Commit Graph

35426 Commits

Author SHA1 Message Date
leszeks
a902ef88a3 [turbofan] Tune the ValueNumberingReducer's growth rate
Changes the ValueNumberingReducer to grow when at 80% capacity, rather
than at 50% capacity. This matches the behaviour of base/hashmap.

Review-Url: https://codereview.chromium.org/2474873003
Cr-Commit-Position: refs/heads/master@{#40734}
2016-11-03 16:15:11 +00:00
mstarzinger
e637154b8a [wasm] Fix compiled-module-management lifetime issues.
This makes sure the test in question does not rely on specific lifetime
characteristics for local variables within a function. Note that these
lifetimes are not specified by JavaScript and are not observable within
JavaScript proper. The natives syntax however makes it observable.

BUG=v8:5345
TEST=mjsunit/wasm/compiled-module-management
R=mtrofin@chromium.org

Review-Url: https://codereview.chromium.org/2474053002
Cr-Commit-Position: refs/heads/master@{#40733}
2016-11-03 15:53:56 +00:00
ivica.bogosavljevic
eaac3f0d5d MIPS[64]: Use immediate constants in Add, And, Or and Xor instructions in turbofan
BUG=

Review-Url: https://codereview.chromium.org/2472703002
Cr-Commit-Position: refs/heads/master@{#40732}
2016-11-03 15:42:59 +00:00
bjaideep
e81c410c7c PPC/s390: [builtins]: Uniformly push argument count in TF-generated builtins
Port 4447405b17

R=danno@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com

BUG=
LOG=N

Review-Url: https://codereview.chromium.org/2474023002
Cr-Commit-Position: refs/heads/master@{#40731}
2016-11-03 15:05:45 +00:00
cornacch
fb7841b314 Fix JSArrayBuffer is shared check for big endian.
Load the correct 32-bit word to determine if the buffer is shared by
using kBitFieldOffset instead of kBitFieldSlot.

R=ishell@chromium.org,mstarzinger@chromium.org,jkummerow@chromium.org
BUG=
LOG=N

Review-Url: https://codereview.chromium.org/2470023003
Cr-Commit-Position: refs/heads/master@{#40730}
2016-11-03 14:34:13 +00:00
ahaas
7f58be6b38 [wasm] Store the function_index directly in the js-to-wasm wrapper.
If a WebAssembly function is exported, its js-to-wasm wrapper has a
field which contains a reference to the WebAssembly function.
Originally this reference was an index into the export table, which
then contains an index into the function table, which then contains
the metadata of the WebAssembly function.

With this CL we use the index into the function table directly as
the reference to the WebAssembly function.

TEST=mjsunit/wasm/test-import-export-wrapper
R=rossberg@chromium.org, mtrofin@chromium.org
CC=titzer@chromium.org

Review-Url: https://codereview.chromium.org/2472103002
Cr-Commit-Position: refs/heads/master@{#40729}
2016-11-03 14:28:37 +00:00
ulan
dd27284cb4 [heap] Compute number of pointer update tasks based on available cores.
BUG=

Review-Url: https://codereview.chromium.org/2477733002
Cr-Commit-Position: refs/heads/master@{#40728}
2016-11-03 14:27:45 +00:00
Michael Achenbach
50eac4239e Whitespace change to trigger bots
Cr-Commit-Position: refs/heads/master@{#40727}
2016-11-03 14:22:13 +00:00
danno
2445a502dd [stubs] Add a utility class to generate code to access builtin arguments
With an instance of CodeStubArguments, builtin stub generators can generate code
that accesses the receiver passed to the builtin, as well as access and iterate
over the variable number of arguments that are passed in.

Review-Url: https://codereview.chromium.org/2469273003
Cr-Commit-Position: refs/heads/master@{#40726}
2016-11-03 12:53:47 +00:00
bmeurer
6322bf4161 [turbofan] Improve representation selection for HeapObject checking.
For lowering CheckHeapObject, always report TaggedPointer representation
and let the RepresentationChanger come up with a reasonable conversion from
whatever input representation to TaggedPointer. This way we no longer insert
the useless ChangeSomethingToTagged and then check the result for HeapObject,
i.e. mostly reduces the amount of useless code being generated.

Note there are now two operators ChangeFloat64ToTaggedPointer and the old
ChangeFloat64ToTagged, because their semantics different wrt. the strength
reduction in the SimplifiedOperatorReducer.

Also set the output MachineRepresentation::kTaggedPointer properly in
SimplifiedLowering whenever we know that we produce a HeapObject.

R=jarin@chromium.org
BUG=v8:5267

Review-Url: https://codereview.chromium.org/2476593002
Cr-Commit-Position: refs/heads/master@{#40725}
2016-11-03 12:52:54 +00:00
rmcilroy
5bbc5e8eb7 [Tests] Remove skips from tests which no longer timeout on Ignition + Msan.
BUG=v8:4680

Review-Url: https://codereview.chromium.org/2467223005
Cr-Commit-Position: refs/heads/master@{#40724}
2016-11-03 12:42:45 +00:00
bmeurer
10033749fd [turbofan] CheckBounds cannot be used within asm.js.
Also properly deal with constant indices for String element access in
the JSNativeContextSpecialization.

BUG=chromium:661949
R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2474013002
Cr-Commit-Position: refs/heads/master@{#40723}
2016-11-03 12:35:04 +00:00
predrag.rudic
f04a9b4936 Fix 'MIPS: Fix Utf16CharacterStream scanner crash due to missaligned access'
Removed a wrong condition test in  TwoByteExternalBufferedStream. This changed fixes errors that may occur under some conditions.

Review-Url: https://codereview.chromium.org/2469723002
Cr-Commit-Position: refs/heads/master@{#40722}
2016-11-03 12:32:16 +00:00
jarin
9b308dcaf5 [turbofan] Refactor the compare-zero folding in instruction selector.
Review-Url: https://codereview.chromium.org/2475433005
Cr-Commit-Position: refs/heads/master@{#40721}
2016-11-03 12:31:25 +00:00
ulan
e7aa6f91b3 [heap] Exclude the owner of the linear allocation area from evacuation.
This ensures that incremental marking step does not change the top and limit
pointers of the old space, which is needed for allocation folding.

For more info see:
https://bugs.chromium.org/p/chromium/issues/detail?id=659165#c13

BUG=chromium:659165

Review-Url: https://codereview.chromium.org/2469273002
Cr-Commit-Position: refs/heads/master@{#40720}
2016-11-03 12:13:23 +00:00
mlippautz
0eeee7cee9 [heap] Allow repeatedly setting EmbedderHeapTracer
Allow swapping the tracer if not in a GC.

BUG=chromium:468240
TBR=ulan@chromium.org
NOTRY=true

Review-Url: https://codereview.chromium.org/2475503004
Cr-Commit-Position: refs/heads/master@{#40719}
2016-11-03 11:04:53 +00:00
rmcilroy
c887113d93 [Tests] Fix some concurrent optimization tests on Ignition.
BUG=v8:4680

Review-Url: https://codereview.chromium.org/2467223004
Cr-Commit-Position: refs/heads/master@{#40718}
2016-11-03 11:00:45 +00:00
qyearsley
7d94be5150 Update usage of linux blink try bot to use linux_trusty_blink_rel.
Reason: We're planning to drop support for Linux Precise for layout tests.

BUG=chromium:660580
NOTRY=true

Review-Url: https://codereview.chromium.org/2475563002
Cr-Commit-Position: refs/heads/master@{#40717}
2016-11-03 10:29:36 +00:00
mstarzinger
b02e7fb86e [turbofan] Disable usage of {maybe_assigned} variable flag.
This disables the usage of the {maybe_assigned} flag that the variable
resolution computes for each variable on non-asm.js code. Note that the
analysis is fundamentally broken for destructuring and top-level lexical
variables. Also note that this still uses the analysis for asm.js code
even though it is not validated. One can still trigger the bug by using
invalid constructs within a function marked with "use asm". The fix is
intentionally minimal so that it can be merged to release branches.

R=bmeurer@chromium.org
TEST=mjsunit/regress/regress-crbug-659915
BUG=chromium:659915

Review-Url: https://codereview.chromium.org/2471523005
Cr-Commit-Position: refs/heads/master@{#40716}
2016-11-03 10:24:06 +00:00
leszeks
cf1ebf3662 [ignition/turbo] Remove stack check from inlined functions
This removes the first stack check in inlined functions in the bytecode
graph builder, to match the behaviour of the AST graph builder.

I measure a ~1% statistically significant (p < 0.01) improvement on
Mandreel with --ignition-staging --turbo (on my x64 machine, YMMV).

Review-Url: https://codereview.chromium.org/2392333002
Cr-Commit-Position: refs/heads/master@{#40715}
2016-11-03 10:21:50 +00:00
verwaest
4fa2ebcbe0 Turn Scope::locals_ into a ThreadedList
This turns the ZoneList with minimum 6 words overhead into a linked list through variables, using 2 words for the empty list. Additionally the average number of pointers per entry goes down to the optimal 1 per variable that's in a list.

This does introduce 1 pointer unnecessary overhead for dynamic variables. If that becomes a problem we could distinguish between variables in lists and variables not in lists. We can distinguish them at construction-time.

BUG=v8:5209

Review-Url: https://codereview.chromium.org/2475433002
Cr-Commit-Position: refs/heads/master@{#40714}
2016-11-03 10:07:12 +00:00
ulan
8f85aba4ea Revert of [heap] Invoke incremental marking step before allocation. (patchset #1 id:1 of https://codereview.chromium.org/2464393002/ )
Reason for revert:
Performance regression on Octane and V8 runtime stats.

Original issue's description:
> [heap] Invoke incremental marking step before allocation.
>
> This ensures that the newly allocated object immediatly precedes the
> linear allocation area, which is needed for allocation folding.
>
> For more info see:
> https://bugs.chromium.org/p/chromium/issues/detail?id=659165#c13
>
> BUG=chromium:659165

TBR=hpayer@chromium.org,mlippautz@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:659165

Review-Url: https://codereview.chromium.org/2472043002
Cr-Commit-Position: refs/heads/master@{#40713}
2016-11-03 09:57:00 +00:00
danno
4447405b17 [builtins]: Uniformly push argument count in TF-generated builtins
Review-Url: https://codereview.chromium.org/2467513002
Cr-Commit-Position: refs/heads/master@{#40712}
2016-11-03 08:37:01 +00:00
dschuff
4d2659a706 v8gen.py: change file open mode from 'aw' to just 'a'
'a' and 'w' are mutually exclusive and just 'a' is what we actually
want. Linux doesn't care (it just takes the first one) but Windows
throws a ValueError.

R=machenbach@chromium.org
BUG=None

Review-Url: https://codereview.chromium.org/2467363002
Cr-Commit-Position: refs/heads/master@{#40711}
2016-11-02 22:04:05 +00:00
cbruni
fdf0b3ee7a Revert of [tools] Support custom script injection for callstats.py (patchset #1 id:1 of https://codereview.chromium.org/2455623002/ )
Reason for revert:
speculative revert to address regressions on cnn.com benchmark.

Original issue's description:
> [tools] Support custom script injection for callstats.py
>
> This is a poor-man's solution to trigger page interactions.
>
> BUG=

TBR=jochen@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=

Review-Url: https://codereview.chromium.org/2464053005
Cr-Commit-Position: refs/heads/master@{#40710}
2016-11-02 20:37:17 +00:00
alph
fdca1bb2da [profiler] Make certain Runtime Call Stats fields atomic.
Make RuntimeCallTimer::parent_ and RuntimeCallStats::current_timer_
fields atomic as they are accessed from the signal handler.

BUG=chromium:660428

Review-Url: https://codereview.chromium.org/2464973002
Cr-Commit-Position: refs/heads/master@{#40709}
2016-11-02 18:50:36 +00:00
ahaas
a3b77d560e [wasm] Fix br_table in the wasm interpreter to use varuint32.
The wasm interpreter crashed because it interpreted the table of
br_table as a table of uint8, but according to the spec it is a table of
varint32. Therefore the wasm interpreter misinterpreted 0x80 0x00 as 128
and not as 0, which caused a crash.

R=tizer@chromium.org
BUG=chromium:660262
TEST=cctest/test-run-wasm/RunWasmInterpreted_Regression_660262

Review-Url: https://codereview.chromium.org/2463063002
Cr-Commit-Position: refs/heads/master@{#40708}
2016-11-02 17:07:00 +00:00
yangguo
e3f2910da7 [heap] reorder empty scope info in the root list.
Apparently the previous clean up has regressed performance in some
cases. This is an attempt to recover these regressions.

R=ulan@chromium.org
BUG=chromium:661567

Review-Url: https://codereview.chromium.org/2471493003
Cr-Commit-Position: refs/heads/master@{#40707}
2016-11-02 15:19:51 +00:00
rmcilroy
0fbf7243c6 [Interpreter] Remove skips from mjsunit tests which now pass.
BUG=v8:4680

Review-Url: https://codereview.chromium.org/2469283002
Cr-Commit-Position: refs/heads/master@{#40706}
2016-11-02 14:47:11 +00:00
jochen
bf77741d43 Reland "Create internal fields on global proxy objects"
Original CL description:
> Create internal fields on global proxy objects
>
> BUG=v8:5588
> R=verwaest@chromium.org

BUG=v8:5588
TBR=verwaest@chromium.org

Review-Url: https://codereview.chromium.org/2472573004
Cr-Commit-Position: refs/heads/master@{#40705}
2016-11-02 14:40:31 +00:00
ulan
bb24b91f15 [heap] Invoke incremental marking step before allocation.
This ensures that the newly allocated object immediatly precedes the
linear allocation area, which is needed for allocation folding.

For more info see:
https://bugs.chromium.org/p/chromium/issues/detail?id=659165#c13

BUG=chromium:659165

Review-Url: https://codereview.chromium.org/2464393002
Cr-Commit-Position: refs/heads/master@{#40704}
2016-11-02 14:14:10 +00:00
verwaest
5a18685e08 Thread decls-list through Declaration using a ThreadedList
This reduces per-scope overhead from minimally 6 words to 2 words, with one additional pointer per entry, rather than an average of 2 per entry for larger-than-4 element lists. For temp zone parsed functions it additionally makes the declaration-list actually freeable.

This introduces ThreadedList to implement the details of dealing with such a list.

BUG=v8:5209

Review-Url: https://codereview.chromium.org/2457393003
Cr-Commit-Position: refs/heads/master@{#40703}
2016-11-02 14:08:47 +00:00
littledan
baf0ec31ec Allow immutable prototype templates to inherit
To enable the global object prototype chain to be frozen, all objects
in the chain need to be marked as immutable prototype exotic objects.
However, a bug in the previous implementation of immutable prototype
exotic objects left the check in place when initially setting up the
object, which made it impossible to allow inheritance chains. This
patch removes that mistaken check.

BUG=v8:5149

Review-Url: https://codereview.chromium.org/2449163004
Cr-Commit-Position: refs/heads/master@{#40702}
2016-11-02 13:59:25 +00:00
jkummerow
5ce9760672 Revert of [ic] Experiment: disable map-specific handler cache. (patchset #1 id:1 of https://codereview.chromium.org/2462973003/ )
Reason for revert:
Causes performance regressions (up to 10% on the "IC" bucket). :-(

Original issue's description:
> [ic] Experiment: disable map-specific handler cache.
>
> IC data handlers support most of the hot cases nowdays. Let's see if
> the map-specific code cache still help us to improve things.
>
> BUG=v8:5561

TBR=ishell@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=v8:5561

Review-Url: https://codereview.chromium.org/2474653002
Cr-Commit-Position: refs/heads/master@{#40701}
2016-11-02 13:50:06 +00:00
danno
9e2fd36c3b [stubs]: Support 1->2 byte copies in CopyStringCharacters
In the process, add a more general mechanism for passing around
and amending list of CodeStubAssembler Variables. That change
makes it possible to more easily add Variables to loops that are
generated by utility functions, e.g. BuildFastLoop.

LOG=N

Review-Url: https://codereview.chromium.org/2461363002
Cr-Commit-Position: refs/heads/master@{#40700}
2016-11-02 13:19:27 +00:00
danno
fe552636be [turbofan] Support variable size argument removal in TF-generated functions
This is preparation for using TF to create builtins that handle variable number of
arguments and have to remove these arguments dynamically from the stack upon
return.

The gist of the changes:
- Added a second argument to the Return node which specifies the number of stack
  slots to pop upon return in addition to those specified by the Linkage of the
  compiled function.
- Removed Tail -> Non-Tail fallback in the instruction selector. Since TF now should
  handles all tail-call cases except where the return value type differs, this fallback
  was not really useful and in fact caused unexpected behavior with variable
  sized argument popping, since it wasn't possible to materialize a Return node
  with the right pop count from the TailCall without additional context.
- Modified existing Return generation to pass a constant zero as the additional
  pop argument since the variable pop functionality

LOG=N

Review-Url: https://codereview.chromium.org/2446543002
Cr-Commit-Position: refs/heads/master@{#40699}
2016-11-02 13:15:57 +00:00
mlippautz
588641f242 [heap] Fix Unmapper::TearDown to include delayed chunks
Delayed chunks in the unmapper are chunks that should be unmapped but could
potentially still be accessed by the sweeper (page header), hence their
unmapping is delayed.

During TearDown, however, we need to properly unmap those pages, i.e., check
that they can now be unmapped (should always hold) and properly unmap them.

BUG=chromium:656537
R=ulan@chromium.org

Review-Url: https://codereview.chromium.org/2472573003
Cr-Commit-Position: refs/heads/master@{#40698}
2016-11-02 13:10:38 +00:00
rmcilroy
ea5d4c1525 [Interpreter] Remove unused --ignition-eager flag.
BUG=v8:4280

Review-Url: https://codereview.chromium.org/2463353002
Cr-Commit-Position: refs/heads/master@{#40697}
2016-11-02 11:17:48 +00:00
bbudge
d2c3ae774d [Turbofan] Make fixed live ranges all double when aliasing is simple.
Only ARM should have fixed live range arrays for float / simd128.

LOG=N
BUG=v8:4124

Review-Url: https://codereview.chromium.org/2471533002
Cr-Commit-Position: refs/heads/master@{#40696}
2016-11-02 09:54:36 +00:00
bmeurer
3f3bacc319 [turbofan] Assign proper types to Parameter nodes.
R=epertoso@chromium.org

Review-Url: https://codereview.chromium.org/2223873002
Cr-Commit-Position: refs/heads/master@{#40695}
2016-11-02 09:34:08 +00:00
neis
24b1c1abfc [modules] Add namespace import snippet to test-bytecode-generator.
R=rmcilroy@chromium.org
BUG=v8:1569

Review-Url: https://codereview.chromium.org/2460403002
Cr-Commit-Position: refs/heads/master@{#40694}
2016-11-02 09:30:42 +00:00
Michael Achenbach
2bac8f8ce8 Whitespace change to trigger bots.
Cr-Commit-Position: refs/heads/master@{#40693}
2016-11-02 08:35:32 +00:00
zhengxing.li
3ef54ed693 X87: [compiler] Sanitize IC counts for vector based ICs.
port 5ef1bddf80 (r40690)

  original commit message:
  All vector ICs use the TypeFeedbackVector::ComputeCounts method now,
  while the remaining patching ICs still use the traditional way of
  counting on the TypeFeedbackInfo hanging off the fullcodegen code
  object. This fixes the problem that counts were sometimes off.

BUG=

  Drive-by-fix: Move FullCodeGenerator::CallIC to fullcodegen.cc.
Review-Url: https://codereview.chromium.org/2470063002

Cr-Commit-Position: refs/heads/master@{#40692}
2016-11-02 07:51:37 +00:00
machenbach
c61902e072 Revert of [turbofan] Support variable size argument popping in TF-generated functions (patchset #13 id:240001 of https://codereview.chromium.org/2446543002/ )
Reason for revert:
Seems to break arm64 sim debug and blocks roll:
https://build.chromium.org/p/client.v8.ports/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20debug/builds/3294

Original issue's description:
> [turbofan] Support variable size argument removal in TF-generated functions
>
> This is preparation for using TF to create builtins that handle variable number of
> arguments and have to remove these arguments dynamically from the stack upon
> return.
>
> The gist of the changes:
> - Added a second argument to the Return node which specifies the number of stack
>   slots to pop upon return in addition to those specified by the Linkage of the
>   compiled function.
> - Removed Tail -> Non-Tail fallback in the instruction selector. Since TF now should
>   handles all tail-call cases except where the return value type differs, this fallback
>   was not really useful and in fact caused unexpected behavior with variable
>   sized argument popping, since it wasn't possible to materialize a Return node
>   with the right pop count from the TailCall without additional context.
> - Modified existing Return generation to pass a constant zero as the additional
>   pop argument since the variable pop functionality
>
> LOG=N

TBR=bmeurer@chromium.org,mstarzinger@chromium.org,epertoso@chromium.org,danno@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
NOPRESUBMIT=true

Review-Url: https://codereview.chromium.org/2473643002
Cr-Commit-Position: refs/heads/master@{#40691}
2016-11-02 07:49:17 +00:00
bmeurer
5ef1bddf80 [compiler] Sanitize IC counts for vector based ICs.
All vector ICs use the TypeFeedbackVector::ComputeCounts method now,
while the remaining patching ICs still use the traditional way of
counting on the TypeFeedbackInfo hanging off the fullcodegen code
object. This fixes the problem that counts were sometimes off.

Drive-by-fix: Move FullCodeGenerator::CallIC to fullcodegen.cc.

R=yangguo@chromium.org

Review-Url: https://codereview.chromium.org/2472653002
Cr-Commit-Position: refs/heads/master@{#40690}
2016-11-02 06:01:09 +00:00
kozyatinskiy
3902043324 [inspector] migrate HeapProfiler to new style
BUG=none
R=dgozman@chromium.org

Review-Url: https://codereview.chromium.org/2474483003
Cr-Commit-Position: refs/heads/master@{#40689}
2016-11-02 00:52:31 +00:00
kozyatinskiy
8c08d423f3 [inspector] migrate Schema, Console, Profiler to new style
BUG=none
R=dgozman@chromium.org

Review-Url: https://codereview.chromium.org/2473563002
Cr-Commit-Position: refs/heads/master@{#40688}
2016-11-02 00:21:54 +00:00
kozyatinskiy
d5055bc932 Roll third_party/inspector_protocol to cf45a6e89b17cdc9eeacdef4c003fcc55f7ec2a0
This roll includes one change: "[inspector_protocol] support fall through and moveable Maybe" [1].

[1] https://codereview.chromium.org/2468923002/

BUG=none
R=dgozman@chromium.org

Review-Url: https://codereview.chromium.org/2469063002
Cr-Commit-Position: refs/heads/master@{#40687}
2016-11-01 22:33:39 +00:00
machenbach
b19abf5371 Revert "Create internal fields on global proxy objects"
This reverts commit 26547761ef.

Breaks layout tests:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/bui...

See also:
https://github.com/v8/v8/wiki/Blink-layout-tests

BUG=v8:5588
TBR=jochen@chromium.org, verwaest@chromium.org, hablich@chromium.org

Review-Url: https://codereview.chromium.org/2467073002
Cr-Commit-Position: refs/heads/master@{#40686}
2016-11-01 20:40:09 +00:00
ishell
a52ffd44fd [ic] Experiment: disable map-specific handler cache.
IC data handlers support most of the hot cases nowdays. Let's see if
the map-specific code cache still help us to improve things.

BUG=v8:5561

Review-Url: https://codereview.chromium.org/2462973003
Cr-Commit-Position: refs/heads/master@{#40685}
2016-11-01 11:18:36 +00:00