Commit Graph

43062 Commits

Author SHA1 Message Date
Michael Starzinger
f7da4d7110 [iwyu] Remove stale TODOs about objects-inl.h inclusion.
R=marja@chromium.org

Change-Id: I93a366caded175256abd7966c3c157191a2b7de2
Reviewed-on: https://chromium-review.googlesource.com/690455
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48370}
2017-10-09 11:14:59 +00:00
Martyn Capewell
fc41315820 Delete ObjectTriple and support code
ObjectTriple isn't used since f1ec44e2f5. Delete
it, and simplify CEntryStub on all backends.

Bug: 
Change-Id: I046525afceb25b484fd96c7ee81c73fb03168ca0
Reviewed-on: https://chromium-review.googlesource.com/704858
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/master@{#48369}
2017-10-09 10:18:31 +00:00
Mike Stanton
e17f05704c [turbofan] Introduce deferred code to TransitionAndStoreElement
Bug: v8:6896
Change-Id: Ie34a4b6ff2e432dcd87a5b982d238c74001175ca
Reviewed-on: https://chromium-review.googlesource.com/704676
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48368}
2017-10-09 09:36:02 +00:00
Mike Stanton
34ed15cccf [turbofan] Improve inlining of Array.prototype.map
We can use the known ElementsKind to improve typing on the receiver
element load. We can allow multiple maps, as long as they have the
same ElementsKind.

Bug: v8:6896
Change-Id: Ida7df943f7d315454b58bcf4e0bbd2346406c488
Reviewed-on: https://chromium-review.googlesource.com/704921
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48367}
2017-10-09 09:34:11 +00:00
Tobias Tebbi
6ddb5e7da7 Reland^2 "[turbofan] eagerly prune None types and deadness from the graph"
Now, the EffectControlLinearizer connects all occurrences of Unreachable to the 
graph end. This fixes issues with later phases running DeadCodeElimination and
introducing new DeadValue nodes when processing uses of Unreachable.

This is a reland of 3c4bc27f13
Original change's description:
> Reland "[turbofan] eagerly prune None types and deadness from the graph"
> 
> This is a reland of e1cdda2512
> Original change's description:
> > [turbofan] eagerly prune None types and deadness from the graph
> > 
> > In addition to using the {Dead} node to prune dead control nodes and nodes that 
> > depend on them, we introduce a {DeadValue} node representing an impossible value 
> > that can occur at any position in the graph. The extended {DeadCodeElimination}
> > prunes {DeadValue} and its uses, inserting a crashing {Unreachable} node into
> > the effect chain when possible. The remaining uses of {DeadValue} are handled
> > in {EffectControlLinearizer}, where we always have access to the effect chain.
> > In addition to explicitly introduced {DeadValue} nodes, we consider any value use
> > of a node with type {None} as dead.
> > 
> > Bug: chromium:741225
> > Change-Id: Icc4b636d1d018c452ba1a2fa7cd3e00e522f1655
> > Reviewed-on: https://chromium-review.googlesource.com/641250
> > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#48208}
> 
> Bug: chromium:741225
> Change-Id: I21316913dae02864f7a6d7c9269405a79f054138
> Reviewed-on: https://chromium-review.googlesource.com/692034
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48232}

Bug: chromium:741225
Change-Id: I5702ec34856c075717162153adc765774453c45f
Reviewed-on: https://chromium-review.googlesource.com/702264
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48366}
2017-10-09 08:45:21 +00:00
Benedikt Meurer
bed8853908 [deoptimizer] Properly handle in-object properties on JSArrays.
The escape analysis is able to perform scalar replacement on JSArrays
with in-object properties (which currently only happens for subclasses
of the Array constructor), but the Deoptimizer didn't properly
materialized and initialized the values of the in-object fields so far.

Bug: chromium:772689, v8:6399
Change-Id: I6555a46773d2a1543db069142aa05f4337566b9c
Reviewed-on: https://chromium-review.googlesource.com/706781
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48365}
2017-10-09 08:28:51 +00:00
Benedikt Meurer
2bb704e886 Fix JSArray::kInitialMaxFastElementArray to make sense for 32-bit platforms.
Bug: chromium:772672, v8:6399
Change-Id: Ib44f5c5c2a62a8ec2cd824ba57a1af8f456853af
Reviewed-on: https://chromium-review.googlesource.com/706782
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48364}
2017-10-09 07:49:41 +00:00
Benedikt Meurer
bb793c2829 [turbofan] Remove unused LoadHashMapValue operator.
Change-Id: I22bf46718ef14450bf5c18948f70f1b9b58ae949
Reviewed-on: https://chromium-review.googlesource.com/706791
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48363}
2017-10-09 07:40:01 +00:00
Daniel Clifford
9019de3812 Add NumberAdd/NumberSub methods to CSA
These will be used in subsequent CLs to add spec-compliant builtins
on Array.prototype built with the CSA.

Change-Id: I4c9f72f90dffe018b99efdc73e9d40b3d175c2aa
Reviewed-on: https://chromium-review.googlesource.com/704115
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48362}
2017-10-09 06:24:41 +00:00
Benedikt Meurer
1aa09302a0 [turbofan] Introduce LookupSigned32HashStorageIndex specialization of Map#get.
This adds a new operator LookupSigned32HashStorageIndex, which is a
specialization of the general LookupHashStorageIndex for Map#get that
is used when TurboFan knows that the key is in Signed32 range.

This improves the execution time of the ARES6 Basic test locally by
around 5% and seems to make sense in general.

Bug: v8:6410, v8:6354, v8:6278, v8:6344
Change-Id: I78dcbc9cc855a4109e1690d8cd14fbc88fd89861
Reviewed-on: https://chromium-review.googlesource.com/706787
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48361}
2017-10-09 06:05:21 +00:00
v8-autoroll
0e3b6bea6d Update V8 DEPS.
Rolling v8/build: 58ec823..adaf9e5

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/0564bf2..a48a6af

TBR=machenbach@chromium.org,hablich@chromium.org

Change-Id: I63acc1dd6eadf94a84a72c45bb1216d92dc0874d
Reviewed-on: https://chromium-review.googlesource.com/706921
Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48360}
2017-10-09 03:52:51 +00:00
Jan Krems
8e60857093 Parsing import.meta expression
Rewrites import.meta expressions into null literals. Builds on top
of- and requires dynamic import parsing to simplify the implementation.

Adds a new --harmony-import-meta flag.

BUG=v8:6693

Change-Id: Iadb7ddf6bad8986bf3ad641dbd3826fe730b5f44
Reviewed-on: https://chromium-review.googlesource.com/702678
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48359}
2017-10-09 02:47:31 +00:00
v8-autoroll
a0887ed221 Update V8 DEPS.
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/dbe4475..0564bf2

TBR=machenbach@chromium.org,hablich@chromium.org

Change-Id: I937456820429b30e50222fc4d5e15784894f8abd
Reviewed-on: https://chromium-review.googlesource.com/706822
Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48358}
2017-10-08 03:55:28 +00:00
Alexey Kozyatinskiy
8319882972 [inspector] provisional breakpoints for anonymous script
Use case: anonymous script with sourceMappingUrl. User can set
breakpoint in source with sourceUrl from sourceMap, we persist this
breakpoint in DevTools and on page reload breakpoint should be restored
correctly.

Debugger.setBreakpointByUrl method provides capabilities to set
provisional breakpoints and looks like best candidate for new "scriptHash"
argument.

I considered other options such as replacing scriptId with something
more persistent like "script-hash:script-with-this-hash-number" but it
looks more complicated and doesn't provide clear advantages.

One pager: http://bit.ly/2wkRHnt

R=pfeldman@chromium.org

Bug: chromium:459499
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I0e2833fceffe6b04afac01d1a4522d6874b6067a
Reviewed-on: https://chromium-review.googlesource.com/683597
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48357}
2017-10-07 19:08:35 +00:00
v8-autoroll
6dd1479db3 Update V8 DEPS.
Rolling v8/base/trace_event/common: 65d1d42..abcc415

Rolling v8/build: 7311b74..58ec823

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/672cabd..dbe4475

Rolling v8/tools/clang: 66be66d..b3169f9

TBR=machenbach@chromium.org,hablich@chromium.org

Change-Id: I3c89ada442f532238f43eb0efa544b99005d3162
Reviewed-on: https://chromium-review.googlesource.com/706655
Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48356}
2017-10-07 03:52:31 +00:00
Alexey Kozyatinskiy
8b1399fa94 [inspector] split DebuggerAgent::breakpointsCookie
This split is required for adding scriptHash argument.

R=dgozman@chromium.org
TBR=machenbach@chromium.org

Bug: chromium:459499
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I0266cd22be4053829af47ba445e0ddfb6b726e71
Reviewed-on: https://chromium-review.googlesource.com/703863
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48355}
2017-10-06 22:01:16 +00:00
Aseem Garg
2e62c5e916 [wasm] Add uma stat for asm.js to wasm throuput
BUG=chromium:770618
R=kschimpf@chromium.org,bradnelson@chromium.org,isherman@chromium.org

Change-Id: I33400fb277fff1e92a38753084c518f002685407
Reviewed-on: https://chromium-review.googlesource.com/704228
Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48354}
2017-10-06 21:17:47 +00:00
Aseem Garg
70e76dae09 [wasm] Add uma stat for asm.js module size
BUG=chromium:770618
R=kschimpf@chromium.org,bradnelson@chromium.org,isherman@chromium.org

Change-Id: I953c9e7b58de0ca9ac05a9f5f64f139fcf7dd1a7
Reviewed-on: https://chromium-review.googlesource.com/703890
Reviewed-by: Aseem Garg <aseemgarg@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Commit-Queue: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48353}
2017-10-06 20:12:27 +00:00
Benedikt Meurer
d9057b55d8 [turbofan] Lower FastNew*Elements operators to inline allocations.
Further optimize the

  new Array(n)

expressions by also inlining the backing store allocation into TurboFan
optimized code. Currently these backing store allocations cannot be
eliminated by escape analysis and can also not be optimized further by
the memory optimizer (i.e. no allocation folding and not write barrier
elimination) yet, but this can be done in follow-up CLs.

This yields another ~5% improvement on the ARES6 ML benchmark (steady
state).

Drive-by-fix: Add support for loops to the GraphAssembler. This was
necessary to implement the initialization loops in for the backing
store allocations in the EffectControlLinearizer.

Bug: v8:6399, v8:6901
Change-Id: I759d6802db01eb797e78c7d82d82caaee3463e16
Reviewed-on: https://chromium-review.googlesource.com/705934
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48352}
2017-10-06 20:01:16 +00:00
Jakob Kummerow
6e84621c4e [bigint] Optimize digit_div with inline asm on ia32 and x64
The twodigit_t code path emitted a library call rather than
a hardware "div" instruction. This is because compilers are
playing it safe: "div" can overflow when the divisor is too
small. Our algorithm carefully avoids this though, so using
the hardware "div" instruction is safe.

This speeds up a microbenchmark by almost 50%.

Bug: v8:6791
Change-Id: I35a73f8acdaca24f18327fbdaf7f53c4fd450c40
Reviewed-on: https://chromium-review.googlesource.com/686002
Reviewed-by: Ben Smith <binji@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48351}
2017-10-06 18:18:19 +00:00
Eric Holk
8c88dd04fa [wasm] Make BuildCCall variadic to avoid buffer space and copies
The typical pattern for using BuildCCall was to create a stack-allocated array
of arguments, which was passed to BuildCCall. BuildCCall then would allocate
scratch space using WasmGraphBuilder::Buffer and copy the arguments into the
scratch space. This copy is unnecessary and also the use of Buffer can lead to
silently overwriting scratch space that may be used higher up the stack.

Now BuildCCall takes all of the functions parameters as arguments and stores
this directly in a stack-allocated buffer, avoiding the use of Buffer at all and
all its associated pitfalls.

Change-Id: Ia0de9a90350d7fcbbb1b05d28e735d790a5f9143
Reviewed-on: https://chromium-review.googlesource.com/701638
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48350}
2017-10-06 16:16:55 +00:00
Ulan Degenbaev
71a3cc54ae Revert "[heap] Use weak cell in normalized map cache."
This reverts commit f3c8da56e9.

Reason for revert: GC stress failures
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/15396

Original change's description:
> [heap] Use weak cell in normalized map cache.
> 
> This replaces ad-hoc weakness in normalized map cache with weak cell.
> 
> Bug: chromium:694255
> Change-Id: I6a12301b2176fe3723b56178a65582cfb412f7d2
> Reviewed-on: https://chromium-review.googlesource.com/704834
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48344}

TBR=ulan@chromium.org,mlippautz@chromium.org

Change-Id: I0b2d39a1dcff6416998ab36506ee950220c87e89
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:694255
Reviewed-on: https://chromium-review.googlesource.com/705194
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48349}
2017-10-06 16:13:14 +00:00
Benedikt Meurer
34de39bfab [turbofan] Add support to inline new Array(n) calls.
Make calls like

  new Array(n)
  new A(n)

(where A is a subclass of Array) inlinable into TurboFan. We do this by
speculatively checking that n is an unsigned integer that is not greater
than JSArray::kInitialMaxFastElementArray, and then lowering the backing
store allocation to a builtin call. The speculative optimization is
either protected by the AllocationSite for the Array constructor
invocation (if we have one), or by a newly introduced global protector
cell that is used for Array constructor invocations that don't have an
AllocationSite, i.e. the ones from Array#map, Array#filter, or from
subclasses of Array.

Next step will be to implement the backing store allocations inline in
TurboFan, but that requires Loop support in the GraphAssembler, so it's
done as a separate CL. This should further boost the performance.

This boosts the ARES6 ML benchmark by up to 8% on the steady state,
and also improves monomorphic Array#map calls by around 20-25% on the
initial setup.

Bug: v8:6399
Tbr: ulan@chromium.org
Change-Id: I7c8bdecf7c814ce52db6ee3051c3206a4f7d4bb6
Reviewed-on: https://chromium-review.googlesource.com/704639
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48348}
2017-10-06 15:59:25 +00:00
Sathya Gunasekaran
b7db31a258 [runtime] Templatize PrintFixedArrayElements
Also delete duplicated code

Bug: v8:6404
Change-Id: I7f24d99573a854254aa0fd332fe5c947f93e0552
Reviewed-on: https://chromium-review.googlesource.com/704223
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48347}
2017-10-06 15:34:13 +00:00
Adam Klein
e02e3f3fb6 delete new.target should return true
This brings V8's behavior in line with both the spec and with
other engines.

This also fixes the (now-incorrect) DCHECK in BytecodeGenerator relating
to the delete operator's application to a VariableProxy.

Bug: v8:6697, v8:6721
Change-Id: I413c02af235b0bb652eb4c5d5c971e2cf80e0906
Reviewed-on: https://chromium-review.googlesource.com/703894
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48346}
2017-10-06 15:29:15 +00:00
Adam Klein
44729f3541 Add gsathya to parsing/OWNERS
Also remove vogelheim (no longer on the team) for clarity.

Change-Id: Ida6d058252f17b71bb158308657ae2d18b52c2b2
Reviewed-on: https://chromium-review.googlesource.com/703161
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48345}
2017-10-06 15:28:32 +00:00
Ulan Degenbaev
f3c8da56e9 [heap] Use weak cell in normalized map cache.
This replaces ad-hoc weakness in normalized map cache with weak cell.

Bug: chromium:694255
Change-Id: I6a12301b2176fe3723b56178a65582cfb412f7d2
Reviewed-on: https://chromium-review.googlesource.com/704834
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48344}
2017-10-06 15:10:08 +00:00
Michael Lippautz
8e45603136 [arm64-simulator] Dispose stray Isolate in test
Bug: 
Change-Id: I2bebb92d2f5ed245bd7b20ee3ed1c6804605f837
Reviewed-on: https://chromium-review.googlesource.com/704644
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48343}
2017-10-06 15:09:03 +00:00
Hannes Payer
88e74d35ff [heap] Add missing spaces between scavenge trace categories.
Bug: 
Change-Id: I780c83686b741e4d63a49ccb119a920c817d5a0a
Reviewed-on: https://chromium-review.googlesource.com/704718
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48342}
2017-10-06 13:41:13 +00:00
Michael Starzinger
158dbb8b6b [wasm] Fix undefined behavior in WebAssembly.Table.grow.
R=clemensh@chromium.org
TEST=mjsunit/regress/regress-crbug-772056
BUG=chromium:772056

Change-Id: I199262aa128ab395382520b1439ecc60ed141d4a
Reviewed-on: https://chromium-review.googlesource.com/704582
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48341}
2017-10-06 12:54:53 +00:00
Michael Achenbach
a410a48f9f [test] Skip some debugger tests under stress_incremental_marking
NOTRY=true

Bug: chromium:772010
Change-Id: I510121accd739f1b8239720154d45846e83b3662
Reviewed-on: https://chromium-review.googlesource.com/704818
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48340}
2017-10-06 12:49:23 +00:00
Michael Lippautz
e0f21bb743 [arm-simulator] Dispose stray Isolate in test
Bug: 
Change-Id: I6b853f9462793c14aca3cc45c735ddcef6ed6155
Reviewed-on: https://chromium-review.googlesource.com/704637
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48339}
2017-10-06 12:05:02 +00:00
Ulan Degenbaev
e0d64dc67c [heap] Print the number of chunks in unmapper queue in --trace-gc-nvp
Bug: chromium:771966
Change-Id: I146b279c4713b7dd716c6d55ca5e6c6e23a3ad7e
Reviewed-on: https://chromium-review.googlesource.com/704740
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48338}
2017-10-06 11:16:21 +00:00
Camillo Bruni
228cba7d81 [runtime] Use strict mode map for the Proxy function
Bug: v8:6873
Change-Id: I1f544065dfec406bf3e4f16df38e80a1b1f7a173
Reviewed-on: https://chromium-review.googlesource.com/702281
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48337}
2017-10-06 10:58:31 +00:00
Benedikt Meurer
4824da8db4 [turbofan] Don't try to constant-fold properties from the_hole.
Bug: chromium:772190, v8:6819, v8:6820, v8:6831
Change-Id: Ied2dc954ff7575043988087d96782cfbb99e9ec8
Reviewed-on: https://chromium-review.googlesource.com/704578
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48336}
2017-10-06 09:56:41 +00:00
Clemens Hammacher
a9882da618 [wasm] Clean up interface for exception handling
Avoid splitting functionality in two interface calls and passing around
a void* between them.

R=kschimpf@chromium.org

Change-Id: I0e12ff0295852ce5c36f7c3fb3b2c51dc0f2677e
Reviewed-on: https://chromium-review.googlesource.com/702484
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48335}
2017-10-06 09:34:11 +00:00
Jaroslav Sevcik
ea891e87e8 [turbofan] Load elimination - use maps to avoid state invalidation.
Currently, the transition elements kind operation invalidates the
elements of all other arrays. In particular, if we loop over matrix 
elements using two nested loops, and do possibly transitioning access 
a[i][j] in every iteration, we invalidate the load elimination state 
for the array 'a' because a[i][j] might transition elements kind 
for the 'a[i]' array. As a result, the 'a[i]' access cannot be 
hoisted from the inner loop.

With this CL, we figure out that transitioning 'a[i]' cannot affect 'a'
because we know that 'a' does not have the transition's source map.

In the micro-benchmark below, the time for summing up the elements of
100x100 matrix improves by factor of 1.7 (from ~340ms to ~190ms).

function matrixSum(a) {
  let s = 0;
  let rowCount = a.length;
  let columnCount = a[0].length;
  for (let i = 0; i < rowCount; i++) {
    for (let j = 0; j < columnCount ; j++) {
      s += a[i][j];
    }
  }
  return s;
}

// Setup the matrices:
// Smi elements.
var ma = [[1, 2], [3, 4]];
// Holey double elements.
var b = Array(100);
for (let i = 0; i < 100; i++) b[i] = 1.1;
var mb = [];
for (let i = 0; i < 100; i++) mb[i] = b;

// Warmup.
matrixSum(mb);
matrixSum(mb);
matrixSum(ma);
matrixSum(mb);
matrixSum(ma);

%OptimizeFunctionOnNextCall(matrixSum);

function runner(m) {
  let s = 0;
  for (let i = 0; i < 1e4; i++) {
    s += matrixSum(m);
  }
  return s;
}
// Make sure the runner does not know the elements kinds.
%NeverOptimizeFunction(runner);

// Measure.
console.time("Sum");
runner(mb);
console.timeEnd("Sum");


Bug: v8:6344
Change-Id: Ie0642d8693ed63116b1aaed7d2f261fcb64729fe
Reviewed-on: https://chromium-review.googlesource.com/704634
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48334}
2017-10-06 09:29:41 +00:00
Ben L. Titzer
afbfddd75e [wasm] Honor AllowCodegenFromStrings() for all WASM compile types.
R=clemensh@chromium.org

Bug: v8:6756
Change-Id: I3b25b89f3ead5c856be5c7ba3c7c236e595ce8de
Reviewed-on: https://chromium-review.googlesource.com/695524
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48333}
2017-10-06 08:50:51 +00:00
Clemens Hammacher
23f761d3c5 [wasm] Truncate function names for profiling events
And other cleanups to reuse computed function names, and use
EmbeddedVector instead of ScopedVector (stack allocated instead of heap
allocated).

R=titzer@chromium.org

Change-Id: Id293946dc9aa574e7d185ff23b87068bca74549f
Reviewed-on: https://chromium-review.googlesource.com/690474
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48332}
2017-10-06 08:48:01 +00:00
Benedikt Meurer
192ebc34b4 [test] Add more tests for Array constructor in optimized code.
Bug: v8:6399
Tbr: jarin@chromium.org
Change-Id: I98b4f2e3d9990fc38c7b5b2fac181e32ed4faa13
Reviewed-on: https://chromium-review.googlesource.com/704635
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48331}
2017-10-06 08:37:41 +00:00
Benjamin Peterson
648cb56a37 [heap] Correct spelling of PointersUpdatingTask
Change-Id: I3ed30f539df5e9f02db8ca7934d2b68ad9437535
Reviewed-on: https://chromium-review.googlesource.com/694422
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48330}
2017-10-06 08:17:11 +00:00
Benedikt Meurer
c77dfda0ac [turbofan] Properly check call arity for Object.is(o,o).
Bug: chromium:771971, v8:6882
Change-Id: Id1a602306bc89a5f96e180f70d6f713015d2dbb6
Reviewed-on: https://chromium-review.googlesource.com/702834
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48329}
2017-10-06 07:56:31 +00:00
Michael Lippautz
4443683654 [serializer] Properly dispose Isolates in tests
Bug: 
Change-Id: I1ca4246174e16dc3577f31a9e3a8333aadc17415
Reviewed-on: https://chromium-review.googlesource.com/702894
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48328}
2017-10-06 07:50:01 +00:00
Michael Lippautz
f84d216ff9 [wasm] TransferrableWasModules test: Properly disposte Isolate
Bug: 
Change-Id: I824f42cf6159f94204ee3e3c26a6af18e717b11e
Reviewed-on: https://chromium-review.googlesource.com/702874
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48327}
2017-10-06 07:48:21 +00:00
Benedikt Meurer
99203eeaa3 [ic] Allow duplicate (map,handler) pairs in RECOMPUTE_HANDLER state.
This repairs the performance regression on Octane/EarleyBoyer and
JetStream/EarleyBoyer benchmarks.

Bug: chromium:772268, v8:6367, v8:6278, v8:6344
Change-Id: Ibc144a35b37c5822f88712550d8db09386241341
Reviewed-on: https://chromium-review.googlesource.com/704574
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48326}
2017-10-06 07:37:21 +00:00
Benedikt Meurer
279a83e4ff [turbofan] Refactor the JSCreateArray lowering to support more cases.
Array (subclass) constructor calls with 0 parameters are now properly
turned into inline allocations, also Array (subclass) constructor calls
with exactly one parameter, which is either known to not be a Number
or which is a known integer in the valid loop unrolling range.

Also refactor the general JSCreateArray lowering logic to properly
support Array subclasses, i.e. deal with inobject properties and
initial maps correctly.

This boosts performance of those cases significantly (and will allow
us to reduce the complexity of the Array constructor significantly
long-term). For example the simple case

  new Array("a", "b", "c", "d", "e", "f", "g")

is now around 10x faster than before.

Bug: v8:6399
Change-Id: I70661971398524ee0c6a349ee559b98a962a6266
Reviewed-on: https://chromium-review.googlesource.com/703134
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48325}
2017-10-06 05:38:25 +00:00
Deepti Gandluri
3dcb40c9b3 [wasm] Add disassembly for Atomic ops in wasm-text
Fix disassembly of atomic operations for the inspector.

BUG=v8:6842,v8:6532

Change-Id: I3701b55c28b10561d1726e2c0b9fe2e1b2c76b8e
Reviewed-on: https://chromium-review.googlesource.com/703468
Commit-Queue: Brad Nelson <bradnelson@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48324}
2017-10-05 23:00:51 +00:00
Jakob Kummerow
da13b8971d [bigint] Implement toString(radix) for any radix
Power-of-two radixes were supported already; this adds all others
(with 2 <= radix <= 36).

Bonus: fix digit_div fallback path for divisors with no leading zeros.

Bug: v8:6791
Change-Id: Id472667f057ad13338e0d8257a899490490e6f8f
Reviewed-on: https://chromium-review.googlesource.com/693316
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48323}
2017-10-05 22:38:21 +00:00
Aseem Garg
8fc10b5af7 [wasm] Re-enable Simd lowering tests for wasm
This adds a new simd lowering execution mode for
simd and re-enables the lowering tests

R=titzer@chromium.org,gdeepti@chromium.org,bbudge@chromium.org,mtrofin@chromium.org
BUG=v8:6020

Change-Id: Ice6b7ff2f5973804d379c88241d49b811429a965
Reviewed-on: https://chromium-review.googlesource.com/698928
Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48322}
2017-10-05 21:25:34 +00:00
Alexei Filippov
ca81e11497 [runtime-call-stats] Add extra logging to catch remaining crashes.
BUG=chromium:760649

Change-Id: I13f3ad28ce3870ef57aa53eef684727656dcdff2
Reviewed-on: https://chromium-review.googlesource.com/701264
Commit-Queue: Alexei Filippov <alph@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48321}
2017-10-05 19:52:08 +00:00