Commit Graph

41536 Commits

Author SHA1 Message Date
jgruber
d4c157ee65 [builtins] Extract isolate-independent metadata
Instead of generating huge switch statements for builtin accessor functions,
simply store isolate-independent metadata in a struct indexed by builtin-id.

Drive-by-fix: Remove duplicate parameter-count lookup accessor.
Drive-by-fix: Print builtin kind with --print-builtin-size.

Bug: v8:6624
Change-Id: Ibe61eeee6b8849d5e1a2361ec8268b233be8bb13
Reviewed-on: https://chromium-review.googlesource.com/591847
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46994}
2017-07-31 08:33:14 +00:00
Michael Lippautz
6432301fc3 [heap] Scavenger: Remove dead code
Bug: chromium:738865
Change-Id: Ia9544707d4117187746fc50a416370b3c08ab842
Reviewed-on: https://chromium-review.googlesource.com/593313
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46993}
2017-07-31 08:15:49 +00:00
Alexey Kozyatinskiy
e20ef0249f [inspector] added Debugger.getPossibleBreakpoints perf test
We need this benchmark to measure speedup of getPossibleBreakpoints method by [1].

[1] https://chromium-review.googlesource.com/c/591027/

R=dgozman@chromium.org

Bug: none
Change-Id: I617a435d5a162800caae2fb85596839a57d4d9bd
Reviewed-on: https://chromium-review.googlesource.com/592308
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46992}
2017-07-31 08:05:29 +00:00
Jakob Gruber
793053fd76 [coverage] Don't skip collection if invocation_count is zero
Function-granularity coverage skips functions that are both uncovered
and have an uncovered parent. This optimization needs to be tweaked once
block coverage and incremental collection is in play, as it is possible
to have a function with invocation_count == 0 (i.e. uncovered at
function granularity) that still has relevant block-granularity
coverage.

Bug: v8:6000
Change-Id: I4cc81b8a6935aa58e29d383ed4fa749cbfe69352
Reviewed-on: https://chromium-review.googlesource.com/589508
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46991}
2017-07-31 07:56:28 +00:00
Ulan Degenbaev
962de532f5 [heap] Fix data race in IncrementalMarking::NotifyLeftTrimming.
BUG=chromium:694255
TBR=mlippautz@chromium.org

Change-Id: I7dd9623ff85fcc49f034c71a6f5149f9488a9abb
Reviewed-on: https://chromium-review.googlesource.com/593010
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46990}
2017-07-29 13:34:35 +00:00
Georg Neis
53db05840e Revert "[Memory] Add an OnCriticalMemoryPressure method to V8::Platform."
This reverts commit 3f90d9f994.

Reason for revert: https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20TSAN/builds/16510

Original change's description:
> [Memory] Add an OnCriticalMemoryPressure method to V8::Platform.
> 
> Adds virtual V8::Platform::OnCriticalMemoryPressure method, default
> implementation does nothing.
> 
> Calls this method on first allocation failures in NewArray, Malloced,
> and zone AccountingAllocator and adds retry logic.
> 
> Adds utility functions for allocating base::VirtualMemory to functions
> in allocation.h, which call this method and add retry logic.
> 
> Calls these utility functions in heap CodeRange, Spaces, StoreBuffer
> and SequentialMarkingDeque.
> 
> Bug: v8:6635
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: I38afd394f3be556aca037d16675e9884658158cb
> Reviewed-on: https://chromium-review.googlesource.com/583543
> Commit-Queue: Bill Budge <bbudge@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#46988}

TBR=bbudge@chromium.org,ulan@chromium.org,mlippautz@chromium.org

Change-Id: I79afea5982e62db1462cc5a5585a226f0ddbe752
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6635
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/592887
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46989}
2017-07-29 04:47:49 +00:00
Bill Budge
3f90d9f994 [Memory] Add an OnCriticalMemoryPressure method to V8::Platform.
Adds virtual V8::Platform::OnCriticalMemoryPressure method, default
implementation does nothing.

Calls this method on first allocation failures in NewArray, Malloced,
and zone AccountingAllocator and adds retry logic.

Adds utility functions for allocating base::VirtualMemory to functions
in allocation.h, which call this method and add retry logic.

Calls these utility functions in heap CodeRange, Spaces, StoreBuffer
and SequentialMarkingDeque.

Bug: v8:6635
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I38afd394f3be556aca037d16675e9884658158cb
Reviewed-on: https://chromium-review.googlesource.com/583543
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46988}
2017-07-29 02:49:44 +00:00
Bill Budge
f8d95d7266 [Turbofan] Fix 128 bit slot swaps on ia32.
- Use a sequence of push/pop instructions to move 128 bit values.
- Generalize HighOperand method to handle other offsets.

Bug: v8:6020
Change-Id: I21467c2f19637b0e6b86a3060952386dd0c5d77a
Reviewed-on: https://chromium-review.googlesource.com/583627
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46987}
2017-07-29 00:55:25 +00:00
Brad Nelson
7662e0634c Enable SharedArrayBuffer by default in standalone v8.
BUG=chromium:709179
R=binji@chromium.org,hablich@chromium.org

Change-Id: I2efb3becc1ca9fef84008c82cd882ef11e2aa3f2
Reviewed-on: https://chromium-review.googlesource.com/589768
Commit-Queue: Brad Nelson <bradnelson@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46986}
2017-07-28 22:40:25 +00:00
Alexey Kozyatinskiy
6b0bf1659e [inspector] move SetScriptSource call to native
To avoid using debugging context and debugger-script.js on inspector side we can move SetScriptSource call to v8::internal::Debug. Theoretically we can move live edit implementation to native completely but since it will be reimplemented it looks redundant.

R=yangguo@chromium.org,jgruber@chromium.org

Bug: chromium:652939
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Id09492c2d2a93efbde429c9cc1bc181d5fdda19b
Reviewed-on: https://chromium-review.googlesource.com/590736
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46985}
2017-07-28 21:55:05 +00:00
Alexei Filippov
920025f523 [heap-profiler] Remove unused methods from Heap Profiler.
Remove GetProfilerMemorySize from HeapProfiler API.
Remove HeapObjectsMap::FindUntrackedObjects

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I32a9a0676485c17c08c068a8ca501525b0d2670e
Reviewed-on: https://chromium-review.googlesource.com/590651
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46984}
2017-07-28 20:56:24 +00:00
Georg Neis
4a9718c777 [modules] Blame correct module for ambiguous exports.
The error got attached to the module asking for the conflicting name.
This was incorrect in the case where the asking was itself via a star
export. We must attach the error to the module that explicitly asks
for the problematic name via a named import or named export statement.

Test will be added to Chromium:
https://chromium-review.googlesource.com/c/590369/

R=adamk@chromium.org

Bug: v8:1569
Change-Id: Ib3c297c6c5654ed1b8f2c7b2d6525202c78f87cd
Reviewed-on: https://chromium-review.googlesource.com/591307
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46983}
2017-07-28 19:43:36 +00:00
Ulan Degenbaev
774a4c5e24 Revert "[heap] Reland "[heap] Allow a minimum semi-space size of 512K.""
This reverts commit 176a2b24fb.

Reason for revert: performance regression on the benchmarks.

Original change's description:
> [heap] Reland "[heap] Allow a minimum semi-space size of 512K."
> 
> This patch changes the semi-space size to 512K.
> 
> > Original commit message:
> > Revert "[heap] Allow a minimum semi-space size of 512K."
> > This reverts commit 0d2ed6c328.
> > The CL introduced perf regressions: crbug.com/735649.
> > We are going to reland the CL in an isolated V8 roll to ensure
> > that perf regressions are attributed correctly.
> 
> > Original commit message:
> > > [heap] Allow a minimum semi-space size of 512K.
> > > This CL also reduces the minimum semi-space size to 512K.
> > > BUG=chromium:716032
> > BUG=chromium:735649
> 
> Change-Id: Iabc377cba2911b28d51b98bb5b85134d4e893632
> Reviewed-on: https://chromium-review.googlesource.com/575066
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#46763}

TBR=ulan@chromium.org,mlippautz@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Change-Id: I80f8b6699f41e91512f7cec38060c829252ff95e
Reviewed-on: https://chromium-review.googlesource.com/591309
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46982}
2017-07-28 19:42:31 +00:00
Jakob Kummerow
e567dd3ab4 Refactor TransitionArray access
in preparation for caching StoreIC-Transition handlers in there.
This CL should not change behavior or performance.

The TransitionArray class no longer serves a dual purpose; it is now
simply the data structure serving that role. Further, it now supports
storing transitioning handlers in its "target" slot, which in turn have
a WeakCell pointing to the transition target (but this functionality
is not being used yet).

The interface for accessing a map's transitions, previously implemented
as a set of static functions, is now handled by the TransitionsAccessor
class. It distinguishes the following internal states:
- kPrototypeInfo: map is a prototype map, will never cache any transitions.
- kUninitialized: map can cache transitions, but doesn't have any.
- kWeakCell: map caches a single transition, stored inline. Formerly known
             as "IsSimpleTransition".
- kFullTransitionArray: map uses a TransitionArray to store transitions.
- kTuple3Handler, kFixedArrayHandler: to be used in the future for caching
                                      transitioning handlers.

Change-Id: If2aa68390981f96f317b958445a6e0b935c2a14e
Reviewed-on: https://chromium-review.googlesource.com/550118
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46981}
2017-07-28 19:41:21 +00:00
Tobias Tebbi
c87a3ddaf1 Revert "Reland: [turbofan] staging new implementation of escape analysis"
This reverts commit ccd8bb692b.

Reason for revert: https://build.chromium.org/p/client.v8.fyi/builders/Mac%20Release%20%28Intel%29/builds/2643

Original change's description:
> Reland: [turbofan] staging new implementation of escape analysis
> 
> Reland of https://chromium-review.googlesource.com/c/565720, fixing compilation issues on the waterfall.
> 
> Bug: 
> Change-Id: Ide4f1ea4470e946820edc990c9bf027f04844efe
> Reviewed-on: https://chromium-review.googlesource.com/591667
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#46975}

TBR=jarin@chromium.org,tebbi@chromium.org

Change-Id: I30016fd8d71535c02bab8678b02147195c3e97a6
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/591672
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46980}
2017-07-28 19:16:17 +00:00
Adithya Srinivasan
59ddd6061c Change Accessor counters
Counters for some of the getters are renamed to remove the
AccessorNameGetterCallback_ prefix. The prefix causes these getters to
be categorized under Blink C++ (and they shouldn't be). Counters are
also added for some setters which are currently being counted under
GenericNamedPropertySetterCallback and AccessorNameSetterCallback which
are both categorized as Blink C++.

Bug: 
Change-Id: Ifc2c08d3eca0460ea6b5572c7a96b3625dd7d7ea
Reviewed-on: https://chromium-review.googlesource.com/587593
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Adithya Srinivasan <adithyas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46979}
2017-07-28 14:56:36 +00:00
Mircea Trofin
13532c0869 [wasm] Streaming API: own the promise.
Avoid leaking because the persistent handle isn't released. To further
clarify ownership, the v8 side owns now completely the promise.

Bug: 
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ief9e44e60235fe6199fc4884ad1ccbd9e34cce8a
Reviewed-on: https://chromium-review.googlesource.com/591067
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46978}
2017-07-28 14:51:16 +00:00
Mathias Bynens
8be73bad18 [printing] Print feedback vectors
This patch makes `%DebugPrint(fn)` print `fn`’s feedback vector when
available.

Example output:

```
d8> fn = (x) => x + '.'; fn(''); %DebugPrint(fn)
DebugPrint: 0x1c12b950df81: [Function]
 - map = 0x1c12b1802361 [FastProperties]
 - prototype = 0x1c12ec904591
 - elements = 0x1c12f5702241 <FixedArray[0]> [HOLEY_ELEMENTS]
 - initial_map =
 - shared_info = 0x1c12ec92fde9 <SharedFunctionInfo fn>
 - name = 0x1c12ec92fcd1 <String[2]: fn>
 - formal_parameter_count = 1
 - kind = [ ArrowFunction ]
 - context = 0x1c12ec903cd1 <FixedArray[278]>
 - code = 0x220721125061 <Code BUILTIN>
 - interpreted
 - bytecode = 0x1c12ec930181
 - source code = (x) => x + '.'
 - properties = 0x1c12f5702241 <FixedArray[0]> {
    #length: 0x1c12e3095eb1 <AccessorInfo> (const accessor descriptor)
    #name: 0x1c12e3095f21 <AccessorInfo> (const accessor descriptor)
 }

 - feedback vector: 0x1c12ec9301f9: [FeedbackVector] in OldSpace
 - length: 1
 SharedFunctionInfo: 0x1c12ec92fde9 <SharedFunctionInfo fn>
 Optimized Code: 0
 Invocation Count: 1
 Profiler Ticks: 0
 Slot #0 BinaryOp MONOMORPHIC
  [0]: 8
0x1c12b1802361: [Map]
 - type: JS_FUNCTION_TYPE
 - instance size: 72
 - inobject properties: 0
 - elements kind: HOLEY_ELEMENTS
 - unused property fields: 0
 - enum length: invalid
 - callable
 - back pointer: 0x1c12f57022d1 <undefined>
 - instance descriptors (own) #2: 0x1c12ec9048e9 <FixedArray[8]>
 - layout descriptor: 0x0
 - prototype: 0x1c12ec904591 <JSFunction (sfi = 0x1c12f5707c91)>
 - constructor: 0x1c12f5702201 <null>
 - code cache: 0x1c12f5702241 <FixedArray[0]>
 - dependent code: 0x1c12f5702241 <FixedArray[0]>
 - construction counter: 0

(x) => x + '.'
```

Example output when feedback vector is not available:

```
d8> %DebugPrint(() => {})
DebugPrint: 0x1c12b950bf49: [Function]
 - map = 0x1c12b1802361 [FastProperties]
 - prototype = 0x1c12ec904591
 - elements = 0x1c12f5702241 <FixedArray[0]> [HOLEY_ELEMENTS]
 - initial_map =
 - shared_info = 0x1c12ec92c021 <SharedFunctionInfo>
 - name = 0x1c12f5702431 <String[0]: >
 - formal_parameter_count = 0
 - kind = [ ArrowFunction ]
 - context = 0x1c12ec903cd1 <FixedArray[278]>
 - code = 0x220721004861 <Code BUILTIN>
 - source code = () => {}
 - properties = 0x1c12f5702241 <FixedArray[0]> {
    #length: 0x1c12e3095eb1 <AccessorInfo> (const accessor descriptor)
    #name: 0x1c12e3095f21 <AccessorInfo> (const accessor descriptor)
 }

 - feedback vector: not available
0x1c12b1802361: [Map]
 - type: JS_FUNCTION_TYPE
 - instance size: 72
 - inobject properties: 0
 - elements kind: HOLEY_ELEMENTS
 - unused property fields: 0
 - enum length: invalid
 - callable
 - back pointer: 0x1c12f57022d1 <undefined>
 - instance descriptors (own) #2: 0x1c12ec9048e9 <FixedArray[8]>
 - layout descriptor: 0x0
 - prototype: 0x1c12ec904591 <JSFunction (sfi = 0x1c12f5707c91)>
 - constructor: 0x1c12f5702201 <null>
 - code cache: 0x1c12f5702241 <FixedArray[0]>
 - dependent code: 0x1c12f5702241 <FixedArray[0]>
 - construction counter: 0

() => {}
```

Change-Id: Ic80289bff652cfc8d04182c68740843c61c87849
Reviewed-on: https://chromium-review.googlesource.com/591369
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46977}
2017-07-28 14:39:36 +00:00
Jaroslav Sevcik
4229ca207e [profiler] Fix logging addresses on Windows.
Change-Id: Iff0dcec95d04b85d31a452fed31b1500ad17a9f0
Reviewed-on: https://chromium-review.googlesource.com/591373
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46976}
2017-07-28 14:36:14 +00:00
Tobias Tebbi
ccd8bb692b Reland: [turbofan] staging new implementation of escape analysis
Reland of https://chromium-review.googlesource.com/c/565720, fixing compilation issues on the waterfall.

Bug: 
Change-Id: Ide4f1ea4470e946820edc990c9bf027f04844efe
Reviewed-on: https://chromium-review.googlesource.com/591667
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46975}
2017-07-28 14:29:34 +00:00
Daniel Clifford
d0579a4beb [csa] Move common FixedArray initialization into AllocateUninitializedJSArrayWithElements
Change-Id: Ifb689a6d5bc5290c6612a92fa45aae6f5db2d81c
Reviewed-on: https://chromium-review.googlesource.com/589433
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46974}
2017-07-28 13:52:14 +00:00
Mathias Bynens
27e3921ba8 Add .editorconfig
This file codifies the preferred editor configuration when working
on V8. Including it in the repository makes it easier for contributors
to follow the existing coding style.

See http://editorconfig.org/ for more information.

Change-Id: Iea69c29fc0d88e0fd085e4b3ffc46697d0cd1202
Reviewed-on: https://chromium-review.googlesource.com/591427
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46973}
2017-07-28 13:39:24 +00:00
Michael Lippautz
d9d059175e [heap] Decouple RootMarkingVisitor used for seeding items from Minor MC
This visitor can be reused by the full MC when seeding root items.

Bug: chromium:750084
Change-Id: I9d46ce55737961d8f72a34b06f3314c8f75f3b4d
Reviewed-on: https://chromium-review.googlesource.com/591451
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46972}
2017-07-28 13:35:24 +00:00
Michael Lippautz
ca33118d32 [heap] Fix smaller issues in MarkCompactMarkingVisitor
Bug: chromium:750084
Change-Id: I17560b2ab31ad494637a7498a089f4d2b7377907
Reviewed-on: https://chromium-review.googlesource.com/591450
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46971}
2017-07-28 13:30:52 +00:00
Michael Lippautz
52a9b5cb8f [heap] Scavenger: Remove left-over
Also remove the comment on LayoutDescriptor as we want to pretenure
those.

Bug: chromium:738865
Change-Id: I5bdf66d383b481edc3250623e155b97d1081a7cc
Reviewed-on: https://chromium-review.googlesource.com/590235
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46970}
2017-07-28 13:09:05 +00:00
Juliana Patricia Vicente Franco
a193fde97c Revert "Changing the return address on the stack."
This reverts commit e15f554427.

Reason for revert: it breaks the GC stress. 

Original change's description:
> Changing the return address on the stack.
> 
> Rather than patching code, the deoptimizer now replaces the
> return address in the frames with respective trampolines. 
> This change required to change the way we search for Safepoint 
> entries and for Exception Handlers. 
> It's working in architectures: x64, ia32, arm, arm64 and mips. 
> 
> Bug: V8:6563
> Change-Id: I3cbd4d192c3513f307b3a6a2ac99e60d03c753d3
> Reviewed-on: https://chromium-review.googlesource.com/586707
> Commit-Queue: Juliana Patricia Vicente Franco <jupvfranco@google.com>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#46967}

TBR=jarin@chromium.org,bmeurer@chromium.org,jupvfranco@google.com

Change-Id: I430fa9123beef2e0723b38cdef9537181203f7e7
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: V8:6563
Reviewed-on: https://chromium-review.googlesource.com/591371
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46969}
2017-07-28 12:41:57 +00:00
Tobias Tebbi
8616be0c94 Revert "[turbofan] staging new implementation of escape analysis"
This reverts commit d230b44f0c.

Reason for revert: compile errors on the waterfall

Original change's description:
> [turbofan] staging new implementation of escape analysis
> 
> Bug: 
> Change-Id: Idebe4fa6d651a404a0dc1947ed4a34a8dc9707a9
> Reviewed-on: https://chromium-review.googlesource.com/565720
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#46966}

TBR=mstarzinger@chromium.org,jarin@chromium.org,tebbi@chromium.org

Change-Id: I73c3cb270d498aeb181e31bad04f1c73d5ca6741
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/591370
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46968}
2017-07-28 12:18:38 +00:00
Juliana Franco
e15f554427 Changing the return address on the stack.
Rather than patching code, the deoptimizer now replaces the
return address in the frames with respective trampolines. 
This change required to change the way we search for Safepoint 
entries and for Exception Handlers. 
It's working in architectures: x64, ia32, arm, arm64 and mips. 

Bug: V8:6563
Change-Id: I3cbd4d192c3513f307b3a6a2ac99e60d03c753d3
Reviewed-on: https://chromium-review.googlesource.com/586707
Commit-Queue: Juliana Patricia Vicente Franco <jupvfranco@google.com>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46967}
2017-07-28 11:53:45 +00:00
Tobias Tebbi
d230b44f0c [turbofan] staging new implementation of escape analysis
Bug: 
Change-Id: Idebe4fa6d651a404a0dc1947ed4a34a8dc9707a9
Reviewed-on: https://chromium-review.googlesource.com/565720
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46966}
2017-07-28 11:45:25 +00:00
Michael Lippautz
7c8a75e508 Pretenure LayoutDescriptor
LayoutDescriptor is currently the only case where the Scavenger needs to
potentially follow an updated slot to iterate an object. This scenario
requires at least Acq/Rel semantics.

In order to use relaxed store/load for the slots we need to allocate it
pretenured.

Bug: chromium:738865
Change-Id: I353fa6f252b436918b60fff54ece5ce5c7783072
Reviewed-on: https://chromium-review.googlesource.com/590429
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46965}
2017-07-28 11:43:35 +00:00
Ulan Degenbaev
047e906da5 [heap] Process weak cells in concurrent marking visitor.
BUG=chromium:694255

Change-Id: I6684850ae9759f719e3ed665157eaea2581a65cf
Reviewed-on: https://chromium-review.googlesource.com/590008
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46964}
2017-07-28 11:32:40 +00:00
sreten.kovacevic
3eb4de3497 MIPS[64]: Port [arm] Introduce UseScratchRegisterScope
Add UseScratchRegisterScope for MIPS and use it instead of using at register directly.

Original commit message:
`Introduce a stripped down version of UseScratchRegisterScope for ARM and use it
inside the assembler and macro-assembler. At the exception of the Call
instructions, we now use this scope instead of using the ip register
directly. This is inspired from how the ARM64 backend works.

In general, the benefit of doing this is we can catch cases where ip is being
used both by the caller and by the assembler. But more specifically, TurboFan
reserves r9 as an extra scratch register because ip can already be used by the
assembler. With this utility, we can isolate the cases in the code generator
which need an extra register and potentially fix them, allowing us to give r9
back to the register allocator.

This patch uncovered places in the assembler where we were using ip
unconditionally when we could have re-used the destination register instead.`

Bug: 
Change-Id: I1a35c1661579882801605337abfc95f75b47f052
Reviewed-on: https://chromium-review.googlesource.com/574923
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@imgtec.com>
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@imgtec.com>
Cr-Commit-Position: refs/heads/master@{#46963}
2017-07-28 11:31:35 +00:00
Leszek Swirski
ad09fd60d6 [compiler-dispatcher] Pass isolate to main thread step
Rather than storing the isolate in compiler dispatcher jobs, which gets
weird for jobs that are entirely off-thread, instead pass the isolate
in when stepping on the main thread.

This makes it clearer which steps must be executed on the main thread,
as they require the caller to explicitly give them access to the
isolate.

Bug: v8:6537
Change-Id: I02fff7c77fdcdbfb099a38235f94d8c1040699ac
Reviewed-on: https://chromium-review.googlesource.com/589437
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46962}
2017-07-28 10:56:05 +00:00
Leszek Swirski
1c02987d2d [compiler] Kill the deoptimized too many times bailout
With TurboFan, there should no longer be any deopt loops (aside from
bugs). So, the "too many deopts" bailout is no longer needed, at least
in its current form.

This fixes an issue where deopt counts are leaked between native
contexts, resulting in optimization being disabled unnecessarily.

Bug: v8:6402
Change-Id: Ia06374ae6b5c2d473bcdd8eef1284bf02766c2fb
Reviewed-on: https://chromium-review.googlesource.com/588894
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46961}
2017-07-28 10:08:29 +00:00
Mathias Bynens
f4b2b9bef7 Ship RegExp dotAll mode / s flag
Intent to ship:
https://groups.google.com/a/chromium.org/d/msg/blink-dev/0uSHjqvgAwQ/CqmFd6KNAwAJ

BUG=v8:6172

Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I50fab93516065195b4e9eea0d3be14ccf935a04f
Reviewed-on: https://chromium-review.googlesource.com/589150
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46960}
2017-07-28 08:17:38 +00:00
jgruber
d4c1b2aaeb [coverage] Include catch and finally keywords in ranges
This includes the catch and finally keywords in the respective range.
For instance:

// Catch range previously:  |<--------->|
try { /* ... */ } catch (e) { /* ... */ }
// Now:           |<------------------->|

Bug: v8:6000
Change-Id: I1bd9f7fce8bb7de945da83ab512833841b9d956a
Reviewed-on: https://chromium-review.googlesource.com/586598
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46959}
2017-07-28 08:06:08 +00:00
Jaroslav Sevcik
b87ba9f2f8 [logging] Add an option to log source code in v8.log.
Bug: v8:6239
Change-Id: I87f72cb97616e28cb44f7160d5170ff740422419
Reviewed-on: https://chromium-review.googlesource.com/584612
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46958}
2017-07-28 07:18:18 +00:00
Benedikt Meurer
3fba4b7089 [js-perf-test] Add microbenchmarks for Array.prototype.join/toString.
Bug: v8:1956
Change-Id: Ic4c67392af2337ac35f9473073dae01264c5ac00
Reviewed-on: https://chromium-review.googlesource.com/590428
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46957}
2017-07-28 05:11:38 +00:00
v8-autoroll
222aceab5b Update V8 DEPS.
Rolling v8/build: 11685b6..ece477b

Rolling v8/third_party/catapult: 0f1f20d..cc7953a

TBR=machenbach@chromium.org,hablich@chromium.org

Change-Id: Ic687cb5f878438e46a9a64d67aaa7adc8519fb62
Reviewed-on: https://chromium-review.googlesource.com/590613
Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46956}
2017-07-28 03:45:42 +00:00
Daniel Clifford
68a58016a1 [csa] Add IsArrayProtectorCellInvalid utility method
Change-Id: I8ecca14e1d65aeed59cd55626e41f9863d58be50
Reviewed-on: https://chromium-review.googlesource.com/589431
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46955}
2017-07-28 03:44:38 +00:00
Jaideep Bajwa
de9b0a071c PPC/s390: [objects] Make feedback vector a first-class object
Port 37680d6563

Original Commit Message:

    Instead of having feedback vector as a subtype of FixedArray with
    reserved slots, make it a first-class variable-sized object with a
    fixed-size header. This allows us to compress counters to ints in the
    header, rather than forcing them to be Smis.

R=leszeks@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: Ia835942de292c4e4b802e34672f1e8bf8a2491c7
Reviewed-on: https://chromium-review.googlesource.com/590168
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Jaideep Bajwa <bjaideep@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#46954}
2017-07-28 03:38:22 +00:00
pan.deng@intel.com
eaec875f7f X64: Remove redundant mov instructions.
Bug: None
Change-Id: I31f6c6aba48076b26971ba828411b61ed7e9bae9

Contribute by kanghua.yu@intel.com

Change-Id: I31f6c6aba48076b26971ba828411b61ed7e9bae9
Reviewed-on: https://chromium-review.googlesource.com/567861
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Pan Deng <pan.deng@intel.com>
Cr-Commit-Position: refs/heads/master@{#46953}
2017-07-28 03:37:18 +00:00
Jaroslav Sevcik
a27daf04a3 [turbofan] Revert "Load elimination for Map.prototype.(has|get)."
This reverts commit 3ca6408511.

Reason: it does not seem to improve anything (including microbenchmarks
that only do "if (m.has(x)) s += m.get(x);" in a tight loop).

Bug: v8:6410
Change-Id: I025bf885f313ac5e54ca450ae9cff5b4a15b04fd
Reviewed-on: https://chromium-review.googlesource.com/574020
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46952}
2017-07-27 18:53:17 +00:00
Adam Klein
48a903eb3f Properly fix-up ClassLiterals in ReparentExpressionScope()
Everything inside a class lives inside the class scope, so
reparenting the class scope is the only operation that
should be done to ClassLiterals during reparenting.

Bug: chromium:740591
Change-Id: Ia5b96b44ff1ca6cfa274effb5a04651809bab9bd
Reviewed-on: https://chromium-review.googlesource.com/588054
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46951}
2017-07-27 18:22:57 +00:00
jing.bao
100513c0d0 [ia32][wasm] Add more I32x4 BinOp and ShiftOp
I32x4 Mul, MinS,MaxS,MinU,MaxU, Shl,ShrS,ShrU
Rename WASM_SIMD_TEST(I32x4Min) to WASM_SIMD_TEST(I32x4MinS)

Bug: 
Change-Id: I6c721496bbf772ee734c21a3e98176699b01f890
Reviewed-on: https://chromium-review.googlesource.com/586430
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46950}
2017-07-27 17:37:37 +00:00
Jaideep Bajwa
a2388599db PPC/s390: Reland "[arm] Restrict grouping pushes before a TailCall to registers only"
Port 79bcb45447

Original Commit Message:

    This is a reland of a72b2f88a8
    Original change's description:
    > [arm] Restrict grouping pushes before a TailCall to registers only
    >
    > We optimize parallel moves performed before a TailCall by grouping adjacent
    > pushes. This way, we may use a single instruction to push multiple registers at
    > once. However, we also have support for pushing immediates and stack slots for
    > which the benefit is questionnable therefore this patch removes support for
    > them.
    >
    > Concerning immediate pushes, it looks like a mistake since we do not have
    > support for this case in `AssembleMove` so this patch removes it. Furthermore,
    > if we add a test for this case, we see that a `push ip` instruction is
    > generated, effectively pushing whatever was in `ip` at the time instead of
    > pushing a constant.
    >
    > Concerning stack slot pushes, we generate a more or less equivalent sequence of
    > instructions.
    >
    > Finally, grouping floating point pushes is not used anywhere so this patch
    > removes support for this also.
    >
    > Bug: v8:6553
    > Change-Id: I9b820d33361fc442dd813f66e1f96cda41009110
    > Reviewed-on: https://chromium-review.googlesource.com/567191
    > Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
    > Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
    > Cr-Commit-Position: refs/heads/master@{#46718}

R=pierre.langlois@arm.com, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: I8790c7a72f92803ea8fda3c6dc7e6b013e2e09e9
Reviewed-on: https://chromium-review.googlesource.com/588471
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Jaideep Bajwa <bjaideep@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#46949}
2017-07-27 17:27:37 +00:00
Ross McIlroy
3b334b73e9 [Compiler] Remove ability to create CompilerDispatcher jobs from parsed literal.
The approach to creating compiler dispatcher jobs for inner functions after
they had been parsed didn't provide the startup benifits we hoped for due
to the need to hold onto the whole zone memory AST while waiting for the
jobs to complete.

This CL removes the ability to create these compilation jobs (which was never
enabled by default anyway). Going forward we will potentially use the
parser task approach to parse+compile inner functions in their own job.

BUG=v8:5203

Change-Id: I63134746aa23b4aa6e3bfa17c539954890fd9b0f
Reviewed-on: https://chromium-review.googlesource.com/590007
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46948}
2017-07-27 16:50:47 +00:00
Alexey Kozyatinskiy
c5e9416b1d [inspector] move stack trace and scope inspection to native
This CL moves us much closer to the point where we can remove debugger-script.js and usage of debugger context from inspector.
There are three main parts left:
- managing breakpoints,
- inspecting stack and scopes (this CL),
- LiveEdit.

In this CL I moved all stack/scope inspection to native. As side effect running debugger and inspector tests are 10-20% faster (it's significant since not all of tests requesting break).

R=yangguo@chromium.org,jgruber@chromium.org

Bug: chromium:652939
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I409396a687e18e9c0554c0c9c35b6e1064627be8
Reviewed-on: https://chromium-review.googlesource.com/580645
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46947}
2017-07-27 15:57:30 +00:00
Rodolph Perfetta
b4f1e24078 [instruction scheduler] deal with CSP/JSSP disparity on arm64.
This is preparation work to re-enable the scheduler: on arm64 some opcodes will
be neutral wrt the stack (JSSP) but will modify the underlying CSP. Identify
those opcode as such until JSSP is removed.

Bug: 
Change-Id: Iae633382c5ed38b01edaec896f2ce44d76931fc8
Reviewed-on: https://chromium-review.googlesource.com/568822
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Rodolph Perfetta <rodolph.perfetta@arm.com>
Cr-Commit-Position: refs/heads/master@{#46946}
2017-07-27 15:41:18 +00:00
jgruber
ffeea0fe05 [coverage] Add continuation counters for catch and finally blocks
These counters handle cases in which the catch/finally block contains a jump
statement.

Bug: v8:6000
Change-Id: Ic83f11ee431edabe61f129c9abc3adc12a79c338
Reviewed-on: https://chromium-review.googlesource.com/586595
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46945}
2017-07-27 15:31:58 +00:00