Commit Graph

32041 Commits

Author SHA1 Message Date
bradnelson
58920e04bc [wasm] Require wasm explicit asm instantiation to be of a function.
We were not checking that the string passed to instantiateFromAsm
contains a function declaration (any declaration was allowed).

Fixes crash.

BUG=620649
BUG=v8:4203
R=aseemgarg@chromium.org

Review-Url: https://codereview.chromium.org/2109533002
Cr-Commit-Position: refs/heads/master@{#37349}
2016-06-28 20:58:28 +00:00
mtrofin
0c7ee92783 [wasm] Complete separation of compilation and instantiation
Support for serializing/deserializing the compiled wasm module.

We want to reuse the javascript snapshotting mechanics, at least in the
short term, when we still use the JS heap for the compiled wasm code.
Given that a module may be compiled in one v8 instance and then
instantiated later, in a different instance, whatever information we need
at instantiation time must also be serializable.

We currently hold on to the un-decoded wasm bytes, for enabling
debugging scenarios. This imposes a ~20% penalty on the memory
requirements of the wasm compiled code. We do not need this data
otherwise, for runtime, and it is sensible to consider eventually loading it
on demand. Therefore, I intentionally avoided relying on it and re-
decoding the wasm module data, and instead saved the information
necessary to support instantiation.

Given how whatever we need to persist must be serializable, the CL
uses a structure made out of serializable objects (fixed arrays mostly)
for storing this information. I preferred going this route rather than
adding more wasm-specific support to the serializer, given that we want
to eventually move off the JS heap, and therefore the serializer.

Additionally, it turns out this extra information is relatively not complex:
minimal structure, little nesting depth, mostly simple data like numbers
or byte blobs, or opaque data like compiled functions.

This CL also moves export compilation ahead of instantiation time.

This change added a helper getter to FixedArray, to make typed retrieval
of elements easier.

BUG=

Review-Url: https://codereview.chromium.org/2094563002
Cr-Commit-Position: refs/heads/master@{#37348}
2016-06-28 20:49:27 +00:00
hpayer
f99f633309 Revert of [heap] Reland uncommit unused large object page memory. (patchset id:1 of https://codereview.chromium.org/2101383002/ )
Reason for revert:
Crashes unbox-double-arrays

Original issue's description:
> [heap] Reland uncommit unused large object page memory.
>
> BUG=
>
> Committed: https://crrev.com/dd0ee5fd11653ba41a292641ccd66ae7cc5a8398
> Cr-Commit-Position: refs/heads/master@{#37341}

TBR=ulan@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review-Url: https://codereview.chromium.org/2106933003
Cr-Commit-Position: refs/heads/master@{#37347}
2016-06-28 20:22:35 +00:00
bjaideep
85cebe7389 PPC/s390: Reland [heap] Avoid the use of cells to point from code to new-space objects.
Port 5e05854019

Original commit message:

    The reason for reverting is: This breaks gc-stress bot:
    https://chromegw.corp.google.com/i/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot

    Abortion of compaction could cause duplicate entries in the typed-old-to-new remembered set.
    These duplicates could cause a DCHECK to trigger which checks that slots recorded in the
    remembered set never point to to-space. This reland-CL allows duplicates in the remembered
    set by removing the DCHECK, and additionally clears entries in the remembered set if objects are moved.

    Original issue's description:

    Cells were needed originally because there was no typed remembered set to
    record direct pointers from code space to new space. A previous
    CL (https://codereview.chromium.org/2003553002/) already introduced
    the remembered set, this CL uses it.

    This CL
    * stores direct pointers in code objects, even if the target is in new space,
    * records the slot of the pointer in typed-old-to-new remembered set,
    * adds a list which stores weak code-to-new-space references,
    * adds a test to test-heap.cc for weak code-to-new-space references,
    * removes prints in tail-call-megatest.js

R=ahaas@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com

BUG=
LOG=N

Review-Url: https://codereview.chromium.org/2108673003
Cr-Commit-Position: refs/heads/master@{#37346}
2016-06-28 18:58:57 +00:00
epertoso
588e15c034 [ia32] Fixes a bug in cmpw.
The opcodes for 'cmpw r/m16, r16' and 'cmpw r16, r/m16' were swapped, causing a few issues when less than/greater than comparison were performed.

Adds a regression test.

BUG=621926

Committed: https://crrev.com/efa7095e3e360fbadbe909d831ac11b268ca26b0
Review-Url: https://codereview.chromium.org/2103713003
Cr-Original-Commit-Position: refs/heads/master@{#37339}
Cr-Commit-Position: refs/heads/master@{#37345}
2016-06-28 18:35:44 +00:00
bjaideep
05638b9d1d PPC/s390: [turbofan] Introduce Float64Pow and NumberPow operators.
Port e607e12ea0

Original commit message:
    Introduce a new machine operator Float64Pow that for now is backed by
    the existing MathPowStub to start the unification of Math.pow, and at
    the same time address the main performance issue that TurboFan still has
    with the imaging-darkroom benchmark in Kraken.

    Also migrate the Math.pow builtin itself to a TurboFan builtin and
    remove a few hundred lines of hand-written platform code for special
    handling of the fullcodegen Math.pow version.

R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com

BUG=v8:3599,v8:5086,v8:5157
LOG=N

Review-Url: https://codereview.chromium.org/2106883002
Cr-Commit-Position: refs/heads/master@{#37344}
2016-06-28 18:01:37 +00:00
ishell
ab7234a492 [ic] Move sloppy_arguments_elements_map down in the root list.
Addressing comment in https://codereview.chromium.org/2102073002/

BUG=chromium:576312, chromium:623516

Review-Url: https://codereview.chromium.org/2109713002
Cr-Commit-Position: refs/heads/master@{#37343}
2016-06-28 18:01:36 +00:00
epertoso
bcdd031590 Revert of [ia32] Fixes a bug in cmpw. (patchset id:40001 of https://codereview.chromium.org/2103713003/ )
Reason for revert:
Causes "buildbot failure in V8 on V8 Linux gcc 4.8, Check"

Original issue's description:
> [ia32] Fixes a bug in cmpw.
>
> The opcodes for 'cmpw r/m16, r16' and 'cmpw r16, r/m16' were swapped, causing a few issues when less than/greater than comparison were performed.
>
> Adds a regression test.
>
> BUG=621926
>
> Committed: https://crrev.com/efa7095e3e360fbadbe909d831ac11b268ca26b0
> Cr-Commit-Position: refs/heads/master@{#37339}

TBR=bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=621926

Review-Url: https://codereview.chromium.org/2106913002
Cr-Commit-Position: refs/heads/master@{#37342}
2016-06-28 17:44:46 +00:00
hpayer
dd0ee5fd11 [heap] Reland uncommit unused large object page memory.
BUG=

Review-Url: https://codereview.chromium.org/2101383002
Cr-Commit-Position: refs/heads/master@{#37341}
2016-06-28 17:41:30 +00:00
ulan
c4f4d6352f Make v8::Isolate::SetRAILMode thread safe and remove the
PERFORMANCE_DEFAULT mode.

BUG=

Review-Url: https://codereview.chromium.org/2108503003
Cr-Commit-Position: refs/heads/master@{#37340}
2016-06-28 17:32:32 +00:00
epertoso
efa7095e3e [ia32] Fixes a bug in cmpw.
The opcodes for 'cmpw r/m16, r16' and 'cmpw r16, r/m16' were swapped, causing a few issues when less than/greater than comparison were performed.

Adds a regression test.

BUG=621926

Review-Url: https://codereview.chromium.org/2103713003
Cr-Commit-Position: refs/heads/master@{#37339}
2016-06-28 17:23:32 +00:00
gdeepti
ef2f33d6c6 Implement Wasm GrowMemory opcode as a wasm runtime call
- GrowMemory runtime function, tests added to checks if memory can be grown
  and relocation information is updated correctly

R=titzer@chromium.org, bradnelson@chromium.org

Review-Url: https://codereview.chromium.org/2051043002
Cr-Commit-Position: refs/heads/master@{#37338}
2016-06-28 16:49:13 +00:00
bradnelson
3325de6d68 Adding some wasm committers to top level OWNERS.
Following the existing model where most committers are top-level OWNERS, this enables easier boilerplate changes to the V8 build environment and tests in the PST time-zone.

R=danno@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2101423002
Cr-Commit-Position: refs/heads/master@{#37337}
2016-06-28 16:28:06 +00:00
ishell
7031861990 [ic] Use UnseededNumberDictionary as a storage for names in TypeFeedbackMetadata.
The serializer does not support serialization of HashTables in general because
after deserialization it might be necessary to rehash the table.
However the UnseededNumberDictionary does not require rehashing and this CL allows
them to be serialized.

This CL also changes the shape of UnseededNumberDictionary: the details field is
no longer part of the entry since no one needs it.

BUG=chromium:576312, chromium:623516

Review-Url: https://codereview.chromium.org/2102073002
Cr-Commit-Position: refs/heads/master@{#37336}
2016-06-28 16:16:12 +00:00
nikolaos
61c137c811 Fix bug with re-scoping arrow function parameter initializers
When re-scoping arrow function parameter initializers, temporaries
should be moved from the closure of the old scope to the closure of
the new scope, if necessary.

R=adamk@chromium.org, rossberg@chromium.org
BUG=chromium:622663
LOG=N

Review-Url: https://codereview.chromium.org/2083083007
Cr-Commit-Position: refs/heads/master@{#37335}
2016-06-28 15:10:17 +00:00
yangguo
872c461b00 [snapshot] revisit snapshot API.
This part of the snapshot API should not be in use yet, so we can still
change this. The motivation for this change is:
- Use MaybeHandle where reasonable.
- Remove ambiguity: when we use index to create context from snapshot,
  we should not have a silent fallback if snapshot is not available.
- Symmetry: rename to Context::FromSnapshot to mirror templates.

R=jochen@chromium.org
BUG=chromium:617892

Review-Url: https://codereview.chromium.org/2100073002
Cr-Commit-Position: refs/heads/master@{#37334}
2016-06-28 13:48:05 +00:00
cbruni
6b63d524c2 [keys] support shadowing keys in the KeyAccumulator
This cl fixes the long-standing bug for for-in with shadowing properties.

BUG=v8:705

Review-Url: https://codereview.chromium.org/2081733002
Cr-Commit-Position: refs/heads/master@{#37333}
2016-06-28 13:33:31 +00:00
bjaideep
04b655c6e9 PPC/AIX: [heap] Uncommit unused large object page memory.
Port d61a5c376b

Original commit message:

    As a first step I uncommit the memory on the main thread. Also
    to measure impact and stability of that optimization. In a
    follow-up CL, the uncommitting should be moved on the concurrent thread.

R=jochen@chromium.org, hpayer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com

BUG=
LOG=N

Review-Url: https://codereview.chromium.org/2041233003
Cr-Commit-Position: refs/heads/master@{#37332}
2016-06-28 13:30:25 +00:00
machenbach
994dc21148 [gn] Use one source of truth for test source files.
This avoids forgetting to add files for either gyp or gn.

While for most executables, this is detected by compilation
errors, for test executables, it can lead to tests silently
not running.

BUG=chromium:474921

Review-Url: https://codereview.chromium.org/2098313002
Cr-Commit-Position: refs/heads/master@{#37331}
2016-06-28 13:24:08 +00:00
bgeron
f416886358 [compiler] Load elimination now traverses CheckTaggedPointer.
It also dereferences the inputs of StoreField, if those were
CheckTaggedPointers. Tested manually.

BUG=

Review-Url: https://codereview.chromium.org/2104893002
Cr-Commit-Position: refs/heads/master@{#37330}
2016-06-28 13:21:00 +00:00
bmeurer
d5ed22808f [turbofan] Introduce proper CheckNumber operator.
We use CheckNumber to guard values as being proper numbers, i.e. if the
input value is anything but a Number, we deoptimize. This follows the
existing effect/control linearization magic that we already use for the
other checks.

R=jarin@chromium.org
BUG=v8:5141

Review-Url: https://codereview.chromium.org/2109623002
Cr-Commit-Position: refs/heads/master@{#37329}
2016-06-28 13:09:10 +00:00
mlippautz
5ff508a822 Add crash instrumentation for crbug.com/621147
BUG=chromium:621147
LOG=N
R=ishell@chromium.org,cbruni@chromium.org

Review-Url: https://codereview.chromium.org/2100313002
Cr-Commit-Position: refs/heads/master@{#37328}
2016-06-28 12:54:36 +00:00
bjaideep
1ef7e4e2a6 AIX: Adding bbigtoc link step option to fix TOC overflow error
Adding link option -bbigtoc to fix TOC overflow error.
    The option instructs the linker to generate TOC larger
    than 64k.

    TOC: http://www.ibm.com/developerworks/rational/library/overview-toc-aix/

R=machenbach@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com

BUG=
LOG=N

Review-Url: https://codereview.chromium.org/2107513002
Cr-Commit-Position: refs/heads/master@{#37327}
2016-06-28 12:45:42 +00:00
ishell
e6076a7951 Use proper write barrier mode when creating rest parameters.
BUG=chromium:623912

Review-Url: https://codereview.chromium.org/2109603002
Cr-Commit-Position: refs/heads/master@{#37326}
2016-06-28 12:42:40 +00:00
ahaas
5e05854019 Reland [heap] Avoid the use of cells to point from code to new-space objects.
The reason for reverting is: This breaks gc-stress bot:
https://chromegw.corp.google.com/i/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot

Abortion of compaction could cause duplicate entries in the typed-old-to-new remembered set. These duplicates could cause a DCHECK to trigger which checks that slots recorded in the remembered set never point to to-space. This reland-CL allows duplicates in the remembered set by removing the DCHECK, and additionally clears entries in the remembered set if objects are moved.

Original issue's description:

Cells were needed originally because there was no typed remembered set to
record direct pointers from code space to new space. A previous
CL (https://codereview.chromium.org/2003553002/) already introduced
the remembered set, this CL uses it.

This CL
* stores direct pointers in code objects, even if the target is in new space,
* records the slot of the pointer in typed-old-to-new remembered set,
* adds a list which stores weak code-to-new-space references,
* adds a test to test-heap.cc for weak code-to-new-space references,
* removes prints in tail-call-megatest.js

Review-Url: https://codereview.chromium.org/2097023002
Cr-Commit-Position: refs/heads/master@{#37325}
2016-06-28 12:36:31 +00:00
bjaideep
75219dad71 PPC64: disable big-array-literal testcase due to stack overflow
Testcase big-array-literal fails with stack overflow error on ppc64,
    increasing stack-size to 1100 resolves the issue, but causes
    other platforms to fail ( https://codereview.chromium.org/2072533002/ ).
    For now, disabling the testcase on ppc64.

R=machenbach@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com

BUG=
LOG=N
NOTRY=true

Review-Url: https://codereview.chromium.org/2098413002
Cr-Commit-Position: refs/heads/master@{#37324}
2016-06-28 12:24:38 +00:00
bmeurer
e607e12ea0 [turbofan] Introduce Float64Pow and NumberPow operators.
Introduce a new machine operator Float64Pow that for now is backed by
the existing MathPowStub to start the unification of Math.pow, and at
the same time address the main performance issue that TurboFan still has
with the imaging-darkroom benchmark in Kraken.

Also migrate the Math.pow builtin itself to a TurboFan builtin and
remove a few hundred lines of hand-written platform code for special
handling of the fullcodegen Math.pow version.

BUG=v8:3599,v8:5086,v8:5157

Review-Url: https://codereview.chromium.org/2103733003
Cr-Commit-Position: refs/heads/master@{#37323}
2016-06-28 10:26:10 +00:00
bmeurer
29da5460fc [arm64] We must not overwrite registers for binop results that are used in frame states.
The ARM64 instruction selector can generate code like this

  negs w0, w1
  b.vs deopt

but then reference the old value of w0 in the frame state, which will
obviously lead to wrong results.

R=jarin@chromium.org
BUG=v8:5158

Review-Url: https://codereview.chromium.org/2103793002
Cr-Commit-Position: refs/heads/master@{#37322}
2016-06-28 10:11:13 +00:00
oth
3bc6cc4fee [interpreter] Streamline bytecode array writing.
Simplify bytecode array writing and remove some now unused bytecode traits
definitions.

BUG=v8:4280
LOG=N

Review-Url: https://codereview.chromium.org/2100793003
Cr-Commit-Position: refs/heads/master@{#37321}
2016-06-28 10:04:52 +00:00
zhengxing.li
7a02c7282f X87: Reland: [Crankshaft] Always check for stubs marked to not require an eager frame.
port 1b4e0130faee8115fae274f1d2c46cfa8ae5f415(r37181)

  original commit message:
  Previously only stubs built in the snapshot were checked for having an
  eager frame. This caused a regression to creap in on ia32 for
  RegExpConstructResultStub. Change test to always check.

BUG=

Review-Url: https://codereview.chromium.org/2098303003
Cr-Commit-Position: refs/heads/master@{#37320}
2016-06-28 09:14:24 +00:00
zhengxing.li
90fa326a6c X87: [builtins] NonNumberToNumber and StringToNumber now use CallRuntime instead of TailCallRuntime.
port b5c69cbf39 (r37132)

  original commit message:
  With the tail call, pointers to the JS heap could be pushed on a
  js-to-wasm frame. On the js-to-wasm frame, however, this pointer would
  not be updated by the GC.

BUG=

Review-Url: https://codereview.chromium.org/2108543002
Cr-Commit-Position: refs/heads/master@{#37319}
2016-06-28 08:56:47 +00:00
mlippautz
8d2ae27808 [heap] Optimize ArrayBuffer tracking
With the current approach we only need to track using an unordered set as we can
still access the backing store pointer and length by the time we free the
backing store.

BUG=chromium:619491, chromium:611688
LOG=N
R=ulan@chromium.org

Review-Url: https://codereview.chromium.org/2107443002
Cr-Commit-Position: refs/heads/master@{#37318}
2016-06-28 08:39:13 +00:00
zhengxing.li
43d0b7e765 X87: [cleanup] Remove dead code from DeclareLookupSlot and rename it.
port cbc6adc86c (r37111)

  original commit message:
  Runtime_DeclareLookupSlot is used when generating code for var and function declarations
  originating in an eval. Over time, it's accumulated quite a bit of cruft, which this CL removes:

    - With legacy const gone, lookup slots never have any property attributes.
    - There was a bit signaling that the variable was from an eval, but that was redundant since
      DeclareLookupSlot is only used for eval.
    - Some Proxy-related code didn't make sense here.

  Its name was also not terribly clear: while "LookupSlot" is used in several places, this
  particular function is only used for declaring variables and functions inside sloppy eval.
  Renamed (and split into two) to make this clear for future archeologists.

  Also added various DCHECKs to check the assumptions being made.

BUG=

Review-Url: https://codereview.chromium.org/2107663002
Cr-Commit-Position: refs/heads/master@{#37317}
2016-06-28 08:33:06 +00:00
yangguo
4c6914293b [debug] fix return position computation for liveedit.
R=jgruber@chromium.org

Review-Url: https://codereview.chromium.org/2107693002
Cr-Commit-Position: refs/heads/master@{#37316}
2016-06-28 08:01:16 +00:00
alph
ca1dcc9c03 Fix MSAN error on arm64 bot.
The main fix is to mark stack memory the SafeStackFrameIterator
accesses as initialied.

Drive-by: Make sure we bail out when the simulator is in the
process of updating FP/SP registers.

BUG=v8:5156

Review-Url: https://codereview.chromium.org/2104763002
Cr-Commit-Position: refs/heads/master@{#37315}
2016-06-28 07:57:58 +00:00
neis
2f0cb3afa3 Fix behavior of throw on yield*.
When calling the throw method on a generator suspended inside a yield*, yield*
in turn tries to call throw on its iterable.  If the iterable does not provide a
throw method, yield* must try to call the return method instead and then throw a
TypeError.  Due to a bug in our desugaring, we never threw the TypeError.

R=adamk@chromium.org
BUG=v8:5132

Review-Url: https://codereview.chromium.org/2094253002
Cr-Commit-Position: refs/heads/master@{#37314}
2016-06-28 07:46:16 +00:00
zhengxing.li
d944015623 X87: [builtins] Introduce proper Float64Tan operator.
port c87168bc8c (r37087)

  original commit message:
  Import base::ieee754::tan() from fdlibm and introduce Float64Tan TurboFan
  operator based on that, similar to what we do for Float64Cos and Float64Sin.
  Rewrite Math.tan() as TurboFan builtin and use those operators to also
  inline Math.tan() into optimized TurboFan functions.

  Drive-by-fix: Kill the %_ConstructDouble intrinsics, and provide only
  the %ConstructDouble runtime entry for writing tests.

BUG=

Review-Url: https://codereview.chromium.org/2101233002
Cr-Commit-Position: refs/heads/master@{#37313}
2016-06-28 07:40:24 +00:00
yangguo
353e1152a5 [liveedit] remove bogus test case.
Removing a bad test case because:
- The test case makes wrong assumptions about compilation. We now
  may run bytecode with the interpreter.
- The test exposes internal implementation details such as pc offset
  of JIT code.
- The test uses a runtime function specially written to cater to, and
  used only by this test. Being unmaintained, this runtime function
  is already returning bogus results, making this test useless.

R=jgruber@chromium.org

Review-Url: https://codereview.chromium.org/2101223002
Cr-Commit-Position: refs/heads/master@{#37312}
2016-06-28 07:40:23 +00:00
neis
41f5f0c0ba Rip out most of our outdated modules implementation.
R=adamk@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2081733004
Cr-Commit-Position: refs/heads/master@{#37311}
2016-06-28 07:25:38 +00:00
neis
6dffb07804 Fix behavior of return on yield*.
When calling the return method on a generator suspended inside a yield*, yield*
in turn calls return on its iterable.  If this results in a "done" iterator,
yield* must return immediately, thus terminating the generator.  For some
reason, we didn't terminate the generator but continued right after the yield*.

R=adamk@chromium.org
BUG=v8:5131

Review-Url: https://codereview.chromium.org/2100093002
Cr-Commit-Position: refs/heads/master@{#37310}
2016-06-28 07:10:54 +00:00
yangguo
610a8cbb51 Use source position table for unoptimized code.
R=bmeurer@chromium.org, jgruber@chromium.org
BUG=v8:5117

Review-Url: https://codereview.chromium.org/2095893002
Cr-Commit-Position: refs/heads/master@{#37309}
2016-06-28 05:52:52 +00:00
bjaideep
37538cb2c1 AIX: Update variable name which conflicts with system defined variable
variable hz is defined as a macro in AIX system header
    /usr/include/sys/m_param.h (as "ticks per second of the clock").
    The pre-processor replaces hz with the numeric value defined in
    system header file and therefore emits an error.
    Re-naming variable name to "iz".

R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com

BUG=
LOG=N

Review-Url: https://codereview.chromium.org/2104483002
Cr-Commit-Position: refs/heads/master@{#37308}
2016-06-28 05:06:30 +00:00
zhengxing.li
fe70bda483 X87: [wasm] Separate compilation from instantiation.
port c1d01aea11 (r37086)

  original commit message:
  Compilation of wasm functions happens before instantiation. Imports are linked afterwards, at instantiation time. Globals and memory are also
  allocated and then tied in via relocation at instantiation time.

  This paves the way for implementing Wasm.compile, a prerequisite to
  offering the compiled code serialization feature.

  Currently, the WasmModule::Compile method just returns a fixed array
  containing the code objects. More appropriate modeling of the compiled module to come.

  Opportunistically centralized the logic on how to update memory
  references, size, and globals, since that logic is the exact same on each
  architecture, except for the actual storing of values back in the
  instruction stream.

BUG=

Review-Url: https://codereview.chromium.org/2100393003
Cr-Commit-Position: refs/heads/master@{#37307}
2016-06-28 05:03:10 +00:00
bmeurer
f50a601ffa [turbofan] Introduce simplified operator NumberAbs.
Add NumberAbs operator to implement an inline version of Math.abs, that
can be optimized and eliminated. We don't use any speculation here, but
for now stick to the information we can infer (this way we avoid the
inherent deopt loops that Crankshaft has around Math.abs).

CQ_INCLUDE_TRYBOTS=tryserver.blink:linux_blink_rel
R=jarin@chromium.org
BUG=v8:5086

Review-Url: https://codereview.chromium.org/2096403002
Cr-Commit-Position: refs/heads/master@{#37306}
2016-06-28 04:37:02 +00:00
v8-autoroll
53d2d24ced Update V8 DEPS.
Rolling v8/build to 87e063014aa0f343b15f5de495a28e5f8572bf8d

Rolling v8/tools/clang to 2ad431ac7823581e1f39c5b770704e1e1ca6cb32

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review-Url: https://codereview.chromium.org/2101893002
Cr-Commit-Position: refs/heads/master@{#37305}
2016-06-28 03:33:28 +00:00
zhengxing.li
3bc1a84227 X87: [builtins] Introduce proper Float64Cos and Float64Sin.
port c781e83194 (r37072)

  original commit message:
  Import base::ieee754::cos() and base::ieee754::sin() from fdlibm and
  introduce Float64Cos and Float64Sin TurboFan operator based on that,
  similar to what we do for Float64Log. Rewrite Math.cos() and Math.sin()
  as TurboFan builtins and use those operators to also inline Math.cos()
  and Math.sin() into optimized TurboFan functions.

BUG=

Review-Url: https://codereview.chromium.org/2105613002
Cr-Commit-Position: refs/heads/master@{#37304}
2016-06-28 03:07:14 +00:00
mattloring
9480ea4496 Reland of Include file names in trace_turbo output (patchset id:1 of https://codereview.chromium.org/2083153004/ )
Reason for revert:
Ready to test fix and reland.

Original issue's description:
> Revert of Include file names in trace_turbo output (patchset  id:40001 of https://codereview.chromium.org/2083863004/ )
>
> Reason for revert:
> Many build bots are failing with a message of the form:
>
> Missing or invalid v8 JSON file: /tmp/tmp2qcEUy_swarming/0/output.json
>
> Can be relanded once we understand why these failures are occuring.
>
> Original issue's description:
> > Include file names in trace_turbo output
> >
> > The trace turbo output will overwrite itself when functions in different
> > files share the same name. Output files now have the form
> > `turbo-<function_name>:<opt_file_name>-<opt_phase>.suffix`.
> >
> > R=ofrobots@google.com
> > BUG=
> >
> > Committed: https://crrev.com/a53b9bf02f31e5647c37e0392afa19f74df1a3ba
> > Cr-Commit-Position: refs/heads/master@{#37199}
>
> TBR=ofrobots@google.com,bmeurer@chromium.org,danno@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=
>
> Committed: https://crrev.com/97c2bc362f234bd58515a0faf6af23b4f8ad183a
> Cr-Commit-Position: refs/heads/master@{#37204}

TBR=ofrobots@google.com,bmeurer@chromium.org,danno@chromium.org,machenbach@google.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review-Url: https://codereview.chromium.org/2081323007
Cr-Commit-Position: refs/heads/master@{#37303}
2016-06-28 00:04:31 +00:00
caitpotter88
4efd20ab57 [parser] report error for shorthand property "await" in async arrow formals
In addition to recording the BindingPattern error, also record an
AsyncArrowFormalParameters error for shorthand property "await" in object
literals.

BUG=v8:4483, v8:5148
R=littledan@chromium.org, jwolfe@igalia.com, adamk@chromium.org, nikolaos@chromium.org

Review-Url: https://codereview.chromium.org/2100623002
Cr-Commit-Position: refs/heads/master@{#37302}
2016-06-27 21:12:19 +00:00
ddchen
fd2bf837a5 [wasm] improve handling of malformed inputs
When reading malformed input, the length of variable-length types can be very large. Computing operand length with this and adding it to PC will overflow and screw up decode.

This patch switches to unsigned int for arity and lengths, terminates loop analysis on error, adds overflow checking to BranchTableOperand, and adds a unit test.

Review-Url: https://codereview.chromium.org/2052623003
Cr-Commit-Position: refs/heads/master@{#37301}
2016-06-27 20:37:28 +00:00
bjaideep
ea844f9aac PPC: Disable constantpool before calling Stub without frame
Constantpool register is being used with no frame, and
    therefore it points to its parent stub's constantpool
    causing segfault.
    Disable constantpool before CallStub if frame not set.

R=joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com

BUG=
LOG=N

Review-Url: https://codereview.chromium.org/2106493002
Cr-Commit-Position: refs/heads/master@{#37300}
2016-06-27 19:44:43 +00:00