Commit Graph

36167 Commits

Author SHA1 Message Date
ulan
a6976211d1 [heap] Relax condition for forced finalization of incremental marking.
Forcing finalization after reaching allocation limit regresses gc pause
time in benchmarks as we have to do a lot of non-incremental marking work.

This patch allows overshoot of the limit by some margin.

BUG=chromium:670675,chromium:671994
TBR=mlippautz@chromium.org

Review-Url: https://codereview.chromium.org/2554423005
Cr-Commit-Position: refs/heads/master@{#41625}
2016-12-09 16:23:06 +00:00
bradnelson
25189ffc36 [wasm][asm.js] Check that property keys are literals for imports.
BUG=672785
R=titzer@chromium.org

Review-Url: https://codereview.chromium.org/2566683002
Cr-Commit-Position: refs/heads/master@{#41624}
2016-12-09 15:58:40 +00:00
mstarzinger
50c5ac57de [deoptimizer] Fix Deoptimizer::GetDeoptInfo for last entry.
This fixes the corner-case where the method in question failed to lookup
the very last deoptimization bailout without subsequent entries within
the relocation info. Also enable a test covering this.

R=tebbi@chromium.org
TEST=cctest/test-cpu-profiler/CollectDeoptEvents

Review-Url: https://codereview.chromium.org/2565733002
Cr-Commit-Position: refs/heads/master@{#41623}
2016-12-09 15:06:26 +00:00
bradnelson
89e10055e4 [wasm][asm.js] Allow true/false in int binary ops.
Because the parser optimizes !123 -> false,
we allow booleans in expressions (but not parameter annotations).
Allow this in asm-wasm-builder.
Turn on an early out case in asm-typer that is fine.

BUG=672784
R=titzer@chromium.org

Review-Url: https://codereview.chromium.org/2561193003
Cr-Commit-Position: refs/heads/master@{#41622}
2016-12-09 15:01:30 +00:00
titzer
768acf683b [wasm] Only do SIMD lowering if SIMD is present in the graph.
R=bradnelson@chromium.org, ahaas@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2568493002
Cr-Commit-Position: refs/heads/master@{#41621}
2016-12-09 14:57:14 +00:00
yangguo
c9f8e23bbc Switch to std::is_fundamental<>.
Thanks for pointing this out to me!

R=clemensh@chromium.org
BUG=v8:5731

Review-Url: https://codereview.chromium.org/2565743002
Cr-Commit-Position: refs/heads/master@{#41620}
2016-12-09 14:54:32 +00:00
yangguo
75f5200508 [perf-prof] fix crash when logging.
Logging for --perf-prof is not GC safe. Now, we are going to
emit source position info for optimized code when we are
profiling, logging, or debugging, and under the same condition,
pre-compute the line ends array for line number computation.

R=tebbi@chromium.org
BUG=v8:5730

Review-Url: https://codereview.chromium.org/2562973002
Cr-Commit-Position: refs/heads/master@{#41619}
2016-12-09 14:30:38 +00:00
tandrii
5c49df2da6 Whitespace.
NOTRY=True
NOPRESUBMIT=True
TBR=machenbach@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2567513004
Cr-Commit-Position: refs/heads/master@{#41618}
2016-12-09 14:17:43 +00:00
clemensh
0868b76bb1 [wasm] Remove declared but undefined methods
We should really think about having a static analysis to check for
such errors, and a bot executing it regularly.
This is not the first time I encounter declared functions that are
never defined.

R=titzer@chromium.org

Review-Url: https://codereview.chromium.org/2561333002
Cr-Commit-Position: refs/heads/master@{#41617}
2016-12-09 14:01:29 +00:00
mstarzinger
75128636f3 [wasm] Remove obsolete %IsNotAsmWasmCode predicate.
By now the predicate in question is an exact negation of %IsAsmWasmCode
as the name intuitively implies. The need for two separate test methods
no longer exists and one of the two can be removed.

R=bradnelson@chromium.org

Review-Url: https://codereview.chromium.org/2562003002
Cr-Commit-Position: refs/heads/master@{#41616}
2016-12-09 11:56:05 +00:00
jgruber
e127ec00c2 [tools] Fix printed chrome command in callstats
Review-Url: https://codereview.chromium.org/2559723002
Cr-Commit-Position: refs/heads/master@{#41615}
2016-12-09 11:49:10 +00:00
mstarzinger
9fde10ebed [wasm] Cleanup %IsAsmWasmCode testing predicate.
By now the compiler pipeline will not produce optimized code for asm.js
functions unless validation failed (even when --always-opt is enabled).
The related workaround in the testing predicate can be removed.

R=rmcilroy@chromium.org

Review-Url: https://codereview.chromium.org/2549463002
Cr-Commit-Position: refs/heads/master@{#41614}
2016-12-09 11:30:10 +00:00
clemensh
890d28f361 [wasm] Fix location for error in asm.js ToNumber conversion
In the asm.js code translated to wasm, we call imported functions via a
WASM_TO_JS stub, which first calls the function and then calls ToNumber
on the return value. Exceptions can happen in both calls.
We were only ever reporting the location of the function call, whereas
asm.js code executed via turbofan reported the location of the type
coercion operator ("+" on "+foo()" or "|" on "foo()|0").

This CL implements the same behaviour for asm.js code translated to
wasm. The following is changed:
- the AsmWasmBuilder records the parent node when descending on a binary
  operator (also "+foo()" is represented by a binary operation).
- it stores not one location per call in the source position side
  table, but two (one for the call, one for the parent which does the
  type coercion).
- the wasm compiler annotates the source positions "0" and "1" to the
  two calls in the WASM_TO_JS wrapper (only if the module origin is
  asm.js).
- the StackFrame::State struct now also holds the callee_pc_address,
  which is set in ComputeCallerState. The WASM frame uses this
  information to determine whether the callee frame is WASM_TO_JS, and
  whether that frame is at the ToNumber conversion call.
- the same information is also stored in the FrameArray which is used
  to reconstruct the stack trace later.

R=titzer@chromium.org, bradnelson@chromium.org
CC=jgruber@chromium.org
BUG=v8:4203,v8:5724

Committed: https://crrev.com/94cd46b55e24fa2bb7b06b3da4d5ba7f029bc262
Review-Url: https://codereview.chromium.org/2555243002
Cr-Original-Commit-Position: refs/heads/master@{#41599}
Cr-Commit-Position: refs/heads/master@{#41613}
2016-12-09 10:30:19 +00:00
jarin
5465651800 [turbofan] Turn off escape analysis.
Too many crashes in Canary.

Review-Url: https://codereview.chromium.org/2554423004
Cr-Commit-Position: refs/heads/master@{#41612}
2016-12-09 10:15:17 +00:00
mstarzinger
5dcda5bb17 [parser] Ensure asm.js modules always allocate context.
The deserialization of the {Scope::asm_module} predicate relies on a
context being present for such modules. This ensures we always allocate
such a context, even in cases where no variables are allocated in it.

R=neis@chromium.org
TEST=cctest/test-parsing/AsmModuleFlag
BUG=v8:5653

Review-Url: https://codereview.chromium.org/2561103004
Cr-Commit-Position: refs/heads/master@{#41611}
2016-12-09 10:12:40 +00:00
yangguo
44c7611931 [debugger] remove remaining uses of the debug command processor.
R=jgruber@chromium.org
BUG=v8:5510

Review-Url: https://codereview.chromium.org/2557043005
Cr-Commit-Position: refs/heads/master@{#41610}
2016-12-09 08:26:35 +00:00
mtrofin
dd10d9b100 [turbofan] regalloc: avoid more redundant intersections
Same idea as in the previous change. In addition, explicitly limited to non-aliased
registers, because the logic there needs to take account of, well, alias IDs. Left a
TODO for that part.

BUG=v8:5644

Review-Url: https://codereview.chromium.org/2565593002
Cr-Commit-Position: refs/heads/master@{#41609}
2016-12-09 06:59:44 +00:00
v8-autoroll
dec3941b72 Update V8 DEPS.
Rolling v8/build: 53448a6..50196c9

Rolling v8/third_party/catapult: 11d3d44..0b7222f

Rolling v8/tools/clang: caccf42..53bdedc

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review-Url: https://codereview.chromium.org/2563933002
Cr-Commit-Position: refs/heads/master@{#41608}
2016-12-09 06:58:33 +00:00
gsathya
d778b36f0c [promisehook] Add is_promisehook_enabled
This will be used in CSA to check if any promisehook is set.

-- Adds a is_promisehook_enabled_ field to the isolate and helper methods.
-- Adds this field to the ExternalReference table.
-- Adds a helper method to access this from CSA

Note -- this patch doesn't actually add the ability to attach the hook
yet.

BUG=v8:4643

Review-Url: https://codereview.chromium.org/2566483002
Cr-Commit-Position: refs/heads/master@{#41607}
2016-12-09 06:57:22 +00:00
zhengxing.li
007a18656e X87: Store OSR'd optimized code on the native context.
port 378b6b22fb (r41554)

  original commit message:
  Since we OSR code rarely, it makes sense to store it and look for it on the native context rather than the SharedFunctionInfo.
  This makes the OptimizedCodeMap data structure more space efficient, as it doesn't have to store an ast ID for the OSR entry point.

BUG=

Review-Url: https://codereview.chromium.org/2559083002
Cr-Commit-Position: refs/heads/master@{#41606}
2016-12-09 06:56:10 +00:00
neis
bb309a6998 [ast] Make --print-scopes indicate a scope's forced context allocation.
R=adamk@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2552373004
Cr-Commit-Position: refs/heads/master@{#41605}
2016-12-08 23:04:45 +00:00
nverne
5d51583c0c Changes api logging for FunctionTemplate_NewWithCache.
https://codereview.chromium.org/2405213002/ introduced FunctionTemplate::NewWithCache in src/api.cc, but used LOG_API(..., NewWithFastHandler)

BUG=667237

Review-Url: https://codereview.chromium.org/2559643003
Cr-Commit-Position: refs/heads/master@{#41604}
2016-12-08 22:31:01 +00:00
gdeepti
0061089aa0 [wasm] Update WasmMemoryObject correctly when module memory is exported.
BUG=chromium:670683

R=titzer@chromium.org

Review-Url: https://codereview.chromium.org/2548223002
Cr-Commit-Position: refs/heads/master@{#41603}
2016-12-08 20:30:54 +00:00
mtrofin
43e7d05125 [turbofan] regalloc: avoid redundant range intersections
When finding conflicts, there's no reason to keep looking for registers that are clearly
not going to be available to a candidate live range.

BUG=v8:5644

Review-Url: https://codereview.chromium.org/2559733002
Cr-Commit-Position: refs/heads/master@{#41602}
2016-12-08 19:16:30 +00:00
clemensh
d3d125417d Revert of [wasm] Fix location for error in asm.js ToNumber conversion (patchset #5 id:80001 of https://codereview.chromium.org/2555243002/ )
Reason for revert:
gc-stress failures

Original issue's description:
> [wasm] Fix location for error in asm.js ToNumber conversion
>
> In the asm.js code translated to wasm, we call imported functions via a
> WASM_TO_JS stub, which first calls the function and then calls ToNumber
> on the return value. Exceptions can happen in both calls.
> We were only ever reporting the location of the function call, whereas
> asm.js code executed via turbofan reported the location of the type
> coercion operator ("+" on "+foo()" or "|" on "foo()|0").
>
> This CL implements the same behaviour for asm.js code translated to
> wasm. The following is changed:
> - the AsmWasmBuilder records the parent node when descending on a binary
>   operator (also "+foo()" is represented by a binary operation).
> - it stores not one location per call in the source position side
>   table, but two (one for the call, one for the parent which does the
>   type coercion).
> - the wasm compiler annotates the source positions "0" and "1" to the
>   two calls in the WASM_TO_JS wrapper (only if the module origin is
>   asm.js).
> - during stack trace generation (in the StackTraceIterator), when we
>   move from the WASM_TO_JS frame to the WASM frame, we remember at which
>   call inside the WASM_TO_JS wrapper we are, and encode this information
>   in the generated caller state, used for the WASM frame.
> - the same information is also stored in the FrameArray which is used
>   to reconstruct the stack trace later.
>
> R=titzer@chromium.org, bradnelson@chromium.org
> CC=jgruber@chromium.org
> BUG=v8:4203,v8:5724
>
> Committed: https://crrev.com/94cd46b55e24fa2bb7b06b3da4d5ba7f029bc262
> Cr-Commit-Position: refs/heads/master@{#41599}

TBR=bradnelson@chromium.org,mstarzinger@chromium.org,titzer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4203,v8:5724

Review-Url: https://codereview.chromium.org/2563613003
Cr-Commit-Position: refs/heads/master@{#41601}
2016-12-08 17:36:14 +00:00
jochen
6595e74057 Store SharedFunctionInfos of a Script in a FixedArray indexed by their ID
Now that SharedFunctionInfos have a unique ID (and the IDs are dense),
we can use them as an index into an array, instead of using a
WeakFixedArray where we have to do a linear scan.

Hooking up liveedit is a bit more involved, see
https://docs.google.com/presentation/d/1FtNa3U7WsF5bPhY9uGoJG5Y9hnz5VBDabfOWpb4unWI/edit
for an overview

BUG=v8:5589
R=verwaest@chromium.org,jgruber@chromium.org

Review-Url: https://codereview.chromium.org/2547483002
Cr-Commit-Position: refs/heads/master@{#41600}
2016-12-08 17:07:11 +00:00
clemensh
94cd46b55e [wasm] Fix location for error in asm.js ToNumber conversion
In the asm.js code translated to wasm, we call imported functions via a
WASM_TO_JS stub, which first calls the function and then calls ToNumber
on the return value. Exceptions can happen in both calls.
We were only ever reporting the location of the function call, whereas
asm.js code executed via turbofan reported the location of the type
coercion operator ("+" on "+foo()" or "|" on "foo()|0").

This CL implements the same behaviour for asm.js code translated to
wasm. The following is changed:
- the AsmWasmBuilder records the parent node when descending on a binary
  operator (also "+foo()" is represented by a binary operation).
- it stores not one location per call in the source position side
  table, but two (one for the call, one for the parent which does the
  type coercion).
- the wasm compiler annotates the source positions "0" and "1" to the
  two calls in the WASM_TO_JS wrapper (only if the module origin is
  asm.js).
- during stack trace generation (in the StackTraceIterator), when we
  move from the WASM_TO_JS frame to the WASM frame, we remember at which
  call inside the WASM_TO_JS wrapper we are, and encode this information
  in the generated caller state, used for the WASM frame.
- the same information is also stored in the FrameArray which is used
  to reconstruct the stack trace later.

R=titzer@chromium.org, bradnelson@chromium.org
CC=jgruber@chromium.org
BUG=v8:4203,v8:5724

Review-Url: https://codereview.chromium.org/2555243002
Cr-Commit-Position: refs/heads/master@{#41599}
2016-12-08 16:48:08 +00:00
franzih
987f63865d [TypeFeedbackVector] Delete unused DummySlot.
BUG=

Review-Url: https://codereview.chromium.org/2557333002
Cr-Commit-Position: refs/heads/master@{#41598}
2016-12-08 15:48:30 +00:00
marja
f36497d2c9 AstValueFactory: add a cache for one-character strings.
Lowercase 1 character strings occur frequently in minified code. Add a
cache for them, so that we don't need to compute the hash + do the hash
table lookup for each occurrence.

BUG=

Review-Url: https://codereview.chromium.org/2541353002
Cr-Commit-Position: refs/heads/master@{#41597}
2016-12-08 15:40:04 +00:00
Ilija.Pavlovic
e8f5adbed2 MIPS[64]: Fix MIPS: Improve Float(32|64)(Max|Min).
Fix 7a6f294ffe.

The first correction enables correct execution DoMathMinMax when two
input registers are the same register.
The second correction adds NOP instructions after branch instructions
in tests macro_float_minmaxf(32|64).

TEST=cctest/test-macro-assembler-mips[64]/macro_float_minmax_f32
     cctest/test-macro-assembler-mips[64]/macro_float_minmax_f64
     mjsunit/regress/math-min
BUG=

Review-Url: https://codereview.chromium.org/2556793003
Cr-Commit-Position: refs/heads/master@{#41596}
2016-12-08 14:57:07 +00:00
bradnelson
4a637abea3 [wasm][asm.js] Confirm literals are Numbers before using AsNumber, refactor.
We have been assuming in several places that ContainsDot or ToInt32 is
sufficient to check a value is a valid double or int.
Refactoring all the checks to one place and making them cope with booleans
or other unexpected types being present.

BUG=672044
R=titzer@chromium.org

Review-Url: https://codereview.chromium.org/2555323003
Cr-Commit-Position: refs/heads/master@{#41595}
2016-12-08 14:55:03 +00:00
bradnelson
6deb99c6d9 [wasm][asm.js] Fail sooner if eval is present.
Use of eval in a function wraps it in a context.
This throws off assumptions not checked until later,
which is at odds with incremental validation and conversion.
Check that module parameters are PARAMETER location early.

BUG=672045
R=titzer@chromium.org

Review-Url: https://codereview.chromium.org/2558813004
Cr-Commit-Position: refs/heads/master@{#41594}
2016-12-08 14:44:00 +00:00
ulan
ee2d502735 [heap] Prefer mark-compact over scavenger if incremental marking
needs finalization and allocation limit is reached.

BUG=

Review-Url: https://codereview.chromium.org/2561103002
Cr-Commit-Position: refs/heads/master@{#41593}
2016-12-08 14:42:52 +00:00
hpayer
9c191a0cda [heap] Use callbacks to dispatch store buffer operations.
BUG=chromium:648568, chromium:669920

Review-Url: https://codereview.chromium.org/2548213004
Cr-Commit-Position: refs/heads/master@{#41592}
2016-12-08 14:19:10 +00:00
jyan
dcbd3758d9 s390: Remove RSubI on s390 and optimize ConstantI
https://github.com/ibmruntimes/v8/issues/27

R=joransiu@ca.ibm.com, bjaideep@ca.ibm.com
BUG=

Review-Url: https://codereview.chromium.org/2561673002
Cr-Commit-Position: refs/heads/master@{#41591}
2016-12-08 14:03:14 +00:00
epertoso
2547ec8729 [turbofan] Inlining of API functions.
BUG=

Review-Url: https://codereview.chromium.org/2555223002
Cr-Commit-Position: refs/heads/master@{#41590}
2016-12-08 13:59:45 +00:00
leszeks
7b64e8d102 [ignition/turbofan] Wrap bytecode liveness bitvectors
Wrap the liveness bitvectors from the bytecode liveness analysis with a
helper class, which makes the register/accumulator bits explicit.

Review-Url: https://codereview.chromium.org/2552723004
Cr-Commit-Position: refs/heads/master@{#41589}
2016-12-08 12:48:05 +00:00
yangguo
98b563ebf3 [serializer] include global proxy in additional context snapshots.
Aside from the default snapshot, there is no need for additional context
snapshots to have the ability to replace the global proxy and global object
after deserialization. Changes include:
 - Changes to the API to better distinguish default context snapshot from
   additional context snapshots.
 - Disallow global handles when creating snapshots.
 - Allow extensions when creating snapshots.

This solves the issue of not being able to having accessors and interceptors on
the global object of contexts to be serialized.

R=jochen@chromium.org, peria@chromium.org
BUG=chromium:617892

Review-Url: https://codereview.chromium.org/2557743003
Cr-Commit-Position: refs/heads/master@{#41588}
2016-12-08 12:45:05 +00:00
yangguo
1416c6c9ab [serializer] wipe simulator redirects for accessor infos.
R=jochen@chromium.org
BUG=chromium:617892

Review-Url: https://codereview.chromium.org/2561783002
Cr-Commit-Position: refs/heads/master@{#41587}
2016-12-08 12:14:05 +00:00
cbruni
0ce8f19b7e [tools] Improve matching Group-Compile in RuntimeCallStats
Drive-by-fix: support directly loading the results.json from chromeperf.

BUG=chromium:672024
NO_TRY=true

Review-Url: https://codereview.chromium.org/2555693007
Cr-Commit-Position: refs/heads/master@{#41586}
2016-12-08 11:35:29 +00:00
ishell
c522c6baa5 [turbofan] Further adapting machine graph verifier to code stubs.
All accessor IC stubs now pass the verification.

BUG=

Review-Url: https://codereview.chromium.org/2556123002
Cr-Commit-Position: refs/heads/master@{#41585}
2016-12-08 11:31:34 +00:00
mvstanton
044b2d1bd8 Reland Store OSR'd optimized code on the native context.
The patch was reverted due to a bug - we failed to evict OSR-optimized
code in the case where the SharedFunctionInfo OptimizedCodeMap was
empty/cleared.

Since we OSR code rarely, it makes sense to store it and look for it on the native context rather than the SharedFunctionInfo. This makes the OptimizedCodeMap data structure more space efficient, as it doesn't have to store an ast ID for the OSR entry point.

Review-Url: https://codereview.chromium.org/2561083002
Cr-Commit-Position: refs/heads/master@{#41584}
2016-12-08 11:13:59 +00:00
rmcilroy
bfc53f6ed0 [Interpreter] Add expression positions to BinaryOps.
BUG=v8:5723

Review-Url: https://codereview.chromium.org/2555263002
Cr-Commit-Position: refs/heads/master@{#41583}
2016-12-08 10:11:17 +00:00
neis
fcb7591520 [parsing] Fix maybe-assigned flag in some cases.
This CL attempts to set the maybe-assigned flag for variables that are written
to as part of a destructuring or loop header.

For instance, in the following two cases we now mark x as maybe-assigned.

a) [x] = [1];
b) for (x of [1,2,3]) {};

There's more work to do here, this is just a first step.

R=adamk@chromium.org, mstarzinger@chromium.org
BUG=v8:5636

Review-Url: https://codereview.chromium.org/2562443003
Cr-Commit-Position: refs/heads/master@{#41582}
2016-12-08 10:06:09 +00:00
bradnelson
4cfe91cf58 [wasm][asm.js] Use x&(x-1) trick to speed up life.
Using x&(x-1) to check for power of two masks usable at runtime
speeds up the life benchmark.

Borrowing this from SimplifiedLowering for the AsmJsRemS internal
wasm opcode.

Leaving this out for general wasm as we should be doing this optimization
in LLVM.

BUG=v8:4203
TEST=None
R=bmeurer@chromium.org

Review-Url: https://codereview.chromium.org/2556963005
Cr-Commit-Position: refs/heads/master@{#41581}
2016-12-08 09:36:36 +00:00
petermarshall
6051e89600 [Runtime] Use ElementsAccessor in NewWithSpread.
Speeds up some benchmarks that make heavy use of derived constructors.

BUG=chromium:672075

Review-Url: https://codereview.chromium.org/2557963004
Cr-Commit-Position: refs/heads/master@{#41580}
2016-12-08 09:34:33 +00:00
mstarzinger
7854e64908 [turbofan] Remove --turbo-asm-deoptimization flag.
R=bmeurer@chromium.org,titzer@chromium.org

Review-Url: https://codereview.chromium.org/2557693006
Cr-Commit-Position: refs/heads/master@{#41579}
2016-12-08 09:21:12 +00:00
qiuyi.zqy
9ca022fab2 Return false in TryNumberToSize if the number is 1 << 64.
Currently when the number passed to TryNumberToSize is 1 << 64,
it gets away with a bug caused by rounding of mantissa.
Then the number will be casted to 0 and TryNumberToSize
will return true. This patch fix this by making the range check
more accurate.

BUG=v8:5712

Review-Url: https://codereview.chromium.org/2548243004
Cr-Commit-Position: refs/heads/master@{#41578}
2016-12-08 09:20:30 +00:00
neis
d23f837166 [parsing] Add some more tests of maybe-assigned.
R=adamk@chromium.org, mstarzinger@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2554363002
Cr-Commit-Position: refs/heads/master@{#41577}
2016-12-08 08:56:02 +00:00
bradnelson
c4f9e42934 [wasm][asm.js] Utf8 encode exported function names.
BUG=672047
R=titzer@chromium.org

Review-Url: https://codereview.chromium.org/2555203002
Cr-Commit-Position: refs/heads/master@{#41576}
2016-12-08 08:52:53 +00:00