Commit Graph

39924 Commits

Author SHA1 Message Date
Wiktor Garbacz
9a572e1d5f [parse tasks] Fix arrow function parameters handling.
Formal parameters of an arrow function are parsed even if the function
itself is preparsed. It is because we don't know if it is an arrow
function parameter list or just comma separated expression list.
When we parse:
 (a, b = (function c() { return a; })())
call to function c may be just part of an assignment in an expression
list, but if it's followed by:
 => { return b; }
It is an arrow function and the call to c is a default parameter.
Before we see the arrow we might have already created a parse task
to parse function c.

BUG=v8:6093

Change-Id: I59a59acfdbbfd808dab1518060748be2addcd54a
Reviewed-on: https://chromium-review.googlesource.com/493347
Commit-Queue: Wiktor Garbacz <wiktorg@google.com>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45132}
2017-05-05 12:14:22 +00:00
Tobias Tebbi
fbd7754947 [turbofan] escape analysis: delete broken function ProcessLoadFromPhi
Bug: 
Change-Id: I4fbdb402ecc0403edafaba8ae910e28f3808d3f8
Reviewed-on: https://chromium-review.googlesource.com/497470
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45131}
2017-05-05 12:13:17 +00:00
Clemens Hammacher
3d76d2a2dc [cctest] Refactor CallHelper to use variadic templates
Instead of explicitly instantiating six copies of each function for
zero to five arguments, define them as variadic template.
This avoids the arbitrary limit to five arguments, and avoids lots of
code duplication.

Drive-by fix: [iwyu] Add missing include.

R=mstarzinger@chromium.org

Change-Id: Id7edde3611ddfade16c7afbbf4b9000cedd76468
Reviewed-on: https://chromium-review.googlesource.com/496247
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45130}
2017-05-05 12:05:45 +00:00
Michael Starzinger
d380c7da6d [asm.js] Fix validation failure in module variable import.
R=clemensh@chromium.org
TEST=message/asm-import-wrong-object
BUG=chromium:718653

Change-Id: Ib903d7041ffb6a67c1b3c7be3e0f9455229acd90
Reviewed-on: https://chromium-review.googlesource.com/497747
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45129}
2017-05-05 11:39:06 +00:00
hpayer
8833af23e9 [heap] Memory reducer calls GC with kGCCallbackFlagCollectAllExternalMemory flag.
BUG=chromium:718484

Review-Url: https://codereview.chromium.org/2863943002
Cr-Commit-Position: refs/heads/master@{#45128}
2017-05-05 11:24:02 +00:00
ulan
b7b3781b87 Revert of [heap] Reland "Make non-atomic markbit operations consistent with atomic ones." (patchset #2 id:20001 of https://codereview.chromium.org/2860323003/ )
Reason for revert:
box2d failures on buildbot

Original issue's description:
> [heap] Reland "Make non-atomic markbit operations consistent with atomic ones."
>
> Now non-atomic color transition operations return a boolean indicating
> whether the transition succeeded or not.
>
> This allows to replace color check and transition operations with a
> single transition operation. For example:
>
> if (IsWhite(object)) {
>   WhiteToBlack(object);
>   Foo();
> }
>
> becomes
>
> if (WhiteToBlack(object)) {
>   Foo();
> }
>
> BUG=chromium:694255
>
> CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_rel_ng
>
> Review-Url: https://codereview.chromium.org/2860323003
> Cr-Commit-Position: refs/heads/master@{#45123}
> Committed: c0a65cd295

TBR=mlippautz@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:694255

Review-Url: https://codereview.chromium.org/2863953002
Cr-Commit-Position: refs/heads/master@{#45127}
2017-05-05 11:17:15 +00:00
Ilija.Pavlovic
d7f7c32424 Enable build with shared libraries.
This adaptation will allow build v8 when the component is defined as
shared library. Without this, at linking phase of the unittests will be
displayed error messages for undefined references.

TEST=
BUG=

Review-Url: https://codereview.chromium.org/2853483002
Cr-Commit-Position: refs/heads/master@{#45126}
2017-05-05 10:59:39 +00:00
Michael Starzinger
25959abf79 [asm.js] Ensure proper encapsulation of "asmjs" component.
This makes sure that only the "asm-js.h" header is exposed to outside
the directory holding the asm.js validator. It ensures that internals
don't leak out of that component, unless they are explicitly exposed
through the defined interface.

R=clemensh@chromium.org
BUG=v8:6127

Change-Id: I7c41782254cfce102af8edf4356205cfca904e60
Reviewed-on: https://chromium-review.googlesource.com/496147
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45125}
2017-05-05 10:36:26 +00:00
bmeurer
516d8438ad [js] Avoid %_ClassOf for collection builtins.
The collection builtins (Map, Set, WeakMap, WeakSet) are still written
in JavaScript and make heavy use of %_ClassOf, which is kind of
expensive compared to a simple instance type check. Change that to use
simple instance type checks instead.

R=jarin@chromium.org
BUG=v8:6261,v8:6278,v8:6344

Review-Url: https://codereview.chromium.org/2814773005
Cr-Original-Commit-Position: refs/heads/master@{#45106}
Committed: 28170099fd
Review-Url: https://codereview.chromium.org/2814773005
Cr-Commit-Position: refs/heads/master@{#45124}
2017-05-05 10:22:17 +00:00
ulan
c0a65cd295 [heap] Reland "Make non-atomic markbit operations consistent with atomic ones."
Now non-atomic color transition operations return a boolean indicating
whether the transition succeeded or not.

This allows to replace color check and transition operations with a
single transition operation. For example:

if (IsWhite(object)) {
  WhiteToBlack(object);
  Foo();
}

becomes

if (WhiteToBlack(object)) {
  Foo();
}

BUG=chromium:694255

CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_rel_ng

Review-Url: https://codereview.chromium.org/2860323003
Cr-Commit-Position: refs/heads/master@{#45123}
2017-05-05 10:16:01 +00:00
Michael Achenbach
56352067f2 [test] Skip more flaky tests
TBR=alph@chromium.org
NOTRY=true

Bug: v8:5193
Change-Id: Ie3d4e67314c80cd1806ba97ac1700b9a95918f73
Reviewed-on: https://chromium-review.googlesource.com/497748
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45122}
2017-05-05 10:08:10 +00:00
Peter Marshall
4d611d1dc3 [builtins] Use the byte_length for byte length, not byte_offset.
length != offset.

Bug: chromium:718285
Change-Id: I150af1473cb5180c242f3817b940fa1cf1c49cea
Reviewed-on: https://chromium-review.googlesource.com/497727
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45121}
2017-05-05 09:57:17 +00:00
Tobias Tebbi
d871c5ba80 [turbofan] fix escape analysis divergence on Air benchmark
When a virtual object passes by a store node that updates a field to the existing value, then the object and its state were not copied, which lead to the original object being passed on. 
If then later the store actually modifies and copies the virtual object, this new copy is not passed down the effect chain, so subsequent nodes still refer to the original virtual object and try to update it once new information flows in.
This conflicts with updates on the node that originally created the virtual object, leading to divergence.

Bug: v8:6345
Change-Id: Iab1ce98a60b48478b343eae765c80bdfcb8ba390
Reviewed-on: https://chromium-review.googlesource.com/496267
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45120}
2017-05-05 09:33:17 +00:00
Michael Starzinger
2238a16c69 [asm.js] Remove AST-based asm.js validator implementation.
R=clemensh@chromium.org
BUG=v8:6127

Change-Id: I6a098151fef14c0c76c1762d99316a3ae7d12a8e
Reviewed-on: https://chromium-review.googlesource.com/496266
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45119}
2017-05-05 08:57:35 +00:00
Michael Achenbach
0c590f45a8 Revert https://codereview.chromium.org/2857713002 and dependencies
Revert "[heap] Make non-atomic markbit operations consistent with atomic ones."

This reverts commit dd37366fb5

Revert "[heap] Use atomic marking operations in incremental marking if"

This reverts commit 1f2c3596e9

Revert "[heap] Prepare IncrementalMarking::VisitObject for concurrent marking."

This reverts commit 00d1e2cf76

Revert "[heap] Use shared markbits in the concurrent marker."

This reverts commit b0db0541ee

https://codereview.chromium.org/2857713002 blocks the current roll:
https://codereview.chromium.org/2857423002/

Doesn't revert cleanly.

NOTRY=true
TBR=ulan@chromium.org

Bug: chromium:694255
Change-Id: Iada35af5c2529cd9e604802700604b16cc30aa2d
Reviewed-on: https://chromium-review.googlesource.com/497387
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45118}
2017-05-05 06:57:45 +00:00
v8-autoroll
d21326d5c4 Update V8 DEPS.
Rolling v8/build: cef928f..0fffbdf

Rolling v8/third_party/catapult: 0d00147..d9a6925

Rolling v8/tools/clang: dc087f5..ae881aa

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Change-Id: I0b4fc50a1ad132b27b2fc484c75ab70995b73a38
Reviewed-on: https://chromium-review.googlesource.com/497286
Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45117}
2017-05-05 03:30:38 +00:00
Daniel Ehrenberg
c299fee21c [parser] Fix parse errors for async arrow function edge cases
New test262 tests bring up a couple cases with async arrow functions
that V8 didn't seem to handle properly; this patch makes those cases
errors:
- async (...x,) => y -- Rest parameter must be last formal parameter
- async (...x = z) => y -- No default value for rest parameter
- async (...x, y) => z -- Rest parameter must be last formal parameter

Bug: v8:4483, v8:5051
Change-Id: I024d9ba0c854e8e5e75283df2ee53127b1be090d
Reviewed-on: https://chromium-review.googlesource.com/496057
Commit-Queue: Daniel Ehrenberg <littledan@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Caitlin Potter <caitp@igalia.com>
Cr-Commit-Position: refs/heads/master@{#45116}
2017-05-04 22:43:42 +00:00
Jungshik Shin
6545911f30 Handle private / grandfathered tags gracefully for case-conversion
Bug=v8:6083
Test=intl/general/case-mapping.js

Change-Id: I254c54520262298d6843948654d1dc4583b0c245
Reviewed-on: https://chromium-review.googlesource.com/496886
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Jungshik Shin <jshin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45115}
2017-05-04 22:40:42 +00:00
Jungshik Shin
2bb21e169a resolvedTimezone for Etc/UTC should be UTC per Ecma 402
http://unicode.org/cldr/trac/ticket/9943 added a new separate timezone
ID (Etc/UTC) distinct from "Etc/GMT" even though their behavior is
identical. This CLDR change led v8 to violate Ecma 402 requirement that
resolvedOptions().timeZone for DateTimeFormat be "UTC" for "Etc/UTC"
, "Etc/GMT", "GMT" and "UTC".

This CL made v8 compliant to Ecma 402 again.

Bug=v8:6252
TEST=intl/date-format/timezone
Change-Id: Ibe5d3a2a09680ae00de0d73d123a389710c15af0

Change-Id: Ibe5d3a2a09680ae00de0d73d123a389710c15af0
Reviewed-on: https://chromium-review.googlesource.com/496406
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Commit-Queue: Jungshik Shin <jshin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45114}
2017-05-04 21:17:39 +00:00
jarin
f47572f3a7 [turbofan] Avoid creating singleton state-values for the accumulator.
This saves about 5% of memory and node count consumed by graph building
on the TypeScript benchmark. High watermark goes down by 3-4%.

BUG=v8:5267

Review-Url: https://codereview.chromium.org/2829093002
Cr-Commit-Position: refs/heads/master@{#45113}
2017-05-04 19:35:13 +00:00
Mircea Trofin
f5ff422b83 [wasm] Ensure sync (forward) tasks execute in a context.
We need the job_'s context to reify errors, for example.
Some tasks already managed their context, so centralized
that logic in a SyncCompileTask all sync tasks derive from.

Bug: 
Change-Id: I90f462476b47bb8d5777db93d8dfb5c72fbd885b
Reviewed-on: https://chromium-review.googlesource.com/495392
Commit-Queue: Mircea Trofin <mtrofin@google.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45112}
2017-05-04 19:10:18 +00:00
bjaideep
d587812258 PPC/s390: Reland: [TypeFeedbackVector] Store optimized code in the vector
Port 662aa425ba

Original Commit Message:

    Since the feedback vector is itself a native context structure, why
    not store optimized code for a function in there rather than in
    a map from native context to code? This allows us to get rid of
    the optimized code map in the SharedFunctionInfo, saving a pointer,
    and making lookup of any optimized code quicker.

    Original patch by Michael Stanton <mvstanton@chromium.org>

R=rmcilroy@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=v8:6246
LOG=N

Review-Url: https://codereview.chromium.org/2861863003
Cr-Commit-Position: refs/heads/master@{#45111}
2017-05-04 19:02:26 +00:00
Caitlin Potter
c6540ab1b7 [es6] don't use do-expressions to desugar ES6 classes
Removes the do-expression wrapping, modifies BytecodeGenerator change
to enter a class literal's block scope if needed.

This does not solve the actual bug in v8:6322, but helps mitigate it in
simple cases. The bug is caused by BytecodeGenerator not allocating a
large enough array of context registers to hold its entire stack,
allowing non-context registers to be overwritten during PushContext and
PopContext bytecodes.

Nevertheless, I like the idea of not depending on do-expressions when
possible, so I think it's worth doing anyways.

BUG=v8:6322
R=rmcilroy@chromium.org, marja@chromium.org, littledan@chromium.org

Change-Id: I82b7569db2a0eead1694bd04765fc4456c2f1a0a
Reviewed-on: https://chromium-review.googlesource.com/491074
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45110}
2017-05-04 18:49:50 +00:00
Daniel Ehrenberg
5228af67e1 [intl] Use a service-dependent default locale
Different Intl features (DateTimeFormat, NumberFormat, etc) have
different lists of locales supported. Previously, the default locale
was set to "und", as opposed to what was detected from the surrounding
system, if any of these features was missing data. With this patch,
only that feature is set to "und". In this way, the data quality should
be just as good as if there were no fallback logic, but at the same time,
resolvedOptions().locale should show the locale actually in effect.

R=adamk,jshin
BUG=v8:6288

Change-Id: I62b083a1dde2465cb1541cb18ecc7e59f9097bc0
Reviewed-on: https://chromium-review.googlesource.com/492886
Commit-Queue: Daniel Ehrenberg <littledan@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45109}
2017-05-04 18:46:00 +00:00
bmeurer
ae5ae1ccee Revert of [js] Avoid %_ClassOf for collection builtins. (patchset #4 id:60001 of https://codereview.chromium.org/2814773005/ )
Reason for revert:
Breaks node.js integration bot: https://build.chromium.org/p/client.v8.fyi/builders/V8%20-%20node.js%20integration/builds/5374/steps/build%20addons%20and%20test%20node.js/logs/stdio

Original issue's description:
> [js] Avoid %_ClassOf for collection builtins.
>
> The collection builtins (Map, Set, WeakMap, WeakSet) are still written
> in JavaScript and make heavy use of %_ClassOf, which is kind of
> expensive compared to a simple instance type check. Change that to use
> simple instance type checks instead.
>
> R=jarin@chromium.org
> BUG=v8:6261,v8:6278,v8:6344
>
> Review-Url: https://codereview.chromium.org/2814773005
> Cr-Commit-Position: refs/heads/master@{#45106}
> Committed: 28170099fd

TBR=jarin@chromium.org,adamk@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:6261,v8:6278,v8:6344

Review-Url: https://codereview.chromium.org/2860123002
Cr-Commit-Position: refs/heads/master@{#45108}
2017-05-04 18:43:45 +00:00
Sathya Gunasekaran
0015bbb5e1 [modules] Disallow HTML comments in modules
Bug: v8:5045
Change-Id: I1d8b6be8a65595dc357c4f721b1a03425e025e6e
Reviewed-on: https://chromium-review.googlesource.com/463811
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45107}
2017-05-04 18:42:12 +00:00
bmeurer
28170099fd [js] Avoid %_ClassOf for collection builtins.
The collection builtins (Map, Set, WeakMap, WeakSet) are still written
in JavaScript and make heavy use of %_ClassOf, which is kind of
expensive compared to a simple instance type check. Change that to use
simple instance type checks instead.

R=jarin@chromium.org
BUG=v8:6261,v8:6278,v8:6344

Review-Url: https://codereview.chromium.org/2814773005
Cr-Commit-Position: refs/heads/master@{#45106}
2017-05-04 18:27:32 +00:00
gdeepti
82503e9ba3 [wasm] Avoid js-typed-lowering optimization for wasm Memory objects
If an ArrayBuffer is setup through the WebAssembly.Memory constructor, identify these with a flag and avoid optimizations in js-typed-lowering.cc. This is needed becasue buffers associated with memory objects can be grown/detached leading to crashes.

BUG=chromium:717194

Review-Url: https://codereview.chromium.org/2862763002
Cr-Commit-Position: refs/heads/master@{#45105}
2017-05-04 17:21:56 +00:00
bbudge
0cd0fa3b98 [WASM SIMD] Replace primitive shuffles with general Shuffle.
- Removes primitive shuffle opcodes.
- Adds Shuffle opcode for S32x4, S16x8, S8x16.
- Adds code to ARM instruction selector to pick best opcodes for some
  common shuffle patterns.

LOG=N
BUG=v8:6020

Review-Url: https://codereview.chromium.org/2847663005
Cr-Commit-Position: refs/heads/master@{#45104}
2017-05-04 16:50:51 +00:00
Ross McIlroy
ec619cbd89 [Interpreter] Transition JSFunctions to call optimized code when possible.
Now that the optimized code hangs off the feedback vector, it is possible
to check whether a function has optimized code available every time it's
called in the interpreter entry trampoline. If optimized code exists, the
interpreter entry trampoline 'self-heals' the closure to point to the
optimized code and links the closure into the optimized code list.

BUG=v8:6246

Change-Id: If1bd7c555bb0551bfe04b36baa6bcf949604717e
Reviewed-on: https://chromium-review.googlesource.com/488026
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45103}
2017-05-04 16:18:28 +00:00
Toon Verwaest
53e824d619 [ic] Don't crash if the global object leaks into the ICs
Bug: chromium:714580
Change-Id: I8969fb83c6c29eccb29fc1b4a9a35d7abb0ba0d6
Reviewed-on: https://chromium-review.googlesource.com/496148
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45102}
2017-05-04 16:13:28 +00:00
Michael Achenbach
27671d4373 Whitespace change to trigger bots
TBR=jochen@chromium.org

Change-Id: I0b4436c343a92a3f41d627e71a6fc16e7d6ad698
Reviewed-on: https://chromium-review.googlesource.com/496108
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45101}
2017-05-04 15:16:58 +00:00
Michael Achenbach
b329ea9544 [build] Add MB and CQ configs for new gcc debug bots
Keeping the CQ bot experimental for now. Will be converted to a regular bot in a follow up.

NOTRY=true
NOTREECHECKS=true
Bug: v8:6355

Change-Id: I094cc26c8fd89bc6fda761d6bfd848a5e3b6dcb5
Reviewed-on: https://chromium-review.googlesource.com/496186
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45100}
2017-05-04 15:03:13 +00:00
ulan
b0db0541ee [heap] Use shared markbits in the concurrent marker.
The concurrent marker now colors objects grey and black using
the atomic markbit operations.

The heap visitor is changed in two ways:
1) It iterates the map pointer of each object.
2) It guards object visitation with a predicate, which is overridden
in the concurrent marker with the result of GreyToBlack transition.

BUG=chromium:694255

Review-Url: https://codereview.chromium.org/2855003004
Cr-Commit-Position: refs/heads/master@{#45099}
2017-05-04 13:55:45 +00:00
Michael Starzinger
3a47312226 [asm.js] Remove deprecated --fast-validate-asm flag.
R=clemensh@chromium.org
BUG=v8:6127

Change-Id: I104bf807d3da6a9f269e4f729b254bc6a0d2f0df
Reviewed-on: https://chromium-review.googlesource.com/496206
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45098}
2017-05-04 13:52:39 +00:00
jkummerow
1f51f66f73 Fix FastAssign for self-assignment
Storing a data property on |target| can change |source|'s map
if |target| and |source| are the same object.

BUG=chromium:716520

Review-Url: https://codereview.chromium.org/2855133006
Cr-Commit-Position: refs/heads/master@{#45097}
2017-05-04 13:41:08 +00:00
Clemens Hammacher
6548f76c92 [build] Disable strict-overflow check on gcc
This flag generates false positives, since gcc inlines functions and
propagates constants, and then applies the check.

Drive-by: Refactor the checks that triggered the error to avoid
explicit casts.

R=jochen@chromium.org, machenbach@chromium.org
BUG=v8:6341

Change-Id: I86aebf402cbd2502ef17622a000a5bb777fd4b43
Reviewed-on: https://chromium-review.googlesource.com/494474
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45096}
2017-05-04 13:36:39 +00:00
ulan
00d1e2cf76 [heap] Prepare IncrementalMarking::VisitObject for concurrent marking.
Currently the VisitObject function iterates the object and then colors
it black. This does not work well with concurrent marking. The function
should instead first try to mark the object black and iterate its body
only if the color transition succeeds.

BUG=chromium:694255

Review-Url: https://codereview.chromium.org/2853323003
Cr-Commit-Position: refs/heads/master@{#45095}
2017-05-04 13:11:46 +00:00
mlippautz
2ec36b675e [heap] Report newly found wrappers after deserialization
These wrappers wouldn't be found by the marker otherwise and are only
reported upon the next marking step or GC which potentially is already
too late; the embedder could've reclaimed those objects already.

BUG=chromium:717480

Review-Url: https://codereview.chromium.org/2860753003
Cr-Commit-Position: refs/heads/master@{#45094}
2017-05-04 13:10:33 +00:00
Wiktor Garbacz
ca8b120f97 Fix runtime_call_stats for background parsing.
BUG=v8:6093

Change-Id: Ia14f6200adbe6c557f9b899e67f2d96bf76f3a44
Reviewed-on: https://chromium-review.googlesource.com/494590
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Wiktor Garbacz <wiktorg@google.com>
Cr-Commit-Position: refs/heads/master@{#45093}
2017-05-04 12:39:18 +00:00
dusan.simicic
0fad007a98 MIPS[64]: Support for some SIMD operations (5)
Add support for I32x4Neg, I32x4LtS, I32x4LeS, I32x4LtU, I32x4LeU, I16x8Splat,
I16x8ExtractLane, I16x8ReplaceLane, I16x8Neg, I16x8Shl, I16x8ShrS, I16x8ShrU,
I16x8Add, I16x8AddSaturateS, I16x8Sub, I16x8SubSaturateS for mips32 and mips64
architectures.

BUG=

Review-Url: https://codereview.chromium.org/2795143003
Cr-Commit-Position: refs/heads/master@{#45092}
2017-05-04 12:38:18 +00:00
ulan
1f2c3596e9 [heap] Use atomic marking operations in incremental marking if
concurrent marking is enabled.

This patch adds kAtomicity flag to IncrementalMarking that is set
depending on the concurrent marking compile time flag.

BUG=chromium:694255

Review-Url: https://codereview.chromium.org/2857743002
Cr-Commit-Position: refs/heads/master@{#45091}
2017-05-04 12:37:07 +00:00
bmeurer
5c433ec500 [turbofan] Extend Array.prototype.pop lowering to support FAST_DOUBLE_ELEMENTS.
So far the Array.prototype.pop lowering in the JSBuiltinReducer was
limited to (holey) fast or fast-smi elements. But it can be made to
work easily to also handle fast-double elements, so allow that as
well.

R=jarin@chromium.org
BUG=v8:5267,v8:6338

Review-Url: https://codereview.chromium.org/2861443006
Cr-Commit-Position: refs/heads/master@{#45090}
2017-05-04 12:35:58 +00:00
jarin
418926e010 Introduce a handlified version of source position iterator.
This enables allocation in Turbofan's graph building (which is useful for
taking code dependencies there).

BUG=v8:6357
R=bmeurer@chromium.org

Review-Url: https://codereview.chromium.org/2860843003
Cr-Commit-Position: refs/heads/master@{#45089}
2017-05-04 12:34:49 +00:00
littledan
f918404590 Revert of [regexp] Support unicode capture names in non-unicode patterns (patchset #3 id:40001 of https://codereview.chromium.org/2791163003/ )
Reason for revert:
The decision for the specification was to not have this syntax, and instead the syntax before this patch.

Original issue's description:
> [regexp] Support unicode capture names in non-unicode patterns
>
> This ensures that capture names containing surrogate pairs are parsed
> correctly even in non-unicode RegExp patterns by introducing a new
> scanning mode which unconditionally combines surrogate pairs.
>
> BUG=v8:5437,v8:6192
>
> Review-Url: https://codereview.chromium.org/2791163003
> Cr-Commit-Position: refs/heads/master@{#44466}
> Committed: a8651c5671

R=yangguo@chromium.org,jgruber@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=v8:5437,v8:6192

Review-Url: https://codereview.chromium.org/2859933003
Cr-Commit-Position: refs/heads/master@{#45088}
2017-05-04 12:33:38 +00:00
bmeurer
6b4e8c2114 [turbofan] Remove self-healing wrt. ChangeFloat64ToTagged.
Make sure that the input to ChangeFloat64ToTagged is definitely of type
Number, because the operator cannot deal with non-Number inputs.

R=jarin@chromium.org
BUG=v8:5267

Review-Url: https://codereview.chromium.org/2858153003
Cr-Commit-Position: refs/heads/master@{#45087}
2017-05-04 12:32:27 +00:00
Clemens Hammacher
d7b65d421e [wasm] Skip function validation during async decode
The functions are validated later during graph generation.

This change uncovered a memory leak, which is now also fixed.

R=ahaas@chromium.org

Change-Id: I0150817da131c5c611fe21b156da9d9d00d4827d
Reviewed-on: https://chromium-review.googlesource.com/490088
Reviewed-by: Andreas Rossberg <rossberg@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45086}
2017-05-04 12:32:18 +00:00
ulan
dd37366fb5 [heap] Make non-atomic markbit operations consistent with atomic ones.
Now non-atomic color transition operations return a boolean indicating
whether the transition succeeded or not.

This allows to replace color check and transition operations with a
single transition operation. For example:

if (IsWhite(object)) {
  WhiteToBlack(object);
  Foo();
}

becomes

if (WhiteToBlack(object)) {
  Foo();
}

BUG=chromium:694255

Review-Url: https://codereview.chromium.org/2857713002
Cr-Commit-Position: refs/heads/master@{#45085}
2017-05-04 11:44:15 +00:00
Ross McIlroy
662aa425ba Reland: [TypeFeedbackVector] Store optimized code in the vector
Since the feedback vector is itself a native context structure, why
not store optimized code for a function in there rather than in
a map from native context to code? This allows us to get rid of
the optimized code map in the SharedFunctionInfo, saving a pointer,
and making lookup of any optimized code quicker.

Original patch by Michael Stanton <mvstanton@chromium.org>

BUG=v8:6246
TBR=yangguo@chromium.org,ulan@chromium.org

Change-Id: Ic83e4011148164ef080c63215a0c77f1dfb7f327
Reviewed-on: https://chromium-review.googlesource.com/494487
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45084}
2017-05-04 11:21:59 +00:00
neis
24d7890151 [compiler][modules] Constant-fold loads of module cells.
1. Generalize context specialization such that the provided context
   can be any outer context of the function, not necessarily the
   immediate outer context.

2. Based on this: if function specialization is disabled, then
   specialize for the module context if there is one.

3. Extend typed lowering of module loads and stores such that if
   the operand is a Module constant, we constant-fold the cell load.
   That is, a JSLoadModule with a Module HeapConstant input becomes
   a LoadField with a Cell HeapConstant input, and similarly for
   JSStoreModule.

BUG=v8:1569

Review-Url: https://codereview.chromium.org/2841613002
Cr-Commit-Position: refs/heads/master@{#45083}
2017-05-04 11:09:19 +00:00