Commit Graph

31025 Commits

Author SHA1 Message Date
yangguo
46aeb2aed8 [json] fix encoding change for two-byte gap strings.
R=mstarzinger@chromium.org
BUG=chromium:613570

Review-Url: https://codereview.chromium.org/1997003002
Cr-Commit-Position: refs/heads/master@{#36433}
2016-05-23 09:18:58 +00:00
mstarzinger
4267a2ebe7 [build] Fix Makefile based (native) build.
This fixes the Python include path after the GYP files have been
relocated into another directory. It only affects 'make native', other
targets have been fixed in previous changes already.

R=jkummerow@chromium.org

Review-Url: https://codereview.chromium.org/2001053003
Cr-Commit-Position: refs/heads/master@{#36432}
2016-05-23 09:16:24 +00:00
ahaas
ff69ca7845 [heap] Introduce a new remembered set for typed pointers from old to new.
R=ulan@chromium.org, titzer@chromium.org

Review-Url: https://codereview.chromium.org/2003553002
Cr-Commit-Position: refs/heads/master@{#36431}
2016-05-23 09:01:30 +00:00
ishell
a7a14fdebc [runtime] Don't crash when trying to access manually constructed CallSite object.
... but hit the runtime assert instead.
|
| Runtime error in ../src/runtime/runtime-internal.cc, line 409
|
| call_site.IsJavaScript() || call_site.IsWasm()
|

BUG=chromium:613905
LOG=N

Review-Url: https://codereview.chromium.org/2006603002
Cr-Commit-Position: refs/heads/master@{#36430}
2016-05-23 09:01:29 +00:00
Ilija.Pavlovic
e2e879694a MIPS: Fix function Fast_ArrayConcat.
Port for https://codereview.chromium.org/1409123003

In function Fast_ArrayConcat is added comparation between result_len and
FixedDoubleArray::kMaxLength. This change enables successful execution
of the test regress-599414-array-concat-fast-path.

Original commit message:
  [runtime] Avoid @@isConcatSpreadable lookup for fast path Array.prototype.concat

  Currently we do not check for @@isConcatSpreadable properly. If the Symbol is
  set on the Array.prototype or Object.prototype the current fast paths fail.
  This CL adds a fix to globally invalidate a isConcatSpreadable_protector.

  Drive-by-fix: use named accessors for context variables

TEST=mjsunit/regress/regress-599414-array-concat-fast-path
BUG=

Review-Url: https://codereview.chromium.org/1995313002
Cr-Commit-Position: refs/heads/master@{#36429}
2016-05-23 07:09:15 +00:00
bmeurer
392c1d8e11 [stubs] Enforce correct index representation on 64-bit.
Address computation on 64-bit platforms must be done in Word64, mixing
Word32 here is unsound.

TBR=danno@chromium.org

Review-Url: https://codereview.chromium.org/1997223002
Cr-Commit-Position: refs/heads/master@{#36428}
2016-05-21 19:48:56 +00:00
bmeurer
cc71837fda [builtins] Migrate String.fromCharCode to C++.
The previous JavaScript version created way too many ConsStrings for
longer strings, i.e. when using String.fromCharCode together with
Function.prototype.apply and arrays of char codes.

This version now always allocates sequential strings and therefore uses
way less memory when turning longer character sequences into strings,
and therefore fixes the memory regression on Google Maps.

BUG=chromium:609831
R=yangguo@chromium.org

Review-Url: https://codereview.chromium.org/2004733002
Cr-Commit-Position: refs/heads/master@{#36427}
2016-05-21 16:59:59 +00:00
pierre.langlois
438629ba49 [ARM64] Make BufferDisassembler print the instruction encoding
This patch changes the disassembly output for ARM64 when tracing
compiled code. We used to omit printing the encoding as opposed to what
ARM and X64 do. The new turbolizer tool assumes the encoding is printed
and gets confused otherwise.

This could have been fixed in the tool instead but making disassembly
output consistent across architecture seems like a better solution.

BUG=

Review-Url: https://codereview.chromium.org/1996983003
Cr-Commit-Position: refs/heads/master@{#36426}
2016-05-21 12:46:28 +00:00
danno
2ca36cc33c [stubs] Fix hole-related double bug in ArrayNoArgumentConstructor
BUG=chromium:613796
LOG=N

Review-Url: https://codereview.chromium.org/2002813002
Cr-Commit-Position: refs/heads/master@{#36425}
2016-05-21 09:54:38 +00:00
v8-autoroll
e2ef4da9c3 Update V8 DEPS.
Rolling v8/build to 298aeabfe2aa544f7be8cab05a133428bca7dea3

Rolling v8/third_party/icu to 54f86bb1d1d02968576d21c16d7134ec35c30fbc

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review-Url: https://codereview.chromium.org/2005633002
Cr-Commit-Position: refs/heads/master@{#36424}
2016-05-21 03:33:07 +00:00
mstarzinger
09365ad811 [turbofan] Unify escape analysis offset calculation.
This unifies the calculation of virtual offsets within the escape
analysis pass to go through common helpers. It also switches to safer
accessors for getting FieldAccess and ElementAccess parameters.

R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2000733002
Cr-Commit-Position: refs/heads/master@{#36423}
2016-05-20 17:53:30 +00:00
ivica.bogosavljevic
ff2bd0fdcb Implement UnalignedLoad and UnalignedStore in WASM using
combination of LoadByte/Shift/Or and StoreByte/Shift/And.

BUG=

Review-Url: https://codereview.chromium.org/1928513002
Cr-Commit-Position: refs/heads/master@{#36422}
2016-05-20 17:50:51 +00:00
neis
b3bfc0bd58 [interpreter] Fix source position of yield-exceptions in generators.
R=rmcilroy@chromium.org
BUG=v8:4907,v8:5027

Review-Url: https://codereview.chromium.org/1995303002
Cr-Commit-Position: refs/heads/master@{#36421}
2016-05-20 17:50:50 +00:00
pgorszkowski
7afd712ae0 Invalidate defaultObjects if timezone changes
In case of calling 'toLocaleString', 'toLocaleTimeString' and
'toLocaleDateString' functions of 'Date' with empty 'locales' and
'options', DateTimeFormat is cached inside 'defaultObjects'.
If we change the timezone the cache is not invalidated.

BUG=v8:5022
TEST=cctest:DateCacheVersion. See the bug
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_noi18n_rel_ng

Review-Url: https://codereview.chromium.org/1985423003
Cr-Commit-Position: refs/heads/master@{#36420}
2016-05-20 17:47:45 +00:00
jarin
9aac80f400 Ship turbofan try-catch, try-finally, attempt N+1.
Review-Url: https://codereview.chromium.org/1996373002
Cr-Commit-Position: refs/heads/master@{#36419}
2016-05-20 15:41:02 +00:00
bradnelson
48c2857a93 Delay asm->wasm foreign globals init until later.
Rather than bake foreign globals into the module
at compile time, add a __foreign_init__ function that can be called
after instantiation with foreign values gathers using keys
in a separately generated FixedArray.

This is an incremental step towards being able to enable asm->wasm
on for general traffic, behind a flag.

BUG= https://bugs.chromium.org/p/v8/issues/detail?id=4203
TEST=asm-wasm
R=titzer@chromium.org,aseemgarg@chromium.org
LOG=N

Review-Url: https://codereview.chromium.org/1999523002
Cr-Commit-Position: refs/heads/master@{#36418}
2016-05-20 15:37:23 +00:00
jkummerow
43547df9c7 [crankshaft] Don't inline "dont_crankshaft" functions
Crankshaft shouldn't try to inline functions it knows it can't handle.

BUG=v8:5033

Review-Url: https://codereview.chromium.org/2000703002
Cr-Commit-Position: refs/heads/master@{#36417}
2016-05-20 15:20:15 +00:00
yangguo
766d3ea9a8 [json] handle access checks in BasicJsonStringifier.
R=cbruni@chromium.org

Review-Url: https://codereview.chromium.org/1996333002
Cr-Commit-Position: refs/heads/master@{#36416}
2016-05-20 14:53:45 +00:00
jarin
ca266e74cd [arm] Make CEntryStub's handling of triple return values more robust.
At the moment the code assumes C-function returns the address of the
struct with the values. Unfortunately, the arm ABI does not guarantee that.
After this CL, we do not assume that, and instead just take the value from the stack.

BUG=chromium:611885
LOG=n

Review-Url: https://codereview.chromium.org/2000713002
Cr-Commit-Position: refs/heads/master@{#36415}
2016-05-20 14:38:45 +00:00
jkummerow
ee4ce54494 Revert of [keys] Don't omit write barrier after std::sort (patchset #2 id:20001 of https://codereview.chromium.org/1991173002/ )
Reason for revert:
This array only contains Smis, see its only store site five lines above:

array->set(array_size++, Smi::FromInt(i));

If you want to improve something here, use a C++ array instead of a FixedArray. There's no reason to have this short-lived list on the V8 heap.

Original issue's description:
> [keys] Don't omit write barrier after std::sort
>
> BUG=
>
> Committed: https://crrev.com/681ac8979e820d147380b5fdb2aae773e22f1302
> Cr-Commit-Position: refs/heads/master@{#36412}

TBR=mlippautz@chromium.org,cbruni@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review-Url: https://codereview.chromium.org/1996963002
Cr-Commit-Position: refs/heads/master@{#36414}
2016-05-20 14:14:41 +00:00
titzer
767c34dfae Revert of [turbofan] Take the immediate size in account when narrowing ia32/x64 word comparison operators. (patchset #1 id:1 of https://codereview.chromium.org/1968453002/ )
Reason for revert:
Breaks a KCS demo:

BUG=chromium:611976

Original issue's description:
> [turbofan] Take the immediate size in account when narrowing ia32/x64 word comparison operators.
>
> Trying to re-land http://crrev.com/1948453002 after fixing assembler-x64.cc in http://crrev.com/1962563003.
>
> Before this patch, we would emit a cmp or test with a memory operand only if both of the operands in the IR were loads. Now if either of them is a load and the other one is an immediate, we can use a memory operand if the load representation machine size is wide enough to represent the latter.
>
> Committed: https://crrev.com/2da70f853d7f680d491c37c72d5ef04a85497ba9
> Cr-Commit-Position: refs/heads/master@{#36136}

TBR=bmeurer@chromium.org,epertoso@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.

Review-Url: https://codereview.chromium.org/1995303003
Cr-Commit-Position: refs/heads/master@{#36413}
2016-05-20 14:09:46 +00:00
cbruni
681ac8979e [keys] Don't omit write barrier after std::sort
BUG=

Review-Url: https://codereview.chromium.org/1991173002
Cr-Commit-Position: refs/heads/master@{#36412}
2016-05-20 13:59:49 +00:00
hpayer
ba8ecfd58f Adding a SetRAILMode API.
BUG=chromium:613518
LOG=n

Review-Url: https://codereview.chromium.org/1999743002
Cr-Commit-Position: refs/heads/master@{#36411}
2016-05-20 13:37:49 +00:00
mlippautz
fdd9f6b92d [heap] Harden heap-related cctests
- Move usable functions into proper heap-utils.h/.cc files and remove
  utils-inl.h file
- Fix assumptions accross the board relying on certain behavior that is not
  invariant

This is a requirement for modifying page size.

BUG=chromium:581412
LOG=N
R=ulan@chromium.org

Review-Url: https://codereview.chromium.org/1999753002
Cr-Commit-Position: refs/heads/master@{#36410}
2016-05-20 13:32:50 +00:00
yangguo
a19404f04a [json] handle proxies in BasicJsonSerializer.
R=cbruni@chromium.org

Review-Url: https://codereview.chromium.org/1994183002
Cr-Commit-Position: refs/heads/master@{#36409}
2016-05-20 13:20:19 +00:00
mvstanton
b71f1cc2f4 Bugfix: Crankshaft array literals with incorrect values.
In VisitArrayLiteral(), we stopped creating boilerplates during
 compilation. This created a bug, because we'd emit an HStoreKeyed with an
 ElementsKind based on the initial elements kind of the boilerplate. Since
 boilerplates may transition as part of elements transition feedback, this can
 lead to incorrect values (storing a smi in a double array).

BUG=chromium:606021

Review-Url: https://codereview.chromium.org/2000673002
Cr-Commit-Position: refs/heads/master@{#36408}
2016-05-20 13:07:52 +00:00
ulan
84ee947013 Workaround for glibc semaphore bug.
Instead of dynamically creating semaphore for each page parallel job,
we create one semaphore for MarkCompact and reuse it.

This patch also removes all instrumentation code that was added to
help with investigation.

BUG=chromium:609249
LOG=NO

Review-Url: https://codereview.chromium.org/1998213002
Cr-Commit-Position: refs/heads/master@{#36407}
2016-05-20 12:16:22 +00:00
jkummerow
80b936ae0d [build] Fix d8-for-Android builds
Review-Url: https://codereview.chromium.org/2003513002
Cr-Commit-Position: refs/heads/master@{#36406}
2016-05-20 12:10:45 +00:00
caitpotter88
239309fc8f [heap] don't flush async functions, they may be resumed later
BUG=v8:4483
R=littledan@chromium.org, hpayer@chromium.org, mstarzinger@chromium.org, ulan@chromium.org

Review-Url: https://codereview.chromium.org/1992093003
Cr-Commit-Position: refs/heads/master@{#36405}
2016-05-20 12:07:51 +00:00
mstarzinger
8a791c4624 [turbofan] Treat typeof operators as escaping uses.
For now we treat simplified ObjectIsFoo operators as escaping uses when
it comes to escape analysis. Eventually we want to handle them in the
associated reducer, just like we do with ObjectIsSmi.

R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2002573002
Cr-Commit-Position: refs/heads/master@{#36404}
2016-05-20 11:35:45 +00:00
machenbach
2f8a0077ae Revert of Refactor script position calculation (patchset #3 id:40001 of https://codereview.chromium.org/2003483002/ )
Reason for revert:
Crashes gc stress with custom snapshot:
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/5763

Original issue's description:
> Refactor script position calculation
>
> Script position calculation logic (i.e. line & column numbers for a
> given code position) is now based on a single method
> Script::GetPositionInfo(). Refactored related code in isolate.cc and
> js/messages.js to use the new method. The line_ends accessor is still
> in use by chromium and thus cannot be removed yet.
>
> R=yangguo@chromium.org
> BUG=
>
> Committed: https://crrev.com/2f3879d54633c4076d38e9fc85b6e2e157c61548
> Cr-Commit-Position: refs/heads/master@{#36398}

TBR=yangguo@chromium.org,jgruber@chromium.org,jgruber@google.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review-Url: https://codereview.chromium.org/1995323002
Cr-Commit-Position: refs/heads/master@{#36403}
2016-05-20 10:49:37 +00:00
gdeepti
4001d55e69 [simdjs] Update SIMD runtime functions as per spec
- Lane indices are no longer required to be integers. Add index coersion for loads/stores
 - Give shift operators masking shift count semantics
 - Throw type/range errors instead of runtime asserts.

BUG=v8:4963
LOG=N

R=bbudge@chromium.org, bmeurer@chromium.org

Review-Url: https://codereview.chromium.org/1965443003
Cr-Commit-Position: refs/heads/master@{#36402}
2016-05-20 10:18:12 +00:00
neis
b3ae02e8e4 [turbofan] Implement intrinsic lowering of %_GeneratorClose.
Also change parser to insert %_GeneratorClose instead of %GeneratorClose.
Full-codegen generators will fall back to the runtime function.

BUG=v8:4907

Review-Url: https://codereview.chromium.org/1993073003
Cr-Commit-Position: refs/heads/master@{#36401}
2016-05-20 09:41:23 +00:00
mstarzinger
66d76797df [deoptimizer] Support materialization of closures.
This adds support to materialize JSFunction objects from deoptimization
information. By now we need to support this because TurboFan's escape
analysis can produce virtual (i.e. non-escaping) closures.

R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/1998143002
Cr-Commit-Position: refs/heads/master@{#36400}
2016-05-20 09:20:02 +00:00
machenbach
d77b332e1c [tools] Make cpu-governor flip more robust in perf runner
NOTRY=true
TBR=mtrofin@chromium.org

Review-Url: https://codereview.chromium.org/1996923002
Cr-Commit-Position: refs/heads/master@{#36399}
2016-05-20 09:07:40 +00:00
jgruber
2f3879d546 Refactor script position calculation
Script position calculation logic (i.e. line & column numbers for a
given code position) is now based on a single method
Script::GetPositionInfo(). Refactored related code in isolate.cc and
js/messages.js to use the new method. The line_ends accessor is still
in use by chromium and thus cannot be removed yet.

R=yangguo@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2003483002
Cr-Commit-Position: refs/heads/master@{#36398}
2016-05-20 09:00:17 +00:00
hablich
eb059498b2 Revert of [ESNext] Activate async/await for ClusterFuzz (patchset #1 id:1 of https://codereview.chromium.org/1992173002/ )
Reason for revert:
First CF feedback is in, reverting for now until the know bugs are fixed.

Original issue's description:
> [ESNext] Activate async/await for ClusterFuzz
>
> BUG=v8:4483
> R=neis@chromium.org,littledan@chromium.org,caitpotter88@gmail.com
> LOG=N
>
> Committed: https://crrev.com/c57cadfa09fa493141bf43c1c7b898187a71da19
> Cr-Commit-Position: refs/heads/master@{#36362}

TBR=littledan@chromium.org,caitpotter88@gmail.com,neis@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4483

Review-Url: https://codereview.chromium.org/2003503002
Cr-Commit-Position: refs/heads/master@{#36397}
2016-05-20 08:56:36 +00:00
zhengxing.li
450050830a X87: [Interpreter] Support compiling for baseline on return from interpreted function.
port f241a61a34 (r36360)

  original commit message:
  We cannot tier up from interpreted to baseline code when there is an
  activation of the function on the stack. This significantly regresses
  the performance of recursive functions since they are unlikely to get
  tiered up.

  This CL adds the ability for a function to be marked for baseline
  compilation when it returns. To do this we patch the
  InterpreterEntryTrampoline return address to point to
  InterpreterMarkBaselineOnReturn, which leaves the
  interpreted frame and recompile the function for
  baseline.

  This improves the score of EarlyBoyer by ~8x for Ignition.

BUG=

Review-Url: https://codereview.chromium.org/1998153002
Cr-Commit-Position: refs/heads/master@{#36396}
2016-05-20 08:42:52 +00:00
neis
29f3e6682b [generators] Replace some runtime functions with Turbofan JS operators.
Introduce three new JS operators in Turbofan:
- JSGeneratorStore is used in implementing Ignition's SuspendGenerator bytecode.
- JSGeneratorRestoreContinuation and JSGeneratorRestoreRegister are used in
  implementing Ignition's ResumeGenerator bytecode.

Remove the runtime functions that were used to implement these bytecodes before.

BUG=v8:4907

Review-Url: https://codereview.chromium.org/1991203002
Cr-Commit-Position: refs/heads/master@{#36395}
2016-05-20 08:30:35 +00:00
mtrofin
ec2c5a037a Cleanup: shared isolate
BUG=

Review-Url: https://codereview.chromium.org/1993233002
Cr-Commit-Position: refs/heads/master@{#36394}
2016-05-20 08:05:39 +00:00
verwaest
584386a2d9 Make sure only toStringTag is used for Object.prototype.toString with JSON / Math
BUG=

Review-Url: https://codereview.chromium.org/1992153002
Cr-Commit-Position: refs/heads/master@{#36393}
2016-05-20 08:00:36 +00:00
yangguo
e17c68c493 [JSON] implement indentation in the BasicJsonStringifier and expose via API.
R=jochen@chromium.org, verwaest@chromium.org

Review-Url: https://codereview.chromium.org/1922603006
Cr-Commit-Position: refs/heads/master@{#36392}
2016-05-20 07:58:02 +00:00
ishell
e7ab29607c [turbofan] Fix turbo json file generation for code stubs.
Review-Url: https://codereview.chromium.org/1998103002
Cr-Commit-Position: refs/heads/master@{#36391}
2016-05-20 07:52:55 +00:00
dpranke
2e0bd36d27 Try to reland v8_snapshot GN build changes, take #3
This patch re-lands #36341 with another fix to make
the amd64-generic build work as well.

R=machenbach@chromium.org, hablich@chromium.org, adamk@chromium.org
BUG=608596, 595653
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:chromeos_daisy_chromium_compile_only_ng,chromeos_amd64-generic_chromium_compile_only_ng,chromeos_x86-generic_chromium_compile_only_ng,linux_chromium_gn_chromeos_rel,linux_chromium_gn_chromeos_dbg

Review-Url: https://codereview.chromium.org/1996513005
Cr-Commit-Position: refs/heads/master@{#36390}
2016-05-20 07:00:09 +00:00
ishell
6e529ef1bb [crankshaft] Fix typo in AddUncasted() with 9 arguments.
... introduced in https://codereview.chromium.org/1782743003/

TBR=bmeurer@chromium.org

Review-Url: https://codereview.chromium.org/1998093002
Cr-Commit-Position: refs/heads/master@{#36389}
2016-05-20 07:00:08 +00:00
zhengxing.li
f16cd71df7 X87: [turbofan] Add DebugBreak machine operator and support.
port 78b1585f1d (r36355)

  original commit message:

BUG=

Review-Url: https://codereview.chromium.org/1998013002
Cr-Commit-Position: refs/heads/master@{#36388}
2016-05-20 03:42:07 +00:00
v8-autoroll
0307906863 Update V8 DEPS.
Rolling v8/build to f81cc400005454453b83aad6e47e321a37d092dd

Rolling v8/third_party/android_tools to 5b5f2f60b78198eaef25d442ac60f823142a8a6e

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review-Url: https://codereview.chromium.org/1999603003
Cr-Commit-Position: refs/heads/master@{#36387}
2016-05-20 03:34:05 +00:00
jyan
97bfd23874 PPC/S390: Fix native build break caused by type mismatch
R=joransiu@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com
BUG=

Review-Url: https://codereview.chromium.org/1989363008
Cr-Commit-Position: refs/heads/master@{#36386}
2016-05-19 21:11:56 +00:00
binji
d208cdd7f1 Add {lda,stl}x?r{,b,h} instructions to ARM64 assembler/disassembler
They are not currently implemented by the ARM64 simulator.

R=jarin@chromium.org, bmeurer@chromium.org

Review-Url: https://codereview.chromium.org/1990073002
Cr-Commit-Position: refs/heads/master@{#36385}
2016-05-19 20:10:05 +00:00
jyan
31ac67ee61 PPC/S390: [Interpreter] Support compiling for baseline on return from interpreted function.
port f241a61a34

Original Commit Message:
    We cannot tier up from interpreted to baseline code when there is an
    activation of the function on the stack. This significantly regresses
    the performance of recursive functions since they are unlikely to get
    tiered up.

    This CL adds the ability for a function to be marked for baseline
    compilation when it returns. To do this we patch the
    InterpreterEntryTrampoline return address to point to
    InterpreterMarkBaselineOnReturn, which leaves the
    interpreted frame and recompile the function for
    baseline.

    This improves the score of EarlyBoyer by ~8x for Ignition.

R=rmcilroy@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com
BUG=v8:4280
LOG=N

Review-Url: https://codereview.chromium.org/1993343002
Cr-Commit-Position: refs/heads/master@{#36384}
2016-05-19 20:06:20 +00:00