Commit Graph

43051 Commits

Author SHA1 Message Date
Clemens Hammacher
912cd31464 [wasm] Fix detection of unreachable code
The current Control::unreachable flag served two things at the same
time: It tracked whether the label of that block is reachable (anyone
jumps / falls through to there), and it tracked whether that block was
ended by an unconditional branch or something similar.

It turns out that these two things cannot be tracked with a single
boolean per control struct. This CL introduces a Merge::reached flag,
which tracks whether a merge point was reached so far.
Also, the boolean flag to track unreachability of instructions within a
block is extended to track implicitly unreachable instructions.
According to the spec, a new block inside of unreachable code must be
validated as reachable code again, and also code after a block which
never returns has to be validated. It's not needed to generate code for
such instructions, however.
This new state will be particularly needed for the baseline compiler.

A follow-up CL will avoid calling interface methods for unreachable
code.

R=titzer@chromium.org

Bug: v8:6600
Change-Id: I54c97a19121eace65e25c448639330d06f61b1c8
Reviewed-on: https://chromium-review.googlesource.com/715637
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Rossberg <rossberg@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48509}
2017-10-12 16:17:51 +00:00
Jakob Kummerow
dada4cff1f [bigint] Implement BigInt::LessThan
Bug: v8:6791
Change-Id: Ib807ac94dca646cddfe2eb5fafe18999cf0764a2
Reviewed-on: https://chromium-review.googlesource.com/714450
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48508}
2017-10-12 16:16:31 +00:00
Jakob Kummerow
4e6ea4b72a [bigint] Fix BigInt::AbsoluteAndNot
Contrary to other Absolute-bitwise operations, it is not symmetric.

Bug: v8:6791
Change-Id: Id0d57e3cf61177af0b77a3d9d4a4e17e5737ae11
Reviewed-on: https://chromium-review.googlesource.com/714301
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48507}
2017-10-12 16:11:11 +00:00
Leszek Swirski
b4deef6168 [turbofan] Add deopt reason to CheckIf
CheckIf is lowered to DeoptimizeIfNot, but there is no deoptimization
reason given in the deopt if that check fails (the reason is hardcoded
to "no reason"). These deopts are annoying to track down.

This patch makes CheckIf an operator with a DeoptimizeReason parameter,
which is passed through to the DeoptimizeIfNot when lowered.
A couple of checks are converted to give good deoptimize reasons (some
new reasons are introduced), and the others are defaulted to kNoReason
until someone else finds a use for them.

Change-Id: I7e910cc9579ccf978dfe9d270ba7b98c8f6c2492
Reviewed-on: https://chromium-review.googlesource.com/716479
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48506}
2017-10-12 16:07:11 +00:00
Daniel Ehrenberg
217de927fb [intl] Use null prototypes rather than object prototypes
The use of object literals comes with Object.prototype as the
prototype. Some of these were required by the specification, but
a change to the specification is proposed in
https://github.com/tc39/ecma402/pull/170 to eliminate this.
Some of them are unobservable, since Object.prototype is always
shadowed, and defineProperty is used rather than ordinary set.
However, just to be cautious, all object literals in
intl.js except the ones that need it (namely the result of
resolvedOptions()) are changed to a null prototype

Tests are in the test262 PR https://github.com/tc39/test262/pull/1220

Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I1f684615e60b523441baf31350d752585d8f96d1
Reviewed-on: https://chromium-review.googlesource.com/657839
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Daniel Ehrenberg <littledan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48505}
2017-10-12 14:41:51 +00:00
Michael Lippautz
e26cd87496 [heap] Add TSAN suppression for lock-order inversion in Scavenger
The Scavenger currently requires taking the lock for OLD->NEW processing
and can also take another lock for sweeping a different page.

Since order of pages during scavenge and sweep is unstable this may
result in lock order inversion reports on TSAN when long-running
programms are only executed on a single thread.

The report is a false positve, hence flag it as suppression until we
redesign this particular piece.

No-try: true
Bug: v8:6923
Change-Id: I82355be1c8d83ea61cc21152aeb10b58b1dc4b86
Reviewed-on: https://chromium-review.googlesource.com/716261
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48504}
2017-10-12 14:31:41 +00:00
Igor Sheludko
3384a793e0 [ic] Introduce proper slow stub for StoreGlobalIC.
Bug: chromium:768875
Change-Id: Ib5b324e90bea846e6cca419f81bf46bd293e83b4
Reviewed-on: https://chromium-review.googlesource.com/715802
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48503}
2017-10-12 14:07:41 +00:00
Michael Starzinger
efd7c5949b [turbofan] Use AllocationBuilder helper class everywhere.
This makes all inline allocation constructions go through the existing
{AllocationBuilder} helper class. It hence ensures there is a single
place for all sanity checking and and makes use-sites easier to read.

R=jarin@chromium.org

Change-Id: Ib5daf48acd93c631fccdfa095eda1afda7048115
Reviewed-on: https://chromium-review.googlesource.com/709056
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48502}
2017-10-12 13:54:12 +00:00
Michael Lippautz
debec01665 [heap] IncrementalMarking: Simplifiy MarkingWorklist handling
Bug: 
Change-Id: I0eb97474acaed7180bf90a47a9761df466d7e0a2
Reviewed-on: https://chromium-review.googlesource.com/716037
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48501}
2017-10-12 13:41:42 +00:00
Michael Achenbach
14456475bb [test] More printing to investigate hanging tests on mac
NOTRY=true
TBR=ulan@chromium.org

Change-Id: I497f5d0359d32e48cb1c54c958bc9897c168f025
Reviewed-on: https://chromium-review.googlesource.com/715900
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48500}
2017-10-12 13:09:04 +00:00
Michael Hablich
bc5d1c0989 Bump version to 6.4
TBR=machenbach@chromium.org
NOTRY=true

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I819f879e68743248a2d96b2aad20136a7841a69e
Reviewed-on: https://chromium-review.googlesource.com/715763
Commit-Queue: Michael Hablich <hablich@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Hablich <hablich@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48499}
2017-10-12 13:00:37 +00:00
Clemens Hammacher
ae194db8b5 [wasm] [decoder] Extend interface methods
A minor refactoring of the decoder interface, which makes implementing
the baseline compiler easier.

R=titzer@chromium.org

Bug: v8:6600
Change-Id: Ia5ae66e0e036329767b6e4f1cfcd3ed6a5e4cb74
Reviewed-on: https://chromium-review.googlesource.com/715636
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48498}
2017-10-12 11:20:09 +00:00
Georg Neis
aabffe0b7b [bigint] Adapt Object::TypeOf.
R=jkummerow@chromium.org

Bug: v8:6791
Change-Id: I6ebd14d39666e8ebe8af42f6dfe579e3fd375754
Reviewed-on: https://chromium-review.googlesource.com/711843
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48497}
2017-10-12 11:16:20 +00:00
Michael Starzinger
419578ac4e [deoptimizer] Unify deoptimizer continuation builtins.
This switches all deoptimization events to go through use one single
continuation builtin (i.e. {Builtins::kNotifyDeoptimized}) instead of
handling builtin continuation specially. Fewer moving pieces.

R=jarin@chromium.org

Change-Id: Ic8a2316fa2f5c8717b4d50d1a619b87a38011564
Reviewed-on: https://chromium-review.googlesource.com/712156
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48496}
2017-10-12 11:11:09 +00:00
Maya Lekova
b5acda73ff Reland "Add fast path to ObjectGetOwnPropertyDescriptor"
Bug: v8:6557
Change-Id: I01f065b74e3c568e577a3ee2caca68f24293c1cb
Reviewed-on: https://chromium-review.googlesource.com/686763
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48495}
2017-10-12 10:52:18 +00:00
Clemens Hammacher
b934061998 [wasm] [decoder] Handle degenerate br_table correctly
The degenerate br_table case should be handled specially only in the
graph building consumer. There it is necessary for avoiding the
construction of a degenerate Switch node, which would cause a DCHECK
error in instruction selection.
For other backends, like the baseline compiler, we should handle it as
a br_table, because the signature is different to a br.

Drive-by: Fix redundant validation.

R=titzer@chromium.org

Bug: v8:6600
Change-Id: Ia430b6d251eb1323848977388ed95a112f8c76f7
Reviewed-on: https://chromium-review.googlesource.com/715616
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48494}
2017-10-12 10:45:49 +00:00
Michael Starzinger
93f855cc57 [turbofan] Fix type of inline cons-string allocation.
This propagates the existing type of a {JSAdd} node back to the newly
created {Allocate} node. There are cases where said type is {None}.

R=jarin@chromium.org
TEST=mjsunit/regress/regress-crbug-772720
BUG=chromium:772720

Change-Id: Iab18d2108a789b51db4e405f7f335c5c0ca6f686
Reviewed-on: https://chromium-review.googlesource.com/708796
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48493}
2017-10-12 10:02:29 +00:00
Igor Sheludko
5ea95febb0 [ic] Do access checks when storing via JSGlobalProxy.
Bug: chromium:764219
Change-Id: I99d1192c5c0f2b8bf47e0f193a0c4d9c00477466
Reviewed-on: https://chromium-review.googlesource.com/712454
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48492}
2017-10-12 09:10:55 +00:00
Pierre Langlois
d5b29f43de [arm] Support splitting add with immediate instructions
When an immediate does not fit an add instruction we use a temporary register to
hold the value, using movw/movt to encode it. However, in order to remove a use
of r9 in TurboFan's code generator, we need to cope with no scratch registers
being available. That is to say that the destination and source registers are
the same, and `ip` is not available to use.

In this case, we can split an add instruction into a sequence of additions:
```
UseScratchRegisterScope temps(...);
Register my_scratch = temps.Acquire();
__ add(r0, r0, Operand(0xabcd); // add r0, r0, #0xcd
                                // add r0, r0, #0xab00
```

As a drive-by fix, make the disassembler test fail if we expected a different
number of instructions generated.

Bug: v8:6553
Change-Id: Ib7fcc765d28bccafe39257f47cd73f922c5873bf
Reviewed-on: https://chromium-review.googlesource.com/685014
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#48491}
2017-10-12 08:06:35 +00:00
Clemens Hammacher
a0cde81112 [wasm] [decoder] Fix incorrect use of VALIDATE macro
The VALIDATE macro should only be used for tests that do not have any
side effect, because the side effect will only be executed if
validation is active or in debug builds (because the condition is
DCHECKed there).
The TypeCheckBreak method has side effects since a while, since it
inserts unreachable values on the stack.
This did not lead to failures so far, since we only have validating
users of the WasmFullDecoder. This will change once we have general
lazy compilation of wasm modules, e.g. for tier-up.

R=titzer@chromium.org

Change-Id: I7b34dfd9297122616fa9ebdf899d9f44ca60273b
Reviewed-on: https://chromium-review.googlesource.com/715416
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48490}
2017-10-12 08:04:37 +00:00
Clemens Hammacher
ab15efa392 [iwyu] Add missing includes
R=titzer@chromium.org

Change-Id: I26261e16a9db2b4b9622b1d4a3eab959fa24b7e3
Reviewed-on: https://chromium-review.googlesource.com/713496
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48489}
2017-10-12 07:29:25 +00:00
Georg Neis
28b2753e62 [bigint] Adapt Object::BooleanValue().
R=jkummerow@chromium.org

Bug: v8:6791
Change-Id: Id050eb583af2977e27a91f6ff9ab82c72df0ca2e
Reviewed-on: https://chromium-review.googlesource.com/711849
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48488}
2017-10-12 07:21:48 +00:00
Georg Neis
8de78e690b [bigint] Adapt CodeStubAssembler::BranchIfSameValue.
R=jkummerow@chromium.org

Bug: v8:6791
Change-Id: Id499a47cbb545c7ba4bffd1c1935846be6025b5e
Reviewed-on: https://chromium-review.googlesource.com/712255
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48487}
2017-10-12 07:19:35 +00:00
Georg Neis
126b2bd281 [bigint] Adapt Object::SameValueZero.
Also add tests for Object::SameValue.

R=jkummerow@chromium.org

Bug: v8:6791
Change-Id: I0611044dcfee4c6ba836629cf82d1589135e4ab0
Reviewed-on: https://chromium-review.googlesource.com/712034
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48486}
2017-10-12 07:15:15 +00:00
Georg Neis
a80e5c5b62 [bigint] Adapt Object::StrictEquals.
R=jkummerow@chromium.org

Bug: v8:6791
Change-Id: I7e99a8aa2aa65e78a8d4288f496d496600063bfe
Reviewed-on: https://chromium-review.googlesource.com/712534
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48485}
2017-10-12 07:13:06 +00:00
Ulan Degenbaev
bfd10baf7f [heap] Remove dead code related to idle finalization rounds.
Bug: 
Change-Id: I9e4b2e1157f36dacb24f7a0d0c43d31c84de8488
Reviewed-on: https://chromium-review.googlesource.com/712397
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48484}
2017-10-12 07:11:05 +00:00
Jungshik Shin
69bd294aff Correct the misuse of uloc_{to,from}LanguageTag
- remove unused Runtime_GetLanguageTagVariants
- add test for another related bug (chromium:770452) as well as for 
chromium:770450 . 

Bug: chromium:770450, chromium:770452
Test: intl/general/invalid-locale.js
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I4496a4a5421000faa0e37aed85fea21ceb487998
Reviewed-on: https://chromium-review.googlesource.com/710816
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Jungshik Shin <jshin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48483}
2017-10-12 06:33:35 +00:00
Benedikt Meurer
e29fd74c08 Revert "Reland^3 "[turbofan] eagerly prune None types and deadness from the graph""
This reverts commit 4cf476458f.

Reason for revert: Broken effect chains detected by Clusterfuzz. Playing it safe for the 63 branch.

Original change's description:
> Reland^3 "[turbofan] eagerly prune None types and deadness from the graph"
> 
> This fixes the issues 
> https://bugs.chromium.org/p/chromium/issues/detail?id=772873 
> and https://bugs.chromium.org/p/chromium/issues/detail?id=772872.
> 
> One problem was that mutating an effect node into Unreachable confused 
> the LoadElimination sidetables, so I just always create a new node now.
> 
> The other problem was that UpdateBlockControl() was executed after 
> UpdateEffectPhi() in the lazy case. This reverted the update to the Merge input.
> So now I make sure that UpdateEffectPhi() is always executed last.
> 
> This is a reland of 6ddb5e7da7
> Original change's description:
> > Reland^2 "[turbofan] eagerly prune None types and deadness from the graph"
> > 
> > Now, the EffectControlLinearizer connects all occurrences of Unreachable to the 
> > graph end. This fixes issues with later phases running DeadCodeElimination and
> > introducing new DeadValue nodes when processing uses of Unreachable.
> > 
> > This is a reland of 3c4bc27f13
> > Original change's description:
> > > Reland "[turbofan] eagerly prune None types and deadness from the graph"
> > > 
> > > This is a reland of e1cdda2512
> > > Original change's description:
> > > > [turbofan] eagerly prune None types and deadness from the graph
> > > > 
> > > > In addition to using the {Dead} node to prune dead control nodes and nodes that 
> > > > depend on them, we introduce a {DeadValue} node representing an impossible value 
> > > > that can occur at any position in the graph. The extended {DeadCodeElimination}
> > > > prunes {DeadValue} and its uses, inserting a crashing {Unreachable} node into
> > > > the effect chain when possible. The remaining uses of {DeadValue} are handled
> > > > in {EffectControlLinearizer}, where we always have access to the effect chain.
> > > > In addition to explicitly introduced {DeadValue} nodes, we consider any value use
> > > > of a node with type {None} as dead.
> > > > 
> > > > Bug: chromium:741225
> > > > Change-Id: Icc4b636d1d018c452ba1a2fa7cd3e00e522f1655
> > > > Reviewed-on: https://chromium-review.googlesource.com/641250
> > > > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > > > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > > > Cr-Commit-Position: refs/heads/master@{#48208}
> > > 
> > > Bug: chromium:741225
> > > Change-Id: I21316913dae02864f7a6d7c9269405a79f054138
> > > Reviewed-on: https://chromium-review.googlesource.com/692034
> > > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > > Cr-Commit-Position: refs/heads/master@{#48232}
> > 
> > Bug: chromium:741225
> > Change-Id: I5702ec34856c075717162153adc765774453c45f
> > Reviewed-on: https://chromium-review.googlesource.com/702264
> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#48366}
> 
> Bug: chromium:741225
> Change-Id: I4054a694d2521c2e1f0c4a3ad0f3cf100b5c536f
> Reviewed-on: https://chromium-review.googlesource.com/709214
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48469}

TBR=jarin@chromium.org,tebbi@chromium.org

Change-Id: Icf6a6af4feaafd4bde28cb7b996735ff91bb3810
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:741225
Reviewed-on: https://chromium-review.googlesource.com/715096
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48482}
2017-10-12 05:22:05 +00:00
v8-autoroll
840e92c5dd Update V8 DEPS.
Rolling v8/build: adaf9e5..ddb142b

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/a48a6af..072921b

Rolling v8/third_party/icu: 08cb956..21d33b1

Rolling v8/tools/clang: b3169f9..0c09c7a

Rolling v8/tools/luci-go: 9f54aa9..45a8a51

TBR=machenbach@chromium.org,hablich@chromium.org

Change-Id: I7796e40539570a9eca5dbca27d4cb69dbe62e5b3
Reviewed-on: https://chromium-review.googlesource.com/714698
Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48481}
2017-10-12 03:49:04 +00:00
Jaroslav Sevcik
a803fad068 Make sure the identity hash is uniform (at least in the lower bits).
In the current implementation of hash code for objects (identity hash),
we do not bother to shift the hash when we retrieve it from the 
hash-length bitfield in a property array. (Even worse, we store shifted
value even if we do not have property array or inside dictionaries.)
That means that the hash-code for objects is always divisible by 1024.
Since our hash table uses a simple masking with (2^logsize - 1) to 
obtain the bucket, we get terrible hash collisions - essentially, our
hash table degenerates to a linked list for fewer than 1024 elements.

This CL always shifts the hash code so that the value in the lowest 
21 bits is uniformly distributed.

This results in big improvements on medium to large hash tables.
A program storing 1M elements into a WeakMap gets roughly
17x faster.  A program retrieving 1M elements from a Map 
improves even more dramatically (>100x).

const a = [];
for (let i = 0; i < 1e6; i++) a[i] = {};

const m = new Map();
console.time("Map.set");
for (let i = 0; i < 1e6; i++) {
  m.set(a[i], i);
}
console.timeEnd("Map.set");

console.time("Map.get");
let s = 0;
for (let i = 0; i < 1e6; i++) {
  s += m.get(a[i]);
}
console.timeEnd("Map.get");

const w = new WeakMap();
console.time("WeakMap.set");
for (let i = 0; i < 1e6; i++) {
  w.set(a[i], i);
}
console.timeEnd("WeakMap.set");

Before the fix:

Map.set: 157.575000
Map.get: 28333.182000
WeakMap.set: 6923.826000

After the fix:

Map.set: 178.382000
Map.get: 185.930000
WeakMap.set: 409.529000

Note that Map does not suffer from the hash collision on insertion because
it uses chaining (insertion into linked list is fast regardless of size!), and
we cleverly avoid lookup in the hash table on update if the key does not have 
identity hash yet. This is in contrast to the WeakMap, which uses 
open-addressing, and deals with collisions on insertion.

Bug: v8:6916
Change-Id: Ic5497bd4501e3b767b3f4acb7efb4784cbb3a2e4
Reviewed-on: https://chromium-review.googlesource.com/713616
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48480}
2017-10-12 03:47:56 +00:00
Jakob Kummerow
e34debaf2b [bigint] Support BigInts in -,~,++,-- unary ops
and add the implementations for BitwiseNot, Increment, Decrement.
This CL teaches the respective bytecode handlers about BigInts,
and collects kBigInt type feedback for them (which TF discards
for now, substituting "any").

Bug: v8:6791
Change-Id: I4e802b301b9702d8270bda400edd7e885e6b11b9
Reviewed-on: https://chromium-review.googlesource.com/706101
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48479}
2017-10-12 01:40:33 +00:00
Jungshik Shin
28ef8dc700 Revert "Enable icu-timezone-data by default"
This reverts commit d9a25842d3.

Reason for revert: 

I'm reverting this CL for a few reasons. #2 is the most significant and I should have thought of that before making a switch. Sorry for that.   

1) perf-regression: http://crbug.com/769706
2) http://crbug.com/612010 : ICU timezone update is not propagated to zygote process so that new tabs will hold on to an old timezone even after a timezone change on Linux and Chrome OS. 
3) http://crbug.com/754053 : OS timezone detection issues on macOS 10.13, Ubutu 16, RHEL 7, SuSe Linux 12 or newer. ; it's being fixed. So, it actually ok.  
4) http://crbug.com/771868 : timezone wrong in gmail: If it's due to #3, we're fine because it's fixed. If not, we need to look more.

Original change's description:
> Enable icu-timezone-data by default
> 
> This will introduce a new behavior on POSIX(-like) platforms. Timezone
> names inside parentheses after GMT offset will not be 3-4 letter
> abbreviation any longer. They'll be human-readable names in the current
> default locale. This matches the current Windows behavior.
> 
> new Date(2017, 5, 22).toString()
> new Date(2017, 11, 22).toString()
> 
> Current:
> 
> Thu Jun 22 2017 00:00:00 GMT-0700 (PDT)
> Fri Dec 22 2017 00:00:00 GMT-0800 (PST)
> 
> New in en-US locale:
> 
> Thu Jun 22 2017 00:00:00 GMT-0700 (Pacific Daylight Time)
> Fri Dec 22 2017 00:00:00 GMT-0800 (Pacific Standard Time)
> 
> New in German locale:
> 
> Thu Jun 22 2017 00:00:00 GMT-0700 (Nordamerikanische Westküsten-Sommerzeit)
> Fri Dec 22 2017 00:00:00 GMT-0800 (Nordamerikanische Westküsten-Normalzeit)
> 
> BUG=v8:6031, v8:2137, v8:6076
> TEST=mjsunit/icu-date-lord-howe.js, mjsunit/icu-date-to-string.js
> 
> Change-Id: I4e7fd8b3ddae5c7779e220c4c101e45904fcdc01
> Reviewed-on: https://chromium-review.googlesource.com/625164
> Commit-Queue: Jungshik Shin <jshin@chromium.org>
> Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47953}

TBR=adamk@chromium.org,littledan@chromium.org,jshin@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:6031, v8:2137, v8:6076, chromium:769706, chromium:612010, chromium:771868
Change-Id: I60d75467ee21975d3a235344b01c0d2d44a7da96
Reviewed-on: https://chromium-review.googlesource.com/713404
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Jungshik Shin <jshin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48478}
2017-10-11 23:21:37 +00:00
Alexey Kozyatinskiy
744b49ef0d Roll third_party/inspector_protocol to 8cb7a4f50ff7d5b1b7f2e5df0542dc577c88bdc3
This roll includes:
- [inspector_protocol] fixed compatibility with latest jinja 2.9.6
- [inspector_protocol] removed unused variable
- Follow up on alph's review comments.
- Provide default escape implementation for latin and wide strings.
- Allow escaping utf8 strings in embedders that operate std::string.
- Upload inspector_protocol changes to Gerrit by default
- [inspector_protocol] Fix building with non-ASCII paths
- [inspector_protocol] added StringUtil::toDouble method as requirement
- Add const char* overloads to ErrorSupport

BUG=chromium:743313
R=dgozman@chromium.org

Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ic81a62c638bf592ae65c84055d53d926e50715ac
Reviewed-on: https://chromium-review.googlesource.com/713538
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48477}
2017-10-11 22:52:17 +00:00
John Barboza
a445b97cfd PPC/s390: Delete ObjectTriple and support code
Port fc41315820

Original Commit Message:

    ObjectTriple isn't used since f1ec44e2f5. Delete
    it, and simplify CEntryStub on all backends.

R=martyn.capewell@arm.com, joransiu@ca.ibm.com, jyan@ca.ibm.com, bjaideep@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: I4897783bb848e016d93731585e6891033fa4d4cf
Reviewed-on: https://chromium-review.googlesource.com/714022
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#48476}
2017-10-11 21:28:56 +00:00
Aseem Garg
9fdb8c8255 [wasm] Add uma stat for wasm lazy throughput
This CL adds an uma stat to track the throughput
of lazy compilation for wasm functions in KB/s.

BUG=chromium:770618
R=kschimpf@chromium.org,bradnelson@chromium.org,isherman@chromium.org

Change-Id: Iad06cfb1f185f7e2ab6b0198282c03c3d8f29e2e
Reviewed-on: https://chromium-review.googlesource.com/706276
Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48475}
2017-10-11 21:00:22 +00:00
Eric Holk (eholk)
1117da834c Reland "Reland "[wasm] trap handlers: fall back on old signal handler""
This is a reland of cc237d872b
Original change's description:
> Reland "[wasm] trap handlers: fall back on old signal handler"
> 
> This is a reland of ee4fe8963c
> Original change's description:
> > [wasm] trap handlers: fall back on old signal handler
> > 
> > This is primarily needed to test D8 under ASan. ASan installs a signal handler
> > early in the process startup to show stack traces from crashes. We need to make
> > sure that if V8 does not handle a signal then the existing handler gets a
> > chance.
> > 
> > This change only applies when using V8's default signal handler. When
> > integrating with the embedder's signal handler the behavior is unchanged.
> > 
> > Bug: chromium:771948
> > Change-Id: Ifd560acf9700ec5f714f009530258fa92c83cabe
> > Reviewed-on: https://chromium-review.googlesource.com/705823
> > Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> > Commit-Queue: Eric Holk <eholk@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#48429}
> 
> Bug: chromium:771948
> Change-Id: Ide307091c432fd933c48f89c51851b8dce44dd30
> Reviewed-on: https://chromium-review.googlesource.com/710114
> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> Commit-Queue: Eric Holk <eholk@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48435}

Bug: chromium:771948
Change-Id: I781dfe356a728760090b6ccfa58212096e8f20c8
Reviewed-on: https://chromium-review.googlesource.com/713956
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48474}
2017-10-11 20:49:45 +00:00
John Barboza
61a23faa52 PPC/s390: [arm64] Pair some pushes and delete unused code
Port 193dcf7693

Original Commit Message:

    Pair some stack ops so that they deal with an even numbers of registers, add
    padding around profile entry calls, and delete some unused macro assembler code.

R=martyn.capewell@arm.com, joransiu@ca.ibm.com, jyan@ca.ibm.com, bjaideep@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: I017ccc699839b04bc7295d00c45e315f7cf074c1
Reviewed-on: https://chromium-review.googlesource.com/713996
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#48473}
2017-10-11 20:22:14 +00:00
Wez
d567f413c7 Disable querying of CPU info under ARM64.
There are currently no decisions based on the CPU implementor, variant
or part values for ARM64, and the code to fetch those values was not
compatible with Fuchsia/ARM64.

Bug: chromium:772031
Change-Id: I2305fc7a97d8c0a24bb0ad115447665976e5814a
Reviewed-on: https://chromium-review.googlesource.com/706642
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Rodolph Perfetta <rodolph.perfetta@arm.com>
Commit-Queue: Wez <wez@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48472}
2017-10-11 18:55:53 +00:00
Jakob Kummerow
1560988249 [bigint] Support BigInts in <<,>>,>>>,&,|,^ binary ops
This CL teaches the respective bytecode handlers and standalone
stubs about BigInts, and collects "kBigInt" type feedback for them.
Just like for other binary ops, that feedback is converted to "any"
for TurboFan for now.

Bug: v8:6791
Change-Id: I0709cc77dc248dad506207c7b35b63c80b1ef96a
Reviewed-on: https://chromium-review.googlesource.com/699424
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48471}
2017-10-11 17:36:53 +00:00
Leszek Swirski
6576495f3a [ignition] Fix AST printing to print eager inner literals
AST printing was printing the literal of the ParseInfo, which is the
current function being parsed. However, for eager compilation of inner
literals, this may not be the function being compiled, which is in the
CompilationInfo.

So, for --print-ast, we have to get the FunctionLiteral from
CompilationInfo.

Bug: chromium:771653
Change-Id: I2088e1f1f7b8a3d664aae65cab699a641e5fd302
Reviewed-on: https://chromium-review.googlesource.com/712354
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48470}
2017-10-11 16:24:05 +00:00
Tobias Tebbi
4cf476458f Reland^3 "[turbofan] eagerly prune None types and deadness from the graph"
This fixes the issues 
https://bugs.chromium.org/p/chromium/issues/detail?id=772873 
and https://bugs.chromium.org/p/chromium/issues/detail?id=772872.

One problem was that mutating an effect node into Unreachable confused 
the LoadElimination sidetables, so I just always create a new node now.

The other problem was that UpdateBlockControl() was executed after 
UpdateEffectPhi() in the lazy case. This reverted the update to the Merge input.
So now I make sure that UpdateEffectPhi() is always executed last.

This is a reland of 6ddb5e7da7
Original change's description:
> Reland^2 "[turbofan] eagerly prune None types and deadness from the graph"
> 
> Now, the EffectControlLinearizer connects all occurrences of Unreachable to the 
> graph end. This fixes issues with later phases running DeadCodeElimination and
> introducing new DeadValue nodes when processing uses of Unreachable.
> 
> This is a reland of 3c4bc27f13
> Original change's description:
> > Reland "[turbofan] eagerly prune None types and deadness from the graph"
> > 
> > This is a reland of e1cdda2512
> > Original change's description:
> > > [turbofan] eagerly prune None types and deadness from the graph
> > > 
> > > In addition to using the {Dead} node to prune dead control nodes and nodes that 
> > > depend on them, we introduce a {DeadValue} node representing an impossible value 
> > > that can occur at any position in the graph. The extended {DeadCodeElimination}
> > > prunes {DeadValue} and its uses, inserting a crashing {Unreachable} node into
> > > the effect chain when possible. The remaining uses of {DeadValue} are handled
> > > in {EffectControlLinearizer}, where we always have access to the effect chain.
> > > In addition to explicitly introduced {DeadValue} nodes, we consider any value use
> > > of a node with type {None} as dead.
> > > 
> > > Bug: chromium:741225
> > > Change-Id: Icc4b636d1d018c452ba1a2fa7cd3e00e522f1655
> > > Reviewed-on: https://chromium-review.googlesource.com/641250
> > > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > > Cr-Commit-Position: refs/heads/master@{#48208}
> > 
> > Bug: chromium:741225
> > Change-Id: I21316913dae02864f7a6d7c9269405a79f054138
> > Reviewed-on: https://chromium-review.googlesource.com/692034
> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#48232}
> 
> Bug: chromium:741225
> Change-Id: I5702ec34856c075717162153adc765774453c45f
> Reviewed-on: https://chromium-review.googlesource.com/702264
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48366}

Bug: chromium:741225
Change-Id: I4054a694d2521c2e1f0c4a3ad0f3cf100b5c536f
Reviewed-on: https://chromium-review.googlesource.com/709214
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48469}
2017-10-11 16:23:00 +00:00
Jan Krems
1c5529993d Reland "[modules] Implement import.meta proposal"
This is a reland of ed6f00fb8e
Original change's description:
> [modules] Implement import.meta proposal
> 
> Rewrites references to import.meta to a new GetImportMetaObject runtime
> call. Embedders can define a callback for creating the meta object using
> v8::Isolate::SetHostGetImportMetaObjectCallback. If no callback has been
> provided, an empty object with null prototype is created.
> 
> This adds an example implementation to d8 that sets meta.url.
> 
> Bug: v8:6693
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: I6871eec79da45bba81bbbc84b1ffff48534c368d
> Reviewed-on: https://chromium-review.googlesource.com/707902
> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48433}

TBR=adamk@chromium.org

Bug: v8:6693
Change-Id: Ie2d746ad996a56ed6ff50b832f320fe44e02f231
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/712834
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48468}
2017-10-11 15:37:10 +00:00
Michael Achenbach
14bfa18b45 [test] Remove deprecated test-download feature
Bug: v8:6917
Change-Id: I3889cd0d059c3473a7b83eb298734a7a6a8a1de5
Reviewed-on: https://chromium-review.googlesource.com/712175
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48467}
2017-10-11 15:18:19 +00:00
Eric Holk
83103bce13 Revert "Track committed array buffer size rather than allocation length"
This reverts commit b0ced92695.

Reason for revert: Build breakage - https://build.chromium.org/p/client.v8/builders/V8%20Linux/builds/20832

Original change's description:
> Track committed array buffer size rather than allocation length
> 
> WebAssembly creates ArrayBuffers with large allocations where only a small
> amount is committed. The uncommitted address space should not be counted as used
> memory. Doing so can lead to the GC spending unnecessary time collecting memory
> when there is not really pressure.
> 
> Bug: 
> Change-Id: Ife7b84e9858e87faabc360a61f887b2fda6d99db
> Reviewed-on: https://chromium-review.googlesource.com/710227
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Eric Holk <eholk@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48462}

TBR=mlippautz@chromium.org,eholk@chromium.org

Change-Id: Ib7b28a7bbc8ffc11e0bf8c4bb16b2da61cbdbd5f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/712835
Reviewed-by: Eric Holk <eholk@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48466}
2017-10-11 15:16:12 +00:00
Georgia Kouveli
a63f045c3e [arm64] Update BuiltinContinuation frames for jssp alignment.
Adds some necessary padding to ensure the frame is 16-byte aligned.
We don't yet consider the bailout state, which will be handled separately.

This patch also improves the code generated for ContinueTo*Builtin* stubs.

Finally, it adds a test that checks the return value for Array.map in
the case where a LAZY deopt results in a topmost builtin continuation
frame - this is easy to break if the padding for the result is done
incorrectly in NotifyBuiltinContinuation, but was not detected by existing
tests.

Bug: v8:6644
Change-Id: Id1a294950cdf535e2bfdb0ed27c67f077ec34f8a
Reviewed-on: https://chromium-review.googlesource.com/704835
Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48465}
2017-10-11 15:05:20 +00:00
Clemens Hammacher
a7abde7cad [wasm] [trap-handler] Report correct code size
Instead of using the size of the whole code object, just use the size
of the instructions, because only there faults can happen.

R=eholk@chromium.org

Bug: v8:5277
Change-Id: Ia5768891ec3c1ee5ad8affc9486e044d79e23146
Reviewed-on: https://chromium-review.googlesource.com/712536
Reviewed-by: Eric Holk <eholk@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48464}
2017-10-11 15:01:39 +00:00
Andreas Rossberg
5d3dfc855d [wasm] [multival] Reland: Allow function types as block types
Only change over original: Init sig_index to 0 at
function-body-decoder-impl.h:168, to make MSAN happy on error path.

R=titzer@chromium.org

Change-Id: I9ac17215360523b656b10d2466201001b65992c0
Reviewed-on: https://chromium-review.googlesource.com/712655
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Rossberg <rossberg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48463}
2017-10-11 14:59:49 +00:00
Eric Holk
b0ced92695 Track committed array buffer size rather than allocation length
WebAssembly creates ArrayBuffers with large allocations where only a small
amount is committed. The uncommitted address space should not be counted as used
memory. Doing so can lead to the GC spending unnecessary time collecting memory
when there is not really pressure.

Bug: 
Change-Id: Ife7b84e9858e87faabc360a61f887b2fda6d99db
Reviewed-on: https://chromium-review.googlesource.com/710227
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48462}
2017-10-11 14:50:42 +00:00
Michael Achenbach
1a4d84f447 [build] Check out instrumented libraries via gclient flag
Prepared by:
https://chromium-review.googlesource.com/c/chromium/tools/build/+/712036

Bug: chromium:772804
Change-Id: Ib6ace7510962e5f00008c2f2c5f87f339363d995
Reviewed-on: https://chromium-review.googlesource.com/708258
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48461}
2017-10-11 14:46:45 +00:00
Michael Achenbach
b269c14616 [test] Temporary output for investigation
Currently it's hard to reason about the hung tests on worker processes.
This adds simple output when we're trying to kill a hung process.

Change-Id: Iae5e14dac70a8149c074043dd00cbf10e4d5f3de
Reviewed-on: https://chromium-review.googlesource.com/712455
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48460}
2017-10-11 14:27:19 +00:00