Commit Graph

7464 Commits

Author SHA1 Message Date
mvstanton
92d8d95575 [builtins] Move several CodeStub-based ICs to builtins
This CL is from danno@chromium.org. Moves code stubs

LoadIC
KeyedLoadICTF
StoreIC
KeyedStoreICTF
LoadICTrampoline
KeyedLoadICTrampolineTF
StoreICTrampoline
KeyedStoreICTrampolineTF

into builtins.

TBR Yang for serializer changes.

R=epertoso@chromium.org
TBR=yangguo@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2608883002
Cr-Commit-Position: refs/heads/master@{#42001}
2016-12-30 10:31:01 +00:00
gsathya
2d46f50771 [promsies] Verify status field is a smi
R=adamk@chromium.org
BUG=v8:5343

Review-Url: https://codereview.chromium.org/2608843002
Cr-Commit-Position: refs/heads/master@{#41997}
2016-12-30 01:50:47 +00:00
gsathya
5668ce3987 [promises] Remove deferred object
This patch stores the promise, resolve, reject properties of the
deferred object created by CreateInternalPromiseCapability and
NewPromiseCapability directly on the promise (if the promise hasn't
been fulfilled), otherwise they are stored on the
PromiseReactionJobInfo.

This patch removes the currently unused
CreateInternalPromiseCapability and inlines the call to create the
deferred promise object.

NewPromiseCapability is the only function that works with a deferred.

This patch results in a 8.5% improvement in benchmarks over 5 runs.

BUG=v8:5343

Review-Url: https://codereview.chromium.org/2590563003
Cr-Commit-Position: refs/heads/master@{#41991}
2016-12-29 20:30:28 +00:00
gsathya
df179704ff [promisehook] Fire init hook for promise subclass
Add test as well.
Add regression test for passing uninitialized promises to init hook

BUG=v8:4643

Review-Url: https://codereview.chromium.org/2578173004
Cr-Commit-Position: refs/heads/master@{#41982}
2016-12-28 19:31:24 +00:00
bakkot
bf9e013bbc [counters] Add UseCounters for 'f() = 0' syntax
This syntax was formerly legal per ECMAScript, but has been a
SyntaxError for some time now. V8 deviates from spec in that it
is instead a runtime error; we'd like to know if we can get
away with removing it (at least in sloppy mode) or if the spec
should be changed.

c.f. https://github.com/tc39/ecma262/issues/257#issuecomment-195106880

Also add self to authors file

BUG=v8:4480

Review-Url: https://codereview.chromium.org/2599253002
Cr-Commit-Position: refs/heads/master@{#41960}
2016-12-27 17:48:40 +00:00
ulan
d6c66dbce6 [heap] New API for increasing the heap limit for debugging.
BUG=chromium:675911

Review-Url: https://codereview.chromium.org/2593043002
Cr-Commit-Position: refs/heads/master@{#41957}
2016-12-27 13:29:58 +00:00
littledan
b0a09d7809 [intl] Add new semantics + compat fallback to Intl constructor
ECMA 402 v2 made Intl constructors more strict in terms of how they would
initialize objects, refusing to initialize objects which have already
been constructed. However, when Chrome tried to ship these semantics,
we ran into web compatibility issues.

This patch tries to square the circle and implement the simpler v2 object
semantics while including a compatibility workaround to allow objects to
sort of be initialized later, storing the real underlying Intl object
in a symbol-named property.

The new semantics are described in this PR against the ECMA 402 spec:
https://github.com/tc39/ecma402/pull/84

BUG=v8:4360, v8:4870
LOG=Y

Review-Url: https://codereview.chromium.org/2582993002
Cr-Commit-Position: refs/heads/master@{#41943}
2016-12-23 14:32:16 +00:00
yangguo
f85678159d Revert of [debugger] deprecate v8::Debug:GetDebugContext. (patchset #2 id:20001 of https://codereview.chromium.org/2589203002/ )
Reason for revert:
crbug/676749

Original issue's description:
> [debugger] deprecate v8::Debug:GetDebugContext.
>
> R=jgruber@chromium.org
> BUG=v8:5530
>
> Review-Url: https://codereview.chromium.org/2589203002
> Cr-Commit-Position: refs/heads/master@{#41911}
> Committed: 381082168d

TBR=jgruber@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=v8:5530, chromium:676749

Review-Url: https://codereview.chromium.org/2595413003
Cr-Commit-Position: refs/heads/master@{#41935}
2016-12-23 09:15:15 +00:00
wez
b344f930c8 Suppress symbol import warning from linker when building cctest.exe
Ignoring this linker warning will enable Chromium builds to start
treating all linker warnings as errors in Windows builds.

BUG=676417, 659007

Review-Url: https://codereview.chromium.org/2594013004
Cr-Commit-Position: refs/heads/master@{#41931}
2016-12-22 19:33:00 +00:00
bbudge
0f12793f69 [WASM] Skip failing F32x4 tests on ARM.
LOG=N
BUG=v8:4124

Review-Url: https://codereview.chromium.org/2589283002
Cr-Commit-Position: refs/heads/master@{#41925}
2016-12-22 16:05:05 +00:00
hablich
aa8a208a47 Revert of [TypeFeedbackVector] Root literal arrays in function literals slots (patchset #11 id:370001 of https://codereview.chromium.org/2504153002/ )
Reason for revert:
Speculative revert because of blocked roll: https://codereview.chromium.org/2596013002/

Original issue's description:
> [TypeFeedbackVector] Root literal arrays in function literals slots
>
> Literal arrays and feedback vectors for a function can be garbage
> collected if we don't have a rooted closure for the function, which
> happens often. It's expensive to come back from this (recreating
> boilerplates and gathering feedback again), and the cost is
> disproportionate if the function was inlined into optimized code.
>
> To guard against losing these arrays when we need them, we'll now
> create literal arrays when creating the feedback vector for the outer
> closure, and root them strongly in that vector.
>
> BUG=v8:5456
>
> Review-Url: https://codereview.chromium.org/2504153002
> Cr-Commit-Position: refs/heads/master@{#41893}
> Committed: 93df094081

TBR=bmeurer@chromium.org,mlippautz@chromium.org,mvstanton@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5456

Review-Url: https://codereview.chromium.org/2597163002
Cr-Commit-Position: refs/heads/master@{#41917}
2016-12-22 10:26:36 +00:00
dusan.simicic
cc77bd8234 MIPS: Fix improper use of odd FP reg on mips32r6
Odd numbered floating-point register shouldn't be used as compare register
on mips32r6 architecture. In case cpu switches to FRE mode, writes to odd
numbered single-precision fp register will update upper part of even
double-precision register, which will corrupt the even register.

BUG=

Review-Url: https://codereview.chromium.org/2591063003
Cr-Commit-Position: refs/heads/master@{#41916}
2016-12-22 10:06:18 +00:00
hablich
1e994192d6 Revert of [regexp] Remove IsRegExp intrinsic (patchset #1 id:1 of https://codereview.chromium.org/2591923003/ )
Reason for revert:
speculative revert: https://codereview.chromium.org/2596013002/

Original issue's description:
> [regexp] Remove IsRegExp intrinsic
>
> The two remaining uses of this intrinsic in debug.js and mirrors.js now
> simply rely on the runtime function.
>
> BUG=v8:5339
>
> Review-Url: https://codereview.chromium.org/2591923003
> Cr-Commit-Position: refs/heads/master@{#41892}
> Committed: c9cb94a06f

TBR=bmeurer@chromium.org,jgruber@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5339

Review-Url: https://codereview.chromium.org/2592383002
Cr-Commit-Position: refs/heads/master@{#41915}
2016-12-22 09:39:37 +00:00
yangguo
381082168d [debugger] deprecate v8::Debug:GetDebugContext.
R=jgruber@chromium.org
BUG=v8:5530

Review-Url: https://codereview.chromium.org/2589203002
Cr-Commit-Position: refs/heads/master@{#41911}
2016-12-22 07:04:01 +00:00
caitp
3d6a477bd0 [cctest] print name instead of context index for CallJSRuntime
Change bytecode-expectations-printer.cc in the cctest application so
that intrinsic function names are printed rather than their native
context index.

This minimizes the amount of unnecessary changes to the bytecode
expectations that need to happen whenever the context fields are
changed.

BUG=v8:5769
R=neis@chromium.org, rmcilroy@chromium.org, adamk@chromium.org

Review-Url: https://codereview.chromium.org/2593823002
Cr-Commit-Position: refs/heads/master@{#41900}
2016-12-21 16:41:11 +00:00
ishell
7cd573f439 [runtime] Remove specific Descriptor subclasses and add respective factory methods instead.
This is a preliminary step for constant tracking.

BUG=v8:5495

Review-Url: https://codereview.chromium.org/2595893002
Cr-Commit-Position: refs/heads/master@{#41899}
2016-12-21 16:40:00 +00:00
bbudge
7a6138ae11 [WASM] Skip SIMD test values that may result in denormalized numbers.
On ARM Neon at least, denormals flush to zero, which may not match
regular FP behavior.

LOG=N
BUG=v8:4124

Review-Url: https://codereview.chromium.org/2598583002
Cr-Commit-Position: refs/heads/master@{#41895}
2016-12-21 15:31:42 +00:00
mvstanton
93df094081 [TypeFeedbackVector] Root literal arrays in function literals slots
Literal arrays and feedback vectors for a function can be garbage
collected if we don't have a rooted closure for the function, which
happens often. It's expensive to come back from this (recreating
boilerplates and gathering feedback again), and the cost is
disproportionate if the function was inlined into optimized code.

To guard against losing these arrays when we need them, we'll now
create literal arrays when creating the feedback vector for the outer
closure, and root them strongly in that vector.

BUG=v8:5456

Review-Url: https://codereview.chromium.org/2504153002
Cr-Commit-Position: refs/heads/master@{#41893}
2016-12-21 14:06:29 +00:00
jgruber
c9cb94a06f [regexp] Remove IsRegExp intrinsic
The two remaining uses of this intrinsic in debug.js and mirrors.js now
simply rely on the runtime function.

BUG=v8:5339

Review-Url: https://codereview.chromium.org/2591923003
Cr-Commit-Position: refs/heads/master@{#41892}
2016-12-21 13:55:27 +00:00
titzer
55fc5c0c32 [wasm] Rename wasm::LocalType to wasm::ValueType and kAst* to kWasm*
This is more renaming work to comply with the naming in the public
design repository. E.g. types are called "value types" and we no longer
refer to ASTs.

R=clemensh@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2594993002
Cr-Commit-Position: refs/heads/master@{#41891}
2016-12-21 13:43:00 +00:00
titzer
ceb29f7c62 [wasm] Rename ast-decoder.* to function-body-decoder.*
Since WASM is no longer an AST :-(

R=clemensh@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2594973003
Cr-Commit-Position: refs/heads/master@{#41889}
2016-12-21 12:42:06 +00:00
bbudge
5354e28c8d [Turbofan] Add native ARM support for Simd Float32x4 operations.
- Adds Float32x4 Abs, Neg, Equal, NotEqual.

LOG=N
BUG=v8:4124

Review-Url: https://codereview.chromium.org/2594683002
Cr-Commit-Position: refs/heads/master@{#41870}
2016-12-20 16:49:53 +00:00
jyan
2d7f1c2c55 s390: clean up RR/RRE/RRD/RIL format in Assembler
R=joransiu@ca.ibm.com, bjaideep@ca.ibm.com
BUG=

Review-Url: https://codereview.chromium.org/2589063002
Cr-Commit-Position: refs/heads/master@{#41864}
2016-12-20 15:03:49 +00:00
clemensh
081ac37048 [wasm] Introduce WasmSharedModuleData and refactor other objects
The new object will hold information which is shared by all clones of a
WasmCompiledModule, e.g. the decoded asm.js offset table, and in the
future also breakpoints. From there, we can set them on each new
instantiation of any clone.

While already changing lots of the code base, I also renamed all
getters from "get_foo" to "foo", to conform to the style guide.

R=titzer@chromium.org, yangguo@chromium.org
BUG=v8:5732

Review-Url: https://codereview.chromium.org/2591653002
Cr-Commit-Position: refs/heads/master@{#41862}
2016-12-20 14:34:07 +00:00
bbudge
e54e2dd916 [ARM] Add fp version of vceq to assembler, disassembler, and simulator.
LOG=N
BUG=v8:4124

Review-Url: https://codereview.chromium.org/2593443002
Cr-Commit-Position: refs/heads/master@{#41859}
2016-12-20 13:06:58 +00:00
yangguo
28432588c2 [api] add API for Promise status and result.
Currently, to find out a Promise's status and result, one has to use the
debug context. This is for example done in Node.js. This new API is a
better replacement, also in the context of the debug context being
deprecated eventually.

R=franzih@chromium.org, gsathya@chromium.org, jochen@chromium.org
BUG=v8:5764

Review-Url: https://codereview.chromium.org/2589113002
Cr-Commit-Position: refs/heads/master@{#41855}
2016-12-20 12:13:29 +00:00
leszeks
73afbaa8c1 [tests] Fix test-api for non-optimizing ignition-staging runs
BUG=v8:5762

Review-Url: https://codereview.chromium.org/2590843002
Cr-Commit-Position: refs/heads/master@{#41852}
2016-12-20 11:47:31 +00:00
yangguo
a141898108 [debugger] sunset --expose-debug-as flag.
R=jgruber@chromium.org
BUG=v8:5530

Review-Url: https://codereview.chromium.org/2589083002
Cr-Commit-Position: refs/heads/master@{#41832}
2016-12-20 07:45:48 +00:00
bbudge
0625a686b5 [Turbofan] Add native ARM support for basic SIMD 32x4 operations.
- Adds Float32x4 ExtractLane, ReplaceLane, Splat, Add, Sub,
and conversions to Int32x4 and Uint32x4.
- Adds Int32x4 ExtractLane, ReplaceLane, Splat, Add, Sub and
conversions to Float32x4 (int and unsigned int).
- Adds Int32x4 CompareEqual, CompareNotEqual.
- Adds S32x4 Select.
- Adds tests for all new SIMD operations.

LOG=N
BUG=v8:4124

Review-Url: https://codereview.chromium.org/2584863002
Cr-Commit-Position: refs/heads/master@{#41828}
2016-12-19 22:23:03 +00:00
gsathya
cc7e0b0eff [promises] Port CreateResolvingFunctions to TF
2% improvement on benchmarks over 5 runs.

BUG=v8:5343

Review-Url: https://codereview.chromium.org/2567033003
Cr-Commit-Position: refs/heads/master@{#41827}
2016-12-19 22:21:35 +00:00
littledan
48a36c7df7 [intl] Avoid modifying options bag from constructor
Previously, the Intl.DateTimeFormat constructor and other related paths had
a bug where the options bag passed in would be modified in place. This patch
makes V8's Intl implementation follow the specification's logic to avoid
such a modification.

BUG=v8:4219

Review-Url: https://codereview.chromium.org/2587703002
Cr-Commit-Position: refs/heads/master@{#41826}
2016-12-19 21:36:16 +00:00
clemensh
1fef739ab0 [wasm] Implement GetPossibleBreakpoints
This CL implements GetPossibleBreakpoints for wasm, by iterating over
all functions in the requested range and returning the location of all
instructions within that range.

The connection to the inspector will be added later, when setting
breakpoint also works for wasm: http://crrev.com/2536763002

BUG=chromium:613110
R=titzer@chromium.org

Review-Url: https://codereview.chromium.org/2588763002
Cr-Commit-Position: refs/heads/master@{#41818}
2016-12-19 17:22:55 +00:00
gsathya
81f765718e [builtins] move PromiseBuiltinsAssembler to it's own header file
BUG=v8:5343

Review-Url: https://codereview.chromium.org/2585133002
Cr-Commit-Position: refs/heads/master@{#41816}
2016-12-19 17:14:36 +00:00
franzih
86eafdd4c0 Add CreateDataPropertyInLiteralFlags.
Encode the PropertyAttribute and whether the function
names must be set as a flag instead of setting two registers.

BUG=v8:5624

Review-Url: https://codereview.chromium.org/2586463002
Cr-Commit-Position: refs/heads/master@{#41812}
2016-12-19 16:30:36 +00:00
clemensh
21a85c4a03 [wasm] Always provide a wasm instance object at runtime
When executing wasm code for testing, we did not create a
WasmInstanceObject and link it to the generated code. This required
some special handling at runtime (mainly for stack trace generation).
This CL always provides the WasmInstanceObject, such that e.g. function
names can be resolved the usual way.
The module bytes referenced by the WasmCompiledModule linked with the
WasmInstanceObject do not hold a valid wasm module yet. Instead, we
just add the bytes we need, and make the objects in WasmModule point to
those bytes (currently only used for function names). Those bytes will
not be parsed at runtime anyway.

R=titzer@chromium.org
CC=jgruber@chromium.org
BUG=v8:5620

Review-Url: https://codereview.chromium.org/2551053002
Cr-Commit-Position: refs/heads/master@{#41809}
2016-12-19 15:03:13 +00:00
cbruni
1c1465f124 [runtime] Add PositiveNumberToUint32 helper to avoid double to uint roundtrip
BUG=

Review-Url: https://codereview.chromium.org/2577143002
Cr-Commit-Position: refs/heads/master@{#41801}
2016-12-19 12:06:58 +00:00
yangguo
8ac9e55aa6 [serializer] fix leak in test.
BUG=chromium:662388
R=cbruni@chromium.org

Review-Url: https://codereview.chromium.org/2582333002
Cr-Commit-Position: refs/heads/master@{#41800}
2016-12-19 12:04:19 +00:00
ishell
52702e55aa [turbofan] Avoid allocation of temporary array of Nodes when generating calls.
BUG=

Review-Url: https://codereview.chromium.org/2586903002
Cr-Commit-Position: refs/heads/master@{#41798}
2016-12-19 11:35:42 +00:00
yangguo
1296dd1f5a [debug-wrapper] remove last uses of --expose-debug-as
The inspector cannot deal with breaking inside of debug-evaluate.
There is therefore no point in supporting that in the debugger.
The optional additional context parameter for debug-evaluate also
can be removed since it's not being used.

R=jgruber@chromium.org
BUG=v8:5530

Review-Url: https://codereview.chromium.org/2580323002
Cr-Commit-Position: refs/heads/master@{#41791}
2016-12-19 10:44:34 +00:00
henrique.ferreiro
815f91c0ed [es6] Perform the IsConstructor test in GetSuperConstructor.
This is so that a NotSuperConstructor error is thrown before evaluating the
arguments to the super constructor. Besides updating the runtime function, a
new bytecode GetSuperConstructor is introduced.

BUG=v8:5336

Review-Url: https://codereview.chromium.org/2504553003
Cr-Commit-Position: refs/heads/master@{#41788}
2016-12-19 10:12:22 +00:00
bbudge
431223f34f [ARM] Add NEON instructions for implementing SIMD.
- Adds vabs, vneg, vmul, vext, vzip, vrev instructions.
- Adds Swizzle function to macro assembler.
- Simplifies if-else logic in disassembler, simulator, for Neon special.
- Some refactoring of Neon assembler, macro-assembler tests.

LOG=N
BUG=v8:4124

Review-Url: https://codereview.chromium.org/2579913002
Cr-Commit-Position: refs/heads/master@{#41781}
2016-12-17 21:56:26 +00:00
gsathya
b1c148b91f [promisehook] Implement PromiseHook
This adds kInit, kResolve, kBefore and kAfter lifecycle hooks to promises.

This also exposes an API to set the PromiseHook.

BUG=v8:4643

Review-Url: https://codereview.chromium.org/2575313002
Cr-Commit-Position: refs/heads/master@{#41775}
2016-12-16 19:17:16 +00:00
clemensh
8341b8baf4 [wasm] Fix nondeterministic Win64 failures
E.g.
https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20debug/builds/14083/steps/Check/logs/RunWasmCompiledWithTr..

This also reverts CL http://crrev.com/2584833002 which
disabled the tests on windows.

R=ahaas@chromium.org, titzer@chromium.org

Review-Url: https://codereview.chromium.org/2579213004
Cr-Commit-Position: refs/heads/master@{#41769}
2016-12-16 15:32:09 +00:00
mythria
74ccda64dc [Interpreter] Transform StrictEquality with null/undefined to special bytecodes.
Transform LdaNull/LdaUndefined followed by StrictEquality to TestNull/TestUndefined.
This would avoid a call to the compare IC. In the bytecode-graph builder these are
mapped to StrictEqual javascript operator. When reducing this operator, we already
optimize the cases for null/undefined.

BUG=v8:4280

Review-Url: https://codereview.chromium.org/2554723004
Cr-Commit-Position: refs/heads/master@{#41768}
2016-12-16 15:01:08 +00:00
clemensh
bb76432fde [wasm] Disable trap-if test on windows for now
It's failing nondeterministically.
Disable trap-if tests on windows until this issue is fixed.

R=ahaas@chromium.org, titzer@chromium.org

Review-Url: https://codereview.chromium.org/2584833002
Cr-Commit-Position: refs/heads/master@{#41763}
2016-12-16 14:20:13 +00:00
yangguo
d2d6da0354 [serializer] add test for snapshotting cached accessor property.
R=jochen@chromium.org, peria@chromium.org
BUG=chromium:617892

Review-Url: https://codereview.chromium.org/2582623003
Cr-Commit-Position: refs/heads/master@{#41761}
2016-12-16 13:25:19 +00:00
cbruni
89f159b042 [runtime] Port simple String.prototype.indexOf cases to TF Builtin
Many websites use simple calls to String.prototype.indexOf with either a
one character ASCII needle or needles bigger than the search string. This
CL adds a TFJ builtin for these simple cases, giving up to factor 5 speedup.

Drive-by-fix: Add default Object type to Arguments.at

BUG=

Review-Url: https://codereview.chromium.org/2539093002
Cr-Commit-Position: refs/heads/master@{#41760}
2016-12-16 13:24:07 +00:00
yangguo
55e8c2e4d3 [serializer] allocate global proxy with the expected size.
If a context snapshot includes the global proxy constructor function, we
expect the incoming global proxy to have the correct instance size so
that we can reinitialize it with said constructor. However, when the
bootstrapper allocates a new global proxy, we need to know the expected
size.

We solve this by storing the size on the to-be-serialized isolate.

R=jochen@chromium.org, peria@chromium.org
BUG=chromium:617892

Review-Url: https://codereview.chromium.org/2585693002
Cr-Commit-Position: refs/heads/master@{#41756}
2016-12-16 12:40:38 +00:00
mstarzinger
92b370ee64 Introduce {ConstantElementsPair} struct for type safety.
This introduces an explicit struct for the communication channel between
the {ArrayLiteral} AST node and the corresponding runtime methods. Those
methods take a pair of {ElementsKind} as well as an array (can either be
a FixedArray or a FixedDoubleArray) of constant values.

For bonus points it also reduces the size of the involved heap object by
one word (i.e. length field of FixedArray not needed anymore).

R=mvstanton@chromium.org

Review-Url: https://codereview.chromium.org/2581683003
Cr-Commit-Position: refs/heads/master@{#41752}
2016-12-16 10:57:06 +00:00
clemensh
6709edd7f6 [wasm] Make WasmRunner the central test structure
The WasmRunner now always holds a TestingModule, and allows to add
several functions to it. The prepares a change to always run wasm code
with a full module behind it, removing the special handling for "no wasm
instance" at runtime (http://crrev.com/2551053002).
This CL here also templatizes the WasmRunner such that the Call method must
be called with the same signature specified for the WasmRunner. This
already catched several mismatches there.

R=titzer@chromium.org, ahaas@chromium.org
BUG=v8:5620

Review-Url: https://codereview.chromium.org/2551043002
Cr-Original-Commit-Position: refs/heads/master@{#41728}
Committed: 2ff5906231
Review-Url: https://codereview.chromium.org/2551043002
Cr-Commit-Position: refs/heads/master@{#41747}
2016-12-16 10:13:11 +00:00
neis
e3ad4f131b [modules] Remove @@iterator on namespace objects.
TC39 decided at their last meeting to remove this feature.

R=adamk@chromium.org
TBR=ulan@chromium.org
BUG=v8:1569

Review-Url: https://codereview.chromium.org/2578053003
Cr-Commit-Position: refs/heads/master@{#41745}
2016-12-16 08:57:29 +00:00
bbudge
03f33f2e68 [Turbofan] Add ARM NEON instructions for implementing SIMD.
- Adds NEON instructions to assembler, disassembler, simulator.
- Adds ExtractLane, ReplaceLane functions to macro assembler.

LOG=N
BUG=v8:4124

Review-Url: https://codereview.chromium.org/2546933002
Cr-Commit-Position: refs/heads/master@{#41737}
2016-12-15 18:15:23 +00:00
jochen
4f2cb8fe82 Reland of "Store SharedFunctionInfos of a Script in a FixedArray indexed by their ID"
Original CL description:
> Store SharedFunctionInfos of a Script in a FixedArray indexed by their ID
>
> Now that SharedFunctionInfos have a unique ID (and the IDs are dense),
> we can use them as an index into an array, instead of using a
> WeakFixedArray where we have to do a linear scan.
>
> Hooking up liveedit is a bit more involved, see
> https://docs.google.com/presentation/d/1FtNa3U7WsF5bPhY9uGoJG5Y9hnz5VBDabfOWpb4unWI/edit
> for an overview
>
> BUG=v8:5589
> R=verwaest@chromium.org,jgruber@chromium.org
>
> Review-Url: https://codereview.chromium.org/2547483002

BUG=v8:5589
TBR=verwaest@chromium.org,jgruber@chromium.org

Review-Url: https://codereview.chromium.org/2577063002
Cr-Commit-Position: refs/heads/master@{#41734}
2016-12-15 17:19:55 +00:00
clemensh
5993a1161b Revert of [wasm] Make WasmRunner the central test structure (patchset #5 id:80001 of https://codereview.chromium.org/2551043002/ )
Reason for revert:
Win64 dbg failures

Original issue's description:
> [wasm] Make WasmRunner the central test structure
>
> The WasmRunner now always holds a TestingModule, and allows to add
> several functions to it. The prepares a change to always run wasm code
> with a full module behind it, removing the special handling for "no wasm
> instance" at runtime (http://crrev.com/2551053002).
> This CL here also templatizes the WasmRunner such that the Call method must
> be called with the same signature specified for the WasmRunner. This
> already catched several mismatches there.
>
> R=titzer@chromium.org, ahaas@chromium.org
> BUG=v8:5620
>
> Review-Url: https://codereview.chromium.org/2551043002
> Cr-Commit-Position: refs/heads/master@{#41728}
> Committed: 2ff5906231

TBR=ahaas@chromium.org,titzer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5620

Review-Url: https://codereview.chromium.org/2583543002
Cr-Commit-Position: refs/heads/master@{#41732}
2016-12-15 16:51:11 +00:00
neis
7ca7229283 [parsing] Be less pessimistic about maybe_assigned of parameters.
Instead of unconditionally setting maybe_assigned for parameters, treat
parameters like other variables except that at the end we set maybe_assigned if
the function has a sloppy arguments object.

R=adamk@chromium.org, mstarzinger@chromium.org
BUG=v8:5636

Review-Url: https://codereview.chromium.org/2578103002
Cr-Commit-Position: refs/heads/master@{#41731}
2016-12-15 16:04:44 +00:00
gsathya
b4aadaec1e [promisehook] Store promise in PromiseReactionJob
This will be used in PromiseHook.

BUG=v8:4643

Review-Url: https://codereview.chromium.org/2581503003
Cr-Commit-Position: refs/heads/master@{#41730}
2016-12-15 15:50:54 +00:00
clemensh
2ff5906231 [wasm] Make WasmRunner the central test structure
The WasmRunner now always holds a TestingModule, and allows to add
several functions to it. The prepares a change to always run wasm code
with a full module behind it, removing the special handling for "no wasm
instance" at runtime (http://crrev.com/2551053002).
This CL here also templatizes the WasmRunner such that the Call method must
be called with the same signature specified for the WasmRunner. This
already catched several mismatches there.

R=titzer@chromium.org, ahaas@chromium.org
BUG=v8:5620

Review-Url: https://codereview.chromium.org/2551043002
Cr-Commit-Position: refs/heads/master@{#41728}
2016-12-15 15:37:29 +00:00
franzih
0e7a2ca0d7 [runtime] Throw if re-declaring a non-configurable accessor.
If an accessor property is non-configurable, one should not be able
to re-declare it as a function. This specifically applies to special properties like window.location.

BUG=chromium:670596

Review-Url: https://codereview.chromium.org/2582493002
Cr-Commit-Position: refs/heads/master@{#41725}
2016-12-15 14:41:07 +00:00
ishell
f1441384ff [stubs] Remove CSA::INTEGER_PARAMETERS in favor of CSA::INTPTR_PARAMETERS.
BUG=

Review-Url: https://codereview.chromium.org/2580533002
Cr-Commit-Position: refs/heads/master@{#41722}
2016-12-15 14:01:07 +00:00
ahaas
7bd61b601c [wasm] Introduce the TrapIf and TrapUnless operators to generate trap code.
Some instructions in WebAssembly trap for some inputs, which means that the
execution is terminated and (at least at the moment) a JavaScript exception is
thrown. Examples for traps are out-of-bounds memory accesses, or integer
divisions by zero.

Without the TrapIf and TrapUnless operators trap check in WebAssembly introduces 5
TurboFan nodes (branch, if_true, if_false, trap-reason constant, trap-position
constant), in addition to the trap condition itself. Additionally, each
WebAssembly function has four TurboFan nodes (merge, effect_phi, 2 phis) whose
number of inputs is linear to the number of trap checks in the function.
Especially for functions with high numbers of trap checks we observe a
significant slowdown in compilation time, down to 0.22 MiB/s in the sqlite
benchmark instead of the average of 3 MiB/s in other benchmarks. By introducing
a TrapIf common operator only a single node is necessary per trap check, in
addition to the trap condition. Also the nodes which are shared between trap
checks (merge, effect_phi, 2 phis) would disappear. First measurements suggest a
speedup of 30-50% on average.

This CL only implements TrapIf and TrapUnless on x64. The implementation is also
hidden behind the --wasm-trap-if flag.

Please take a special look at how the source position is transfered from the
instruction selector to the code generator, and at the context that is used for
the runtime call.

R=titzer@chromium.org

Review-Url: https://codereview.chromium.org/2562393002
Cr-Commit-Position: refs/heads/master@{#41720}
2016-12-15 13:31:29 +00:00
ivica.bogosavljevic
ee7281f8ff MIPS[64]: Disable fusion multiple-accumulate instructions
MIPS[64]R6 supports only fusion multiply-accumulate instructions, and using
these causes failures of several tests that expect exact floating-point
results. Therefore we disable fusion multiply-accumulate in both emitted and
compiled code on R6.

TEST=cctest/test-run-machops/RunFloat64MulAndFloat64Add1,mjsunit/es6/math-expm1.js
mjsunit/es6/math-fround.js,mjsunit/compiler/multiply-add.js

BUG=

Review-Url: https://codereview.chromium.org/2569683002
Cr-Commit-Position: refs/heads/master@{#41717}
2016-12-15 11:50:12 +00:00
ishell
b5925c0ad0 [stubs] Enable machine graph verification for CodeStubAssembler and friends by default in debug mode.
BUG=

Review-Url: https://codereview.chromium.org/2570213002
Cr-Commit-Position: refs/heads/master@{#41715}
2016-12-15 11:45:18 +00:00
rmcilroy
ae741d042c [Interpreter] Allocate registers used as call arguments on-demand.
Allocate the registers used as arguments to a call on-demand after visiting the
argument (or reciever). This means that the visited expression can use registers
that would otherwise have been allocated for arguments which haven't been
visited yet.

The reason for doing this is to avoid keeping things live in registers
unecessarily for chained function calls, which avoids a memory leak for
functions which chain a large number of calls with large temporary arguments /
recievers.

BUG=chromium:672027

Review-Url: https://codereview.chromium.org/2557173004
Cr-Commit-Position: refs/heads/master@{#41714}
2016-12-15 10:59:57 +00:00
kozyatinskiy
3dea2c8354 Revert of Store SharedFunctionInfos of a Script in a FixedArray indexed by their ID (patchset #11 id:190001 of https://codereview.chromium.org/2547483002/ )
Reason for revert:
LiveEdit is broken in some cases.

Original issue's description:
> Store SharedFunctionInfos of a Script in a FixedArray indexed by their ID
>
> Now that SharedFunctionInfos have a unique ID (and the IDs are dense),
> we can use them as an index into an array, instead of using a
> WeakFixedArray where we have to do a linear scan.
>
> Hooking up liveedit is a bit more involved, see
> https://docs.google.com/presentation/d/1FtNa3U7WsF5bPhY9uGoJG5Y9hnz5VBDabfOWpb4unWI/edit
> for an overview
>
> BUG=v8:5589
> R=verwaest@chromium.org,jgruber@chromium.org
>
> Committed: https://crrev.com/6595e7405769dc9d49e9568d61485efc6d468baf
> Cr-Commit-Position: refs/heads/master@{#41600}

TBR=jgruber@chromium.org,verwaest@chromium.org,yangguo@chromium.org,jochen@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=v8:5589,chromium:673950
NOPRESUBMIT=true

Review-Url: https://codereview.chromium.org/2578433002
Cr-Commit-Position: refs/heads/master@{#41684}
2016-12-14 02:05:05 +00:00
gsathya
3b1a09f56d [stubs] Add CSA::IsSymbol() and CSA::IsPrivateSymbol().
Review-Url: https://codereview.chromium.org/2571883002
Cr-Commit-Position: refs/heads/master@{#41682}
2016-12-13 23:13:20 +00:00
ishell
b5a9381a56 [interpreter][stubs] Enable graph verification for bytecode handlers and stubs included into snapshot.
BUG=

Review-Url: https://codereview.chromium.org/2575473002
Cr-Commit-Position: refs/heads/master@{#41676}
2016-12-13 13:55:29 +00:00
gsathya
dfa2660672 Add PromiseReactionJobInfo to CSA
BUG=v8:5343

Review-Url: https://codereview.chromium.org/2573703002
Cr-Commit-Position: refs/heads/master@{#41674}
2016-12-13 13:22:15 +00:00
marja
0c827cd000 PreParsing inner funcs: Remove nonsense code from PreParser.
The assignment in default parameters (e.g., function foo(a = somedefault) { }
doesn't flow through PreParserFactory::NewAssignment even if the comment claims so.
Thus, piping through the variables is not needed.

Kudos to neis@ for pointing this out.

BUG=v8:5501
R=neis@chromium.org

Review-Url: https://codereview.chromium.org/2569983003
Cr-Commit-Position: refs/heads/master@{#41670}
2016-12-13 12:35:11 +00:00
yangguo
449829b85c [serializer] API to re-use global proxy in v8::Context::FromSnapshot.
R=jochen@chromium.org, peria@chromium.org
BUG=chromium:617892

Review-Url: https://codereview.chromium.org/2571743002
Cr-Commit-Position: refs/heads/master@{#41668}
2016-12-13 11:24:58 +00:00
mstarzinger
397a09afc5 Revert of [deoptimizer] Enable test that should no longer fail. (patchset #1 id:1 of https://codereview.chromium.org/2568723003/ )
Reason for revert:
Still flakes on ARM.

Original issue's description:
> [deoptimizer] Enable test that should no longer fail.
>
> R=jarin@chromium.org
> TEST=cctest/test-cpu-profiler/CollectDeoptEvents
>
> Committed: https://crrev.com/3f9c2c590d687562d6adb531d1159738c07013f4
> Cr-Commit-Position: refs/heads/master@{#41664}

TBR=jarin@chromium.org,machenbach@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review-Url: https://codereview.chromium.org/2568403003
Cr-Commit-Position: refs/heads/master@{#41667}
2016-12-13 10:29:12 +00:00
ulan
ca9209d705 [heap] Special handling for small heaps in eager finalization of
incremental marking.

BUG=chromium:671994

Review-Url: https://codereview.chromium.org/2565173004
Cr-Commit-Position: refs/heads/master@{#41666}
2016-12-13 10:25:53 +00:00
mstarzinger
3f9c2c590d [deoptimizer] Enable test that should no longer fail.
R=jarin@chromium.org
TEST=cctest/test-cpu-profiler/CollectDeoptEvents

Review-Url: https://codereview.chromium.org/2568723003
Cr-Commit-Position: refs/heads/master@{#41664}
2016-12-13 09:19:38 +00:00
gsathya
2886e3917f [promises] Refactor CreatePromise
BUG=v8:5343

Review-Url: https://codereview.chromium.org/2571663002
Cr-Commit-Position: refs/heads/master@{#41660}
2016-12-13 02:15:20 +00:00
bradnelson
aabbbec67c [wasm] [asmjs] Route asm.js warnings to the dev console.
Generalize Messages to include an error level.
Add a parameter to AddMessageHandler to select which error levels to receive, using a mask (default being just errors, i.e. the current behavior).

BUG=v8:4203
R=dgozman@chromium.org,machenbach@chromium.org,danno@chromium.org,bmeurer@chromium.org,jochen@chromium.org

Review-Url: https://codereview.chromium.org/2526703002
Cr-Commit-Position: refs/heads/master@{#41648}
2016-12-12 14:48:50 +00:00
marja
64d9352a54 Preparsing inner funcs: be less pessimistic about maybe_assigned.
BUG=v8:5501, v8:5678

Review-Url: https://codereview.chromium.org/2539123002
Cr-Commit-Position: refs/heads/master@{#41645}
2016-12-12 14:45:16 +00:00
bradnelson
7659728be2 [wasm][asm.js] Forbid function declaration replacing variable declaration.
BUG=673240
R=titzer@chromium.org

Review-Url: https://codereview.chromium.org/2568773002
Cr-Commit-Position: refs/heads/master@{#41638}
2016-12-12 12:27:14 +00:00
petermarshall
375fc067b0 [Ignition] Fix incorrect arg evaluation order for some super calls.
The evaluation order of this argument was accidentally changed when the
special-case was added for super calls with a final spread argument.

Review-Url: https://codereview.chromium.org/2563423002
Cr-Commit-Position: refs/heads/master@{#41633}
2016-12-12 08:46:01 +00:00
mstarzinger
50c5ac57de [deoptimizer] Fix Deoptimizer::GetDeoptInfo for last entry.
This fixes the corner-case where the method in question failed to lookup
the very last deoptimization bailout without subsequent entries within
the relocation info. Also enable a test covering this.

R=tebbi@chromium.org
TEST=cctest/test-cpu-profiler/CollectDeoptEvents

Review-Url: https://codereview.chromium.org/2565733002
Cr-Commit-Position: refs/heads/master@{#41623}
2016-12-09 15:06:26 +00:00
clemensh
890d28f361 [wasm] Fix location for error in asm.js ToNumber conversion
In the asm.js code translated to wasm, we call imported functions via a
WASM_TO_JS stub, which first calls the function and then calls ToNumber
on the return value. Exceptions can happen in both calls.
We were only ever reporting the location of the function call, whereas
asm.js code executed via turbofan reported the location of the type
coercion operator ("+" on "+foo()" or "|" on "foo()|0").

This CL implements the same behaviour for asm.js code translated to
wasm. The following is changed:
- the AsmWasmBuilder records the parent node when descending on a binary
  operator (also "+foo()" is represented by a binary operation).
- it stores not one location per call in the source position side
  table, but two (one for the call, one for the parent which does the
  type coercion).
- the wasm compiler annotates the source positions "0" and "1" to the
  two calls in the WASM_TO_JS wrapper (only if the module origin is
  asm.js).
- the StackFrame::State struct now also holds the callee_pc_address,
  which is set in ComputeCallerState. The WASM frame uses this
  information to determine whether the callee frame is WASM_TO_JS, and
  whether that frame is at the ToNumber conversion call.
- the same information is also stored in the FrameArray which is used
  to reconstruct the stack trace later.

R=titzer@chromium.org, bradnelson@chromium.org
CC=jgruber@chromium.org
BUG=v8:4203,v8:5724

Committed: https://crrev.com/94cd46b55e24fa2bb7b06b3da4d5ba7f029bc262
Review-Url: https://codereview.chromium.org/2555243002
Cr-Original-Commit-Position: refs/heads/master@{#41599}
Cr-Commit-Position: refs/heads/master@{#41613}
2016-12-09 10:30:19 +00:00
mstarzinger
5dcda5bb17 [parser] Ensure asm.js modules always allocate context.
The deserialization of the {Scope::asm_module} predicate relies on a
context being present for such modules. This ensures we always allocate
such a context, even in cases where no variables are allocated in it.

R=neis@chromium.org
TEST=cctest/test-parsing/AsmModuleFlag
BUG=v8:5653

Review-Url: https://codereview.chromium.org/2561103004
Cr-Commit-Position: refs/heads/master@{#41611}
2016-12-09 10:12:40 +00:00
gsathya
d778b36f0c [promisehook] Add is_promisehook_enabled
This will be used in CSA to check if any promisehook is set.

-- Adds a is_promisehook_enabled_ field to the isolate and helper methods.
-- Adds this field to the ExternalReference table.
-- Adds a helper method to access this from CSA

Note -- this patch doesn't actually add the ability to attach the hook
yet.

BUG=v8:4643

Review-Url: https://codereview.chromium.org/2566483002
Cr-Commit-Position: refs/heads/master@{#41607}
2016-12-09 06:57:22 +00:00
clemensh
d3d125417d Revert of [wasm] Fix location for error in asm.js ToNumber conversion (patchset #5 id:80001 of https://codereview.chromium.org/2555243002/ )
Reason for revert:
gc-stress failures

Original issue's description:
> [wasm] Fix location for error in asm.js ToNumber conversion
>
> In the asm.js code translated to wasm, we call imported functions via a
> WASM_TO_JS stub, which first calls the function and then calls ToNumber
> on the return value. Exceptions can happen in both calls.
> We were only ever reporting the location of the function call, whereas
> asm.js code executed via turbofan reported the location of the type
> coercion operator ("+" on "+foo()" or "|" on "foo()|0").
>
> This CL implements the same behaviour for asm.js code translated to
> wasm. The following is changed:
> - the AsmWasmBuilder records the parent node when descending on a binary
>   operator (also "+foo()" is represented by a binary operation).
> - it stores not one location per call in the source position side
>   table, but two (one for the call, one for the parent which does the
>   type coercion).
> - the wasm compiler annotates the source positions "0" and "1" to the
>   two calls in the WASM_TO_JS wrapper (only if the module origin is
>   asm.js).
> - during stack trace generation (in the StackTraceIterator), when we
>   move from the WASM_TO_JS frame to the WASM frame, we remember at which
>   call inside the WASM_TO_JS wrapper we are, and encode this information
>   in the generated caller state, used for the WASM frame.
> - the same information is also stored in the FrameArray which is used
>   to reconstruct the stack trace later.
>
> R=titzer@chromium.org, bradnelson@chromium.org
> CC=jgruber@chromium.org
> BUG=v8:4203,v8:5724
>
> Committed: https://crrev.com/94cd46b55e24fa2bb7b06b3da4d5ba7f029bc262
> Cr-Commit-Position: refs/heads/master@{#41599}

TBR=bradnelson@chromium.org,mstarzinger@chromium.org,titzer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4203,v8:5724

Review-Url: https://codereview.chromium.org/2563613003
Cr-Commit-Position: refs/heads/master@{#41601}
2016-12-08 17:36:14 +00:00
jochen
6595e74057 Store SharedFunctionInfos of a Script in a FixedArray indexed by their ID
Now that SharedFunctionInfos have a unique ID (and the IDs are dense),
we can use them as an index into an array, instead of using a
WeakFixedArray where we have to do a linear scan.

Hooking up liveedit is a bit more involved, see
https://docs.google.com/presentation/d/1FtNa3U7WsF5bPhY9uGoJG5Y9hnz5VBDabfOWpb4unWI/edit
for an overview

BUG=v8:5589
R=verwaest@chromium.org,jgruber@chromium.org

Review-Url: https://codereview.chromium.org/2547483002
Cr-Commit-Position: refs/heads/master@{#41600}
2016-12-08 17:07:11 +00:00
clemensh
94cd46b55e [wasm] Fix location for error in asm.js ToNumber conversion
In the asm.js code translated to wasm, we call imported functions via a
WASM_TO_JS stub, which first calls the function and then calls ToNumber
on the return value. Exceptions can happen in both calls.
We were only ever reporting the location of the function call, whereas
asm.js code executed via turbofan reported the location of the type
coercion operator ("+" on "+foo()" or "|" on "foo()|0").

This CL implements the same behaviour for asm.js code translated to
wasm. The following is changed:
- the AsmWasmBuilder records the parent node when descending on a binary
  operator (also "+foo()" is represented by a binary operation).
- it stores not one location per call in the source position side
  table, but two (one for the call, one for the parent which does the
  type coercion).
- the wasm compiler annotates the source positions "0" and "1" to the
  two calls in the WASM_TO_JS wrapper (only if the module origin is
  asm.js).
- during stack trace generation (in the StackTraceIterator), when we
  move from the WASM_TO_JS frame to the WASM frame, we remember at which
  call inside the WASM_TO_JS wrapper we are, and encode this information
  in the generated caller state, used for the WASM frame.
- the same information is also stored in the FrameArray which is used
  to reconstruct the stack trace later.

R=titzer@chromium.org, bradnelson@chromium.org
CC=jgruber@chromium.org
BUG=v8:4203,v8:5724

Review-Url: https://codereview.chromium.org/2555243002
Cr-Commit-Position: refs/heads/master@{#41599}
2016-12-08 16:48:08 +00:00
Ilija.Pavlovic
e8f5adbed2 MIPS[64]: Fix MIPS: Improve Float(32|64)(Max|Min).
Fix 7a6f294ffe.

The first correction enables correct execution DoMathMinMax when two
input registers are the same register.
The second correction adds NOP instructions after branch instructions
in tests macro_float_minmaxf(32|64).

TEST=cctest/test-macro-assembler-mips[64]/macro_float_minmax_f32
     cctest/test-macro-assembler-mips[64]/macro_float_minmax_f64
     mjsunit/regress/math-min
BUG=

Review-Url: https://codereview.chromium.org/2556793003
Cr-Commit-Position: refs/heads/master@{#41596}
2016-12-08 14:57:07 +00:00
yangguo
98b563ebf3 [serializer] include global proxy in additional context snapshots.
Aside from the default snapshot, there is no need for additional context
snapshots to have the ability to replace the global proxy and global object
after deserialization. Changes include:
 - Changes to the API to better distinguish default context snapshot from
   additional context snapshots.
 - Disallow global handles when creating snapshots.
 - Allow extensions when creating snapshots.

This solves the issue of not being able to having accessors and interceptors on
the global object of contexts to be serialized.

R=jochen@chromium.org, peria@chromium.org
BUG=chromium:617892

Review-Url: https://codereview.chromium.org/2557743003
Cr-Commit-Position: refs/heads/master@{#41588}
2016-12-08 12:45:05 +00:00
ishell
c522c6baa5 [turbofan] Further adapting machine graph verifier to code stubs.
All accessor IC stubs now pass the verification.

BUG=

Review-Url: https://codereview.chromium.org/2556123002
Cr-Commit-Position: refs/heads/master@{#41585}
2016-12-08 11:31:34 +00:00
mvstanton
044b2d1bd8 Reland Store OSR'd optimized code on the native context.
The patch was reverted due to a bug - we failed to evict OSR-optimized
code in the case where the SharedFunctionInfo OptimizedCodeMap was
empty/cleared.

Since we OSR code rarely, it makes sense to store it and look for it on the native context rather than the SharedFunctionInfo. This makes the OptimizedCodeMap data structure more space efficient, as it doesn't have to store an ast ID for the OSR entry point.

Review-Url: https://codereview.chromium.org/2561083002
Cr-Commit-Position: refs/heads/master@{#41584}
2016-12-08 11:13:59 +00:00
rmcilroy
bfc53f6ed0 [Interpreter] Add expression positions to BinaryOps.
BUG=v8:5723

Review-Url: https://codereview.chromium.org/2555263002
Cr-Commit-Position: refs/heads/master@{#41583}
2016-12-08 10:11:17 +00:00
neis
fcb7591520 [parsing] Fix maybe-assigned flag in some cases.
This CL attempts to set the maybe-assigned flag for variables that are written
to as part of a destructuring or loop header.

For instance, in the following two cases we now mark x as maybe-assigned.

a) [x] = [1];
b) for (x of [1,2,3]) {};

There's more work to do here, this is just a first step.

R=adamk@chromium.org, mstarzinger@chromium.org
BUG=v8:5636

Review-Url: https://codereview.chromium.org/2562443003
Cr-Commit-Position: refs/heads/master@{#41582}
2016-12-08 10:06:09 +00:00
qiuyi.zqy
9ca022fab2 Return false in TryNumberToSize if the number is 1 << 64.
Currently when the number passed to TryNumberToSize is 1 << 64,
it gets away with a bug caused by rounding of mantissa.
Then the number will be casted to 0 and TryNumberToSize
will return true. This patch fix this by making the range check
more accurate.

BUG=v8:5712

Review-Url: https://codereview.chromium.org/2548243004
Cr-Commit-Position: refs/heads/master@{#41578}
2016-12-08 09:20:30 +00:00
neis
d23f837166 [parsing] Add some more tests of maybe-assigned.
R=adamk@chromium.org, mstarzinger@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2554363002
Cr-Commit-Position: refs/heads/master@{#41577}
2016-12-08 08:56:02 +00:00
bmeurer
b5f27ef30c Revert of Store OSR'd optimized code on the native context. (patchset #8 id:140001 of https://codereview.chromium.org/2549753002/ )
Reason for revert:
Speculative revert WebGL breakage reported in https://bugs.chromium.org/p/chromium/issues/detail?id=672367

Original issue's description:
> Store OSR'd optimized code on the native context.
>
> Since we OSR code rarely, it makes sense to store it and look for it on the native context rather than the SharedFunctionInfo. This makes the OptimizedCodeMap data structure more space efficient, as it doesn't have to store an ast ID for the OSR entry point.
>
> BUG=
>
> Committed: https://crrev.com/378b6b22fb7925ac5b672335a54599f5739e7758
> Cr-Commit-Position: refs/heads/master@{#41554}

TBR=mstarzinger@chromium.org, mvstanton@chromium.org, ulan@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2562623003
Cr-Commit-Position: refs/heads/master@{#41571}
2016-12-08 07:29:20 +00:00
gsathya
11359e331a [promises] Port ResolvePromise to TF
-- Moves promiseHasHandlerSymbol to inobject property
-- Ports PromiseResolveClosure to TF
-- Fix a non spec async-await test which fails now because we do a map
check for native promise check (instead of IsPromise). Changing the
constructor (in the test) invalidates the map check.

This patch results in a 7.1% performance improvement in the bluebird
benchmark (over 5 runs).

BUG=v8:5343

Review-Url: https://codereview.chromium.org/2541283002
Cr-Commit-Position: refs/heads/master@{#41569}
2016-12-08 06:12:48 +00:00
lpy
ecdff43b99 [Tracing] Support multi-categories group list.
jasongin@ created this patch.
dcc50445a3
This patch adds the support to emit a trace event by using a comma-separated
list of categories, so that the trace event will be emitted if there is at least
one category is enabled in the categories list.

TBR=jochen@chromium.org

Review-Url: https://codereview.chromium.org/2558193002
Cr-Commit-Position: refs/heads/master@{#41567}
2016-12-08 00:28:18 +00:00
dcheng
ebe9419228 Propagate exceptions thrown by access check interceptors.
When v8 fails an access check, it invokes a helper to try to see if it
can service the request via an access check interceptor. Invoking the
access check interceptor can throw an exception (e.g. a SecurityError).

Unfortunately, the failed access check property helpers and the
interceptor helpers don't agree on how to propagate the exception: if
the interceptor helper detects a scheduled exception, it promotes the
exception to a pending exception and returns to the failed access check
property helper.

The failed access check property helper also has an early return in
case of a scheduled exception. However, this doesn't work, as the
previously thrown exception is no longer scheduled, as it's been
promoted to a pending exception. Thus, the failed access check property
helper always end up calling the failed access check callback as well.
Since Blink's implementation of the failed access check callback also
throws an exception, this conflicts with the previously-thrown,
already-pending exception.

With this patch, the failed access check property helpers check for a
pending exception rather than a scheduled exception after invoking the
interceptor, so the exception can be propagated correctly.

BUG=v8:5715
R=yangguo@chromium.org,jochen@chromium.org

Review-Url: https://codereview.chromium.org/2550423002
Cr-Commit-Position: refs/heads/master@{#41556}
2016-12-07 15:54:39 +00:00
caitp
b5f146a02a [ignition] desugar GetIterator() via bytecode rather than via AST
Introduces:
- a new AST node representing the GetIterator() algorithm in the specification, to be used by ForOfStatement, YieldExpression (in the case of delegating yield*), and the future `for-await-of` loop proposed in http://tc39.github.io/proposal-async-iteration/#sec-async-iterator-value-unwrap-functions.
- a new opcode (JumpIfJSReceiver), which is useful for `if Type(object) is not Object` checks which are common throughout the specification. This node is easily eliminated by TurboFan.

The AST node is desugared specially in bytecode, rather than manually when building the AST. The benefit of this is that desugaring in the BytecodeGenerator is much simpler and easier to understand than desugaring the AST.

This also reduces parse time very slightly, and allows us to use LoadIC rather than KeyedLoadIC, which seems to have  better baseline performance. This results in a ~20% improvement in test/js-perf-test/Iterators micro-benchmarks, which I believe owes to the use of the slightly faster LoadIC as opposed to the KeyedLoadIC in the baseline case. Both produce identical optimized code via TurboFan when the type check can be eliminated, and the load can be replaced with a constant value.

BUG=v8:4280
R=bmeurer@chromium.org, rmcilroy@chromium.org, adamk@chromium.org, neis@chromium.org, jarin@chromium.org
TBR=rossberg@chromium.org

Review-Url: https://codereview.chromium.org/2557593004
Cr-Commit-Position: refs/heads/master@{#41555}
2016-12-07 15:20:33 +00:00
mvstanton
378b6b22fb Store OSR'd optimized code on the native context.
Since we OSR code rarely, it makes sense to store it and look for it on the native context rather than the SharedFunctionInfo. This makes the OptimizedCodeMap data structure more space efficient, as it doesn't have to store an ast ID for the OSR entry point.

BUG=

Review-Url: https://codereview.chromium.org/2549753002
Cr-Commit-Position: refs/heads/master@{#41554}
2016-12-07 15:11:04 +00:00
yangguo
0d4219913e [debug] do not retroactively apply script break points.
R=jgruber@chromium.org, kozyatinskiy@chromium.org
BUG=v8:5510

Review-Url: https://codereview.chromium.org/2530093002
Cr-Commit-Position: refs/heads/master@{#41549}
2016-12-07 11:44:12 +00:00
ishell
36807f8a21 [stubs] Fix issues found by the machine graph verifier in load/store IC stubs.
BUG=

Review-Url: https://codereview.chromium.org/2560663002
Cr-Commit-Position: refs/heads/master@{#41548}
2016-12-07 10:57:42 +00:00
ishell
df2f66e01e [turbofan] Add --csa-verify flag that enables machine graph verification of code stubs.
The flag must be used only by CodeStubAssemblerGraphsCorrectness cctest for now
and once all the verification issues are fixed the flag will be enabled in debug
mode by default.

This CL also relaxes some checks for code stub graphs and fixes some issues in the stubs.

BUG=

Review-Url: https://codereview.chromium.org/2558653002
Cr-Commit-Position: refs/heads/master@{#41547}
2016-12-07 10:41:03 +00:00
henrique.ferreiro
afd5ff553b Install the 'name' property in classes at runtime
This allows to detect a static property also named 'name', and also makes sure 'name' is added last, to be standards-compliant.

BUG=v8:4199

Review-Url: https://codereview.chromium.org/2423053002
Cr-Commit-Position: refs/heads/master@{#41546}
2016-12-07 10:35:00 +00:00
ishell
331b0df6e4 [stubs] Ensure that the stubs are recompiled in respective tests.
Removing elements from stub cache by Major key only does not always work.

BUG=

Review-Url: https://codereview.chromium.org/2551353003
Cr-Commit-Position: refs/heads/master@{#41544}
2016-12-07 10:23:21 +00:00
dusan.simicic
c35cc1419c MIPS[64]: Fix jump_tables6 test for r6 architectures
This patch fixes jump_tables6 test for mips32r6 and mips64r6.
This is regression from CL:
https://crrev.com/d735f3ab12061f0a588b3f0538f9229cf747f818

BUG=

Review-Url: https://codereview.chromium.org/2547033002
Cr-Commit-Position: refs/heads/master@{#41543}
2016-12-07 09:13:44 +00:00
petermarshall
a25e768864 [Ignition/turbo] Add a NewWithSpread bytecode.
This just calls into a runtime function for implementation currently.

Intermediate step in speeding up constructor calls containing a spread.

The NewWithSpread bytecode will probably end up having different arguments with future CLs - the constructor and the new.target should have their own regs. For now we are calling into the runtime function, so we need the regs together.

BUG=v8:5659

Review-Url: https://codereview.chromium.org/2541113004
Cr-Commit-Position: refs/heads/master@{#41542}
2016-12-07 08:35:09 +00:00
gsathya
52e2c154ff Reland Create JSPromise (patchset #16 id:300001 of https://codereview.chromium.org/2536463002/ )"
This reverts commit 4c7cccf9f4.

BUG=v8:5343

Review-Url: https://codereview.chromium.org/2554943002
Cr-Commit-Position: refs/heads/master@{#41534}
2016-12-06 18:43:18 +00:00
ishell
a9345a158a Revert of [turbofan] Add --csa-verify flag that enables machine graph verification of code stubs. (patchset #2 id:60001 of https://codereview.chromium.org/2551933002/ )
Reason for revert:
Broke nosnap build: https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap%20-%20debug/builds/10689

Original issue's description:
> [turbofan] Add --csa-verify flag that enables machine graph verification of code stubs.
>
> The flag must be used only by CodeStubAssemblerGraphsCorrectness cctest for now
> and once all the verification issues are fixed the flag will be enabled in debug
> mode by default.
>
> BUG=
>
> Committed: https://crrev.com/292b3548f6d02b964b4afe3e05f89c0681fa5620
> Cr-Commit-Position: refs/heads/master@{#41531}

TBR=mstarzinger@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review-Url: https://codereview.chromium.org/2552893003
Cr-Commit-Position: refs/heads/master@{#41532}
2016-12-06 17:29:15 +00:00
ishell
292b3548f6 [turbofan] Add --csa-verify flag that enables machine graph verification of code stubs.
The flag must be used only by CodeStubAssemblerGraphsCorrectness cctest for now
and once all the verification issues are fixed the flag will be enabled in debug
mode by default.

BUG=

Review-Url: https://codereview.chromium.org/2551933002
Cr-Commit-Position: refs/heads/master@{#41531}
2016-12-06 16:18:40 +00:00
titzer
f897e36c8c [wasm] Names of exported functions should be the stringified function index.
R=bradnelson@chromium.org,rossberg@chromium.org
BUG=v8:5705

Review-Url: https://codereview.chromium.org/2551323003
Cr-Commit-Position: refs/heads/master@{#41530}
2016-12-06 15:33:42 +00:00
bradnelson
051bc1ec3e [wasm][asm.js] Pass Script with Handle.
The asm-wasm-builder started allocating SharedFunctionInfos,
this makes it bad we'd passed Script by pointer (due to ignorance).
Switching to Handle<Script>.

R=clemensh@chromium.org,titzer@chromium.org
BUG=v8:5716

Review-Url: https://codereview.chromium.org/2552873003
Cr-Commit-Position: refs/heads/master@{#41529}
2016-12-06 15:29:22 +00:00
ulan
fdc0aa0c97 [heap] Ensure finalization of incremental marking even if all allocations
come from the runtime.

This patch fixes an issue of heap growing to max capacity when incremental
marking is finished but cannot finalize due to GC stack guard not triggering.

It can happen if all allocations come from the runtime, for example,
from JSON parser or compiler.

Now before expanding the heap we check if we are above the allocation limit
and the incremental marking needs to be finalized. If so we do not expand
the heap and force GC, which will finalize the incremental marking.
The check is performed for paged spaces and large-object space.

BUG=chromium:670675

Review-Url: https://codereview.chromium.org/2552613004
Cr-Commit-Position: refs/heads/master@{#41524}
2016-12-06 14:06:40 +00:00
machenbach
ca74343a70 [test] Skip flaky FunctionApplySample test on windows
BUG=v8:5193
NOTRY=true
TBR=alph@chromium.org,yangguo@chromium.org

Review-Url: https://codereview.chromium.org/2555683003
Cr-Commit-Position: refs/heads/master@{#41523}
2016-12-06 13:58:12 +00:00
marja
1b5ccb055a PreParser: track variable declarations and parameters
This makes the context allocation less pessimistic in the following cases:

function outer() {
  var a; // Won't be context allocated
  function inner1() { var a; a; }
  function inner2(a) { a; }
  function inner3([a]) { a; }
  function inner4({ a: b}) { a; }
}

BUG=v8:5501

Review-Url: https://codereview.chromium.org/2407163003
Cr-Commit-Position: refs/heads/master@{#41521}
2016-12-06 13:24:07 +00:00
yangguo
d26cdb7d6f v8::Private::ForApi should be context-independent.
This is done by reimplementing Symbol.for directly on top of
NameDictionary. A nice side effect is the removal of src/js/symbol.js

R=jochen@chromium.org, peria@chromium.org
BUG=chromium:617892

Review-Url: https://codereview.chromium.org/2551763003
Cr-Commit-Position: refs/heads/master@{#41520}
2016-12-06 13:21:38 +00:00
mythria
9119d16904 [Interpreter] Optimize equality check with null/undefined with a check on the map.
Equality with null/undefined is equivalent to a check on the undetectable bit
on the map of the object. This would be more efficient than performing the entire
comparison operation.

This cl introduces:
1. A new bytecode called TestUndetectable that checks if the object is null/undefined.
2. Updates peeophole optimizer to emit TestUndetectable when a LdaNull/Undefined
precedes equality check.
4. TestUndetectable is transformed to ObjectIsUndetectable operator when building
turbofan graph.

BUG=v8:4280

Review-Url: https://codereview.chromium.org/2547043002
Cr-Commit-Position: refs/heads/master@{#41514}
2016-12-06 11:32:39 +00:00
machenbach
4c7cccf9f4 Revert of Create JSPromise (patchset #16 id:300001 of https://codereview.chromium.org/2536463002/ )
Reason for revert:
Breaks layout tests:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/11861

See:
https://github.com/v8/v8/wiki/Blink-layout-tests

Original issue's description:
> Object
> -- New JSObject for promises: JSPromise
>
> Builtins
> -- PromiseThen TFJ
> -- PromiseCreateAndSet TFJ for internal use
> -- PerformPromiseThen TFJ for internal use
> -- PromiseInit for initial promise setup
> -- SpeciesConstructor for use in PromiseThen
> -- ThrowIfNotJSReceiver for use in SpeciesConstructor
> -- AppendPromiseCallback to update FixedArray with new callback
> -- InternalPerformPromiseThen
>
> Promises.js
> -- Cleanup unused symbols
> -- Remove PerformPromiseThen
> -- Remove PromiseThen
> -- Remove PromiseSet
> -- Remove PromiseAttachCallbacks
>
> Runtime
> -- PromiseSet to set promise inobject values
> -- Refactor functions to use FixedArrays for callbacks instead of
>    JSArray
> -- Runtime_PromiseStatus to return promise status
> -- Runtime_PromiseResult to return promise result
> -- Runtime_PromiseDeferred to return deferred attached to promise
> -- Runtime_PromiseRejectReactions to return reject reactions attached
>    to promise
>
> This CL results in a 13.07% improvement in the promises benchmark
> (over 5 runs).
>
> BUG=v8:5343
>
> Committed: https://crrev.com/30b564c76f490f8f6b311a74b25b26cf0a96be2d
> Cr-Commit-Position: refs/heads/master@{#41503}

TBR=bmeurer@chromium.org,jgruber@chromium.org,caitp@igalia.com,gsathya@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5343

Review-Url: https://codereview.chromium.org/2554013002
Cr-Commit-Position: refs/heads/master@{#41512}
2016-12-06 11:19:07 +00:00
ishell
df2fc5ef57 [turbofan] Move CodeAssembler::Label and CodeAssembler::Variable to compiler namespace.
This allows us to forward declare Label and Variable classes without including the
code-assembler.h.

BUG=

Review-Url: https://codereview.chromium.org/2551163003
Cr-Commit-Position: refs/heads/master@{#41509}
2016-12-06 10:29:49 +00:00
Ilija.Pavlovic
7a6f294ffe MIPS: Improve Float(32|64)(Max|Min).
Port for 3396bb2907

TEST=
BUG=

Review-Url: https://codereview.chromium.org/2534413002
Cr-Commit-Position: refs/heads/master@{#41508}
2016-12-06 10:16:50 +00:00
gdeepti
02c6b04179 [wasm] Implement I32x4ReplaceLane, I32x4Add, I32x4Sub.
R=bbudge@chromium.org, titzer@chromium.org

Review-Url: https://codereview.chromium.org/2385393002
Cr-Commit-Position: refs/heads/master@{#41505}
2016-12-06 01:12:55 +00:00
gsathya
30b564c76f Object
-- New JSObject for promises: JSPromise

Builtins
-- PromiseThen TFJ
-- PromiseCreateAndSet TFJ for internal use
-- PerformPromiseThen TFJ for internal use
-- PromiseInit for initial promise setup
-- SpeciesConstructor for use in PromiseThen
-- ThrowIfNotJSReceiver for use in SpeciesConstructor
-- AppendPromiseCallback to update FixedArray with new callback
-- InternalPerformPromiseThen

Promises.js
-- Cleanup unused symbols
-- Remove PerformPromiseThen
-- Remove PromiseThen
-- Remove PromiseSet
-- Remove PromiseAttachCallbacks

Runtime
-- PromiseSet to set promise inobject values
-- Refactor functions to use FixedArrays for callbacks instead of
   JSArray
-- Runtime_PromiseStatus to return promise status
-- Runtime_PromiseResult to return promise result
-- Runtime_PromiseDeferred to return deferred attached to promise
-- Runtime_PromiseRejectReactions to return reject reactions attached
   to promise

This CL results in a 13.07% improvement in the promises benchmark
(over 5 runs).

BUG=v8:5343

Review-Url: https://codereview.chromium.org/2536463002
Cr-Commit-Position: refs/heads/master@{#41503}
2016-12-05 21:08:31 +00:00
clemensh
e6bd306353 [debug] Remove DebugInterface class
It only contained type definitions and static functions, so we
can also just make it a namespace.

R=kozyatinskiy@chromium.org, yangguo@chromium.org

Review-Url: https://codereview.chromium.org/2549133002
Cr-Commit-Position: refs/heads/master@{#41501}
2016-12-05 19:44:50 +00:00
mvstanton
3e46a3b754 Remove FLAG_flush_optimized_code_cache
It's no longer necessary, and has been off for a year.

BUG=

Review-Url: https://codereview.chromium.org/2553643002
Cr-Commit-Position: refs/heads/master@{#41499}
2016-12-05 18:28:29 +00:00
vogelheim
0315bfff6b Remove unused code, AstValueFactory::ConcatStrings.
BUG=

Review-Url: https://codereview.chromium.org/2545773003
Cr-Commit-Position: refs/heads/master@{#41497}
2016-12-05 18:00:39 +00:00
verwaest
ce63eb08f9 [counters] Move waiting for more data from background-parsing into callbacks
BUG=

Review-Url: https://codereview.chromium.org/2549083002
Cr-Commit-Position: refs/heads/master@{#41492}
2016-12-05 15:47:12 +00:00
bmeurer
bf5c5bf8a4 [turbofan] Properly check Tagged->Word32 changes.
Don't unconditionally assume that Tagged->Word32 changes are always
truncating independent of the type of the input. Work-around the
remaining issues with for-in by properly renaming the index if it's
not already of appropriate type (happens with generators or OSR).

R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2545393002
Cr-Commit-Position: refs/heads/master@{#41484}
2016-12-05 11:57:16 +00:00
ishell
3d618949e1 [stubs] Cleanup usages of lambdas in CodeStubAssembler and friends.
The changes are:
1) Pass lambdas as const references to avoid unnecessary copying.
2) Remove CodeStubAssembler* parameter from loop bodies and let the lambdas
   capture the right assembler instead. It makes the loop body code look
   uniform with the surrounding code and unblocks splitting of a CSA
   into different classes.

BUG=

Review-Url: https://codereview.chromium.org/2535753012
Cr-Commit-Position: refs/heads/master@{#41482}
2016-12-05 11:29:17 +00:00
ulan
a1680631ff Revert "[heap] Use RAIL mode for initial heap sizing"
This reverts commit aea4f1a704.

Reason: performance regression on benchmarks (crbug.com/671118).

BUG=chromium:671118,chromium:613518
TBR=hpayer@chromium.org

Review-Url: https://codereview.chromium.org/2549053002
Cr-Commit-Position: refs/heads/master@{#41479}
2016-12-05 10:15:21 +00:00
ulan
aea4f1a704 [heap] Use RAIL mode for initial heap sizing
BUG=chromium:613518

Review-Url: https://codereview.chromium.org/2407153002
Cr-Commit-Position: refs/heads/master@{#41459}
2016-12-02 16:34:12 +00:00
predrag.rudic
11f0a0e819 Fix MIPS maddf and msubf instructions in simulator and tests.
Tests were falling in qemu because of inexact computation in tests.
After correcting tests, simulator also had to be fixed.

Review-Url: https://codereview.chromium.org/2539133002
Cr-Commit-Position: refs/heads/master@{#41447}
2016-12-02 09:12:04 +00:00
jgruber
1a6dae8070 [debug] Partial reland of debug API deprecation
This relands API deprecation (without removing the implementation),
removal of NewFunction and BeforeCompile events, and removal of
DebugCommandProcessor tests.

The remaining portion of the original CLs can be relanded after the 4.7
branch point.

Original CLs:

https://codereview.chromium.org/2524323002
https://codereview.chromium.org/2531543002

BUG=v8:5510

Review-Url: https://codereview.chromium.org/2546473008
Cr-Commit-Position: refs/heads/master@{#41446}
2016-12-02 09:02:01 +00:00
aseemgarg
ff8bbe245a [wasm] implement simd lowering for replaceLane, load, store and test for phi
BUG=v8:4124
TEST:test-run-wasm-simd-lowering
R=bradnelson@chromium.org,titzer@chromium.org,mtrofin@chromium.org

Review-Url: https://codereview.chromium.org/2498283002
Cr-Commit-Position: refs/heads/master@{#41443}
2016-12-02 03:47:46 +00:00
Ilija.Pavlovic
a1901cfbc7 MIPS[64]: Fix compilation failure in test-macro-assembler[64].cc
Fix compilation failure in test-macro-assembler[64].cc
caused by 8fcfe66f94
due to warning `lambda-expression in unevaluated context`.

TEST=cctest/test-macro-assembler-mips[64]
BUG=

Review-Url: https://codereview.chromium.org/2543643005
Cr-Commit-Position: refs/heads/master@{#41433}
2016-12-01 16:16:05 +00:00
jgruber
4292f32ed3 [debug] Revert debug API removal
Debugging API is still in use by Node.

Revert "[debug] remove deprecated debug command message queue."
This reverts commit abdbfc953d.

Revert "[debug] mark more unused debug API as deprecated."
This reverts commit d5ada19ce7.

BUG=v8:5530

Review-Url: https://codereview.chromium.org/2537313005
Cr-Commit-Position: refs/heads/master@{#41427}
2016-12-01 13:34:45 +00:00
dusan.simicic
d735f3ab12 MIPS: Fix trampoline emission after switch table generation
Trampolines are generated when the value of pc_offset is greater than
next_buffer_check_ (attribute from Assembler class). This value
shouldn't be incremented in bind_to() method when internal reference
label is bound, because it is not decremented when the switch table is
generated (dd() method from Assemler class).

This patch fixes this problem. Regression test are also included for
mips and mips64 arch.

BUG=

Review-Url: https://codereview.chromium.org/2530143002
Cr-Commit-Position: refs/heads/master@{#41423}
2016-12-01 13:03:19 +00:00
petermarshall
a328143eb3 Move desugaring of super calls with trailing spread to one runtime call.
Unfortunately we have to split this up into two cases: those with exactly one spread argument as the final argument, and all others, due to any side-effects of evaluation being visible.

This is in preparation for a new bytecode which handles super calls.

BUG=v8:5659

Review-Url: https://codereview.chromium.org/2540593003
Cr-Commit-Position: refs/heads/master@{#41415}
2016-12-01 09:42:37 +00:00
eholk
bf35d15e52 [wasm] OOB traps: build protected instruction list during codegen
During codegen, we build a list mapping protected instructions to their
associated landing pads. This will ultimately by used by the signal handler to
recover from out of bounds faults and throw a JS exception.

This is mostly pulled from my larger in-progress CL at
https://codereview.chromium.org/2371833007/.

BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277

Review-Url: https://codereview.chromium.org/2500443004
Cr-Commit-Position: refs/heads/master@{#41400}
2016-11-30 22:32:03 +00:00
bbudge
9e3feefff2 [Turbofan] Modify ARM vswp assembler test to use integers.
Attempt to fix or get insight into failing vswp test on V8 ARM bot.

LOG=N
BUG=

Review-Url: https://codereview.chromium.org/2539533005
Cr-Commit-Position: refs/heads/master@{#41397}
2016-11-30 19:45:08 +00:00
neis
9ef7ab1e2e [compiler] Remove context value input from JSLoadContext and JSStoreContext.
JS operators always have an implicit context input, so just use that instead.

BUG=

Review-Url: https://codereview.chromium.org/2541813002
Cr-Commit-Position: refs/heads/master@{#41392}
2016-11-30 15:46:08 +00:00
clemensh
6572b5622e [wasm] Remove raw byte pointers from WasmModule
These byte pointers (module_start and module_end) were only valid
during decoding. During instantiation or execution, they can get
invalidated by garbage collection.
This CL removes them from the WasmModule struct, and introduces a new
ModuleStorage struct as interface to the wasm wire bytes.
Since the storage is often needed together with the ModuleEnv, a new
ModuleStorageEnv struct holds both a ModuleEnv and a ModuleStorage.
The pointers in the ModuleStorage should never escape the live range of
this struct, as they might point into a SeqOneByteString or ArrayBuffer.
Therefore, the WasmInterpreter needs to create its own copy of the
whole module.
Runtime functions that previously used the raw pointers in WasmModule
(leading to memory errors) now have to use the SeqOneByteString in the
WasmCompiledModule.

R=titzer@chromium.org
BUG=chromium:669518

Review-Url: https://codereview.chromium.org/2540133002
Cr-Commit-Position: refs/heads/master@{#41388}
2016-11-30 15:03:06 +00:00
jochen
a1473f5306 Split parsing of functions and top-level code into two separate methods
Also move them to a separate interface header to avoid having to include
parser.h so much

BUG=v8:5589
R=verwaest@chromium.org,marja@chromium.org

Review-Url: https://codereview.chromium.org/2534393002
Cr-Commit-Position: refs/heads/master@{#41386}
2016-11-30 13:21:37 +00:00
titzer
a0c518627f [wasm] Add a flag --wasm-opt to test optimizations in the WASM pipeline.
R=ahaas@chromium.org,bradnelson@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2528033002
Cr-Commit-Position: refs/heads/master@{#41381}
2016-11-30 10:36:14 +00:00
rmcilroy
8037e98e44 [Interpreter] Remove skips for tests that no longer seem to be flaky.
BUG=v8:4680

Review-Url: https://codereview.chromium.org/2541563002
Cr-Commit-Position: refs/heads/master@{#41378}
2016-11-30 09:21:37 +00:00
bradnelson
14e05c1046 [wasm] asm.js - Parse and convert asm.js to wasm a function at a time.
Make the AsmWasmBuilder drive the process of typing and potentially parsing
function bodies. This will allow us to keep only a single asm.js function's
AST in memory as we convert to WebAssembly.
This is needed to keep our memory footprint low.

Add some additional output to a few tests that's helpful to see which stage they fail at.

BUG= https://bugs.chromium.org/p/v8/issues/detail?id=4203
LOG=N
R=marja@chromium.org,adamk@chromium.org,aseemgarg@chromium.org,titzer@chromium.org

Review-Url: https://codereview.chromium.org/2398023002
Cr-Commit-Position: refs/heads/master@{#41372}
2016-11-30 00:26:05 +00:00
danno
df2578d2ec [stubs] Port builtin for Array.push fast-case from Crankshaft to TF
Improves performance in simple, single element case by 5% and in multiple
elements cases by 2%.

BUG=chromium:608675
LOG=N

Review-Url: https://codereview.chromium.org/2497243002
Cr-Commit-Position: refs/heads/master@{#41368}
2016-11-29 16:58:30 +00:00
rmcilroy
067e9e295f [Interpreter] Add bytecode aging and use it enable CompilationCache for bytecode
Adds a bytecode_age field to BytecodeArray objects. This is incremented each
time the bytecode array is marked by GC, and reset to zero if the bytecode
is executed.

This is used to enable the CompilationCache for interpreted functions,
where Interpreted entries are evicted once the bytecode becomes old.

BUG=chromium:666275,v8:4680

Review-Url: https://codereview.chromium.org/2534763003
Cr-Commit-Position: refs/heads/master@{#41356}
2016-11-29 12:34:58 +00:00
rmcilroy
5fd2b71236 [Heap] Remove concept of MarkingParity.
MarkingParity was used to avoid performing an operation on an object if it was
marked multiple times. We no longer mark things multiple times, so this concept
is no longer required.

BUG=chromium:666275

Review-Url: https://codereview.chromium.org/2529173002
Cr-Commit-Position: refs/heads/master@{#41354}
2016-11-29 12:10:16 +00:00
bmeurer
777e142ca1 [turbofan] Add appropriate types to express Callable.
This introduces three new types OtherCallable, CallableProxy (and OtherProxy),
and BoundFunction to make it possible to express Callable in the Type system.
It also forces all undetectable receivers to be Callable, which matches the
use case for undetectable, namely document.all (guarded by proper checks and
tests).

It also uses these new types to properly optimize instanceof (indirectly via
OrdinaryHasInstance) based on the type of the constructor and the object. So
we are able to constant-fold certain instanceof expressions based on types
and completely avoid the builtin call.

R=jarin@chromium.org
BUG=v8:5267

Review-Url: https://codereview.chromium.org/2535753004
Cr-Commit-Position: refs/heads/master@{#41345}
2016-11-29 10:48:13 +00:00
cbruni
85321456cd [api] Support sharing prototypes between FunctionTemplates
FunctionTemplateInfo::SetPrototypeProviderTemplate adds support for sharing
prototypes between several function templates. This is used to properly set up
Image.prototype and HTMLImageElement.protoype which should be equal according
to the spec.

BUG=chromium:2969

Review-Url: https://codereview.chromium.org/2531653002
Cr-Commit-Position: refs/heads/master@{#41343}
2016-11-29 10:14:18 +00:00
tebbi
08931d45ba [parser] removed redundant undefined check of for-of iterator
Removed a redundant check: If completion is not normal, then #iterator cannot be undefined.

Review-Url: https://codereview.chromium.org/2533803002
Cr-Commit-Position: refs/heads/master@{#41321}
2016-11-28 15:30:17 +00:00
ziyang
f5d373b012 PPC64: Changing test-spaces/SizeOfInitialHeap to accomodate 64K page size
Since the page size of PPC 64 bit machines is 64K, memory smaller than 64K
    cannot be freed causing the committed memory of code space to be
    exactly 2M. Changing the test case to accomodate this.

R=mlippautz@chromium.org, ulan@chromium.org, vogelheim@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2523293002
Cr-Commit-Position: refs/heads/master@{#41292}
2016-11-25 19:38:17 +00:00
bbudge
ef3f125d37 [Turbofan] Add ARM support for simd128 moves and swaps.
- Adds vmov, vswp instructions for QwNeonRegisters.
- Refactors existing vswp implementation, moves non-Neon adaption to
MacroAssembler.
- Adds simd128 support to CodeGenerator AssembleMove, AssembleSwap.

LOG=N
BUG=v8:4124

Review-Url: https://codereview.chromium.org/2523933002
Cr-Commit-Position: refs/heads/master@{#41291}
2016-11-25 19:37:04 +00:00
yangguo
d5ada19ce7 [debug] mark more unused debug API as deprecated.
R=jgruber@chromium.org
BUG=v8:5510

Review-Url: https://codereview.chromium.org/2531543002
Cr-Commit-Position: refs/heads/master@{#41283}
2016-11-25 09:11:04 +00:00
rmcilroy
49ea60ef9d [GC] Fix code flushing to use bytecode if it exists.
If code is flushed on a SFI, we can still use the bytecode if it was compiled,
since this never gets flushed.

This fixes a DCHECK where we were trying to compile the bytecode multiple
times after the baseline code was flushed.

BUG=chromium:668133

Review-Url: https://codereview.chromium.org/2526243002
Cr-Commit-Position: refs/heads/master@{#41274}
2016-11-24 17:27:04 +00:00
vogelheim
9d0f5ab745 Treat all functions in a 'comma sequence' the same for (pre-)parsing.
R=verwaest@chromium.org
BUG=v8:5643

Review-Url: https://codereview.chromium.org/2524263003
Cr-Commit-Position: refs/heads/master@{#41267}
2016-11-24 14:45:19 +00:00
vogelheim
56daccb836 Fix memory leak in cctest/parsing/test-scanner.
BUG=chromium:662388

Review-Url: https://codereview.chromium.org/2495533003
Cr-Commit-Position: refs/heads/master@{#41266}
2016-11-24 14:29:09 +00:00
yangguo
81a64aa548 [debug] remove JSON debug protocol related tests.
In most cases we can use the debug event listener as alternative.
Multithreaded tests are obsolete.

R=jgruber@chromium.org
BUG=v8:5510

Review-Url: https://codereview.chromium.org/2529883002
Cr-Commit-Position: refs/heads/master@{#41256}
2016-11-24 10:43:22 +00:00
neis
b481afd893 [parser] Fix scopes in rewriting of for-of and destructuring assignments.
The catch scopes were created with the wrong parent scope.

R=littledan@chromium.org
BUG=v8:5648

Committed: https://crrev.com/f385268d11d6da9508e481202b39f75f4b56afdd
Review-Url: https://codereview.chromium.org/2520883002
Cr-Original-Commit-Position: refs/heads/master@{#41222}
Cr-Commit-Position: refs/heads/master@{#41253}
2016-11-24 09:48:21 +00:00
bmeurer
76fd6f25a9 [turbofan] Remove inlining support for the deprecated pipeline.
The deprecated pipeline is used for asm.js only, where we forcibly
disable inlining anyways (for performance reasons), so inlining via
the AstGraphBuilder is essentially dead code by now, thus there's no
point in trying to keep that around in the code base.

Also nuke the test-run-inlining.cc file, which would require some heavy
surgery (for probably little benefit), and move the useful tests for
mjsunit tests instead.

BUG=v8:2206,v8:5657
R=yangguo@chromium.org

Review-Url: https://codereview.chromium.org/2527053002
Cr-Commit-Position: refs/heads/master@{#41245}
2016-11-24 07:59:59 +00:00
machenbach
7edbd535a9 Revert of [parser] Fix scopes in rewriting of for-of and destructuring assignments. (patchset #6 id:100001 of https://codereview.chromium.org/2520883002/ )
Reason for revert:
Speculative revert: Seems to break jsfunfuzz:
https://build.chromium.org/p/client.v8/builders/V8%20Fuzzer/builds/14385

Original issue's description:
> [parser] Fix scopes in rewriting of for-of and destructuring assignments.
>
> The catch scopes were created with the wrong parent scope.
>
> R=littledan@chromium.org
> BUG=v8:5648
>
> Committed: https://crrev.com/f385268d11d6da9508e481202b39f75f4b56afdd
> Cr-Commit-Position: refs/heads/master@{#41222}

TBR=littledan@chromium.org,verwaest@chromium.org,neis@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5648

Review-Url: https://codereview.chromium.org/2519333005
Cr-Commit-Position: refs/heads/master@{#41228}
2016-11-23 15:23:17 +00:00
neis
f385268d11 [parser] Fix scopes in rewriting of for-of and destructuring assignments.
The catch scopes were created with the wrong parent scope.

R=littledan@chromium.org
BUG=v8:5648

Review-Url: https://codereview.chromium.org/2520883002
Cr-Commit-Position: refs/heads/master@{#41222}
2016-11-23 13:25:35 +00:00
ishell
b2f2f6ecf1 [ic] Don't enable property cell mode for a LoadGlobalIC if the holder is a different global object than the receiver.
Test contributed by crlf0710 <crlf0710@gmail.com>.

BUG=v8:5552

Review-Url: https://codereview.chromium.org/2523173002
Cr-Commit-Position: refs/heads/master@{#41213}
2016-11-23 12:17:01 +00:00
rmcilroy
5f5300a61b [compiler] Ensure code unsupported by Crankshaft goes to Ignition.
BUG=v8:4280,v8:5657

Review-Url: https://codereview.chromium.org/2505933008
Cr-Commit-Position: refs/heads/master@{#41209}
2016-11-23 09:30:34 +00:00
zhengxing.li
38092c41c2 [X87][test]: Fixing -Wsign-compare compilation error for x87 test case.
BUG=

Review-Url: https://codereview.chromium.org/2513413006
Cr-Commit-Position: refs/heads/master@{#41202}
2016-11-23 06:31:21 +00:00
jkummerow
5ef05d8e2c [cleanup] Drop handwritten KeyedStoreIC code
The handwritten-assembly implementations of both dispatcher and
generic stub have been replaced by Turbofan-generated stubs.

Review-Url: https://codereview.chromium.org/2523473002
Cr-Commit-Position: refs/heads/master@{#41188}
2016-11-22 15:43:59 +00:00
tebbi
1b320d2039 [cpu-profiler] use new source position information for deoptimization in cpu profiler
The new SourcePosition class allows for precise tracking of source positions including the stack of inlinings. This CL makes the cpu profiler use this new information. Before, the cpu profiler used the deoptimization data to reconstruct the inlining stack. However, optimizing compilers (especially Turbofan) can hoist out checks such that the inlining stack of the deopt reason and the inlining stack of the position the deoptimizer jumps to can be different (the old cpu profiler tests and the ones introduced in this cl produce such situations for turbofan). In this case, relying on the deoptimization info produces paradoxical results, where the reported position is before the function responsible is called. Even worse, https://codereview.chromium.org/2451853002/ combines the precise position with the wrong inlining stack from the deopt info, leading to completely wrong results.

Other changes in this CL:
- DeoptInlinedFrame is no longer needed, because we can compute the correct inlining stack up front.
- I changed the cpu profiler tests back to test situations where deopt checks are hoisted out in Turbofan and made them robust enough to handle the differences between Crankshaft and Turbofan.
- I reversed the order of SourcePosition::InliningStack to make it match the cpu profiler convention.
- I removed CodeDeoptEvent::position, as it is no longer used.

R=alph@chromium.org

BUG=v8:5432

Review-Url: https://codereview.chromium.org/2503393002
Cr-Commit-Position: refs/heads/master@{#41168}
2016-11-22 10:14:59 +00:00
gdeepti
e60e961140 [simd] Disable Simd Scalar lowering for x64, enable tests for all other architectures.
- Simd Scalar lowering should be conditionally disabled if the architecture has a native SIMD implementation.
 - Enable scalar lowering tests on all architectures instead of only x64.

R=bbudge@chromium.org, aseemgarg@chromium.org

Review-Url: https://codereview.chromium.org/2514663002
Cr-Commit-Position: refs/heads/master@{#41160}
2016-11-21 23:03:26 +00:00
mstarzinger
2e5a90fd02 [test] Run module tests in all variants.
By now the compilation pipeline is flexible enough to run module tests
against all variants, we should no longer choose unsupported compilers
for modules. It also fixes the predicate checking for functions being
"resumable" in the {AstNumberingVisitor} heuristic.

R=neis@chromium.org
BUG=v8:1569

Review-Url: https://codereview.chromium.org/2517143002
Cr-Commit-Position: refs/heads/master@{#41144}
2016-11-21 14:18:28 +00:00
caitp
d59c2cf1b4 [builtins] add CodeStubAssembler::IsDebugActive() helper
Utility used by Promise builtins implemented in TFJ/TFS

BUG=v8:5046
R=bmeurer@chromium.org, gsathya@chromium.org, yangguo@chromium.org, adamk@chromium.org

Review-Url: https://codereview.chromium.org/2517823002
Cr-Commit-Position: refs/heads/master@{#41123}
2016-11-20 17:57:10 +00:00
vogelheim
eefe11a1e6 Treat a '!' preceding a function literal as eager-compile hint.
Some minifiers use the pattern !function ... () for JS code that should
be immediately executed. This change recognizes that pattern and treats
it equally to parenthesized functions.

A bit more background info is in the referenced bug.

R=verwaest@chromium.org
BUG=v8:5643

Review-Url: https://codereview.chromium.org/2509143003
Cr-Commit-Position: refs/heads/master@{#41114}
2016-11-18 14:56:59 +00:00
marja
4a5b7e32c4 Remove FLAG_min_preparse_length.
It originates from the era where we used to run a separate preparse step
before parsing and store the function data. Now the usage of preparser
is something completely different, so this flag doesn't make sense any
more.

In addition, this way we get more test coverage for preparser (for small
scripts).

BUG=

Review-Url: https://codereview.chromium.org/2513563002
Cr-Commit-Position: refs/heads/master@{#41110}
2016-11-18 14:06:49 +00:00
mlippautz
7e5755cbc5 [heap] Minor MC: Add marking
Adds the marking logic to mark the young generation.

BUG=chromium:651354

Review-Url: https://codereview.chromium.org/2498583002
Cr-Commit-Position: refs/heads/master@{#41104}
2016-11-18 12:56:16 +00:00
ulan
46a4156a8b [heap] Remove AdjustBytes test introduced in r41097.
The test is too fragile.

NOTREECHECKS=true

Review-Url: https://codereview.chromium.org/2510403002
Cr-Commit-Position: refs/heads/master@{#41103}
2016-11-18 12:54:52 +00:00
franzih
f7795cbf6e [interpreter] Bytecode for StaDataPropertyInLiteral.
Add bytecode for defining data properties, which initially just calls the runtime function.

BUG=v8:5624

Review-Url: https://codereview.chromium.org/2510743002
Cr-Commit-Position: refs/heads/master@{#41101}
2016-11-18 12:13:47 +00:00
ulan
d3f2213b61 [heap] Simplify adjusting of live bytes.
We never increment live bytes concurrent to the sweeper.

BUG=

Review-Url: https://codereview.chromium.org/2504193002
Cr-Commit-Position: refs/heads/master@{#41097}
2016-11-18 11:11:52 +00:00
mstarzinger
28d7c1fb4a [ast] Fix typo in {Scope::set_asm_function} method.
This fixes the bogus implementation of the function in question and adds
test coverage for the deserialization of the corresponding flags from
the serialized scope info. Note that the tests so far only cover cases
where the module and the function contain context-allocated variables.

R=verwaest@chromium.org
TEST=cctest/test-parsing/AsmFunctionFlag
BUG=v8:5653

Review-Url: https://codereview.chromium.org/2507063004
Cr-Commit-Position: refs/heads/master@{#41093}
2016-11-18 09:26:51 +00:00
eholk
eaed31c5f5 [wasm] Add guard regions to end of WebAssembly.Memory buffers
With this change, WebAssembly.Memory objects have backing stores allocated as an
8GB region where everything beyond the size of the Wasm heap is inaccessible.

GrowMemory is now implemented by changing the protection on the guard regions to
make the new portions of the heap accessible.

Guard pages are not enabled by default, but this change adds a flag and a test
variant to make sure we get test coverage on them.

BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277

Review-Url: https://codereview.chromium.org/2396433008
Cr-Commit-Position: refs/heads/master@{#41089}
2016-11-17 20:29:13 +00:00
kozyatinskiy
afd49054ac [inspector] removed embbeder debugger script flag
After moving inspector from blink to V8, inspector can use DebugInterface to compile and mark internal scripts.

BUG=v8:5530
R=yangguo@chromium.org

Review-Url: https://codereview.chromium.org/2502173002
Cr-Commit-Position: refs/heads/master@{#41087}
2016-11-17 16:51:23 +00:00
rmcilroy
7f8681c08c [Test] Remove now unecessary interpreter()->Initialize() from tests.
Review-Url: https://codereview.chromium.org/2509293002
Cr-Commit-Position: refs/heads/master@{#41086}
2016-11-17 16:40:52 +00:00
rmcilroy
5369874042 [Interpreter] Collect String feedback on CompareOps.
Collect string feedback for compare operations. Without this,
functions which have a lot of string compare operations end up with
a high generic type percentage, and don't get optimized until very
late.

Currently TurboFan doesn't use this String feedback for compare
operations, but this could be done in future work if it is useful.

BUG=chromium:660947

Review-Url: https://codereview.chromium.org/2506013005
Cr-Commit-Position: refs/heads/master@{#41078}
2016-11-17 14:45:31 +00:00
ulan
f0fa72babc [heap] Remove out of date IncrementalMarkingUsingIdleTasksAfterGC test.
Incremental marking does not use idle tasks anymore.

BUG=

Review-Url: https://codereview.chromium.org/2512643002
Cr-Commit-Position: refs/heads/master@{#41066}
2016-11-17 10:07:17 +00:00
yangguo
45cb0fc7b8 Refactor SharedFunctionInfo::IsBuiltin.
This method is a slight misnomer. What we actually want to know is
whether the function was defined in a user-provided script.

Also remove redundant Script::hide_source flag.

R=bmeurer@chromium.org, ulan@chromium.org

Review-Url: https://codereview.chromium.org/2505853003
Cr-Commit-Position: refs/heads/master@{#41065}
2016-11-17 09:43:12 +00:00
yangguo
0d258b35c8 [api] deprecate v8::Function::IsBuiltin.
R=jochen@chromium.org, kozyatinskiy@chromium.org

Review-Url: https://codereview.chromium.org/2510633002
Cr-Commit-Position: refs/heads/master@{#41060}
2016-11-17 06:42:23 +00:00
machenbach
1160e5edcc Revert of Refactor SharedFunctionInfo::IsBuiltin. (patchset #1 id:1 of https://codereview.chromium.org/2505853003/ )
Reason for revert:
Breaks layout tests:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/11394

Original issue's description:
> Refactor SharedFunctionInfo::IsBuiltin.
>
> This method is a slight misnomer. What we actually want to know is
> whether the function was defined in a user-provided script.
>
> Also remove redundant Script::hide_source flag.
>
> R=bmeurer@chromium.org, ulan@chromium.org

TBR=bmeurer@chromium.org,ulan@chromium.org,yangguo@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review-Url: https://codereview.chromium.org/2512463002
Cr-Commit-Position: refs/heads/master@{#41050}
2016-11-16 19:48:48 +00:00
cbruni
7e4e34bb8f [counters] Use separate counters for background parsing
BUG=

Review-Url: https://codereview.chromium.org/2509683002
Cr-Commit-Position: refs/heads/master@{#41047}
2016-11-16 18:51:48 +00:00
ishell
d3231f5144 [ic] Pass name to LoadGlobalIC again.
The reasons are:
1) The names dictionaries in the feedback metadata seems to consume a lot of memory
   and the idea didn't payoff.
2) The absence of a name parameter blocks data handlers support in LoadGlobalIC.

This CL reverts a part of r37278 (https://codereview.chromium.org/2096653003/).

BUG=chromium:576312, v8:5561

Review-Url: https://codereview.chromium.org/2510653002
Cr-Commit-Position: refs/heads/master@{#41046}
2016-11-16 18:17:49 +00:00
titzer
72c3732f0f [wasm] Use more precise types for some WASM objects.
R=clemensh@chromium.org,mtrofin@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2510673002
Cr-Commit-Position: refs/heads/master@{#41043}
2016-11-16 16:18:10 +00:00
jkummerow
248a3e25e9 [refactoring] Pull AccessorAssembler out of CodeStubAssembler
The new AccessorAssembler encapsulates all the functionality that's
specific to building LoadIC/StoreIC stubs.
There are two header files (accessor-assembler.h and
accessor-assembler-impl.h) so that clients of the assembler can include
the one, and subclassing assemblers can include the other.

Review-Url: https://codereview.chromium.org/2507733002
Cr-Commit-Position: refs/heads/master@{#41037}
2016-11-16 14:26:08 +00:00
yangguo
f21a6b259b Refactor SharedFunctionInfo::IsBuiltin.
This method is a slight misnomer. What we actually want to know is
whether the function was defined in a user-provided script.

Also remove redundant Script::hide_source flag.

R=bmeurer@chromium.org, ulan@chromium.org

Review-Url: https://codereview.chromium.org/2505853003
Cr-Commit-Position: refs/heads/master@{#41036}
2016-11-16 14:04:37 +00:00
verwaest
feb787714c Move allow_lazy from ParserBase to Parser and remove accessors
BUG=

Review-Url: https://codereview.chromium.org/2506613002
Cr-Commit-Position: refs/heads/master@{#41031}
2016-11-16 12:40:51 +00:00
jkummerow
87a65911b9 Reland of [refactoring] Split CodeAssemblerState out of CodeAssembler
This is in preparation for introducing more specialized
CodeStubAssembler subclasses. The state object can be handed
around, while the Assembler instances are temporary-scoped.

BUG=v8:5628

Original review: https://codereview.chromium.org/2498073002/

Review-Url: https://codereview.chromium.org/2502293002
Cr-Commit-Position: refs/heads/master@{#41028}
2016-11-16 11:48:38 +00:00
franzih
c93bdaaff1 [test] Move stray variables into namespaces.
BUG=

Review-Url: https://codereview.chromium.org/2496133003
Cr-Commit-Position: refs/heads/master@{#41027}
2016-11-16 11:38:18 +00:00
vogelheim
fd40ebb1e6 Return kBadChar for longest subpart of incomplete utf-8 character.
This brings the two utf-8 decoders (bulk + incremental) in line.
Technically, either behaviour was correct, since the utf-8 spec
demands incomplete utf-8 be handled, but does not specify how.
Unicode recommends that "the maximal subpart at that offset
should be replaced by a single U+FFFD," and with this change we
consistently do that. More details + spec references in the bug.

BUG=chromium:662822

Review-Url: https://codereview.chromium.org/2493143003
Cr-Commit-Position: refs/heads/master@{#41025}
2016-11-16 11:03:08 +00:00
franzih
0188c3fba3 [test] Add tests for definitions in object literal.
Properties can be defined inside the object literal (ES6) or after
object creation. The behavior differes if there are accessors, interceptors
or proxies in the Object prototype chain.

These test cases assure we preserve correct behavior as we
improve performance of definitions in literals.

BUG=v8:5624

Review-Url: https://codereview.chromium.org/2501553002
Cr-Commit-Position: refs/heads/master@{#41024}
2016-11-16 11:00:36 +00:00
rmcilroy
fe9ac966cc [Interpreter] Add SetPendingMessage bytecode.
Adds a bytecode to set and retrieve the pending message. This avoids a
runtime call in finally blocks, and also ensures that TurboFan builds a
graph using the SetMessage / LoadMessage nodes instead of inserting a
runtime call.

BUG=chromium:662334

Review-Url: https://codereview.chromium.org/2501503005
Cr-Commit-Position: refs/heads/master@{#41023}
2016-11-16 10:46:48 +00:00
machenbach
41a0626787 Revert of [refactoring] Split CodeAssemblerState out of CodeAssembler (patchset #8 id:140001 of https://codereview.chromium.org/2498073002/ )
Reason for revert:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20shared doesn't want to compile. Missing export annotation?

Original issue's description:
> [refactoring] Split CodeAssemblerState out of CodeAssembler
>
> This is in preparation for introducing more specialized
> CodeStubAssembler subclasses. The state object can be handed
> around, while the Assembler instances are temporary-scoped.
>
> BUG=v8:5628

TBR=ishell@chromium.org,mstarzinger@chromium.org,jkummerow@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5628

Review-Url: https://codereview.chromium.org/2504913002
Cr-Commit-Position: refs/heads/master@{#41018}
2016-11-16 07:54:28 +00:00
jkummerow
913da29ea2 [refactoring] Split CodeAssemblerState out of CodeAssembler
This is in preparation for introducing more specialized
CodeStubAssembler subclasses. The state object can be handed
around, while the Assembler instances are temporary-scoped.

BUG=v8:5628

Review-Url: https://codereview.chromium.org/2498073002
Cr-Commit-Position: refs/heads/master@{#41015}
2016-11-15 22:57:34 +00:00
jbroman
879f6599ee Initialize internal fields in Factory::NewJSTypedArray and NewJSDataView.
This was causing array buffer views created by ValueDeserializer to have
uninitialized internal fields, which lead to crashes in layout tests when
Blink tried to read those fields.

For array buffers, JSArrayBuffer::Setup is responsible for this logic
(as well as initializing the V8 fields); this is similar to that.

The runtime already seems to correctly initialize these for script-created
array buffer views as well, which is why this issue was not detected sooner.

Review-Url: https://codereview.chromium.org/2498413002
Cr-Commit-Position: refs/heads/master@{#41014}
2016-11-15 22:43:19 +00:00
luoe
e80cfa000b Generate inferred names for es6 class functions
Inferred names are currently generated for FunctionLiterals but not generated
for ClassLiterals. Without them, DevTools does not have enough information to
make descriptive descriptions.

E.g.
var x = {y: class{}};
var a = new x.y();
console.log(a);

This shows "Object{}" when it could be more descriptive "x.y {}"

BUG=v8:5621
CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_precise_blink_rel

Review-Url: https://codereview.chromium.org/2488193003
Cr-Commit-Position: refs/heads/master@{#41013}
2016-11-15 21:58:50 +00:00
domenic
2f060955e8 Add markPromiseAsHandled V8 extra util
This will allow V8 extra consumers to mark a promise as handled without
adding redundant empty onRejected handlers. This is needed by streams as
discussed in https://github.com/whatwg/streams/issues/547.

BUG=chromium:654701

Review-Url: https://codereview.chromium.org/2498143002
Cr-Commit-Position: refs/heads/master@{#41012}
2016-11-15 21:25:52 +00:00
cbruni
bb6a626b76 [counters] Implement off-isolate RuntimeCallStats for the Preparser
BUG=

Review-Url: https://codereview.chromium.org/2490643002
Cr-Commit-Position: refs/heads/master@{#41001}
2016-11-15 16:08:50 +00:00
petermarshall
a63eeb485a Fastpath some spread-call desugaring.
Avoid using the iterator for arrays with fast elements where the iterator has
not been modified.

Only deals with the case where there is a single spread argument.

Improves the six-speed "spread" benchmark to 1.5x slower than baseline es5 implementation, compared to 19x slower previously.

BUG=v8:5511

Review-Url: https://codereview.chromium.org/2465253011
Cr-Commit-Position: refs/heads/master@{#40998}
2016-11-15 14:42:00 +00:00
tebbi
f71260b298 [turbofan] Make escape analysis fail silently for cyclic object states
R=bmeurer@chromium.org
BUG=v8:5634

Review-Url: https://codereview.chromium.org/2500143003
Cr-Commit-Position: refs/heads/master@{#40995}
2016-11-15 14:05:37 +00:00
verwaest
8b649a41ec [parser] Only log messages using the pending error handling
This shares the pending_error_handler from the parser to the preparser, allowing the preparser to directly log errors to it. This removes LogMessage from the loggers. ParserLogger::LogMessage was already unused, so this also removes error info from the preparse data altogether.

BUG=

Review-Url: https://codereview.chromium.org/2502633002
Cr-Commit-Position: refs/heads/master@{#40984}
2016-11-15 10:16:28 +00:00
tebbi
c3a6ca68d0 This CL enables precise source positions for all V8 compilers. It merges compiler::SourcePosition and internal::SourcePosition to a single class used throughout the codebase. The new internal::SourcePosition instances store an id identifying an inlined function in addition to a script offset.
SourcePosition::InliningId() refers to a the new table DeoptimizationInputData::InliningPositions(), which provides the following data for every inlining id:
 - The inlined SharedFunctionInfo as an offset into DeoptimizationInfo::LiteralArray
 - The SourcePosition of the inlining. Recursively, this yields the full inlining stack.
Before the Code object is created, the same information can be found in CompilationInfo::inlined_functions().

If SourcePosition::InliningId() is SourcePosition::kNotInlined, it refers to the outer (non-inlined) function.
So every SourcePosition has full information about its inlining stack, as long as the corresponding Code object is known. The internal represenation of a source position is a positive 64bit integer.

All compilers create now appropriate source positions for inlined functions. In the case of Turbofan, this required using AstGraphBuilderWithPositions for inlined functions too. So this class is now moved to a header file.

At the moment, the additional information in source positions is only used in --trace-deopt and --code-comments. The profiler needs to be updated, at the moment it gets the correct script offsets from the deopt info, but the wrong script id from the reconstructed deopt stack, which can lead to wrong outputs. This should be resolved by making the profiler use the new inlining information for deopts.

I activated the inlined deoptimization tests in test-cpu-profiler.cc for Turbofan, changing them to a case where the deopt stack and the inlining position agree. It is currently still broken for other cases.

The following additional changes were necessary:
 - The source position table (internal::SourcePositionTableBuilder etc.) supports now 64bit source positions. Encoding source positions in a single 64bit int together with the difference encoding in the source position table results in very little overhead for the inlining id, since only 12% of the source positions in Octane have a changed inlining id.
 - The class HPositionInfo was effectively dead code and is now removed.
 - SourcePosition has new printing and information facilities, including computing a full inlining stack.
 - I had to rename compiler/source-position.{h,cc} to compiler/compiler-source-position-table.{h,cc} to avoid clashes with the new src/source-position.cc file.
 - I wrote the new wrapper PodArray for ByteArray. It is a template working with any POD-type. This is used in DeoptimizationInputData::InliningPositions().
 - I removed HInlinedFunctionInfo and HGraph::inlined_function_infos, because they were only used for the now obsolete Crankshaft inlining ids.
 - Crankshaft managed a list of inlined functions in Lithium: LChunk::inlined_functions. This is an analog structure to CompilationInfo::inlined_functions. So I removed LChunk::inlined_functions and made Crankshaft use CompilationInfo::inlined_functions instead, because this was necessary to register the offsets into the literal array in a uniform way. This is a safe change because LChunk::inlined_functions has no other uses and the functions in CompilationInfo::inlined_functions have a strictly longer lifespan, being created earlier (in Hydrogen already).

BUG=v8:5432

Review-Url: https://codereview.chromium.org/2451853002
Cr-Commit-Position: refs/heads/master@{#40975}
2016-11-14 17:22:32 +00:00
ulan
71a7bca990 [heap] Use size_t for heap and space counters.
BUG=chromium:652721

Review-Url: https://codereview.chromium.org/2490523003
Cr-Commit-Position: refs/heads/master@{#40972}
2016-11-14 16:47:18 +00:00
clemensh
0c6fa1724f [wasm] Make reported "lines" on stack frames 1-based
In captured stack traces, all lines and columns must be 1-based.
Even though this makes things a bit ugly, we have to comply also for
wasm locations, where line and column encode function index and byte
offset (both are originally 0-based).

If we don't comply, the frontend might complain, as e.g. DevTools does.

BUG=chromium:659715
R=yangguo@chromium.org, kozyatinskiy@chromium.org
CC=titzer@chromium.org

Review-Url: https://codereview.chromium.org/2493943002
Cr-Commit-Position: refs/heads/master@{#40971}
2016-11-14 16:00:54 +00:00
rmcilroy
be9b820c44 Only treat possible eval calls going through 'with' as special.
This removes the POSSIBLY_EVAL_CALL call type, and instead uses OTHER_CALL
or WITH_CALL to decide whether to do the special LOOKUP_SLOT_CALL runtime
call to find the callee and possibly update the receiver with the with-object.
This means that eval calls out of 'with' blocks can now just do a normal
LdaLookupGlobalSlot operation, which can check the context chain for eval
extentions and fast-path the lookup if none exist.

BUG=661556

Review-Url: https://codereview.chromium.org/2487483004
Cr-Commit-Position: refs/heads/master@{#40965}
2016-11-14 13:35:04 +00:00
verwaest
733af7eb1a Only treat lookup-slot-calls going through 'with' special
This replaces LOOKUP_SLOT_CALL with WITH_CALL, and relies on regular lookup-slot handling in variable load to support other lookup slots (variables resolved in the context of sloppy eval). This allows optimizations for such variable loads to kick in for calls as well. We only need special handling for function calls in the context of with, since it changes the receiver of the call from undefined/global to the with-object.

This currently doesn't yet make it work for the direct eval call itself, since the POSSIBLY_EVAL_CALL flag is also used to deal with direct eval later.

BUG=

Review-Url: https://codereview.chromium.org/2480253006
Cr-Commit-Position: refs/heads/master@{#40962}
2016-11-14 12:24:12 +00:00
yangguo
c759a3d847 [serializer] small fixes for blink snapshot.
Changes include:
 - Adding V8_EXPORT macro for SnapshotCreator
 - Removing outdated DCHECKs.
 - Allow nullptr as external reference. This required a...
 - Refactoring of hashmaps used by the serializer.
 - Remove external references for counters. These are not used
   anywhere for isolates that are being serialized.
 - Put template infos into the partial snapshot cache.
 - Remove unnecessary presubmit check for external references.
   mksnapshot crashes if external references are missing.

R=jochen@chromium.org, vogelheim@chromium.org
BUG=chromium:617892

Review-Url: https://codereview.chromium.org/2490783004
Cr-Commit-Position: refs/heads/master@{#40949}
2016-11-14 07:17:59 +00:00
ulan
f18d56d130 Fix more -Wsign-compare warnings in heap, mips, base, etc.
BUG=v8:5614

Review-Url: https://codereview.chromium.org/2496913002
Cr-Commit-Position: refs/heads/master@{#40931}
2016-11-11 14:56:10 +00:00
ulan
8ddc260d3b [parser, serializer] Fix more -Wsign-compare warnings.
BUG=v8:5614

Review-Url: https://codereview.chromium.org/2481013010
Cr-Commit-Position: refs/heads/master@{#40927}
2016-11-11 13:54:26 +00:00
bmeurer
7d24f1aefa [turbofan] Introduce an ExternalPointer type.
This adds a new ExternalPointer type, which is an Internal type that is
used for ExternalReferences and other pointer values, like the pointers
into the asm.js heap. It also adds a PointerConstant operator, which we
use to represents these raw constants (we can probably remove that
particular operator again once WebAssembly ships with the validator).

R=mvstanton@chromium.org
BUG=v8:5267,v8:5270

Review-Url: https://codereview.chromium.org/2494753003
Cr-Commit-Position: refs/heads/master@{#40923}
2016-11-11 13:04:47 +00:00
ahaas
e3c7324a2e [wasm] Check data segments for zero-sized memory.
According to the spec data segments are allowed even if the memory size
is zero. However, if one of the data segments has a length greater than
0, then module instantiation should fail.

I also changed the exception type in LoadDataSegments to TypeError,
because that's the exception type for all exceptions which can happen
during instantiation.

R=titzer@chromium.org, rossberg@chromium.org
TEST=cctest/test-run-wasm-module/EmptyMemoryEmptyDataSegment, cctest/test-run-wasm-module/EmptyMemoryNonEmptyDataSegment

Review-Url: https://codereview.chromium.org/2483053005
Cr-Commit-Position: refs/heads/master@{#40922}
2016-11-11 13:03:50 +00:00
ulan
758b317ce5 [turbofan] Fix more -Wsign-compare warnings.
BUG=v8:5614

Review-Url: https://codereview.chromium.org/2493173002
Cr-Commit-Position: refs/heads/master@{#40916}
2016-11-11 12:01:08 +00:00
ulan
9c25d5dc6e [wasm] Fix more -Wsign-compare warnings.
BUG=v8:5614

Review-Url: https://codereview.chromium.org/2492793005
Cr-Commit-Position: refs/heads/master@{#40914}
2016-11-11 11:56:05 +00:00
titzer
fa9c25cebf [wasm] Move all heap-allocated WASM structures into wasm-objects.h.
This CL moves all heap-allocated WASM data structures, both ones
that are bonafide JSObjects and ones that are FixedArrays only, into a
consistent place with consistent layout. Note that not all accessors are complete, and I haven't fully spread the new static typing goodness
to all places in the code.

R=ahaas@chromium.org,rossberg@chromium.org
CC=gdeepti@chromium.org,mtrofin@chromium.org,clemensh@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2490663002
Cr-Commit-Position: refs/heads/master@{#40913}
2016-11-11 11:13:17 +00:00
gsathya
cb6c8e48cc [promises] Move CreateResolvingFunctions to c++
- A new runtime function (%create_resolving_functions) is installed to
  call the CreateResolvingFunctions builtin from JS.

- Three new builtins are created - resolve and reject functions and a
  third function that creates a new JSFunctions from these
  resolve/reject builtins.

- The promise reject function is installed on the context temporarily
  as internal_promise_reject. This should go away once we remove
  PromiseSet.

BUG=v8:5343

Review-Url: https://codereview.chromium.org/2459283004
Cr-Commit-Position: refs/heads/master@{#40903}
2016-11-10 16:05:08 +00:00
ulan
d5f22440a2 Fix -Wsign-compare warnings in parser, scanner, regexp, runtime.
BUG=v8:5614

Review-Url: https://codereview.chromium.org/2493553002
Cr-Commit-Position: refs/heads/master@{#40892}
2016-11-10 12:54:54 +00:00
ulan
3505406bc7 [wasm] Fix -Wsign-compare warnings.
BUG=v8:5614

Review-Url: https://codereview.chromium.org/2487673004
Cr-Commit-Position: refs/heads/master@{#40891}
2016-11-10 12:51:05 +00:00
jgruber
806b350482 Fast-path in SlowFlatten for ConsStrings with empty first part
TurboFan can create ConsStrings with empty first parts (for history on
this decision, see da27e0c886). Add a
fast-path for such cases in String::SlowFlatten.

BUG=

Review-Url: https://codereview.chromium.org/2489273002
Cr-Commit-Position: refs/heads/master@{#40885}
2016-11-10 11:24:07 +00:00
rmcilroy
f633218b62 [Interpreter] Remove all Ldr style bytecodes and replace with Star lookahead.
We seem to get some small wins from avoiding the Ldr bytecodes, probably due
to reduced icache pressure since there are less bytecode handlers. Replace
the Ldr bytecodes with Star lookahead inlined into the Lda versions.

Also fixes IsAccumulatorLoadWithoutEffects to include LdaContextSlot and
LdaCurrentContextSlot

BUG=v8:4280

Review-Url: https://codereview.chromium.org/2489513005
Cr-Commit-Position: refs/heads/master@{#40883}
2016-11-10 10:42:36 +00:00
ulan
ade3bc6da9 [heap] Fix -Wsign-compare warnings
BUG=v8:5614

Review-Url: https://codereview.chromium.org/2489933002
Cr-Commit-Position: refs/heads/master@{#40880}
2016-11-10 10:16:35 +00:00
ulan
4d5f58799c [turbofan] Fix -Wsign-compare warnings.
BUG=v8:5614

Review-Url: https://codereview.chromium.org/2490973002
Cr-Commit-Position: refs/heads/master@{#40879}
2016-11-10 10:03:08 +00:00
mtrofin
5657433e57 [wasm] cctest - explicit WriteOneByte null termination opt-out
Turns out WriteOneByte writes '\0' by default.

BUG=

Review-Url: https://codereview.chromium.org/2494603002
Cr-Commit-Position: refs/heads/master@{#40873}
2016-11-10 05:17:40 +00:00
ishell
0700bc1bf8 [stubs] Ensure CSA_ASSERT and CSA_SLOW_ASSERT do not produce unused instructions in release mode.
... and make them applicable outside of CSA.

Nice bonus is that the assert condition instructions will now appear inside [Assert / ]Assert brackets.

BUG=

Review-Url: https://codereview.chromium.org/2489743002
Cr-Commit-Position: refs/heads/master@{#40869}
2016-11-09 18:22:46 +00:00
rmcilroy
abad9b2ff9 [Interpreter] Add IsInterpreted() to JSFunction and use to fix test-heap tests.
Adds an IsInterpreted() function to both SharedFunctionInfo and JSFunction.
This is used to fix the test-heap code-aging tests since Ignition doesn't
age code.

BUG=v8:4680

Review-Url: https://codereview.chromium.org/2481433002
Cr-Commit-Position: refs/heads/master@{#40868}
2016-11-09 17:20:02 +00:00
ahaas
d91bed67d6 [wasm] Only immutable imported globals are valid initializer expressions
R=titzer@chromium.org
TEST=unittests/WasmModuleVerifyTest.DataSegmentWithImmutableGlobal, unittests/WasmModuleVerifyTest.DataSegmentWithMutableImportedGlobal, unittests/WasmModuleVerifyTest.DataSegmentWithImmutableImportedGlobal

Review-Url: https://codereview.chromium.org/2493433002
Cr-Commit-Position: refs/heads/master@{#40865}
2016-11-09 15:52:36 +00:00
jarin
12af4128d1 [turbofan] Enable accessor inlining when compiling from bytecode.
Review-Url: https://codereview.chromium.org/2486223002
Cr-Commit-Position: refs/heads/master@{#40863}
2016-11-09 14:42:57 +00:00
rmcilroy
ed35983ab7 [Interpreter] Remove Ldr[Named/Keyed]Property bytecodes and use Star Lookahead instead.
The Ldr[Named/Keyed]Property bytecodes are problematic for the deoptimizer when
inlining accessors in TurboFan. Remove them and replace with a Star lookahead
in the bytecode handlers for Lda[Named/Keyed]Property.

BUG=v8:4280

Review-Url: https://codereview.chromium.org/2485383002
Cr-Commit-Position: refs/heads/master@{#40860}
2016-11-09 13:16:37 +00:00
ahaas
ac183d492f [wasm] Fix bounds check in LoadDataSegments.
The bounds check in LoadDataSegment was off by one. I also improved the
error message, and fixed an issue where data was initialized even if
the bounds check failed.

In InstantiateModuleForTesting I allow instantiation of modules without
exports. This check was legacy code from the time where instantiation
and execution was still combined in a single function.

R=titzer@chromium.org, rossberg@chromium.org
TEST=cctest/test-run-wasm-module/InitDataAtTheUpperLimit

Review-Url: https://codereview.chromium.org/2486183002
Cr-Commit-Position: refs/heads/master@{#40856}
2016-11-09 11:41:23 +00:00
ahaas
4db05d405b [wasm] Indirect calls without function table cause validation errors.
The spec defines that indirect calls in WebAssembly code should cause a
validation error if no function table exists.

The CL contains the following changes:
1) Throw a validation error for indirect calls if the function table
   not exist.
2) Do not create TF nodes to throw a runtime error for indirect calls
   if the function table does not exist.
3) Fix existing unit tests by creating a dummy function table.
4) Add new a new test which tests that indirect calls without function
   table cause a validation error.

R=rossberg@chromium.org
CC=titzer@chromium.org

TEST=unittests/AstDecoderTest.IndirectCallsWithoutTableCrash

Review-Url: https://codereview.chromium.org/2484623002
Cr-Commit-Position: refs/heads/master@{#40852}
2016-11-09 08:37:44 +00:00
bradnelson
3f2db58c89 [wasm] [asm.js] Don't allow bad return types from a global constant
We recently allowed global constants in asm.js validated code.
When used in a return statement, these need to be of an allowed type.

BUG=660813
R=jpp@chromium.org,aseemgarg@chromium.org

Review-Url: https://codereview.chromium.org/2481103002
Cr-Commit-Position: refs/heads/master@{#40850}
2016-11-08 23:32:04 +00:00
rmcilroy
ba5885cc8b [Interpreter] Ensure ValueOf is only called once for post-increment operations.
BUG=chromium:662418

Review-Url: https://codereview.chromium.org/2473223004
Cr-Commit-Position: refs/heads/master@{#40846}
2016-11-08 17:03:16 +00:00
ahaas
387817f5bb [wasm] Always trap for memory accesses with offset=uint32_max.
We handle this case specially because otherwise we would have to do
complicated overflow detection.

R=titzer@chromium.org
TEST=cctest/test-run-wasm/RunWasmCompiled_LoadMaxUint32Offset

Review-Url: https://codereview.chromium.org/2490533003
Cr-Commit-Position: refs/heads/master@{#40844}
2016-11-08 15:47:20 +00:00
neis
083e465f3b [compiler] Whenever we want source positions, record that in the CompilationInfo.
With this CL, we set the is_source_positions_enabled flag on CompilationInfo when
- a command line flag is enabled that requires Turbofan to preserve source position
  information (e.g. --trace-deopt), and
- when profiling is enabled.

This also removes the --turbo-source-positions flag.

The goal is to eventually only track source position information when needed.

R=mstarzinger@chromium.org
BUG=v8:5439

Review-Url: https://codereview.chromium.org/2484163003
Cr-Commit-Position: refs/heads/master@{#40836}
2016-11-08 14:02:08 +00:00
ulan
984e6aed3e [heap] Remove js call rate heuristic from memory reducer.
This is an experiment to check whether the heuristics is still useful.

BUG=

Review-Url: https://codereview.chromium.org/2482163002
Cr-Commit-Position: refs/heads/master@{#40833}
2016-11-08 13:48:11 +00:00
ishell
03a1eb5ad7 [ic] Resurrect access checks for primitive and global proxy receivers.
The access check is generated as a:
- Equality check of an execution-time and a compile-time native contexts
  for primitive receivers.
- Equality check of an execution-time and a compile-time native contexts
  or equality check of a respective security tokens for global proxy receivers.
- No-op for other kinds of receivers.

BUG=v8:5561

Review-Url: https://codereview.chromium.org/2482913002
Cr-Commit-Position: refs/heads/master@{#40829}
2016-11-08 12:35:32 +00:00
neis
dd155e47bd [ignition,modules] Introduce bytecodes for loading/storing module variables.
This introduces two new bytecodes LdaModuleVariable and StaModuleVariable,
replacing the corresponding runtime calls.

Support in the bytecode graph builder exists only in the form of runtime calls.

BUG=v8:1569

Review-Url: https://codereview.chromium.org/2471033004
Cr-Commit-Position: refs/heads/master@{#40825}
2016-11-08 11:01:40 +00:00
ahaas
0ab9ecc23a [wasm] Fix a memory leak in test-run-wasm-module.
The memory leak is fixed by calling the GC at the end of the tests. The GC collects the WasmModuleWrapper objects, which deallocates WasmModule c++ object. For the mjsunit tests the GC is already called because of the --invoke_weak_callbacks flag.

BUG=chromium:662388

Review-Url: https://codereview.chromium.org/2476643003
Cr-Commit-Position: refs/heads/master@{#40822}
2016-11-08 10:34:34 +00:00
bjaideep
e1a57a03b2 [wasm] fix TestInterruptLoop for Big Endian platform
Using Read/WriteLittleEndianValue method to access native
memory. This will perform byte reversal depending on the
endianness of the patform.

Testcase was added in CL: https://codereview.chromium.org/2405293002

R=ahaas@chromium.org, titzer@chromium.org
BUG=
LOG=N

Review-Url: https://codereview.chromium.org/2479043003
Cr-Commit-Position: refs/heads/master@{#40815}
2016-11-07 23:26:05 +00:00
machenbach
32ec567df1 Revert of [wasm] Indirect calls without function table cause validation errors. (patchset #3 id:40001 of https://codereview.chromium.org/2484623002/ )
Reason for revert:
Speculative revert for blocking roll:
https://codereview.chromium.org/2479233002/

Original issue's description:
> [wasm] Indirect calls without function table cause validation errors.
>
> The spec defines that indirect calls in WebAssembly code should cause a
> validation error if no function table exists.
>
> The CL contains the following changes:
> 1) Throw a validation error for indirect calls if the function table
>    not exist.
> 2) Do not create TF nodes to throw a runtime error for indirect calls
>    if the function table does not exist.
> 3) Fix existing unit tests by creating a dummy function table.
> 4) Add new a new test which tests that indirect calls without function
>    table cause a validation error.
>
> R=rossberg@chromium.org
> CC=titzer@chromium.org
>
> TEST=unittests/AstDecoderTest.IndirectCallsWithoutTableCrash

TBR=rossberg@chromium.org,titzer@chromium.org,ahaas@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review-Url: https://codereview.chromium.org/2479283002
Cr-Commit-Position: refs/heads/master@{#40811}
2016-11-07 17:57:54 +00:00
neis
21463f73e9 [modules] Maintain array of cells for imports and local exports.
This makes use of the newly introduced cell indices to speed up variable
accesses. Imports and local exports are now directly stored in (separate)
arrays. In the future, we may merge the two arrays into a single one, or
even into the module context.

This CL also replaces the LoadImport and LoadExport runtime functions with
a single LoadVariable taking a variable index as argument (rather than a
name).

BUG=v8:1569

Review-Url: https://codereview.chromium.org/2465283004
Cr-Commit-Position: refs/heads/master@{#40808}
2016-11-07 16:23:47 +00:00
verwaest
32105d214d [parser] Give preparser and parser independent loggers
This
- removes the ParserRecorder base class,
- devirtualizes the LogFunction and LogMessage functions,
- reuses the SingletonLogger for all preparser calls

In a subsequent step the preparser should probably log directly to the CompleteParserRecorder rather than indirectly through the singleton logger...

BUG=

Review-Url: https://codereview.chromium.org/2474393003
Cr-Commit-Position: refs/heads/master@{#40803}
2016-11-07 13:23:23 +00:00
ahaas
3de5204737 [wasm] Indirect calls without function table cause validation errors.
The spec defines that indirect calls in WebAssembly code should cause a
validation error if no function table exists.

The CL contains the following changes:
1) Throw a validation error for indirect calls if the function table
   not exist.
2) Do not create TF nodes to throw a runtime error for indirect calls
   if the function table does not exist.
3) Fix existing unit tests by creating a dummy function table.
4) Add new a new test which tests that indirect calls without function
   table cause a validation error.

R=rossberg@chromium.org
CC=titzer@chromium.org

TEST=unittests/AstDecoderTest.IndirectCallsWithoutTableCrash

Review-Url: https://codereview.chromium.org/2484623002
Cr-Commit-Position: refs/heads/master@{#40802}
2016-11-07 12:37:27 +00:00
cbruni
072ea0c836 [tests] Change CodeStubAssemblerTester code type to BUILTIN
Drive-by-fix 1: be more precise in machine representations for
AllocateNameDictionary to make --turbo_verify_machine_graph happy.

Drive-by-fix 2: Improve graph verifier output by printing input
representation.

BUG=

Review-Url: https://codereview.chromium.org/2475913002
Cr-Commit-Position: refs/heads/master@{#40797}
2016-11-07 11:03:32 +00:00
vogelheim
3019b49764 Fix memory leak in test-scanner.cc.
BUG=chromium:662388

Review-Url: https://codereview.chromium.org/2468423008
Cr-Commit-Position: refs/heads/master@{#40781}
2016-11-04 18:54:14 +00:00
adamk
010770085b Remove always-true --harmony-restrictive-declarations flag
The flag has been on since at least Chrome 53.

R=littledan@chromium.org

Review-Url: https://codereview.chromium.org/2478883002
Cr-Commit-Position: refs/heads/master@{#40780}
2016-11-04 18:50:41 +00:00
littledan
3a5c693310 Allow the global object to be frozen through the global template
This patch fixes two bugs in V8 to allow the global object to have a frozen proto:
- The immutable prototype map check is done on the map of the "real receiver",
  the one that's found after the hidden prototype traversal, rather than
  the object that SetPrototype is called on.
- The immutable prototype bit from the ObjectTemplate used to instantiate
  the global object, as passed to Context::New, is respected when instantiating
  the global object.

R=adamk
BUG=v8:5149

Review-Url: https://codereview.chromium.org/2474843003
Cr-Commit-Position: refs/heads/master@{#40778}
2016-11-04 18:37:59 +00:00
mstarzinger
0121988134 [compiler] Remove --ignition-preserve-bytecode flag.
This removes the deprecated flag in question which has been enabled by
default a while ago. All components can by now deal with activations of
a single function being mixed between Ignition and other compilers. The
maintenance overhead to support a mode that clears bytecode is no longer
warranted.

R=rmcilroy@chromium.org
BUG=v8:4280

Review-Url: https://codereview.chromium.org/2475203003
Cr-Commit-Position: refs/heads/master@{#40776}
2016-11-04 16:09:01 +00:00
verwaest
4ff2cafe93 Preparse lazy function parameters
Parameters of a lazily parsed function used to be parsed eagerly, and parameter
handling was split between Parser::ParseFunctionLiteral and
ParseEagerFunctionBody, leading to inconsistencies.

After this CL, we preparse (lazy parse) the parameters of lazily parsed
functions.

(For arrow functions, we cannot do that ofc.)

This is needed for later features (PreParser with scope analysis).

-- CL adapted from marja's https://codereview.chromium.org/2411793003/

BUG=

Review-Url: https://codereview.chromium.org/2472063002
Cr-Commit-Position: refs/heads/master@{#40771}
2016-11-04 15:04:29 +00:00
vogelheim
cadcd787cf V8 support for cached accessors.
Some accessors requires little to no computation at all, its result can be
cached in a private property, avoiding the call overhead.
Calls to the getter are translated into a cheap property load.

Follow-on to crrev.com/2347523003, from peterssen@google.com

BUG=chromium:634276, v8:5548

Review-Url: https://codereview.chromium.org/2405213002
Cr-Commit-Position: refs/heads/master@{#40765}
2016-11-04 13:03:18 +00:00
yangguo
1dba86339f [test] no longer disable turbofan for serializer tests.
This is no longer necessary. Isolates created for serialization
have optimization disabled anyways.

R=jkummerow@chromium.org

Review-Url: https://codereview.chromium.org/2479823002
Cr-Commit-Position: refs/heads/master@{#40761}
2016-11-04 12:29:41 +00:00
dcheng
7fede7bb98 Set global proxy internal field count based on the global object template.
BUG=v8:5588
R=jochen@chromium.org

Review-Url: https://codereview.chromium.org/2475433008
Cr-Commit-Position: refs/heads/master@{#40755}
2016-11-04 10:02:36 +00:00
yangguo
62937cf533 [test] Speed up some slow tests.
- split up cctest/test-api/Threading*
- shortened mjsunit/math-floor-part*
- split up cctest/test-serialize/CustomSnapshotDataBlob
- skipped mjsunit/regress/regress-crbug-474297 unless gc-stress
- shortened cctest/test-serialize/CodeSerializerLargeCodeObject

R=jkummerow@chromium.org

Review-Url: https://codereview.chromium.org/2470143004
Cr-Commit-Position: refs/heads/master@{#40753}
2016-11-04 09:04:28 +00:00
machenbach
8108a294a7 [test] Fix space in test expectation
BUG=v8:5598
TBR=adamk@chromium.org
NOTRY=true

Review-Url: https://codereview.chromium.org/2479793003
Cr-Commit-Position: refs/heads/master@{#40750}
2016-11-04 08:42:30 +00:00
adamk
288d9ffd95 Skip flaky test-api/SetJitCodeEventHandler on turbofan_opt/no_snap builds
R=machenbach@chromium.org
BUG=v8:5457
NOTRY=true
NOTREECHECKS=true

Review-Url: https://codereview.chromium.org/2471113004
Cr-Commit-Position: refs/heads/master@{#40747}
2016-11-04 07:26:21 +00:00
danno
2445a502dd [stubs] Add a utility class to generate code to access builtin arguments
With an instance of CodeStubArguments, builtin stub generators can generate code
that accesses the receiver passed to the builtin, as well as access and iterate
over the variable number of arguments that are passed in.

Review-Url: https://codereview.chromium.org/2469273003
Cr-Commit-Position: refs/heads/master@{#40726}
2016-11-03 12:53:47 +00:00
predrag.rudic
f04a9b4936 Fix 'MIPS: Fix Utf16CharacterStream scanner crash due to missaligned access'
Removed a wrong condition test in  TwoByteExternalBufferedStream. This changed fixes errors that may occur under some conditions.

Review-Url: https://codereview.chromium.org/2469723002
Cr-Commit-Position: refs/heads/master@{#40722}
2016-11-03 12:32:16 +00:00
ulan
e7aa6f91b3 [heap] Exclude the owner of the linear allocation area from evacuation.
This ensures that incremental marking step does not change the top and limit
pointers of the old space, which is needed for allocation folding.

For more info see:
https://bugs.chromium.org/p/chromium/issues/detail?id=659165#c13

BUG=chromium:659165

Review-Url: https://codereview.chromium.org/2469273002
Cr-Commit-Position: refs/heads/master@{#40720}
2016-11-03 12:13:23 +00:00
danno
4447405b17 [builtins]: Uniformly push argument count in TF-generated builtins
Review-Url: https://codereview.chromium.org/2467513002
Cr-Commit-Position: refs/heads/master@{#40712}
2016-11-03 08:37:01 +00:00
ahaas
a3b77d560e [wasm] Fix br_table in the wasm interpreter to use varuint32.
The wasm interpreter crashed because it interpreted the table of
br_table as a table of uint8, but according to the spec it is a table of
varint32. Therefore the wasm interpreter misinterpreted 0x80 0x00 as 128
and not as 0, which caused a crash.

R=tizer@chromium.org
BUG=chromium:660262
TEST=cctest/test-run-wasm/RunWasmInterpreted_Regression_660262

Review-Url: https://codereview.chromium.org/2463063002
Cr-Commit-Position: refs/heads/master@{#40708}
2016-11-02 17:07:00 +00:00
jochen
bf77741d43 Reland "Create internal fields on global proxy objects"
Original CL description:
> Create internal fields on global proxy objects
>
> BUG=v8:5588
> R=verwaest@chromium.org

BUG=v8:5588
TBR=verwaest@chromium.org

Review-Url: https://codereview.chromium.org/2472573004
Cr-Commit-Position: refs/heads/master@{#40705}
2016-11-02 14:40:31 +00:00
verwaest
5a18685e08 Thread decls-list through Declaration using a ThreadedList
This reduces per-scope overhead from minimally 6 words to 2 words, with one additional pointer per entry, rather than an average of 2 per entry for larger-than-4 element lists. For temp zone parsed functions it additionally makes the declaration-list actually freeable.

This introduces ThreadedList to implement the details of dealing with such a list.

BUG=v8:5209

Review-Url: https://codereview.chromium.org/2457393003
Cr-Commit-Position: refs/heads/master@{#40703}
2016-11-02 14:08:47 +00:00
littledan
baf0ec31ec Allow immutable prototype templates to inherit
To enable the global object prototype chain to be frozen, all objects
in the chain need to be marked as immutable prototype exotic objects.
However, a bug in the previous implementation of immutable prototype
exotic objects left the check in place when initially setting up the
object, which made it impossible to allow inheritance chains. This
patch removes that mistaken check.

BUG=v8:5149

Review-Url: https://codereview.chromium.org/2449163004
Cr-Commit-Position: refs/heads/master@{#40702}
2016-11-02 13:59:25 +00:00
jkummerow
5ce9760672 Revert of [ic] Experiment: disable map-specific handler cache. (patchset #1 id:1 of https://codereview.chromium.org/2462973003/ )
Reason for revert:
Causes performance regressions (up to 10% on the "IC" bucket). :-(

Original issue's description:
> [ic] Experiment: disable map-specific handler cache.
>
> IC data handlers support most of the hot cases nowdays. Let's see if
> the map-specific code cache still help us to improve things.
>
> BUG=v8:5561

TBR=ishell@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=v8:5561

Review-Url: https://codereview.chromium.org/2474653002
Cr-Commit-Position: refs/heads/master@{#40701}
2016-11-02 13:50:06 +00:00
danno
9e2fd36c3b [stubs]: Support 1->2 byte copies in CopyStringCharacters
In the process, add a more general mechanism for passing around
and amending list of CodeStubAssembler Variables. That change
makes it possible to more easily add Variables to loops that are
generated by utility functions, e.g. BuildFastLoop.

LOG=N

Review-Url: https://codereview.chromium.org/2461363002
Cr-Commit-Position: refs/heads/master@{#40700}
2016-11-02 13:19:27 +00:00
danno
fe552636be [turbofan] Support variable size argument removal in TF-generated functions
This is preparation for using TF to create builtins that handle variable number of
arguments and have to remove these arguments dynamically from the stack upon
return.

The gist of the changes:
- Added a second argument to the Return node which specifies the number of stack
  slots to pop upon return in addition to those specified by the Linkage of the
  compiled function.
- Removed Tail -> Non-Tail fallback in the instruction selector. Since TF now should
  handles all tail-call cases except where the return value type differs, this fallback
  was not really useful and in fact caused unexpected behavior with variable
  sized argument popping, since it wasn't possible to materialize a Return node
  with the right pop count from the TailCall without additional context.
- Modified existing Return generation to pass a constant zero as the additional
  pop argument since the variable pop functionality

LOG=N

Review-Url: https://codereview.chromium.org/2446543002
Cr-Commit-Position: refs/heads/master@{#40699}
2016-11-02 13:15:57 +00:00
rmcilroy
ea5d4c1525 [Interpreter] Remove unused --ignition-eager flag.
BUG=v8:4280

Review-Url: https://codereview.chromium.org/2463353002
Cr-Commit-Position: refs/heads/master@{#40697}
2016-11-02 11:17:48 +00:00
bmeurer
3f3bacc319 [turbofan] Assign proper types to Parameter nodes.
R=epertoso@chromium.org

Review-Url: https://codereview.chromium.org/2223873002
Cr-Commit-Position: refs/heads/master@{#40695}
2016-11-02 09:34:08 +00:00
neis
24b1c1abfc [modules] Add namespace import snippet to test-bytecode-generator.
R=rmcilroy@chromium.org
BUG=v8:1569

Review-Url: https://codereview.chromium.org/2460403002
Cr-Commit-Position: refs/heads/master@{#40694}
2016-11-02 09:30:42 +00:00
machenbach
c61902e072 Revert of [turbofan] Support variable size argument popping in TF-generated functions (patchset #13 id:240001 of https://codereview.chromium.org/2446543002/ )
Reason for revert:
Seems to break arm64 sim debug and blocks roll:
https://build.chromium.org/p/client.v8.ports/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20debug/builds/3294

Original issue's description:
> [turbofan] Support variable size argument removal in TF-generated functions
>
> This is preparation for using TF to create builtins that handle variable number of
> arguments and have to remove these arguments dynamically from the stack upon
> return.
>
> The gist of the changes:
> - Added a second argument to the Return node which specifies the number of stack
>   slots to pop upon return in addition to those specified by the Linkage of the
>   compiled function.
> - Removed Tail -> Non-Tail fallback in the instruction selector. Since TF now should
>   handles all tail-call cases except where the return value type differs, this fallback
>   was not really useful and in fact caused unexpected behavior with variable
>   sized argument popping, since it wasn't possible to materialize a Return node
>   with the right pop count from the TailCall without additional context.
> - Modified existing Return generation to pass a constant zero as the additional
>   pop argument since the variable pop functionality
>
> LOG=N

TBR=bmeurer@chromium.org,mstarzinger@chromium.org,epertoso@chromium.org,danno@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
NOPRESUBMIT=true

Review-Url: https://codereview.chromium.org/2473643002
Cr-Commit-Position: refs/heads/master@{#40691}
2016-11-02 07:49:17 +00:00
machenbach
b19abf5371 Revert "Create internal fields on global proxy objects"
This reverts commit 26547761ef.

Breaks layout tests:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/bui...

See also:
https://github.com/v8/v8/wiki/Blink-layout-tests

BUG=v8:5588
TBR=jochen@chromium.org, verwaest@chromium.org, hablich@chromium.org

Review-Url: https://codereview.chromium.org/2467073002
Cr-Commit-Position: refs/heads/master@{#40686}
2016-11-01 20:40:09 +00:00
ishell
a52ffd44fd [ic] Experiment: disable map-specific handler cache.
IC data handlers support most of the hot cases nowdays. Let's see if
the map-specific code cache still help us to improve things.

BUG=v8:5561

Review-Url: https://codereview.chromium.org/2462973003
Cr-Commit-Position: refs/heads/master@{#40685}
2016-11-01 11:18:36 +00:00
lpy
9c78194343 [Tracing] Remove unused excluded categories list.
We only need included categories list, excluded categories list will only work
if we use regular expression in categories list, which is not supported in V8.

TBR=jochen@chromium.org

Review-Url: https://codereview.chromium.org/2462143002
Cr-Commit-Position: refs/heads/master@{#40681}
2016-10-31 19:45:20 +00:00
ahaas
da90034e02 [wasm] Do not run the infinite loop test if FLAG_dump_wasm_module is true
By not dumping the module of the test, we avoid adding code of an
infinite loop to the corpus of the wasm fuzzer.

R=bradnelson@chromium.org

NOTRY=true

Review-Url: https://codereview.chromium.org/2460313002
Cr-Commit-Position: refs/heads/master@{#40680}
2016-10-31 17:56:37 +00:00
danno
5319b50c85 [turbofan] Support variable size argument removal in TF-generated functions
This is preparation for using TF to create builtins that handle variable number of
arguments and have to remove these arguments dynamically from the stack upon
return.

The gist of the changes:
- Added a second argument to the Return node which specifies the number of stack
  slots to pop upon return in addition to those specified by the Linkage of the
  compiled function.
- Removed Tail -> Non-Tail fallback in the instruction selector. Since TF now should
  handles all tail-call cases except where the return value type differs, this fallback
  was not really useful and in fact caused unexpected behavior with variable
  sized argument popping, since it wasn't possible to materialize a Return node
  with the right pop count from the TailCall without additional context.
- Modified existing Return generation to pass a constant zero as the additional
  pop argument since the variable pop functionality

LOG=N

Review-Url: https://codereview.chromium.org/2446543002
Cr-Commit-Position: refs/heads/master@{#40678}
2016-10-31 16:54:24 +00:00
jochen
26547761ef Create internal fields on global proxy objects
BUG=v8:5588
R=verwaest@chromium.org

Review-Url: https://codereview.chromium.org/2467463002
Cr-Commit-Position: refs/heads/master@{#40670}
2016-10-31 14:16:24 +00:00
ahaas
c4119758d8 [wasm] Use correct parameter type in wasm-run-utils.h
Due to a typo wasm-run-utils used the type of the first parameter for
all parameters. This caused problems if not all parameters had the same
type.

R=titzer@chromium.org, clemensh@chromium.org

Review-Url: https://codereview.chromium.org/2463743002
Cr-Commit-Position: refs/heads/master@{#40667}
2016-10-31 10:51:51 +00:00
mstarzinger
b4b436de6a [compiler] Ship Ignition for all TurboFan code.
This enables Ignition unconditionally for all code that is destined for
optimization with TurboFan. This ensures all optimization attempts will
go through the BytecodeGraphBuilder and that the AstGraphBuilder pipe is
dried out in practice.

patch from issue 2427953002 at patchset 120001 (http://crrev.com/2427953002#ps120001)

R=mvstanton@chromium.org,rmcilroy@chromium.org

Review-Url: https://codereview.chromium.org/2453973004
Cr-Commit-Position: refs/heads/master@{#40663}
2016-10-31 09:43:43 +00:00
titzer
b7aff1ff64 [wasm] Support for restricted table imports.
This CL implements basic table import functionality.

Missing: growing of tables (WebAssembly.Grow) doesn't change dispatch tables
Missing: allowing larger table imports than minimum size

R=rossberg@chromium.org,bradnelson@chromium.org
BUG=v8:5507

Review-Url: https://codereview.chromium.org/2454503005
Cr-Commit-Position: refs/heads/master@{#40661}
2016-10-29 21:07:38 +00:00
alph
aee3542fcf [profiler] Emit runtime call stats into sampling profile
These are added to the sampler stack trace when RCS are
enabled.
Resource name for a RCS frame is reported as "V8Runtime".
Counter names match ones from src/counters.h

BUG=chromium:660428

Review-Url: https://codereview.chromium.org/2461003002
Cr-Commit-Position: refs/heads/master@{#40658}
2016-10-28 20:18:12 +00:00
machenbach
bc0ee727df Revert of [wasm] Support for restricted table imports. (patchset #7 id:120001 of https://codereview.chromium.org/2454503005/ )
Reason for revert:
GC stress failures:
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/8857

Original issue's description:
> [wasm] Support for restricted table imports.
>
> This CL implements basic table import functionality.
>
> Missing: growing of tables (WebAssembly.Grow) doesn't change dispatch tables
> Missing: allowing larger table imports than minimum size
>
> R=rossberg@chromium.org,bradnelson@chromium.org
> BUG=v8:5507

TBR=bradnelson@chromium.org,rossberg@chromium.org,titzer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5507

Review-Url: https://codereview.chromium.org/2456193006
Cr-Commit-Position: refs/heads/master@{#40656}
2016-10-28 18:58:54 +00:00
titzer
404e215458 [wasm] Support for restricted table imports.
This CL implements basic table import functionality.

Missing: growing of tables (WebAssembly.Grow) doesn't change dispatch tables
Missing: allowing larger table imports than minimum size

R=rossberg@chromium.org,bradnelson@chromium.org
BUG=v8:5507

Review-Url: https://codereview.chromium.org/2454503005
Cr-Commit-Position: refs/heads/master@{#40652}
2016-10-28 18:03:50 +00:00
ulan
e12f9a113a [heap] Do not wait for marking deque uncommit task on tear down.
Cancelable task already guarantees proper waiting.

BUG=

Review-Url: https://codereview.chromium.org/2462553002
Cr-Commit-Position: refs/heads/master@{#40647}
2016-10-28 13:53:00 +00:00
leszeks
d2caa302a7 [ignition] Add bytecodes for loads/stores in the current context
The majority of context slot accesses are to the local context (current context
register and depth 0), so this adds bytecodes to optimise for that case.

This cuts down bytecode size by roughly 1% (measured on Octane and Top25).

Review-Url: https://codereview.chromium.org/2459513002
Cr-Commit-Position: refs/heads/master@{#40641}
2016-10-28 10:11:06 +00:00
ahaas
0ddddcb862 [asmjs] Do constant folding for I32Asmjs(Div|Rem)S to avoid checks of constant divisors
This change makes the embenchen/copy benchmark a factor of 2 faster and
brings back the performance loss through graph trimming.

R=titzer@chromium.org
CC=bradnelson@chromium.org

Review-Url: https://codereview.chromium.org/2453343002
Cr-Commit-Position: refs/heads/master@{#40628}
2016-10-27 16:02:54 +00:00
ishell
8ba4af44ea [ic] Remove unnecessary access rights checks from the IC handlers.
The reasons are:
1) Type feedback vectors are not shared between different native contexts and
   therefore the IC handler created for one native context will not be reused
   in other native context.
2) Access rights revocation is not supported at all, therefore given (1) once
   we pass the access check we don't have to check access rights again.

BUG=v8:5561

Review-Url: https://codereview.chromium.org/2455953002
Cr-Commit-Position: refs/heads/master@{#40627}
2016-10-27 15:54:00 +00:00
yangguo
39ed137bce [serializer] introduce API to serialize internal fields
See https://goo.gl/C9U1dL

BUG=chromium:617892

Review-Url: https://codereview.chromium.org/2452333002
Cr-Commit-Position: refs/heads/master@{#40623}
2016-10-27 13:35:36 +00:00
mstarzinger
8549811ae3 [compiler] Prepare for partially shipping Ignition.
This prepares the code-base so that Ignition can be enabled on a certain
subset of compilations without setting the {FLAG_ignition} flag (which
enables Ignition on all compilations). We should not check the flag in
question explicitly anywhere outside of the compiler heuristics.

R=mvstanton@chromium.org

Review-Url: https://codereview.chromium.org/2443573002
Cr-Commit-Position: refs/heads/master@{#40617}
2016-10-27 12:17:37 +00:00
ulan
017f48d221 Reland "[heap] Uncommit marking deque in concurrent task."
This reverts commit 35e4a03f5b.

BUG=

Review-Url: https://codereview.chromium.org/2454723002
Cr-Commit-Position: refs/heads/master@{#40614}
2016-10-27 11:30:35 +00:00
leszeks
c4d770b182 [ignition] Add a property call bytecode
This is a new bytecode which behaves (for now) exactly like Call,
except that in turbofan graph building we can set the
ConvertReceiverMode to NotNullOrUndefined.

I observe a 1% improvement on Box2D, I'd expect a similar improvement on
other OOP heavy code.

Review-Url: https://codereview.chromium.org/2450243002
Cr-Commit-Position: refs/heads/master@{#40610}
2016-10-27 09:36:15 +00:00
titzer
3f207617d7 [wasm] Binary 0xD: update encoding of opcodes, types, and add immediates.
R=ahaas@chromium.org,rossberg@chromium.org,binji@chromium.org,bradnelson@chromium.org
BUG=chromium:575167, chromium:659591

Review-Url: https://codereview.chromium.org/2440953002
Cr-Commit-Position: refs/heads/master@{#40600}
2016-10-26 16:56:49 +00:00
bbudge
09ab8e6ad9 [Turbofan] Add concept of FP register aliasing on ARM 32.
- Modifies RegisterConfiguration to specify complex aliasing on ARM 32.
- Modifies RegisterAllocator to consider aliasing.
- Modifies ParallelMove::PrepareInsertAfter to handle aliasing.
- Modifies GapResolver to split wider register moves when interference
with smaller moves is detected.
- Modifies MoveOptimizer to handle aliasing.
- Adds ARM 32 macro-assembler pseudo move instructions to handle cases where
  split moves don't correspond to actual s-registers.
- Modifies CodeGenerator::AssembleMove and AssembleSwap to handle moves of
  different widths, and moves involving pseudo-s-registers.
- Adds unit tests for FP operand interference checking and PrepareInsertAfter.
- Adds more tests of FP for the move optimizer and register allocator.

LOG=N
BUG=v8:4124

Review-Url: https://codereview.chromium.org/2410673002
Cr-Commit-Position: refs/heads/master@{#40597}
2016-10-26 16:04:33 +00:00
machenbach
35e4a03f5b Revert of [heap] Uncommit marking deque in concurrent task. (patchset #7 id:120001 of https://codereview.chromium.org/2442443003/ )
Reason for revert:
Seems to break the world, e.g.:
https://build.chromium.org/p/client.v8/builders/V8%20Linux/builds/14118

Original issue's description:
> [heap] Uncommit marking deque in concurrent task.
>
> BUG=

TBR=mlippautz@chromium.org,ulan@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review-Url: https://codereview.chromium.org/2454693002
Cr-Commit-Position: refs/heads/master@{#40588}
2016-10-26 12:39:40 +00:00
ulan
8d5acea950 [heap] Uncommit marking deque in concurrent task.
BUG=

Review-Url: https://codereview.chromium.org/2442443003
Cr-Commit-Position: refs/heads/master@{#40585}
2016-10-26 12:02:30 +00:00
neis
f33a4078e8 [runtime] Let native setters have a return value.
Native setters (see AccessorInfo in accessors.h) didn't have the ability
to return a result value. As a consequence of this, for instance, Reflect.set
on the length property of arrays had the wrong behavior:

var y = [];
Object.defineProperty(y, 0, {value: 42, configurable: false})
Reflect.set(y, 'length', 0)

The Reflect.set call used to return true. Now it returns false as
required by the spec.

BUG=v8:5401

Review-Url: https://codereview.chromium.org/2397603003
Cr-Commit-Position: refs/heads/master@{#40579}
2016-10-26 09:00:08 +00:00
ulan
968caeb44f Reland "[heap] Start sweeper tasks after evacuation" (second try).
This reverts commit 59fb09564a.

BUG=chromium:658718

Review-Url: https://codereview.chromium.org/2445283003
Cr-Commit-Position: refs/heads/master@{#40569}
2016-10-25 15:34:39 +00:00
clemensh
b1dec60bfa [wasm] Remove obsolete function name table
The function name table is not used any more since
https://chromiumcodereview.appspot.com/2424623002, so remove it.

R=titzer@chromium.org,ahaas@chromium.org

Review-Url: https://codereview.chromium.org/2451693002
Cr-Commit-Position: refs/heads/master@{#40552}
2016-10-25 09:00:09 +00:00
cbruni
532c16eca0 [runtime] Object.create(null) creates a slow object
Object.create(null) is most likely to be used for dictionary-like objects.
Hence it would be beneficial to directly create a slow-mode object and avoid
additional overhead later-on.

BUG=

Review-Url: https://codereview.chromium.org/2430273007
Cr-Commit-Position: refs/heads/master@{#40551}
2016-10-25 08:30:50 +00:00
mstarzinger
6dd0587be3 Revert of [compiler] Prepare for partially shipping Ignition. (patchset #1 id:1 of https://codereview.chromium.org/2443573002/ )
Reason for revert:
Causes regressions: https://bugs.chromium.org/p/chromium/issues/detail?id=658711

Original issue's description:
> [compiler] Prepare for partially shipping Ignition.
>
> This prepares the code-base so that Ignition can be enabled on a certain
> subset of compilations without setting the {FLAG_ignition} flag (which
> enables Ignition on all compilations). We should not check the flag in
> question explicitly anywhere outside of the compiler heuristics.
>
> R=mvstanton@chromium.org

BUG=chromium:658711
TBR=mvstanton@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.

Review-Url: https://codereview.chromium.org/2448443002
Cr-Commit-Position: refs/heads/master@{#40534}
2016-10-24 13:02:29 +00:00