receiver value. We are now carrying along the appropriate bit derived
from the frame type instead.

R=jgruber@chromium.org
TEST=message/regress/regress-5727
BUG=v8:5727

Change-Id: I0e2f1d0f95485c84c4ebcd3cbfe0123c6afd2e01
Reviewed-on: https://chromium-review.googlesource.com/500313
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45972}
2017-06-16 09:27:36 +00:00