Commit Graph

12202 Commits

Author SHA1 Message Date
Yang Guo
7c3748a9c4 [debug] load correct stack slot for frame details.
R=bmeurer@chromium.org
BUG=v8:5071

Review URL: https://codereview.chromium.org/2045863002 .

Cr-Commit-Position: refs/heads/master@{#36769}
2016-06-07 06:25:15 +00:00
hpayer
d61a5c376b [heap] Uncommit unused large object page memory.
As a first step I uncommit the memory on the main thread. Also to measure impact and stability of that optimization. In a follow-up CL, the uncommitting should be moved on the concurrent thread.

BUG=

Review-Url: https://codereview.chromium.org/2032393002
Cr-Commit-Position: refs/heads/master@{#36763}
2016-06-06 17:19:25 +00:00
epertoso
d8c2b8f982 Revert of Provide a tagged allocation top pointer. (patchset #5 id:80001 of https://codereview.chromium.org/2028633002/ )
Reason for revert:
d8 segfaults on some benchmarks on ia32. Investigating.

Original issue's description:
> Provide a tagged allocation top pointer.
>
> Taking over http://crrev.com/1924223002.
>
> BUG=chromium:606711
> LOG=N
>
> Committed: https://crrev.com/f42c9e93c80fdf57e8f92bb87f6ed927d0ae4028
> Committed: https://crrev.com/c99caf307ba3bb1b1cf08bf4172f503754c41341
> Cr-Original-Commit-Position: refs/heads/master@{#36633}
> Cr-Commit-Position: refs/heads/master@{#36742}

TBR=bmeurer@chromium.org,hpayer@chromium.org,machenbach@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:606711

Review-Url: https://codereview.chromium.org/2035413003
Cr-Commit-Position: refs/heads/master@{#36758}
2016-06-06 15:12:35 +00:00
ishell
f1ffe31163 [stubs] Introducing LoadICTFStub and LoadICTrampolineTFStub and a switch to enable them instead of respective platform stubs.
The stubs do not increase respective counters as they are in the snapshot and --native-code-counters is off during snapshot creation anyway.

Review-Url: https://codereview.chromium.org/2031753003
Cr-Commit-Position: refs/heads/master@{#36754}
2016-06-06 14:28:24 +00:00
jochen
37394eb3b0 Add a convenience method to get the debugged context
Since the generic GetCallingContext is deprecated, but there's still the
use case for the debugger to get the currently debugged context while in
the debug context, add a convenience API for it.

Note that EventDetails already exposes this context, but the embedder
might not necessarily have the EventDetails around.

R=verwaest@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2040853003
Cr-Commit-Position: refs/heads/master@{#36751}
2016-06-06 14:12:10 +00:00
titzer
0b91952913 [asmjs] Validator should reject modules with repeated functions.
R=ahaas@chromium.org,aseemgarg@chromium.org,bradnelson@chromium.org
BUG=chromium:617525

Review-Url: https://codereview.chromium.org/2040983002
Cr-Commit-Position: refs/heads/master@{#36748}
2016-06-06 13:40:42 +00:00
titzer
dc98fabf15 [asmjs] Validator should reject assignments to heap variables in functions.
BUG=chromium:617529

Review-Url: https://codereview.chromium.org/2041843002
Cr-Commit-Position: refs/heads/master@{#36747}
2016-06-06 13:30:13 +00:00
cbruni
bc0798ca1a Introduce IsUndefined(Isolate*) and IsTheHole(Isolate*)
Passing in the isolate and pointer compare the instnance against the
corresponding constant is always faster than decoding the instance types.

BUG=

Review-Url: https://codereview.chromium.org/2028983002
Cr-Commit-Position: refs/heads/master@{#36744}
2016-06-06 13:00:49 +00:00
mstarzinger
826627d9fd [turbofan] Make FindFrameStateBefore handle dead paths.
This makes sure {NodeProperties::FindFrameStateBefore} can deal with
effect chains that are marked as dead. This can happen when reducers
looking for frame states run together with other reducers killing some
execution paths within the same reduction phase.

R=bmeurer@chromium.org
TEST=mjsunit/regress/regress-crbug-617567
BUG=chromium:617567,chromium:617224

Review-Url: https://codereview.chromium.org/2041833002
Cr-Commit-Position: refs/heads/master@{#36743}
2016-06-06 12:34:53 +00:00
epertoso
c99caf307b Provide a tagged allocation top pointer.
Taking over http://crrev.com/1924223002.

BUG=chromium:606711
LOG=N

Committed: https://crrev.com/f42c9e93c80fdf57e8f92bb87f6ed927d0ae4028
Review-Url: https://codereview.chromium.org/2028633002
Cr-Original-Commit-Position: refs/heads/master@{#36633}
Cr-Commit-Position: refs/heads/master@{#36742}
2016-06-06 12:31:54 +00:00
titzer
585771f264 [wasm] Move 64-bit call tests into test-run-wasm-64.cc so they also run on 32-bit platforms.
This duplicates some test code (which hopefully can be factored out later), but increases
test coverage.

R=ahaas@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2042773002
Cr-Commit-Position: refs/heads/master@{#36739}
2016-06-06 10:59:04 +00:00
neis
6ddd8314a5 [compiler] Deal with some old TODOs in the typer.
This is mostly about DCHECKs. Enabling some requires a few
changes to tests that were not careful about types.

BUG=

Review-Url: https://codereview.chromium.org/2033703002
Cr-Commit-Position: refs/heads/master@{#36734}
2016-06-06 09:18:30 +00:00
neis
e33b7421f7 [test] Fix result regexp in JSTests.json.
R=machenbach@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2035313003
Cr-Commit-Position: refs/heads/master@{#36732}
2016-06-06 09:07:33 +00:00
machenbach
0d65554c05 [gn] Port test262 archiving to gn
This calls the action that archives test262 in gn. In gn
we can't specify an action output outside the product
directory. This works around it with an extra action
stamp file in the product directory, while the archive
remains in the test directory.

We don't want to generate the archive in the product
directory, as some legacy archiving scripts might include
it and it's too large. It should only be included in the
swarming tasks that are going to use it for testing.

BUG=chromium:474921

Review-Url: https://codereview.chromium.org/2034713005
Cr-Commit-Position: refs/heads/master@{#36731}
2016-06-06 08:56:58 +00:00
oth
ecd4086cf0 [interpreter] Faster and fewer flushes in register optimizer.
This change requires a single pass over the register set during
bytecode pipeline flushes.

A few bytecode tests are updated too because the order of register
flushes is different.

BUG=v8:4280
LOG=N

Review-Url: https://codereview.chromium.org/2033013002
Cr-Commit-Position: refs/heads/master@{#36726}
2016-06-04 09:48:06 +00:00
adamk
611257fbb1 [es7] Array.prototype.includes should be unscopable
R=littledan@chromium.org
BUG=v8:5059

Review-Url: https://codereview.chromium.org/2033263002
Cr-Commit-Position: refs/heads/master@{#36721}
2016-06-03 18:30:10 +00:00
yangguo
8d90210a1e [debug] implement intuitive semantics for stepping over await call.
R=*bmeurer@chromium.org, caitpotter88@gmail.com, *littledan@chromium.org, *ulan@chromium.org
BUG=v8:4483

Review-Url: https://codereview.chromium.org/2033223003
Cr-Commit-Position: refs/heads/master@{#36718}
2016-06-03 15:31:52 +00:00
rmcilroy
de9d1d8bc6 [Interpreter] Move jump processing to bytecode array writer.
This moves processing of jumps out of bytecode array builder and into
bytecode array writer. This simplifies the pipeline by avoiding having
to flush for offset and patch up offsets in bytecode array builder based
on what was emitted by the bytecode array writer.

This also enables future refactorings to add dead code elimination back
into the pipeline, and move processing of scalable operand sizes to the
end of the pipeline (in the bytecode array writer) rather than having to
deal with scalable operand types throughout pipeline.

BUG=v8:4280,chromium:616064

Review-Url: https://codereview.chromium.org/2035813002
Cr-Commit-Position: refs/heads/master@{#36716}
2016-06-03 14:53:23 +00:00
machenbach
976a62acd1 [gn] Add swarming support for all test targets
This adds corresponding *_run targets for all swarming
isolate actions existing in gyp. This also wires all
targets together under gn_all.

BUG=chromium:474921
NOTRY=true

Review-Url: https://codereview.chromium.org/2033813004
Cr-Commit-Position: refs/heads/master@{#36714}
2016-06-03 13:48:44 +00:00
machenbach
63526069c2 [gn] Add fuzzer targets.
This adds the v8-side fuzzer executables for smoke testing.
This also renames the old gyp targets to stay consistent
with chromium.

Naming convention for type X after the rename:
library: X_fuzzer (gn), X_fuzzer_lib (gyp)
executable v8: v8_simple_X_fuzzer
executable chromium: v8_X_fuzzer

BUG=chromium:474921

Review-Url: https://codereview.chromium.org/2032363002
Cr-Commit-Position: refs/heads/master@{#36713}
2016-06-03 13:12:58 +00:00
bbudge
39442cf714 Add FloatRegister names to RegisterConfiguration.
- Adds names for float registers to RegisterConfiguration and uses them
when we have the MachineRepresentation.

LOG=N
BUG=v8:4124

Review-Url: https://codereview.chromium.org/2030143002
Cr-Commit-Position: refs/heads/master@{#36712}
2016-06-03 13:02:13 +00:00
yangguo
2d5c9be331 [debugger] add test case for debug-evaluation with promise microtasks.
R=littledan@chromium.org

Review-Url: https://codereview.chromium.org/2021013002
Cr-Commit-Position: refs/heads/master@{#36711}
2016-06-03 12:07:41 +00:00
rmcilroy
f4cf05fc01 [Interpreter] Add intrinsics for Is<Type> calls.
Add intrinsics for IsSmi, IsTypedArray, IsRegExp and IsJSProxy,
all of which are intrinsics in Full-Codegen.

BUG=v8:4280
LOG=N

Review-Url: https://codereview.chromium.org/2034493002
Cr-Commit-Position: refs/heads/master@{#36707}
2016-06-03 10:56:01 +00:00
rmcilroy
dffbcfe8eb Disable flaky JsNativeJsSample on Ignition.
BUG=v8:4751
TBR=machenbach@chromium.org

Review-Url: https://codereview.chromium.org/2033773003
Cr-Commit-Position: refs/heads/master@{#36706}
2016-06-03 10:53:03 +00:00
mstarzinger
28e6753acc [turbofan] Remove frame state input from speculative ops.
These speculative binary operators are simplified operators and should
not need a frame state themselves. These eager bailout points can by now
be found via checkpoints in the graph, whereas frame states attached to
nodes directly should always represent lazy bailout points.

R=jarin@chromium.org
BUG=v8:5021

Review-Url: https://codereview.chromium.org/2037673002
Cr-Commit-Position: refs/heads/master@{#36705}
2016-06-03 10:02:04 +00:00
bmeurer
f2da19fe39 [builtins] Migrate Math.log to TurboFan.
Introduce a dedicated Float64Log machine operator, that is either
implemented by a direct C call or by platform specific code, i.e.
using the FPU on x64 and ia32.

This operator is used to implement Math.log as a proper TurboFan
builtin on top of the CodeStubAssembler.

Also introduce a NumberLog simplified operator on top of Float64Log
and use that for the fast inline path of Math.log inside TurboFan
optimized code.

BUG=v8:5065

Review-Url: https://codereview.chromium.org/2029413005
Cr-Commit-Position: refs/heads/master@{#36703}
2016-06-03 09:48:25 +00:00
mstarzinger
bf7034bfed [turbofan] Remove eager frame state from property access.
This removes the frame state input representing the before-state from
nodes performing property accesses. These frame states can by now be
found via checkpoints in the graph.

R=jarin@chromium.org
BUG=v8:5021

Review-Url: https://codereview.chromium.org/2034673002
Cr-Commit-Position: refs/heads/master@{#36699}
2016-06-03 08:59:32 +00:00
Miran.Karic
16dda2152f Fix bytecode operand type
A value in unittests/Bytecodes.DecodeBytecodeAndOperands was 16 bit
instead of 8 bit. This was causing test to fail on big endian machines.

BUG=

Review-Url: https://codereview.chromium.org/2030063002
Cr-Commit-Position: refs/heads/master@{#36698}
2016-06-03 08:36:30 +00:00
ahaas
ae521505c4 [heap] Store the host address in the typed remembered set.
We need the host address in another CL to clear invalid slots.

R=ulan@chromium.org

Review-Url: https://codereview.chromium.org/2025833002
Cr-Commit-Position: refs/heads/master@{#36696}
2016-06-03 08:31:09 +00:00
brucedawson
dea0d74747 Suppress compiler and linker warnings in v8 test binaries
VC++ complains about truncation of integer constants despite use of
static_cast. This isn't very helpful as it gives no way of suppressing
the warning in code, so this change suppresses it on the command line.

Additionally, the linker complains about importing of locally defined
functions in component builds. Until this is fixed the warnings should
be suppressed.

NOTRY=true

Review-Url: https://codereview.chromium.org/2028353004
Cr-Commit-Position: refs/heads/master@{#36695}
2016-06-03 08:23:17 +00:00
danno
70e302eedd [turbofan] Fix assert caused by bogus merging of out-of-scope CodeAssembler variables
Previously, CodeAssembler Variables declared in an explicit C++ scope would
continue to be merged into future labels beyond that scope, causing
asserts. This CL ensures that Variables are properly ignored when they go out of
scope.

Review-Url: https://codereview.chromium.org/2035683002
Cr-Commit-Position: refs/heads/master@{#36690}
2016-06-02 21:24:40 +00:00
danno
afb0e7a4bd [turbofan] Fix phi-hinting problem with deferred blocks
Previously, turbofan selected the gap use from first predecessor block when
hinting a phi, unless that block was deferred, in which case the gap move from
the first non-deferred predecessor block was chosen.

This strategy didn't guarantee that an important invariant was maintained: the
predecessor blocks chosen for hinting phis must preceed the phi's block in the
rpo ordering. In most cases the strategy worked, since graphs generated by the
AstGraphBuilder and existing stubs just happened to always generate schedules
where this rpo ordering property for the first predecessor block, but it is
quite possible to generate a code stub by hand that doesn't have this property
(see included test case).

After this CL, the allocator chooses either the the first non-deferred
"rpo-preceeding" block to be the hinting block, or the first deferred
"rpo-preceeding" block if that doesn't exist. In all previously-existing code,
this behavior is the same as the original algorithm, but has the benefit of not
failing in the register allocator in hand-crafted stubs where all the
"rpo-preceeding" predecessors are all in deferred code.

Review-Url: https://codereview.chromium.org/2030463003
Cr-Commit-Position: refs/heads/master@{#36689}
2016-06-02 20:34:18 +00:00
ishell
3c4f903e56 [stubs] Extend HasProperty stub with dictionary-mode, string wrapper and double-elements objects support.
This CL also replaces some Branch() usages with GotoIf/GotoUnless.

(This is a reland after fixing issues that prevented this CL from landing in other CLs).

BUG=v8:2743
LOG=Y

Committed: https://crrev.com/24066b6df4259b302edfa1db884c479008776a7e
Cr-Commit-Position: refs/heads/master@{#36657}

Review-Url: https://codereview.chromium.org/1995453002
Cr-Commit-Position: refs/heads/master@{#36686}
2016-06-02 15:02:58 +00:00
ishell
e7d8279a14 Make CodeStubAssemblerTester use its own zone instead of Isolate::runtime_zone().
... to ensure that the zone is properly shut down.

Review-Url: https://codereview.chromium.org/2034463003
Cr-Commit-Position: refs/heads/master@{#36684}
2016-06-02 14:25:22 +00:00
ishell
5a5c115efd Move test/cctest/compiler/test-code-stub-assembler.cc to test/cctest directory.
... since CodeStubAssembler does not belong to v8::internal::compiler namespace anymore.

Review-Url: https://codereview.chromium.org/2035533003
Cr-Commit-Position: refs/heads/master@{#36683}
2016-06-02 14:10:00 +00:00
jkummerow
3188210377 Refactor Maps' code_cache
Most maps have a small code cache (often only one entry), so this patch
optimizes memory consumption of such cases by using plain FixedArrays,
only switching to CodeCacheHashTables when the number of cached entries
gets so large that linear-scan lookups get too slow.

On loading inbox.google.com, this gets the aggregate size of all maps'
code caches (there are about 13,600 of them) from 4300 KB to 970 KB.

Review-Url: https://codereview.chromium.org/2021373002
Cr-Commit-Position: refs/heads/master@{#36681}
2016-06-02 13:19:24 +00:00
neis
8154d977e4 Fix bug in yield* desugaring.
In one corner case, we incorrectly returned a value without first wrapping it in
an iterator result object.

R=littledan@chromium.org
BUG=v8:5057

Review-Url: https://codereview.chromium.org/2034653002
Cr-Commit-Position: refs/heads/master@{#36676}
2016-06-02 09:43:59 +00:00
jarin
216bcf9fb3 [turbofan] Initial version of number type feedback.
This introduces optimized number operations based on type feedback.

Summary of changes:

1. Typed lowering produces SpeculativeNumberAdd/Subtract for JSAdd/Subtract if
   there is suitable feedback. The speculative nodes are connected to both the
   effect chain and the control chain and they retain the eager frame state.

2. Simplified lowering now executes in three phases:
  a. Propagation phase computes truncations by traversing the graph from uses to
     definitions until checkpoint is reached. It also records type-check decisions
     for later typing phase, and computes representation.
  b. The typing phase computes more precise types base on the speculative types (and recomputes
     representation for affected nodes).
  c. The lowering phase performs lowering and inserts representation changes and/or checks.

3. Effect-control linearization lowers the checks to machine graphs.

Notes:

- SimplifiedLowering will be refactored to have handling of each operation one place and
  with clearer input/output protocol for each sub-phase. I would prefer to do this once
  we have more operations implemented, and the pattern is clearer.

- The check operations (Checked<A>To<B>) should have some flags that would affect
  the kind of truncations that they can handle. E.g., if we know that a node produces
  a number, we can omit the oddball check in the CheckedTaggedToFloat64 lowering.

- In future, we want the typer to reuse the logic from OperationTyper.

BUG=v8:4583
LOG=n

Review-Url: https://codereview.chromium.org/1921563002
Cr-Commit-Position: refs/heads/master@{#36674}
2016-06-02 09:23:13 +00:00
Benedikt Meurer
bea121aaa5 [turbofan] Eager frame state gone from JSCallFunction.
TBR=jarin@chromium.org

Review URL: https://codereview.chromium.org/2038463003 .

Cr-Commit-Position: refs/heads/master@{#36672}
2016-06-02 08:49:30 +00:00
mstarzinger
864b07e9eb [turbofan] Remove eager frame state from call nodes.
This removes the frame state input representing the before-state from
nodes having the {JSCallFunction} or {JSCallConstruct} operator. These
frame states can by now be found via checkpoints in the graph.

R=bmeurer@chromium.org
BUG=v8:5021

Review-Url: https://codereview.chromium.org/2025573003
Cr-Commit-Position: refs/heads/master@{#36669}
2016-06-02 08:04:29 +00:00
bmeurer
5a3a6dafae [turbofan] Add new StringFromCharCode simplified operator.
We use StringFromCharCode to optimize calls to String.fromCharCode with
a single Number argument for now. We will use it to also implement the
charAt method on the String prototype.

R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2037453003
Cr-Commit-Position: refs/heads/master@{#36668}
2016-06-02 08:01:48 +00:00
mlippautz
5979bf5654 Revert of Reland "[heap] Fine-grained JSArrayBuffer tracking" (patchset #7 id:180001 of https://codereview.chromium.org/2026633003/ )
Reason for revert:
Also failing with the new implementation:
  https://build.chromium.org/p/chromium.gpu/builders/Linux%20Debug%20%28NVIDIA%29/builds/62646

Will do a local repro now.

Original issue's description:
> Track based on JSArrayBuffer addresses on pages instead of the attached
> backing store.
>
> Details of tracking:
> - Scavenge: New space pages are processes in bulk on the main thread
> - MC: Unswept pages are processed in bulk in parallel. All other pages
>   are processed by the sweeper concurrently.
>
> BUG=chromium:611688
> LOG=N
> TEST=cctest/test-array-buffer-tracker/*
> CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel
>
> Committed: https://crrev.com/279e274eccf95fbb4bd41d908b9153acf6ec118a
> Cr-Commit-Position: refs/heads/master@{#36653}

TBR=hpayer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:611688

Review-Url: https://codereview.chromium.org/2032973002
Cr-Commit-Position: refs/heads/master@{#36663}
2016-06-02 06:47:34 +00:00
jarin
0d4c526a1d [crankshaft] Reland "Only exclude explicit 'arguments' (and 'this') from liveness analysis."
Reland of https://codereview.chromium.org/2026173003 (reverted by
https://codereview.chromium.org/2029563002).

Additionally, we need to record environment markers even for the
case of a.length, where a is aliased arguments (which crankshaft
optimizes to constant for the inlined case or to HArgumentsLength
when not inlined).

BUG=chromium:612146

Review-Url: https://codereview.chromium.org/2028243002
Cr-Commit-Position: refs/heads/master@{#36662}
2016-06-02 04:30:17 +00:00
rmcilroy
2fd3f9d69b [Interpreter] Don't try to eliminate dead-code in bytecode-array-builder
Eliminating dead code in the bytecode array builder doesn't play nice
with the register elimination optimizer. We should move it to it's own
stage in the optimization pipeline, however doing so would require
refactoring of how we deal with jumps, so for now just remove the dead
code elimination optimization.

BUG=chromium:616064

Review-Url: https://codereview.chromium.org/2030583002
Cr-Commit-Position: refs/heads/master@{#36660}
2016-06-01 22:55:10 +00:00
ishell
9b4f836a2d Revert of Extend HasProperty stub with dictionary-mode and double-elements objects support. (patchset #8 id:280001 of https://codereview.chromium.org/1995453002/ )
Reason for revert:
There are crashes on Win32 and Win64 bots.

Original issue's description:
> Extend HasProperty stub with dictionary-mode, string wrapper and double-elements objects support.
>
> This CL also replaces some Branch() usages with GotoIf/GotoUnless.
>
> BUG=v8:2743
> LOG=Y
>
> Committed: https://crrev.com/24066b6df4259b302edfa1db884c479008776a7e
> Cr-Commit-Position: refs/heads/master@{#36657}

TBR=verwaest@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:2743

Review-Url: https://codereview.chromium.org/2028333002
Cr-Commit-Position: refs/heads/master@{#36659}
2016-06-01 21:10:13 +00:00
ishell
24066b6df4 Extend HasProperty stub with dictionary-mode, string wrapper and double-elements objects support.
This CL also replaces some Branch() usages with GotoIf/GotoUnless.

BUG=v8:2743
LOG=Y

Review-Url: https://codereview.chromium.org/1995453002
Cr-Commit-Position: refs/heads/master@{#36657}
2016-06-01 20:00:20 +00:00
lpy
ee43805a66 [base] Implement CPU time on Windows.
We already implemented CPU time for OS X and POSIX, this path is a
follow up for the implementation on Windows.

BUG=v8:5000
LOG=n

Review-Url: https://codereview.chromium.org/1977983003
Cr-Commit-Position: refs/heads/master@{#36656}
2016-06-01 18:55:51 +00:00
gsathya
a7d091ffe3 math.js: Use %_TypedArrayGetLength to get length
https://codereview.chromium.org/2001393004 makes TypedArray
length property writable, which means we shouldn't depend on it.
Instead, use %_TypedArrayGetLength% to get length.

Attached regression test.

BUG=chromium:615776

Review-Url: https://codereview.chromium.org/2020203006
Cr-Commit-Position: refs/heads/master@{#36655}
2016-06-01 18:44:30 +00:00
bbudge
817b59c8ad Turbofan: Modify WASM linkage to store floats using only 4 bytes.
Adds instructions for ARM to push floats.

LOG=N
BUG=v8:4124

Review-Url: https://codereview.chromium.org/2024443002
Cr-Commit-Position: refs/heads/master@{#36654}
2016-06-01 17:43:45 +00:00
mlippautz
279e274ecc Track based on JSArrayBuffer addresses on pages instead of the attached
backing store.

Details of tracking:
- Scavenge: New space pages are processes in bulk on the main thread
- MC: Unswept pages are processed in bulk in parallel. All other pages
  are processed by the sweeper concurrently.

BUG=chromium:611688
LOG=N
TEST=cctest/test-array-buffer-tracker/*
CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel

Review-Url: https://codereview.chromium.org/2026633003
Cr-Commit-Position: refs/heads/master@{#36653}
2016-06-01 16:30:32 +00:00
ishell
9fa206e1f4 [runtime] Ensure that all elements kind transitions are chained to the root map.
This CL also updates the elements kind transition lookup logic:
1) First we go back to the root map,
2) Follow elements kind transitions,
3) Replay the property transitions.

BUG=v8:5009
LOG=Y
TBR=bmeurer@chromium.org

Review-Url: https://codereview.chromium.org/2015513002
Cr-Commit-Position: refs/heads/master@{#36652}
2016-06-01 15:55:11 +00:00
rmcilroy
471893ccec [Interpreter] Fix GenerateSmiToDouble to avoid assuming it is called from a JSFrame.
GenerateSmiToDouble on ia32 assumes that it is called from a JSFrame and can restore
the context from the StandardFrameConstants::kContextObject. In the case of the
interpreter it is called from a interpreter handler stub frame which doesn't
push the context onto it's frame. Instead, push and pop esi to explicitly restore it
correctly.

BUG=chromium:612386

Review-Url: https://codereview.chromium.org/2011313003
Cr-Commit-Position: refs/heads/master@{#36649}
2016-06-01 14:49:00 +00:00
machenbach
9d5b4b6cd9 [gn] Add cctest
BUG=chromium:474921

Committed: https://crrev.com/52a6fced896e3f64ac56eb57bcdea78393642e0c
Cr-Commit-Position: refs/heads/master@{#36517}

Committed: https://crrev.com/65678bc67fc48dfe4dcab7fdd2c4b7e1d6e918f4
Cr-Commit-Position: refs/heads/master@{#36586}

TBR=jochen@chromium.org

Committed: https://crrev.com/eea9fbe1858df23dd832ed8ddd284f98120d9e21
Cr-Commit-Position: refs/heads/master@{#36607}

Review-Url: https://codereview.chromium.org/2007143003
Cr-Commit-Position: refs/heads/master@{#36648}
2016-06-01 14:16:27 +00:00
Miran.Karic
b8786b35fc Fix bytecode operand values
A few values were missing use of a macro causing test to fail on big
endian machines.

BUG=

Review-Url: https://codereview.chromium.org/2024123002
Cr-Commit-Position: refs/heads/master@{#36645}
2016-06-01 13:05:35 +00:00
machenbach
8b0a6dd652 Revert of [crankshaft] Only exclude explicit 'arguments' (and 'this') from liveness analysis. (patchset #2 id:20001 of https://codereview.chromium.org/2026173003/ )
Reason for revert:
Triggers crashes on the deopt fuzzer:
https://build.chromium.org/p/client.v8/builders/V8%20Deopt%20Fuzzer/builds/10608

Repro:
out/Release/d8 --test --random-seed=849179141 --deopt-every-n-times 149 --nohard-abort --nodead-code-elimination --nofold-constants --noconcurrent-recompilation test/webkit/resources/standalone-pre.js test/webkit/dfg-arguments-mixed-alias.js test/webkit/resources/standalone-post.js

Original issue's description:
> [crankshaft] Only exclude explicit 'arguments' (and 'this') from liveness analysis.
>
> Currently, we do not emit EnvironmentMarkers if the hydrogen value
> in the environment is arguments object. As the hydrogen value can change
> for local variables, we emit only some environment markers. That can
> cause environment liveness analysis to mark part of live range as live
> and part as dead. The zapping phase then only inserts zaps in
> live->dead transitions, potentially zapping a live value.
>
> With this CL, we only emit EnvironmentMarkers for 'this' and
> 'arguments' local variables, disregarding the hydrogen value.
>
> BUG=chromium:612146
> LOG=n
>
> Committed: https://crrev.com/1428fbe224dc2df0cb6f59e4959430f7aa614064
> Cr-Commit-Position: refs/heads/master@{#36641}

TBR=jkummerow@chromium.org,jarin@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:612146

Review-Url: https://codereview.chromium.org/2029563002
Cr-Commit-Position: refs/heads/master@{#36644}
2016-06-01 12:45:06 +00:00
hlopko
dc78e0d4d7 Immediately promote marked objects during scavenge
It happens that a scavenger runs during incremental marking. Currently scavenger does not care about MarkCompact's mark bits. When an object is alive and marked, and at least one scavenge happens during incremental marking, the object will be copied once to the other semispace in the new_space, and then once to the old_space. For surviving objects this is useless extra work.

In our current attempts (https://codereview.chromium.org/1988623002) to ensure marked objects are scavenged, all marked objects will survive therefore there will be many objects which will be uselessly copied.

This cl modifies our promotion logic so when incremental marking is in progress, and the object is marked, we promote it unconditionally.

BUG=
LOG=no

Review-Url: https://codereview.chromium.org/2005173003
Cr-Commit-Position: refs/heads/master@{#36643}
2016-06-01 12:32:20 +00:00
machenbach
d87fb10fe7 [gn] Add unittests
BUG=chromium:474921
NOTRY=true

Committed: https://crrev.com/67e549ec5b34ad02506abb2720c6a0851ae31f5e
Cr-Commit-Position: refs/heads/master@{#36510}

Committed: https://crrev.com/143b3d167d7014525d049d3ab53c73cf2592243c
Cr-Commit-Position: refs/heads/master@{#36582}

Committed: https://crrev.com/378a26c03efc74bda401daa5accda223cb266177
Cr-Commit-Position: refs/heads/master@{#36606}

Review-Url: https://codereview.chromium.org/2011853002
Cr-Commit-Position: refs/heads/master@{#36642}
2016-06-01 12:29:40 +00:00
jarin
1428fbe224 [crankshaft] Only exclude explicit 'arguments' (and 'this') from liveness analysis.
Currently, we do not emit EnvironmentMarkers if the hydrogen value
in the environment is arguments object. As the hydrogen value can change
for local variables, we emit only some environment markers. That can
cause environment liveness analysis to mark part of live range as live
and part as dead. The zapping phase then only inserts zaps in
live->dead transitions, potentially zapping a live value.

With this CL, we only emit EnvironmentMarkers for 'this' and
'arguments' local variables, disregarding the hydrogen value.

BUG=chromium:612146
LOG=n

Review-Url: https://codereview.chromium.org/2026173003
Cr-Commit-Position: refs/heads/master@{#36641}
2016-06-01 12:04:35 +00:00
epertoso
79f45e026b Revert of Provide a tagged allocation top pointer. (patchset #4 id:60001 of https://codereview.chromium.org/2028633002/ )
Reason for revert:
Seems to be causing flakiness in some wasm tests:

https://build.chromium.org/p/client.v8/builders/V8%20Linux/builds/10598
https://build.chromium.org/p/client.v8/builders/V8%20Win32%20-%20debug/builds/2528

Original issue's description:
> Provide a tagged allocation top pointer.
>
> Taking over http://crrev.com/1924223002.
>
> BUG=chromium:606711
> LOG=N
>
> Committed: https://crrev.com/f42c9e93c80fdf57e8f92bb87f6ed927d0ae4028
> Cr-Commit-Position: refs/heads/master@{#36633}

TBR=bmeurer@chromium.org,hpayer@chromium.org,machenbach@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:606711

Review-Url: https://codereview.chromium.org/2031493002
Cr-Commit-Position: refs/heads/master@{#36640}
2016-06-01 11:04:18 +00:00
mstarzinger
d673d8908a [turbofan] Rename {CheckPoint} to {Checkpoint} everywhere.
R=bmeurer@chromium.org
BUG=v8:5021

Review-Url: https://codereview.chromium.org/2022033004
Cr-Commit-Position: refs/heads/master@{#36637}
2016-06-01 09:07:19 +00:00
mstarzinger
7ecf1a059b [turbofan] Implement simplistic checkpoint reducer.
This adds a very simplistic reduction of {CheckPoint} nodes via the new
{CheckpointElimination}, eliminating redundant check points that appear
in an effect chain of operations that are all {kNoWrite}. Such a chain
allows an arbitrary check point to be chosen. The current approach will
end up choosing the first one for all deopts in the chain.

R=bmeurer@chromium.org
TEST=unittests/CheckpointEliminationTest.CheckPointChain
BUG=v8:5021

Review-Url: https://codereview.chromium.org/2022913003
Cr-Commit-Position: refs/heads/master@{#36634}
2016-06-01 08:39:11 +00:00
epertoso
f42c9e93c8 Provide a tagged allocation top pointer.
Taking over http://crrev.com/1924223002.

BUG=chromium:606711
LOG=N

Review-Url: https://codereview.chromium.org/2028633002
Cr-Commit-Position: refs/heads/master@{#36633}
2016-06-01 08:39:10 +00:00
pierre.langlois
27bd1747b4 [turbofan] ARM64: Match 64 bit compare with zero and branch
This patch enables the following transformations in the instruction
selector:

| Before           | After                  |
|------------------+------------------------|
| and x3, x1, #0x1 | tb{,n}z w1, #0, #+0x78 |
| cmp x3, #0x0     |                        |
| b.{eq,ne} #+0x80 |                        |
|------------------+------------------------|
| cmp x0, #0x0     | cb{,n}z x0, #+0x48     |
| b.{eq,ne} #+0x4c |                        |

I have not seen these patterns beeing generated by turbofan, however the
stubs hit these cases frequently. A particular reason is that we are
turning operations that check for a Smi into a single `tbz`.

As a concequence, the interpreter is affected thanks to inlining
turbofan stubs into it's bytecode handlers. I have noticed the size of
the interpreter was reduced by 200 instructions.

BUG=

Review-Url: https://codereview.chromium.org/2022073002
Cr-Commit-Position: refs/heads/master@{#36632}
2016-06-01 08:03:01 +00:00
bmeurer
f2c0264a0a [x64] Fix invalid REX prefix for pslld, psrld and friends.
R=epertoso@chromium.org

Review-Url: https://codereview.chromium.org/2026633004
Cr-Commit-Position: refs/heads/master@{#36631}
2016-06-01 07:59:56 +00:00
kozyatinskiy
54245bd6b2 Debugger: fix crash in DebugEvaluate
If scripts is paused in class constructor before super() call then any attempt to evaluate something like this.* on top frame will produce crash.

BUG=chromium:614019
R=yangguo@chromium.org

Review-Url: https://codereview.chromium.org/2013223003
Cr-Commit-Position: refs/heads/master@{#36625}
2016-05-31 22:05:24 +00:00
machenbach
72f7d9a294 Revert of [heap] Do not invoke GC to make heap iterable. (patchset #3 id:40001 of https://codereview.chromium.org/1992913004/ )
Reason for revert:
[Sheriff] Speculative revert for some flakes on the waterfall:
https://build.chromium.org/p/client.v8/builders/V8%20Mac%20-%20debug/builds/7409
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20-%20avx2/builds/7983
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20-%20internal%20snapshot/builds/4901

Original issue's description:
> [heap] Do not invoke GC to make heap iterable.
>
> This reverts commit 0aa3707dc4.
>
> And removes the UnreachableObjectsFilter.
>
> BUG=chromium:580959
> LOG=n
>
> Committed: https://crrev.com/132f89800f560190b4d655adcb4e0eeedd17fd82
> Cr-Commit-Position: refs/heads/master@{#36617}

TBR=yangguo@chromium.org,ulan@chromium.org,hpayer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:580959

Review-Url: https://codereview.chromium.org/2020363002
Cr-Commit-Position: refs/heads/master@{#36622}
2016-05-31 17:43:15 +00:00
littledan
46253e743d [esnext] Fix various callsites to use is_resumable, not is_generator
Async functions are built out of generators, but the
SharedFunctionInfo returns false for is_generator. is_resumable is
the broader query. This patch fixes many parts of V8 to refer
to is_resumable as appropriate.

One incidental change is to remove a check for generators extending
classes. This is part of a general check for constructors being the
only thing which can extend classes, so it is removed here and the
error message for the general case is made more accurate.

BUG=v8:4483

Review-Url: https://codereview.chromium.org/1996943002
Cr-Commit-Position: refs/heads/master@{#36621}
2016-05-31 17:15:15 +00:00
hpayer
132f89800f [heap] Do not invoke GC to make heap iterable.
This reverts commit 0aa3707dc4.

And removes the UnreachableObjectsFilter.

BUG=chromium:580959
LOG=n

Review-Url: https://codereview.chromium.org/1992913004
Cr-Commit-Position: refs/heads/master@{#36617}
2016-05-31 14:50:39 +00:00
machenbach
b80750f316 Revert of [gn] Add unittests (patchset #7 id:120001 of https://codereview.chromium.org/2011853002/ )
Reason for revert:
Still http://crbug.com/615890

Original issue's description:
> [gn] Add unittests
>
> BUG=chromium:474921
> NOTRY=true
>
> Committed: https://crrev.com/67e549ec5b34ad02506abb2720c6a0851ae31f5e
> Cr-Commit-Position: refs/heads/master@{#36510}
>
> Committed: https://crrev.com/143b3d167d7014525d049d3ab53c73cf2592243c
> Cr-Commit-Position: refs/heads/master@{#36582}
>
> Committed: https://crrev.com/378a26c03efc74bda401daa5accda223cb266177
> Cr-Commit-Position: refs/heads/master@{#36606}

TBR=vogelheim@chromium.org,bmeurer@chromium.org,jochen@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:474921

Review-Url: https://codereview.chromium.org/2026713002
Cr-Commit-Position: refs/heads/master@{#36616}
2016-05-31 14:33:05 +00:00
machenbach
dae83bf0f7 Revert of [gn] Add cctest (patchset #4 id:60001 of https://codereview.chromium.org/2007143003/ )
Reason for revert:
Still http://crbug.com/615890

Original issue's description:
> [gn] Add cctest
>
> BUG=chromium:474921
>
> Committed: https://crrev.com/52a6fced896e3f64ac56eb57bcdea78393642e0c
> Cr-Commit-Position: refs/heads/master@{#36517}
>
> Committed: https://crrev.com/65678bc67fc48dfe4dcab7fdd2c4b7e1d6e918f4
> Cr-Commit-Position: refs/heads/master@{#36586}
>
> TBR=jochen@chromium.org
>
> Committed: https://crrev.com/eea9fbe1858df23dd832ed8ddd284f98120d9e21
> Cr-Commit-Position: refs/heads/master@{#36607}

TBR=jochen@chromium.org,vogelheim@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:474921

Review-Url: https://codereview.chromium.org/2026703002
Cr-Commit-Position: refs/heads/master@{#36615}
2016-05-31 14:30:07 +00:00
caitpotter88
f30f8286fb [test] add debugger tests for debug evaluation in async functions
BUG=v8:4483
R=littledan@chromium.org, yangguo@chromium.org

Review-Url: https://codereview.chromium.org/2010693003
Cr-Commit-Position: refs/heads/master@{#36614}
2016-05-31 14:14:47 +00:00
jarin
5e96f47bc8 [turbofan] Distinguish between change- and truncate-tagged-to-float64.
This prevents the compiler from optimizing
  f64-to-tagged(tagged-to-f64(x)) ==> x
for non-number x (such as undefined).

Review-Url: https://codereview.chromium.org/2027593002
Cr-Commit-Position: refs/heads/master@{#36613}
2016-05-31 12:01:40 +00:00
bmeurer
7554360f28 [builtins] Migrate String.fromCharCode to TurboFan code stub.
When we moved the String.fromCharCode builtin to C++, we slightly
regressed the fast single character code argument case. Recovered some
of the performance by implementing the builtin using the TurboFan
CodeStubAssembler.

Drive-by-fix: Make sure the stack trace from the implicit ToNumber
conversion in String.fromCharCode includes the builtin by adding a
regression test for that.

R=yangguo@chromium.org
BUG=chromium:609831,chromium:613947,v8:5049

Review-Url: https://codereview.chromium.org/2021143003
Cr-Commit-Position: refs/heads/master@{#36611}
2016-05-31 11:39:05 +00:00
yangguo
60afed46a0 [json] replace remaining json.js code with C++ builtins.
R=bmeurer@chromium.org

Review-Url: https://codereview.chromium.org/2026643003
Cr-Commit-Position: refs/heads/master@{#36610}
2016-05-31 09:34:54 +00:00
mlippautz
a43b732e0e Revert of Reland "[heap] Fine-grained JSArrayBuffer tracking" (patchset #2 id:20001 of https://codereview.chromium.org/2024063002/ )
Reason for revert:
Breaking
  http://build.chromium.org/p/client.v8/builders/V8%20Linux64%20-%20avx2/builds/7972

Original issue's description:
> Track based on JSArrayBuffer addresses on pages instead of the attached
> backing store.
>
> Details of tracking:
> - Scavenge: New space pages are processes in bulk on the main thread
> - MC: Unswept pages are processed in bulk in parallel. All other pages
>   are processed by the sweeper concurrently.
>
> BUG=chromium:611688
> LOG=N
> TEST=cctest/test-array-buffer-tracker/*
> CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel
>
> Committed: https://crrev.com/089da007bb990b5b29aab257aa836fdd3f3b8ce0
> Cr-Commit-Position: refs/heads/master@{#36608}

TBR=hpayer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:611688

Review-Url: https://codereview.chromium.org/2028503003
Cr-Commit-Position: refs/heads/master@{#36609}
2016-05-31 09:32:17 +00:00
mlippautz
089da007bb Track based on JSArrayBuffer addresses on pages instead of the attached
backing store.

Details of tracking:
- Scavenge: New space pages are processes in bulk on the main thread
- MC: Unswept pages are processed in bulk in parallel. All other pages
  are processed by the sweeper concurrently.

BUG=chromium:611688
LOG=N
TEST=cctest/test-array-buffer-tracker/*
CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel

Review-Url: https://codereview.chromium.org/2024063002
Cr-Commit-Position: refs/heads/master@{#36608}
2016-05-31 09:16:55 +00:00
machenbach
eea9fbe185 [gn] Add cctest
BUG=chromium:474921

Committed: https://crrev.com/52a6fced896e3f64ac56eb57bcdea78393642e0c
Cr-Commit-Position: refs/heads/master@{#36517}

Committed: https://crrev.com/65678bc67fc48dfe4dcab7fdd2c4b7e1d6e918f4
Cr-Commit-Position: refs/heads/master@{#36586}

TBR=jochen@chromium.org

Review-Url: https://codereview.chromium.org/2007143003
Cr-Commit-Position: refs/heads/master@{#36607}
2016-05-31 07:49:27 +00:00
machenbach
378a26c03e [gn] Add unittests
BUG=chromium:474921
NOTRY=true

Committed: https://crrev.com/67e549ec5b34ad02506abb2720c6a0851ae31f5e
Cr-Commit-Position: refs/heads/master@{#36510}

Committed: https://crrev.com/143b3d167d7014525d049d3ab53c73cf2592243c
Cr-Commit-Position: refs/heads/master@{#36582}

Review-Url: https://codereview.chromium.org/2011853002
Cr-Commit-Position: refs/heads/master@{#36606}
2016-05-31 07:14:39 +00:00
machenbach
b5249ff067 Revert of [gn] Add unittests (patchset #6 id:100001 of https://codereview.chromium.org/2011853002/ )
Reason for revert:
http://crbug.com/615890

Original issue's description:
> [gn] Add unittests
>
> BUG=chromium:474921
> NOTRY=true
>
> Committed: https://crrev.com/67e549ec5b34ad02506abb2720c6a0851ae31f5e
> Cr-Commit-Position: refs/heads/master@{#36510}
>
> Committed: https://crrev.com/143b3d167d7014525d049d3ab53c73cf2592243c
> Cr-Commit-Position: refs/heads/master@{#36582}

TBR=vogelheim@chromium.org,bmeurer@chromium.org,jochen@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:474921

Review-Url: https://codereview.chromium.org/2022893002
Cr-Commit-Position: refs/heads/master@{#36605}
2016-05-31 06:24:45 +00:00
hablich
9c20666d65 Revert of [gn] Add cctest (patchset #3 id:40001 of https://codereview.chromium.org/2007143003/ )
Reason for revert:
Blocks Roll https://bugs.chromium.org/p/chromium/issues/detail?id=615890

Original issue's description:
> [gn] Add cctest
>
> BUG=chromium:474921
> NOTRY=true
>
> Committed: https://crrev.com/52a6fced896e3f64ac56eb57bcdea78393642e0c
> Cr-Commit-Position: refs/heads/master@{#36517}
>
> Committed: https://crrev.com/65678bc67fc48dfe4dcab7fdd2c4b7e1d6e918f4
> Cr-Commit-Position: refs/heads/master@{#36586}

TBR=vogelheim@chromium.org,jochen@chromium.org,machenbach@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:474921

Review-Url: https://codereview.chromium.org/2021213002
Cr-Commit-Position: refs/heads/master@{#36603}
2016-05-31 04:57:47 +00:00
cbruni
63efe9e416 [api] Add more parameters to Object::GetPropertyNames
Expose more or less the full functionality of the KeyAccumulator in the API:
- use the PropertyFilter introduced for GetOwnPropertyNames
- use KeyCollectionLimit for OWN_ONLY or INLCUDE_PROTOS
- use IndexFilter to eithe SKIP_INDICES or INCLUDE_INDICES

Rewire Object::GetOwnPropertyNames to use GetPropertyNames.

BUG=chromium:148757

Review-Url: https://codereview.chromium.org/2002203002
Cr-Commit-Position: refs/heads/master@{#36595}
2016-05-30 15:54:12 +00:00
mlippautz
ecb2ec8ff3 Revert of Reland "[heap] Fine-grained JSArrayBuffer tracking" (patchset #3 id:60001 of https://codereview.chromium.org/2026463002/ )
Reason for revert:
Investigating new arm simulator failure:
  https://build.chromium.org/p/client.v8.ports/builders/V8%20Linux%20-%20arm%20-%20sim/builds/851/steps/Check%20-%20novfp3/logs/box2d

Original issue's description:
> Reland "[heap] Fine-grained JSArrayBuffer tracking"
>
> Track based on JSArrayBuffer addresses on pages instead of the attached
> backing store.
>
> Details of tracking:
> - Scavenge: New space pages are processes in bulk on the main thread
> - MC: Unswept pages are processed in bulk in parallel. All other pages
>   are processed by the sweeper concurrently.
>
> BUG=chromium:614730, chromium:611688
> LOG=N
> CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel
>
> Committed: https://crrev.com/bc0fb6e83eb7351f52bfd6f780bb6c12bd87c58c
> Cr-Commit-Position: refs/heads/master@{#36592}

TBR=hpayer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:614730, chromium:611688

Review-Url: https://codereview.chromium.org/2021893002
Cr-Commit-Position: refs/heads/master@{#36593}
2016-05-30 15:50:40 +00:00
mlippautz
bc0fb6e83e Reland "[heap] Fine-grained JSArrayBuffer tracking"
Track based on JSArrayBuffer addresses on pages instead of the attached
backing store.

Details of tracking:
- Scavenge: New space pages are processes in bulk on the main thread
- MC: Unswept pages are processed in bulk in parallel. All other pages
  are processed by the sweeper concurrently.

BUG=chromium:614730, chromium:611688
LOG=N
CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel

Review-Url: https://codereview.chromium.org/2026463002
Cr-Commit-Position: refs/heads/master@{#36592}
2016-05-30 14:53:29 +00:00
neis
f0c4de9696 [test] Remove obsolete status file entries.
R=rossberg@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2026543002
Cr-Commit-Position: refs/heads/master@{#36588}
2016-05-30 13:22:51 +00:00
ulan
8c6fedd653 [heap] Add the free remainder of a black page to the free list.
BUG=chromium:615489

Review-Url: https://codereview.chromium.org/2020743002
Cr-Commit-Position: refs/heads/master@{#36587}
2016-05-30 13:10:11 +00:00
machenbach
65678bc67f [gn] Add cctest
BUG=chromium:474921
NOTRY=true

Committed: https://crrev.com/52a6fced896e3f64ac56eb57bcdea78393642e0c
Cr-Commit-Position: refs/heads/master@{#36517}

Review-Url: https://codereview.chromium.org/2007143003
Cr-Commit-Position: refs/heads/master@{#36586}
2016-05-30 13:02:43 +00:00
bmeurer
496aecb61f [turbofan] Fix NumberIsHoleNaN to check the upper word.
The NumberIsHoleNaN operator used to test the lower word of the double
input which is obviously wrong.

R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2022753002
Cr-Commit-Position: refs/heads/master@{#36584}
2016-05-30 11:48:07 +00:00
neis
20e43a3a93 Add js-perf-test benchmark for generators.
BUG=v8:4907

Review-Url: https://codereview.chromium.org/2026503002
Cr-Commit-Position: refs/heads/master@{#36583}
2016-05-30 11:36:26 +00:00
machenbach
143b3d167d [gn] Add unittests
BUG=chromium:474921
NOTRY=true

Committed: https://crrev.com/67e549ec5b34ad02506abb2720c6a0851ae31f5e
Cr-Commit-Position: refs/heads/master@{#36510}

Review-Url: https://codereview.chromium.org/2011853002
Cr-Commit-Position: refs/heads/master@{#36582}
2016-05-30 11:36:25 +00:00
clemensh
25c2203a8f Check CallSite arguments more rigorously
Before, it was possible to construct invalid CallSite objects, which
would trigger a runtime assert when any function is called on it.
This check ensures to throw a TypeError when invalid information is
passed to the CallSite constructor.

This reverts part of this CL: https://codereview.chromium.org/2006603002

R=ishell@chromium.org, titzer@chromium.org, yangguo@chromium.org
BUG=chromium:614295

Review-Url: https://codereview.chromium.org/2010493002
Cr-Commit-Position: refs/heads/master@{#36578}
2016-05-30 10:30:13 +00:00
titzer
96774fa541 [wasm] Add more tests for interpreter breakpoints.
R=binji@chromium.org,ahaas@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2014373003
Cr-Commit-Position: refs/heads/master@{#36577}
2016-05-30 10:03:39 +00:00
lpy
ac3edd40af [prof] Add slide offset in dumpcpp script
An additional slide offset is exported into `shared-library`, which is used to
symbolize C++ stack on systems with ASLR (OS X).

This patch adds slide offset support in dumpcpp script.

BUG=v8:5048

Review-Url: https://codereview.chromium.org/2006813002
Cr-Commit-Position: refs/heads/master@{#36574}
2016-05-30 08:56:59 +00:00
machenbach
b951f7f8f5 Revert of [builtins] Also migrate String.prototype.toLowerCase/toUpperCase to C++. (patchset #2 id:20001 of https://codereview.chromium.org/2018983002/ )
Reason for revert:
Please rebase blink first (if intended):
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/7092

Original issue's description:
> [builtins] Also migrate String.prototype.toLowerCase/toUpperCase to C++.
>
> These builtins always call into C++ anyways and so there's no point in
> having the JavaScript wrapper around them, but instead they can be
> implemented as C++ builtins directly.
>
> R=franzih@chromium.org
> BUG=v8:5049
>
> Committed: https://crrev.com/4e66888869bf04c73b41e5747e4595747a7b20df
> Cr-Commit-Position: refs/heads/master@{#36569}

TBR=franzih@chromium.org,bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5049

Review-Url: https://codereview.chromium.org/2023753002
Cr-Commit-Position: refs/heads/master@{#36572}
2016-05-30 07:02:49 +00:00
machenbach
e24f019bd2 [test] Skip flaky test for turbofan always-opt and gc-stress
BUG=v8:5053
TBR=bmeurer@chromium.org
NOTRY=true

Review-Url: https://codereview.chromium.org/2024583002
Cr-Commit-Position: refs/heads/master@{#36571}
2016-05-30 07:00:00 +00:00
bmeurer
4e66888869 [builtins] Also migrate String.prototype.toLowerCase/toUpperCase to C++.
These builtins always call into C++ anyways and so there's no point in
having the JavaScript wrapper around them, but instead they can be
implemented as C++ builtins directly.

R=franzih@chromium.org
BUG=v8:5049

Review-Url: https://codereview.chromium.org/2018983002
Cr-Commit-Position: refs/heads/master@{#36569}
2016-05-30 04:22:35 +00:00
rmcilroy
aff90bc15b [Interpreter] Add intrinsic for Runtime::kInlineCall.
One of the top runtime calls in many workloads is Runtime_Call. Add an
intrinsic for the interpreter to inline this runtime call.

BUG=v8:4280
LOG=N

Review-Url: https://codereview.chromium.org/2019433003
Cr-Commit-Position: refs/heads/master@{#36565}
2016-05-27 22:30:39 +00:00
adamk
e9435eb9a5 Remove broken source/code caching support for Modules in d8
The busted logic caused us to go down the SCRIPT path internally,
causing us to fail the test262 tests that attempt to induce parse
errors at the top level.

R=littledan@chromium.org
BUG=v8:4985

Review-Url: https://codereview.chromium.org/2008743002
Cr-Commit-Position: refs/heads/master@{#36563}
2016-05-27 19:22:52 +00:00
littledan
7245dabdb1 Unship ES2015 for-in initializer restrictions
We now have data that 0.011% of websites use the pattern
  for (var i = 0 in j) { ... }
This pattern was banned by ES2015, with the idea to revisit if
it presents a web compatibility problem. Informally, after
the May 2016 TC39 meeting, the new data was discussed, and there
was interest in reversing the decision. Although the specification
is not yet updated, it seems likely to come soon.

This patch turns off the flag which bans that construct, reenabling
it. The change should prevent websites from breaking.

BUG=v8:4942

Review-Url: https://codereview.chromium.org/2011223003
Cr-Commit-Position: refs/heads/master@{#36562}
2016-05-27 19:14:47 +00:00
littledan
9778f2efad Expose a way to make a same-origin realm
Some tests, e.g. in test262, want to create a new same-origin
realm. This patch exposes a new function,
Realm.createAllowCrossRealmAccess(), which vends a new realm with
the same security token as the currently executing one.

Review-Url: https://codereview.chromium.org/1973363004
Cr-Commit-Position: refs/heads/master@{#36561}
2016-05-27 18:50:16 +00:00
adamk
2f8948a587 [test262] Remove non-existent tests from status, relabel current paths
R=littledan@chromium.org
BUG=v8:4628

Review-Url: https://codereview.chromium.org/2017753002
Cr-Commit-Position: refs/heads/master@{#36559}
2016-05-27 18:45:46 +00:00
littledan
6390282f96 Improve strictness of Annex B 3.3 for generators and async functions
Annex B 3.3 applies only for ordinary FunctionDeclarations, not
GeneratorDeclarations or AsyncFunctionDeclarations. This patch
- Skips applying Annex B 3.3 to async functions
- Adds a flag to refrain from applying it to generators
- UseCounter for how often duplicate function in block occurs
  with generators (unclear how to measure need for hoisting from block)

BUG=v8:4806

Review-Url: https://codereview.chromium.org/1995863002
Cr-Commit-Position: refs/heads/master@{#36557}
2016-05-27 18:23:20 +00:00
jshin
72d86e3772 Fix Intl*parsing tests and test status
intl/number-format/parse-percent.js
intl/date-format/parse-mdyhms.js
intl/number-format/parse-decimal.js
intl/date-format/parse-MMMdy.js

Also added a few more test cases.

BUG=v8:3454
TEST=The tests listed above.

Review-Url: https://codereview.chromium.org/1988073003
Cr-Commit-Position: refs/heads/master@{#36555}
2016-05-27 17:59:19 +00:00
bbudge
270a284fd0 Turbofan: Rename IsFloat -> IsFP
Rename some methods to reflect the fact that there are multiple FP
machine representations.

LOG=N
BUG=v8:4124

Review-Url: https://codereview.chromium.org/2013193002
Cr-Commit-Position: refs/heads/master@{#36552}
2016-05-27 17:44:41 +00:00
oth
5e8f8d4e8c [interpreter] Bytecode register optimizer.
Online optimization stage for reducing redundant transfers between registers.

BUG=V8:4280
LOG=N

Review-Url: https://codereview.chromium.org/1997653002
Cr-Commit-Position: refs/heads/master@{#36551}
2016-05-27 15:59:16 +00:00
jyan
e2172e1f0a [wasm] Rename some test names on the skip list for BE
R=titzer@chromium.org, bradnelson@chromium.org, ahaas@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2014283002
Cr-Commit-Position: refs/heads/master@{#36549}
2016-05-27 14:09:00 +00:00
titzer
fd2ccd74a8 [wasm] Remove redundant intermediate data structures in encoder.cc.
R=ahaas@chromium.org,bradnelson@chromium.org,aseemgarg@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2017853003
Cr-Commit-Position: refs/heads/master@{#36546}
2016-05-27 12:16:42 +00:00
georgia.kouveli
612bad1d22 [arm] [arm64] Add optional operators Float32Neg and Float64Neg.
Adding optional operators for FNeg for WebAssembly, as the current implementation was significantly suboptimal for ARM.

Review-Url: https://codereview.chromium.org/2011303002
Cr-Commit-Position: refs/heads/master@{#36544}
2016-05-27 11:22:07 +00:00
franzih
8c31bd81f2 [builtins] Rewrite uri.js as builtin functions.
Rewrite decodeURI and decodeURIComponent as builtin functions
and install them in the bootstrapper.

Delete unused runtime functions:
 - TruncateString
 - NewString
 - OneByteSeqStringGetChar
 - OneByteSeqStringSetChar
 - TwoByteSeqStringGetChar
 - TwoByteSeqStringSetChar

Add regression test for decoding large strings. Clusterfuzz detected
a problem with %TruncateString, see
https://bugs.chromium.org/p/chromium/issues/detail?id=612109#c6
This is automatically fixed by this rewrite because %TruncateString
is deleted anyways.

Crude benchmark on 585 decodeURI and decodeURIComponent tests
averaged over five runs:

* builtin functions
real	0m9.69s
user	2m39.8816s
sys    	0m12.6398s

* JS functions calling into the runtime e.g., for %TruncateString
real	0m11.0598s
user	3m6.7026s
sys	0m13.5756s

By running:
$  time tools/run-tests.py   --arch=x64  --mode=Release --buildbot
  test262/built-ins/decodeURI* mjsunit/uri
>>> Running tests for x64.Release

BUG=v8:4912, chromium:612109
R=yangguo@chromium.org, bmeurer@chromium.org

Review-Url: https://codereview.chromium.org/1994733003
Cr-Commit-Position: refs/heads/master@{#36543}
2016-05-27 09:57:07 +00:00
bmeurer
b2fd2ded16 [runtime] Remove the obsolete %_StringCharAt intrinsic.
This intrinsic (and the matching runtime entry) are no longer used by
now and can thereby be removed.

BUG=v8:5049

Review-Url: https://codereview.chromium.org/2016993003
Cr-Commit-Position: refs/heads/master@{#36540}
2016-05-27 08:52:32 +00:00
mvstanton
91c88644dc Move of the type feedback vector to the closure.
We get less "pollution" of type feedback if we have one vector per native
context, rather than one for the whole system. This CL moves the vector
appropriately.

BUG=

Review-Url: https://codereview.chromium.org/1906823002
Cr-Commit-Position: refs/heads/master@{#36539}
2016-05-27 08:10:51 +00:00
gsathya
1d4fe00287 Promises: Lazily create arrays to store resolve, reject callbacks
For the common use case of having a single resolve or reject callback,
the callbacks are stored directly. Only when an additional callback is
registered, we create an array to store these callbacks.

There are 3 possible states for the resolve, reject symbols when we add
a new callback --
1) UNDEFINED -- This is the zero state where there is no callback
registered. When we see this state, we directly attach the callbacks to
the symbol.
2) !IS_ARRAY -- There is a single callback directly attached to the
symbols. We need to create a new array to store additional callbacks.
3) IS_ARRAY -- There are multiple callbacks already registered,
therefore we can just push the new callback to the existing array.

Also, this change creates a new symbol for storing the deferred objects.
Previously the deferred objects were stored in the callback arrays, but
since we no longer create arrays for the initial case, we need this new
symbol. The cctest has been updated to account for this new symbol.

This patch results in a 19% improvement(over 5 runs) in the bluebird benchmark.

BUG=v8:5046

Review-Url: https://codereview.chromium.org/2007803002
Cr-Commit-Position: refs/heads/master@{#36536}
2016-05-26 23:30:37 +00:00
lpy
a0198c0f62 Reland: Create libsampler as V8 sampler library.
This patch does five things:

1. Extracts sampler as libsampler to provide sampling functionality support.
2. Makes SampleStack virtual so embedders can override the behaviour of sample collecting.
3. Removes sampler.[h|cc].
4. Moves sampling thread into log.cc as workaround to keep the --prof functionality.
5. Creates SamplerManager to manage the relationship between samplers and threads.

The reason we port hashmap.h is that in debug mode, STL containers are using
mutexes from a mutex pool, which may lead to deadlock when using asynchronously
signal handler.

Currently libsampler is used in V8 temporarily.

BUG=v8:4789
LOG=n

Committed: https://crrev.com/06cc9b7c176a6223971deaa9fbcafe1a05058c7b
Cr-Commit-Position: refs/heads/master@{#36527}

Review-Url: https://codereview.chromium.org/1922303002
Cr-Commit-Position: refs/heads/master@{#36532}
2016-05-26 02:14:50 +00:00
mlippautz
6a92d74875 Revert of "[heap] Fine-grained JSArrayBuffer tracking" (patchset #1 id:1 of https://codereview.chromium.org/2009383002/ )
Reason for revert:
https://build.chromium.org/p/chromium.gpu.fyi/builders/Linux%20Debug%20%28NVIDIA%29/builds/29860/steps/maps_pixel_test%20on%20NVIDIA%20GPU%20on%20Linux%20on%20Linux/logs/stdio

Original issue's description:
> Reland of "[heap] Fine-grained JSArrayBuffer tracking" (patchset #1 id:1 of https://codereview.chromium.org/2011563003/ )
>
> Reason for revert:
> Premature revert. Chromium roll included an earlier version.
>
> Original issue's description:
> > Revert of "[heap] Fine-grained JSArrayBuffer tracking" (patchset #3 id:80001 of https://codereview.chromium.org/2007253002/ )
> >
> > Reason for revert:
> > Breaks webgl2 conformance tests
> >   https://bugs.chromium.org/p/chromium/issues/detail?id=614730
> >
> > Original issue's description:
> > > Reland of "[heap] Fine-grained JSArrayBuffer tracking"
> > >
> > > Track based on JSArrayBuffer addresses on pages instead of the attached
> > > backing store.
> > >
> > > Details of tracking:
> > > - Scavenge: New space pages are processes in bulk on the main thread
> > > - MC: Unswept pages are processed in bulk in parallel. All other pages
> > >   are processed by the sweeper concurrently.
> > >
> > > This reverts commit 93fe04afa9.
> > >
> > > R=hpayer@chromium.org
> > > BUG=chromium:611688
> > > LOG=N
> > > CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel
> > >
> > > Committed: https://crrev.com/863d015e573798e263b35b31d2ab979739706533
> > > Cr-Commit-Position: refs/heads/master@{#36513}
> >
> > TBR=hpayer@chromium.org
> > # Skipping CQ checks because original CL landed less than 1 days ago.
> > NOPRESUBMIT=true
> > NOTREECHECKS=true
> > NOTRY=true
> > BUG=chromium:611688
> >
> > Committed: https://crrev.com/b9b0868ec49a52c9a80c9beea862a61707b292e5
> > Cr-Commit-Position: refs/heads/master@{#36524}
>
> TBR=hpayer@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=chromium:611688
>
> Committed: https://crrev.com/b23e008885c4c452ae2b329c9dad167a76e4d7be
> Cr-Commit-Position: refs/heads/master@{#36530}

TBR=hpayer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:611688

Review-Url: https://codereview.chromium.org/2009893003
Cr-Commit-Position: refs/heads/master@{#36531}
2016-05-25 21:21:15 +00:00
mlippautz
b23e008885 Reland of "[heap] Fine-grained JSArrayBuffer tracking" (patchset #1 id:1 of https://codereview.chromium.org/2011563003/ )
Reason for revert:
Premature revert. Chromium roll included an earlier version.

Original issue's description:
> Revert of "[heap] Fine-grained JSArrayBuffer tracking" (patchset #3 id:80001 of https://codereview.chromium.org/2007253002/ )
>
> Reason for revert:
> Breaks webgl2 conformance tests
>   https://bugs.chromium.org/p/chromium/issues/detail?id=614730
>
> Original issue's description:
> > Reland of "[heap] Fine-grained JSArrayBuffer tracking"
> >
> > Track based on JSArrayBuffer addresses on pages instead of the attached
> > backing store.
> >
> > Details of tracking:
> > - Scavenge: New space pages are processes in bulk on the main thread
> > - MC: Unswept pages are processed in bulk in parallel. All other pages
> >   are processed by the sweeper concurrently.
> >
> > This reverts commit 93fe04afa9.
> >
> > R=hpayer@chromium.org
> > BUG=chromium:611688
> > LOG=N
> > CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel
> >
> > Committed: https://crrev.com/863d015e573798e263b35b31d2ab979739706533
> > Cr-Commit-Position: refs/heads/master@{#36513}
>
> TBR=hpayer@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=chromium:611688
>
> Committed: https://crrev.com/b9b0868ec49a52c9a80c9beea862a61707b292e5
> Cr-Commit-Position: refs/heads/master@{#36524}

TBR=hpayer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:611688

Review-Url: https://codereview.chromium.org/2009383002
Cr-Commit-Position: refs/heads/master@{#36530}
2016-05-25 21:09:24 +00:00
lpy
636f1e8e59 Revert of Create libsampler as V8 sampler library. (patchset #24 id:460001 of https://codereview.chromium.org/1922303002/ )
Reason for revert:
V8 Linux64 TSAN failure because ThreadSanitizer indicated data race.

Original issue's description:
> Create libsampler as V8 sampler library.
>
> This patch does five things:
>
> 1. Extracts sampler as libsampler to provide sampling functionality support.
> 2. Makes SampleStack virtual so embedders can override the behaviour of sample collecting.
> 3. Removes sampler.[h|cc].
> 4. Moves sampling thread into log.cc as workaround to keep the --prof functionality.
> 5. Creates SamplerManager to manage the relationship between samplers and threads.
>
> The reason we port hashmap.h is that in debug mode, STL containers are using
> mutexes from a mutex pool, which may lead to deadlock when using asynchronously
> signal handler.
>
> Currently libsampler is used in V8 temporarily.
>
> BUG=v8:4789
> LOG=n
>
> Committed: https://crrev.com/06cc9b7c176a6223971deaa9fbcafe1a05058c7b
> Cr-Commit-Position: refs/heads/master@{#36527}

TBR=jochen@chromium.org,alph@chromium.org,fmeawad@chromium.org,yangguo@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4789

Review-Url: https://codereview.chromium.org/2000323007
Cr-Commit-Position: refs/heads/master@{#36529}
2016-05-25 20:23:33 +00:00
gsathya
91e2039df0 TypedArray: Make byteOffset, byteLength, and length configurable
Removes the DONT_DELETE enum bit from the properties to make them
configurable.

Also, updates the regress-typedarray-length test to --
- Check for true boolean return value on deletion of these
  properties.
- Check for undefined return value on trying to access these
  properties after deletion.

BUG=v8:4902
LOG=Y

Review-Url: https://codereview.chromium.org/2001393004
Cr-Commit-Position: refs/heads/master@{#36528}
2016-05-25 19:09:56 +00:00
lpy
06cc9b7c17 Create libsampler as V8 sampler library.
This patch does five things:

1. Extracts sampler as libsampler to provide sampling functionality support.
2. Makes SampleStack virtual so embedders can override the behaviour of sample collecting.
3. Removes sampler.[h|cc].
4. Moves sampling thread into log.cc as workaround to keep the --prof functionality.
5. Creates SamplerManager to manage the relationship between samplers and threads.

The reason we port hashmap.h is that in debug mode, STL containers are using
mutexes from a mutex pool, which may lead to deadlock when using asynchronously
signal handler.

Currently libsampler is used in V8 temporarily.

BUG=v8:4789
LOG=n

Review-Url: https://codereview.chromium.org/1922303002
Cr-Commit-Position: refs/heads/master@{#36527}
2016-05-25 19:06:45 +00:00
adamk
d84dbc7125 Make %ThrowTypeError% function(s) strict
Bootstrapper previously created %ThrowTypeError% before the strict
function maps existed, so making that function strict required a small
amount of code reordering.

This fixes a few test262 tests, but we're still non-compliant due to the
fact that we have two functions instead of one (see issue 4034).

BUG=v8:4925
LOG=y

Review-Url: https://codereview.chromium.org/2006733004
Cr-Commit-Position: refs/heads/master@{#36526}
2016-05-25 17:03:18 +00:00
bradnelson
cfb4d1e6d7 [wasm] Check that type intersections don't yield empty.
Intersection of types is used in several places,
if it yields the empty set, this indicates a type mismatch.
We should emit an error in this case.

Add the RECURSE() macro around IntersectResult to allow errors to propagate immediately.

BUG=614291
R=ahaas@chromium.org
TEST=asm-wasm
LOG=N

Review-Url: https://codereview.chromium.org/2011873002
Cr-Commit-Position: refs/heads/master@{#36525}
2016-05-25 16:33:49 +00:00
mlippautz
b9b0868ec4 Revert of "[heap] Fine-grained JSArrayBuffer tracking" (patchset #3 id:80001 of https://codereview.chromium.org/2007253002/ )
Reason for revert:
Breaks webgl2 conformance tests
  https://bugs.chromium.org/p/chromium/issues/detail?id=614730

Original issue's description:
> Reland of "[heap] Fine-grained JSArrayBuffer tracking"
>
> Track based on JSArrayBuffer addresses on pages instead of the attached
> backing store.
>
> Details of tracking:
> - Scavenge: New space pages are processes in bulk on the main thread
> - MC: Unswept pages are processed in bulk in parallel. All other pages
>   are processed by the sweeper concurrently.
>
> This reverts commit 93fe04afa9.
>
> R=hpayer@chromium.org
> BUG=chromium:611688
> LOG=N
> CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel
>
> Committed: https://crrev.com/863d015e573798e263b35b31d2ab979739706533
> Cr-Commit-Position: refs/heads/master@{#36513}

TBR=hpayer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:611688

Review-Url: https://codereview.chromium.org/2011563003
Cr-Commit-Position: refs/heads/master@{#36524}
2016-05-25 16:31:14 +00:00
titzer
3412af0b40 [wasm] Refactor encoder.h to use a proper buffer and remove OldFunctions section.
This removes the last use of the old_functions section, which greatly
simplifies encoding.

R=bradnelson@chromium.org,aseemgarg@chromium.org,mtrofin@chromium.org

BUG=

Review-Url: https://codereview.chromium.org/2014533003
Cr-Commit-Position: refs/heads/master@{#36523}
2016-05-25 16:13:50 +00:00
jyan
4a4f2537a3 PPC: [build] Fix a clang warning
Port a23222ed32

Original commit message:
    For cross-compiler-compatibility and standards compliance %p
    requires a void*, rather than any pointer type.

R=machenbach@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com
BUG=chromium:474921
LOG=N

Review-Url: https://codereview.chromium.org/2010743002
Cr-Commit-Position: refs/heads/master@{#36522}
2016-05-25 15:29:15 +00:00
hablich
7ceb910103 Revert of [gn] Add unittests (patchset #4 id:60001 of https://codereview.chromium.org/2011853002/ )
Reason for revert:
Speculative revert because of roll block:
https://codereview.chromium.org/2004203004/

Original issue's description:
> [gn] Add unittests
>
> BUG=chromium:474921
> NOTRY=true
>
> Committed: https://crrev.com/67e549ec5b34ad02506abb2720c6a0851ae31f5e
> Cr-Commit-Position: refs/heads/master@{#36510}

TBR=vogelheim@chromium.org,bmeurer@chromium.org,machenbach@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:474921

Review-Url: https://codereview.chromium.org/2004373005
Cr-Commit-Position: refs/heads/master@{#36521}
2016-05-25 15:21:07 +00:00
hablich
73db38c5c5 Revert of [gn] Add cctest (patchset #1 id:1 of https://codereview.chromium.org/2007143003/ )
Reason for revert:
Reason for revert:
Speculative revert because of roll block:
https://codereview.chromium.org/2004203004/

Original issue's description:
> [gn] Add cctest
>
> BUG=chromium:474921
> NOTRY=true
>
> Committed: https://crrev.com/52a6fced896e3f64ac56eb57bcdea78393642e0c
> Cr-Commit-Position: refs/heads/master@{#36517}

TBR=vogelheim@chromium.org,machenbach@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:474921

Review-Url: https://codereview.chromium.org/2008543007
Cr-Commit-Position: refs/heads/master@{#36520}
2016-05-25 15:21:06 +00:00
machenbach
52a6fced89 [gn] Add cctest
BUG=chromium:474921
NOTRY=true

Review-Url: https://codereview.chromium.org/2007143003
Cr-Commit-Position: refs/heads/master@{#36517}
2016-05-25 14:08:28 +00:00
yangguo
abdd1077e3 [json] support replacer function in BasicJsonStringifier.
R=cbruni@chromium.org

Committed: https://crrev.com/53d4594b849bed40d96389f00b6ce0ca1fff05bb
Cr-Commit-Position: refs/heads/master@{#36499}

Review-Url: https://codereview.chromium.org/2010533002
Cr-Commit-Position: refs/heads/master@{#36514}
2016-05-25 12:33:53 +00:00
mlippautz
863d015e57 Reland of "[heap] Fine-grained JSArrayBuffer tracking"
Track based on JSArrayBuffer addresses on pages instead of the attached
backing store.

Details of tracking:
- Scavenge: New space pages are processes in bulk on the main thread
- MC: Unswept pages are processed in bulk in parallel. All other pages
  are processed by the sweeper concurrently.

This reverts commit 93fe04afa9.

R=hpayer@chromium.org
BUG=chromium:611688
LOG=N
CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel

Review-Url: https://codereview.chromium.org/2007253002
Cr-Commit-Position: refs/heads/master@{#36513}
2016-05-25 12:11:08 +00:00
bmeurer
dd609a5d3d [turbofan] Remove the EmptyFrameState caching on JSGraph.
Caching nodes with mutable inputs is a bad idea and already blew up
twice now, so in order to avoid further breakage, let's kill the
EmptyFrameState caching on JSGraph completely and only cache the empty
state values there.

We can remove the hacking from JSTypedLowering completely once we have
the PlainPrimitiveToNumber in action.

R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2006423003
Cr-Commit-Position: refs/heads/master@{#36511}
2016-05-25 11:05:13 +00:00
machenbach
67e549ec5b [gn] Add unittests
BUG=chromium:474921
NOTRY=true

Review-Url: https://codereview.chromium.org/2011853002
Cr-Commit-Position: refs/heads/master@{#36510}
2016-05-25 10:52:46 +00:00
oth
31c77b13df [interpreter] Address naming inconsistencies in bytecodes.
BUG=v8:4280
LOG=N

Review-Url: https://codereview.chromium.org/2007023003
Cr-Commit-Position: refs/heads/master@{#36509}
2016-05-25 10:47:29 +00:00
bmeurer
a436e3ddaf [turbofan] Avoid unnecessary copying of nodes during inlining.
Previously we first created a temporary graph for the inlinee and then
copied over all the nodes to the actual graph. This however introduces
unnecessary complexity, and we can instead just create the inlinee
inside the target graph.

R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2006353003
Cr-Commit-Position: refs/heads/master@{#36508}
2016-05-25 10:07:06 +00:00
oth
25b3fe7961 [interpreter] Introduce fused bytecodes for common sequences.
This change introduces five fused bytecodes for common bytecode
sequences on popular websites. These are LdrNamedProperty,
LdrKeyedProperty, LdrGlobal, LdrContextSlot, and LdrUndefined. These
load values into a destination register operand instead of the
accumulator. They are emitted by the peephole optimizer.

BUG=v8:4280
LOG=N

Review-Url: https://codereview.chromium.org/1985753002
Cr-Commit-Position: refs/heads/master@{#36507}
2016-05-25 09:56:49 +00:00
mlippautz
93fe04afa9 Revert of "[heap] Fine-grained JSArrayBuffer tracking" (patchset #6 id:220001 of https://codereview.chromium.org/2005723005/ )
Reason for revert:
Breaking TSAN
  https://uberchromegw.corp.google.com/i/client.v8/builders/V8%20Linux64%20TSAN/builds/9741/steps/Ignition%20-%20turbofan%20%28flakes%29/logs/FixedUint32Array

Original issue's description:
> Reland of "[heap] Fine-grained JSArrayBuffer tracking"
>
> Track based on JSArrayBuffer addresses on pages instead of the attached
> backing store.
>
> Details of tracking:
> - Scavenge: New space pages are processes in bulk on the main thread
> - MC: Unswept pages are processed in bulk in parallel. All other pages
>   are processed by the sweeper concurrently.
>
> This reverts commit d2dff0320b.
>
> R=hpayer@chromium.org
> BUG=chromium:611688
> LOG=N
> CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel
>
> Committed: https://crrev.com/b5704bc1e6ba74c9ca975f5d58f5b2dc60261457
> Cr-Commit-Position: refs/heads/master@{#36495}

TBR=hpayer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:611688

Review-Url: https://codereview.chromium.org/2011863002
Cr-Commit-Position: refs/heads/master@{#36504}
2016-05-25 09:38:58 +00:00
cbruni
667188b1a7 Reland of [keys] Simplify KeyAccumulator (patchset #1 id:1 of https://codereview.chromium.org/2010593002/ )
Reason for revert:
relanding, fixed handle dereferencing

Original issue's description:
> Revert of [keys] Simplify KeyAccumulator (patchset #15 id:280001 of https://codereview.chromium.org/1995263002/ )
>
> Reason for revert:
> https://build.chromium.org/p/client.v8/builders/V8%20Mac%20GC%20Stress/builds/6248
>
> Original issue's description:
> > [keys] Simplify KeyAccumulator
> >
> > - Use KeyAccumulator::GetKeys directly instead of JSReceiver::GetKeys
> > - Revert KeyAccumulator to single OrderedHashSet implementation.
> > - Convert the OrderedHashSet in-place to a FixedArray
> > - IndexedInterceptor indices are no longer combined and sorted with the object indices
> >
> > BUG=
> >
> > Committed: https://crrev.com/d3324df017046bcde247a5aef6d1b59bfae5908f
> > Cr-Commit-Position: refs/heads/master@{#36485}
>
> TBR=jkummerow@chromium.org,verwaest@chromium.org,cbruni@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=
>
> Committed: https://crrev.com/893524b53d43df63bca6cb9b7244d21771fadb0b
> Cr-Commit-Position: refs/heads/master@{#36486}

TBR=jkummerow@chromium.org,verwaest@chromium.org,machenbach@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review-Url: https://codereview.chromium.org/2014523002
Cr-Commit-Position: refs/heads/master@{#36502}
2016-05-25 09:13:54 +00:00
titzer
e4bb7ff96c [wasm] Implement an interpreter for WASM.
This interpreter directly decodes and executes WASM binary code for
the purpose of supporting low-level debugging. It is not currently
integrated into the main WASM implementation.

R=ahaas@chromium.org,clemensh@chromium.org,rossberg@chromium.org,binji@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/1972153002
Cr-Commit-Position: refs/heads/master@{#36497}
2016-05-25 08:33:10 +00:00
mlippautz
39d08198bd [heap] Fix PromotionQueue test for smaller page size
R=hpayer@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2009793002
Cr-Commit-Position: refs/heads/master@{#36496}
2016-05-25 08:15:41 +00:00
mlippautz
b5704bc1e6 Reland of "[heap] Fine-grained JSArrayBuffer tracking"
Track based on JSArrayBuffer addresses on pages instead of the attached
backing store.

Details of tracking:
- Scavenge: New space pages are processes in bulk on the main thread
- MC: Unswept pages are processed in bulk in parallel. All other pages
  are processed by the sweeper concurrently.

This reverts commit d2dff0320b.

R=hpayer@chromium.org
BUG=chromium:611688
LOG=N
CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel

Review-Url: https://codereview.chromium.org/2005723005
Cr-Commit-Position: refs/heads/master@{#36495}
2016-05-25 07:29:02 +00:00
caitpotter88
38c6fb82f3 [test] add debugger scopes testing for async functions
BUG=v8:4483
R=littledan@chromium.org, yangguo@chromium.org

Review-Url: https://codereview.chromium.org/2005613002
Cr-Commit-Position: refs/heads/master@{#36489}
2016-05-24 18:43:51 +00:00
adamk
36275367da Reorder test262.status slightly to blame the correct bug for Function.name
R=littledan@chromium.org

Review-Url: https://codereview.chromium.org/2007703003
Cr-Commit-Position: refs/heads/master@{#36487}
2016-05-24 17:48:49 +00:00
machenbach
893524b53d Revert of [keys] Simplify KeyAccumulator (patchset #15 id:280001 of https://codereview.chromium.org/1995263002/ )
Reason for revert:
https://build.chromium.org/p/client.v8/builders/V8%20Mac%20GC%20Stress/builds/6248

Original issue's description:
> [keys] Simplify KeyAccumulator
>
> - Use KeyAccumulator::GetKeys directly instead of JSReceiver::GetKeys
> - Revert KeyAccumulator to single OrderedHashSet implementation.
> - Convert the OrderedHashSet in-place to a FixedArray
> - IndexedInterceptor indices are no longer combined and sorted with the object indices
>
> BUG=
>
> Committed: https://crrev.com/d3324df017046bcde247a5aef6d1b59bfae5908f
> Cr-Commit-Position: refs/heads/master@{#36485}

TBR=jkummerow@chromium.org,verwaest@chromium.org,cbruni@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review-Url: https://codereview.chromium.org/2010593002
Cr-Commit-Position: refs/heads/master@{#36486}
2016-05-24 17:37:41 +00:00
cbruni
d3324df017 [keys] Simplify KeyAccumulator
- Use KeyAccumulator::GetKeys directly instead of JSReceiver::GetKeys
- Revert KeyAccumulator to single OrderedHashSet implementation.
- Convert the OrderedHashSet in-place to a FixedArray
- IndexedInterceptor indices are no longer combined and sorted with the object indices

BUG=

Review-Url: https://codereview.chromium.org/1995263002
Cr-Commit-Position: refs/heads/master@{#36485}
2016-05-24 16:41:19 +00:00
mtrofin
6b8d17e325 [wasm] globals size is not a per-instance property.
Moved globals offsets calculation to the wasm module decoder, since
this is a property of the module, not of each instance.

Qualified as "const" references to WasmModule outside of the decoder
and some test situations.

BUG=

Review-Url: https://codereview.chromium.org/2005933003
Cr-Commit-Position: refs/heads/master@{#36484}
2016-05-24 16:33:49 +00:00
epertoso
0d22e7e46a [x64/ia32] Deal with the non-transitivity of InstructionSelector::CanCover() when folding loads into branches.
Sequences like:

1: Load[kRepWord32|kTypeInt32](<address>, ...)
2: Word32And(1, <constant>)
3: Word32Equal(2, <another constant>)
4: Store[(kRepWord32 : NoWriteBarrier)](<address>, <value>)
5: Branch[None](3, ...) -> B1, B2

where #1 and #4 refer to the same memory location, are problematic because in VisitBranch we assume that 'InstructionSelector::CanCover()' is transitive.

What happens is that CanCover(5, 3) is true (3 is a pure op), and so are CanCover(3, 2), CanCover(2, 1), but the effect level of 5 and 3 never gets checked because 3 is a pure op. Upon VisitBranch, we ended up materializing:

mov [address], <value>
test [address], <another constant>

With this patch, it becomes:

mov reg, [address]
mov [address], <value>
test reg, <another constant>

BUG=chromium:611976

Review-Url: https://codereview.chromium.org/2008493002
Cr-Commit-Position: refs/heads/master@{#36482}
2016-05-24 16:11:39 +00:00
mstarzinger
7ca1f80d31 [runtime] Fix number of literals for builtin functions.
This fixes the SharedFunctionInfo::num_literals field for global builtin
functions (e.g. {Object} and friends) to be accurate. The field was not
being updated by Runtime_SetCode. It also removes the dangerous and by
now obsolete JSFunction::NumberOfLiterals accessor.

R=mvstanton@chromium.org

Review-Url: https://codereview.chromium.org/2007943002
Cr-Commit-Position: refs/heads/master@{#36480}
2016-05-24 15:12:58 +00:00
yangguo
fb8e0ab3ee [json] support property list argument in BasicJsonStringifier.
R=cbruni@chromium.org

Review-Url: https://codereview.chromium.org/2004413002
Cr-Commit-Position: refs/heads/master@{#36478}
2016-05-24 13:56:47 +00:00
rmcilroy
5c602c6fcc [Interpreter] Make lazy compilation the default.
BUG=v8:4280,v8:5038
LOG=N

Review-Url: https://codereview.chromium.org/2007453002
Cr-Commit-Position: refs/heads/master@{#36476}
2016-05-24 12:52:50 +00:00
mvstanton
a6ddbef064 Collect call counts for constructor calls, too.
The TurboFan inliner makes use of these counts.

BUG=

Review-Url: https://codereview.chromium.org/1969783002
Cr-Commit-Position: refs/heads/master@{#36472}
2016-05-24 11:53:45 +00:00
jgruber
9ffedb50d5 Remove inessential functions from the JS Script class
Moved functionality of Script.{lineCount, lineFromPosition, sourceLine,
locationFromLine, and sourceSlice} into runtime functions.

R=yangguo@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2003303002
Cr-Commit-Position: refs/heads/master@{#36469}
2016-05-24 11:41:21 +00:00
neis
ccb24b8488 [generators] Fix loading of FormalParameterCount on 64bit archs.
BUG=v8:4907

Review-Url: https://codereview.chromium.org/2006653003
Cr-Commit-Position: refs/heads/master@{#36467}
2016-05-24 11:04:27 +00:00
machenbach
a23222ed32 [build] Fix a clang warning
For cross-compiler-compatibility and standards compliance %p
requires a void*, rather than any pointer type.

BUG=chromium:474921

Review-Url: https://codereview.chromium.org/2001073002
Cr-Commit-Position: refs/heads/master@{#36466}
2016-05-24 10:47:24 +00:00
mlippautz
d2dff0320b Revert of [heap] Fine-grained JSArrayBuffer tracking (patchset #19 id:770001 of https://codereview.chromium.org/1964023002/ )
Reason for revert:
Revert it.

Original issue's description:
> [heap] Fine-grained JSArrayBuffer tracking
>
> Track based on JSArrayBuffer addresses instead of the attached backing store.
> This way we can later on iterate buffers on a single page. The reland also
> switches to a page-based implementation where a page contains the set of its
> contained (live and dead) buffers.
>
> Details of tracking:
> - Scavenge: New space pages are processes in bulk on the main thread
> - MC: Unswept pages are processed in bulk in parallel. All other pages
>   are processed by the sweeper concurrently.
>
> BUG=chromium:611688
> LOG=N
> CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel
>
> Committed: https://crrev.com/b2d8bfc7931eef49d527605ba485950dea41cde3
> Cr-Commit-Position: refs/heads/master@{#36437}

TBR=hpayer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:611688

Review-Url: https://codereview.chromium.org/2006183003
Cr-Commit-Position: refs/heads/master@{#36461}
2016-05-24 07:22:02 +00:00
jgruber
94ad3b1826 Refactor script position calculation
Script position calculation logic (i.e. line & column numbers for a
given code position) is now based on a single method
Script::GetPositionInfo(). Refactored related code in isolate.cc and
js/messages.js to use the new method. The line_ends accessor is still
in use by chromium and thus cannot be removed yet.

R=yangguo@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2002993002
Cr-Commit-Position: refs/heads/master@{#36458}
2016-05-24 06:42:30 +00:00
adamk
b36269543f Mark regexp regression test as failing on noi18n
TBR=yangguo@chromium.org
BUG=v8:5036
NOTRY=true
NOTREECHECKS=true
NOPRESUBMIT=true

Review-Url: https://codereview.chromium.org/2006133002
Cr-Commit-Position: refs/heads/master@{#36454}
2016-05-23 23:25:59 +00:00
yangguo
5d93296a5c [regexp] fix /ui regexp desugaring for text nodes.
R=littledan@chromium.org
BUG=v8:5036

Review-Url: https://codereview.chromium.org/2005753003
Cr-Commit-Position: refs/heads/master@{#36453}
2016-05-23 22:23:43 +00:00
Adam Klein
b5ab8cc530 Skip mjsunit/harmony/generators-turbo on arm64 debug sim
It seems to fail in nosnap mode, and runs very slowly with snapshot, so
skipping for now to get the tree green.

TBR=neis@chromium.org
BUG=v8:4907

Review URL: https://codereview.chromium.org/2000313002 .

Cr-Commit-Position: refs/heads/master@{#36452}
2016-05-23 21:31:11 +00:00
danno
f43aa0bc6c [turbofan] Correctly call ArrayNoArgumentConstructor stub from TF code
BUG=chromium:612412
LOG=N

Review-Url: https://codereview.chromium.org/1999783004
Cr-Commit-Position: refs/heads/master@{#36448}
2016-05-23 16:44:13 +00:00
neis
1292721f92 [turbofan] Intrinsic-lowering for GeneratorGetInput and GeneratorGetResumeMode.
Also use the inlined version of CreateIterResultObject in Ignition's VisitYield.

BUG=v8:4907
TBR=littledan@chromium.org

Review-Url: https://codereview.chromium.org/2006613002
Cr-Commit-Position: refs/heads/master@{#36444}
2016-05-23 14:22:54 +00:00
neis
0fd18acb9b [generators] Get better clusterfuzz coverage.
Duplicate mjsunit/harmony/generators.js but explicitly require
--turbo-from-bytecode such that Clusterfuzz can thoroughly test the
new generators implementation.

BUG=v8:4907

Review-Url: https://codereview.chromium.org/2002983002
Cr-Commit-Position: refs/heads/master@{#36441}
2016-05-23 13:57:46 +00:00
mstarzinger
3cc2adb319 [deoptimizer] Fix materialization of sloppy arguments.
This makes sure the deoptimizer can materialize sloppy arguments objects
with the FAST_SLOPPY_ARGUMENTS_ELEMENTS elements kind. TurboFan's escape
analysis treates those as normal JSObject types and hence materializes
them differently than Crankshaft does.

R=verwaest@chromium.org
TEST=mjsunit/regress/regress-crbug-613919
BUG=chromium:613919

Review-Url: https://codereview.chromium.org/2001133002
Cr-Commit-Position: refs/heads/master@{#36440}
2016-05-23 13:52:35 +00:00
oth
e43fbde72b [Interpreter] Preserve source positions in peephole optimizer.
The original peephole optimizer logic in the BytecodeArrayBuilder did
not respect source positions as it was written before there were
bytecode source positions. This led to some minor differences to
FCG and was problematic when combined with pending bytecode
optimizations. This change makes the new peephole optimizer fully
respect source positions.

BUG=v8:4280
LOG=N

Review-Url: https://codereview.chromium.org/1998203002
Cr-Commit-Position: refs/heads/master@{#36439}
2016-05-23 13:33:20 +00:00
mlippautz
b2d8bfc793 [heap] Fine-grained JSArrayBuffer tracking
Track based on JSArrayBuffer addresses instead of the attached backing store.
This way we can later on iterate buffers on a single page. The reland also
switches to a page-based implementation where a page contains the set of its
contained (live and dead) buffers.

Details of tracking:
- Scavenge: New space pages are processes in bulk on the main thread
- MC: Unswept pages are processed in bulk in parallel. All other pages
  are processed by the sweeper concurrently.

BUG=chromium:611688
LOG=N
CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel

Review-Url: https://codereview.chromium.org/1964023002
Cr-Commit-Position: refs/heads/master@{#36437}
2016-05-23 11:21:49 +00:00
mstarzinger
dbd7d5a59f [turbofan] Skip data-flow analysis of code entry field.
This makes escape analysis skip analyzing the code entry field within
JSFunction objects. Said field is an untagged pointer field and hence
cannot be tracked by an ObjectState node.

R=jarin@chromium.org
TEST=mjsunit/regress/regress-crbug-613494
BUG=chromium:613494

Review-Url: https://codereview.chromium.org/1997353002
Cr-Commit-Position: refs/heads/master@{#36436}
2016-05-23 10:40:29 +00:00
yangguo
46aeb2aed8 [json] fix encoding change for two-byte gap strings.
R=mstarzinger@chromium.org
BUG=chromium:613570

Review-Url: https://codereview.chromium.org/1997003002
Cr-Commit-Position: refs/heads/master@{#36433}
2016-05-23 09:18:58 +00:00
ishell
a7a14fdebc [runtime] Don't crash when trying to access manually constructed CallSite object.
... but hit the runtime assert instead.
|
| Runtime error in ../src/runtime/runtime-internal.cc, line 409
|
| call_site.IsJavaScript() || call_site.IsWasm()
|

BUG=chromium:613905
LOG=N

Review-Url: https://codereview.chromium.org/2006603002
Cr-Commit-Position: refs/heads/master@{#36430}
2016-05-23 09:01:29 +00:00
bmeurer
cc71837fda [builtins] Migrate String.fromCharCode to C++.
The previous JavaScript version created way too many ConsStrings for
longer strings, i.e. when using String.fromCharCode together with
Function.prototype.apply and arrays of char codes.

This version now always allocates sequential strings and therefore uses
way less memory when turning longer character sequences into strings,
and therefore fixes the memory regression on Google Maps.

BUG=chromium:609831
R=yangguo@chromium.org

Review-Url: https://codereview.chromium.org/2004733002
Cr-Commit-Position: refs/heads/master@{#36427}
2016-05-21 16:59:59 +00:00
danno
2ca36cc33c [stubs] Fix hole-related double bug in ArrayNoArgumentConstructor
BUG=chromium:613796
LOG=N

Review-Url: https://codereview.chromium.org/2002813002
Cr-Commit-Position: refs/heads/master@{#36425}
2016-05-21 09:54:38 +00:00
ivica.bogosavljevic
ff2bd0fdcb Implement UnalignedLoad and UnalignedStore in WASM using
combination of LoadByte/Shift/Or and StoreByte/Shift/And.

BUG=

Review-Url: https://codereview.chromium.org/1928513002
Cr-Commit-Position: refs/heads/master@{#36422}
2016-05-20 17:50:51 +00:00
neis
b3bfc0bd58 [interpreter] Fix source position of yield-exceptions in generators.
R=rmcilroy@chromium.org
BUG=v8:4907,v8:5027

Review-Url: https://codereview.chromium.org/1995303002
Cr-Commit-Position: refs/heads/master@{#36421}
2016-05-20 17:50:50 +00:00
pgorszkowski
7afd712ae0 Invalidate defaultObjects if timezone changes
In case of calling 'toLocaleString', 'toLocaleTimeString' and
'toLocaleDateString' functions of 'Date' with empty 'locales' and
'options', DateTimeFormat is cached inside 'defaultObjects'.
If we change the timezone the cache is not invalidated.

BUG=v8:5022
TEST=cctest:DateCacheVersion. See the bug
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_noi18n_rel_ng

Review-Url: https://codereview.chromium.org/1985423003
Cr-Commit-Position: refs/heads/master@{#36420}
2016-05-20 17:47:45 +00:00
jkummerow
43547df9c7 [crankshaft] Don't inline "dont_crankshaft" functions
Crankshaft shouldn't try to inline functions it knows it can't handle.

BUG=v8:5033

Review-Url: https://codereview.chromium.org/2000703002
Cr-Commit-Position: refs/heads/master@{#36417}
2016-05-20 15:20:15 +00:00
titzer
767c34dfae Revert of [turbofan] Take the immediate size in account when narrowing ia32/x64 word comparison operators. (patchset #1 id:1 of https://codereview.chromium.org/1968453002/ )
Reason for revert:
Breaks a KCS demo:

BUG=chromium:611976

Original issue's description:
> [turbofan] Take the immediate size in account when narrowing ia32/x64 word comparison operators.
>
> Trying to re-land http://crrev.com/1948453002 after fixing assembler-x64.cc in http://crrev.com/1962563003.
>
> Before this patch, we would emit a cmp or test with a memory operand only if both of the operands in the IR were loads. Now if either of them is a load and the other one is an immediate, we can use a memory operand if the load representation machine size is wide enough to represent the latter.
>
> Committed: https://crrev.com/2da70f853d7f680d491c37c72d5ef04a85497ba9
> Cr-Commit-Position: refs/heads/master@{#36136}

TBR=bmeurer@chromium.org,epertoso@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.

Review-Url: https://codereview.chromium.org/1995303003
Cr-Commit-Position: refs/heads/master@{#36413}
2016-05-20 14:09:46 +00:00
mlippautz
fdd9f6b92d [heap] Harden heap-related cctests
- Move usable functions into proper heap-utils.h/.cc files and remove
  utils-inl.h file
- Fix assumptions accross the board relying on certain behavior that is not
  invariant

This is a requirement for modifying page size.

BUG=chromium:581412
LOG=N
R=ulan@chromium.org

Review-Url: https://codereview.chromium.org/1999753002
Cr-Commit-Position: refs/heads/master@{#36410}
2016-05-20 13:32:50 +00:00
yangguo
a19404f04a [json] handle proxies in BasicJsonSerializer.
R=cbruni@chromium.org

Review-Url: https://codereview.chromium.org/1994183002
Cr-Commit-Position: refs/heads/master@{#36409}
2016-05-20 13:20:19 +00:00
mvstanton
b71f1cc2f4 Bugfix: Crankshaft array literals with incorrect values.
In VisitArrayLiteral(), we stopped creating boilerplates during
 compilation. This created a bug, because we'd emit an HStoreKeyed with an
 ElementsKind based on the initial elements kind of the boilerplate. Since
 boilerplates may transition as part of elements transition feedback, this can
 lead to incorrect values (storing a smi in a double array).

BUG=chromium:606021

Review-Url: https://codereview.chromium.org/2000673002
Cr-Commit-Position: refs/heads/master@{#36408}
2016-05-20 13:07:52 +00:00
jkummerow
80b936ae0d [build] Fix d8-for-Android builds
Review-Url: https://codereview.chromium.org/2003513002
Cr-Commit-Position: refs/heads/master@{#36406}
2016-05-20 12:10:45 +00:00
caitpotter88
239309fc8f [heap] don't flush async functions, they may be resumed later
BUG=v8:4483
R=littledan@chromium.org, hpayer@chromium.org, mstarzinger@chromium.org, ulan@chromium.org

Review-Url: https://codereview.chromium.org/1992093003
Cr-Commit-Position: refs/heads/master@{#36405}
2016-05-20 12:07:51 +00:00
machenbach
2f8a0077ae Revert of Refactor script position calculation (patchset #3 id:40001 of https://codereview.chromium.org/2003483002/ )
Reason for revert:
Crashes gc stress with custom snapshot:
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/5763

Original issue's description:
> Refactor script position calculation
>
> Script position calculation logic (i.e. line & column numbers for a
> given code position) is now based on a single method
> Script::GetPositionInfo(). Refactored related code in isolate.cc and
> js/messages.js to use the new method. The line_ends accessor is still
> in use by chromium and thus cannot be removed yet.
>
> R=yangguo@chromium.org
> BUG=
>
> Committed: https://crrev.com/2f3879d54633c4076d38e9fc85b6e2e157c61548
> Cr-Commit-Position: refs/heads/master@{#36398}

TBR=yangguo@chromium.org,jgruber@chromium.org,jgruber@google.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review-Url: https://codereview.chromium.org/1995323002
Cr-Commit-Position: refs/heads/master@{#36403}
2016-05-20 10:49:37 +00:00
neis
b3ae02e8e4 [turbofan] Implement intrinsic lowering of %_GeneratorClose.
Also change parser to insert %_GeneratorClose instead of %GeneratorClose.
Full-codegen generators will fall back to the runtime function.

BUG=v8:4907

Review-Url: https://codereview.chromium.org/1993073003
Cr-Commit-Position: refs/heads/master@{#36401}
2016-05-20 09:41:23 +00:00
jgruber
2f3879d546 Refactor script position calculation
Script position calculation logic (i.e. line & column numbers for a
given code position) is now based on a single method
Script::GetPositionInfo(). Refactored related code in isolate.cc and
js/messages.js to use the new method. The line_ends accessor is still
in use by chromium and thus cannot be removed yet.

R=yangguo@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2003483002
Cr-Commit-Position: refs/heads/master@{#36398}
2016-05-20 09:00:17 +00:00
mtrofin
ec2c5a037a Cleanup: shared isolate
BUG=

Review-Url: https://codereview.chromium.org/1993233002
Cr-Commit-Position: refs/heads/master@{#36394}
2016-05-20 08:05:39 +00:00
verwaest
584386a2d9 Make sure only toStringTag is used for Object.prototype.toString with JSON / Math
BUG=

Review-Url: https://codereview.chromium.org/1992153002
Cr-Commit-Position: refs/heads/master@{#36393}
2016-05-20 08:00:36 +00:00
yangguo
e17c68c493 [JSON] implement indentation in the BasicJsonStringifier and expose via API.
R=jochen@chromium.org, verwaest@chromium.org

Review-Url: https://codereview.chromium.org/1922603006
Cr-Commit-Position: refs/heads/master@{#36392}
2016-05-20 07:58:02 +00:00
binji
d208cdd7f1 Add {lda,stl}x?r{,b,h} instructions to ARM64 assembler/disassembler
They are not currently implemented by the ARM64 simulator.

R=jarin@chromium.org, bmeurer@chromium.org

Review-Url: https://codereview.chromium.org/1990073002
Cr-Commit-Position: refs/heads/master@{#36385}
2016-05-19 20:10:05 +00:00
bradnelson
fd39fdc5fb Adding x64 simd assembler support.
Based on assembler changes from this patch:
https://codereview.chromium.org/90643003/

BUG=https://bugs.chromium.org/p/v8/issues/detail?id=4124
R=titzer@chromium.org,bbudge@chromium.org
LOG=N

Review-Url: https://codereview.chromium.org/1994083003
Cr-Commit-Position: refs/heads/master@{#36383}
2016-05-19 19:54:03 +00:00
adamk
de7d47e22f Remove now-incorrect DataView accessor optimization
In ES2015, the "byteLength" and "byteOffset" properties of DataViews are
getters on the prototype, so the previously-used strategy of special-casing
them using only the receiver map is invalid.

A future CL will need to use the same strategy which will be taken for
TypedArray "length", "byteLength", and "byteOffset": adding a prototype
chain check.

BUG=v8:5018, chromium:593634

Review-Url: https://codereview.chromium.org/1984043002
Cr-Commit-Position: refs/heads/master@{#36382}
2016-05-19 19:49:35 +00:00
pierre.langlois
11b661f414 [turbofan] ARM: Support shifted indexes in loads and stores
This patch is a follow up to https://codereview.chromium.org/1972103002/
adding support for the `Operand_R_LSL_I` addressing mode to loads and
stores for ARM.

Just as the ARM64 implementation, the shift + load/store pattern is only
really relevant to the interpreter. For this reason, this patch does not
add support for the other addressing modes (`R_LSR_I`, `R_ASR_I` and
`R_ROR_I`) as I haven't seen those pattern being generated. Additionally,
the optimization is restricted 32 bit loads and stores.

kind = BYTECODE_HANDLER
name = Star
compiler = turbofan
Instructions (size = 40)
0x22a5f860     0  e2851001       add r1, r5, #1
0x22a5f864     4  e19610d1       ldrsb r1, [r6, +r1]
0x22a5f868     8  e1a0200b       mov r2, fp
0x22a5f86c    12  e7820101       str r0, [r2, +r1, lsl #2]
                                 ^^^^^^^^^^^^^^^^^^^^^^^^^
0x22a5f870    16  e2855002       add r5, r5, #2
0x22a5f874    20  e7d61005       ldrb r1, [r6, +r5]
0x22a5f878    24  e7981101       ldr r1, [r8, +r1, lsl #2]
                                 ^^^^^^^^^^^^^^^^^^^^^^^^^
0x22a5f87c    28  e12fff11       bx r1

BUG=

Review-Url: https://codereview.chromium.org/1974263002
Cr-Commit-Position: refs/heads/master@{#36381}
2016-05-19 19:18:25 +00:00
binji
4d0ea36c0d Add ldrex and strex instructions to ARM assembler/disassmbler
R=jarin@chromium.org,bmeurer@chromium.org

Review-Url: https://codereview.chromium.org/1993033002
Cr-Commit-Position: refs/heads/master@{#36380}
2016-05-19 19:13:12 +00:00
jshin
67d393a3de Move case conversion with ICU to 'staged'.
Move it to HARMONY_STAGED from HARMONY_INPROGRESS.

Update test262.status now that case mapping tests are passing with
'--harmony' specified.

BUG=v8:4476,v8:4477
LOG=Y
TEST=test262/{built-ins,intl402}/Strings/*, webkit/fast/js/*,
     mjsunit/string-case, intl/general/case*
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_noi18n_rel_ng

Review-Url: https://codereview.chromium.org/1990083002
Cr-Commit-Position: refs/heads/master@{#36379}
2016-05-19 18:53:29 +00:00
jacob.bramley
feeaac4061 [arm] Remove CpuFeature::MLS.
The MLS instruction is available in all ARMv7 devices, and in no ARMv6
devices, aside from the usual ARMv6T2 caveat. We don't need a separate
feature flag for it.

BUG=

Review-Url: https://codereview.chromium.org/1988133004
Cr-Commit-Position: refs/heads/master@{#36378}
2016-05-19 18:04:28 +00:00
mlippautz
b114df1d4c [heap] Bundle platform-specific constants for CodeRange
- Removing null checks as we always have the CodeRange object (it might be
  invalid, but it's there)
- Account for reserved area (Win64) in SetUp so we the caller doesn't need to be
  aware of it

R=ulan@chromium.org

Review-Url: https://codereview.chromium.org/1991253002
Cr-Commit-Position: refs/heads/master@{#36377}
2016-05-19 17:54:41 +00:00
danno
cbdb373804 [turbofan] Add FixedArray peephole optimizations to CodeStubAssembler
Previously, CodeStubAssembler macros performing FixedArray element accesses had
to compute offsets to elements explicitly with a fair amount of duplicated
code. Furthermore, any peephole optimizations that could produce better code--
like recognizing constant indices or combining array index computation with Smi
untagging--were also duplicated.

This change factors the code to compute FixedArray index offsets into a common
routine in the CodeStubAssembler that applies standard peephole optimizations to
all accesses. In order to do this, it also introduces limited introspection into
the up-until-now opaque Node* type exported from code-assembler.h, allowing
Nodes to be queried whether they are constant and extracting their constant
value in that case.

Review-Url: https://codereview.chromium.org/1989363004
Cr-Commit-Position: refs/heads/master@{#36370}
2016-05-19 15:50:31 +00:00
machenbach
ad7939e71d Revert of [test] add tests for async function stacktraces (patchset #1 id:1 of https://codereview.chromium.org/1995723004/ )
Reason for revert:
Breaks gc stress:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20gc%20stress/builds/3575

Original issue's description:
> [test] add tests for async function stacktraces
>
> BUG=v8:4483
> R=littledan@chromium.org
>
> Committed: https://crrev.com/02f228eccdfcfab4081c2494ade52e54702b692c
> Cr-Commit-Position: refs/heads/master@{#36365}

TBR=littledan@chromium.org,caitpotter88@gmail.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4483

Review-Url: https://codereview.chromium.org/1997453004
Cr-Commit-Position: refs/heads/master@{#36369}
2016-05-19 14:51:41 +00:00
machenbach
3f6b081aa0 Revert of Refactor script position calculation (patchset #6 id:100001 of https://codereview.chromium.org/1986173002/ )
Reason for revert:
Breaks layout tests:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/6896

Original issue's description:
> Refactor script position calculation
>
> Script position calculation logic (i.e. line & column numbers for a
> given code position) is now based on a single method
> Script::GetPositionInfo(). Refactored related code in isolate.cc and
> js/messages.js to use the new method and removed the line_ends JS
> accessor.
>
> R=yangguo@chromium.org
> BUG=
>
> Committed: https://crrev.com/c04d547298ce4fd425ef1eaa9b02ad1e177918dc
> Cr-Commit-Position: refs/heads/master@{#36359}

TBR=yangguo@chromium.org,jgruber@google.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review-Url: https://codereview.chromium.org/1994973002
Cr-Commit-Position: refs/heads/master@{#36368}
2016-05-19 13:54:58 +00:00
caitpotter88
02f228eccd [test] add tests for async function stacktraces
BUG=v8:4483
R=littledan@chromium.org

Review-Url: https://codereview.chromium.org/1995723004
Cr-Commit-Position: refs/heads/master@{#36365}
2016-05-19 13:29:57 +00:00
yangguo
806739279a [serializer] fix deserializing cell targets in code.
R=mtrofin@chromium.org

Review-Url: https://codereview.chromium.org/1989203004
Cr-Commit-Position: refs/heads/master@{#36363}
2016-05-19 13:10:23 +00:00
rmcilroy
f241a61a34 [Interpreter] Support compiling for baseline on return from interpreted function.
We cannot tier up from interpreted to baseline code when there is an
activation of the function on the stack. This significantly regresses
the performance of recursive functions since they are unlikely to get
tiered up.

This CL adds the ability for a function to be marked for baseline
compilation when it returns. To do this we patch the
InterpreterEntryTrampoline return address to point to
InterpreterMarkBaselineOnReturn, which leaves the
interpreted frame and recompile the function for
baseline.

This improves the score of EarlyBoyer by ~8x for Ignition.

BUG=v8:4280
LOG=N

Review-Url: https://codereview.chromium.org/1965343002
Cr-Commit-Position: refs/heads/master@{#36360}
2016-05-19 12:28:54 +00:00
jgruber
c04d547298 Refactor script position calculation
Script position calculation logic (i.e. line & column numbers for a
given code position) is now based on a single method
Script::GetPositionInfo(). Refactored related code in isolate.cc and
js/messages.js to use the new method and removed the line_ends JS
accessor.

R=yangguo@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/1986173002
Cr-Commit-Position: refs/heads/master@{#36359}
2016-05-19 12:23:34 +00:00
clemensh
452b7f2483 [wasm] Clean up test case
R=titzer@chromium.org, yangguo@chromium.org

Review-Url: https://codereview.chromium.org/1961453002
Cr-Commit-Position: refs/heads/master@{#36354}
2016-05-19 09:20:49 +00:00
machenbach
479de28c3a Revert of Adding ia32 simd assembler changes. (patchset #2 id:20001 of https://codereview.chromium.org/1991713002/ )
Reason for revert:
Crashes on win32 debug:
https://build.chromium.org/p/client.v8/builders/V8%20Win32%20-%20debug/builds/2305/steps/Check/logs/stdio

Also, would be nice if the test output could be a bit shorter and only print what's necessary to trace a failure. Or split things into more smaller tests. Like that, these logs must be processed, json-encoded/decoded and sent around through the infrastructure.

Some chars in the output make the json encoder unhappy, therefore the infrastructure can't nicely display the failures.

Original issue's description:
> Adding ia32 simd assembler support.
>
> Based on assembler changes from this patch:
> https://codereview.chromium.org/90643003/
>
> BUG=https://bugs.chromium.org/p/v8/issues/detail?id=4124
> R=titzer@chromium.org
> LOG=N
>
> Committed: https://crrev.com/fbf58a5af1d07a7fbb3763aa15f8ba26e2ce7d11
> Cr-Commit-Position: refs/heads/master@{#36349}

TBR=bbudge@chromium.org,titzer@chromium.org,gdeepti@chromium.org,aseemgarg@chromium.org,bradnelson@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=https://bugs.chromium.org/p/v8/issues/detail?id=4124

Review-Url: https://codereview.chromium.org/1992163002
Cr-Commit-Position: refs/heads/master@{#36353}
2016-05-19 08:58:18 +00:00
bradnelson
fbf58a5af1 Adding ia32 simd assembler support.
Based on assembler changes from this patch:
https://codereview.chromium.org/90643003/

BUG=https://bugs.chromium.org/p/v8/issues/detail?id=4124
R=titzer@chromium.org
LOG=N

Review-Url: https://codereview.chromium.org/1991713002
Cr-Commit-Position: refs/heads/master@{#36349}
2016-05-19 08:04:10 +00:00
clemensh
3596cac87e [wasm] Differentiate unnamed and empty names
Empty function names are allowed and are output as such, unnamed
functions or functions with no valid UTF-8 name are output as
"<WASM UNNAMED>", while the CallSite object returns null as the
function name.

R=titzer@chromium.org, yangguo@chromium.org

Review-Url: https://codereview.chromium.org/1970503004
Cr-Commit-Position: refs/heads/master@{#36348}
2016-05-19 07:54:07 +00:00
zhengxing.li
9cf93e1c6d X87: Add cmpxchg and lock instructions to x64 and ia32 {dis,}assemblers.
port 5c22cf5ae7 (r36341)

  original commit message:

BUG=

Review-Url: https://codereview.chromium.org/1990133002
Cr-Commit-Position: refs/heads/master@{#36345}
2016-05-19 05:58:55 +00:00
binji
5c22cf5ae7 Add cmpxchg and lock instructions to x64 and ia32 {dis,}assemblers
Review-Url: https://codereview.chromium.org/1986113004
Cr-Commit-Position: refs/heads/master@{#36341}
2016-05-19 00:56:08 +00:00
caitpotter88
f6865cb142 [runtime] set AsyncFunctionNext/Throw to adapt arguments
Prevent crash/UB during stack frame iteration through functions, which occurs
when debugging, when building stacktraces, etc.

Also prevents these functions from appearing in stacktraces, by unsetting the "native" flag.

BUG=v8:4483, v8:5025
R=yangguo@chromium.org, littledan@chromium.org, adamk@chromium.org

Review-Url: https://codereview.chromium.org/1990803005
Cr-Commit-Position: refs/heads/master@{#36339}
2016-05-18 20:53:40 +00:00
machenbach
0aa3707dc4 Revert of [heap] Do not invoke GC to make heap iterable. (patchset #5 id:80001 of https://codereview.chromium.org/1961373003/ )
Reason for revert:
Breaks https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20gc%20stress/builds/3551

Original issue's description:
> [heap] Do not invoke GC to make heap iterable.
>
> Remove kMakeHeapIterableMask since the heap is always iterable.
>
> BUG=chromium:580959
> LOG=n
>
> Committed: https://crrev.com/7c1cac4888a248fda3fa6de3624f32a6babb37e9
> Cr-Commit-Position: refs/heads/master@{#36333}

TBR=ulan@chromium.org,yangguo@chromium.org,hpayer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:580959

Review-Url: https://codereview.chromium.org/1987363002
Cr-Commit-Position: refs/heads/master@{#36335}
2016-05-18 19:23:07 +00:00
hpayer
7c1cac4888 [heap] Do not invoke GC to make heap iterable.
Remove kMakeHeapIterableMask since the heap is always iterable.

BUG=chromium:580959
LOG=n

Review-Url: https://codereview.chromium.org/1961373003
Cr-Commit-Position: refs/heads/master@{#36333}
2016-05-18 18:03:48 +00:00
titzer
3fef34e023 [wasm] Refactor WASM run tests to allow them to run in the interpreter too.
R=mstarzinger@chromium.org,ahaas@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/1990923002
Cr-Commit-Position: refs/heads/master@{#36332}
2016-05-18 15:57:00 +00:00
littledan
29bd8286ee Use stricter type checks in Intl's bound methods
This patch ensures that Intl bound method getters can't be retargeted
to other Intl types. If that were to happen, then a RUNTIME_ASSERT
would trigger later. This patch throws a TypeError instead, as the
specification requires.

BUG=v8:4870

Review-Url: https://codereview.chromium.org/1986763003
Cr-Commit-Position: refs/heads/master@{#36330}
2016-05-18 14:57:58 +00:00
mstarzinger
d5aa995e3c [turbofan] Make escape analysis non-experimental.
This promotes the escape analysis from an experimental feature to be a
fully supported feature. The main goal is to unleach ClusterFuzz on the
implementation so that we can stabilize it.

R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/1989833002
Cr-Commit-Position: refs/heads/master@{#36324}
2016-05-18 13:51:01 +00:00
neis
3560d9bd58 [runtime] Fix effect of setting .prototype on generator functions.
When setting a generator function's  "prototype" property to a non-object, the
prototype of new generator instances should be %GeneratorPrototype%, not
%ObjectPrototype%.

R=verwaest@chromium.org
BUG=v8:5011

Review-Url: https://codereview.chromium.org/1982203003
Cr-Commit-Position: refs/heads/master@{#36313}
2016-05-18 09:18:12 +00:00
neis
75140f39dd [compiler] Remove obsolete JSYield operator.
R=bmeurer@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/1981323002
Cr-Commit-Position: refs/heads/master@{#36312}
2016-05-18 08:55:33 +00:00
mstarzinger
992c9c4d7a [turbofan] Enable all escape analysis tests.
R=bmeurer@chromium.org

Review-Url: https://codereview.chromium.org/1980503002
Cr-Commit-Position: refs/heads/master@{#36311}
2016-05-18 08:01:44 +00:00
rmcilroy
39738bc905 [Interpreter] Remove InterpreterExitTrampoline and replace with returning to the entry trampoline.
In order to support compiling to baseline on return we need to be able to
return to the actual return address. With this change this is what the
Return bytecode now does, removing the need for the
InterpreterExitTrampoline.

This change also removes the InterpreterNotifyDeoptXXX builtins and
unifies FCG and Igntion to both use NotifyDeoptXXX. As part of this
change, FullCodegenerator::State is moved to Deoptimize::BailoutState.

BUG=v8:4280
LOG=N

Committed: https://crrev.com/34c9626e2ee56fe805de549697ca5323aed7cb66
Cr-Commit-Position: refs/heads/master@{#36288}

Review-Url: https://codereview.chromium.org/1969423002
Cr-Commit-Position: refs/heads/master@{#36310}
2016-05-18 07:52:13 +00:00
bmeurer
91a2ea815b [turbofan] We never use Int64Constant for branch/select conditions.
Remove dead code to optimize Int64Constants as branch/select conditions,
because we either have tagged booleans or bits represented as word32.

R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/1994533002
Cr-Commit-Position: refs/heads/master@{#36308}
2016-05-18 07:20:19 +00:00
bmeurer
c5a71f029f [turbofan] Turn common Guard operator into simplified TypeGuard.
The type guard should never be used after the effect/control
linearization pass, so making it a simplified operator better
expresses the intended use. Also this way none of the common
operators actually has any dependency on the type system.

Drive-by-fix: Properly print the type parameter to a TypeGuard operator.

BUG=chromium:612142
R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/1994503002
Cr-Commit-Position: refs/heads/master@{#36304}
2016-05-18 06:19:30 +00:00
bmeurer
33e571ff4b [turbofan] Kill type Guard nodes during effect/control linearization.
These guards are useless anyways once you make it throw the
effect/control linearizer because all memory operations and
calls are connected to the control and/or effect chain anyways
afterwards.

Drive-by-fix: Fail in the InstructionSelector if we ever see
a Guard node.

R=jarin@chromium.org
BUG=chromium:612142

Review-Url: https://codereview.chromium.org/1980383002
Cr-Commit-Position: refs/heads/master@{#36302}
2016-05-18 05:38:22 +00:00
mike
d0c65f93bf [parser] Relex restriction on reserved words
Some IdentifierNames are only included in the set of FutureReservedWords
for strict mode code. Outside of strict mode, these IdentifierNames may
be used as Identifiers. Notably, this includes their use as
BindingIdentifiers in LexicalBindings.

From ES2015 12.1.1 Static Semantics: Early Errors (Identifiers):

> It is a Syntax Error if this phrase is contained in strict mode code
> and the StringValue of IdentifierName is: "implements", "interface",
> "let", "package", "private", "protected", "public", "static", or
> "yield".

http://www.ecma-international.org/ecma-262/6.0/#sec-identifiers-static-semantics-early-errors

Due to a error in its heuristic for disambiguating the `let` token, V8
does not currently allow any of the strict-mode-only FutureReservedWords
to be used as a BindingIdentifier outside of strict mode.

Update V8's heuristic for disambiguating the `let` keyword to account
for strict mode, enabling these IdentifierNames to be used

BUG=v8:4918
LOG=N
R=adamk@chromium.org

Review-Url: https://codereview.chromium.org/1891453005
Cr-Commit-Position: refs/heads/master@{#36296}
2016-05-17 21:14:01 +00:00
rmcilroy
8352ad50e6 [Interpreter] Change LogicalNot to ToBooleanLogicalNot and add non-ToBoolean version.
Makes LogicalNot bytecode not do the ToBoolean operation, and add support in the
peephole optimizer to choose between the appropriate bytecode depending upon
whether the previous bytecode emitted a boolean or not.

BUG=v8:4280
LOG=N

Review-Url: https://codereview.chromium.org/1985033002
Cr-Commit-Position: refs/heads/master@{#36295}
2016-05-17 20:41:04 +00:00
machenbach
c473f2931d Revert of [Interpreter] Remove InterpreterExitTrampoline and replace with returning to the entry trampoline. (patchset #6 id:170001 of https://codereview.chromium.org/1969423002/ )
Reason for revert:
Breaks
https://build.chromium.org/p/client.v8.ports/builders/V8%20Linux%20-%20arm%20-%20sim/builds/619

Might only affect pure release builds?

Original issue's description:
> [Interpreter] Remove InterpreterExitTrampoline and replace with returning to the entry trampoline.
>
> In order to support compiling to baseline on return we need to be able to
> return to the actual return address. With this change this is what the
> Return bytecode now does, removing the need for the
> InterpreterExitTrampoline.
>
> This change also removes the InterpreterNotifyDeoptXXX builtins and
> unifies FCG and Igntion to both use NotifyDeoptXXX. As part of this
> change, FullCodegenerator::State is moved to Deoptimize::BailoutState.
>
> BUG=v8:4280
> LOG=N
>
> Committed: https://crrev.com/34c9626e2ee56fe805de549697ca5323aed7cb66
> Cr-Commit-Position: refs/heads/master@{#36288}

TBR=mstarzinger@chromium.org,oth@chromium.org,rmcilroy@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4280

Review-Url: https://codereview.chromium.org/1986353002
Cr-Commit-Position: refs/heads/master@{#36294}
2016-05-17 19:47:00 +00:00
titzer
f93066b3af [wasm] Remove renumbering of local variables from asm->wasm.
R=ahaas@chromium.org,bradnelson@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/1980543002
Cr-Commit-Position: refs/heads/master@{#36292}
2016-05-17 17:57:34 +00:00
rmcilroy
34c9626e2e [Interpreter] Remove InterpreterExitTrampoline and replace with returning to the entry trampoline.
In order to support compiling to baseline on return we need to be able to
return to the actual return address. With this change this is what the
Return bytecode now does, removing the need for the
InterpreterExitTrampoline.

This change also removes the InterpreterNotifyDeoptXXX builtins and
unifies FCG and Igntion to both use NotifyDeoptXXX. As part of this
change, FullCodegenerator::State is moved to Deoptimize::BailoutState.

BUG=v8:4280
LOG=N

Review-Url: https://codereview.chromium.org/1969423002
Cr-Commit-Position: refs/heads/master@{#36288}
2016-05-17 16:46:33 +00:00
neis
2123afff52 Remove more unused bailout reasons.
There's a script for finding them (tools/check-unused-bailouts.sh), but make
sure you don't have an old .bailout-reason.h.swp or such around when using it...

R=mstarzinger@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/1986173004
Cr-Commit-Position: refs/heads/master@{#36287}
2016-05-17 16:13:33 +00:00
mstarzinger
7cef5593e4 [turbofan] Escape analysis treats guard nodes as escaping.
This makes escape analysis treat all guard nodes in the graph as an
escaping use. We eventually want to properly handle guard nodes, this
just serves as a temporary workaround to get things going.

R=bmeurer@chromium.org
BUG=v8:602595
LOG=n

Review-Url: https://codereview.chromium.org/1972323004
Cr-Commit-Position: refs/heads/master@{#36286}
2016-05-17 15:47:35 +00:00
neis
b9bfbcb558 Remove now-unused kIllegalBytecode bailout reason.
R=mstarzinger@chromium.org, oth@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/1988573003
Cr-Commit-Position: refs/heads/master@{#36281}
2016-05-17 13:36:18 +00:00
ishell
2318facdc9 [js-perf-test] Fix JSTests/PropertyQueries microbenchmark.
1) Create fast objects so that they stay fast after creation.
2) Run combination "test_function vs {test_objects}" as a benchmark during 1 second.

This CL changes benchmark's base score.

Review-Url: https://codereview.chromium.org/1988673002
Cr-Commit-Position: refs/heads/master@{#36277}
2016-05-17 11:28:31 +00:00
yangguo
8e303dd0b3 Fix %FunctionGetName and %_ClassOf for bound functions.
R=bmeurer@chromium.org
BUG=v8:5010

Review-Url: https://codereview.chromium.org/1980463002
Cr-Commit-Position: refs/heads/master@{#36276}
2016-05-17 11:26:00 +00:00
bmeurer
551e0aa11b [es6] Reintroduce the instanceof operator in the backends.
This adds back the instanceof operator support in the backends and
introduces a @@hasInstance protector cell on the isolate that guards the
fast path for the InstanceOfStub. This way we recover the ~10%
regression on Octane EarleyBoyer in Crankshaft and greatly improve
TurboFan and Ignition performance of instanceof.

R=ishell@chromium.org
TBR=hpayer@chromium.org,rossberg@chromium.org
BUG=chromium:597249, v8:4447
LOG=n

Review-Url: https://codereview.chromium.org/1980483003
Cr-Commit-Position: refs/heads/master@{#36275}
2016-05-17 11:25:59 +00:00
yangguo
f248a83d29 [liveedit] fix stepping after replacing bytecode.
R=mstarzinger@chromium.org
BUG=v8:4765

Review-Url: https://codereview.chromium.org/1973213003
Cr-Commit-Position: refs/heads/master@{#36272}
2016-05-17 09:22:17 +00:00
littledan
972e852248 Fix RegExp.prototype.compile error case
If the RegExp doesn't parse, then ES2015 specifies that
RegExp.prototype.compile does not mutate it. This patch changes
our RegExp implementation to follow that logic.

R=yangguo

Review-Url: https://codereview.chromium.org/1972093003
Cr-Commit-Position: refs/heads/master@{#36268}
2016-05-17 06:19:36 +00:00
lpy
96aba388a1 Split TickSample and Sampler.
Since we are going to move Sampler as library, we creates tick-sample.[h|cc] for
TickSample, in order to maintain legacy code.

BUG=v8:4994
LOG=n

Review-Url: https://codereview.chromium.org/1952393002
Cr-Commit-Position: refs/heads/master@{#36267}
2016-05-17 06:12:28 +00:00
littledan
4afe89a7da [esnext] Async function toString support
BUG=v8:4483

Review-Url: https://codereview.chromium.org/1973193002
Cr-Commit-Position: refs/heads/master@{#36265}
2016-05-17 01:28:53 +00:00
littledan
690922c959 [esnext] Fix super in async arrow functions
Ordinary arrow functions have 'undefined' in their frame's receiver.
Generators restore the receiver to the frame based on one passed in
when they are constructed in CreateJSGeneratorObject.

This patch makes async arrow functions pass in 'undefined' for their
receiver so that they have the same behavior as ordinary arrow
functions, which avoids the issue of encountering TDZ when calling
an async arrow function in a subclass constructor before a super
call has returned.

BUG=v8:4483

Review-Url: https://codereview.chromium.org/1976813002
Cr-Commit-Position: refs/heads/master@{#36264}
2016-05-17 01:16:51 +00:00
caitpotter88
d08c0304c5 [esnext] prototype runtime implementation for async functions
BUG=v8:4483
LOG=N
R=littledan@chromium.org, adamk@chromium.org

Review-Url: https://codereview.chromium.org/1895603002
Cr-Commit-Position: refs/heads/master@{#36263}
2016-05-17 00:27:51 +00:00
caitpotter88
0d43421a22 [esnext] implement frontend changes for async/await proposal
BUG=v8:4483
LOG=Y
R=littledan@chromium.org, adamk@chromium.org

Review-Url: https://codereview.chromium.org/1841543003
Cr-Commit-Position: refs/heads/master@{#36261}
2016-05-16 23:19:02 +00:00
gsathya
d33aedb7b9 Revert "Fix TypedArray Property optimizations", add regression test and eliminate dead code
This reverts commit 41d571dfe8.

Reason for revert: This patch breaks the correctness of the typedarray
properties such as length, byteOffset, byteLength.

The accessor check optimization code is dead code eliminated. A follow
up patch will fix this optimization correctly.

BUG=chromium:593634

Review-Url: https://codereview.chromium.org/1977983002
Cr-Commit-Position: refs/heads/master@{#36254}
2016-05-13 22:31:07 +00:00
oth
1818a2f278 [interpreter] Remove BytecodeArrayBuilder::Illegal().
BUG=v8:4280
LOG=N

Review-Url: https://codereview.chromium.org/1979523002
Cr-Commit-Position: refs/heads/master@{#36249}
2016-05-13 16:01:49 +00:00
yangguo
7b1fe365a9 [liveedit] patch source position table for bytecode arrays.
R=mstarzinger@chromium.org
BUG=v8:4765

Review-Url: https://codereview.chromium.org/1976933002
Cr-Commit-Position: refs/heads/master@{#36240}
2016-05-13 13:21:37 +00:00
titzer
82db9dece3 [wasm] Remove legacy encoding of local variables from asm->wasm.
R=ahaas@chromium.org,bradnelson@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/1980483002
Cr-Commit-Position: refs/heads/master@{#36239}
2016-05-13 12:49:36 +00:00
yangguo
72b510dfb3 [liveedit] support restarting interpreted frame and replacing bytecode.
R=mstarzinger@chromium.org
BUG=v8:4765

Review-Url: https://codereview.chromium.org/1968423002
Cr-Commit-Position: refs/heads/master@{#36237}
2016-05-13 12:14:56 +00:00
hablich
4505b54a28 Reland of [Reland] Implement CPU time for OS X and POSIX. (patchset #1 id:1 of https://codereview.chromium.org/1977753002/ )
Reason for revert:
Not the culprit sorry.

Original issue's description:
> Revert of [Reland] Implement CPU time for OS X and POSIX. (patchset #1 id:1 of https://codereview.chromium.org/1966183003/ )
>
> Reason for revert:
> Blocks roll: https://codereview.chromium.org/1972303002/
>
> Original issue's description:
> > [Reland] Implement CPU time for OS X and POSIX.
> >
> > V8 tracing controller uses 2 clocks: wall clock and cpu clock. This patch
> > implements CPU time for OS X and POSIX to provide more accurate
> > accounting of CPU time used by each thread.
> >
> > BUG=v8:4984
> > LOG=n
> >
> > Committed: https://crrev.com/efa27fb25e1fa5b8465f4af710086b73b0cba660
> > Cr-Commit-Position: refs/heads/master@{#36213}
>
> TBR=fmeawad@chromium.org,jochen@chromium.org,rsesek@chromium.org,bmeurer@chromium.org,lpy@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:4984
>
> Committed: https://crrev.com/31b9ba3bc8fb93601cc73c83213b30e639d448b3
> Cr-Commit-Position: refs/heads/master@{#36225}

TBR=fmeawad@chromium.org,jochen@chromium.org,rsesek@chromium.org,bmeurer@chromium.org,lpy@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4984

Review-Url: https://codereview.chromium.org/1976603005
Cr-Commit-Position: refs/heads/master@{#36233}
2016-05-13 11:05:57 +00:00
mstarzinger
c3cf2607f6 [compiler] Avoid passing CompilationInfo to profiler.
This completely removes any potential for a side-channel between the
various compiler backends and the profiler. The CompilationInfo is no
longer passed.

R=yangguo@chromium.org

Review-Url: https://codereview.chromium.org/1970193002
Cr-Commit-Position: refs/heads/master@{#36230}
2016-05-13 09:46:41 +00:00
titzer
7cd1a7f768 [wasm] Remove the use of the "external" bit on OldFunctions section.
This is a first step to removing the support for the OldFunctions
section altogether, which will greatly simplify the encoder and remove
the need to do local variable remapping in asm->wasm.

R=bradnelson@chromium.org,aseemgarg@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/1974933002
Cr-Commit-Position: refs/heads/master@{#36228}
2016-05-13 08:46:40 +00:00
pierre.langlois
60fb6ea1b8 [turbofan] ARM64: Support shifted indexes in loads and stores
This patch adds support for the `Operand2_R_LSL_I` addressing mode to
loads and stores. This allows merging a shift instruction into a
MemoryOperand. Since the shift immediate is restricted to the log2 of
the operation width, the opportunities to hit this are slim. However,
Ignition's bytecode handlers hit this case all the time:

kind = BYTECODE_HANDLER
name = Star
compiler = turbofan
Instructions (size = 44)
0x23e67280     0  add x1, x19, #0x1 (1)
0x23e67284     4  ldrsb x1, [x20, x1]
0x23e67288     8  sxtw x1, w1
0x23e6728c    12  mov x2, fp
0x23e67290    16  str x0, [x2, x1, lsl #3]
                  ^^^^^^^^^^^^^^^^^^^^^
0x23e67294    20  add x19, x19, #0x2 (2)
0x23e67298    24  ldrb w1, [x20, x19]
0x23e6729c    28  ldr x1, [x21, x1, lsl #3]
                  ^^^^^^^^^^^^^^^^^^^^^
0x23e672a0    32  br x1

Additionally, I noticed the optimisation occurs once in both the
`StringPrototypeCharAt` and `StringPrototypeCharCodeAt` turbofan stubs.

BUG=

Review-Url: https://codereview.chromium.org/1972103002
Cr-Commit-Position: refs/heads/master@{#36227}
2016-05-13 07:58:59 +00:00
hablich
31b9ba3bc8 Revert of [Reland] Implement CPU time for OS X and POSIX. (patchset #1 id:1 of https://codereview.chromium.org/1966183003/ )
Reason for revert:
Blocks roll: https://codereview.chromium.org/1972303002/

Original issue's description:
> [Reland] Implement CPU time for OS X and POSIX.
>
> V8 tracing controller uses 2 clocks: wall clock and cpu clock. This patch
> implements CPU time for OS X and POSIX to provide more accurate
> accounting of CPU time used by each thread.
>
> BUG=v8:4984
> LOG=n
>
> Committed: https://crrev.com/efa27fb25e1fa5b8465f4af710086b73b0cba660
> Cr-Commit-Position: refs/heads/master@{#36213}

TBR=fmeawad@chromium.org,jochen@chromium.org,rsesek@chromium.org,bmeurer@chromium.org,lpy@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4984

Review-Url: https://codereview.chromium.org/1977753002
Cr-Commit-Position: refs/heads/master@{#36225}
2016-05-13 07:09:57 +00:00
vogelheim
bb04e1243e Remove Expression::bounds_, in order to conserve memory during parsing.
Expression::bounds_ is used only by a subset of compile passes, but the
data structure occupies space for every Expression node ever parsed. This
unneccessarily increases memory consumption. Particularly, peak memory
consumption during startup, which may cause out-of-memory errors.

This CL
- removes Expression::bounds_;
- introduces an AstTypeBounds container, which mappes Expression* to Bounds;
- modifies the code that actually requires bounds information, namely
  Crankshaft compile and AsmWasmBuilder, to instantiate such an AstTypeBounds
  container before typing and to pass it to the code that consumes this
  information; and
- modifies all accesses to Expression::bounds_ to instead access the bounds
  via the container instead.

Additionally, this rewrites test-ast-expression-visitor. The reason is that
this code attempted to test AstExpressionVisitor but did so exclusively
through its subclass ExpressionTypeCollector, meaning that the test dealt
almost exclusively with type bounds despite the class-under-test having
no knowledge or functionality related to it. Worse, the test was written
in a way to assume that type bounds were available outside & after
compilation, which is something this change changes.

BUG=v8:4947

Review-Url: https://codereview.chromium.org/1968383002
Cr-Commit-Position: refs/heads/master@{#36222}
2016-05-12 22:24:30 +00:00
oth
02b7373ab1 [interpreter] Introduce bytecode generation pipeline.
This change introduces a pipeline for the final stages of
bytecode generation.

The peephole optimizer is made distinct from the BytecodeArrayBuilder.

A new BytecodeArrayWriter is responsible for writing bytecode. It
also keeps track of the maximum register seen and offers a potentially
smaller frame size.

R=rmcilroy@chromium.org
LOG=N
BUG=v8:4280

Review-Url: https://codereview.chromium.org/1947403002
Cr-Commit-Position: refs/heads/master@{#36220}
2016-05-12 19:20:04 +00:00
bmeurer
fa7460adbc [turbofan] Fix optimized lowering of Math.imul.
We eagerly inserted Int32Mul for Math.imul during builtin lowering and
messed up with the types, which confused the representation selection.
This adds a proper NumberImul operator, and fixes the builtin reducer to
do the right thing according to the spec.

R=mstarzinger@chromium.org
BUG=v8:5006
LOG=n

Review-Url: https://codereview.chromium.org/1971163002
Cr-Commit-Position: refs/heads/master@{#36219}
2016-05-12 18:43:32 +00:00
jacob.bramley
83b9e1bee4 [arm] Clean up handling of usat.
The usat instruction is available from ARMv6, so there's no need to
check for the ARMv7 feature before using it. ARMv6 is the oldest
supported architecture in V8.

Correcting this allows the removal of a special case for predictable
code size.

BUG=

Review-Url: https://codereview.chromium.org/1974903002
Cr-Commit-Position: refs/heads/master@{#36218}
2016-05-12 18:20:30 +00:00
lpy
efa27fb25e [Reland] Implement CPU time for OS X and POSIX.
V8 tracing controller uses 2 clocks: wall clock and cpu clock. This patch
implements CPU time for OS X and POSIX to provide more accurate
accounting of CPU time used by each thread.

BUG=v8:4984
LOG=n

Review-Url: https://codereview.chromium.org/1966183003
Cr-Commit-Position: refs/heads/master@{#36213}
2016-05-12 15:35:38 +00:00
ahaas
481502dad9 [turbofan] Introduce new operators Float32SubPreserveNan and Float64SubPreserveNan for wasm.
The operators are needed because the wasm spec requires that nan bits are preserved.

R=titzer@chromium.org

Review-Url: https://codereview.chromium.org/1973493003
Cr-Commit-Position: refs/heads/master@{#36212}
2016-05-12 14:25:45 +00:00