Commit Graph

43643 Commits

Author SHA1 Message Date
Ulan Degenbaev
2a3cab7aa6 [runtime] Refactor initialization of in-object property count of a map.
This patch moves initialization of inobject_properties and
unused_property_fields of a map to the construction time of the map.

Map::AppendDescriptor now properly decrements unused_property_fields
and thus maintains the invariant for property field counters.

Bug: chromium:774644
Change-Id: I78e5d5c767e22148cb64e8cabe0564e7a13988f5
Reviewed-on: https://chromium-review.googlesource.com/725726
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48751}
2017-10-19 14:45:43 +00:00
Michael Lippautz
c1986c8013 [platform] Enforce OWNERS for low-level platform implementations
Bug: 
No-try: true
Change-Id: I5c4f050d338cb75e93e17aa645922673c74f16e7
Reviewed-on: https://chromium-review.googlesource.com/721664
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48750}
2017-10-19 14:33:14 +00:00
Tobias Tebbi
2bf0199518 Revert "Reland^4 "[turbofan] eagerly prune None types and deadness from the graph""
This revert is manual, but almost completely automatic. 
It was just blocked by a single-line irrelevant refactoring change.
This reverts commit 1cee0e012e.

Reason for revert: chromium:776256

Original change's description:
> Reland^4 "[turbofan] eagerly prune None types and deadness from the graph"
>
> This fixes https://bugs.chromium.org/p/chromium/issues/detail?id=773954.
> The issue was that in the EffectControlLinearizer, the effect input of an
> {Unreachable} node was not updated, leaving a {Checkpoint} behind.
>
> This is a reland of 4cf476458f
> Original change's description:
> > Reland^3 "[turbofan] eagerly prune None types and deadness from the graph"
> >
> > This fixes the issues
> > https://bugs.chromium.org/p/chromium/issues/detail?id=772873
> > and https://bugs.chromium.org/p/chromium/issues/detail?id=772872.
> >
> > One problem was that mutating an effect node into Unreachable confused
> > the LoadElimination sidetables, so I just always create a new node now.
> >
> > The other problem was that UpdateBlockControl() was executed after
> > UpdateEffectPhi() in the lazy case. This reverted the update to the Merge input.
> > So now I make sure that UpdateEffectPhi() is always executed last.
> >
> > This is a reland of 6ddb5e7da7
> > Original change's description:
> > > Reland^2 "[turbofan] eagerly prune None types and deadness from the graph"
> > >
> > > Now, the EffectControlLinearizer connects all occurrences of Unreachable to the
> > > graph end. This fixes issues with later phases running DeadCodeElimination and
> > > introducing new DeadValue nodes when processing uses of Unreachable.
> > >
> > > This is a reland of 3c4bc27f13
> > > Original change's description:
> > > > Reland "[turbofan] eagerly prune None types and deadness from the graph"
> > > >
> > > > This is a reland of e1cdda2512
> > > > Original change's description:
> > > > > [turbofan] eagerly prune None types and deadness from the graph
> > > > >
> > > > > In addition to using the {Dead} node to prune dead control nodes and nodes that
> > > > > depend on them, we introduce a {DeadValue} node representing an impossible value
> > > > > that can occur at any position in the graph. The extended {DeadCodeElimination}
> > > > > prunes {DeadValue} and its uses, inserting a crashing {Unreachable} node into
> > > > > the effect chain when possible. The remaining uses of {DeadValue} are handled
> > > > > in {EffectControlLinearizer}, where we always have access to the effect chain.
> > > > > In addition to explicitly introduced {DeadValue} nodes, we consider any value use
> > > > > of a node with type {None} as dead.
> > > > >
> > > > > Bug: chromium:741225
> > > > > Change-Id: Icc4b636d1d018c452ba1a2fa7cd3e00e522f1655
> > > > > Reviewed-on: https://chromium-review.googlesource.com/641250
> > > > > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > > > > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > > > > Cr-Commit-Position: refs/heads/master@{#48208}
> > > >
> > > > Bug: chromium:741225
> > > > Change-Id: I21316913dae02864f7a6d7c9269405a79f054138
> > > > Reviewed-on: https://chromium-review.googlesource.com/692034
> > > > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > > > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > > > Cr-Commit-Position: refs/heads/master@{#48232}
> > >
> > > Bug: chromium:741225
> > > Change-Id: I5702ec34856c075717162153adc765774453c45f
> > > Reviewed-on: https://chromium-review.googlesource.com/702264
> > > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > > Cr-Commit-Position: refs/heads/master@{#48366}
> >
> > Bug: chromium:741225
> > Change-Id: I4054a694d2521c2e1f0c4a3ad0f3cf100b5c536f
> > Reviewed-on: https://chromium-review.googlesource.com/709214
> > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#48469}
>
> Bug: chromium:741225
> Change-Id: Id9d4f3a3ae36cb3e38f80edcdba88efa7922ca24
> Reviewed-on: https://chromium-review.googlesource.com/715716
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48660}

TBR=jarin@chromium.org,tebbi@chromium.org,bmeurer@chromium.org


Bug: chromium:741225 chromium:776256
Change-Id: Iaf2af3cb6dea5fdece43297cb9d987e7decc726d
Reviewed-on: https://chromium-review.googlesource.com/727804
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48749}
2017-10-19 13:48:38 +00:00
peterwmwong
84c9f05d5b [builtins] Port String.raw to CPP
- Add StringRaw CPP Builtin
- Remove string.js

Bug: v8:5049
Change-Id: I0d067c5b5aa9231383c2f9f2a9cf80f478fbbaa8
Reviewed-on: https://chromium-review.googlesource.com/727723
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48748}
2017-10-19 13:47:33 +00:00
Toon Verwaest
9b88818cc7 [utils] Move modulo from codegen to utils
This also changes modulo to be more like others, e.g., Pow:
- have an inline Modulo
- have a modulo_double_double that we can use as FUNCTION_ADDR in assembler.cc

Bug: 
Change-Id: Id360e4adcde5712ffc5ac22abd3bbaab6aec09f5
Reviewed-on: https://chromium-review.googlesource.com/728027
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48747}
2017-10-19 13:03:14 +00:00
Marja Hölttä
9c6f328b2c [parser] Skipping inner funcs: Less scope analysis.
We don't need to save any data for top-level leaf
funcs (they contain no skippable funcs), so we
don't need scope analysis for them either.

BUG=v8:5516

Change-Id: I75700838a3df2f19da559145611c99e2c7ffd088
Reviewed-on: https://chromium-review.googlesource.com/691976
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48746}
2017-10-19 12:55:01 +00:00
Michael Achenbach
9de93948df Revert "[test] Add nan bit patterns to uint{32,64}_vector"
This reverts commit 6f93d59d92.

Reason for revert: Breaks full-debug build:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20full%20debug/builds/2239

Original change's description:
> [test] Add nan bit patterns to uint{32,64}_vector
> 
> If you just cast those patterns to float or double and pass them
> around, the quiet/signaling NaN bit might change. We had several bugs
> around this, so add these patterns to the general input vectors.
> 
> This oncovers a bug in the wasm interpreter, which will be fixed in a
> separate CL.
> 
> R=​ahaas@chromium.org
> 
> Bug: v8:6947, v8:6954
> Change-Id: I205b8ab784b087b1e4988190fa725df0b90e7ee0
> Reviewed-on: https://chromium-review.googlesource.com/725345
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48731}

TBR=ahaas@chromium.org,clemensh@chromium.org

Change-Id: I4ceb82eab5d4cbf1f335bf6f358178a17a2fd0ba
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6947, v8:6954
Reviewed-on: https://chromium-review.googlesource.com/728101
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48745}
2017-10-19 12:16:05 +00:00
Daniel Clifford
dafde0a3ed Simplify code in EmitCreateShallowArrayLiteral by using CloneFastJSArray
Change-Id: I67d75423a4f1db330fc79ec274ed7b3c6a9e2cd2
Reviewed-on: https://chromium-review.googlesource.com/725734
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48744}
2017-10-19 12:12:01 +00:00
Michael Achenbach
e291c6913e Revert "Reland "[arm] [simulator] Do also execute tests on real hardware""
This reverts commit f77d98f755.

Reason for revert: Still fails:
https://build.chromium.org/p/client.v8.ports/builders/V8%20Arm/builds/4978

Original change's description:
> Reland "[arm] [simulator] Do also execute tests on real hardware"
> 
> This is a reland of 8bacd8486b.
> The failing test is disabled if not executing in the simulator.
> 
> Original change's description:
> > [arm] [simulator] Do also execute tests on real hardware
> > 
> > In order to avoid writing tests that *only* pass in the simulator, but
> > not on real hardware, do also execute the simulator tests on real
> > hardware.
> > 
> > R=ahaas@chromium.org, rodolph.perfetta@arm.com
> > 
> > Bug: v8:6947
> > Change-Id: Ibdf1719fff20e17620c0aaa343d7ea28e48f3837
> > Reviewed-on: https://chromium-review.googlesource.com/722961
> > Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> > Reviewed-by: Rodolph Perfetta <rodolph.perfetta@arm.com>
> > Reviewed-by: Andreas Haas <ahaas@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#48706}
> 
> Bug: v8:6947, v8:6963
> Change-Id: I5733794bc5ca223c8e66afcdeb8414b1b4121314
> Reviewed-on: https://chromium-review.googlesource.com/727880
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48734}

TBR=rodolph.perfetta@arm.com,ahaas@chromium.org,clemensh@chromium.org

Change-Id: I0ed35fc9e1dd5d30b0871479d17f0678fec17499
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6947, v8:6963
Reviewed-on: https://chromium-review.googlesource.com/727903
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48743}
2017-10-19 12:09:33 +00:00
Jaroslav Sevcik
71bcc1d960 [turbofan] Load elimination prunes control flow based on instance type.
Changes:
- introduce the notion of unreachable abstract states.

- reconnect unreachables states to runtime abort in effect phis (so that
  the merged states are not polluted by unreachable branches while
  preserving SSA).

- mark states with failed map checks, unreachable map guars as unreachable.

- add instance type to AbstractMaps, only invalidate instance type on
  mismatched effect merges.


This results in 2-3% improvement on ARES/ML steady state.

Bug: v8:6396
Change-Id: I35b0d4482fa400ba7ee9a754f8ef1b2663ebc7dc
Reviewed-on: https://chromium-review.googlesource.com/727761
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48742}
2017-10-19 11:57:51 +00:00
Mike Stanton
d3797add9e [Turbofan] Introduce StringToNumber opcode
If we have good lower bound type information in simplified lowering
that the input to PlainPrimitiveToNumber is a string, then we'd like
to introduce a call to the StringToNumber builtin. However, this
requires more careful management of the effect chain than we had
previously. To fix this, introduce a StringToNumber opcode which
defers the graph alteration until effect-control-linearization,
when the effect chain is available for careful wiring.

Bug: v8:6929
Change-Id: I4f0e43fe474a44d0dfa095a3a01caece649d82db
Reviewed-on: https://chromium-review.googlesource.com/727934
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48741}
2017-10-19 11:53:17 +00:00
Michael Achenbach
efe438c5ed [test] Fix isolate for auto-detect in gyp
TBR=sergiyb@chromium.org

Bug: v8:6917
Change-Id: I96cedba176cd3c35ca39bb2d4604956cded114fc
Reviewed-on: https://chromium-review.googlesource.com/728023
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48740}
2017-10-19 11:52:11 +00:00
Clemens Hammacher
3265b40faa [arm] Disable one more tests on native hardware
The test was recently enabled (together with other simulator tests) to
also run on native hardware (in https://crrev.com/c/727880).
Temporarlily disable this one test again until the issue is fixed.

R=ahaas@chromium.org

Bug: v8:6963
Change-Id: Ib6bae773a1d54541c87c37fb8547413ee7deac58
Reviewed-on: https://chromium-review.googlesource.com/728021
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48739}
2017-10-19 11:40:41 +00:00
Michael Starzinger
52d54f7c2a [runtime] Allocate DeoptimizationData before Code objects.
This allocates and populates potential deoptimization data arrays before
the underlying {Code} objects is allocated. It aims at making the field
holding said data immutable after allocation. Note that we still mutate
this field during deoptimization.

R=verwaest@chromium.org
BUG=v8:6792

Change-Id: Id0c2cfb65e782d7292d2df6bff41c54b2b8c3351
Reviewed-on: https://chromium-review.googlesource.com/725704
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48738}
2017-10-19 11:39:01 +00:00
Michael Starzinger
34a575f496 [profiler] Remove dead and obsolete CodeCreateEvent.
R=jgruber@chromium.org

Change-Id: I5748dcf1456a19be66058b1b7025da44bcbd999c
Reviewed-on: https://chromium-review.googlesource.com/725735
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48737}
2017-10-19 11:30:51 +00:00
Choongwoo Han
f0db4d20aa [typedarrays] Check if the target is a typed array at TA.p.set entry
- Throw a TypeError exception if a given target argument is not a typed
array before converting a given offset argument to an integer.
- Add a testcase

Bug: chromium:768775
Change-Id: Id132a0f154fcf930f211922fcbef6c66f9d6f285
Reviewed-on: https://chromium-review.googlesource.com/728120
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48736}
2017-10-19 11:10:11 +00:00
Michael Achenbach
cdf5f2b0d0 [test] Fix auto-detect cfi
TBR=sergiyb@chromium.org
NOTRY=true

Bug: v8:6917
Change-Id: Ia417ab5cf59a6c2894de67d5519394629b6ab1b9
Reviewed-on: https://chromium-review.googlesource.com/727936
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48735}
2017-10-19 10:27:31 +00:00
Clemens Hammacher
f77d98f755 Reland "[arm] [simulator] Do also execute tests on real hardware"
This is a reland of 8bacd8486b.
The failing test is disabled if not executing in the simulator.

Original change's description:
> [arm] [simulator] Do also execute tests on real hardware
> 
> In order to avoid writing tests that *only* pass in the simulator, but
> not on real hardware, do also execute the simulator tests on real
> hardware.
> 
> R=ahaas@chromium.org, rodolph.perfetta@arm.com
> 
> Bug: v8:6947
> Change-Id: Ibdf1719fff20e17620c0aaa343d7ea28e48f3837
> Reviewed-on: https://chromium-review.googlesource.com/722961
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Rodolph Perfetta <rodolph.perfetta@arm.com>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48706}

Bug: v8:6947, v8:6963
Change-Id: I5733794bc5ca223c8e66afcdeb8414b1b4121314
Reviewed-on: https://chromium-review.googlesource.com/727880
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48734}
2017-10-19 09:57:11 +00:00
Toon Verwaest
69753f26e4 Move StackArgumentsAccessor from codegen.h to macroassembler.h on x64
Bug: v8:6921
Change-Id: Id73a9ecc476c3c3ce0718bef81684787b72e366e
Reviewed-on: https://chromium-review.googlesource.com/727202
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48733}
2017-10-19 09:53:46 +00:00
Michael Starzinger
ba77137bc8 [objects] Remove AbstractCode::set_source_position_table.
R=bmeurer@chromium.org
BUG=v8:6792

Change-Id: I9f3be5304917215283643385ba4a216023c822ab
Reviewed-on: https://chromium-review.googlesource.com/725800
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48732}
2017-10-19 09:52:41 +00:00
Clemens Hammacher
6f93d59d92 [test] Add nan bit patterns to uint{32,64}_vector
If you just cast those patterns to float or double and pass them
around, the quiet/signaling NaN bit might change. We had several bugs
around this, so add these patterns to the general input vectors.

This oncovers a bug in the wasm interpreter, which will be fixed in a
separate CL.

R=ahaas@chromium.org

Bug: v8:6947, v8:6954
Change-Id: I205b8ab784b087b1e4988190fa725df0b90e7ee0
Reviewed-on: https://chromium-review.googlesource.com/725345
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48731}
2017-10-19 09:25:01 +00:00
Georg Neis
e5dafc0688 [bigint] Adapt abstract equality.
This adds BigInt support to JavaScript's abstract equality (== and !=),
implemented mainly via CodeStubAssembler::Equal and via Object::Equals.

Bug: v8:6791
Change-Id: I53219f2f71baa760b142cc676f18931731b87226
Reviewed-on: https://chromium-review.googlesource.com/725701
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48730}
2017-10-19 09:22:41 +00:00
Clemens Hammacher
e39629c7f2 [cleanup] Fix (D)CHECK macro usages in src/ic
Use the (D)CHECK_{EQ,NE,GT,...} macros instead of (D)CHECK with an
embedded comparison. This gives better error messages and also does the
right comparison for signed/unsigned mismatches.

This will allow us to reenable the readability/check cpplint check.

R=ishell@chromium.org

Bug: v8:6837, v8:6921
Change-Id: If44435035d234e90c1dc306a306832c9d36013a2
Reviewed-on: https://chromium-review.googlesource.com/723019
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48729}
2017-10-19 09:17:51 +00:00
Mostyn Bramley-Moore
2551f73eeb [jumbo] fix another set of unittest compilation errors
This makes jumbo_file_merge_limit=50 work again.

Bug: chromium:770684
Change-Id: I5db6566da876d71ea6ba50ff03b7652074b0a35f
Reviewed-on: https://chromium-review.googlesource.com/725818
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Mostyn Bramley-Moore <mostynb@vewd.com>
Cr-Commit-Position: refs/heads/master@{#48728}
2017-10-19 09:15:44 +00:00
Mike Stanton
78fc6668f6 [Turbofan] Model JSToBoolean as a simplified operator
Because the toboolean operator may lower to a builtin call (which is
effectful in turbofan parlance after effect control linearization),
it really should be encoded as a simplified operator, which can
be optimized with respect for the effect chain in linearization.

No new functionality here, rather a furniture rearrangement in
the TurboFan node structure.

Bug: v8:6929
Change-Id: I371fd22941397d5c28d13bded2738161d8da8275
Reviewed-on: https://chromium-review.googlesource.com/725721
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48727}
2017-10-19 08:57:11 +00:00
Clemens Hammacher
25b78853e2 Reland "[test] Avoid unnecessary std::vector allocations"
This is a reland of e737b4ce0d.
The issue on windows bots was fixed in https://crrev.com/c/725733.

Original change's description:
> [test] Avoid unnecessary std::vector allocations
> 
> Instead of copying an array of fixed values into an std::vector for
> each usage of the FOR_INPUTS macro, just iterate the constant data
> directly.
> This also makes the <type>_vector() functions return {constexpr Vector}
> instead of {std::vector}.
> 
> R=tebbi@chromium.org
> 
> Change-Id: Ifc3e5509b2fbf5e383c967c2f46acf2b07f7b5b4
> Reviewed-on: https://chromium-review.googlesource.com/725427
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48688}

Change-Id: I9ad5d22803bbbf35c458965497acc603cfa01b20
Reviewed-on: https://chromium-review.googlesource.com/725979
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48726}
2017-10-19 08:47:31 +00:00
jgruber
8e6d29e3d8 [snapshot] Add BuiltinSerializerAllocator
Encapsulates special reservation / allocation behavior for builtin
serialization.

This allows us to remove special logic around kNextChunk in builtin
deserialization (since we don't generate that bytecode anymore for
builtins).

Bug: v8:6624
Change-Id: Ice7673006cee53b9d11cdfb7f84d4175221c7984
Reviewed-on: https://chromium-review.googlesource.com/720357
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48725}
2017-10-19 08:46:27 +00:00
Jaroslav Sevcik
7a540779ca [js-tests] Add benchmarks for large hash tables.
Change-Id: I1157ef6baaf60bdbf5d55a1b8f75edb15794baef
Bug: v8:6916
Reviewed-on: https://chromium-review.googlesource.com/715800
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48724}
2017-10-19 08:45:22 +00:00
Choongwoo Han
501127995e [typedarrays] Reduce overheads of TA.p.set
Replace GetElement and SetElement to Get and Set, and use CopyElements,
which reduces 4x-13x overheads.

Bug: chromium:768775
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I58534b30c2035195c5f4b8f2c04e7c459bdbebaa
Reviewed-on: https://chromium-review.googlesource.com/720661
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48723}
2017-10-19 08:25:52 +00:00
Benedikt Meurer
e57a99ce6d [ic] Teach CallIC about JSBoundFunction.
This addresses the odd performance cliff, where the CallIC tracks known
JSFunction targets, but goes MEGAMORPHIC when it sees a JSBoundFunction
target. With this fix in place the micro-benchmark on the bug goes from

  arrowCall: 82 ms.
  boundCall: 234 ms.

to

  arrowCall: 81 ms.
  boundCall: 80 ms.

so Function#bind doesn't cause any additional overhead anymore.

Bug: v8:5267, v8:6962
Change-Id: Iaceaf89fd3e99e2afe2ae45e96a6813a3ef8b1d2
Reviewed-on: https://chromium-review.googlesource.com/727879
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48722}
2017-10-19 08:03:19 +00:00
Jakob Gruber
4c5c5bc0d3 [regexp] Ship named captures
Intent to ship: goo.gl/QZ4QZ5

Bug: v8:5437
Change-Id: Icdacceefa3085f2657edd7f99c7d8f4dbbb76814
Reviewed-on: https://chromium-review.googlesource.com/727200
Reviewed-by: Michael Hablich <hablich@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48721}
2017-10-19 07:54:08 +00:00
Georg Neis
1e1e695154 When printing feedback vector, print precise binop and compare feedback.
Example before:
Slot #0 BinaryOp MONOMORPHIC
 [0]: 15
Slot #1 CompareOp MONOMORPHIC
 [1]: 1

And after:
Slot #0 BinaryOp MONOMORPHIC (NumberOrOddball)
 [0]: 15
Slot #1 CompareOp MONOMORPHIC (SignedSmall)
 [1]: 1

R=jarin@chromium.org

Bug: 
Change-Id: Ia22437c52289a13bcfd8847d6e5677ad44529b39
Reviewed-on: https://chromium-review.googlesource.com/725815
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48720}
2017-10-19 07:49:39 +00:00
Michael Achenbach
d40756f829 [foozzie] Fix infering architecture
Broke in:
https://chromium-review.googlesource.com/c/v8/v8/+/725706

TBR=sergiyb@chromium.org
NOTRY=true

Bug: v8:6917
Change-Id: Ieb91c06a6bc1447acbe68c9ce881478c9a4a6149
Reviewed-on: https://chromium-review.googlesource.com/727800
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48719}
2017-10-19 07:39:59 +00:00
Jakob Kummerow
94b8894392 [bigint] Implement comparisons with Numbers/Strings
This patch provides "Abstract Comparison" functions on the BigInt
class for comparing BigInts to Numbers and Strings.
The functionality is not exposed to JavaScript yet.

Bug: v8:6791
Change-Id: I835f290203a31f363970b1edb359e19af6dabc5d
Reviewed-on: https://chromium-review.googlesource.com/722324
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48718}
2017-10-19 07:25:38 +00:00
Michael Achenbach
8c98e07c82 [test] Auto-detect verify-predictable builds
Bug: v8:6917
Change-Id: Ia768c9aaf71e70d1376ae21a35fd539a7315b0cd
Reviewed-on: https://chromium-review.googlesource.com/725802
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48717}
2017-10-19 07:19:19 +00:00
Michael Achenbach
f5d09025fd Revert "[arm] [simulator] Do also execute tests on real hardware"
This reverts commit 8bacd8486b.

Reason for revert: Fails on chromebooks:
https://build.chromium.org/p/client.v8.ports/builders/V8%20Arm%20-%20debug/builds/4820

Original change's description:
> [arm] [simulator] Do also execute tests on real hardware
> 
> In order to avoid writing tests that *only* pass in the simulator, but
> not on real hardware, do also execute the simulator tests on real
> hardware.
> 
> R=​ahaas@chromium.org, rodolph.perfetta@arm.com
> 
> Bug: v8:6947
> Change-Id: Ibdf1719fff20e17620c0aaa343d7ea28e48f3837
> Reviewed-on: https://chromium-review.googlesource.com/722961
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Rodolph Perfetta <rodolph.perfetta@arm.com>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48706}

TBR=rodolph.perfetta@arm.com,ahaas@chromium.org,clemensh@chromium.org

Change-Id: I4ec1c6ce4f6e86916a83a748819752ba00179ca2
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6947
Reviewed-on: https://chromium-review.googlesource.com/727760
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48716}
2017-10-19 07:16:28 +00:00
Michael Achenbach
96c5e2df06 [test] Enable auto-detection of test flags in gyp
This ports the build_config json from GN to GYP to prepare deprecating
tedious flags passing to the test runner.

This also removes two unused GN flags that only hold temporary values.

Bug: v8:6917
Change-Id: I976185f1541277dc5c9bfbaa7578f35c19dd254c
Reviewed-on: https://chromium-review.googlesource.com/725706
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48715}
2017-10-19 07:02:38 +00:00
Michael Achenbach
73f984bd8b [CQ] Migrate more builders to LUCI CQ experiment
NOTRY=true

Bug: chromium:772816, v8:6918
Change-Id: I60d00d5fe6a46017fc8923dfc3dd922bca65d41f
Reviewed-on: https://chromium-review.googlesource.com/725807
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48714}
2017-10-19 06:23:39 +00:00
Benedikt Meurer
99100db4f3 [turbofan] Unfold bound functions at call sites.
So far the JSCallReducer was only able to unfold constant
JSBoundFunction targets for JSCall nodes, which is not the
common case. With the introduction of JSCreateBoundFunction
operator earlier, we can now also recognize calls to bound
functions where the bind happens earlier in the function,
i.e. as the example of

  a.map(f.bind(self))

in https://twitter.com/BenLesh/status/920700003974123520, which
is a handy way to use Function#bind. So this transformation
takes a node like

  JSCall(JSCreateBoundFunction(bound_target_function,
                               bound_this,
                               a1,...,aN),
         receiver, p1,...,pM)

and turns that into

  JSCall(bound_target_function, bound_this, a1,...,aN,p1,...,pM)

allowing TurboFan to further inline the bound_target_function
at this call site if that's also inlinable (i.e. it's a known
constant JSFunction or the result of a JSCreateClosure call).

This improves the micro-benchmark from

  arrowCall: 55 ms.
  boundCall: 221 ms.
  arrowMap: 181 ms.
  boundMap: 806 ms.

to

  arrowCall: 71 ms.
  boundCall: 76 ms.
  arrowMap: 188 ms.
  boundMap: 186 ms.

so that Function#bind in this case is as fast as using closures,
which is an up to 4.3x improvement in the Array#map example.

Bug: v8:5257, v8:6961
Change-Id: Ibca650faad912bf9db1db6fbc48772e7551289a6
Reviewed-on: https://chromium-review.googlesource.com/727799
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48713}
2017-10-19 06:20:00 +00:00
Eric Holk
ef2036a4e7 [wasm] add a test for accidental sign extension
The bug reference has been fixed, probably due to the new WasmContext
changes. We should keep a regression test for this anyway though.

Bug: v8:6931
Change-Id: Ie9d94690e764498d2153691d96414d0d26258794
Reviewed-on: https://chromium-review.googlesource.com/727022
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48712}
2017-10-19 04:09:21 +00:00
v8-autoroll
aca9d69ea8 Update V8 DEPS.
Rolling v8/build: 8a3ae28..9ba0a1c

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/7525730..2bc7fe7

TBR=machenbach@chromium.org,hablich@chromium.org

Change-Id: I19d3e584aaf901987f50170f1cb0bd65cc35eb9c
Reviewed-on: https://chromium-review.googlesource.com/727622
Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48711}
2017-10-19 03:48:36 +00:00
Eric Holk
0c4595a39e [wasm] temporarily disable gc stress tests in wasm_traps variant
Bug: chromium:776119
Change-Id: Id4839fc3313c020945cd308abff54360f20007c2
Reviewed-on: https://chromium-review.googlesource.com/726820
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48710}
2017-10-19 01:30:32 +00:00
Junliang Yan
81c67751fe PPC: fix constant pool issue in OutOfLineRecordWrite
R=joransiu@ca.ibm.com, jbarboza@ca.ibm.com, michael_dawson@ca.ibm.com

Bug: 
Change-Id: I38688c2168cfe6b1a2baca5ca46726cf3557634b
Reviewed-on: https://chromium-review.googlesource.com/727139
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#48709}
2017-10-19 00:49:44 +00:00
Michael Lippautz
e1e5f6cf97 Revert "Reland "[heap] ArrayBufferTracker: Only consider committed size""
This reverts commit 46f9d5a254.

Reason for revert: Aborted compaction pages require separate handling now that we consider byteLength which is a Number.

Original change's description:
> Reland "[heap] ArrayBufferTracker: Only consider committed size"
> 
> This is a reland of 6488c9e5a6
> Original change's description:
> > [heap] ArrayBufferTracker: Only consider committed size
> > 
> > - Only consider commited size of ABs.
> > - Compute freed memory from retained sizes byte length might be a
> >   HeapNumber and thus prohibited from accessing (as it may be already
> >   collected).
> > 
> > CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_linux64_tsan_rel;master.tryserver.v8:v8_linux64_tsan_concurrent_marking_rel_ng;master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel;master.tryserver.chromium.android:android_optional_gpu_tests_rel
> > 
> > Bug: chromium:775896
> > Change-Id: Ia0bed66afac5e4d5ed58194950a55156e19cec72
> > Reviewed-on: https://chromium-review.googlesource.com/725722
> > Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#48699}
> 
> Tbr: ulan@chromium.org
> Bug: chromium:775896
> Change-Id: Ibbec1ffa8fe90d3668f0fe0c1b8b9997b5fd644e
> Cq-Include-Trybots: master.tryserver.v8:v8_linux64_tsan_rel;master.tryserver.v8:v8_linux64_tsan_concurrent_marking_rel_ng;master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel;master.tryserver.chromium.android:android_optional_gpu_tests_rel
> Reviewed-on: https://chromium-review.googlesource.com/726579
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48707}

TBR=ulan@chromium.org,mlippautz@chromium.org

Change-Id: If678ad73326ceb24e85f3a7bf6350df05991005f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:775896
Cq-Include-Trybots: master.tryserver.v8:v8_linux64_tsan_rel;master.tryserver.v8:v8_linux64_tsan_concurrent_marking_rel_ng;master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel;master.tryserver.chromium.android:android_optional_gpu_tests_rel
Reviewed-on: https://chromium-review.googlesource.com/726799
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48708}
2017-10-18 21:16:27 +00:00
Michael Lippautz
46f9d5a254 Reland "[heap] ArrayBufferTracker: Only consider committed size"
This is a reland of 6488c9e5a6
Original change's description:
> [heap] ArrayBufferTracker: Only consider committed size
> 
> - Only consider commited size of ABs.
> - Compute freed memory from retained sizes byte length might be a
>   HeapNumber and thus prohibited from accessing (as it may be already
>   collected).
> 
> CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_linux64_tsan_rel;master.tryserver.v8:v8_linux64_tsan_concurrent_marking_rel_ng;master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel;master.tryserver.chromium.android:android_optional_gpu_tests_rel
> 
> Bug: chromium:775896
> Change-Id: Ia0bed66afac5e4d5ed58194950a55156e19cec72
> Reviewed-on: https://chromium-review.googlesource.com/725722
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48699}

Tbr: ulan@chromium.org
Bug: chromium:775896
Change-Id: Ibbec1ffa8fe90d3668f0fe0c1b8b9997b5fd644e
Cq-Include-Trybots: master.tryserver.v8:v8_linux64_tsan_rel;master.tryserver.v8:v8_linux64_tsan_concurrent_marking_rel_ng;master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel;master.tryserver.chromium.android:android_optional_gpu_tests_rel
Reviewed-on: https://chromium-review.googlesource.com/726579
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48707}
2017-10-18 20:04:31 +00:00
Clemens Hammacher
8bacd8486b [arm] [simulator] Do also execute tests on real hardware
In order to avoid writing tests that *only* pass in the simulator, but
not on real hardware, do also execute the simulator tests on real
hardware.

R=ahaas@chromium.org, rodolph.perfetta@arm.com

Bug: v8:6947
Change-Id: Ibdf1719fff20e17620c0aaa343d7ea28e48f3837
Reviewed-on: https://chromium-review.googlesource.com/722961
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Rodolph Perfetta <rodolph.perfetta@arm.com>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48706}
2017-10-18 19:52:37 +00:00
Alexey Kozyatinskiy
b1cd96ec4b [inspector] added V8InspectorClient::maxAsyncCallStackDepthChanged
R=dgozman@chromium.org

Bug: none
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I0fa10978266feb3c3907ce1f3386ae7a34a33582
Reviewed-on: https://chromium-review.googlesource.com/726490
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48705}
2017-10-18 19:49:57 +00:00
Junliang Yan
3e48c30a07 PPC/s390: fix Generate_DeserializeLazy to use ip for tail call
Fix lazy deserialization. ip needs to be the address of the calling
function

R=joransiu@ca.ibm.com, jbarboza@ca.ibm.com, michael_dawson@ca.ibm.com

Bug: 
Change-Id: I0852d12328f9a0585c38afa5e121b8b4116520dc
Reviewed-on: https://chromium-review.googlesource.com/726420
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#48704}
2017-10-18 19:27:07 +00:00
Junliang Yan
f4063610cd PPC: fix AssembleMove and Push in codegen
R=joransiu@ca.ibm.com, jbarboza@ca.ibm.com, michael_dawson@ca.ibm.com

Bug: 
Change-Id: I616ccaa956929a3816a9026bf54cabf6041590ec
Reviewed-on: https://chromium-review.googlesource.com/726182
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#48703}
2017-10-18 19:05:37 +00:00
Junliang Yan
952540d268 Fix constant pool printing error
the size of constant pool should be constant_pool_offset to safepoint_offset

Bug: 
Change-Id: I2290ed49ccbeaa12706f2e7c37b72c96bec11fd3
Reviewed-on: https://chromium-review.googlesource.com/721960
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48702}
2017-10-18 19:04:29 +00:00