Commit Graph

33191 Commits

Author SHA1 Message Date
bgeron
f1f7222842 [turbofan] Instead of using properties, use a whitelist for store-store elimination. Make --turbo imply --turbo-store-elimination, so it is tested by ClusterFuzz.
This should fix bug v8:5280.

BUG=v8:5280

Review-Url: https://codereview.chromium.org/2236443006
Cr-Commit-Position: refs/heads/master@{#38649}
2016-08-16 10:53:43 +00:00
mstarzinger
cd4a310f1b [interpreter] Stage bytecode preservation.
This stages the --ignition-preserve-bytecode flag which preserves the
bytecode even when switching to baseline code. It is now implied by the
combined --ignition-staging flag.

R=rmcilroy@chromium.org

Review-Url: https://codereview.chromium.org/2244303003
Cr-Commit-Position: refs/heads/master@{#38648}
2016-08-16 10:49:28 +00:00
hablich
f1f572b067 [WASM] Fix build problem on Android
BUG=v8:5291
R=titzer@chromium.org

Review-Url: https://codereview.chromium.org/2241203004
Cr-Commit-Position: refs/heads/master@{#38647}
2016-08-16 09:34:16 +00:00
verwaest
7a2553ff87 Reorder DCHECKs so !is_with_scope() has a chance of being useful
BUG=v8:5209

Review-Url: https://codereview.chromium.org/2247073003
Cr-Commit-Position: refs/heads/master@{#38646}
2016-08-16 09:30:09 +00:00
jgruber
b4c1aefb9c Refactor data structures for simple stack traces
Simple stack traces are captured through Isolate::CaptureSimpleStackTrace.
Captured frames are stored in a FixedArray, which in turn is stored as a
property (using a private symbol) on the error object itself. Actual formatting
of the textual stack trace is done lazily when the user reads the stack
property of the error object.

This would involve many conversions back and forth between index-encoded raw
data (receiver, function, offset and code), JS CallSite objects, and C++
CallSite objects.

This commit refactors the C++ CallSite class into a Struct class called
StackTraceFrame, which is the new single point of truth frame information.
Isolate::CaptureSimpleStackTrace stores an array of StackTraceFrames, and JS
CallSite objects (now created only when the user specifies custom stack trace
formatting through Error.prepareStackTrace) internally only store a reference
to a StackTraceFrame.

BUG=

Review-Url: https://codereview.chromium.org/2230953002
Cr-Commit-Position: refs/heads/master@{#38645}
2016-08-16 08:37:07 +00:00
mtrofin
0686c414a6 [wasm] Serialization test using external APIs and contexts
A test exercising the public APIs for wasm serialization and
simulates the serialization scenario - serialize in one isolate, deserialize
in another.

BUG=v8:5072

Review-Url: https://codereview.chromium.org/2249973002
Cr-Commit-Position: refs/heads/master@{#38644}
2016-08-16 08:07:19 +00:00
verwaest
860a3ce26f Declare 'this' as DYNAMIC_GLOBAL on the script_scope
Follow-up cleanup to https://codereview.chromium.org/2231813003

BUG=

Review-Url: https://codereview.chromium.org/2237873002
Cr-Commit-Position: refs/heads/master@{#38643}
2016-08-16 07:44:10 +00:00
v8-autoroll
12d0c9ae14 Update V8 DEPS.
Rolling v8/build to f5aadfbec4267ecafa3200c571131c84d1ced4be

Rolling v8/third_party/WebKit/Source/platform/inspector_protocol to e17560795294ff0c23bdae7665ec71c95a75561e

Rolling v8/tools/clang to ad9e1e262ff737d779bb2e5b49e3987547f05694

Rolling v8/tools/mb to e89c543a2ab08d70b876130ac83c04a92daffeaf

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review-Url: https://codereview.chromium.org/2249993002
Cr-Commit-Position: refs/heads/master@{#38642}
2016-08-16 03:25:46 +00:00
adamk
9349243506 [ast] Clean up a few unnecessary bits in AST
R=verwaest@chromium.org

Review-Url: https://codereview.chromium.org/2248813002
Cr-Commit-Position: refs/heads/master@{#38641}
2016-08-15 20:53:28 +00:00
jyan
1153621249 s390: Allow larger Operands/Displacements/Offsets in s390
R=joransiu@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com, bjaideep@ca.ibm.com
BUG=

Review-Url: https://codereview.chromium.org/2244373002
Cr-Commit-Position: refs/heads/master@{#38640}
2016-08-15 18:57:45 +00:00
gsathya
0f40fb207d [isolate] Remove unused exception handle
Review-Url: https://codereview.chromium.org/2246963002
Cr-Commit-Position: refs/heads/master@{#38639}
2016-08-15 18:18:33 +00:00
adamk
b028e64b27 [turbofan] Re-separate logic for LET and CONST in BuildVariableAssignment
The structure of this code changed in https://codereview.chromium.org/2201193004,
but the structural changes were not essential to that CL's purpose (which was
to use Variable::binding_needs_init() consistently to decide whether to
hole-check). Now the code should appear as it did before that change, but with
the addition of binding_needs_init() checks.

R=bmeurer@chromium.org, mstarzinger@chromium.org

Review-Url: https://codereview.chromium.org/2237933002
Cr-Commit-Position: refs/heads/master@{#38638}
2016-08-15 18:08:08 +00:00
mattloring
b052909c25 [builtins] IndexOf/LastIndexOf implementation for typedarrays
Removes dependence on InnerArrayIndexOf/InnerArrayLastIndexOf and
reduces type polution caused by sharing these functions between standard
and typed arrays.

BUG=

Review-Url: https://codereview.chromium.org/2243523002
Cr-Commit-Position: refs/heads/master@{#38637}
2016-08-15 17:01:29 +00:00
jbroman
c5701e166e Blink-compatible serialization of strings.
This includes UTF-8 strings and two-byte strings, both length-delimited
(in bytes, not characters). Two-byte strings are written/read in host byte
order.

BUG=chromium:148757

Review-Url: https://codereview.chromium.org/2245753002
Cr-Commit-Position: refs/heads/master@{#38636}
2016-08-15 15:27:11 +00:00
jyan
cba03ba85f [compiler] Allow matcher to work on arch without scaling capability
Add an extra paramter to disable scale on BaseWithIndexAndDisplacementMatcher.

R=bmeurer@chromium.org, epertoso@chromium.org, jarin@chromium.org, mstarzinger@chromium.org, mtrofin@chromium.org, titzer@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2239813002
Cr-Commit-Position: refs/heads/master@{#38635}
2016-08-15 14:41:17 +00:00
klaasb
935340a4c5 [interpreter] VisitForTest for bytecode generator
Adds TestResultScope and uses it to directly jump/fall through to the
correct branch in expressions used as branch conditions.
Should enable nicer TurboFan-graphs for easier control-flow
transformations in the future.

BUG=v8:4280
LOG=n

Review-Url: https://codereview.chromium.org/2242463002
Cr-Commit-Position: refs/heads/master@{#38634}
2016-08-15 13:10:59 +00:00
rmcilroy
160d0a1803 [Parser] Remove Variable::is_possibly_eval.
Removes Variable::is_possibly_eval() and instead stores whether
a call is possibly eval in the Call node's bitfield.

Also removes HandleDereferenceMode since it's no longer used.

BUG=v8:5203

Review-Url: https://codereview.chromium.org/2242583003
Cr-Commit-Position: refs/heads/master@{#38633}
2016-08-15 10:59:18 +00:00
baptiste.afsa
75a204583f [turbofan] Use a map to cache values definition in instruction scheduler.
R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2193063003
Cr-Commit-Position: refs/heads/master@{#38632}
2016-08-15 09:15:40 +00:00
v8-autoroll
f8776c5d39 Update V8 DEPS.
Rolling v8/third_party/WebKit/Source/platform/inspector_protocol to ac24d974a70c8611d2837e183d6cf99f39fb0410

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review-Url: https://codereview.chromium.org/2244173002
Cr-Commit-Position: refs/heads/master@{#38631}
2016-08-15 03:21:34 +00:00
jbroman
39bbb6f22a Blink-compatible serialization of numbers.
This includes unsigned integers (encoded as base-128 varints), signed integers
(ZigZag-encoded, then varint-encoded) and doubles (written in host byte order).

BUG=chromium:148757

Review-Url: https://codereview.chromium.org/2232323004
Cr-Commit-Position: refs/heads/master@{#38630}
2016-08-15 01:00:31 +00:00
v8-autoroll
d1dcebd1f5 Update V8 DEPS.
Rolling v8/build to 4155375bddb65fe3d2dbc42ab0d64c4d72527165

Rolling v8/third_party/WebKit/Source/platform/inspector_protocol to 9d440c96636c5a41ce3e40f1924fe41dd2694f51

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review-Url: https://codereview.chromium.org/2244113002
Cr-Commit-Position: refs/heads/master@{#38629}
2016-08-14 03:24:37 +00:00
v8-autoroll
6cd995013e Update V8 DEPS.
Rolling v8/build to 45574dce74fca42e485fbc5cd78bd24bcfeb905f

Rolling v8/buildtools to adb8bf4e8fc92aa1717bf151b862d58e6f27c4f2

Rolling v8/tools/clang to 6d377a47e9c668c7550d17a7d4e6ba9f5931703a

Rolling v8/tools/mb to c78da3f5bccc979b35907c4cbf937aa5187e41fa

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review-Url: https://codereview.chromium.org/2240213004
Cr-Commit-Position: refs/heads/master@{#38628}
2016-08-13 03:24:27 +00:00
caitp
a9e470797b [parser] improve inferred function names for async arrow functions
No longer include the "async" keyword, or an async arrow function's single
identifier parameter as part of its inferred name.

BUG=v8:5281, v8:4483
R=adamk@chromium.org, littledan@chromium.org, marja@chromium.org

Review-Url: https://codereview.chromium.org/2235423003
Cr-Commit-Position: refs/heads/master@{#38627}
2016-08-12 22:47:11 +00:00
jshin
4e8ebeb03c Throw when case mapping result > max string length
Throw 'Range Error: invalid string length' when the result of
case mapping is longer than the max string length (kMaxLength in
objects.h = 1 << 28 - 16).

This is for case mapping with ICU.

A new test (case-mapping-slow.js) is added with PASS,SLOW. It's
configured to skip unless arch=x64 and mode=release and not on
simulator.

This is a reattempt to land
 https://codereview.chromium.org/2236593002 that was reverted.

BUG=v8:5271
TEST=intl/general/case-mapping-slow.js with --icu_case_mapping

Review-Url: https://codereview.chromium.org/2236963003
Cr-Commit-Position: refs/heads/master@{#38626}
2016-08-12 19:52:32 +00:00
jbroman
e6d1a80e79 Blink-compatible serialization of oddball values.
BUG=chromium:148757

Review-Url: https://codereview.chromium.org/2232243003
Cr-Commit-Position: refs/heads/master@{#38625}
2016-08-12 14:49:23 +00:00
jkummerow
bb9707c8d2 [regexp][liveedit] Fix inconsistent JSArrays
The hand-written KeyedLoadIC_Megamorphic stub didn't care about JSArray
lengths, which made it lenient towards said lengths being wrong, but it
will soon fix that bug and thereby become more strict.

LiveEdit: factory->NewJSArray(capacity) doesn't set a length, so set it
manually.
RegExp: to avoid having to take care of array length updating in the
RegExpExecStub, just use a JSObject instead.

Review-Url: https://codereview.chromium.org/2244673002
Cr-Commit-Position: refs/heads/master@{#38624}
2016-08-12 14:29:59 +00:00
rmcilroy
bbd0a093ca Revert of [interpreter] Inline ForInFilter stub. (patchset #1 id:1 of https://codereview.chromium.org/2220343002/ )
Reason for revert:
Speculative revert to possible performance regressions.

BUG=chromium:635826,chromium:635930

Original issue's description:
> [interpreter] Inline ForInFilter stub.
>
> BUG=v8:4280
> LOG=N
>
> Committed: https://crrev.com/2bf0b8c8ed5d0c93982c8c227e93622aceecea16
> Cr-Commit-Position: refs/heads/master@{#38420}

TBR=oth@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=v8:4280

Review-Url: https://codereview.chromium.org/2238283002
Cr-Commit-Position: refs/heads/master@{#38623}
2016-08-12 14:00:30 +00:00
georgia.kouveli
dc6b5109d7 [ARM64] Optimize load followed by shift.
Instead of loading 64 bits and shifting:

      ldr x0, [x1, #offset]
      asr x0, x0, #32

    directly load the interesting 32 bits and sign-extend:

      ldrsw x0, [x1, #offset+4]

BUG=

Review-Url: https://codereview.chromium.org/2243843002
Cr-Commit-Position: refs/heads/master@{#38622}
2016-08-12 13:55:46 +00:00
yangguo
f03bebc77d [debugger] add mixed-stack tests.
R=jgruber@chromium.org, mstarzinger@chromium.org
BUG=v8:5265

Review-Url: https://codereview.chromium.org/2246483002
Cr-Commit-Position: refs/heads/master@{#38621}
2016-08-12 13:51:19 +00:00
mstarzinger
a7c63607d2 [interpreter] Compiler shortcut when bytecode present.
This adds a shortcut to the compilation pipeline that makes sure we are
not regenerating bytecode when it has been preserved from a previous
request. This can happen when code flushing removes baseline code,
thereby clearing the entry trampoline but leaving bytecode intact.

R=yangguo@chromium.org
BUG=v8:5265

Review-Url: https://codereview.chromium.org/2241783002
Cr-Commit-Position: refs/heads/master@{#38620}
2016-08-12 13:45:05 +00:00
verwaest
0a93ebaa76 Get rid of dead RemoveTemporary
kudos to marja@ for finding this

BUG=v8:5209

Review-Url: https://codereview.chromium.org/2243833002
Cr-Commit-Position: refs/heads/master@{#38619}
2016-08-12 13:34:25 +00:00
epertoso
b167ae3361 [interpreter] Collect type feedback from bitwise binary ops handlers.
Also, re-enables the use of the type feedback in BytecodeGraphBuilder.

BUG=v8:5273
LOG=N

Review-Url: https://codereview.chromium.org/2235133003
Cr-Commit-Position: refs/heads/master@{#38618}
2016-08-12 13:04:31 +00:00
mstarzinger
68868c73c4 [compiler] Remove compiler internals from CodeAssembler.
This removes some compiler internals as well as some JavaScript specific
helper from the CodeAssembler, by either hiding or moving the support
into the CodeStubAssembler.

R=bmeurer@chromium.org

Review-Url: https://codereview.chromium.org/2246463002
Cr-Commit-Position: refs/heads/master@{#38617}
2016-08-12 12:57:48 +00:00
rmcilroy
cc7587110e Call IsStringLiteral instead of IsPropertyName in VisitObjectLiteral.
This should be faster and should give the same result.

BUG=v8:5203

Review-Url: https://codereview.chromium.org/2243783002
Cr-Commit-Position: refs/heads/master@{#38616}
2016-08-12 12:34:22 +00:00
bmeurer
665f0e4020 [turbofan] Fix CheckedInt32Mod lowering for -0 case with negative left hand side.
Properly deoptimize if the left hand side of a CheckedInt32Mod is
negative and the result of the operation is zero.

R=jarin@chromium.org
BUG=v8:5286

Review-Url: https://codereview.chromium.org/2243803002
Cr-Commit-Position: refs/heads/master@{#38615}
2016-08-12 12:13:51 +00:00
yangguo
3494a3dcbc [deoptimizer] use correct code/bytecode to compute source position.
With --ignition-preserve-bytecode, we don't have the guarantee that
SharedFunctionInfo::abstract_code() returns the code we deopt to.

R=mstarzinger@chromium.org
BUG=v8:5265

Review-Url: https://codereview.chromium.org/2239773003
Cr-Commit-Position: refs/heads/master@{#38614}
2016-08-12 12:01:52 +00:00
mlippautz
1617043c10 Revert of "[heap] Switch to 500k pages" (patchset #11 id:220001 of https://codereview.chromium.org/2232653003/ )
Reason for revert:
Breaks benchmark with --turbo on avx2

https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20-%20avx2/builds/9895

Original issue's description:
> Reland of "[heap] Switch to 500k pages"
>
> Decrease regular heap object size to 400k. In a follow up, we can now get rid of
> the new space border page while keeping the 1M minimum new space size.
>
> BUG=chromium:636331
>
> This reverts commit 555c961990.
>
> Committed: https://crrev.com/20e2ea80e169e85c5b8231adc02901fb6c989609
> Cr-Commit-Position: refs/heads/master@{#38608}

TBR=hpayer@chromium.org,yangguo@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:636331

Review-Url: https://codereview.chromium.org/2239323002
Cr-Commit-Position: refs/heads/master@{#38613}
2016-08-12 11:42:37 +00:00
georgia.kouveli
227353b76a [ARM64] Change TruncateInt64ToInt32 to a NOP.
BUG=

Review-Url: https://codereview.chromium.org/2240803003
Cr-Commit-Position: refs/heads/master@{#38612}
2016-08-12 11:30:05 +00:00
jgruber
d252808011 Handle missing context when getting frame details
This bug was triggered by a very specific combination:

* A context-allocated variable at script scope.
* OSR optimization.
* A scheduled breakpoint, which triggers at stack checks.

Stack checks differ from other possible breakpoint locations in that
the context (among other things) may be in a register and not on the
stack, making it impossible to recover during deoptimization. The
frame_inspector then returns undefined when asked for the context.

In GetFrameDetails, handle this case by omitting all context-allocated
variables.

BUG=v8:5279

Review-Url: https://codereview.chromium.org/2245603002
Cr-Commit-Position: refs/heads/master@{#38611}
2016-08-12 11:20:19 +00:00
yangguo
1b43aab528 [debugger] add test for debug evaluate.
This test would have failed prior to 58524d6df3.

R=verwaest@chromium.org

Review-Url: https://codereview.chromium.org/2235323003
Cr-Commit-Position: refs/heads/master@{#38610}
2016-08-12 11:18:59 +00:00
hpayer
22b931f882 [heap] Also mark map when iterating black objects.
BUG=chromium:630386

Review-Url: https://codereview.chromium.org/2240123002
Cr-Commit-Position: refs/heads/master@{#38609}
2016-08-12 11:08:11 +00:00
mlippautz
20e2ea80e1 Reland of "[heap] Switch to 500k pages"
Decrease regular heap object size to 400k. In a follow up, we can now get rid of
the new space border page while keeping the 1M minimum new space size.

BUG=chromium:636331

This reverts commit 555c961990.

Review-Url: https://codereview.chromium.org/2232653003
Cr-Commit-Position: refs/heads/master@{#38608}
2016-08-12 11:07:04 +00:00
yangguo
8b82e0d725 [debug] make sure switching to debug fcg code works.
R=mstarzinger@chromium.org
BUG=v8:5265

Review-Url: https://codereview.chromium.org/2240103002
Cr-Commit-Position: refs/heads/master@{#38607}
2016-08-12 11:05:57 +00:00
jarin
ed60a76fbf [turbofan] Ship loop variable bounds analysis.
Review-Url: https://codereview.chromium.org/2221793005
Cr-Commit-Position: refs/heads/master@{#38606}
2016-08-12 11:04:49 +00:00
ahaas
ce5a46b364 Revert of [turbofan] Split CodeGenerator::GenerateCode into AssembleCode and FinishCodeObject. (patchset #3 id:40001 of https://codereview.chromium.org/2229243003/ )
Reason for revert:
There is a data race in the initialization of the Isolate::random_number_generator()

Original issue's description:
> [turbofan] Split CodeGenerator::GenerateCode into AssembleCode and FinishCodeObject.
>
> This CL splits CodeGenerator::GenerateCode into two new functions:
> AssembleCode and FinishCodeObject. AssembleCode does not access or
> modify the JS heap, which means that AssembleCode can be executed on
> background threads. FinishCodeObject allocates the generated code object
> on the JS heap and therefore has to be executed on the main thread.
>
> Implementation details:
> The GenerateCode function has been split just before out-of-line code is
> assembled. The reason is that code stubs may be generated when
> out-of-line code is assembled, which potentially allocates these code
> stubs on the heap.
>
> - Parts of initialization of the CodeGenerator has been moved from the
> constructor to an Initialize function so that we can instantiate an empty
> CodeGenerator object in PipelineData.
>
> R=bmeurer@chromium.org, mstarzinger@chromium.org, titzer@chromium.org
>
> Committed: https://crrev.com/03058a2187e32cc4080612181802086527c116a2
> Cr-Commit-Position: refs/heads/master@{#38604}

TBR=bmeurer@chromium.org,mstarzinger@chromium.org,titzer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review-Url: https://codereview.chromium.org/2240523003
Cr-Commit-Position: refs/heads/master@{#38605}
2016-08-12 10:59:58 +00:00
ahaas
03058a2187 [turbofan] Split CodeGenerator::GenerateCode into AssembleCode and FinishCodeObject.
This CL splits CodeGenerator::GenerateCode into two new functions:
AssembleCode and FinishCodeObject. AssembleCode does not access or
modify the JS heap, which means that AssembleCode can be executed on
background threads. FinishCodeObject allocates the generated code object
on the JS heap and therefore has to be executed on the main thread.

Implementation details:
The GenerateCode function has been split just before out-of-line code is
assembled. The reason is that code stubs may be generated when
out-of-line code is assembled, which potentially allocates these code
stubs on the heap.

- Parts of initialization of the CodeGenerator has been moved from the
constructor to an Initialize function so that we can instantiate an empty
CodeGenerator object in PipelineData.

R=bmeurer@chromium.org, mstarzinger@chromium.org, titzer@chromium.org

Review-Url: https://codereview.chromium.org/2229243003
Cr-Commit-Position: refs/heads/master@{#38604}
2016-08-12 09:51:02 +00:00
bmeurer
50f223e47e [turbofan] Add inlined Array.prototype.push support.
This adds a very first version of inlined Array.prototype.push into
TurboFan optimized code. The current inlined version has a potential
deopt loop, but it's unlikely that we hit it currently (Crankshaft
suffers from an even worse problem). Once we have a way to learn from
deopts we can fix this deopt loops.

It's also probably overly defensive in when it's safe to inline
the call to Array.prototype.push, but we can always extend that
later once we have sufficient trust in the implementation and see
an actual need to extend it.

BUG=v8:2229,v8:3952,v8:5267
R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2245533003
Cr-Commit-Position: refs/heads/master@{#38603}
2016-08-12 08:59:30 +00:00
yangguo
e9b4d57eff [debugger] PrepareFunctionForBreakPoints handles both fcg code and bytecode.
R=mstarzinger@chromium.org
BUG=v8:5265

Review-Url: https://codereview.chromium.org/2237423002
Cr-Commit-Position: refs/heads/master@{#38602}
2016-08-12 08:55:07 +00:00
mlippautz
cffeea8789 Add malloced and peak malloced to OOM handler
- Change sizes and counts to be size_t on the way.

R=hpayer@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2240603003
Cr-Commit-Position: refs/heads/master@{#38601}
2016-08-12 08:50:56 +00:00
machenbach
f93f39f0eb [test] Skip flaky sampler and cpu-profiler tests on windows.
BUG=v8:5193
NOTRY=true

Review-Url: https://codereview.chromium.org/2238193002
Cr-Commit-Position: refs/heads/master@{#38600}
2016-08-12 08:34:11 +00:00