Commit Graph

33920 Commits

Author SHA1 Message Date
kozyatinskiy
b249ffc191 [inspector] removed ArrayLengthHelperFunction specialization for empty array
There is no zero length array usage in inspector codebase. We can safely remove template specialization.

BUG=chromium:635948
R=dgozman@chromium.org,alph@chromium.org

Review-Url: https://codereview.chromium.org/2340623002
Cr-Commit-Position: refs/heads/master@{#39428}
2016-09-14 19:05:09 +00:00
jochen
6a716ae9a4 Disentangle gyp and gn files
BUG=chromium:646794
R=machenbach@chromium.org

Review-Url: https://codereview.chromium.org/2339933002
Cr-Commit-Position: refs/heads/master@{#39427}
2016-09-14 19:02:41 +00:00
kozyatinskiy
3d10918d2e [inspector] fixed all shorten-64-to-32 warnings
BUG=chromium:635948
R=dgozman@chromium.org,alph@chromium.org

Review-Url: https://codereview.chromium.org/2332163002
Cr-Commit-Position: refs/heads/master@{#39426}
2016-09-14 18:25:00 +00:00
bjaideep
a375166b0f PPC/s390: CallConstruct also gets call count information if megamorphic.
Port 3ccedd5d8a

R=mvstanton@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com

BUG=
LOG=N

Review-Url: https://codereview.chromium.org/2330353005
Cr-Commit-Position: refs/heads/master@{#39425}
2016-09-14 18:11:58 +00:00
neis
da1f911c42 [modules] Make duplicate export error deterministic.
In case of duplicate exports, always report the error for the very last
one.

R=adamk@chromium.org
BUG=v8:5358,v8:1569

Review-Url: https://codereview.chromium.org/2331003002
Cr-Commit-Position: refs/heads/master@{#39424}
2016-09-14 17:57:09 +00:00
jarin
cfc0dc4ef8 [turbofan] Cleanup in simplified lowering.
Review-Url: https://codereview.chromium.org/2337283002
Cr-Commit-Position: refs/heads/master@{#39423}
2016-09-14 17:26:57 +00:00
jbroman
d825492bb6 Support delegating serialization of host objects.
This exposes an interface for the embedder to provide a delegate which can
serialize or deserialize embedder-specific objects, like Blink's DOM wrappers.

BUG=chromium:148757

Review-Url: https://codereview.chromium.org/2327653002
Cr-Commit-Position: refs/heads/master@{#39422}
2016-09-14 16:42:07 +00:00
ahaas
05c4afb0ed [wasm] void is not a valid type for a global.
TEST=unittest WasmModuleVerifyTest.Global_invalid_type2
BUG=chromium:645443
R=titzer@chromium.org

Review-Url: https://codereview.chromium.org/2342593002
Cr-Commit-Position: refs/heads/master@{#39421}
2016-09-14 15:44:58 +00:00
bmeurer
7954b3f8fa [turbofan] Introduce TruncateTaggedToBit operator for ToBoolean truncation.
Add a dedicated simplified operator to inline the general case for the
ToBoolean conversion. In a follow up CL we will also use the ToBoolean
hints gathered by the baseline compiler.

CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_linux_arm64_gc_stress_dbg
R=jarin@chromium.org
BUG=v8:5267

Committed: https://crrev.com/8c50b51ab3d21efcd2f6900d83962159f21e1590
Review-Url: https://codereview.chromium.org/2167593002
Cr-Original-Commit-Position: refs/heads/master@{#37882}
Cr-Commit-Position: refs/heads/master@{#39420}
2016-09-14 13:12:28 +00:00
ahaas
6d89f8a7fc [wasm] Allocate memory for the wasm interpreter in the fuzzer.
R=titzer@chromium.org
BUG=chromium:646258

Review-Url: https://codereview.chromium.org/2341673002
Cr-Commit-Position: refs/heads/master@{#39419}
2016-09-14 12:56:35 +00:00
mvstanton
0bcef939dc [ignition] inline allocation site creation to call/constructor handlers.
BUG=

Review-Url: https://codereview.chromium.org/2342533002
Cr-Commit-Position: refs/heads/master@{#39418}
2016-09-14 12:49:56 +00:00
jgruber
ee50e89b40 [regexp] Merge exec implementations
RegExpSubclassExecJS and RegExpExecJS only differed in the additional
TO_BOOLEAN on global and sticky flags and the useless (i < 0) check.

R=littledan@chromium.org
BUG=v8:5339

Review-Url: https://codereview.chromium.org/2337923002
Cr-Commit-Position: refs/heads/master@{#39417}
2016-09-14 12:10:44 +00:00
machenbach
03364b6245 [gn] Switch asan builders to gn
BUG=chromium:474921
NOTRY=true

Review-Url: https://codereview.chromium.org/2334003005
Cr-Commit-Position: refs/heads/master@{#39416}
2016-09-14 12:00:18 +00:00
Ilija.Pavlovic
65fd5e1165 MIPS: Implement MADD.S, MSUB, MADDF and MSUBF.
Implementation MADD.S. MSUB.fmt, MADDF.fmt, MSUBF.fmt and corresponding
tests for assembler and disassembler.

TEST=cctest/test-assembler-mips[64], cctest/test-disasm-mips[64]
BUG=

Review-Url: https://codereview.chromium.org/2313623002
Cr-Commit-Position: refs/heads/master@{#39415}
2016-09-14 11:37:13 +00:00
machenbach
3999fb0788 [gn] Fix no-inline config for V8
This restores the original gyp behavior. Blocks:
https://codereview.chromium.org/2334003005

BUG=chromium:474921
NOTRY=true

Review-Url: https://codereview.chromium.org/2344493002
Cr-Commit-Position: refs/heads/master@{#39414}
2016-09-14 11:18:50 +00:00
ahaas
3ff201906e [wasm] Write fuzzers for single wasm sections.
This CL adds fuzzers for the wasm module sections 'types', 'names',
'globals', 'imports', 'function signatures', 'memory', and 'data', one
fuzzer per section. No fuzzers are added for the other sections because
either there already exists a fuzzer (e.g. wasm-code), or there exist
inter-section dependencies.

To avoid introducing a bunch executables which would make compilation
with make slow, I introduce a single executable
'v8_simple_wasm_section_fuzzer' which calls the fuzzers mentioned above.
This executable is run by the trybots and ensures that the fuzzers
actually compile. For debugging I introduce commandline parameters which
allow to execute the specific fuzzers from 'v8_simple_wasm_section_fuzzer'.

R=titzer@chromium.org, jochen@chromium.org, mstarzinger@chromium.org

Review-Url: https://codereview.chromium.org/2336603002
Cr-Commit-Position: refs/heads/master@{#39413}
2016-09-14 11:17:53 +00:00
jochen
404bc9b672 Store whether a with scope is actually a debug-eval scope in the scope info
This is required to be able to deserialize the scope chain from the
scope info alone.

BUG=v8:5215
R=marja@chromium.org,jgruber@chromium.org

Review-Url: https://codereview.chromium.org/2331323006
Cr-Commit-Position: refs/heads/master@{#39412}
2016-09-14 11:00:29 +00:00
ahaas
cc7926d672 [wasm] Move the wasm-module-runner from test/cctest to test/common
The wasm-module-runner is used both in cctests and in fuzzers. As
discussed offline, it is weird to include cctest header files in
fuzzers, so I introduce a new test/common directory which contains the
common files.

R=titzer@chromium.org, jochen@chromium.org

Review-Url: https://codereview.chromium.org/2335193002
Cr-Commit-Position: refs/heads/master@{#39411}
2016-09-14 10:31:53 +00:00
bmeurer
c7d7ca361d [turbofan] Collect invocation counts and compute relative call frequencies.
Add a notion of "invocation count" to the baseline compilers, which
increment a special slot in the TypeFeedbackVector for each invocation
of a given function (the optimized code doesn't currently collect this
information).

Use this invocation count to relativize the call counts on the call
sites within the function, so that the inlining heuristic has a view
of relative importance of a call site rather than some absolute numbers
with unclear meaning for the current function. Also apply the call site
frequency as a factor to all frequencies in the inlinee by passing this
to the graph builders so that the importance of a call site in an
inlinee is relative to the topmost optimized function.

Note that all functions that neither have literals nor need type
feedback slots will share a single invocation count cell in the
canonical empty type feedback vector, so their invocation count is
meaningless, but that doesn't matter since we only use the invocation
count to relativize call counts within the function, which we only have
if we have at least one type feedback vector (the CallIC slot).

See the design document for additional details on this change:
https://docs.google.com/document/d/1VoYBhpDhJC4VlqMXCKvae-8IGuheBGxy32EOgC2LnT8

BUG=v8:5267,v8:5372
R=mvstanton@chromium.org,rmcilroy@chromium.org,mstarzinger@chromium.org

Review-Url: https://codereview.chromium.org/2337123003
Cr-Commit-Position: refs/heads/master@{#39410}
2016-09-14 10:20:48 +00:00
georgia.kouveli
979f164813 [arm64] Resolve TODO in instruction selector tests.
BUG=

Review-Url: https://codereview.chromium.org/2337953003
Cr-Commit-Position: refs/heads/master@{#39409}
2016-09-14 09:56:22 +00:00
Alexander.Gilday2
4a64e9497b [turbolizer] Improved display of perf profiling information.
All events recorded are shown in separate columns simulatneously, using
rectangles with heatmap-style colouring. Hovering over the shapes gives
the event name, count, and percentage.

BUG=

Review-Url: https://codereview.chromium.org/2228553004
Cr-Commit-Position: refs/heads/master@{#39408}
2016-09-14 09:45:41 +00:00
ishell
cce56a3f47 [stubs] Port StoreFastElementsStub to TurboFan.
This CL adds CSA::Retain() operation that ensures that the value is kept alive even during GC.

BUG=v8:5269

Review-Url: https://codereview.chromium.org/2330063002
Cr-Commit-Position: refs/heads/master@{#39407}
2016-09-14 09:28:56 +00:00
ahaas
d7ee8124e8 [wasm] Implement GrowMemory in the wasm interpreter
R=titzer@chromium.org

Review-Url: https://codereview.chromium.org/2341653002
Cr-Commit-Position: refs/heads/master@{#39406}
2016-09-14 09:19:46 +00:00
ahaas
19522d8e0f [wasm] Pass the same parameters to the interpreter and the compiled module in the fuzzer.
BUG=chromium:646564

R=titzer@chromium.org

Review-Url: https://codereview.chromium.org/2336363003
Cr-Commit-Position: refs/heads/master@{#39405}
2016-09-14 08:26:53 +00:00
mstarzinger
4e44264148 [turbofan] Remove remnants from JavaScript stubs support.
This removes some leftover code which avoided adding stack checks to
stubs being compiled via the normal JavaScript pipeline, which we no
longer do.

R=bmeurer@chromium.org

Review-Url: https://codereview.chromium.org/2333973003
Cr-Commit-Position: refs/heads/master@{#39404}
2016-09-14 08:20:07 +00:00
jgruber
6b3cd5804d [regexp] Fix incorrect range checks in AtSurrogatePair
R=littledan@chromium.org
BUG=v8:5339

Review-Url: https://codereview.chromium.org/2337763003
Cr-Commit-Position: refs/heads/master@{#39403}
2016-09-14 07:55:31 +00:00
jgruber
8df547d402 [regexp] Avoid unneeded accesses to lastIndex
This implements https://github.com/tc39/ecma262/pull/627/.

BUG=v8:5360

Review-Url: https://codereview.chromium.org/2339443002
Cr-Commit-Position: refs/heads/master@{#39402}
2016-09-14 07:39:44 +00:00
jgruber
eeb5251636 [regexp] Remove dead code from regexp.js
R=littledan@chromium.org
BUG=v8:5339

Review-Url: https://codereview.chromium.org/2330413002
Cr-Commit-Position: refs/heads/master@{#39401}
2016-09-14 07:38:06 +00:00
bmeurer
0b8a69458e [turbofan] Call frequencies for JSCallFunction and JSCallConstruct.
Extract the call counts from the type feedback vector during graph
building (either via the AstGraphBuilder or the BytecodeGraphBuilder),
and put them onto the JSCallFunction and JSCallConstruct operators,
so that they work even across inlinine through .apply and .call (which
was previously hacked by creating a temporary type feedback vector
for those).

The next logic step will be to make those call counts into real
relative call frequencies (also during graph building), so that we
can make inlining decisions that make sense for the function being
optimized (where absolute values are misleading).

R=jarin@chromium.org
BUG=v8:5267,v8:5372

Review-Url: https://codereview.chromium.org/2330883002
Cr-Commit-Position: refs/heads/master@{#39400}
2016-09-14 04:13:09 +00:00
v8-autoroll
4276567865 Update V8 DEPS.
Rolling v8/build to 4e62debd8bf6e75229861c7b8b352953f8bfec2e

Rolling v8/buildtools to b97d6c93a3e805c9ba5356dca872f1801639fbc5

Rolling v8/third_party/WebKit/Source/platform/inspector_protocol to f010dd827c6d3a8ec2f355168fc4342ba39a78f8

Rolling v8/third_party/icu to b0bd3ee50bc2e768d7a17cbc60d87f517f024dbe

Rolling v8/tools/clang to 23638ab6411fb9e25ea7f1837835b67a793b5499

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review-Url: https://codereview.chromium.org/2343533002
Cr-Commit-Position: refs/heads/master@{#39399}
2016-09-14 03:31:13 +00:00
mvstanton
3ccedd5d8a CallConstruct also gets call count information if megamorphic.
BUG=

Review-Url: https://codereview.chromium.org/2333243004
Cr-Commit-Position: refs/heads/master@{#39398}
2016-09-14 03:23:51 +00:00
hablich
f85af183e4 Revert of [heap] Enable black allocation when finalizing incremental marking. (patchset #6 id:100001 of https://codereview.chromium.org/2239733002/ )
Reason for revert:
Suspecting this is a roll blocker: https://codereview.chromium.org/2332343002/

#
# Fatal error in ../../v8/src/heap/spaces.h, line 1618
# Check failed: capacity_ >= bytes (25429824 vs. 18446744073709551168).
#

Original issue's description:
> [heap] Enable black allocation when finalizing incremental marking.
>
> BUG=chromium:630386
>
> Committed: https://crrev.com/1ccc742dc326b063999670421e1da0ea124874c0
> Cr-Commit-Position: refs/heads/master@{#39382}

TBR=mlippautz@chromium.org,hpayer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:630386

Review-Url: https://codereview.chromium.org/2340463005
Cr-Commit-Position: refs/heads/master@{#39397}
2016-09-14 02:36:42 +00:00
jbroman
66dbc77eaf ValueDeserializer: Pretenure objects while deserializing large objects.
json-parser does the same thing. This drastically reduces GC cost when
deserializing objects large enough that multiple collections are likely
(since it saves the effort to move them to the old generation, when we
know that the objects we create will persist at least until the deserializer
finishes).

The threshold was chosen to match json-parser.

This patch reduces deserialization time on a large blob of JSON-y data
by approximately 30%.

BUG=chromium:148757

Review-Url: https://codereview.chromium.org/2336973004
Cr-Commit-Position: refs/heads/master@{#39396}
2016-09-14 02:35:48 +00:00
jbroman
3472b57a8f ValueSerializer: promote scheduled exception if the caller throws one.
v8::Isolate::Throw only schedules the exception; it is necessary to promote it
after invoking the delegate.

BUG=chromium:148757

Review-Url: https://codereview.chromium.org/2332843003
Cr-Commit-Position: refs/heads/master@{#39395}
2016-09-14 02:05:34 +00:00
littledan
edb4d3151c Mark await expressions as caught or uncaught
Handle some examples of the "asynchronous case" by marking await expressions
as either caught or uncaught; in the caught case, this marks the Promise passed
in as having a catch predicted. The marking is done in AST numbering, which
chooses between two different runtime function calls based on catch prediction.

BUG=v8:5167

Review-Url: https://codereview.chromium.org/2276243002
Cr-Commit-Position: refs/heads/master@{#39394}
2016-09-13 20:50:39 +00:00
jpp
ee8ae932b8 [V8][Wasm] Removes references to finally in wasm.
The initial support for low level exception handling in Wasm will not
support finally blocks. This decision is taken for both simplicity (
handling finallys is not straightforward if we want try blocks to yield
values), and lack of good use case (clang++ does not need them.) They
may be added in the future once we understand the implications of
having them.

BUG=

Review-Url: https://codereview.chromium.org/2336303002
Cr-Commit-Position: refs/heads/master@{#39393}
2016-09-13 20:47:35 +00:00
ofrobots
36e58db6be Fix backtrace for solaris and musl C based linux environments as well
R=rmcilroy@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2333023002
Cr-Commit-Position: refs/heads/master@{#39392}
2016-09-13 19:22:20 +00:00
mvstanton
c8e93b0613 [turbofan] Typer changes to avoid Type representation dimension
This CL "weakens" the typer somewhat, as it was querying aspects of
Type that are within the representation dimension. It's not the right
place to do that.

BUG=

Review-Url: https://codereview.chromium.org/2320473003
Cr-Commit-Position: refs/heads/master@{#39391}
2016-09-13 18:59:12 +00:00
jpp
fb4a190cee Revert "[v8][wasm] Handles finally in try/finally blocks."
This reverts commit cf5180c3ef. It turns
out finally blocks aren't useful in the current incarnation of Wasm. We
might reintroduce it later.

BUG=

Review-Url: https://codereview.chromium.org/2330073002
Cr-Commit-Position: refs/heads/master@{#39390}
2016-09-13 17:30:28 +00:00
bbudge
5d5efc662d [Turbofan] Fix IsSlot function in MoveOptimizer.
LOG=N
BUG=v8:4124

Review-Url: https://codereview.chromium.org/2328423002
Cr-Commit-Position: refs/heads/master@{#39389}
2016-09-13 16:16:54 +00:00
leszeks
5a9eac3a64 [Interpreter] Add an unsigned immediate operand type
Review-Url: https://codereview.chromium.org/2336203002
Cr-Commit-Position: refs/heads/master@{#39388}
2016-09-13 14:49:10 +00:00
hpayer
526f4dc676 [heap] Remove old_gen_exhausted_ state.
The AllocationResult already carries the information in which space the allocation failure happened.
BUG=

Review-Url: https://codereview.chromium.org/2333293002
Cr-Commit-Position: refs/heads/master@{#39387}
2016-09-13 14:18:17 +00:00
ulan
2b1753ac94 Fix a race condition in simulator that happens when flushing icache.
During GC multiple threads can request icache flush when evacuating
code space in parallel.

Simulator::FlushICache updates Isolate::simulator_icache hashmap,
which leads to a race.

This patch adds a lock for simulator_icache.

BUG=

Review-Url: https://codereview.chromium.org/2338793002
Cr-Commit-Position: refs/heads/master@{#39386}
2016-09-13 14:12:10 +00:00
mstarzinger
85289749f4 [interpreter] Add regression test for bogus OSR entry.
This adds a regression test for a bug where {OsrPoll} instructions
within the bytecode stream ended up outside of actual loops. This has
been fixed already, by merging {OsrPoll} into the backwards branch.

R=rmcilroy@chromium.org
TEST=mjsunit/regress/regress-crbug-645888
BUG=chromium:645888

Review-Url: https://codereview.chromium.org/2337033002
Cr-Commit-Position: refs/heads/master@{#39385}
2016-09-13 13:23:21 +00:00
mstarzinger
c9864173f1 [interpreter] Merge {OsrPoll} with {Jump} bytecode.
This introduces a new {JumpLoop} bytecode to combine the OSR polling
mechanism modeled by {OsrPoll} with the actual {Jump} performing the
backwards branch. This reduces the overall size and also avoids one
additional dispatch. It also makes sure that OSR polling is only done
within real loops.

R=rmcilroy@chromium.org
BUG=v8:4764

Review-Url: https://codereview.chromium.org/2331033002
Cr-Commit-Position: refs/heads/master@{#39384}
2016-09-13 13:07:36 +00:00
franzih
26f3e304a1 Fix function name in error message and use correct interceptor if an error occurs.
BUG=

Review-Url: https://codereview.chromium.org/2338773002
Cr-Commit-Position: refs/heads/master@{#39383}
2016-09-13 12:56:26 +00:00
hpayer
1ccc742dc3 [heap] Enable black allocation when finalizing incremental marking.
BUG=chromium:630386

Review-Url: https://codereview.chromium.org/2239733002
Cr-Commit-Position: refs/heads/master@{#39382}
2016-09-13 12:38:37 +00:00
bmeurer
0fb92f2735 [turbofan] Properly use MachineRepresentation for field access.
When lowering DataField accesses, we should pay attention to the
MachineRepresentation reported by the AccessInfo. This doesn't
yet change the rest of the pipeline to take full advantage of
the representations.

Drive-by-fix: Make the code more robust, especially the part that
deals with mutable heap number access.

R=mvstanton@chromium.org
BUG=v8:5267,v8:5270

Review-Url: https://codereview.chromium.org/2334193002
Cr-Commit-Position: refs/heads/master@{#39381}
2016-09-13 12:24:58 +00:00
hpayer
047977c53d [heap] Abort black allocation when aborting incremental marking.
BUG=chromium:630386

Review-Url: https://codereview.chromium.org/2337943002
Cr-Commit-Position: refs/heads/master@{#39380}
2016-09-13 12:07:16 +00:00
bmeurer
97b330ada5 [turbofan] Avoid unnecessary JSConvertReceiver nodes.
When inlining sloppy functions try to find some witness in the effect
chain that the receiver is already a JSReceiver and thereby avoid
inserting the JSConvertReceiver node, which we currently cannot really
optimize away most of the time.

Middle-term we may want to change the way CheckMaps works and have some
unified mechanism to deal with effect chain walks to find witnesses for
various map related facts. Also we may want to consider doing this
optimization later, although that requires some more refactorings since
we already promised that JSConvertReceiver gives a Type::Receiver.

R=mstarzinger@chromium.org
BUG=v8:5267

Review-Url: https://codereview.chromium.org/2333213002
Cr-Commit-Position: refs/heads/master@{#39379}
2016-09-13 11:45:59 +00:00