Commit Graph

27844 Commits

Author SHA1 Message Date
mlippautz
f501373dc7 [heap] Properly adjust live bytes for pages where we abort evacaution
BUG=chromium:524425
LOG=N

Review URL: https://codereview.chromium.org/1588823003

Cr-Commit-Position: refs/heads/master@{#33302}
2016-01-14 17:04:14 +00:00
mtrofin
83683e92e1 [turbofan] Splinter when range ends at hot block start
We were sometimes losing a splintering opportunity when a range was
ending at the beginning of a hot (==non-deferred) block, when giving
its value to some fixed range - i.e. a fixed operand of the first instruction
in that hot block.

Renamed 2 APIs to better reflect what their intent is.

Added self-checking when introducing moves connecting ranges, to
ensure we don't spill/fill in hot blocks ranges spilled only in deferred
blocks. Verified locally that these checks would have tripped in a few
cases before this change.

BUG=

Review URL: https://codereview.chromium.org/1564583002

Cr-Commit-Position: refs/heads/master@{#33301}
2016-01-14 16:29:09 +00:00
nikolaos
2b90397d67 Set up rewriting triggers
This patch implements eager expression rewriting when parsing.  It will
be used for desugaring spreads but may have other uses in the future.

We call Traits::RewriteExpression as soon as we realise that something
parsed as an expression is actually used as an expression (and not as
a pattern).  This patch adds a dummy implementation for this function,
doing no rewriting at all, and adds the trigers in the right places of
the parser.

R=rossberg@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1567603005

Cr-Commit-Position: refs/heads/master@{#33300}
2016-01-14 15:47:07 +00:00
jkummerow
48a3227b7d [Interpreter] [arm] Fix PushArgsAndConstruct
When reserving a stack slot for the receiver, push an Immediate(0)
rather than a register that contains an untagged integer.
All other platforms push zero already.

Review URL: https://codereview.chromium.org/1585183002

Cr-Commit-Position: refs/heads/master@{#33299}
2016-01-14 15:09:12 +00:00
yangguo
f58ed31a1b [debugger] tentative fix for crash in FindSharedFunctionInfoInScript.
R=ulan@chromium.org
BUG=chromium:567937
LOG=N

Review URL: https://codereview.chromium.org/1584023003

Cr-Commit-Position: refs/heads/master@{#33298}
2016-01-14 14:45:33 +00:00
vogelheim
8c04c33f28 Generalize 'fast accessor' tests to work with --always-opt.
BUG=508898
LOG=N

Review URL: https://codereview.chromium.org/1588053002

Cr-Commit-Position: refs/heads/master@{#33297}
2016-01-14 14:25:02 +00:00
rmcilroy
ef21fb2de6 [Interpreter] Ensure we always have an outer register allocation scope.
Split RegisterAllocationScope out of ExpressionResult and allocate one
for each statement. This ensures that we always have an outer register
allocation scope for statement code (used in CountOperation and
RegisterExecutionResult). Also refactored the register allocator code to
move it to it's own file and rename from TemporaryRegisterScope to
BytecodeRegisterAllocator.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1587033002

Cr-Commit-Position: refs/heads/master@{#33296}
2016-01-14 13:43:40 +00:00
titzer
fd7f7a8f5a [turbofan] Remove dead function Graph::VisitNodeInputsFromEnd().
R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1583153003

Cr-Commit-Position: refs/heads/master@{#33295}
2016-01-14 13:23:16 +00:00
epertoso
71129d5b43 Fix the receiver check in the HandleFastApiCall builtin.
CompatibleReceiverCheck used by the HandleFastApiCall builtin was terminating with failure upon encountering a hidden prototype.

It should actually stop iterating on the first non-hidden prototype.

BUG=

Review URL: https://codereview.chromium.org/1576423003

Cr-Commit-Position: refs/heads/master@{#33294}
2016-01-14 12:24:04 +00:00
jarin
7ad13bf83b [turbofan] Representation inference of shift should depends on the propagated type.
Review URL: https://codereview.chromium.org/1588563002

Cr-Commit-Position: refs/heads/master@{#33293}
2016-01-14 11:51:25 +00:00
jarin
59ff83f6b0 [turbofan] Restore i32+i32->i32 handling in representation inference.
This restores the case that was removed by

commit f0e41175fd
Author: jarin <jarin@chromium.org>
Date:   Tue Jan 5 03:56:04 2016 -0800

    [turbofan] Bidirectional representation inference.

BUG=v8:4667
LOG=n
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1584913003

Cr-Commit-Position: refs/heads/master@{#33292}
2016-01-14 11:50:20 +00:00
vogelheim
41719a42ac Restrict GeneratePreagedPrologue to proper functions.
This solves a bug discovered with fast accessors, where a pre-age prologue
was written into a stub. Since StaticMarkingVisitor<.>::IsFlushable will
only flush Code::FUNCTION [1], we'll restrict GeneratePreagedPrologue to
functions, too, instead of adding a Code::STUB restriction.

Also, generalize api accessor test cases to --optimize-for-size.
Also, fix CompilationCacheCachingBehavior for --optimize-for-size.

[1] https://code.google.com/p/chromium/codesearch#chromium/src/v8/src/heap/objects-visiting-inl.h&l=629-632

R=epertoso
BUG=

Review URL: https://codereview.chromium.org/1580323003

Cr-Commit-Position: refs/heads/master@{#33291}
2016-01-14 11:48:17 +00:00
rossberg
2d36bdffa2 Forgot adding new file to build files
R=hablich@chromium.org
BUG=v8:4664
LOG=N

Review URL: https://codereview.chromium.org/1581423003

Cr-Commit-Position: refs/heads/master@{#33290}
2016-01-14 11:37:09 +00:00
machenbach
45ec73da15 [cq] Automatically use the same bots for git cl try.
Depot tools now uses the project's cq.cfg by default on
git cl try, if no other method is specified.

Based on:
https://codereview.chromium.org/1579423004/
https://codereview.chromium.org/1587893003/

BUG=chromium:565952
TBR=tandrii@chromium.org
LOG=n
NOTRY=true

Review URL: https://codereview.chromium.org/1583233002

Cr-Commit-Position: refs/heads/master@{#33289}
2016-01-14 11:15:16 +00:00
ishell
405c7a68ab Generalize all representations when reconfiguring a property of a strict Function subclass.
BUG=chromium:575080
LOG=N

Review URL: https://codereview.chromium.org/1579603002

Cr-Commit-Position: refs/heads/master@{#33288}
2016-01-14 10:45:34 +00:00
machenbach
6413507c38 [test] Clean up valgrind runner.
- Use valgrind from v8/third_party/valgrind fetched as custom
deps. This will make the check more portable on buildbot
slaves without the need to install valgrind.
- Build path to checked executable to be ready for swarming.

BUG=chromium:535160
LOG=n
NOTRY=true

Review URL: https://codereview.chromium.org/1585093002

Cr-Commit-Position: refs/heads/master@{#33287}
2016-01-14 10:42:32 +00:00
titzer
d1bc4f0e27 Reland of [wasm] Add tests for JS wrappers to test-run-wasm.
Fix: pass global object as receiver when calling WASM->JS.

R=bradnelson@chromium.org, ahaas@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1581393003

Cr-Commit-Position: refs/heads/master@{#33286}
2016-01-14 09:49:04 +00:00
sigurds
3743bf4837 [turbofan] Fix bug in object state generation of escape analysis.
Apparently, some StateValues have other StateValues as input. This
CL makes escape analysis transformation phase aware of it.

R=mstarzinger@chromium.org
BUG=v8:4586
LOG=n

Review URL: https://codereview.chromium.org/1581183004

Cr-Commit-Position: refs/heads/master@{#33285}
2016-01-14 09:30:08 +00:00
machenbach
3b6f913fe7 Revert of [cq] Keep presubmit trybots and cq automatically in sync. (patchset #1 id:1 of https://codereview.chromium.org/1580193004/ )
Reason for revert:
Doesn't work with triggered bots. Waiting for this fix: https://codereview.chromium.org/1587893003/

Original issue's description:
> [cq] Keep presubmit trybots and cq automatically in sync.
>
> Code copied 1:1 from chromium.
>
> BUG=chromium:565952
> LOG=n
> NOTRY=true
>
> Committed: https://crrev.com/039dce1e355be6422c672badef5f3895f3b16ead
> Cr-Commit-Position: refs/heads/master@{#33264}

TBR=tandrii@chromium.org,kjellander@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:565952

Review URL: https://codereview.chromium.org/1579223004

Cr-Commit-Position: refs/heads/master@{#33284}
2016-01-14 08:01:06 +00:00
bmeurer
ae679c5496 [turbofan] Add support for inlining bound functions.
Support inlining across bound functions in the JSCallReducer when we
specialize to the native context. This basically removes all overhead
from bound functions in TurboFan and gives another speed of 10x on my
microbenchmark.

BUG=chromium:535408, chromium:571299, v8:4629
R=jarin@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1581343002

Cr-Commit-Position: refs/heads/master@{#33283}
2016-01-14 07:14:59 +00:00
mtrofin
7440edae1d [turbofan] avoid xchg instruction on Intel
On Intel, xchg stalls the pipeline. We use xchg to implement swap
moves. In a separate exploration, the presence of xchg in a very hot
loop, due to a change in register allocation, lead to over 20% regression.

Simply changing that instruction with push/mov/pop (almost) eliminated
the regression.

In light of that, I removed uses of xchg. This leads to more instructions,
though. That is particularly problematic for long cycles, which, today,
we translate to successions of swaps.

I plan to address this cycle issue in a separate change. For now, the
goal is to unblock the initial work that lead here.

Review URL: https://codereview.chromium.org/1580233003

Cr-Commit-Position: refs/heads/master@{#33282}
2016-01-14 05:14:49 +00:00
v8-autoroll
1357357647 Update V8 DEPS.
Rolling v8/tools/clang to 24e8c1c92fe54ef8ed7651b5850c056983354a4a

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review URL: https://codereview.chromium.org/1586933002

Cr-Commit-Position: refs/heads/master@{#33281}
2016-01-14 04:50:51 +00:00
zhengxing.li
fe33d20fd1 X87: [builtins] Migrate Number constructor similar to String constructor.
port 322ffda30d (r33265)

  original commit message:
  Also migrate the Number constructor to a native builtin, using the
  same mechanism already used by the String constructor. Otherwise just
  parsing and compiling the Number constructor to optimized code already
  eats 2ms on desktop for no good reason, and the resulting optimized
  code is not even close to awesome.

  Drive-by-fix: Use correct context for the [[Construct]] case of the
  String constructor as well, and share some code with it.

BUG=

Review URL: https://codereview.chromium.org/1581313002

Cr-Commit-Position: refs/heads/master@{#33280}
2016-01-14 03:34:04 +00:00
caitpotter88
d19e3a21d6 [parser] reject AssignmentElements with non-ASSIGN initializer ops
When parsing a pattern element with an assignment operator that is not
Token::ASSIGN, record a pattern error to indicate the invalid assignment target.

BUG=v8:811, v8:4666
LOG=N
R=adamk@chromium.org, rossberg@chromium.org, littledan@chromium.org

Review URL: https://codereview.chromium.org/1583863003

Cr-Commit-Position: refs/heads/master@{#33279}
2016-01-14 03:09:16 +00:00
zhengxing.li
e101aa7ff1 X87: [builtins] Sanitize receiver patching for API functions.
port 12bcba1543 (r33258)

  original commit message:
  The API functions are always in sloppy mode, so receiver is always a
  JSReceiver once the actual call trampoline runs, no need to check again
  in various places.

BUG=

Review URL: https://codereview.chromium.org/1582173002

Cr-Commit-Position: refs/heads/master@{#33278}
2016-01-14 03:03:10 +00:00
adamk
92610888dd [test262] Remove stale status lines
The bulk of these were marked simply '[PASS]', while one was marked
'[PASS, FAIL]' but seems to always pass.

BUG=v8:3305, v8:4405
LOG=n

Review URL: https://codereview.chromium.org/1584863003

Cr-Commit-Position: refs/heads/master@{#33277}
2016-01-14 01:03:41 +00:00
caitpotter88
2a20d51837 [es6] add SetFunctionName() behaviour to AssignmentExpression
BUG=v8:3699
LOG=N
R=adamk@chromium.org, rossberg@chromium.org, littledan@chromium.org

Review URL: https://codereview.chromium.org/1582783004

Cr-Commit-Position: refs/heads/master@{#33276}
2016-01-13 23:36:09 +00:00
adamk
a3a6bd4128 Revert of [wasm] Add tests for JS wrappers to test-run-wasm. (patchset #1 id:1 of https://codereview.chromium.org/1581643004/ )
Reason for revert:
New test failed on nosnap builder (https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap%20-%20debug/builds/4738):

Test: cctest/test-run-wasm-js/Run_CallJS_Add_jswrapped

Stderr:
abort: Sloppy function expects JSReceiver as receiver.

#
# Fatal error in ../../src/objects-inl.h, line 3221
# Check failed: !v8::internal::FLAG_enable_slow_asserts || (object->IsJSFunction()).
#

Original issue's description:
> [wasm] Add tests for JS wrappers to test-run-wasm.
>
> R=bradnelson@chromium.org, ahaas@chromium.org
> BUG=
>
> Committed: https://crrev.com/c52f5ced4e600a57c02301f2936b80f086613985
> Cr-Commit-Position: refs/heads/master@{#33274}

TBR=ahaas@chromium.org,bradnelson@chromium.org,titzer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1587763002

Cr-Commit-Position: refs/heads/master@{#33275}
2016-01-13 21:01:58 +00:00
titzer
c52f5ced4e [wasm] Add tests for JS wrappers to test-run-wasm.
R=bradnelson@chromium.org, ahaas@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1581643004

Cr-Commit-Position: refs/heads/master@{#33274}
2016-01-13 19:56:56 +00:00
mbrandy
b48f09d589 PPC: [builtins] Sanitize receiver patching for API functions.
Port 12bcba1543

Original commit message:
    The API functions are always in sloppy mode, so receiver is always a
    JSReceiver once the actual call trampoline runs, no need to check again
    in various places.

R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1583893002

Cr-Commit-Position: refs/heads/master@{#33273}
2016-01-13 19:33:02 +00:00
mbrandy
26a52ed477 PPC: [builtins] Migrate Number constructor similar to String constructor.
Port 322ffda30d

Original commit message:
    Also migrate the Number constructor to a native builtin, using the
    same mechanism already used by the String constructor. Otherwise just
    parsing and compiling the Number constructor to optimized code already
    eats 2ms on desktop for no good reason, and the resulting optimized
    code is not even close to awesome.

    Drive-by-fix: Use correct context for the [[Construct]] case of the
    String constructor as well, and share some code with it.

R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1583903002

Cr-Commit-Position: refs/heads/master@{#33272}
2016-01-13 19:31:01 +00:00
mtrofin
fd7339879e This change precisely identifies the live range of the
exception operand in a handler block. This avoids confusing
unrelated ranges, which may happen if escape analysis elides
the exception operand.

BUG=chromium:576195
LOG=N

Review URL: https://codereview.chromium.org/1579603005

Cr-Commit-Position: refs/heads/master@{#33271}
2016-01-13 17:25:18 +00:00
sigurds
a3f234cd55 [turbofan] Fix double reduce in escape analysis
The escape analysis transformation phase visits allocation nodes
twice under some circumstances, thus reporting wrong counter values.
This CL ensures counter values are correct.

R=mstarzinger@chromium.org
BUG=v8:4586
LOG=n

Review URL: https://codereview.chromium.org/1577273002

Cr-Commit-Position: refs/heads/master@{#33270}
2016-01-13 16:03:40 +00:00
mythria
eccbdde041 [Interpreter] Removes assignment hazard scope.
Removes assignment hazard scope. Reverts back to the naive scheme of
allocating a temporary for every variable load. It was decided to revert it
because the current implementation does not handle logical expressions,
ternary operators, visiting objects in named/keyed loads. Also, we wanted
to evaluate alternate approaches and choose one when we have a mechanism
to measure performance.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1576403004

Cr-Commit-Position: refs/heads/master@{#33269}
2016-01-13 15:41:31 +00:00
jarin
ed21aa2449 [turbofan] Avoid using the typer's types in representation inference for phis.
Once we use type feedback, we need to reflect the feedback in the types, propagate
the new narrower types forward and use them in the subsequent
representation inference. This CL propagates and uses the recomputed types
for Phi and Select nodes (rather than using the types from the typer).

Review URL: https://codereview.chromium.org/1580353003

Cr-Commit-Position: refs/heads/master@{#33268}
2016-01-13 15:35:36 +00:00
sigurds
fc9a73e8a6 [turbofan] Various performance enhancements for escape analysis
This bug improves performance of escape analysis.

* A allocation discovery phase  (EscapeAnalysis::AssignAliases)
  ensures compact representation of virtual state
* Node revisiting in EscapeStatusAnalysis has been improved
* Escape analysis no longer requires a trimmed graph

BUG=v8:4586
LOG=n

Review URL: https://codereview.chromium.org/1559123003

Cr-Commit-Position: refs/heads/master@{#33267}
2016-01-13 15:30:48 +00:00
balazs.kilvady
0830ac7cc3 MIPS: Fix 'MIPS: Fix dd() implementations for compact branches.'
Port 5091e8f2f5

TEST=cctest/test-assembler-mips64/jump_tables1,cctest/test-assembler-mips64/jump_tables2,cctest/test-assembler-mips64/jump_tables3,cctest/test-macro-assembler-mips/jump_tables5
BUG=

Review URL: https://codereview.chromium.org/1582533005

Cr-Commit-Position: refs/heads/master@{#33266}
2016-01-13 15:16:31 +00:00
bmeurer
322ffda30d [builtins] Migrate Number constructor similar to String constructor.
Also migrate the Number constructor to a native builtin, using the
same mechanism already used by the String constructor. Otherwise just
parsing and compiling the Number constructor to optimized code already
eats 2ms on desktop for no good reason, and the resulting optimized
code is not even close to awesome.

Drive-by-fix: Use correct context for the [[Construct]] case of the
String constructor as well, and share some code with it.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1573243009

Cr-Commit-Position: refs/heads/master@{#33265}
2016-01-13 15:15:08 +00:00
machenbach
039dce1e35 [cq] Keep presubmit trybots and cq automatically in sync.
Code copied 1:1 from chromium.

BUG=chromium:565952
LOG=n
NOTRY=true

Review URL: https://codereview.chromium.org/1580193004

Cr-Commit-Position: refs/heads/master@{#33264}
2016-01-13 15:07:30 +00:00
machenbach
1c07a0c8ab [cq] Use more next gen trybots.
This uses the bots introduced here:
https://codereview.chromium.org/1581803003/

BUG=chromium:535160
LOG=n
NOTRY=true
NOPRESUBMIT=true
TBR=tandrii@chromium.org, kjellander@chromium.org

Review URL: https://codereview.chromium.org/1588543002

Cr-Commit-Position: refs/heads/master@{#33263}
2016-01-13 14:05:42 +00:00
jkummerow
70b7400138 [defineProperty] Fix non-throwing access check failure
ReportFailedAccessCheck() sometimes doesn't throw an exception (it's up
to the embedder). Pretend that OrdinaryDefineOwnProperty() succeeded in
that case. This is consistent with existing behavior of other methods:
- JSObject::DefineOwnPropertyIgnoreAttributes
- JSObject::SetPropertyWithFailedAccessCheck
- Object::SetPropertyWithAccessor

See also commit f66c3f5c35.

BUG=chromium:574217
LOG=n
R=neis@chromium.org

Review URL: https://codereview.chromium.org/1580823002

Cr-Commit-Position: refs/heads/master@{#33262}
2016-01-13 13:29:57 +00:00
yangguo
57cea798de Disable concurrent osr.
R=jarin@chromium.org
BUG=v8:4650
LOG=Y

Review URL: https://codereview.chromium.org/1574113009

Cr-Commit-Position: refs/heads/master@{#33261}
2016-01-13 11:01:49 +00:00
vogelheim
e8e4e920d4 Remove stale TODO.
(fast_handler *has* a more specific type; the TODO is no longer applicable.)

R=epertoso@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1577233003

Cr-Commit-Position: refs/heads/master@{#33260}
2016-01-13 10:35:03 +00:00
neis
ee80b599a1 Remove superfluous check in JSProxy::HasProperty.
R=jkummerow@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1587483003

Cr-Commit-Position: refs/heads/master@{#33259}
2016-01-13 10:00:50 +00:00
bmeurer
12bcba1543 [builtins] Sanitize receiver patching for API functions.
The API functions are always in sloppy mode, so receiver is always a
JSReceiver once the actual call trampoline runs, no need to check again
in various places.

R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/1575973006

Cr-Commit-Position: refs/heads/master@{#33258}
2016-01-13 05:58:53 +00:00
v8-autoroll
4e509c23d6 Update V8 DEPS.
Rolling v8/tools/clang to afad7aa23b146a86be9bc335caaac5bcfa72f390

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review URL: https://codereview.chromium.org/1584673002

Cr-Commit-Position: refs/heads/master@{#33257}
2016-01-13 04:28:04 +00:00
aseemgarg
9933b03de8 Add __init__ function to all modules created in asm-to-wasm
TEST=asm-wasm.js
R=titzer@chromium.org,bradnelson@google.com
BUG=

Review URL: https://codereview.chromium.org/1583603002

Cr-Commit-Position: refs/heads/master@{#33256}
2016-01-13 01:24:00 +00:00
adamk
042760d233 Add littledan to src/js/OWNERS
Review URL: https://codereview.chromium.org/1580123002

Cr-Commit-Position: refs/heads/master@{#33255}
2016-01-13 01:09:19 +00:00
caitpotter88
6b28f294c1 [parser] reject parenthesized patterns as DestructuringAssignmentTargets
http://tc39.github.io/ecma262/#sec-destructuring-assignment-static-semantics-early-errors
requires that DestructuringAssignmentTargets which do not match Pattern productions,
must return true for IsValidSimpleAssignmentTarget.

This change rejects parenthesized patterns with a SyntaxError.

BUG=v8:4662, v8:811
LOG=N
R=adamk@chromium.org, rossberg@chromium.org, nikolaos@chromium.org

Review URL: https://codereview.chromium.org/1585473002

Cr-Commit-Position: refs/heads/master@{#33254}
2016-01-13 00:41:16 +00:00
aseemgarg
cd646f88a1 refactor BlockVisitor in asm to wasm and fix tests
TEST=asm-wasm.js
R=titzer@chromium.org,bradnelson@google.com
BUG=

Review URL: https://codereview.chromium.org/1584573002

Cr-Commit-Position: refs/heads/master@{#33253}
2016-01-12 21:59:53 +00:00