Commit Graph

39614 Commits

Author SHA1 Message Date
Michael Achenbach
56352067f2 [test] Skip more flaky tests
TBR=alph@chromium.org
NOTRY=true

Bug: v8:5193
Change-Id: Ie3d4e67314c80cd1806ba97ac1700b9a95918f73
Reviewed-on: https://chromium-review.googlesource.com/497748
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45122}
2017-05-05 10:08:10 +00:00
Peter Marshall
4d611d1dc3 [builtins] Use the byte_length for byte length, not byte_offset.
length != offset.

Bug: chromium:718285
Change-Id: I150af1473cb5180c242f3817b940fa1cf1c49cea
Reviewed-on: https://chromium-review.googlesource.com/497727
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45121}
2017-05-05 09:57:17 +00:00
Tobias Tebbi
d871c5ba80 [turbofan] fix escape analysis divergence on Air benchmark
When a virtual object passes by a store node that updates a field to the existing value, then the object and its state were not copied, which lead to the original object being passed on. 
If then later the store actually modifies and copies the virtual object, this new copy is not passed down the effect chain, so subsequent nodes still refer to the original virtual object and try to update it once new information flows in.
This conflicts with updates on the node that originally created the virtual object, leading to divergence.

Bug: v8:6345
Change-Id: Iab1ce98a60b48478b343eae765c80bdfcb8ba390
Reviewed-on: https://chromium-review.googlesource.com/496267
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45120}
2017-05-05 09:33:17 +00:00
Michael Starzinger
2238a16c69 [asm.js] Remove AST-based asm.js validator implementation.
R=clemensh@chromium.org
BUG=v8:6127

Change-Id: I6a098151fef14c0c76c1762d99316a3ae7d12a8e
Reviewed-on: https://chromium-review.googlesource.com/496266
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45119}
2017-05-05 08:57:35 +00:00
Michael Achenbach
0c590f45a8 Revert https://codereview.chromium.org/2857713002 and dependencies
Revert "[heap] Make non-atomic markbit operations consistent with atomic ones."

This reverts commit dd37366fb5

Revert "[heap] Use atomic marking operations in incremental marking if"

This reverts commit 1f2c3596e9

Revert "[heap] Prepare IncrementalMarking::VisitObject for concurrent marking."

This reverts commit 00d1e2cf76

Revert "[heap] Use shared markbits in the concurrent marker."

This reverts commit b0db0541ee

https://codereview.chromium.org/2857713002 blocks the current roll:
https://codereview.chromium.org/2857423002/

Doesn't revert cleanly.

NOTRY=true
TBR=ulan@chromium.org

Bug: chromium:694255
Change-Id: Iada35af5c2529cd9e604802700604b16cc30aa2d
Reviewed-on: https://chromium-review.googlesource.com/497387
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45118}
2017-05-05 06:57:45 +00:00
v8-autoroll
d21326d5c4 Update V8 DEPS.
Rolling v8/build: cef928f..0fffbdf

Rolling v8/third_party/catapult: 0d00147..d9a6925

Rolling v8/tools/clang: dc087f5..ae881aa

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Change-Id: I0b4fc50a1ad132b27b2fc484c75ab70995b73a38
Reviewed-on: https://chromium-review.googlesource.com/497286
Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45117}
2017-05-05 03:30:38 +00:00
Daniel Ehrenberg
c299fee21c [parser] Fix parse errors for async arrow function edge cases
New test262 tests bring up a couple cases with async arrow functions
that V8 didn't seem to handle properly; this patch makes those cases
errors:
- async (...x,) => y -- Rest parameter must be last formal parameter
- async (...x = z) => y -- No default value for rest parameter
- async (...x, y) => z -- Rest parameter must be last formal parameter

Bug: v8:4483, v8:5051
Change-Id: I024d9ba0c854e8e5e75283df2ee53127b1be090d
Reviewed-on: https://chromium-review.googlesource.com/496057
Commit-Queue: Daniel Ehrenberg <littledan@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Caitlin Potter <caitp@igalia.com>
Cr-Commit-Position: refs/heads/master@{#45116}
2017-05-04 22:43:42 +00:00
Jungshik Shin
6545911f30 Handle private / grandfathered tags gracefully for case-conversion
Bug=v8:6083
Test=intl/general/case-mapping.js

Change-Id: I254c54520262298d6843948654d1dc4583b0c245
Reviewed-on: https://chromium-review.googlesource.com/496886
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Jungshik Shin <jshin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45115}
2017-05-04 22:40:42 +00:00
Jungshik Shin
2bb21e169a resolvedTimezone for Etc/UTC should be UTC per Ecma 402
http://unicode.org/cldr/trac/ticket/9943 added a new separate timezone
ID (Etc/UTC) distinct from "Etc/GMT" even though their behavior is
identical. This CLDR change led v8 to violate Ecma 402 requirement that
resolvedOptions().timeZone for DateTimeFormat be "UTC" for "Etc/UTC"
, "Etc/GMT", "GMT" and "UTC".

This CL made v8 compliant to Ecma 402 again.

Bug=v8:6252
TEST=intl/date-format/timezone
Change-Id: Ibe5d3a2a09680ae00de0d73d123a389710c15af0

Change-Id: Ibe5d3a2a09680ae00de0d73d123a389710c15af0
Reviewed-on: https://chromium-review.googlesource.com/496406
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Commit-Queue: Jungshik Shin <jshin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45114}
2017-05-04 21:17:39 +00:00
jarin
f47572f3a7 [turbofan] Avoid creating singleton state-values for the accumulator.
This saves about 5% of memory and node count consumed by graph building
on the TypeScript benchmark. High watermark goes down by 3-4%.

BUG=v8:5267

Review-Url: https://codereview.chromium.org/2829093002
Cr-Commit-Position: refs/heads/master@{#45113}
2017-05-04 19:35:13 +00:00
Mircea Trofin
f5ff422b83 [wasm] Ensure sync (forward) tasks execute in a context.
We need the job_'s context to reify errors, for example.
Some tasks already managed their context, so centralized
that logic in a SyncCompileTask all sync tasks derive from.

Bug: 
Change-Id: I90f462476b47bb8d5777db93d8dfb5c72fbd885b
Reviewed-on: https://chromium-review.googlesource.com/495392
Commit-Queue: Mircea Trofin <mtrofin@google.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45112}
2017-05-04 19:10:18 +00:00
bjaideep
d587812258 PPC/s390: Reland: [TypeFeedbackVector] Store optimized code in the vector
Port 662aa425ba

Original Commit Message:

    Since the feedback vector is itself a native context structure, why
    not store optimized code for a function in there rather than in
    a map from native context to code? This allows us to get rid of
    the optimized code map in the SharedFunctionInfo, saving a pointer,
    and making lookup of any optimized code quicker.

    Original patch by Michael Stanton <mvstanton@chromium.org>

R=rmcilroy@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=v8:6246
LOG=N

Review-Url: https://codereview.chromium.org/2861863003
Cr-Commit-Position: refs/heads/master@{#45111}
2017-05-04 19:02:26 +00:00
Caitlin Potter
c6540ab1b7 [es6] don't use do-expressions to desugar ES6 classes
Removes the do-expression wrapping, modifies BytecodeGenerator change
to enter a class literal's block scope if needed.

This does not solve the actual bug in v8:6322, but helps mitigate it in
simple cases. The bug is caused by BytecodeGenerator not allocating a
large enough array of context registers to hold its entire stack,
allowing non-context registers to be overwritten during PushContext and
PopContext bytecodes.

Nevertheless, I like the idea of not depending on do-expressions when
possible, so I think it's worth doing anyways.

BUG=v8:6322
R=rmcilroy@chromium.org, marja@chromium.org, littledan@chromium.org

Change-Id: I82b7569db2a0eead1694bd04765fc4456c2f1a0a
Reviewed-on: https://chromium-review.googlesource.com/491074
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45110}
2017-05-04 18:49:50 +00:00
Daniel Ehrenberg
5228af67e1 [intl] Use a service-dependent default locale
Different Intl features (DateTimeFormat, NumberFormat, etc) have
different lists of locales supported. Previously, the default locale
was set to "und", as opposed to what was detected from the surrounding
system, if any of these features was missing data. With this patch,
only that feature is set to "und". In this way, the data quality should
be just as good as if there were no fallback logic, but at the same time,
resolvedOptions().locale should show the locale actually in effect.

R=adamk,jshin
BUG=v8:6288

Change-Id: I62b083a1dde2465cb1541cb18ecc7e59f9097bc0
Reviewed-on: https://chromium-review.googlesource.com/492886
Commit-Queue: Daniel Ehrenberg <littledan@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45109}
2017-05-04 18:46:00 +00:00
bmeurer
ae5ae1ccee Revert of [js] Avoid %_ClassOf for collection builtins. (patchset #4 id:60001 of https://codereview.chromium.org/2814773005/ )
Reason for revert:
Breaks node.js integration bot: https://build.chromium.org/p/client.v8.fyi/builders/V8%20-%20node.js%20integration/builds/5374/steps/build%20addons%20and%20test%20node.js/logs/stdio

Original issue's description:
> [js] Avoid %_ClassOf for collection builtins.
>
> The collection builtins (Map, Set, WeakMap, WeakSet) are still written
> in JavaScript and make heavy use of %_ClassOf, which is kind of
> expensive compared to a simple instance type check. Change that to use
> simple instance type checks instead.
>
> R=jarin@chromium.org
> BUG=v8:6261,v8:6278,v8:6344
>
> Review-Url: https://codereview.chromium.org/2814773005
> Cr-Commit-Position: refs/heads/master@{#45106}
> Committed: 28170099fd

TBR=jarin@chromium.org,adamk@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:6261,v8:6278,v8:6344

Review-Url: https://codereview.chromium.org/2860123002
Cr-Commit-Position: refs/heads/master@{#45108}
2017-05-04 18:43:45 +00:00
Sathya Gunasekaran
0015bbb5e1 [modules] Disallow HTML comments in modules
Bug: v8:5045
Change-Id: I1d8b6be8a65595dc357c4f721b1a03425e025e6e
Reviewed-on: https://chromium-review.googlesource.com/463811
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45107}
2017-05-04 18:42:12 +00:00
bmeurer
28170099fd [js] Avoid %_ClassOf for collection builtins.
The collection builtins (Map, Set, WeakMap, WeakSet) are still written
in JavaScript and make heavy use of %_ClassOf, which is kind of
expensive compared to a simple instance type check. Change that to use
simple instance type checks instead.

R=jarin@chromium.org
BUG=v8:6261,v8:6278,v8:6344

Review-Url: https://codereview.chromium.org/2814773005
Cr-Commit-Position: refs/heads/master@{#45106}
2017-05-04 18:27:32 +00:00
gdeepti
82503e9ba3 [wasm] Avoid js-typed-lowering optimization for wasm Memory objects
If an ArrayBuffer is setup through the WebAssembly.Memory constructor, identify these with a flag and avoid optimizations in js-typed-lowering.cc. This is needed becasue buffers associated with memory objects can be grown/detached leading to crashes.

BUG=chromium:717194

Review-Url: https://codereview.chromium.org/2862763002
Cr-Commit-Position: refs/heads/master@{#45105}
2017-05-04 17:21:56 +00:00
bbudge
0cd0fa3b98 [WASM SIMD] Replace primitive shuffles with general Shuffle.
- Removes primitive shuffle opcodes.
- Adds Shuffle opcode for S32x4, S16x8, S8x16.
- Adds code to ARM instruction selector to pick best opcodes for some
  common shuffle patterns.

LOG=N
BUG=v8:6020

Review-Url: https://codereview.chromium.org/2847663005
Cr-Commit-Position: refs/heads/master@{#45104}
2017-05-04 16:50:51 +00:00
Ross McIlroy
ec619cbd89 [Interpreter] Transition JSFunctions to call optimized code when possible.
Now that the optimized code hangs off the feedback vector, it is possible
to check whether a function has optimized code available every time it's
called in the interpreter entry trampoline. If optimized code exists, the
interpreter entry trampoline 'self-heals' the closure to point to the
optimized code and links the closure into the optimized code list.

BUG=v8:6246

Change-Id: If1bd7c555bb0551bfe04b36baa6bcf949604717e
Reviewed-on: https://chromium-review.googlesource.com/488026
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45103}
2017-05-04 16:18:28 +00:00
Toon Verwaest
53e824d619 [ic] Don't crash if the global object leaks into the ICs
Bug: chromium:714580
Change-Id: I8969fb83c6c29eccb29fc1b4a9a35d7abb0ba0d6
Reviewed-on: https://chromium-review.googlesource.com/496148
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45102}
2017-05-04 16:13:28 +00:00
Michael Achenbach
27671d4373 Whitespace change to trigger bots
TBR=jochen@chromium.org

Change-Id: I0b4436c343a92a3f41d627e71a6fc16e7d6ad698
Reviewed-on: https://chromium-review.googlesource.com/496108
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45101}
2017-05-04 15:16:58 +00:00
Michael Achenbach
b329ea9544 [build] Add MB and CQ configs for new gcc debug bots
Keeping the CQ bot experimental for now. Will be converted to a regular bot in a follow up.

NOTRY=true
NOTREECHECKS=true
Bug: v8:6355

Change-Id: I094cc26c8fd89bc6fda761d6bfd848a5e3b6dcb5
Reviewed-on: https://chromium-review.googlesource.com/496186
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45100}
2017-05-04 15:03:13 +00:00
ulan
b0db0541ee [heap] Use shared markbits in the concurrent marker.
The concurrent marker now colors objects grey and black using
the atomic markbit operations.

The heap visitor is changed in two ways:
1) It iterates the map pointer of each object.
2) It guards object visitation with a predicate, which is overridden
in the concurrent marker with the result of GreyToBlack transition.

BUG=chromium:694255

Review-Url: https://codereview.chromium.org/2855003004
Cr-Commit-Position: refs/heads/master@{#45099}
2017-05-04 13:55:45 +00:00
Michael Starzinger
3a47312226 [asm.js] Remove deprecated --fast-validate-asm flag.
R=clemensh@chromium.org
BUG=v8:6127

Change-Id: I104bf807d3da6a9f269e4f729b254bc6a0d2f0df
Reviewed-on: https://chromium-review.googlesource.com/496206
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45098}
2017-05-04 13:52:39 +00:00
jkummerow
1f51f66f73 Fix FastAssign for self-assignment
Storing a data property on |target| can change |source|'s map
if |target| and |source| are the same object.

BUG=chromium:716520

Review-Url: https://codereview.chromium.org/2855133006
Cr-Commit-Position: refs/heads/master@{#45097}
2017-05-04 13:41:08 +00:00
Clemens Hammacher
6548f76c92 [build] Disable strict-overflow check on gcc
This flag generates false positives, since gcc inlines functions and
propagates constants, and then applies the check.

Drive-by: Refactor the checks that triggered the error to avoid
explicit casts.

R=jochen@chromium.org, machenbach@chromium.org
BUG=v8:6341

Change-Id: I86aebf402cbd2502ef17622a000a5bb777fd4b43
Reviewed-on: https://chromium-review.googlesource.com/494474
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45096}
2017-05-04 13:36:39 +00:00
ulan
00d1e2cf76 [heap] Prepare IncrementalMarking::VisitObject for concurrent marking.
Currently the VisitObject function iterates the object and then colors
it black. This does not work well with concurrent marking. The function
should instead first try to mark the object black and iterate its body
only if the color transition succeeds.

BUG=chromium:694255

Review-Url: https://codereview.chromium.org/2853323003
Cr-Commit-Position: refs/heads/master@{#45095}
2017-05-04 13:11:46 +00:00
mlippautz
2ec36b675e [heap] Report newly found wrappers after deserialization
These wrappers wouldn't be found by the marker otherwise and are only
reported upon the next marking step or GC which potentially is already
too late; the embedder could've reclaimed those objects already.

BUG=chromium:717480

Review-Url: https://codereview.chromium.org/2860753003
Cr-Commit-Position: refs/heads/master@{#45094}
2017-05-04 13:10:33 +00:00
Wiktor Garbacz
ca8b120f97 Fix runtime_call_stats for background parsing.
BUG=v8:6093

Change-Id: Ia14f6200adbe6c557f9b899e67f2d96bf76f3a44
Reviewed-on: https://chromium-review.googlesource.com/494590
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Wiktor Garbacz <wiktorg@google.com>
Cr-Commit-Position: refs/heads/master@{#45093}
2017-05-04 12:39:18 +00:00
dusan.simicic
0fad007a98 MIPS[64]: Support for some SIMD operations (5)
Add support for I32x4Neg, I32x4LtS, I32x4LeS, I32x4LtU, I32x4LeU, I16x8Splat,
I16x8ExtractLane, I16x8ReplaceLane, I16x8Neg, I16x8Shl, I16x8ShrS, I16x8ShrU,
I16x8Add, I16x8AddSaturateS, I16x8Sub, I16x8SubSaturateS for mips32 and mips64
architectures.

BUG=

Review-Url: https://codereview.chromium.org/2795143003
Cr-Commit-Position: refs/heads/master@{#45092}
2017-05-04 12:38:18 +00:00
ulan
1f2c3596e9 [heap] Use atomic marking operations in incremental marking if
concurrent marking is enabled.

This patch adds kAtomicity flag to IncrementalMarking that is set
depending on the concurrent marking compile time flag.

BUG=chromium:694255

Review-Url: https://codereview.chromium.org/2857743002
Cr-Commit-Position: refs/heads/master@{#45091}
2017-05-04 12:37:07 +00:00
bmeurer
5c433ec500 [turbofan] Extend Array.prototype.pop lowering to support FAST_DOUBLE_ELEMENTS.
So far the Array.prototype.pop lowering in the JSBuiltinReducer was
limited to (holey) fast or fast-smi elements. But it can be made to
work easily to also handle fast-double elements, so allow that as
well.

R=jarin@chromium.org
BUG=v8:5267,v8:6338

Review-Url: https://codereview.chromium.org/2861443006
Cr-Commit-Position: refs/heads/master@{#45090}
2017-05-04 12:35:58 +00:00
jarin
418926e010 Introduce a handlified version of source position iterator.
This enables allocation in Turbofan's graph building (which is useful for
taking code dependencies there).

BUG=v8:6357
R=bmeurer@chromium.org

Review-Url: https://codereview.chromium.org/2860843003
Cr-Commit-Position: refs/heads/master@{#45089}
2017-05-04 12:34:49 +00:00
littledan
f918404590 Revert of [regexp] Support unicode capture names in non-unicode patterns (patchset #3 id:40001 of https://codereview.chromium.org/2791163003/ )
Reason for revert:
The decision for the specification was to not have this syntax, and instead the syntax before this patch.

Original issue's description:
> [regexp] Support unicode capture names in non-unicode patterns
>
> This ensures that capture names containing surrogate pairs are parsed
> correctly even in non-unicode RegExp patterns by introducing a new
> scanning mode which unconditionally combines surrogate pairs.
>
> BUG=v8:5437,v8:6192
>
> Review-Url: https://codereview.chromium.org/2791163003
> Cr-Commit-Position: refs/heads/master@{#44466}
> Committed: a8651c5671

R=yangguo@chromium.org,jgruber@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=v8:5437,v8:6192

Review-Url: https://codereview.chromium.org/2859933003
Cr-Commit-Position: refs/heads/master@{#45088}
2017-05-04 12:33:38 +00:00
bmeurer
6b4e8c2114 [turbofan] Remove self-healing wrt. ChangeFloat64ToTagged.
Make sure that the input to ChangeFloat64ToTagged is definitely of type
Number, because the operator cannot deal with non-Number inputs.

R=jarin@chromium.org
BUG=v8:5267

Review-Url: https://codereview.chromium.org/2858153003
Cr-Commit-Position: refs/heads/master@{#45087}
2017-05-04 12:32:27 +00:00
Clemens Hammacher
d7b65d421e [wasm] Skip function validation during async decode
The functions are validated later during graph generation.

This change uncovered a memory leak, which is now also fixed.

R=ahaas@chromium.org

Change-Id: I0150817da131c5c611fe21b156da9d9d00d4827d
Reviewed-on: https://chromium-review.googlesource.com/490088
Reviewed-by: Andreas Rossberg <rossberg@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45086}
2017-05-04 12:32:18 +00:00
ulan
dd37366fb5 [heap] Make non-atomic markbit operations consistent with atomic ones.
Now non-atomic color transition operations return a boolean indicating
whether the transition succeeded or not.

This allows to replace color check and transition operations with a
single transition operation. For example:

if (IsWhite(object)) {
  WhiteToBlack(object);
  Foo();
}

becomes

if (WhiteToBlack(object)) {
  Foo();
}

BUG=chromium:694255

Review-Url: https://codereview.chromium.org/2857713002
Cr-Commit-Position: refs/heads/master@{#45085}
2017-05-04 11:44:15 +00:00
Ross McIlroy
662aa425ba Reland: [TypeFeedbackVector] Store optimized code in the vector
Since the feedback vector is itself a native context structure, why
not store optimized code for a function in there rather than in
a map from native context to code? This allows us to get rid of
the optimized code map in the SharedFunctionInfo, saving a pointer,
and making lookup of any optimized code quicker.

Original patch by Michael Stanton <mvstanton@chromium.org>

BUG=v8:6246
TBR=yangguo@chromium.org,ulan@chromium.org

Change-Id: Ic83e4011148164ef080c63215a0c77f1dfb7f327
Reviewed-on: https://chromium-review.googlesource.com/494487
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45084}
2017-05-04 11:21:59 +00:00
neis
24d7890151 [compiler][modules] Constant-fold loads of module cells.
1. Generalize context specialization such that the provided context
   can be any outer context of the function, not necessarily the
   immediate outer context.

2. Based on this: if function specialization is disabled, then
   specialize for the module context if there is one.

3. Extend typed lowering of module loads and stores such that if
   the operand is a Module constant, we constant-fold the cell load.
   That is, a JSLoadModule with a Module HeapConstant input becomes
   a LoadField with a Cell HeapConstant input, and similarly for
   JSStoreModule.

BUG=v8:1569

Review-Url: https://codereview.chromium.org/2841613002
Cr-Commit-Position: refs/heads/master@{#45083}
2017-05-04 11:09:19 +00:00
Ross McIlroy
0733add072 [Deopt] Always patch deopted code to fail hard if entered.
Remove the --zap_code_space flag and always patch deopted code to hard fail
if called.

Also, as a drive-by add deopt code patching for Arm64.

BUG=v8:6246

Change-Id: Ibf1bc53692dbbe618132100a66c56a88c97fd62b
Reviewed-on: https://chromium-review.googlesource.com/496127
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45082}
2017-05-04 10:49:11 +00:00
jarin
102606e821 [turbofan] Fix verification of duplicate projections.
BUG=chromium:712739

Review-Url: https://codereview.chromium.org/2857983004
Cr-Commit-Position: refs/heads/master@{#45081}
2017-05-04 10:47:45 +00:00
Daniel Ehrenberg
c384448724 [intl] Remove getOptimalLanguageTag logic
It's not clear what this logic is there for; ICU seems to already
preserve the locale in the way that the comment mentions. There
appear to be tests in test/intl/general/mapped-locale.js which
remain passing.

Bug: v8:5751
Change-Id: Ib9c64f00b982711ae0eab078252a88f44b81b894
Reviewed-on: https://chromium-review.googlesource.com/485780
Commit-Queue: Daniel Ehrenberg <littledan@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45080}
2017-05-04 10:37:11 +00:00
mlippautz
302b06bfe2 [heap] Add VMState to IncrementalMarking observer
BUG=v8:6343

Review-Url: https://codereview.chromium.org/2860043002
Cr-Commit-Position: refs/heads/master@{#45079}
2017-05-04 10:32:38 +00:00
Michael Starzinger
d8cdfbd594 [asm.js] Enable dedicated asm.js parser and validator.
Note that this just switches from the AST-based validator to a dedicated
parser for asm.js modules. The validation of asm.js modules in general
still is predicated by the "--validate-asm" flag, and not enabled by
default yet.

R=clemensh@chromium.org,marja@chromium.org
BUG=v8:6127

Change-Id: Ibd920b03e20ec3c70ee51b79c6c5a2043964fe4f
Reviewed-on: https://chromium-review.googlesource.com/496146
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45078}
2017-05-04 10:28:28 +00:00
mlippautz
b00b2c256c [heap] Fix RuntimeCallTimerScope usages
BUG=v8:6343

Review-Url: https://codereview.chromium.org/2857213003
Cr-Commit-Position: refs/heads/master@{#45077}
2017-05-04 08:57:54 +00:00
v8-autoroll
752cdce642 Update V8 DEPS.
Rolling v8/build: e9e0102..cef928f

Rolling v8/third_party/catapult: 08f16b6..0d00147

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Change-Id: I0aa7541addc2fd6ba2ef5471d56acdbb0c319fac
Reviewed-on: https://chromium-review.googlesource.com/495351
Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45076}
2017-05-04 03:32:33 +00:00
Eric Holk
a05743a265 Stop allocating RW memory in AllocateGuarded
AllocateGuarded previously fell back on Allocate and then called Guard
to set the protection to PROT_NONE. Linux commits RW memory, but the
important thing here is to reserve the address space without committing
it. This change adds a new variant of Allocate that takes explicit
permission bits so that AllocateGuarded allocates non-RW memory from the
beginning.

Bug: v8:6320
Change-Id: I7962acbed09938951bf3bb4af2d1f302adba2547
Reviewed-on: https://chromium-review.googlesource.com/491928
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45075}
2017-05-04 02:19:20 +00:00
mlippautz
bf74d43de0 [heap] MinorMC: Evacuation for young generation
In the spirit of the full MC, we evacuate and update pointers in parallel for
the young generation.

The collectors are connected during incremental marking when mark bits are
transferred from the young generation bitmap to the old generation bitmap.

The evacuation phase cannot (yet) move pages and relies completely on copying
objects.

BUG=chromium:651354

Review-Url: https://codereview.chromium.org/2796233003
Cr-Commit-Position: refs/heads/master@{#45074}
2017-05-03 21:31:06 +00:00
mlippautz
8ab39ebcf9 [heap] Add GC accounting to slow allocation and incremental marking job
BUG=v8:6343

Review-Url: https://codereview.chromium.org/2861763002
Cr-Commit-Position: refs/heads/master@{#45073}
2017-05-03 20:59:28 +00:00