Commit Graph

14080 Commits

Author SHA1 Message Date
vogelheim
c44008b01f Ensure consistent error handling on 32b/64b platforms.
BUG=chromium:669017

Review-Url: https://codereview.chromium.org/2536783003
Cr-Commit-Position: refs/heads/master@{#41364}
2016-11-29 15:06:05 +00:00
clemensh
8fcfe66f94 [base] Pass scalar arguments by value in CHECK/DCHECK
This not only potentially improves performance, but also avoids weird
linker errors, like the one below, where I used Smi::kMinValue in a
DCHECK_LE.

> [421/649] LINK ./mksnapshot
> FAILED: mksnapshot
> src/base/logging.h|178| error: undefined reference to
  'v8::internal::Smi::kMinValue'

R=bmeurer@chromium.org, ishell@chromium.org

Committed: https://crrev.com/76723502528c5af003fdffc3520632ea2a13fef3
Review-Url: https://codereview.chromium.org/2524093002
Cr-Original-Commit-Position: refs/heads/master@{#41273}
Cr-Commit-Position: refs/heads/master@{#41363}
2016-11-29 15:02:26 +00:00
vogelheim
b1b7d19610 Cleanup: Move mjsunit/regress-*.js into mjsunit/regress/.
R=machenbach@chromium.org

Review-Url: https://codereview.chromium.org/2531983004
Cr-Commit-Position: refs/heads/master@{#41362}
2016-11-29 14:20:53 +00:00
bmeurer
d6752d94a8 [turbofan] Teach escape analysis about ConvertTaggedHoleToUndefined.
The EscapeStatusAnalysis didn't know anything about the simplified
operator ConvertTaggedHoleToUndefined, thus leading to a crash. We
now just handled it by pretending that any allocation that goes into
such a node escapes.

BUG=chromium:669451
R=tebbi@chromium.org

Review-Url: https://codereview.chromium.org/2533263002
Cr-Commit-Position: refs/heads/master@{#41359}
2016-11-29 13:13:55 +00:00
rmcilroy
067e9e295f [Interpreter] Add bytecode aging and use it enable CompilationCache for bytecode
Adds a bytecode_age field to BytecodeArray objects. This is incremented each
time the bytecode array is marked by GC, and reset to zero if the bytecode
is executed.

This is used to enable the CompilationCache for interpreted functions,
where Interpreted entries are evicted once the bytecode becomes old.

BUG=chromium:666275,v8:4680

Review-Url: https://codereview.chromium.org/2534763003
Cr-Commit-Position: refs/heads/master@{#41356}
2016-11-29 12:34:58 +00:00
leszeks
2bf71f888f [ignition/turbo] Perform liveness analysis on the bytecodes
Replaces the graph-based liveness analyzer in the bytecode graph builder
with an initial bytecode-based liveness analysis pass, which is added to
the existing loop extent analysis.

Now the StateValues in the graph have their inputs initialised to
optimized_out, rather than being modified after the graph is built.

Review-Url: https://codereview.chromium.org/2523893003
Cr-Commit-Position: refs/heads/master@{#41355}
2016-11-29 12:27:15 +00:00
rmcilroy
5fd2b71236 [Heap] Remove concept of MarkingParity.
MarkingParity was used to avoid performing an operation on an object if it was
marked multiple times. We no longer mark things multiple times, so this concept
is no longer required.

BUG=chromium:666275

Review-Url: https://codereview.chromium.org/2529173002
Cr-Commit-Position: refs/heads/master@{#41354}
2016-11-29 12:10:16 +00:00
verwaest
73a2d63df8 [scopes] Propagate inner-scope-calls-eval to make sure we context allocate in inserted scopes
BUG=v8:5664

Review-Url: https://codereview.chromium.org/2536153002
Cr-Commit-Position: refs/heads/master@{#41353}
2016-11-29 12:01:34 +00:00
bmeurer
719d6c1d58 [turbofan] Also optimize instanceof with bound functions.
For bound functions on the right-hand side of instanceof we can
constant-fold to the actual [[BoundTargetFunction]], actually
instance OrdinaryHasInstance. Move the Function.prototype[@@hasInstance]
reduction up to the JSCallReducer to allow this optimization to become
effective (and also enable other optimizations).

BUG=v8:5267
R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2537763002
Cr-Commit-Position: refs/heads/master@{#41352}
2016-11-29 11:58:55 +00:00
mstarzinger
204babf5a0 [deoptimizer] Fix deoptimization in {TranslatedState}.
This ensures the deoptimization triggered due to materialization of
objects by the {TranslatedState} works in conjunction with OSR. The
optimized code used for OSR is not installed on the function, hence
needs to be specified explicitly when requesting deoptimization for
specific stack frames.

R=jarin@chromium.org
TEST=mjsunit/regress/regress-crbug-668795
BUG=chromium:668795

Review-Url: https://codereview.chromium.org/2534143002
Cr-Commit-Position: refs/heads/master@{#41348}
2016-11-29 11:34:22 +00:00
leszeks
a2e2a39ff1 Revert of [ignition/turbo] Perform liveness analysis on the bytecodes (patchset #17 id:320001 of https://codereview.chromium.org/2523893003/ )
Reason for revert:
Breaks the build:

https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20shared/builds/14886

Original issue's description:
> [ignition/turbo] Perform liveness analysis on the bytecodes
>
> Replaces the graph-based liveness analyzer in the bytecode graph builder
> with an initial bytecode-based liveness analysis pass, which is added to
> the existing loop extent analysis.
>
> Now the StateValues in the graph have their inputs initialised to
> optimized_out, rather than being modified after the graph is built.
>
> Committed: https://crrev.com/1852300954c216c29cf93444430681d213e87925
> Cr-Commit-Position: refs/heads/master@{#41344}

TBR=jarin@chromium.org,rmcilroy@chromium.org,yangguo@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review-Url: https://codereview.chromium.org/2541443002
Cr-Commit-Position: refs/heads/master@{#41346}
2016-11-29 10:51:45 +00:00
bmeurer
777e142ca1 [turbofan] Add appropriate types to express Callable.
This introduces three new types OtherCallable, CallableProxy (and OtherProxy),
and BoundFunction to make it possible to express Callable in the Type system.
It also forces all undetectable receivers to be Callable, which matches the
use case for undetectable, namely document.all (guarded by proper checks and
tests).

It also uses these new types to properly optimize instanceof (indirectly via
OrdinaryHasInstance) based on the type of the constructor and the object. So
we are able to constant-fold certain instanceof expressions based on types
and completely avoid the builtin call.

R=jarin@chromium.org
BUG=v8:5267

Review-Url: https://codereview.chromium.org/2535753004
Cr-Commit-Position: refs/heads/master@{#41345}
2016-11-29 10:48:13 +00:00
leszeks
1852300954 [ignition/turbo] Perform liveness analysis on the bytecodes
Replaces the graph-based liveness analyzer in the bytecode graph builder
with an initial bytecode-based liveness analysis pass, which is added to
the existing loop extent analysis.

Now the StateValues in the graph have their inputs initialised to
optimized_out, rather than being modified after the graph is built.

Review-Url: https://codereview.chromium.org/2523893003
Cr-Commit-Position: refs/heads/master@{#41344}
2016-11-29 10:46:20 +00:00
cbruni
85321456cd [api] Support sharing prototypes between FunctionTemplates
FunctionTemplateInfo::SetPrototypeProviderTemplate adds support for sharing
prototypes between several function templates. This is used to properly set up
Image.prototype and HTMLImageElement.protoype which should be equal according
to the spec.

BUG=chromium:2969

Review-Url: https://codereview.chromium.org/2531653002
Cr-Commit-Position: refs/heads/master@{#41343}
2016-11-29 10:14:18 +00:00
ahaas
68f89a07c0 [wasm] Skip mjsunit/wasm/import-memory on gc-stress
BUG=v8:5683
NOTRY=true
R=machenbach@chromium.org

Review-Url: https://codereview.chromium.org/2541433002
Cr-Commit-Position: refs/heads/master@{#41340}
2016-11-29 09:24:15 +00:00
machenbach
9c0e2a6723 Revert of [ic] Use validity cells to protect keyed element stores against object's prototype chain modificati… (patchset #2 id:40001 of https://codereview.chromium.org/2534613002/ )
Reason for revert:
Layout test crashes:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/11691

Original issue's description:
> [ic] Use validity cells to protect keyed element stores against object's prototype chain modifications.
>
> ... instead of clearing of all the KeyedStoreICs which didn't always work.
>
> BUG=chromium:662907, v8:5561
> TBR=verwaest@chromium.org, bmeurer@chromium.org
>
> Committed: https://crrev.com/a39522f44f7e0be4686831688917e9675255dcaf
> Cr-Commit-Position: refs/heads/master@{#41332}

TBR=jkummerow@chromium.org,ishell@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:662907, v8:5561

Review-Url: https://codereview.chromium.org/2538693002
Cr-Commit-Position: refs/heads/master@{#41337}
2016-11-29 08:49:48 +00:00
henrique.ferreiro
bc1a3820c2 Implement DefineOwnProperty for TypedArrays
TypedArrays need specific checks before calling OrdinaryDefineOwnProperty.

BUG=v8:5328

Review-Url: https://codereview.chromium.org/2431223005
Cr-Commit-Position: refs/heads/master@{#41333}
2016-11-29 00:07:58 +00:00
ishell
a39522f44f [ic] Use validity cells to protect keyed element stores against object's prototype chain modifications.
... instead of clearing of all the KeyedStoreICs which didn't always work.

BUG=chromium:662907, v8:5561
TBR=verwaest@chromium.org, bmeurer@chromium.org

Review-Url: https://codereview.chromium.org/2534613002
Cr-Commit-Position: refs/heads/master@{#41332}
2016-11-28 22:56:52 +00:00
jshin
2f5da9a551 Fix the uppercasing of U+00E7(ç) and U+00F7(÷)
Due to a typo in runtime-i18n.js, 'ç'(U+00E7) was not uppercased while
'÷'(U+00F7) was incorrectly uppercased to '×'(U+00D7).

Add a comprehensive test for Latin-1 supplemental block (U+00A0 ~ U+00FF).
(they're special-cased for speed-up and needs to have a test for the range.).

TEST=intl/general/case-mapping
BUG=v8:5681

Review-Url: https://codereview.chromium.org/2533033003
Cr-Commit-Position: refs/heads/master@{#41331}
2016-11-28 22:55:49 +00:00
ishell
a814b8aeaf [heap] Clear recorded slots for inobject properties when migrating fast object to slow mode.
BUG=chromium:666046

Review-Url: https://codereview.chromium.org/2539493002
Cr-Commit-Position: refs/heads/master@{#41327}
2016-11-28 20:11:30 +00:00
zhengxing.li
0c6b6138bf X87: [test] disable number-tostring test case for x87.
The reason:
  The CL #41255 (https://codereview.chromium.org/2520363002 ) reimplemnt the Number.prototype.toString and the added number-tostring test cases failed at x87.

  Similar to many previos fixing CLs, i.e.: CL #37371 (https://codereview.chromium.org/2111493002 ), the root reason is:
  The Gcc compiler and it's dependent C++ libraris on linux platform use x87 in extended 80-bit double precision by default.
  So the reimplemented DoubleToRadixCString() will generate extended 80-bit double precision result which isn't the expected standard 64-bit double precision
  value.

  Although modifying DoubleToRadixCString() function to manually do the 80-bit <--> 64-bit conversion for each double/float computation step can fix this issue,
  but it wll drop the DoubleToRadixCString() function's performance of other architectures.

  This CL put the failed number-tostring test cases into number-tostring-big-integer.js and disables it for x87.

BUG=

Review-Url: https://codereview.chromium.org/2532073002
Cr-Commit-Position: refs/heads/master@{#41322}
2016-11-28 15:31:20 +00:00
tebbi
08931d45ba [parser] removed redundant undefined check of for-of iterator
Removed a redundant check: If completion is not normal, then #iterator cannot be undefined.

Review-Url: https://codereview.chromium.org/2533803002
Cr-Commit-Position: refs/heads/master@{#41321}
2016-11-28 15:30:17 +00:00
vogelheim
e0d608a2b1 Fix 'combo breaker' in CreateDynamicFunction to handle template literals.
BUG=chromium:663410

Review-Url: https://codereview.chromium.org/2533463002
Cr-Commit-Position: refs/heads/master@{#41320}
2016-11-28 14:44:13 +00:00
jgruber
aefc79360e [js-perf-test] Fix JSON syntax for RegExp tests
BUG=v8:5339
NOTRY=true

Review-Url: https://codereview.chromium.org/2532013003
Cr-Commit-Position: refs/heads/master@{#41317}
2016-11-28 13:12:50 +00:00
jarin
72b5a0d40e [deoptimizer] Use the correct function for handler lookup for bytecode.
BUG=chromium:668760

Review-Url: https://codereview.chromium.org/2530403002
Cr-Commit-Position: refs/heads/master@{#41314}
2016-11-28 12:45:29 +00:00
yangguo
ee84d9f7f9 [debug] remove debug command processor from regress tests.
BUG=v8:5510
R=jgruber@chromium.org

Review-Url: https://codereview.chromium.org/2535733002
Cr-Commit-Position: refs/heads/master@{#41312}
2016-11-28 12:02:44 +00:00
yangguo
0398e5d5e4 [debug] remove debug command processor from scope tests.
BUG=v8:5510
R=jgruber@chromium.org

Review-Url: https://codereview.chromium.org/2536573002
Cr-Commit-Position: refs/heads/master@{#41311}
2016-11-28 12:01:44 +00:00
jochen
cfebe6034c Assign unique IDs to FunctionLiterals
They're supposed to be stable across several parse passes, so we'll also
store them in the associated SharedFunctionInfos

To achieve this, the PreParser and Parser need to generated the same number of
FunctionLiterals. To achieve this, we teach the PreParser about desuggaring of
class literals.

For regular functions, the function IDs are assigned in the order they occur in
the source. For arrow functions, however, we only know that it's an arrow function
after parsing the parameter list, and so the ID assigned to the arrow function is
larger than the IDs assigned to functions defined in the parameter list. This
implies that we have to reset the function ID counter to before the parameter list
when re-parsing an arrow function. To be able to do this, we store the number of
function literals found in the parameter list of arrow functions as well.

BUG=v8:5589

Review-Url: https://codereview.chromium.org/2481163002
Cr-Commit-Position: refs/heads/master@{#41309}
2016-11-28 11:40:53 +00:00
yangguo
e1470db7a3 [debug] remove debug command processor from debug evaluate tests.
R=jgruber@chromium.org
BUG=v8:5510

Review-Url: https://codereview.chromium.org/2532893002
Cr-Commit-Position: refs/heads/master@{#41308}
2016-11-28 11:38:15 +00:00
cbruni
c81dbaf2b2 [tests] Skip RuntimeCallStatsTest due to flaky timers
R=machenbach@chromium.org
BUG=v8:5677
NOTRY=true

Review-Url: https://codereview.chromium.org/2528363002
Cr-Commit-Position: refs/heads/master@{#41305}
2016-11-28 10:51:20 +00:00
ahaas
5d5ccb6e45 [mjsunit] Change assertThrows such that it can check the exception message.
Up until now assertThrows allows to check the type field of an
exception, which is, however, a custom field introduced in a single
regression test. With the change assertThrows allows to check the
message field of an exception, which is set for standard V8 exceptions
by default.

I use the new assertThrows to refactor test/mjsunit/wasm/divrem-trap.js

R=titzer@chromium.org

Review-Url: https://codereview.chromium.org/2525313003
Cr-Commit-Position: refs/heads/master@{#41302}
2016-11-28 10:26:44 +00:00
cbruni
a09e5eda26 [runtime] Add missing @@IsConcatSpreadable check for FAST_DOUBLE_ELEMENTS
A missing @@IsConcatSpreadable check caused the fast path inside the slow path
to be incorrect and follow the default concat strategy when the arguments
arrays contain only doubles.

BUG=chromium:668414

Review-Url: https://codereview.chromium.org/2527173002
Cr-Commit-Position: refs/heads/master@{#41301}
2016-11-28 10:06:17 +00:00
jgruber
a61585e9b2 [debug-wrapper] AsyncTaskEvent event type
AsyncTaskEvents are not exposed through the inspector interface.

BUG=v8:5530

Review-Url: https://codereview.chromium.org/2532693002
Cr-Commit-Position: refs/heads/master@{#41299}
2016-11-28 09:31:50 +00:00
ziyang
f5d373b012 PPC64: Changing test-spaces/SizeOfInitialHeap to accomodate 64K page size
Since the page size of PPC 64 bit machines is 64K, memory smaller than 64K
    cannot be freed causing the committed memory of code space to be
    exactly 2M. Changing the test case to accomodate this.

R=mlippautz@chromium.org, ulan@chromium.org, vogelheim@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2523293002
Cr-Commit-Position: refs/heads/master@{#41292}
2016-11-25 19:38:17 +00:00
bbudge
ef3f125d37 [Turbofan] Add ARM support for simd128 moves and swaps.
- Adds vmov, vswp instructions for QwNeonRegisters.
- Refactors existing vswp implementation, moves non-Neon adaption to
MacroAssembler.
- Adds simd128 support to CodeGenerator AssembleMove, AssembleSwap.

LOG=N
BUG=v8:4124

Review-Url: https://codereview.chromium.org/2523933002
Cr-Commit-Position: refs/heads/master@{#41291}
2016-11-25 19:37:04 +00:00
jgruber
b034b71568 [js-perf-test] Add RegExp microbenchmarks
This adds microbenchmarks for:

* the RegExp constructor,
* flag accessors,
* and RegExp functions: exec, @@match, @@search, test, @@split, @@replace.

Each benchmark is further split to measure fast and slow paths.

BUG=v8:5339

Review-Url: https://codereview.chromium.org/2521263003
Cr-Commit-Position: refs/heads/master@{#41285}
2016-11-25 09:25:23 +00:00
marija.antic
daedefd3fc MIPS64: Port "Reland of "MIPS: Optimize load/store with large offset"".
Port 961a45da69

BUG=

Review-Url: https://codereview.chromium.org/2505923002
Cr-Commit-Position: refs/heads/master@{#41284}
2016-11-25 09:12:29 +00:00
yangguo
d5ada19ce7 [debug] mark more unused debug API as deprecated.
R=jgruber@chromium.org
BUG=v8:5510

Review-Url: https://codereview.chromium.org/2531543002
Cr-Commit-Position: refs/heads/master@{#41283}
2016-11-25 09:11:04 +00:00
yangguo
b6d2bacd66 Fix Number.prototype.toString with non-default radix wrt modulo.
TBR=tebbi@chromium.org
BUG=chromium:668510

Review-Url: https://codereview.chromium.org/2526223003
Cr-Commit-Position: refs/heads/master@{#41280}
2016-11-25 07:46:40 +00:00
clemensh
29ee62443d Revert of [base] Pass scalar arguments by value in CHECK/DCHECK (patchset #3 id:40001 of https://codereview.chromium.org/2524093002/ )
Reason for revert:
Seems to cause compile errors on Android. Will investigate on Monday.

Original issue's description:
> [base] Pass scalar arguments by value in CHECK/DCHECK
>
> This not only potentially improves performance, but also avoids weird
> linker errors, like the one below, where I used Smi::kMinValue in a
> DCHECK_EQ.
>
> > [421/649] LINK ./mksnapshot
> > FAILED: mksnapshot
> > src/base/logging.h|178| error: undefined reference to
>   'v8::internal::Smi::kMinValue'
>
> R=bmeurer@chromium.org, ishell@chromium.org
>
> Committed: https://crrev.com/76723502528c5af003fdffc3520632ea2a13fef3
> Cr-Commit-Position: refs/heads/master@{#41273}

TBR=bmeurer@chromium.org,ishell@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review-Url: https://codereview.chromium.org/2527883004
Cr-Commit-Position: refs/heads/master@{#41278}
2016-11-24 23:03:16 +00:00
rmcilroy
49ea60ef9d [GC] Fix code flushing to use bytecode if it exists.
If code is flushed on a SFI, we can still use the bytecode if it was compiled,
since this never gets flushed.

This fixes a DCHECK where we were trying to compile the bytecode multiple
times after the baseline code was flushed.

BUG=chromium:668133

Review-Url: https://codereview.chromium.org/2526243002
Cr-Commit-Position: refs/heads/master@{#41274}
2016-11-24 17:27:04 +00:00
clemensh
7672350252 [base] Pass scalar arguments by value in CHECK/DCHECK
This not only potentially improves performance, but also avoids weird
linker errors, like the one below, where I used Smi::kMinValue in a
DCHECK_EQ.

> [421/649] LINK ./mksnapshot
> FAILED: mksnapshot
> src/base/logging.h|178| error: undefined reference to
  'v8::internal::Smi::kMinValue'

R=bmeurer@chromium.org, ishell@chromium.org

Review-Url: https://codereview.chromium.org/2524093002
Cr-Commit-Position: refs/heads/master@{#41273}
2016-11-24 17:26:02 +00:00
jkummerow
9be747666c Reland^2 of [stubs] KeyedStoreGeneric: inline dictionary property stores
For dictionary-mode receivers, the KeyedStoreGeneric stub can store
properties directly in most cases. Doing so avoids the need to have
an entry in the stub cache for every map/property combination.

Original review: https://codereview.chromium.org/2504403005/

Review-Url: https://codereview.chromium.org/2528883003
Cr-Commit-Position: refs/heads/master@{#41272}
2016-11-24 16:23:12 +00:00
vogelheim
9d0f5ab745 Treat all functions in a 'comma sequence' the same for (pre-)parsing.
R=verwaest@chromium.org
BUG=v8:5643

Review-Url: https://codereview.chromium.org/2524263003
Cr-Commit-Position: refs/heads/master@{#41267}
2016-11-24 14:45:19 +00:00
vogelheim
56daccb836 Fix memory leak in cctest/parsing/test-scanner.
BUG=chromium:662388

Review-Url: https://codereview.chromium.org/2495533003
Cr-Commit-Position: refs/heads/master@{#41266}
2016-11-24 14:29:09 +00:00
mstarzinger
22a2ae07af [runtime] Fix call-site rendering for inlined calls.
This makes sure call-site rendering for certain {TypeError} messages is
based on the correct underlying {JSFunction}, even when inlined frames
are present. Only the {FrameSummary} knows the exact function.

R=verwaest@chromium.org
TEST=message/regress/regress-crbug-661579
BUG=chromium:661579

Review-Url: https://codereview.chromium.org/2521103005
Cr-Commit-Position: refs/heads/master@{#41264}
2016-11-24 13:36:54 +00:00
machenbach
b6ab7996de Revert of [test] Add performance test for closures. (patchset #1 id:1 of https://codereview.chromium.org/2525053002/ )
Reason for revert:
Fails on perf.

Original issue's description:
> [test] Add performance test for closures.
>
> Short living closures are very common in Node.js. This benchmark tracks progress
> as we move the optimizations that are currently only behind
> --mark_shared_functions_for_tier_up to the default settings.
>
> BUG=v8:5512
>
> Committed: https://crrev.com/f277da2a00cfd27d44a33a70213a65bd82d0bc95
> Cr-Commit-Position: refs/heads/master@{#41246}

TBR=bmeurer@chromium.org,leszeks@chromium.org,franzih@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5512

Review-Url: https://codereview.chromium.org/2526163003
Cr-Commit-Position: refs/heads/master@{#41261}
2016-11-24 13:16:15 +00:00
neis
cde9f7bfed [modules] Propagate module status when creating ParseInfo from SFI.
In the ParseInfo constructor that takes a SharedFunctionInfo, we must
set the module flag when the function represents a module.

BUG=v8:1569

Review-Url: https://codereview.chromium.org/2525013002
Cr-Commit-Position: refs/heads/master@{#41257}
2016-11-24 10:49:03 +00:00
yangguo
81a64aa548 [debug] remove JSON debug protocol related tests.
In most cases we can use the debug event listener as alternative.
Multithreaded tests are obsolete.

R=jgruber@chromium.org
BUG=v8:5510

Review-Url: https://codereview.chromium.org/2529883002
Cr-Commit-Position: refs/heads/master@{#41256}
2016-11-24 10:43:22 +00:00
yangguo
21b0dbedfd Reimplement Number.prototype.toString with non-default radix.
The old algorithm produces unnecessary decimal digits. The new one
converts the significand of the input double into an uint64_t to be
just as precise as necessary.

R=tebbi@chromium.org
BUG=chromium:658712,chromium:666376

Review-Url: https://codereview.chromium.org/2520363002
Cr-Commit-Position: refs/heads/master@{#41255}
2016-11-24 10:30:46 +00:00
cbruni
244dd002c5 [counters] RuntimeStats: fix wrong bookkeeping when dynamically changing counters
RuntimeTimerScopes always subtract their own time from the parent timer's
counter to properly account for the own time. Once a scope is destructed it
adds it own timer to the current active counter. However, if the current
counter is changed with CorrectCurrentCounterId we will attribute all the
subtimers to the previous counter, and add the own time to the new counter.
This way it is possible to end up with negative times in certain counters but
the overall would still be correct.

BUG=

Review-Url: https://codereview.chromium.org/2511093002
Cr-Commit-Position: refs/heads/master@{#41254}
2016-11-24 10:05:37 +00:00
neis
b481afd893 [parser] Fix scopes in rewriting of for-of and destructuring assignments.
The catch scopes were created with the wrong parent scope.

R=littledan@chromium.org
BUG=v8:5648

Committed: https://crrev.com/f385268d11d6da9508e481202b39f75f4b56afdd
Review-Url: https://codereview.chromium.org/2520883002
Cr-Original-Commit-Position: refs/heads/master@{#41222}
Cr-Commit-Position: refs/heads/master@{#41253}
2016-11-24 09:48:21 +00:00
hablich
474bbec73d Revert of [stubs] KeyedStoreGeneric: inline dictionary property stores (patchset #2 id:10002 of https://codereview.chromium.org/2524943002/ )
Reason for revert:
Blocks current roll:
https://codereview.chromium.org/2526753003/

Bisect results:
https://codereview.chromium.org/2531483002

Original issue's description:
> Reland of [stubs] KeyedStoreGeneric: inline dictionary property stores
>
> For dictionary-mode receivers, the KeyedStoreGeneric stub can store
> properties directly in most cases. Doing so avoids the need to have
> an entry in the stub cache for every map/property combination.
>
> Original review: https://codereview.chromium.org/2504403005/
>
> Committed: https://crrev.com/7a963deb85a0cc04623947a759534c48e2871901
> Cr-Commit-Position: refs/heads/master@{#41218}

TBR=ishell@chromium.org,machenbach@chromium.org,jkummerow@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review-Url: https://codereview.chromium.org/2522393002
Cr-Commit-Position: refs/heads/master@{#41251}
2016-11-24 08:43:22 +00:00
hablich
e461facff2 Revert of [stubs] Fix AccessorInfo mixup in KeyedStoreGeneric (patchset #1 id:1 of https://codereview.chromium.org/2525913002/ )
Reason for revert:
Needed to revert 2661b3e8a5

Original issue's description:
> [stubs] Fix AccessorInfo mixup in KeyedStoreGeneric
>
> BUG=chromium:668101
>
> Committed: https://crrev.com/2661b3e8a5447773a23a219ba085454c459b654b
> Cr-Commit-Position: refs/heads/master@{#41223}

TBR=ishell@chromium.org,jkummerow@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:668101

Review-Url: https://codereview.chromium.org/2525253002
Cr-Commit-Position: refs/heads/master@{#41250}
2016-11-24 08:41:29 +00:00
franzih
f277da2a00 [test] Add performance test for closures.
Short living closures are very common in Node.js. This benchmark tracks progress
as we move the optimizations that are currently only behind
--mark_shared_functions_for_tier_up to the default settings.

BUG=v8:5512

Review-Url: https://codereview.chromium.org/2525053002
Cr-Commit-Position: refs/heads/master@{#41246}
2016-11-24 08:08:30 +00:00
bmeurer
76fd6f25a9 [turbofan] Remove inlining support for the deprecated pipeline.
The deprecated pipeline is used for asm.js only, where we forcibly
disable inlining anyways (for performance reasons), so inlining via
the AstGraphBuilder is essentially dead code by now, thus there's no
point in trying to keep that around in the code base.

Also nuke the test-run-inlining.cc file, which would require some heavy
surgery (for probably little benefit), and move the useful tests for
mjsunit tests instead.

BUG=v8:2206,v8:5657
R=yangguo@chromium.org

Review-Url: https://codereview.chromium.org/2527053002
Cr-Commit-Position: refs/heads/master@{#41245}
2016-11-24 07:59:59 +00:00
jgruber
f0d3cf5bae [inspector] Expose scopes for suspended generator objects
This exposes scopes for suspended generator objects by adding a
[[Scopes]] internal property to generator objects, similar to how
scopes for functions currently not on the stack are handled.

BUG=chromium:667286

Review-Url: https://codereview.chromium.org/2516973003
Cr-Commit-Position: refs/heads/master@{#41244}
2016-11-24 07:32:40 +00:00
machenbach
5e3e29d919 Revert of Use parenthesis in descriptions for array/map/set lengths/sizes (patchset #3 id:40001 of https://codereview.chromium.org/2521853003/ )
Reason for revert:
Breaks layout tests:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/11595

https://github.com/v8/v8/wiki/Blink-layout-tests

Original issue's description:
> Use parenthesis in descriptions for array/map/set lengths/sizes
>
> Descriptions for (typed)arrays will use parenthesis instead of square brackets
> "Array(10)" instead of "Array[10]". This CL also adds size hints to descriptions
> of maps and sets.
>
> Related CL for DevTools: https://codereview.chromium.org/2524913002/
>
> BUG=405845
>
> Committed: https://crrev.com/92c77a57390e6a9ef726535b255a24359751992d
> Cr-Commit-Position: refs/heads/master@{#41237}

TBR=dgozman@chromium.org,kozyatinskiy@chromium.org,luoe@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=405845

Review-Url: https://codereview.chromium.org/2530803002
Cr-Commit-Position: refs/heads/master@{#41243}
2016-11-24 07:22:31 +00:00
bmeurer
9da894edcb [turbofan] Improve typed lowering rules for JSToBoolean.
Also lower JSToBoolean(x) where x is either some detectable receiver or
null, or any kind of receiver, null or undefined. Also fix a couple of
minor issues with the JSToBoolean lowering and tests.

R=yangguo@chromium.org
BUG=v8:5267

Review-Url: https://codereview.chromium.org/2530773002
Cr-Commit-Position: refs/heads/master@{#41241}
2016-11-24 06:37:14 +00:00
luoe
92c77a5739 Use parenthesis in descriptions for array/map/set lengths/sizes
Descriptions for (typed)arrays will use parenthesis instead of square brackets
"Array(10)" instead of "Array[10]". This CL also adds size hints to descriptions
of maps and sets.

Related CL for DevTools: https://codereview.chromium.org/2524913002/

BUG=405845

Review-Url: https://codereview.chromium.org/2521853003
Cr-Commit-Position: refs/heads/master@{#41237}
2016-11-24 01:11:24 +00:00
gdeepti
e108f90d5c [wasm] WebAssembly.Memory object can be referenced by multiple Instance objects.
Add support for WebAssembly.Memory objects to be simultaneously referenced by multiple Instance objects. GrowingMemory should maintain a consistent view of memory across instances.
 - Store a link to instances that share WebAssembly.Memory in the WasmMemoryObject, updated on instantiate.
 - Implement WasmInstanceWrapper as a wrapper around the instance object to keep track of previous/next instances, instance object is stored as a WeakCell that can be garbage collected.
 - MemoryInstanceFinalizer maintains a valid list of instances when an instance is garbage collected.
 - Refactor GrowInstanceMemory to GrowMemoryBuffer that allocates a new buffer, and UncheckedUpdateInstanceMemory that updates memory references for an instance.

 R=titzer@chromium.org, mtrofin@chromium.org, bradnelson@chromium.org

Committed: https://crrev.com/30ef8e33f3a199a27ca8512bcee314c9522d03f6
Committed: https://crrev.com/3c98e339599b068f1ed630afb7601ff942424d31
Review-Url: https://codereview.chromium.org/2471883003
Cr-Original-Original-Commit-Position: refs/heads/master@{#41121}
Cr-Original-Commit-Position: refs/heads/master@{#41198}
Cr-Commit-Position: refs/heads/master@{#41234}
2016-11-23 20:44:29 +00:00
kozyatinskiy
019d446c1e [inspector] make console.assert much faster
New console.assert implementation is faster then custom user implementation.

BUG=chromium:663845
R=dgozman@chromium.org

Committed: https://crrev.com/f658e41d864267fb9e99ea76faa7758b0b63d5c9
Review-Url: https://codereview.chromium.org/2505493002
Cr-Original-Commit-Position: refs/heads/master@{#41227}
Cr-Commit-Position: refs/heads/master@{#41232}
2016-11-23 17:09:50 +00:00
machenbach
c1622945f7 Revert of [inspector] make console.assert much faster (patchset #3 id:40001 of https://codereview.chromium.org/2505493002/ )
Reason for revert:
Speculative revert as there seems to be a layout test crash:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/11585

Please reland if it doesn't get green.

Original issue's description:
> [inspector] make console.assert much faster
>
> New console.assert implementation is faster then custom user implementation.
>
> BUG=chromium:663845
> R=dgozman@chromium.org
>
> Committed: https://crrev.com/f658e41d864267fb9e99ea76faa7758b0b63d5c9
> Cr-Commit-Position: refs/heads/master@{#41227}

TBR=dgozman@chromium.org,yangguo@chromium.org,kozyatinskiy@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:663845

Review-Url: https://codereview.chromium.org/2521323005
Cr-Commit-Position: refs/heads/master@{#41231}
2016-11-23 15:54:09 +00:00
machenbach
e4a15a7b4e Revert of [counters] RuntimeStats: fix wrong bookkeeping when dynamically changing counters. (patchset #15 id:320001 of https://codereview.chromium.org/2511093002/ )
Reason for revert:
The test is very flaky on the bots, e.g.:
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20ASAN/builds/17031
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20shared/builds/14776

Original issue's description:
> [counters] RuntimeStats: fix wrong bookkeeping when dynamically changing counters
>
> RuntimeTimerScopes always subtract their own time from the parent timer's
> counter to properly account for the own time. Once a scope is destructed it
> adds it own timer to the current active counter. However, if the current
> counter is changed with CorrectCurrentCounterId we will attribute all the
> subtimers to the previous counter, and add the own time to the new counter.
> This way it is possible to end up with negative times in certain counters but
> the overall would still be correct.
>
> BUG=
>
> Committed: https://crrev.com/f6c74d964d9387df4bed3d8c1ded51eb9e8aa6e8
> Committed: https://crrev.com/491651792d7818aed04eaeffb9890b5a309b543e
> Cr-Original-Commit-Position: refs/heads/master@{#41142}
> Cr-Commit-Position: refs/heads/master@{#41214}

TBR=ishell@chromium.org,fmeawad@chromium.org,lpy@chromium.org,cbruni@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review-Url: https://codereview.chromium.org/2526843002
Cr-Commit-Position: refs/heads/master@{#41229}
2016-11-23 15:27:49 +00:00
machenbach
7edbd535a9 Revert of [parser] Fix scopes in rewriting of for-of and destructuring assignments. (patchset #6 id:100001 of https://codereview.chromium.org/2520883002/ )
Reason for revert:
Speculative revert: Seems to break jsfunfuzz:
https://build.chromium.org/p/client.v8/builders/V8%20Fuzzer/builds/14385

Original issue's description:
> [parser] Fix scopes in rewriting of for-of and destructuring assignments.
>
> The catch scopes were created with the wrong parent scope.
>
> R=littledan@chromium.org
> BUG=v8:5648
>
> Committed: https://crrev.com/f385268d11d6da9508e481202b39f75f4b56afdd
> Cr-Commit-Position: refs/heads/master@{#41222}

TBR=littledan@chromium.org,verwaest@chromium.org,neis@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5648

Review-Url: https://codereview.chromium.org/2519333005
Cr-Commit-Position: refs/heads/master@{#41228}
2016-11-23 15:23:17 +00:00
kozyatinskiy
f658e41d86 [inspector] make console.assert much faster
New console.assert implementation is faster then custom user implementation.

BUG=chromium:663845
R=dgozman@chromium.org

Review-Url: https://codereview.chromium.org/2505493002
Cr-Commit-Position: refs/heads/master@{#41227}
2016-11-23 14:20:30 +00:00
jkummerow
2661b3e8a5 [stubs] Fix AccessorInfo mixup in KeyedStoreGeneric
BUG=chromium:668101

Review-Url: https://codereview.chromium.org/2525913002
Cr-Commit-Position: refs/heads/master@{#41223}
2016-11-23 13:27:22 +00:00
neis
f385268d11 [parser] Fix scopes in rewriting of for-of and destructuring assignments.
The catch scopes were created with the wrong parent scope.

R=littledan@chromium.org
BUG=v8:5648

Review-Url: https://codereview.chromium.org/2520883002
Cr-Commit-Position: refs/heads/master@{#41222}
2016-11-23 13:25:35 +00:00
mvstanton
3d31d25152 [Turbofan]: generic lowering can use a constant vector
Since we are specializing on the native context, we don't have to load
the vector from the closure. For one thing, this reduces the machinery for
nodes that use a vector in their generic incarnation.

BUG=
R=mstarzinger@chromium.org

Review-Url: https://codereview.chromium.org/2529463002
Cr-Commit-Position: refs/heads/master@{#41221}
2016-11-23 13:23:50 +00:00
mstarzinger
2b96c9d7c0 [turbofan] Fix exception message for non-constructables.
This fixes the message reported via the {TypeError} thrown when trying
to call a non-constructable function as a constructor. Also adds some
more related message tests for similar exceptions.

R=bmeurer@chromium.org
TEST=message/call-non-constructable
BUG=chromium:661579

Review-Url: https://codereview.chromium.org/2523803003
Cr-Commit-Position: refs/heads/master@{#41220}
2016-11-23 13:17:55 +00:00
jkummerow
7a963deb85 Reland of [stubs] KeyedStoreGeneric: inline dictionary property stores
For dictionary-mode receivers, the KeyedStoreGeneric stub can store
properties directly in most cases. Doing so avoids the need to have
an entry in the stub cache for every map/property combination.

Original review: https://codereview.chromium.org/2504403005/

Review-Url: https://codereview.chromium.org/2524943002
Cr-Commit-Position: refs/heads/master@{#41218}
2016-11-23 12:43:48 +00:00
yangguo
86d38086f8 [debug-wrapper] adapt stepping tests to inspector behavior.
R=jgruber@chromium.org
BUG=v8:5530

Review-Url: https://codereview.chromium.org/2530533002
Cr-Commit-Position: refs/heads/master@{#41215}
2016-11-23 12:38:35 +00:00
cbruni
491651792d [counters] RuntimeStats: fix wrong bookkeeping when dynamically changing counters
RuntimeTimerScopes always subtract their own time from the parent timer's
counter to properly account for the own time. Once a scope is destructed it
adds it own timer to the current active counter. However, if the current
counter is changed with CorrectCurrentCounterId we will attribute all the
subtimers to the previous counter, and add the own time to the new counter.
This way it is possible to end up with negative times in certain counters but
the overall would still be correct.

BUG=

Committed: https://crrev.com/f6c74d964d9387df4bed3d8c1ded51eb9e8aa6e8
Review-Url: https://codereview.chromium.org/2511093002
Cr-Original-Commit-Position: refs/heads/master@{#41142}
Cr-Commit-Position: refs/heads/master@{#41214}
2016-11-23 12:23:16 +00:00
ishell
b2f2f6ecf1 [ic] Don't enable property cell mode for a LoadGlobalIC if the holder is a different global object than the receiver.
Test contributed by crlf0710 <crlf0710@gmail.com>.

BUG=v8:5552

Review-Url: https://codereview.chromium.org/2523173002
Cr-Commit-Position: refs/heads/master@{#41213}
2016-11-23 12:17:01 +00:00
mstarzinger
f77dbef1ab [test] Run module message tests in all variants.
R=neis@chromium.org
BUG=v8:1569

Review-Url: https://codereview.chromium.org/2528433005
Cr-Commit-Position: refs/heads/master@{#41211}
2016-11-23 12:01:40 +00:00
rmcilroy
5f5300a61b [compiler] Ensure code unsupported by Crankshaft goes to Ignition.
BUG=v8:4280,v8:5657

Review-Url: https://codereview.chromium.org/2505933008
Cr-Commit-Position: refs/heads/master@{#41209}
2016-11-23 09:30:34 +00:00
hablich
de330e13da Revert of [wasm] WebAssembly.Memory object can be referenced by multiple Instance objects. (patchset #13 id:240001 of https://codereview.chromium.org/2471883003/ )
Reason for revert:
Test crashes after an unrelated revert: https://chromegw.corp.google.com/i/client.v8/builders/V8%20Linux%20-%20gc%20stress/builds/7189

Reverting because of recommendation from WASM team.

Original issue's description:
> [wasm] WebAssembly.Memory object can be referenced by multiple Instance objects.
>
> Add support for WebAssembly.Memory objects to be simultaneously referenced by multiple Instance objects. GrowingMemory should maintain a consistent view of memory across instances.
>  - Store a link to instances that share WebAssembly.Memory in the WasmMemoryObject, updated on instantiate.
>  - Implement WasmInstanceWrapper as a wrapper around the instance object to keep track of previous/next instances, instance object is stored as a WeakCell that can be garbage collected.
>  - MemoryInstanceFinalizer maintains a valid list of instances when an instance is garbage collected.
>  - Refactor GrowInstanceMemory to GrowMemoryBuffer that allocates a new buffer, and UncheckedUpdateInstanceMemory that updates memory references for an instance.
>
>  R=titzer@chromium.org, mtrofin@chromium.org, bradnelson@chromium.org
>
> Committed: https://crrev.com/30ef8e33f3a199a27ca8512bcee314c9522d03f6
> Committed: https://crrev.com/3c98e339599b068f1ed630afb7601ff942424d31
> Cr-Original-Commit-Position: refs/heads/master@{#41121}
> Cr-Commit-Position: refs/heads/master@{#41198}

TBR=bradnelson@chromium.org,mtrofin@chromium.org,titzer@chromium.org,gdeepti@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review-Url: https://codereview.chromium.org/2529573002
Cr-Commit-Position: refs/heads/master@{#41208}
2016-11-23 09:08:43 +00:00
jgruber
0dcc7a0e20 [debug] Add Eval scope type to inspector protocol
BUG=v8:5530,chromium:667218

Review-Url: https://codereview.chromium.org/2519773003
Cr-Commit-Position: refs/heads/master@{#41205}
2016-11-23 07:30:23 +00:00
zhengxing.li
38092c41c2 [X87][test]: Fixing -Wsign-compare compilation error for x87 test case.
BUG=

Review-Url: https://codereview.chromium.org/2513413006
Cr-Commit-Position: refs/heads/master@{#41202}
2016-11-23 06:31:21 +00:00
gdeepti
3c98e33959 [wasm] WebAssembly.Memory object can be referenced by multiple Instance objects.
Add support for WebAssembly.Memory objects to be simultaneously referenced by multiple Instance objects. GrowingMemory should maintain a consistent view of memory across instances.
 - Store a link to instances that share WebAssembly.Memory in the WasmMemoryObject, updated on instantiate.
 - Implement WasmInstanceWrapper as a wrapper around the instance object to keep track of previous/next instances, instance object is stored as a WeakCell that can be garbage collected.
 - MemoryInstanceFinalizer maintains a valid list of instances when an instance is garbage collected.
 - Refactor GrowInstanceMemory to GrowMemoryBuffer that allocates a new buffer, and UncheckedUpdateInstanceMemory that updates memory references for an instance.

 R=titzer@chromium.org, mtrofin@chromium.org, bradnelson@chromium.org

Committed: https://crrev.com/30ef8e33f3a199a27ca8512bcee314c9522d03f6
Review-Url: https://codereview.chromium.org/2471883003
Cr-Original-Commit-Position: refs/heads/master@{#41121}
Cr-Commit-Position: refs/heads/master@{#41198}
2016-11-23 03:09:35 +00:00
mtrofin
7a1ad0c581 [turbofan] Regalloc validator: support same block pending assessment
Previous fuzzer fix broke the case when the pending assessment came from the same
block. In that case, the assessments table does not have an entry yet for the block,
because we register only when we're done processing a block.

BUG=667745

Review-Url: https://codereview.chromium.org/2519973004
Cr-Commit-Position: refs/heads/master@{#41193}
2016-11-22 17:31:06 +00:00
marja
0f87349505 Update tests which are now failing with FLAG_lazy_inner_functions.
The tests were relying on early errors which we don't produce since we
now preparse more often.

BUG=v8:2728, v8:5501, v8:5663

Review-Url: https://codereview.chromium.org/2523683002
Cr-Commit-Position: refs/heads/master@{#41189}
2016-11-22 15:46:17 +00:00
jkummerow
5ef05d8e2c [cleanup] Drop handwritten KeyedStoreIC code
The handwritten-assembly implementations of both dispatcher and
generic stub have been replaced by Turbofan-generated stubs.

Review-Url: https://codereview.chromium.org/2523473002
Cr-Commit-Position: refs/heads/master@{#41188}
2016-11-22 15:43:59 +00:00
jgruber
9eec1c8617 [debug-wrapper] Migrate wasm/frame-inspection test
Wasm frames are special in that they have a non-integer script id
in inspector. The way we treat script ids currently is a bit of a mess -
our runtime functions expected integer IDs while inspector has string
IDs (which contain integers, except for Wasm frames). This will need to
be cleaned up once more Wasm tests are added.

The meaning of line/column numbers has also changed; the old JS debug
API encoded the function index and byte offset into line/column numbers,
while inspector-based API actually translates into lines/columns in the
disassembly.

BUG=v8:5530

Review-Url: https://codereview.chromium.org/2515133003
Cr-Commit-Position: refs/heads/master@{#41182}
2016-11-22 13:59:05 +00:00
jgruber
cda1a60ab3 [debug-wrapper] Migrate suspended generator scope test
Unfortunately, there's currently no satisfying way of accessing scopes
of suspended generator objects through inspector. This CL implements
access to such scopes through runtime functions instead.

BUG=v8:5530

Review-Url: https://codereview.chromium.org/2513343004
Cr-Commit-Position: refs/heads/master@{#41179}
2016-11-22 13:32:13 +00:00
verwaest
30d2fb6b50 [runtime] Always normalize prototype maps that aren't marked as 'should be fast' yet
This makes the test in the bug ~10x faster. It could inadvertently make other things slower, so revert eagerly if included in a range where performance tanks.

BUG=chromium:666852

Review-Url: https://codereview.chromium.org/2525573002
Cr-Commit-Position: refs/heads/master@{#41178}
2016-11-22 13:25:17 +00:00
jgruber
a0e9160066 [debug-wrapper] Implement StepFrame through runtime
StepFrame is a combination of StepIn/StepOut, e.g. it breaks to the next
frame change. This is not part of the public API, but we want to keep it
for internal tests.

BUG=v8:5530

Review-Url: https://codereview.chromium.org/2514303003
Cr-Commit-Position: refs/heads/master@{#41177}
2016-11-22 13:14:53 +00:00
ahaas
2ba24a71b6 [regexp fuzzer] Let the fuzzer input select the regexp flag.
With this CL the regexp-parser-fuzzer uses the first byte of the fuzzer
input to select the regexp flag instead of executing each input with all
possible flags. Thereby the fuzzer can explore more inputs and with its
coverage metric will explore all flags only for interesting inputs.

I updated all files in test/fuzzer/regexp and added a random byte at the beginning. This byte is used by the fuzzer to determine the flag.

BUG=chromium:664436
R=yangguo@chromium.org

Review-Url: https://codereview.chromium.org/2511373002
Cr-Commit-Position: refs/heads/master@{#41176}
2016-11-22 12:59:38 +00:00
jgruber
facd6b9a4a [debug-wrapper] Migrate more tests
* Fix setting script-scope variables through inspector by internalizing
  their names.
* Reconstruct values of Number, String, and Boolean classes.
* Adapt a couple of tests for API restrictions.

BUG=v8:5530

Review-Url: https://codereview.chromium.org/2512963002
Cr-Commit-Position: refs/heads/master@{#41175}
2016-11-22 12:44:18 +00:00
titzer
5a1fbe24ba [d8] Do not try to verify zero-ness of failed virtual memory allocation.
BUG=chromium:667603
R=clemensh@chromium.org

Review-Url: https://codereview.chromium.org/2519363002
Cr-Commit-Position: refs/heads/master@{#41174}
2016-11-22 12:36:37 +00:00
jarin
d7aae405c7 [turbofan] Fix representation changes for unsigned values used as checked-signed values.
BUG=chromium:664117

Review-Url: https://codereview.chromium.org/2522883002
Cr-Commit-Position: refs/heads/master@{#41173}
2016-11-22 12:07:45 +00:00
clemensh
172f501233 [wasm] Implement official wasm text format
When disassembling functions for the inspector, we used an internal
text representation before. This CL implements the official text
format like it is understood by the spec interpreter.

Example output:
func $main (param i32) (result i32)
block i32
  get_local 0
  i32.const 2
  i32.lt_u
  if
    i32.const -2
    return
  end
  get_local 0
  call_indirect 0
end

R=rossberg@chromium.org, titzer@chromium.org
BUG=chromium:659715

Review-Url: https://codereview.chromium.org/2520943002
Cr-Commit-Position: refs/heads/master@{#41172}
2016-11-22 11:59:56 +00:00
mstarzinger
ffe2fbf876 [test] Run module tests on the deopt fuzzer.
R=neis@chromium.org
BUG=v8:1569

Review-Url: https://codereview.chromium.org/2523693002
Cr-Commit-Position: refs/heads/master@{#41171}
2016-11-22 11:36:16 +00:00
mstarzinger
a90671f1b9 [interpreter] Fix stack unwinding of deoptimized frames.
This fixes stack unwinding to always recompute the stack pointer for
interpreted frames. For frames materialized by the deoptimizer we elide
the handler frame in between, hence arguments being pushed on the stack
will no longer be pushed into the handler frame but into the interpreted
frame directly.

R=jarin@chromium.org
TEST=mjsunit/regress/regress-crbug-662830
BUG=chromium:662830

Review-Url: https://codereview.chromium.org/2517203003
Cr-Commit-Position: refs/heads/master@{#41170}
2016-11-22 11:28:45 +00:00
bmeurer
84c9360b82 [turbofan] Fix broken effect chain for instanceof.
BUG=chromium:667689
R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2518313002
Cr-Commit-Position: refs/heads/master@{#41169}
2016-11-22 11:05:35 +00:00
tebbi
1b320d2039 [cpu-profiler] use new source position information for deoptimization in cpu profiler
The new SourcePosition class allows for precise tracking of source positions including the stack of inlinings. This CL makes the cpu profiler use this new information. Before, the cpu profiler used the deoptimization data to reconstruct the inlining stack. However, optimizing compilers (especially Turbofan) can hoist out checks such that the inlining stack of the deopt reason and the inlining stack of the position the deoptimizer jumps to can be different (the old cpu profiler tests and the ones introduced in this cl produce such situations for turbofan). In this case, relying on the deoptimization info produces paradoxical results, where the reported position is before the function responsible is called. Even worse, https://codereview.chromium.org/2451853002/ combines the precise position with the wrong inlining stack from the deopt info, leading to completely wrong results.

Other changes in this CL:
- DeoptInlinedFrame is no longer needed, because we can compute the correct inlining stack up front.
- I changed the cpu profiler tests back to test situations where deopt checks are hoisted out in Turbofan and made them robust enough to handle the differences between Crankshaft and Turbofan.
- I reversed the order of SourcePosition::InliningStack to make it match the cpu profiler convention.
- I removed CodeDeoptEvent::position, as it is no longer used.

R=alph@chromium.org

BUG=v8:5432

Review-Url: https://codereview.chromium.org/2503393002
Cr-Commit-Position: refs/heads/master@{#41168}
2016-11-22 10:14:59 +00:00
jbroman
9d524bd33d Fix out-of-range access in unibrow::Utf8::CalculateValue.
This code should not access bytes out of the permitted range in order to check
the range of a possible UTF-8 value. Instead, the length check should occur
before such checks.

BUG=chromium:667260, chromium:662822

Review-Url: https://codereview.chromium.org/2520053003
Cr-Commit-Position: refs/heads/master@{#41165}
2016-11-22 09:27:59 +00:00
gdeepti
e60e961140 [simd] Disable Simd Scalar lowering for x64, enable tests for all other architectures.
- Simd Scalar lowering should be conditionally disabled if the architecture has a native SIMD implementation.
 - Enable scalar lowering tests on all architectures instead of only x64.

R=bbudge@chromium.org, aseemgarg@chromium.org

Review-Url: https://codereview.chromium.org/2514663002
Cr-Commit-Position: refs/heads/master@{#41160}
2016-11-21 23:03:26 +00:00
mtrofin
71144e5aa6 [turbofan] Use correct block when tracing pending assessments in regalloc verifier
The verifier needs to use the block and assessments in that block corresponding to
a predecessor of a "pending" assessment. Not doing that causes incorrect
assessments when 2 locations are swapped.

BUG=665402

Review-Url: https://codereview.chromium.org/2515803002
Cr-Commit-Position: refs/heads/master@{#41159}
2016-11-21 22:21:14 +00:00
eholk
d0fe942d23 [wasm] Throw a RangeError if Wasm memory could not be allocated.
This fixes a bug found by the fuzzer where we would attempt to
dereference a null handle if memory allocation failed. In this case,
the failure was because the amount of memory requested was above V8's
hardcoded limit.

BUG= https://bugs.chromium.org/p/chromium/issues/detail?id=666741

Review-Url: https://codereview.chromium.org/2514983002
Cr-Commit-Position: refs/heads/master@{#41158}
2016-11-21 21:58:53 +00:00