Commit Graph

43051 Commits

Author SHA1 Message Date
Jan Krems
8e60857093 Parsing import.meta expression
Rewrites import.meta expressions into null literals. Builds on top
of- and requires dynamic import parsing to simplify the implementation.

Adds a new --harmony-import-meta flag.

BUG=v8:6693

Change-Id: Iadb7ddf6bad8986bf3ad641dbd3826fe730b5f44
Reviewed-on: https://chromium-review.googlesource.com/702678
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48359}
2017-10-09 02:47:31 +00:00
v8-autoroll
a0887ed221 Update V8 DEPS.
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/dbe4475..0564bf2

TBR=machenbach@chromium.org,hablich@chromium.org

Change-Id: I937456820429b30e50222fc4d5e15784894f8abd
Reviewed-on: https://chromium-review.googlesource.com/706822
Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48358}
2017-10-08 03:55:28 +00:00
Alexey Kozyatinskiy
8319882972 [inspector] provisional breakpoints for anonymous script
Use case: anonymous script with sourceMappingUrl. User can set
breakpoint in source with sourceUrl from sourceMap, we persist this
breakpoint in DevTools and on page reload breakpoint should be restored
correctly.

Debugger.setBreakpointByUrl method provides capabilities to set
provisional breakpoints and looks like best candidate for new "scriptHash"
argument.

I considered other options such as replacing scriptId with something
more persistent like "script-hash:script-with-this-hash-number" but it
looks more complicated and doesn't provide clear advantages.

One pager: http://bit.ly/2wkRHnt

R=pfeldman@chromium.org

Bug: chromium:459499
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I0e2833fceffe6b04afac01d1a4522d6874b6067a
Reviewed-on: https://chromium-review.googlesource.com/683597
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48357}
2017-10-07 19:08:35 +00:00
v8-autoroll
6dd1479db3 Update V8 DEPS.
Rolling v8/base/trace_event/common: 65d1d42..abcc415

Rolling v8/build: 7311b74..58ec823

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/672cabd..dbe4475

Rolling v8/tools/clang: 66be66d..b3169f9

TBR=machenbach@chromium.org,hablich@chromium.org

Change-Id: I3c89ada442f532238f43eb0efa544b99005d3162
Reviewed-on: https://chromium-review.googlesource.com/706655
Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48356}
2017-10-07 03:52:31 +00:00
Alexey Kozyatinskiy
8b1399fa94 [inspector] split DebuggerAgent::breakpointsCookie
This split is required for adding scriptHash argument.

R=dgozman@chromium.org
TBR=machenbach@chromium.org

Bug: chromium:459499
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I0266cd22be4053829af47ba445e0ddfb6b726e71
Reviewed-on: https://chromium-review.googlesource.com/703863
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48355}
2017-10-06 22:01:16 +00:00
Aseem Garg
2e62c5e916 [wasm] Add uma stat for asm.js to wasm throuput
BUG=chromium:770618
R=kschimpf@chromium.org,bradnelson@chromium.org,isherman@chromium.org

Change-Id: I33400fb277fff1e92a38753084c518f002685407
Reviewed-on: https://chromium-review.googlesource.com/704228
Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48354}
2017-10-06 21:17:47 +00:00
Aseem Garg
70e76dae09 [wasm] Add uma stat for asm.js module size
BUG=chromium:770618
R=kschimpf@chromium.org,bradnelson@chromium.org,isherman@chromium.org

Change-Id: I953c9e7b58de0ca9ac05a9f5f64f139fcf7dd1a7
Reviewed-on: https://chromium-review.googlesource.com/703890
Reviewed-by: Aseem Garg <aseemgarg@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Commit-Queue: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48353}
2017-10-06 20:12:27 +00:00
Benedikt Meurer
d9057b55d8 [turbofan] Lower FastNew*Elements operators to inline allocations.
Further optimize the

  new Array(n)

expressions by also inlining the backing store allocation into TurboFan
optimized code. Currently these backing store allocations cannot be
eliminated by escape analysis and can also not be optimized further by
the memory optimizer (i.e. no allocation folding and not write barrier
elimination) yet, but this can be done in follow-up CLs.

This yields another ~5% improvement on the ARES6 ML benchmark (steady
state).

Drive-by-fix: Add support for loops to the GraphAssembler. This was
necessary to implement the initialization loops in for the backing
store allocations in the EffectControlLinearizer.

Bug: v8:6399, v8:6901
Change-Id: I759d6802db01eb797e78c7d82d82caaee3463e16
Reviewed-on: https://chromium-review.googlesource.com/705934
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48352}
2017-10-06 20:01:16 +00:00
Jakob Kummerow
6e84621c4e [bigint] Optimize digit_div with inline asm on ia32 and x64
The twodigit_t code path emitted a library call rather than
a hardware "div" instruction. This is because compilers are
playing it safe: "div" can overflow when the divisor is too
small. Our algorithm carefully avoids this though, so using
the hardware "div" instruction is safe.

This speeds up a microbenchmark by almost 50%.

Bug: v8:6791
Change-Id: I35a73f8acdaca24f18327fbdaf7f53c4fd450c40
Reviewed-on: https://chromium-review.googlesource.com/686002
Reviewed-by: Ben Smith <binji@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48351}
2017-10-06 18:18:19 +00:00
Eric Holk
8c88dd04fa [wasm] Make BuildCCall variadic to avoid buffer space and copies
The typical pattern for using BuildCCall was to create a stack-allocated array
of arguments, which was passed to BuildCCall. BuildCCall then would allocate
scratch space using WasmGraphBuilder::Buffer and copy the arguments into the
scratch space. This copy is unnecessary and also the use of Buffer can lead to
silently overwriting scratch space that may be used higher up the stack.

Now BuildCCall takes all of the functions parameters as arguments and stores
this directly in a stack-allocated buffer, avoiding the use of Buffer at all and
all its associated pitfalls.

Change-Id: Ia0de9a90350d7fcbbb1b05d28e735d790a5f9143
Reviewed-on: https://chromium-review.googlesource.com/701638
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48350}
2017-10-06 16:16:55 +00:00
Ulan Degenbaev
71a3cc54ae Revert "[heap] Use weak cell in normalized map cache."
This reverts commit f3c8da56e9.

Reason for revert: GC stress failures
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/15396

Original change's description:
> [heap] Use weak cell in normalized map cache.
> 
> This replaces ad-hoc weakness in normalized map cache with weak cell.
> 
> Bug: chromium:694255
> Change-Id: I6a12301b2176fe3723b56178a65582cfb412f7d2
> Reviewed-on: https://chromium-review.googlesource.com/704834
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48344}

TBR=ulan@chromium.org,mlippautz@chromium.org

Change-Id: I0b2d39a1dcff6416998ab36506ee950220c87e89
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:694255
Reviewed-on: https://chromium-review.googlesource.com/705194
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48349}
2017-10-06 16:13:14 +00:00
Benedikt Meurer
34de39bfab [turbofan] Add support to inline new Array(n) calls.
Make calls like

  new Array(n)
  new A(n)

(where A is a subclass of Array) inlinable into TurboFan. We do this by
speculatively checking that n is an unsigned integer that is not greater
than JSArray::kInitialMaxFastElementArray, and then lowering the backing
store allocation to a builtin call. The speculative optimization is
either protected by the AllocationSite for the Array constructor
invocation (if we have one), or by a newly introduced global protector
cell that is used for Array constructor invocations that don't have an
AllocationSite, i.e. the ones from Array#map, Array#filter, or from
subclasses of Array.

Next step will be to implement the backing store allocations inline in
TurboFan, but that requires Loop support in the GraphAssembler, so it's
done as a separate CL. This should further boost the performance.

This boosts the ARES6 ML benchmark by up to 8% on the steady state,
and also improves monomorphic Array#map calls by around 20-25% on the
initial setup.

Bug: v8:6399
Tbr: ulan@chromium.org
Change-Id: I7c8bdecf7c814ce52db6ee3051c3206a4f7d4bb6
Reviewed-on: https://chromium-review.googlesource.com/704639
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48348}
2017-10-06 15:59:25 +00:00
Sathya Gunasekaran
b7db31a258 [runtime] Templatize PrintFixedArrayElements
Also delete duplicated code

Bug: v8:6404
Change-Id: I7f24d99573a854254aa0fd332fe5c947f93e0552
Reviewed-on: https://chromium-review.googlesource.com/704223
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48347}
2017-10-06 15:34:13 +00:00
Adam Klein
e02e3f3fb6 delete new.target should return true
This brings V8's behavior in line with both the spec and with
other engines.

This also fixes the (now-incorrect) DCHECK in BytecodeGenerator relating
to the delete operator's application to a VariableProxy.

Bug: v8:6697, v8:6721
Change-Id: I413c02af235b0bb652eb4c5d5c971e2cf80e0906
Reviewed-on: https://chromium-review.googlesource.com/703894
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48346}
2017-10-06 15:29:15 +00:00
Adam Klein
44729f3541 Add gsathya to parsing/OWNERS
Also remove vogelheim (no longer on the team) for clarity.

Change-Id: Ida6d058252f17b71bb158308657ae2d18b52c2b2
Reviewed-on: https://chromium-review.googlesource.com/703161
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48345}
2017-10-06 15:28:32 +00:00
Ulan Degenbaev
f3c8da56e9 [heap] Use weak cell in normalized map cache.
This replaces ad-hoc weakness in normalized map cache with weak cell.

Bug: chromium:694255
Change-Id: I6a12301b2176fe3723b56178a65582cfb412f7d2
Reviewed-on: https://chromium-review.googlesource.com/704834
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48344}
2017-10-06 15:10:08 +00:00
Michael Lippautz
8e45603136 [arm64-simulator] Dispose stray Isolate in test
Bug: 
Change-Id: I2bebb92d2f5ed245bd7b20ee3ed1c6804605f837
Reviewed-on: https://chromium-review.googlesource.com/704644
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48343}
2017-10-06 15:09:03 +00:00
Hannes Payer
88e74d35ff [heap] Add missing spaces between scavenge trace categories.
Bug: 
Change-Id: I780c83686b741e4d63a49ccb119a920c817d5a0a
Reviewed-on: https://chromium-review.googlesource.com/704718
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48342}
2017-10-06 13:41:13 +00:00
Michael Starzinger
158dbb8b6b [wasm] Fix undefined behavior in WebAssembly.Table.grow.
R=clemensh@chromium.org
TEST=mjsunit/regress/regress-crbug-772056
BUG=chromium:772056

Change-Id: I199262aa128ab395382520b1439ecc60ed141d4a
Reviewed-on: https://chromium-review.googlesource.com/704582
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48341}
2017-10-06 12:54:53 +00:00
Michael Achenbach
a410a48f9f [test] Skip some debugger tests under stress_incremental_marking
NOTRY=true

Bug: chromium:772010
Change-Id: I510121accd739f1b8239720154d45846e83b3662
Reviewed-on: https://chromium-review.googlesource.com/704818
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48340}
2017-10-06 12:49:23 +00:00
Michael Lippautz
e0f21bb743 [arm-simulator] Dispose stray Isolate in test
Bug: 
Change-Id: I6b853f9462793c14aca3cc45c735ddcef6ed6155
Reviewed-on: https://chromium-review.googlesource.com/704637
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48339}
2017-10-06 12:05:02 +00:00
Ulan Degenbaev
e0d64dc67c [heap] Print the number of chunks in unmapper queue in --trace-gc-nvp
Bug: chromium:771966
Change-Id: I146b279c4713b7dd716c6d55ca5e6c6e23a3ad7e
Reviewed-on: https://chromium-review.googlesource.com/704740
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48338}
2017-10-06 11:16:21 +00:00
Camillo Bruni
228cba7d81 [runtime] Use strict mode map for the Proxy function
Bug: v8:6873
Change-Id: I1f544065dfec406bf3e4f16df38e80a1b1f7a173
Reviewed-on: https://chromium-review.googlesource.com/702281
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48337}
2017-10-06 10:58:31 +00:00
Benedikt Meurer
4824da8db4 [turbofan] Don't try to constant-fold properties from the_hole.
Bug: chromium:772190, v8:6819, v8:6820, v8:6831
Change-Id: Ied2dc954ff7575043988087d96782cfbb99e9ec8
Reviewed-on: https://chromium-review.googlesource.com/704578
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48336}
2017-10-06 09:56:41 +00:00
Clemens Hammacher
a9882da618 [wasm] Clean up interface for exception handling
Avoid splitting functionality in two interface calls and passing around
a void* between them.

R=kschimpf@chromium.org

Change-Id: I0e12ff0295852ce5c36f7c3fb3b2c51dc0f2677e
Reviewed-on: https://chromium-review.googlesource.com/702484
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48335}
2017-10-06 09:34:11 +00:00
Jaroslav Sevcik
ea891e87e8 [turbofan] Load elimination - use maps to avoid state invalidation.
Currently, the transition elements kind operation invalidates the
elements of all other arrays. In particular, if we loop over matrix 
elements using two nested loops, and do possibly transitioning access 
a[i][j] in every iteration, we invalidate the load elimination state 
for the array 'a' because a[i][j] might transition elements kind 
for the 'a[i]' array. As a result, the 'a[i]' access cannot be 
hoisted from the inner loop.

With this CL, we figure out that transitioning 'a[i]' cannot affect 'a'
because we know that 'a' does not have the transition's source map.

In the micro-benchmark below, the time for summing up the elements of
100x100 matrix improves by factor of 1.7 (from ~340ms to ~190ms).

function matrixSum(a) {
  let s = 0;
  let rowCount = a.length;
  let columnCount = a[0].length;
  for (let i = 0; i < rowCount; i++) {
    for (let j = 0; j < columnCount ; j++) {
      s += a[i][j];
    }
  }
  return s;
}

// Setup the matrices:
// Smi elements.
var ma = [[1, 2], [3, 4]];
// Holey double elements.
var b = Array(100);
for (let i = 0; i < 100; i++) b[i] = 1.1;
var mb = [];
for (let i = 0; i < 100; i++) mb[i] = b;

// Warmup.
matrixSum(mb);
matrixSum(mb);
matrixSum(ma);
matrixSum(mb);
matrixSum(ma);

%OptimizeFunctionOnNextCall(matrixSum);

function runner(m) {
  let s = 0;
  for (let i = 0; i < 1e4; i++) {
    s += matrixSum(m);
  }
  return s;
}
// Make sure the runner does not know the elements kinds.
%NeverOptimizeFunction(runner);

// Measure.
console.time("Sum");
runner(mb);
console.timeEnd("Sum");


Bug: v8:6344
Change-Id: Ie0642d8693ed63116b1aaed7d2f261fcb64729fe
Reviewed-on: https://chromium-review.googlesource.com/704634
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48334}
2017-10-06 09:29:41 +00:00
Ben L. Titzer
afbfddd75e [wasm] Honor AllowCodegenFromStrings() for all WASM compile types.
R=clemensh@chromium.org

Bug: v8:6756
Change-Id: I3b25b89f3ead5c856be5c7ba3c7c236e595ce8de
Reviewed-on: https://chromium-review.googlesource.com/695524
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48333}
2017-10-06 08:50:51 +00:00
Clemens Hammacher
23f761d3c5 [wasm] Truncate function names for profiling events
And other cleanups to reuse computed function names, and use
EmbeddedVector instead of ScopedVector (stack allocated instead of heap
allocated).

R=titzer@chromium.org

Change-Id: Id293946dc9aa574e7d185ff23b87068bca74549f
Reviewed-on: https://chromium-review.googlesource.com/690474
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48332}
2017-10-06 08:48:01 +00:00
Benedikt Meurer
192ebc34b4 [test] Add more tests for Array constructor in optimized code.
Bug: v8:6399
Tbr: jarin@chromium.org
Change-Id: I98b4f2e3d9990fc38c7b5b2fac181e32ed4faa13
Reviewed-on: https://chromium-review.googlesource.com/704635
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48331}
2017-10-06 08:37:41 +00:00
Benjamin Peterson
648cb56a37 [heap] Correct spelling of PointersUpdatingTask
Change-Id: I3ed30f539df5e9f02db8ca7934d2b68ad9437535
Reviewed-on: https://chromium-review.googlesource.com/694422
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48330}
2017-10-06 08:17:11 +00:00
Benedikt Meurer
c77dfda0ac [turbofan] Properly check call arity for Object.is(o,o).
Bug: chromium:771971, v8:6882
Change-Id: Id1a602306bc89a5f96e180f70d6f713015d2dbb6
Reviewed-on: https://chromium-review.googlesource.com/702834
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48329}
2017-10-06 07:56:31 +00:00
Michael Lippautz
4443683654 [serializer] Properly dispose Isolates in tests
Bug: 
Change-Id: I1ca4246174e16dc3577f31a9e3a8333aadc17415
Reviewed-on: https://chromium-review.googlesource.com/702894
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48328}
2017-10-06 07:50:01 +00:00
Michael Lippautz
f84d216ff9 [wasm] TransferrableWasModules test: Properly disposte Isolate
Bug: 
Change-Id: I824f42cf6159f94204ee3e3c26a6af18e717b11e
Reviewed-on: https://chromium-review.googlesource.com/702874
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48327}
2017-10-06 07:48:21 +00:00
Benedikt Meurer
99203eeaa3 [ic] Allow duplicate (map,handler) pairs in RECOMPUTE_HANDLER state.
This repairs the performance regression on Octane/EarleyBoyer and
JetStream/EarleyBoyer benchmarks.

Bug: chromium:772268, v8:6367, v8:6278, v8:6344
Change-Id: Ibc144a35b37c5822f88712550d8db09386241341
Reviewed-on: https://chromium-review.googlesource.com/704574
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48326}
2017-10-06 07:37:21 +00:00
Benedikt Meurer
279a83e4ff [turbofan] Refactor the JSCreateArray lowering to support more cases.
Array (subclass) constructor calls with 0 parameters are now properly
turned into inline allocations, also Array (subclass) constructor calls
with exactly one parameter, which is either known to not be a Number
or which is a known integer in the valid loop unrolling range.

Also refactor the general JSCreateArray lowering logic to properly
support Array subclasses, i.e. deal with inobject properties and
initial maps correctly.

This boosts performance of those cases significantly (and will allow
us to reduce the complexity of the Array constructor significantly
long-term). For example the simple case

  new Array("a", "b", "c", "d", "e", "f", "g")

is now around 10x faster than before.

Bug: v8:6399
Change-Id: I70661971398524ee0c6a349ee559b98a962a6266
Reviewed-on: https://chromium-review.googlesource.com/703134
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48325}
2017-10-06 05:38:25 +00:00
Deepti Gandluri
3dcb40c9b3 [wasm] Add disassembly for Atomic ops in wasm-text
Fix disassembly of atomic operations for the inspector.

BUG=v8:6842,v8:6532

Change-Id: I3701b55c28b10561d1726e2c0b9fe2e1b2c76b8e
Reviewed-on: https://chromium-review.googlesource.com/703468
Commit-Queue: Brad Nelson <bradnelson@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48324}
2017-10-05 23:00:51 +00:00
Jakob Kummerow
da13b8971d [bigint] Implement toString(radix) for any radix
Power-of-two radixes were supported already; this adds all others
(with 2 <= radix <= 36).

Bonus: fix digit_div fallback path for divisors with no leading zeros.

Bug: v8:6791
Change-Id: Id472667f057ad13338e0d8257a899490490e6f8f
Reviewed-on: https://chromium-review.googlesource.com/693316
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48323}
2017-10-05 22:38:21 +00:00
Aseem Garg
8fc10b5af7 [wasm] Re-enable Simd lowering tests for wasm
This adds a new simd lowering execution mode for
simd and re-enables the lowering tests

R=titzer@chromium.org,gdeepti@chromium.org,bbudge@chromium.org,mtrofin@chromium.org
BUG=v8:6020

Change-Id: Ice6b7ff2f5973804d379c88241d49b811429a965
Reviewed-on: https://chromium-review.googlesource.com/698928
Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48322}
2017-10-05 21:25:34 +00:00
Alexei Filippov
ca81e11497 [runtime-call-stats] Add extra logging to catch remaining crashes.
BUG=chromium:760649

Change-Id: I13f3ad28ce3870ef57aa53eef684727656dcdff2
Reviewed-on: https://chromium-review.googlesource.com/701264
Commit-Queue: Alexei Filippov <alph@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48321}
2017-10-05 19:52:08 +00:00
Adam Klein
0717ff3457 [parser] Ensure for-in/of loop variables are marked maybe_assigned
The code used to rely on all such loops having a block scope around
them, but that is no longer the case for loops whose loop variables
are VAR-declared.

This patch introduces a new DeclarationDescriptor::Kind for such
variables, and sets it during parsing, allowing the variable
declaration code to note them as assigned appropriately.

Bug: chromium:768158
Change-Id: I0cd60e8c8c735681be9dbb9344a93156af09c952
Reviewed-on: https://chromium-review.googlesource.com/701624
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48320}
2017-10-05 19:16:29 +00:00
Sathya Gunasekaran
a4bddba0b0 [Runtime] Use platform specific value for JSReceiver::HashMask
This allows us to remove the loop while calculating the hash value and
just use the HashMask as the mask for ComputeIntegerHash. This
previously overflowed on 32-bit systems failing the Smi::IsValid
check.

Bug: v8:6404
Change-Id: I84610a7592fa9d7ce4fa5cef7903bd50b8e8a4df
Reviewed-on: https://chromium-review.googlesource.com/702675
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48319}
2017-10-05 19:13:48 +00:00
Georgia Kouveli
fee37178dd [arm64] Make sure exit frames take up a multiple of 16 bytes.
Bug: v8:6644
Change-Id: I35c5a5095d0e154b4df0b6903e510587e869a2d4
Reviewed-on: https://chromium-review.googlesource.com/686822
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
Cr-Commit-Position: refs/heads/master@{#48318}
2017-10-05 17:39:07 +00:00
Max Moroz
a6e497472d [fuzzer] Documentation: fix link for build configurations reference.
R=ahaas@chromium.org, ochang@chromium.org

Bug: Chromium:539572
Change-Id: I9e94a03c9173d0a17cb1a18dc8740972ff794368
Reviewed-on: https://chromium-review.googlesource.com/701601
Commit-Queue: Max Moroz <mmoroz@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48317}
2017-10-05 16:45:12 +00:00
Ulan Degenbaev
676c41321a [heap] Fix threshold for delayed chunks after 2c7561.
Bug: chromium:771966
Change-Id: Iac5ee55c0d31de477f21f091f4be015a1ca8d00c
Reviewed-on: https://chromium-review.googlesource.com/702382
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48316}
2017-10-05 16:21:12 +00:00
Michael Hablich
95cd866ca4 Change default component for src/ to Blink>JavaScript
The default component for src/ was Blink>JavaScript>Runtime
before. Unfortunately this is only partly true and tools
that use the information in the OWNERS file often misassign
issues because of it.

R=machenbach@chromium.org
NOTRY=true

Change-Id: I81457da1394a410fd494702f206af69857109c1c
Reviewed-on: https://chromium-review.googlesource.com/701758
Reviewed-by: Michael Hablich <hablich@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Commit-Queue: Michael Hablich <hablich@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48315}
2017-10-05 15:44:42 +00:00
Andreas Haas
44c400eeaf [wasm] Fail upon second code section in streaming compilation
At the moment we check only in the module-decoder if the sections in a
module appear at most once. The code section, however, we process
already before this check. With this CL we check that there is at most
one code section before we start processing it.

R=clemensh@chromium.org
TEST=WasmStreamingDecoderTest.TwoCodeSections

Bug: chromium:771916
Change-Id: Icc79d5a87ab39f450a35c688f74ea5e67cae4b3c
Reviewed-on: https://chromium-review.googlesource.com/702379
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48314}
2017-10-05 15:11:02 +00:00
Ulan Degenbaev
50edfd171e [heap] Fix ConcurrentMarkingReschedule cctest.
This makes the test robust for stress GC flags.

Bug: 
Change-Id: Ica65987f0ee09fbdb4aab233dea4c51db5b19459
Reviewed-on: https://chromium-review.googlesource.com/702436
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48313}
2017-10-05 15:00:12 +00:00
Ulan Degenbaev
2c75616028 [heap] Ensure progress in unmapping memory chunks.
If sweeping is not making progress and there are many young generation
GCs happening, then this can lead to accumulation of memory chunks in
the unmapper queue.

Bug: chromium:771966
Change-Id: Ief73ada0d17198a80b668850c6d2e7ea413113e7
Reviewed-on: https://chromium-review.googlesource.com/702479
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48312}
2017-10-05 14:38:31 +00:00
Sathya Gunasekaran
87e1b8dfdb Use MaybeHandle for values that could be empty
This fixes some of the old legacy API that used empty Handle<>

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I861e31a4a6f65bc497bfc512174adba39c17abca
Reviewed-on: https://chromium-review.googlesource.com/701634
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48311}
2017-10-05 13:16:55 +00:00
Michael Achenbach
c7e84f5216 [test] Add stress_incremental_marking testing variant
Bug: 
Change-Id: Iddb8dde328af42b99c74195a13975346437c7259
Reviewed-on: https://chromium-review.googlesource.com/700635
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48310}
2017-10-05 13:10:42 +00:00