Commit Graph

28203 Commits

Author SHA1 Message Date
jochen
4e234f2748 Add parser_fuzzer to BUILD.gn
BUG=chromium:577261
R=machenbach@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1635963003

Cr-Commit-Position: refs/heads/master@{#33511}
2016-01-26 12:19:43 +00:00
rmcilroy
befe61fa3e [Interpreter] Add native function literal support.
Adds support for calling native function literals. Moves the logic for building
the native function's SharedFunctionInfo out of full-codegen into compiler.cc
to allow it to be shared between fullcodegen and Ignition.

BUG=v8:4686
LOG=N

Review URL: https://codereview.chromium.org/1635553002

Cr-Commit-Position: refs/heads/master@{#33510}
2016-01-26 11:30:46 +00:00
ishell
6131ab1edd [es6] Tail calls support.
This CL implements PrepareForTailCall() mentioned in ES6 spec for full codegen, Crankshaft and Turbofan.
When debugger is active tail calls are disabled.

Tail calling can be enabled by --harmony-tailcalls flag.

BUG=v8:4698
LOG=Y
TBR=rossberg@chromium.org

Review URL: https://codereview.chromium.org/1609893003

Cr-Commit-Position: refs/heads/master@{#33509}
2016-01-26 11:07:40 +00:00
jochen
cf0435881c Add a library suitable for libfuzzer with a small unit test runner shell
BUG=chromium:577261
R=machenbach@chromium.org,jarin@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1604203002

Cr-Commit-Position: refs/heads/master@{#33508}
2016-01-26 10:39:03 +00:00
mstarzinger
ca23cdd814 Simplify HandlerTable::LookupRange search.
This simplifies the lookup mechanism used for range-based exception
handler tables. Those tables are well nested and we can assume that
results get increasingly narrow the later they appear in the table.

R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/1639743002

Cr-Commit-Position: refs/heads/master@{#33507}
2016-01-26 09:36:33 +00:00
mlippautz
518796922a [heap] Move symbols and internalized strings to global header
BUG=
R=hpayer@chromium.org

Review URL: https://codereview.chromium.org/1634513002

Cr-Commit-Position: refs/heads/master@{#33506}
2016-01-26 09:24:20 +00:00
mtrofin
e3edb12fc9 [turbofan] InstructionBlock::PrintBlock
Debugging helper. Centralized the logic for printing blocks from
InstructionSequence.

A clean(-er) design would be to define an operator<< on a
PrintableInstructionBlock. However, we've discussed moving off those
operators, so it seemed unnecessary to complicate the change.

BUG=

Review URL: https://codereview.chromium.org/1632803003

Cr-Commit-Position: refs/heads/master@{#33505}
2016-01-26 07:00:34 +00:00
littledan
efcd023e4a Fix RegExp.prototype.compile.length to be 2
SpiderMonkey switched to 2, test262 tests for 2, and 2 is a reasonable, natural
value.

R=yangguo

Review URL: https://codereview.chromium.org/1616233002

Cr-Commit-Position: refs/heads/master@{#33504}
2016-01-26 06:43:17 +00:00
littledan
22be78430a Support @@species in Array.prototype.concat
This patch makes Array.prototype.concat support subclassing Arrays
and constructing instances properly with Symbol.species. It is
guarded by the --harmony-species flag.

R=cbruni
LOG=Y
BUG=v8:4093

Review URL: https://codereview.chromium.org/1577043002

Cr-Commit-Position: refs/heads/master@{#33503}
2016-01-26 06:33:25 +00:00
v8-autoroll
041e61f840 Update V8 DEPS.
Rolling v8/tools/clang to c09d5840c4a88def889a3e66fe7f1a71655fa06d

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review URL: https://codereview.chromium.org/1632793005

Cr-Commit-Position: refs/heads/master@{#33502}
2016-01-26 04:27:42 +00:00
littledan
03ce7711e4 Restore per-TypedArray-class length accessors as a perf workaround
This patch is a workaround to the performance regression caused by
implementing the ES2015 TypedArray prototype chain: Include a
per-TypedArray-subclass length getter so that the superclass getter does
not become polymorphic. The patch appears to fix a regression in the
Gameboy Octane benchmark.

BUG=chromium:579905
R=adamk
LOG=Y

Review URL: https://codereview.chromium.org/1624383003

Cr-Commit-Position: refs/heads/master@{#33501}
2016-01-25 20:26:51 +00:00
balazs.kilvady
284a3456b9 MIPS: Followup 'Introduce BUILTIN_CALL_PAIR.'
Port 433e8848df

Add DCHECK()s for BUILTIN_CALL, BUILTIN_CALL_PAIR to simulators.

BUG=

Review URL: https://codereview.chromium.org/1630783002

Cr-Commit-Position: refs/heads/master@{#33500}
2016-01-25 19:38:21 +00:00
sigurds
2fbe5946ed [turbofan] Stage escape analysis
This CL enables escape analysis. We expect performance feedback
and a lot of clusterfuzz bugs.

R=mstarzinger@chromium.org
BUG=v8:4586
LOG=n

Review URL: https://codereview.chromium.org/1587013002

Cr-Commit-Position: refs/heads/master@{#33499}
2016-01-25 18:17:23 +00:00
sigurds
2b84cb4f56 [turbofan] Minor performance tweaks in escape analysis
* Add caching to handling of dangling loads
* Add two unittests for load elimination on escaped objects

BUG=v8:4586
LOG=n

Review URL: https://codereview.chromium.org/1619103004

Cr-Commit-Position: refs/heads/master@{#33498}
2016-01-25 17:31:17 +00:00
ishell
ac03ef02d6 Also check new_target_is_base() bit when comparing two maps for equivalence.
BUG=chromium:580506
LOG=N

Review URL: https://codereview.chromium.org/1631673002

Cr-Commit-Position: refs/heads/master@{#33497}
2016-01-25 16:44:01 +00:00
mbrandy
03d59ca709 AIX: Fix 'may be used uninitialized' compiler errors.
Fix additional cases where the AIX compiler reports that a variable
may be used uninitialized.

R=danno@chromium.org, michael_dawson@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1628483003

Cr-Commit-Position: refs/heads/master@{#33496}
2016-01-25 16:20:06 +00:00
mstarzinger
21b6e077fa [interpreter] Fix lookup of overlapping handler ranges.
This fixes corner cases where the start offsets of exception handler
regions within the handler table fall together. This assumption was
based on full-codegen code and no longer holds with the interpreter.
The tables however are still well nested and code has been added to
verify that in debug mode.

R=rmcilroy@chromium.org
BUG=v8:4674
LOG=n

Review URL: https://codereview.chromium.org/1633573002

Cr-Commit-Position: refs/heads/master@{#33495}
2016-01-25 16:18:53 +00:00
mstarzinger
b707ca4b54 [interpreter] Deprecate --ignition-fallback-on-catch flag.
The current support for try-catch in the interpreter can handle most of
the cases appearing in our test suite. Also the flag in question did not
detect try-finally constructs. This removes the flag and instead extends
the test expectations.

R=rmcilroy@chromium.org
BUG=v8:4674
LOG=n

Review URL: https://codereview.chromium.org/1631593003

Cr-Commit-Position: refs/heads/master@{#33494}
2016-01-25 15:57:51 +00:00
akos.palfi
b4b5110009 MIPS64: Fix 'Array length reduction should throw in strict mode if it can't delete an element.'
BUG=

Review URL: https://codereview.chromium.org/1632643002

Cr-Commit-Position: refs/heads/master@{#33493}
2016-01-25 15:26:09 +00:00
jochen
85f32f1fc8 Don't NULL-check GlobalHandle::Node::object_
If it's Smi::FromInt(0), the NULL check would trigger. Instead, use the
handle-zap value to mean "not set".

BUG=v8:3647,chromium:580651
R=vogelheim@chromium.org
LOG=y

Review URL: https://codereview.chromium.org/1628173002

Cr-Commit-Position: refs/heads/master@{#33492}
2016-01-25 13:10:09 +00:00
sigurds
5259af606b [turbofan] Memory improvements for escape analysis
This CL reduces the memory overhead of escape analysis
by introducing a "copy on demand" strategy for virtual states
and virtual objects.

BUG=v8:4586
LOG=n

Review URL: https://codereview.chromium.org/1606613002

Cr-Commit-Position: refs/heads/master@{#33491}
2016-01-25 12:46:38 +00:00
mlippautz
5eff542054 [heap] Cleanup: Remove WAS_SWEPT flag.
- Completely rely on the concurrent sweeping state for SweepingCompleted()
- Rename the state accordingly.

CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_asan_rel,v8_linux64_tsan_rel,v8_mac64_asan_rel
R=hpayer@chromium.org

Review URL: https://codereview.chromium.org/1614953002

Cr-Commit-Position: refs/heads/master@{#33490}
2016-01-25 12:33:35 +00:00
rmcilroy
9602f4b2d2 [Interpreter] Remove skips which have been fixed with Exceptions and For...Of.
BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1627943003

Cr-Commit-Position: refs/heads/master@{#33489}
2016-01-25 12:23:38 +00:00
yangguo
3246d26b71 [regexp] step back if starting unicode regexp within surrogate pair.
See https://github.com/tc39/ecma262/issues/128

R=erik.corry@gmail.com, littledan@chromium.org
BUG=v8:2952
LOG=N

Review URL: https://codereview.chromium.org/1608693003

Cr-Commit-Position: refs/heads/master@{#33488}
2016-01-25 10:46:11 +00:00
bmeurer
88f9995d5c [for-in] Further refactorings and unification around for-in.
Cleanup %ForInPrepare runtime entry, and unify common logic with
%ForInEnumerate (renamed from %GetPropertyNamesFast). Also introduce
a TupleType to properly type JSForInPrepare and its projections w/o
special hacks in the Typer. And fix %ForInNext and JSForInNext to be
consistent with fullcodegen again (after the proxy refactorings last
quarter).

R=jarin@chromium.org
BUG=v8:3650
LOG=n

Review URL: https://codereview.chromium.org/1631583002

Cr-Commit-Position: refs/heads/master@{#33487}
2016-01-25 10:30:18 +00:00
titzer
0ab1e56203 [wasm] Add loop assignment analysis.
This CL implements loop assignment analysis, a pass over a loop's body
to record local variables that are assigned. This pre-pass is similar
to that done on the JavaScript AST for the same reason: avoid introducing
too many phis at loop headers when building a graph.

R=bradnelson@chromium.org,ahaas@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1617723003

Cr-Commit-Position: refs/heads/master@{#33486}
2016-01-25 10:28:04 +00:00
titzer
28d3cba243 [formatting] Remove the formatting requirement for 2 empty lines between declarations.
R=mstarzinger@chromium.org,rossberg@chromium.org,bmeurer@chromium.org,hpayer@chromium.org,jochen@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1600873002

Cr-Commit-Position: refs/heads/master@{#33485}
2016-01-25 09:50:17 +00:00
littledan
5ef27c25e9 Update webkit test expectations for sloppy functions in case
A recent ES2015 semantics web compatibility fix changed a WebKit
test from a syntax error to a known failure without a syntax
error. This confused the fuzzer infrastructure. This patch updates
the test expectations to the expected output, based on what the
new semantics provide.

R=machenbach,adamk
BUG=v8:4693
LOG=N

Review URL: https://codereview.chromium.org/1628013003

Cr-Commit-Position: refs/heads/master@{#33484}
2016-01-25 09:02:55 +00:00
zhengxing.li
f55b66ca38 X87: [stubs] Introduce ToNameStub to implement %_ToName.
port a0878333de4dd090f9d8987e1698a9eef9cc7219(r33460)

  original commit message:
  We already had hand-written optimized code for %_ToName in fullcodegen,
  but the optimizing compilers always went to the runtime for %_ToName,
  which is pretty bad for many of our builtins. So this CL moves the
  existing native code to a ToNameStub (similar to the existing
  ToStringStub), and uses the ToNameStub consistently in all compilers to
  actually implement %_ToName.

BUG=

Review URL: https://codereview.chromium.org/1622793006

Cr-Commit-Position: refs/heads/master@{#33483}
2016-01-25 07:40:03 +00:00
zhengxing.li
22445627e8 X87: [interpreter] Fix return address when entering exception handler.
port ca51c204e1ab1519e2c623a74fad117577c37732(r33463)

  original commit message:
  This fixes the broken return address when the exception handler within
  interpreted bytecode is being entered via stack unwinding. The address
  in question will never actually be taken, but our stack walker uses this
  address to determine whether a frame is interpreted.

BUG=

Review URL: https://codereview.chromium.org/1632453002

Cr-Commit-Position: refs/heads/master@{#33482}
2016-01-25 07:38:52 +00:00
mtrofin
78b55f2ebc If all the predecessors of a node have, at the last gap, the exact same
moves, we move those to the node, and remove them from the
predecessors ("merge" them to the common node).

If only some of the moves are common, we don't do anything. This is
what this change addresses.

The bug linked below should be addressed by this change. The only
difference in codegen before/after the change that introduced the bug
was un-merged moves.

BUG=chromium:549262
LOG=N

Review URL: https://codereview.chromium.org/1527203002

Cr-Commit-Position: refs/heads/master@{#33481}
2016-01-25 06:33:14 +00:00
bmeurer
825ece488b [turbofan] Switch JSForInPrepare to %ForInPrepare style.
Now TurboFan always uses the newly introduced %ForInPrepare, no matter
whether baseline is the interpreter or fullcodegen. For fullcodegen, we
introduce a new PrepareId bailout point for this purpose.

Drive-by-fix: Avoid the NoObservableSideEffectsScope in Crankshaft and
use the PrepareId bailout point instead.

R=jarin@chromium.org
BUG=v8:3650
LOG=n

Review URL: https://codereview.chromium.org/1630523002

Cr-Commit-Position: refs/heads/master@{#33480}
2016-01-25 06:00:51 +00:00
v8-autoroll
3a2fbe0851 Update V8 DEPS.
Rolling v8/buildtools to 222bd42ce39d1bd8f08fe089b066f49c469e1cdf

Rolling v8/tools/clang to 3ed46b50b0b4e8c829ea6492bbe357b2b7b8e64a

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review URL: https://codereview.chromium.org/1623773002

Cr-Commit-Position: refs/heads/master@{#33479}
2016-01-23 04:26:15 +00:00
adamk
8aeb6080e1 Sloppy mode webcompat: allow conflicting function declarations in blocks
The web appears to depend on being able to redeclare functions-in-blocks
in sloppy mode (examples seen so far tend to redeclare identical functions,
most likely accidentally).

This patch opens a minimal hole: two same-named function declarations
in the same scope are allowed, only in sloppy mode.

BUG=v8:4693, chromium:579395
LOG=y

Review URL: https://codereview.chromium.org/1622723003

Cr-Commit-Position: refs/heads/master@{#33478}
2016-01-23 00:40:53 +00:00
rmcilroy
677e54e244 [Interpreter] Always store current context in the frames context slot.
Change the interpreter to always store the current context in the frame's
context slot instead of the function context. This makes it possible to
restore the correct context during deopt.

BUG=v8:4678,v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1604923002

Cr-Commit-Position: refs/heads/master@{#33477}
2016-01-23 00:07:49 +00:00
mbrandy
12ac11e98f PPC: [stubs] Introduce ToNameStub to implement %_ToName.
Port a0878333de

Original commit message:
    We already had hand-written optimized code for %_ToName in fullcodegen,
    but the optimizing compilers always went to the runtime for %_ToName,
    which is pretty bad for many of our builtins. So this CL moves the
    existing native code to a ToNameStub (similar to the existing
    ToStringStub), and uses the ToNameStub consistently in all compilers to
    actually implement %_ToName.

R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1620313004

Cr-Commit-Position: refs/heads/master@{#33476}
2016-01-22 18:56:14 +00:00
mbrandy
433e8848df Introduce BUILTIN_CALL_PAIR.
This change allows the PPC simulator to execute on PPC hardware where,
due to calling conventions, we must distinguish between Object* and
ObjectPair return values.

We find this useful as another available option for debugging certain
problems.  While not strictly necessary for Intel platforms, we hope
that this is less offensive now that BUILTIN_CALL_TRIPLE has been
added.

BUG=
R=rmcilroy@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com

Review URL: https://codereview.chromium.org/1604653006

Cr-Commit-Position: refs/heads/master@{#33475}
2016-01-22 18:35:42 +00:00
mstarzinger
00b0a53685 [interpreter] Re-enable some tests that pass by now.
These tests have been disabled while support for try-finally was work in
progress. By now control flow is connected properly and the tests pass.

R=oth@chromium.org
BUG=v8:4674
LOG=n

Review URL: https://codereview.chromium.org/1626503002

Cr-Commit-Position: refs/heads/master@{#33474}
2016-01-22 17:11:17 +00:00
ofrobots
f7304757ae Revert "Revert of [profiler] Implement POC Sampling Heap Profiler (patchset #12 id:220001 of https://codereview.chromium.org/1555553002/ )"
This reverts commit 77df8659c2.

BUG=

Review URL: https://codereview.chromium.org/1618693004

Cr-Commit-Position: refs/heads/master@{#33473}
2016-01-22 16:36:57 +00:00
mstarzinger
475d178f2e [interpreter] Add ReThrow bytecode for try-finally support.
This adds an explicit ReThrow bytecode to be used in the modelling of
try-finally statements. An exception that is being re-thrown should not
trigger message object creation or location computation and hence cannot
use the existing Throw bytecode.

R=rmcilroy@chromium.org
TEST=cctest/test-interpreter/InterpreterTryFinally
BUG=v8:4674
LOG=n

Review URL: https://codereview.chromium.org/1621673002

Cr-Commit-Position: refs/heads/master@{#33472}
2016-01-22 16:26:16 +00:00
mbrandy
35dfeb2cfd PPC: [interpreter] Fix return address when entering exception handler.
Port ca51c204e1

Original commit message:
    This fixes the broken return address when the exception handler within
    interpreted bytecode is being entered via stack unwinding. The address
    in question will never actually be taken, but our stack walker uses this
    address to determine whether a frame is interpreted.

R=mstarzinger@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
TEST=cctest/test-interpreter/InterpreterTryCatch
BUG=v8:4674
LOG=n

Review URL: https://codereview.chromium.org/1615093004

Cr-Commit-Position: refs/heads/master@{#33471}
2016-01-22 16:21:42 +00:00
rmcilroy
380f8c8f46 [Interpreter] Add ForOf support.
Adds support for ForOf to the interpreter.

BUG=v8:4685
LOG=N

Review URL: https://codereview.chromium.org/1618693005

Cr-Commit-Position: refs/heads/master@{#33470}
2016-01-22 15:54:59 +00:00
bmeurer
56e1b13ea1 [runtime] Make sure %ForInPrepare returns the correct length.
In case the receiver map has an enum cache, %ForInPrepare returns the
length of the actual enum cache, which might include properties that
are further down the transition tree tho.

R=jarin@chromium.org
BUG=v8:3650
LOG=n

Review URL: https://codereview.chromium.org/1619353002

Cr-Commit-Position: refs/heads/master@{#33469}
2016-01-22 14:52:20 +00:00
sigurds
9b859a8891 [turbofan] Add TRACE macro for escape analysis
R=jarin@chromium.org
BUG=v8:4586
LOG=n

Review URL: https://codereview.chromium.org/1608073003

Cr-Commit-Position: refs/heads/master@{#33468}
2016-01-22 13:52:24 +00:00
cbruni
867fc7153e [tools] Adding ICE, the IC-Explorer.
Is it frozen water? Is it a train? No, but it's both (relatively) fast and
(relatively) cool, it's ICE, the IC-Explorer. Upload an IC trace and you can
easily* drill-down on where most IC changes happen. It even comes with a colored
title and runs in your favourite browser without dependencies (yeah, I'm looking
at you JQuery!)

*according to a user study with a random 1-person group.

R=mvstanton@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1618213003

Cr-Commit-Position: refs/heads/master@{#33467}
2016-01-22 13:51:11 +00:00
mstarzinger
42630a8224 [interpreter] Fix bogus test expecation for bytecode generator.
TBR=rmcilroy@chromium.org
TEST=cctest/test-bytecode-generator
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1612373004

Cr-Commit-Position: refs/heads/master@{#33466}
2016-01-22 13:04:39 +00:00
mstarzinger
e175e39fed [interpreter] Implement handling of try-finally constructs.
This models function local control flow through try-finally constructs
using a token dispatch mechanism. All paths through the finally block
are assigned a token, at the end of the finally block a switch construct
dispatches according to this token.

R=oth@chromium.org,rmcilroy@chromium.org
BUG=v8:4674
LOG=n

Review URL: https://codereview.chromium.org/1613443002

Cr-Commit-Position: refs/heads/master@{#33465}
2016-01-22 12:43:57 +00:00
rmcilroy
847ac580f1 [Interpreter] Ensure context is popped when we break or continue
Break and continue operations need to pop the context chain to the
correct context before jumping to the target.

BUG=v8:4280,v8:4678
LOG=N

Review URL: https://codereview.chromium.org/1618693002

Cr-Commit-Position: refs/heads/master@{#33464}
2016-01-22 12:42:47 +00:00
mstarzinger
ca51c204e1 [interpreter] Fix return address when entering exception handler.
This fixes the broken return address when the exception handler within
interpreted bytecode is being entered via stack unwinding. The address
in question will never actually be taken, but our stack walker uses this
address to determine whether a frame is interpreted.

R=rmcilroy@chromium.org
TEST=cctest/test-interpreter/InterpreterTryCatch
BUG=v8:4674
LOG=n

Review URL: https://codereview.chromium.org/1615063002

Cr-Commit-Position: refs/heads/master@{#33463}
2016-01-22 11:17:12 +00:00
jarin
747bd6f215 Runtime call counters and timers.
In d8, run with --runtime-call-stats and it will output the stats when d8 finishes.

In Chrome, run the following: (only on trusted code, this punches *massive* security hole into Chrome)

chrome --js-flags="--runtime-call-stats --allow-natives-syntax"

To get the stats in the console, just run

console.log(%GetAndResetRuntimeCallStats());

To output stats every second:

setInterval(function() { console.log(%GetAndResetRuntimeCallStats()); }, 1000)

Review URL: https://codereview.chromium.org/1615943002

Cr-Commit-Position: refs/heads/master@{#33462}
2016-01-22 10:12:05 +00:00