Commit Graph

34478 Commits

Author SHA1 Message Date
mlippautz
8b682e1a5a [heap] Use size_t throughout MemoryAllocator
BUG=chromium:652721
R=hpayer@chromium.org

Review-Url: https://codereview.chromium.org/2395563002
Cr-Commit-Position: refs/heads/master@{#39986}
2016-10-05 10:40:31 +00:00
jarin
ff81734cb9 Revert of [turbofan] Osr value typing + dynamic type checks on entry. (patchset #5 id:80001 of https://codereview.chromium.org/2384113002/ )
Reason for revert:
Tanks the world.

Original issue's description:
> [turbofan] Osr value typing + dynamic type checks on entry.
>
> This introduces a new OsrGuard node that is inserted during graph building
> to guard the inferred type of the OSR value.
>
> The type of the OSR value is inferred by running the typer before OSR
> deconstruction, and then taking the type from the phi that takes the
> OSR value. After the deconstruction, we throw the types away.
>
> At the moment we only support the SignedSmall OSR type and we always
> pick the tagged representation. Later, we might want to support more
> types (such as Number) and pick better representations (int32/float64).
>
> This CL also removes the OSR deconstruction tests because they build
> unrealistic graph (no effect chain, no loop termination). I considered
> adding the effect chains to the tests, but this would make the tests
> even more brittle.
>
> Committed: https://crrev.com/1f5dc90a900d222da44bee3eff171a2ba1e3c076
> Cr-Commit-Position: refs/heads/master@{#39971}

TBR=bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review-Url: https://codereview.chromium.org/2395783002
Cr-Commit-Position: refs/heads/master@{#39985}
2016-10-05 10:34:33 +00:00
mlippautz
4eaccc7a45 [heap] ObjectStats: Handle empty deoptimization input data
BUG=chromium:652955

Review-Url: https://codereview.chromium.org/2393153002
Cr-Commit-Position: refs/heads/master@{#39984}
2016-10-05 10:24:05 +00:00
epertoso
5295d7a463 Revert of [heap] Simplify marking of JSFunction and SFI (patchset #3 id:40001 of https://codereview.chromium.org/2389183002/ )
Reason for revert:
Broke GCStress.

Original issue's description:
> [heap] Simplify marking of JSFunction and SFI
>
> BUG=chromium:651828
>
> Committed: https://crrev.com/4d45ed4597d537cf9624cb6683dc4bd646d11242
> Cr-Commit-Position: refs/heads/master@{#39975}

TBR=hpayer@chromium.org,mlippautz@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:651828

Review-Url: https://codereview.chromium.org/2389963007
Cr-Commit-Position: refs/heads/master@{#39983}
2016-10-05 10:22:38 +00:00
hpayer
1cb133e312 [heap] Concurrently free empty slot set buckets.
BUG=chromium:648568

Review-Url: https://codereview.chromium.org/2390743005
Cr-Commit-Position: refs/heads/master@{#39982}
2016-10-05 09:27:10 +00:00
jgruber
d515156441 [regexp] Port RegExpConstructor to C++
This moves the RegExp constructor to C++. Local runs of octane/regexp are
performance-neutral:

C++: 4970.1 +- 404.981
JS: 4869.2 +- 586.743

That's probably only the case because exec and replace dominate
octane/regexp. There's potential for improvement here, for instance by
adding a fast-path if new.target is an unmodified JSRegExp function.

BUG=v8:5339

Review-Url: https://codereview.chromium.org/2384613004
Cr-Commit-Position: refs/heads/master@{#39981}
2016-10-05 09:13:37 +00:00
ahaas
aa93e6ca95 [wasm] Call a runtime function for a MemorySize instruction.
The implementation of MemorySize with RelocatableInt32Constants is
problematic if MemorySize is placed close to a GrowMemory instruction in
the code. The use of a runtime function guarantees that the order in
which MemorySize and GrowMemory is executed is correct.

R=titzer@chromium.org
BUG=chromium:651961
TEST=mjsunit/regress/wasm/regression-651961

Committed: https://crrev.com/2c12a9a42d454a36fcd2931fa458d72832eeb689
Review-Url: https://codereview.chromium.org/2386183004
Cr-Original-Commit-Position: refs/heads/master@{#39972}
Cr-Commit-Position: refs/heads/master@{#39980}
2016-10-05 09:12:08 +00:00
mstarzinger
9c3d08f972 [interpreter] Implement support for the --trace flag.
R=rmcilroy@chromium.org

Review-Url: https://codereview.chromium.org/2387363003
Cr-Commit-Position: refs/heads/master@{#39979}
2016-10-05 09:04:43 +00:00
jgruber
f73074195e [stubs] Add String and JSReceiver instance type predicates
These improve readability of relevant code passages.

Review-Url: https://codereview.chromium.org/2395453002
Cr-Commit-Position: refs/heads/master@{#39978}
2016-10-05 08:43:14 +00:00
marja
1d40f81951 Add a command line flag to disable streaming.
It's useful for debugging / analytics purposes, since we can force all
parsing to happen on a foreground thread.

BUG=

Review-Url: https://codereview.chromium.org/2386123006
Cr-Commit-Position: refs/heads/master@{#39977}
2016-10-05 08:40:40 +00:00
epertoso
83a9356093 [turbofan] Introduces a step to verify the machine graph.
It is currently being rolled behind the --turbo_verify_machine_graph flag.

BUG=

Review-Url: https://codereview.chromium.org/2388313003
Cr-Commit-Position: refs/heads/master@{#39976}
2016-10-05 08:28:14 +00:00
mlippautz
4d45ed4597 [heap] Simplify marking of JSFunction and SFI
BUG=chromium:651828

Review-Url: https://codereview.chromium.org/2389183002
Cr-Commit-Position: refs/heads/master@{#39975}
2016-10-05 08:26:57 +00:00
bmeurer
50c458a389 [turbofan] Properly specialize JSCreateIterResultObject map.
If possible, take the constant map from the (known) native context for
JSCreateIterResultObject, so that subsequent map checks can be
eliminated in case of iterator inlining.

R=jarin@chromium.org
BUG=v8:3822

Review-Url: https://codereview.chromium.org/2394783002
Cr-Commit-Position: refs/heads/master@{#39974}
2016-10-05 06:32:15 +00:00
ahaas
9701e79127 Revert of [wasm] Call a runtime function for a MemorySize instruction. (patchset #2 id:20001 of https://codereview.chromium.org/2386183004/ )
Reason for revert:
Patch problem

Original issue's description:
> [wasm] Call a runtime function for a MemorySize instruction.
>
> The implementation of MemorySize with RelocatableInt32Constants is
> problematic if MemorySize is placed close to a GrowMemory instruction in
> the code. The use of a runtime function guarantees that the order in
> which MemorySize and GrowMemory is executed is correct.
>
> R=titzer@chromium.org
> BUG=chromium:651961
> TEST=mjsunit/regress/wasm/regression-651961
>
> Committed: https://crrev.com/2c12a9a42d454a36fcd2931fa458d72832eeb689
> Cr-Commit-Position: refs/heads/master@{#39972}

TBR=titzer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:651961

Review-Url: https://codereview.chromium.org/2391223002
Cr-Commit-Position: refs/heads/master@{#39973}
2016-10-05 06:12:18 +00:00
ahaas
2c12a9a42d [wasm] Call a runtime function for a MemorySize instruction.
The implementation of MemorySize with RelocatableInt32Constants is
problematic if MemorySize is placed close to a GrowMemory instruction in
the code. The use of a runtime function guarantees that the order in
which MemorySize and GrowMemory is executed is correct.

R=titzer@chromium.org
BUG=chromium:651961
TEST=mjsunit/regress/wasm/regression-651961

Review-Url: https://codereview.chromium.org/2386183004
Cr-Commit-Position: refs/heads/master@{#39972}
2016-10-05 06:06:58 +00:00
jarin
1f5dc90a90 [turbofan] Osr value typing + dynamic type checks on entry.
This introduces a new OsrGuard node that is inserted during graph building
to guard the inferred type of the OSR value.

The type of the OSR value is inferred by running the typer before OSR
deconstruction, and then taking the type from the phi that takes the
OSR value. After the deconstruction, we throw the types away.

At the moment we only support the SignedSmall OSR type and we always
pick the tagged representation. Later, we might want to support more
types (such as Number) and pick better representations (int32/float64).

This CL also removes the OSR deconstruction tests because they build
unrealistic graph (no effect chain, no loop termination). I considered
adding the effect chains to the tests, but this would make the tests
even more brittle.

Review-Url: https://codereview.chromium.org/2384113002
Cr-Commit-Position: refs/heads/master@{#39971}
2016-10-05 05:56:54 +00:00
jarin
a974970cff [turbofan] Check instruction input/output count limits in instruction selector.
BUG=chromium:625966

Review-Url: https://codereview.chromium.org/2390303002
Cr-Commit-Position: refs/heads/master@{#39970}
2016-10-05 05:43:35 +00:00
jochen
17cb51254c Reland "Turn libbase into a component"
Original issue's description:
> Turn libbase into a component
>
> This is a precondition for turning libplatform into a component
>
> BUG=v8:5412
> R=jgruber@chromium.org,machenbach@chromium.org
> CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_compile_
dbg_ng;master.tryserver.chromium.android:android_clang_dbg_recipe
>
> Committed: https://crrev.com/614e615775f732d71b5ee94ed29737d8de687104
> Cr-Commit-Position: refs/heads/master@{#39950}

BUG=v8:5412
TBR=jgruber@chromium.org,machenbach@chromium.org
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_compile_dbg_ng;master.tryserver.chromium.android:android_clang_dbg_recipe;master.tryserver.chromium.mac:mac_chromium_compile_dbg_ng

Review-Url: https://codereview.chromium.org/2395553002
Cr-Commit-Position: refs/heads/master@{#39969}
2016-10-05 04:33:09 +00:00
v8-autoroll
e9d0c86c25 Update V8 DEPS.
Rolling v8/build: ba2b708..475d5b3

Rolling v8/third_party/WebKit/Source/platform/inspector_protocol: 5258fd5..3280c57

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review-Url: https://codereview.chromium.org/2393543004
Cr-Commit-Position: refs/heads/master@{#39968}
2016-10-05 03:37:12 +00:00
gdeepti
096b5f649b [wasm] Refactor GrowMemory runtime call.
Refactor to move module specific functionality to wasm-module.cc, this provides a better interface for the grow() method on WebAssembly.memory objects.

R=mtrofin@chromium.org, titzer@chromium.org

Review-Url: https://codereview.chromium.org/2396473003
Cr-Commit-Position: refs/heads/master@{#39967}
2016-10-05 03:28:27 +00:00
lpy
a5a9198a9b [Tracing] Integrate GC object statistics with tracing.
Memory infra in tracing currently uses Isolate::GetHeapStatistics to fetch
object statistics from V8 at certain frequency, which is not accurate and will
have redundant result. This path adds a trace event as well as a trace category
at where we collect object statistics after marking before sweeping, and dumps
all information to the trace event.

In order to use this functionality, we need to enable two flags:
--track-gc-object-stats and --noincremental-marking.

BUG=v8:5453

Review-Url: https://codereview.chromium.org/2379823004
Cr-Commit-Position: refs/heads/master@{#39966}
2016-10-05 00:41:45 +00:00
mtrofin
fa5b221ec7 [wasm] tracing for wasm module instances
Debug-time tracing for module instances, to aid diagnosing
potential bugs.

BUG=

Review-Url: https://codereview.chromium.org/2390393002
Cr-Commit-Position: refs/heads/master@{#39965}
2016-10-04 22:21:42 +00:00
mtrofin
c938f0df22 [wasm] explicitly mark off unlinked wasm module instances
This fixes a gc stress bug. We cannot rely on an ordering of
clearing of the weak cells, so we explicitly reset the weak
link to the owning instance, when finalizing a compiled
module. In turn, this serves as a reliable signal when GCs
happen while instantiating, allowing us to correctly link the
new instance.

BUG=chromium:652425

Review-Url: https://codereview.chromium.org/2393443003
Cr-Commit-Position: refs/heads/master@{#39964}
2016-10-04 21:23:24 +00:00
neis
1744727d82 [interpreter] Add some bytecode tests for modules.
R=rmcilroy@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2393453003
Cr-Commit-Position: refs/heads/master@{#39963}
2016-10-04 18:42:36 +00:00
adamk
3c39bac440 Don't skip hole checks inside patterns in parameter lists
Previously, b6e9f625c1 fixed self-assignment
in parameters to throw. But it failed to deal with the case of
destructuring with defaults. This patch extends that previous approach
to always treat the end of a parameter as its initializer position,
whether it has an initializer or not.

This is the minimal change to make it easy to merge; a follow-up
will rename the field of Parameter from "initializer_end_position"
to "end_position".

BUG=v8:5454

Review-Url: https://codereview.chromium.org/2390943002
Cr-Commit-Position: refs/heads/master@{#39962}
2016-10-04 17:04:19 +00:00
neis
99cfa5f620 [interpreter] Remove redundant flag from bytecode cctest suite.
This removes the execute_ flag, which was always the negation of top_level_.

R=rmcilroy@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2390163003
Cr-Commit-Position: refs/heads/master@{#39961}
2016-10-04 16:30:15 +00:00
machenbach
efcb1ff447 Revert of Turn libbase into a component (patchset #10 id:180001 of https://codereview.chromium.org/2381273002/ )
Reason for revert:
Main suspect for roll block:
https://codereview.chromium.org/2387403002/

Original issue's description:
> Turn libbase into a component
>
> This is a precondition for turning libplatform into a component
>
> BUG=v8:5412
> R=jgruber@chromium.org,machenbach@chromium.org
> CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_compile_dbg_ng;master.tryserver.chromium.android:android_clang_dbg_recipe
>
> Committed: https://crrev.com/614e615775f732d71b5ee94ed29737d8de687104
> Cr-Commit-Position: refs/heads/master@{#39950}

TBR=jgruber@chromium.org,jochen@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5412

Review-Url: https://codereview.chromium.org/2393603002
Cr-Commit-Position: refs/heads/master@{#39960}
2016-10-04 16:08:54 +00:00
franzih
5b1bcaea85 [IC] Delete unused variable.
BUG=

Review-Url: https://codereview.chromium.org/2389193002
Cr-Commit-Position: refs/heads/master@{#39959}
2016-10-04 15:37:15 +00:00
cbruni
c80619129d [tools] Initialize global pages var in callstats.html
R=machenbach@chromium.org
NOTRY=true
BUG=chromium:611010

Review-Url: https://codereview.chromium.org/2391843003
Cr-Commit-Position: refs/heads/master@{#39958}
2016-10-04 14:45:05 +00:00
franzih
576296ac7a [IC] Delete param in ShouldRecomputeHandler.
BUG=

Review-Url: https://codereview.chromium.org/2390923003
Cr-Commit-Position: refs/heads/master@{#39957}
2016-10-04 14:34:19 +00:00
franzih
54fb438e88 [IC] Delete unused AddessIsOptimizedCode function.
BUG=

Review-Url: https://codereview.chromium.org/2387173003
Cr-Commit-Position: refs/heads/master@{#39956}
2016-10-04 14:28:34 +00:00
jbroman
5fa2734d39 ValueSerializer: Expose reading/writing doubles to embedder.
BUG=chromium:148757

Review-Url: https://codereview.chromium.org/2386233002
Cr-Commit-Position: refs/heads/master@{#39955}
2016-10-04 13:44:41 +00:00
bjaideep
e5cba5df20 PPC: [heap] Switch to 500k pages
To keep it consistent with other platforms.

R=mlippautz@chromium.org, ulan@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2384553003
Cr-Commit-Position: refs/heads/master@{#39954}
2016-10-04 13:32:36 +00:00
ahaas
55da769baf [wasm] Adjust crash message of the correctness fuzzer to avoid clustering.
The correctness fuzzer executes the input array in two different
execution engines and compares the results. If the results don't match,
the correctness fuzzer crashes.

Since the crash signature is always the same if the results don't match,
cluster fuzz would group all inputs which lead to non-matching results.

To avoid the grouping a base64 hash has to be appended to the crash
signature. This CL changes the text which is appended to the crash
signature to a base64 hash.

Note that I do not create a base64 hash directly because the base64
class is not available in V8. Instead I create a string which looks
like a base64 hash.

R=mmoroz@chromium.org, aarya@chromium.org, titzer@chromium.org

Review-Url: https://codereview.chromium.org/2390233002
Cr-Commit-Position: refs/heads/master@{#39953}
2016-10-04 12:18:14 +00:00
jgruber
22881b41d9 [regexp] Port RegExpConstructResultStub to TurboFan
The old hydrogen stub (and runtime fallback) are still needed while they are
used in regexp.js.  These will go away once affected code has been ported.

Drive-by-fix: Fixed typo in GetFixedA{a,}rrayAllocationSize.

BUG=v8:5339

Review-Url: https://codereview.chromium.org/2384473002
Cr-Commit-Position: refs/heads/master@{#39952}
2016-10-04 12:06:51 +00:00
jgruber
7d26871d2d [stubs] Port String.prototype.substr to TurboFan
BUG=v8:5415

Review-Url: https://codereview.chromium.org/2373493002
Cr-Commit-Position: refs/heads/master@{#39951}
2016-10-04 12:00:28 +00:00
jochen
614e615775 Turn libbase into a component
This is a precondition for turning libplatform into a component

BUG=v8:5412
R=jgruber@chromium.org,machenbach@chromium.org
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_compile_dbg_ng;master.tryserver.chromium.android:android_clang_dbg_recipe

Review-Url: https://codereview.chromium.org/2381273002
Cr-Commit-Position: refs/heads/master@{#39950}
2016-10-04 11:47:24 +00:00
leszeks
4ad3579119 [ignition] Fix building lookup graph when search depth is 0
In some (rare) cases, the context depth passed to a dynamic variable lookup can
be zero. In these cases, the fast path for the lookup (i.e. load from context or
global) can always be taken, as there is no need to search the current context.

However, with no slow path checks, the bytecode graph builder had a null
environment for the slow path, causing segfaults when this graph was built.

This patch adds a null check for the slow path environment, and skips building
the slow path if the environment is null.

BUG=chromium:652186

Review-Url: https://codereview.chromium.org/2385123002
Cr-Commit-Position: refs/heads/master@{#39949}
2016-10-04 11:08:11 +00:00
verwaest
a6ceec2483 Rewind zonelists in scopes when resetting rather than clearing
Clear also frees the memory, which isn't useful in the case of a zonelist. If we later want to use the list (e.g., because of aborting), that will cause additional allocations.

BUG=

Review-Url: https://codereview.chromium.org/2391953002
Cr-Commit-Position: refs/heads/master@{#39948}
2016-10-04 09:42:18 +00:00
marja
22ff09e06a PreParsing inner functions: Fix declaration-only variables.
If an inner function only declares a variable but doesn't use it, Parser
and PreParser produced different unresolved variables, and that confused
the pessimistic context allocation.

BUG=chromium:650969

Review-Url: https://codereview.chromium.org/2388183003
Cr-Commit-Position: refs/heads/master@{#39947}
2016-10-04 09:38:46 +00:00
heimbuef
ae18e6cd8e Fixed zapping of contents
BUG=

Review-Url: https://codereview.chromium.org/2377943003
Cr-Commit-Position: refs/heads/master@{#39946}
2016-10-04 08:47:31 +00:00
jarin
a87f0cfa7c [grokdump] Web iface: fix stack summary, add buffering.
Review-Url: https://codereview.chromium.org/2389553002
Cr-Commit-Position: refs/heads/master@{#39945}
2016-10-04 08:37:16 +00:00
v8-autoroll
cdf0850abb Update V8 DEPS.
Rolling v8/build: 35c436b..ba2b708

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review-Url: https://codereview.chromium.org/2389093002
Cr-Commit-Position: refs/heads/master@{#39944}
2016-10-04 03:28:58 +00:00
bbudge
00ac990cc3 [Turbofan] Refactor GapResolver tests in preparation for FP aliasing.
- Changes tests to canonicalize FP slot/register moves, to simplify
testing any implementations that may fragment FP register moves.
- Adds code to generate correct ParallelMoves (e.g. no slot sources
of different reps overlapping.)
- Refactors test functions, so we can add manually generated tests
to current fuzzed tests.
- Adds SIMD operands, since these can be tested here now.

LOG=N
BUG=v8:4124

Review-Url: https://codereview.chromium.org/2365983002
Cr-Commit-Position: refs/heads/master@{#39943}
2016-10-03 23:46:07 +00:00
kozyatinskiy
24beac30ee [inspector] Make InspectorTest.sendCommand* private
Introduce Protocol.Domain.method(args) and Protocol.Domain.onEventName() instead.
Renamed InspectorTest.evaluateInPage -> InspectorTest.addScript.
Improved InspectorTest.logMessage.

BUG=chromium:635948
R=dgozman@chromium.org,alph@chromium.org

Review-Url: https://codereview.chromium.org/2390733002
Cr-Commit-Position: refs/heads/master@{#39942}
2016-10-03 23:33:07 +00:00
bbudge
b5c9e31c97 [Turbofan] Streamline InstructionOperand predicate methods.
- Orders machine representations so it's easier to check for floating
point.
- Orders operand types so it's easier to check for LocationOperands.
- Adds IsLocation, IsFPLocation predicates.

LOG=N
BUG=v8:4124

Review-Url: https://codereview.chromium.org/2382013003
Cr-Commit-Position: refs/heads/master@{#39941}
2016-10-03 21:39:45 +00:00
kozyatinskiy
60ab52e78e [inspector] test Runtime.getProperties for set and map [[Entries]]
Added a test that Runtime.getProperties doesn't truncate Set and Map properties in [[Entries]] in internalProperties.

BUG=chromium:650729
R=dgozman@chromium.org

Review-Url: https://codereview.chromium.org/2376863002
Cr-Commit-Position: refs/heads/master@{#39940}
2016-10-03 21:22:11 +00:00
kozyatinskiy
d99308ef55 [inspector] fix use-after-free in ConsoleHelper::reportCall
InspectedContext can be destroyed inside of V8ConsoleMessage::createForConsoleAPI call.

BUG=chromium:646175
R=dgozman@chromium.org,alph@chromium.org

Review-Url: https://codereview.chromium.org/2388463002
Cr-Commit-Position: refs/heads/master@{#39939}
2016-10-03 21:16:03 +00:00
kozyatinskiy
759581ea93 [inspector] test for fixed empty stack processing in console.count
BUG=chromium:644629
R=dgozman@chromium.org

Review-Url: https://codereview.chromium.org/2370033003
Cr-Commit-Position: refs/heads/master@{#39938}
2016-10-03 21:10:53 +00:00
bradnelson
cfed56c2c5 [wasm] [asm.js] Track direct function indices and fixup.
Recent changes to the wasm format prevent you from knowing
the function index of a direct call until you know how many
imports you have (the index spaces have been merged).

Asm.js validation can't know this until all callsites have been
visited if you want to avoid materializing the entire AST / parsing twice.
Instead, keep a list of fixups to perform for all direct callsites,
then update these with the imports count added when emitting the module.

BUG=v8:4203
R=aseemgarg@chromium.org,titzer@chromium.org

Review-Url: https://codereview.chromium.org/2384623003
Cr-Commit-Position: refs/heads/master@{#39937}
2016-10-03 21:04:46 +00:00