Commit Graph

39278 Commits

Author SHA1 Message Date
georgia.kouveli
57040734d8 [arm64] Fix another ubfx corner case.
This issue was fixed in VisitWord64And in 2f8ad11f. Port the fix to
VisitWord32And.

BUG=

Review-Url: https://codereview.chromium.org/2815853002
Cr-Commit-Position: refs/heads/master@{#44636}
2017-04-13 09:51:20 +00:00
Michael Achenbach
7d08b5e4d2 [test] Run test262 under asan with more variants
Bug: chromium:710428,v8:6248
Change-Id: I70430d5a200199563bf5468a6cc80614307f63e6
Reviewed-on: https://chromium-review.googlesource.com/474847
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44635}
2017-04-13 09:49:24 +00:00
bmeurer
136c712e61 [turbofan] Use unreliable receiver maps for __proto__ lowering.
When optimizing calls to get Object.prototype.__proto__ in
JSCallReducer, we can also consume unreliable receiver map
information, as long as the receiver maps are stable. In
that case we also need to install proper stability dependencies.

BUG=chromium:711195,v8:5267,v8:6241
R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2816993002
Cr-Commit-Position: refs/heads/master@{#44634}
2017-04-13 09:40:40 +00:00
Clemens Hammacher
6e70425be1 [wasm] Provide scope information via inspector
This CL implements the proposed change to show information about
WebAssembly values and call frames via the inspector interface.
Each interpreted WebAssembly frame will have two scopes: A global scope
showing information about the memory (to be extended for globals), and
a local scope showing information about parameters, local variables, and
stack values.
Names of local variables will be added later.

R=ahaas@chromium.org, yangguo@chromium.org
BUG=v8:6245,v8:5822

Change-Id: I0a35fddd0a353933c86adf62083233b08098a2c7
Reviewed-on: https://chromium-review.googlesource.com/474865
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44633}
2017-04-13 09:00:02 +00:00
Michael Starzinger
68b047d094 [turbofan] Fix lowering of JSGetSuperConstructor.
This fixes the existing lowering of {JSGetSuperConstructor} nodes to
unconditional throws. The above operator is marked as {kNoWrite} but
runtime calls are not marked as such. Any deoptimizing operation after
the throw would not be able to find a valid {Checkpoint}. We remove the
lowering case in question.

R=bmeurer@chromium.org
TEST=mjsunit/regress/regress-6248
BUG=v8:6248

Change-Id: I22c922947336254502f698b02f944cf35dd8688a
Reviewed-on: https://chromium-review.googlesource.com/476570
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44632}
2017-04-13 08:34:22 +00:00
bmeurer
385734bf11 [turbofan] Let ChangeFloat64ToTagged canonicalize to Smi if possible.
When the incoming value to ChangeFloat64ToTagged is in Smi range, we
represent it as Smi instead of a HeapNumber. This addresses a range of
problems where TurboFan unnecessarily deoptimizes because an operation
learned Smi feedback in Ignition, but was then confronted with a tagged
HeapNumber in TurboFan, just because the value was also represented as
unboxed double somewhere in the meantime.

BUG=v8:6256
R=yangguo@chromium.org

Review-Url: https://codereview.chromium.org/2815283002
Cr-Commit-Position: refs/heads/master@{#44631}
2017-04-13 06:57:04 +00:00
Sathya Gunasekaran
b2831b5ddc [d8] Fix crash in shell when using dynamic import
This patch delays the DisposeModuleEmbedderData call for 
the interative shell case until we exit the RunShell function.

Bug: v8:5785
Change-Id: I01ff76000882cd1d6801fefc9ea3770c3f38c83b
Reviewed-on: https://chromium-review.googlesource.com/476024
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44630}
2017-04-13 02:23:42 +00:00
Caitlin Potter
e2670e80a5 [js-perf-test] add microbenchmarks for C-style for loops
Adds some benchmarks copied from v8:4762.

BUG=v8:4762, v8:5460
R=adamk@chromium.org

Change-Id: I0b96080042781c2c46c0c8a3896a921bde97c1e5
Reviewed-on: https://chromium-review.googlesource.com/475934
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Cr-Commit-Position: refs/heads/master@{#44629}
2017-04-12 21:56:43 +00:00
jyan
a738ad33b3 s390: add new mul support on branches and deopts
R=joransiu@ca.ibm.com, bjaideep@ca.ibm.com
BUG=

Review-Url: https://codereview.chromium.org/2815903002
Cr-Commit-Position: refs/heads/master@{#44628}
2017-04-12 20:01:18 +00:00
jyan
d9f6dd896c PPC/s390: [builtins] Change semantics of class constructors returning primitives
Port a7c4e77846

Original Commit Message:

    This change mirrors the semantics for derived class constructors. This
    change doesn't affect non class constructors.

    This change could potentially break web compat. More details:
    https://github.com/tc39/ecma262/pull/469

R=gsathya@chromium.org, joransiu@ca.ibm.com, bjaideep@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Review-Url: https://codereview.chromium.org/2815873003
Cr-Commit-Position: refs/heads/master@{#44627}
2017-04-12 19:59:29 +00:00
binji
7b300ba2e9 [SAB] Validate index before value conversion using ToIndex
It's required by the spec -- and observable -- that the index be validated
before the conversion of the value(s) via ToInteger.

The previous implementation also had an old test for validating the atomic
index, which has now been switched to ToIndex.

This also exposed an issue in the ia32 code generator: cmpxchg_b requires a
byte register, but the ia32 instruction selector was ensuring that the
new_value was a byte register, not the TempRegister. This change forces the
temp register to use edx, which always can be used as a byte register (dl).
This is the same behavior as currently used in UseByteRegister.

BUG=v8:4614
R=jarin@chromium.org,jkummerow@chromium.org

Review-Url: https://codereview.chromium.org/2814753003
Cr-Commit-Position: refs/heads/master@{#44626}
2017-04-12 19:08:40 +00:00
brucedawson
9c1dcfd911 Suppress incorrect warning
When doing VS 2017 official builds of some targets, including
mksnapshot.exe, a warning about a buffer overrun is shown. After
analysis and discussion with Microsoft it was decided that this warning
is spurious. The warning is:

    warning C4789: buffer 'key' of size 16 bytes will be overrun; 4
    bytes will be written starting at offset 16

Despite the certain language "4 bytes *will* be written..." it is in
fact a heuristic based warning. Suppressing it at this point in the
inlining stack appears to avoid the issues.

R=hablich@chromium.org
BUG=v8:6068

Review-Url: https://codereview.chromium.org/2804033005
Cr-Commit-Position: refs/heads/master@{#44625}
2017-04-12 19:07:25 +00:00
kozyatinskiy
aee49387f7 [inspector] store creation stack in current V8StackTraceImpl
We currently store it in parent stack trace but stacks with the same parent can have different creations stacks.

BUG=v8:6189
R=dgozman@chromium.org

Review-Url: https://codereview.chromium.org/2807273002
Cr-Commit-Position: refs/heads/master@{#44624}
2017-04-12 19:02:58 +00:00
hans
b2dc9230c1 Fix -Wshorten-64-to-32 in test-assembler-arm64.cc
The arm64 MacroAssembler expects buffer_size to be an unsigned, not a
size_t.

BUG=chromium:710913

Review-Url: https://codereview.chromium.org/2818513002
Cr-Commit-Position: refs/heads/master@{#44623}
2017-04-12 18:44:27 +00:00
kozyatinskiy
81bb72c11c [inspector] cache stack frame for call sites
Usually program doesn't contain a lot of different stack frames in collected stack trace.

BUG=v8:6189
R=yangguo@chromium.orr
TBR=bmeurer@chromium.org

Review-Url: https://codereview.chromium.org/2788413004
Cr-Commit-Position: refs/heads/master@{#44622}
2017-04-12 18:33:20 +00:00
brucedawson
aba4009858 Use correct define for identifying MSVC compiler
Optimizations are supposed to be disabled in our stack-trace code when
building with VC++. However the check used #if defined(COMPILER_MSVC)
when that is never defined in v8. The correct define in v8 is
V8_CC_MSVC.

R=hablich@chromium.org

Review-Url: https://codereview.chromium.org/2800043003
Cr-Commit-Position: refs/heads/master@{#44621}
2017-04-12 17:45:28 +00:00
Franziska Hinkelmann
148ff7394d [tools/dev/gm.py] Remove unused gdb_index.
gdb_index is not in declare_args() and has no effect.

NOTRY=true

Change-Id: I88a9558937aa8fea30ab246899bea4a123947f82
Reviewed-on: https://chromium-review.googlesource.com/475772
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44620}
2017-04-12 15:25:53 +00:00
Ross McIlroy
b7a7096668 [Interpreter] Remove BytecodePipeline.
The BytecodePipeline is no longer used by any optimizers, so remove it and
connect the BytecodeArrayBuilder directly to the BytecodeWriter.

Also remove some functions from BytecodeNode which are no longer used.

BUG=v8:6194

Change-Id: Id2ec94ff1d4db41b108a778100459283fbb2256c
Reviewed-on: https://chromium-review.googlesource.com/471528
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44619}
2017-04-12 15:18:50 +00:00
bjaideep
79bce3d655 PPC/S390: Fix to use correct instr to test bitmask
R=joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Review-Url: https://codereview.chromium.org/2800813002
Cr-Commit-Position: refs/heads/master@{#44618}
2017-04-12 14:45:37 +00:00
Ross McIlroy
53475efcaa Reland: [Interpreter] Unify approach to building interpreter handler and Turbofan stubs.
This relands commit a79f903155.

Original change's description:
> [Interpreter] Unify approach to building interpreter handler and Turbofan stubs.
> 
> Moves interpreter-generator.cc to a similar model of building handlers as
> Turbofan stubs elsewhere, to simplify moving code between stubs / builtins and
> bytecode handlers. This removes the "__" hack from the Interpreter generator
> code.
> 
> Also make SetBytecodeOffset private to InterpreterAssembler and make 
> LdaImmutable[Current]ContextSlot and Lda[Current]ContextSlot share
> handlers since they are identical.
> 
> Change-Id: I9e91e7d37c2ea75513e4dcc3b95b4bb6517f83da
> Reviewed-on: https://chromium-review.googlesource.com/471987
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#44534}
> 
TBR=rmcilroy@chromium.org,jkummerow@chromium.org,machenbach@chromium.org,cbruni@chromium.org,leszeks@chromium.org,v8-reviews@googlegroups.com,ishell@chromium.org

Change-Id: I282fe5582f681ccb0642537a70f89185558ee195
Reviewed-on: https://chromium-review.googlesource.com/474755
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44617}
2017-04-12 14:07:27 +00:00
Michael Achenbach
e63d74b117 Revert "[heap-verification] Increase verification for arguments objects"
This reverts commit b9194e93f2.

Reason for revert: Makes old pipeline flaky with custom snapshot:
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20-%20custom%20snapshot%20-%20debug/builds/14049

Original change's description:
> [heap-verification] Increase verification for arguments objects
> 
> BUG: v8:6251
> Change-Id: I8a6dd528656a69c7910770acaf2133830b60c291
> Reviewed-on: https://chromium-review.googlesource.com/475651
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#44609}

TBR=jkummerow@chromium.org,cbruni@chromium.org,v8-reviews@googlegroups.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Change-Id: Iedfdad290bf4f5f6ec2534e8c5378a7cc195db82
Reviewed-on: https://chromium-review.googlesource.com/475719
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44616}
2017-04-12 14:06:21 +00:00
Marja Hölttä
7079bdb830 [parser] Skipping inner funcs: Add a simple mjsunit test.
Unfortunately, this test cannot test that a function was really skipped (i.e.,
not parsed).

BUG=v8:5516

Change-Id: I8db5027d2216a95cc012ceae8e17554095cc1d4f
Reviewed-on: https://chromium-review.googlesource.com/457037
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44615}
2017-04-12 13:52:52 +00:00
hablich
d3f1d5c50c Revert of [wasm] instantiate expressed in terms of compile (patchset #6 id:140001 of https://codereview.chromium.org/2806073002/ )
Reason for revert:
Roll blocker: https://bugs.chromium.org/p/chromium/issues/detail?id=710824

Original issue's description:
> [wasm] instantiate expressed in terms of compile
>
> Today, the semantics of:
>
> WebAssembly.instantiate
>
> and
>
> WebAssembly.compile().then(new WebAssemblyInstance)
>
> are subtly different, to the point where attempting the proposed
> change uncovered bugs.
>
> In the future, it's possible that .instantiate actually have different
> semantics - if we pre-specialized to the provided ffi, for example.
> Right now that's not the case.
>
> This CL:
> - gets our implementation closer to what developers may write using
> the compile -> new Instance alternative, in particular wrt promise
> creation. By reusing code paths, we uncover more bugs, and keep
> maintenance cost lower.
>
> - it gives us the response-based WebAssembly.instantiate implicitly.
> Otherwise, we'd need that same implementation on the blink side. The
> negative is maintenance: imagine if the bugs I mentioned could only be
> found when running in Blink.
>
> BUG=chromium:697028
>
> Review-Url: https://codereview.chromium.org/2806073002
> Cr-Commit-Position: refs/heads/master@{#44592}
> Committed: 7829af3275

TBR=bradnelson@chromium.org,ahaas@chromium.org,adamk@chromium.org,mtrofin@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:697028

Review-Url: https://codereview.chromium.org/2810203002
Cr-Commit-Position: refs/heads/master@{#44614}
2017-04-12 13:27:56 +00:00
Marja Hölttä
7ad0742799 [iwyu] Include heap.h less.
The biggest problem is isolate.h (this CL doesn't solve that yet).

BUG=v8:5294

Change-Id: I56b32109f501c48facd99cd12ca6c8f427e188a9
Reviewed-on: https://chromium-review.googlesource.com/471487
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44613}
2017-04-12 12:55:13 +00:00
bmeurer
ca5f7f4d13 [turbofan] Do not eagerly kill elements for slow transitions in loop state.
R=jarin@chromium.org
BUG=v8:5267

Review-Url: https://codereview.chromium.org/2813183002
Cr-Commit-Position: refs/heads/master@{#44612}
2017-04-12 12:28:41 +00:00
Daniel Vogelheim
9c3beacc4d [build] Add all fuzzer targets to v8_fuzzers group.
Change-Id: I7f519cc778157f3ddd4c3135d0620a9f46d1193c
Reviewed-on: https://chromium-review.googlesource.com/475873
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44611}
2017-04-12 12:24:04 +00:00
Loo Rong Jie
fca70c83d1 Remove msvs_cygwin_dirs
BUG=v8:4742
R=machenbach@chromium.org,jkummerow@chromium.org

Change-Id: I03e87db1536f33a67593437f8c72c33486ecdbd1
Reviewed-on: https://chromium-review.googlesource.com/474787
Commit-Queue: Loo Rong Jie <loorongjie@gmail.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44610}
2017-04-12 12:18:54 +00:00
Camillo Bruni
b9194e93f2 [heap-verification] Increase verification for arguments objects
BUG: v8:6251
Change-Id: I8a6dd528656a69c7910770acaf2133830b60c291
Reviewed-on: https://chromium-review.googlesource.com/475651
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44609}
2017-04-12 11:31:16 +00:00
bmeurer
2eeb085427 [turbofan] Remove unused word32 truncation case for CheckFloat64Hole.
BUG=chromium:684208,chromium:709753,v8:5267
R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2811153003
Cr-Commit-Position: refs/heads/master@{#44608}
2017-04-12 11:27:21 +00:00
yangguo
5f90a6eb06 [debug,api] Do not use embedder field for debug context id.
We used to reserve the 0-th embedder data field for the debug
context id. This is no longer necessary since the inspector
has migrated to be part of V8. This makes the API a bit simpler.

R=clemensh@chromium.org, jochen@chromium.org, kozyatinskiy@chromium.org
BUG=v8:5530

Review-Url: https://codereview.chromium.org/2806303002
Cr-Commit-Position: refs/heads/master@{#44607}
2017-04-12 11:24:44 +00:00
jgruber
f4ba786de8 [string] Add a fast path to String.p.replace
This adds a fast path to skip runtime calls to GetSubstitution when
the replacer string does not contain a '$' char.

Extended background:

String.prototype.replace is (roughly) structured as follows:

* Check if {searchValue} has a @@replace Symbol, and delegate to that if
  so. We currently implement efficient fast paths when {searchValue} is
  a String or a fast RegExp.
* A specialized fast path for single-char {searchValue}, "long" subject
  string, and String {replaceValue} that do not contain '$' chars (yes,
  this fast path is very specialized).
* Check for the location of the first match using StringIndexOf, and
  exit early if no match is found.
* Finally build the return value, which is 'prefix + replacement +
  suffix', where replacement is either the result of calling {replaceValue}
  (if it is callable), or GetSubstitution(ToString({replaceValue}))
  otherwise.

There's several spots that could be improved.

StringIndexOf currently calls into C++ runtime for all but the simple
1-byte, 1-char {searchValue} case. We need to finally add support for
remaining cases.

The runtime call to GetSubstitution can be skipped if the replacer
string does not contain any '$' syntax. This CL handles that case.

BUG=

Review-Url: https://codereview.chromium.org/2813843002
Cr-Commit-Position: refs/heads/master@{#44606}
2017-04-12 10:40:56 +00:00
mic.besace
a5f91b3a95 Do not print enforcing Ignition and TurboFan when --turbo is on
BUG=

Review-Url: https://codereview.chromium.org/2757543004
Cr-Commit-Position: refs/heads/master@{#44605}
2017-04-12 10:32:43 +00:00
pwnall
53f13a09ba Add nogncheck to gtest/gtest_prod.h includes.
This is necessary to appease "gn check" if gtest_prod.h becomes a part
of the Chromium checkout, instead of a third-party repository brought
over by Chromium's DEPS. The file is already listed in v8's DEPS, but gn
does not use DEPS as an input.

BUG=chromium:630705

Review-Url: https://codereview.chromium.org/2807353002
Cr-Commit-Position: refs/heads/master@{#44604}
2017-04-12 10:24:23 +00:00
bmeurer
8c0c5e8117 [turbofan] Properly represent the float64 hole.
The hole NaN should also have proper Type::Hole, and not silently hide
in the Type::Number. This way we can remove all the special casing for
the hole NaN, and we also finally get the CheckNumber right.

This also allows us to remove some ducktape from the Deoptimizer, as for
escape analyzed FixedDoubleArrays we always pass the hole value now to
represent the actual holes.

Also-By: jarin@chromium.org
BUG=chromium:684208,chromium:709753,v8:5267
R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2814013003
Cr-Commit-Position: refs/heads/master@{#44603}
2017-04-12 10:10:48 +00:00
Clemens Hammacher
366f75301d [wasm] [interpreter] Avoid double parsing of locals
The local variables were parsed two times, which in fact doubled the
amount of local variables allocated for each called function.
This was costing memory and performance. As the additional local
variables were never used, we did not recognize this before.

Add a test case for locals and stack values of interpreted frames.

R=ahaas@chromium.org
BUG=v8:5822

Change-Id: Ie5cb8d8f5441edee6abb46aa6bebef4a033d582b
Reviewed-on: https://chromium-review.googlesource.com/474749
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44602}
2017-04-12 09:57:18 +00:00
Michael Achenbach
17c286848a [test] Fix sanitizer-coverage default options for gyp builds
This was missing in:
TBR=vogelheim@chromium.org

Bug: chromium:710409

TBR=vogelheim@chromium.org
NOTRY=true
Bug: chromium:710409

Change-Id: Ic4b59550e358860cd10adf3d5137342ff7e862a3
Reviewed-on: https://chromium-review.googlesource.com/475831
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44601}
2017-04-12 09:45:48 +00:00
Clemens Hammacher
8a6718b1a1 [wasm] [interpreter] Refactor and extend InterpretedFrame
Similar to WasmInterpreter::Thread, we now also use the pimpl idiom for
InterpretedFrame, hiding the implementation completely in the .cc file.
This allows us to store just two things per InterpretedFrameImpl: The
corresponding thread, and the frame index.
The external interface changes to always return a std::unique_ptr,
because the object layout is not known via the public interface, hence
objects cannot be stack allocated. They also cannot be copied or passed
by value.

The frame inspection interface will be tested after another fix in
https://chromium-review.googlesource.com/474749.

R=ahaas@chromium.org
BUG=v8:5822

Change-Id: I7b109da73df745fac97ec72cb0cf4f0ad71e5da9
Reviewed-on: https://chromium-review.googlesource.com/472887
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44600}
2017-04-12 09:22:58 +00:00
jgruber
4635572471 [regexp] Consider surrogate pairs when optimizing disjunctions
RationalizeConsecutiveAtoms optimizes ab|ac|az to a(?:b|c|d).
Ensure that this optimization does not split surrogate pairs in unicode
mode.

BUG=chromium:641091

Review-Url: https://codereview.chromium.org/2813893002
Cr-Commit-Position: refs/heads/master@{#44599}
2017-04-12 09:09:12 +00:00
bmeurer
483812d46c [turbofan] Fix typing rule for CheckBounds.
As of crrev.com/2760213003, the CheckBounds operator passes a truncation
that identfies zero and minus zero. However that was not reflected in
the typing rule, and as such the type of CheckBounds(-0,length) was
always Type::None. That confused the typed alias analysis in the
LoadElimination and led to ignoring StoreElement nodes.

BUG=chromium:708050
R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2812013006
Cr-Commit-Position: refs/heads/master@{#44598}
2017-04-12 09:02:28 +00:00
dusan.simicic
8d2db536c9 MIPS[64]: Support for some SIMD operations (4)
Add support for F32x4Abs, F32x4Neg, F32x4RecipApprox,
F32x4RecipRefine, F32x4RecipSqrtApprox, F32x4RecipSqrtRefine,
F32x4Add, F32x4Sub, F32x4Mul, F32x4Max, F32x4Min,
F32x4Eq, F32x4Ne, F32x4Lt, F32x4Le, I32x4SConvertF32x4,
I32x4UConvertF32x4 operations for mips32 and mips64
architectures.

BUG=

Review-Url: https://codereview.chromium.org/2778203002
Cr-Commit-Position: refs/heads/master@{#44597}
2017-04-12 07:32:00 +00:00
Camillo Bruni
a615efaa50 [elements] Dehandlify ElementsAccessor::HasElement as it cannot allocate
Change-Id: I8a20bff1f029df74732899db0b8a9ddc1f4f26d6
Reviewed-on: https://chromium-review.googlesource.com/474827
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44596}
2017-04-12 07:11:47 +00:00
bmeurer
1fceaf9f8c [turbofan] Use unreliable LOAD_IC feedback for Array.prototype.push.
Add the notion of reliable vs. unreliable receiver map information to
the NodeProperties::InferReceiverMaps machinery. The information is
considered reliable here if the maps are known to be valid based on the
effect chain, and unreliable if there was a side-effect in between that
might have changed the receiver map.

Use this unreliable information for Array.prototype.push, guarded by
either stability dependencies or map checks, which might present a
potential deoptimization loop, which is very unlikely, but still needs
fixing in the future. This is important to optimize calls to push even
in cases like this

  array.push(something.func());

where we have a side-effect (the call to something.func) between the
load of array.push and the actual call.

R=jarin@chromium.org
BUG=v8:5267,v8:6241

Review-Url: https://codereview.chromium.org/2812233002
Cr-Commit-Position: refs/heads/master@{#44595}
2017-04-12 06:32:59 +00:00
Sathya Gunasekaran
a7c4e77846 [builtins] Change semantics of class constructors returning primitives
This change mirrors the semantics for derived class constructors. This
change doesn't affect non class constructors.

This change could potentially break web compat. More details:
https://github.com/tc39/ecma262/pull/469

Bug=v8:5536

Change-Id: I519599949523733332d0b35e4f8d9ecb01cac495
Reviewed-on: https://chromium-review.googlesource.com/461225
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44594}
2017-04-12 04:35:43 +00:00
bmeurer
d98dfd8b9b Revert "[turbofan] Avoid going through ArgumentsAdaptorTrampoline for CSA/C++ builtins."
This reverts commit 9df5674bd5 because it
is not compatible with the way that Array.prototype.reduceRight and
Array.prototype.reduce deal with optional parameters at this point (i.e.
parameters where the behavior is different depending on whether the
parameter was skipped or undefined was passed).

In general, it might be better to not adapt arguments for builtins with
optional paramters, that are likely skipped, for example as in
Object.create or Array.prototype.reduce. Since that will require
arguments adaptor frames for normal calls, especially from baseline
code. Instead it might make sense to use the variadic arguments support
in the CodeStubAssembler instead to avoid the arguments adaptor in all
cases (not only when called from TurboFan optimized code).

BUG=v8:5267,chromium:709782,chromium:707992,chromium:708282,chromium:708599,chromium:709173,chromium:709747,chromium:707065,chromium:710417
TBR=danno@chromium.org

Review-Url: https://codereview.chromium.org/2817653002
Cr-Commit-Position: refs/heads/master@{#44593}
2017-04-12 04:32:05 +00:00
mtrofin
7829af3275 [wasm] instantiate expressed in terms of compile
Today, the semantics of:

WebAssembly.instantiate

and

WebAssembly.compile().then(new WebAssemblyInstance)

are subtly different, to the point where attempting the proposed
change uncovered bugs.

In the future, it's possible that .instantiate actually have different
semantics - if we pre-specialized to the provided ffi, for example.
Right now that's not the case.

This CL:
- gets our implementation closer to what developers may write using
the compile -> new Instance alternative, in particular wrt promise
creation. By reusing code paths, we uncover more bugs, and keep
maintenance cost lower.

- it gives us the response-based WebAssembly.instantiate implicitly.
Otherwise, we'd need that same implementation on the blink side. The
negative is maintenance: imagine if the bugs I mentioned could only be
found when running in Blink.

BUG=chromium:697028

Review-Url: https://codereview.chromium.org/2806073002
Cr-Commit-Position: refs/heads/master@{#44592}
2017-04-12 00:01:04 +00:00
mtrofin
70ad23791a [wasm] Snap to latest version of wasm-js APIs.
BUG=

Review-Url: https://codereview.chromium.org/2809253002
Cr-Commit-Position: refs/heads/master@{#44591}
2017-04-11 21:06:06 +00:00
mtrofin
53908d05b9 [wasm] Bumped DEPS for public js api tests, fixed failures.
This also fixes an existing discrepancy.

BUG=v8:6017

Review-Url: https://codereview.chromium.org/2808403002
Cr-Commit-Position: refs/heads/master@{#44590}
2017-04-11 20:09:20 +00:00
bjaideep
cb4ceee298 Reland: PPC/s390 [ignition] Add call bytecodes for undefined receiver
Port 57afd0bb07

Original Commit Message:

    Adds a collection of call bytecodes which have an implicit undefined
    receiver argument, for cases such as global calls where we know that the
    receiver has to be undefined. This way we can skip an LdaUndefined,
    decrease bytecode register pressure, and set a more accurate
    ConvertReceiverMode on the interpreter and TurboFan call.

    As a side effect, the "normal" Call bytecode now becomes a rare case
    (only with calls and super property calls), so we get rid of its 0-2
    argument special cases and modify CallProperty[N] to use the
    NotNullOrUndefined ConvertReceiverMode.

    Reland of https://chromium-review.googlesource.com/c/463287 after fixing
    tests in https://codereview.chromium.org/2813873002.

R=leszeks@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Review-Url: https://codereview.chromium.org/2813563006
Cr-Commit-Position: refs/heads/master@{#44589}
2017-04-11 17:53:15 +00:00
kmackay
f7e76cded6 Add some missing stdarg includes
One of our internal Chromecast builds was failing due to undefined
va_list in wasm-result.h. I also searched for other files where va_list
was used without including stdarg.h and added it as necessary (since
include-what-you-use is a thing).

BUG=chromium:706443

Review-Url: https://codereview.chromium.org/2780913002
Cr-Commit-Position: refs/heads/master@{#44588}
2017-04-11 17:12:07 +00:00
hans
dd1e2e8499 Tell MSan to ignore uninitialized padding when writing snapshots
After r299061, MSan started complaining about uninitialized data in
fwrite.

BUG=chromium:710152

Review-Url: https://codereview.chromium.org/2808253002
Cr-Commit-Position: refs/heads/master@{#44587}
2017-04-11 17:01:58 +00:00