Commit Graph

37163 Commits

Author SHA1 Message Date
gsathya
c6f925d7ed [ast] Annotate Runtime ast nodes
Changes output from
CALL RUNTIME (context function) code = 0x3e9ea90a2049 at -1
to
CALL RUNTIME async_function_promise_create code = 0x3e9ea90a2049 at -1

This makes the ast more useful. I didn't annotate all the runtime calls,
only some for now. We can annotate others if necessary.

Review-Url: https://codereview.chromium.org/2654113002
Cr-Commit-Position: refs/heads/master@{#42671}
2017-01-26 00:02:03 +00:00
kozyatinskiy
bc7eb04d92 [debug] remove StepFrame
This action was used by inspector for blackboxing and isn't needed with new blackboxing implementation inside V8.

BUG=none
R=yangguo@chromium.org,clemensh@chromium.org
TBR=bmeurer@chromium.org

Review-Url: https://codereview.chromium.org/2650943011
Cr-Commit-Position: refs/heads/master@{#42670}
2017-01-25 23:50:57 +00:00
jyan
f7a3ede082 s390: TF Codegen Optimization
List of items:
  1. Avoid zero-extending for subsequent 32-bit operations if current operation does not change upper 32-bit or does zero-extending.
  2. Match complex address mode for binary operation where possible (eg. use Add R,MEM).
  3. Detect instruction forms in selector. Eg. kAllowRRR, kAllowRM
  4. Optimize sequence for Int32MulWithOverflow, Int32Div, etc.
  5. Remove Not32/Not64 which is the same as XOR

R=bjaideep@ca.ibm.com, joransiu@ca.ibm.com
BUG=

Review-Url: https://codereview.chromium.org/2649113007
Cr-Commit-Position: refs/heads/master@{#42669}
2017-01-25 23:42:14 +00:00
kozyatinskiy
c8691efb38 [inspector] ignores debugger; in blackboxed code
Current state and proposed changes for blackboxing: https://docs.google.com/document/d/1hnzaXPAN8_QC5ENxIgxgMNDbXLraM_OXT73rAyijTF8/edit?usp=sharing

BUG=v8:5842,chromium:583193
R=yangguo@chromium.org,dgozman@chromium.org,alph@chromium.org

Review-Url: https://codereview.chromium.org/2648353006
Cr-Commit-Position: refs/heads/master@{#42668}
2017-01-25 23:30:40 +00:00
rmcilroy
6d42c4504a [complier] Enable parallel eager inner function compilation with compiler dispatcher.
Enable enqueueing of eager inner function compilation onto the compiler
dispatcher. This enables these tasks to be performed in parallel to
compilation of the outer functio (only for Ignition functions).
We currently synchronize to ensure all inner function compilations
 are complete before executing the outer function - future work will
allow outer function execution to happenin parallel to inner function
compilation.

BUG=v8:5203,v8:5215

Review-Url: https://codereview.chromium.org/2611313002
Cr-Commit-Position: refs/heads/master@{#42667}
2017-01-25 22:41:57 +00:00
pfeldman
76e31da4f6 V8 Inspector: remove V8ConsoleAPIType from the API, reuse v8::Isolate::MessageErrorLevel instead.
BUG=chromium:682521

Review-Url: https://codereview.chromium.org/2656613004
Cr-Commit-Position: refs/heads/master@{#42666}
2017-01-25 22:23:18 +00:00
Michael Achenbach
64b9aec06c Whitespace change to trigger bots
Cr-Commit-Position: refs/heads/master@{#42665}
2017-01-25 19:43:09 +00:00
Michael Achenbach
232a363f57 Whitespace change to trigger bots
Cr-Commit-Position: refs/heads/master@{#42664}
2017-01-25 19:35:55 +00:00
jyan
05426a0de3 s390: Fix DoArgumentsElements where should use CmpP
R=bjaideep@ca.ibm.com, joransiu@ca.ibm.com
BUG=

Review-Url: https://codereview.chromium.org/2651673009
Cr-Commit-Position: refs/heads/master@{#42663}
2017-01-25 18:46:02 +00:00
leszeks
03a2b3a1a3 [ignition] Expect 'I' for signed bytecode operands
Because it was confusing seeing U8(negative value).

Review-Url: https://codereview.chromium.org/2640273002
Cr-Commit-Position: refs/heads/master@{#42662}
2017-01-25 17:39:24 +00:00
jyan
dde145054f [turbofan] Allow TempReg to be SameAsFirst and FromVreg
BUG=

Review-Url: https://codereview.chromium.org/2650813003
Cr-Commit-Position: refs/heads/master@{#42661}
2017-01-25 16:11:07 +00:00
caitp
c18d4216a4 [csa] add utilities for printf-style debugging
Adds CSA::Print(const char* s), which generates a runtime call to
Runtime::kGlobalPrint with a line-terminated ASCII string constant,
and CSA::DebugPrint(const char* prefix, Node* tagged_value), which
emits a runtime call to Runtime::kDebugPrint() with the tagged
value, optionally prefixed by an ascii string constant.

These simplify debugging TF builtins by providing a tool to easily
observe the contents of values at arbitrary points in a program,
without stepping endlessly through assembly in a debugger, and to
easily observe the path taken through a TF builtin.

These methods do not generate code in release builds.

BUG=v8:5268
R=ishell@chromium.org, danno@chromium.org, bmeurer@chromium.org

Review-Url: https://codereview.chromium.org/2651673003
Cr-Commit-Position: refs/heads/master@{#42660}
2017-01-25 15:45:57 +00:00
machenbach
7c30fcf22d [foozzie] Fix mock variables that leaked into the global object
Also tidy some JS style in the file.

BUG=chromium:673246
NOTRY=true

Review-Url: https://codereview.chromium.org/2650353004
Cr-Commit-Position: refs/heads/master@{#42659}
2017-01-25 14:59:39 +00:00
ahaas
1c1742f38d [wasm] Fix the --wasm_code_fuzzer_gen_test again.
R=titzer@chromium.org, clemensh@chromium.org

Review-Url: https://codereview.chromium.org/2657443003
Cr-Commit-Position: refs/heads/master@{#42658}
2017-01-25 14:10:04 +00:00
petermarshall
bf782ec512 [Builtins] Smi-check the spread and go to runtime in CheckSpreadAndPushToStack.
We did not smi-check the spread argument here, meaning we tried to take the map
of a smi, resulting in segfaults which clusterfuzz found.

Also added tests that exercise this path.

BUG=685086

Review-Url: https://codereview.chromium.org/2655013002
Cr-Commit-Position: refs/heads/master@{#42657}
2017-01-25 13:55:58 +00:00
marja
6053f4a331 [parser]: Skipping inner funcs / initial implemetation of storing scope analysis data from preparsed scopes.
The data produced at the moment only contains information about scope type +
positions, and only the most trivial tests pass.

Upcoming CLs will extend the data to contain information about variables (once
PreParser can produce it) and add more test cases.

BUG=v8:5516

Review-Url: https://codereview.chromium.org/2650703003
Cr-Commit-Position: refs/heads/master@{#42656}
2017-01-25 13:03:19 +00:00
titzer
f51a5f732c [wasm-test] WasmModuleBuilder.addCustomSection in the JS builder API.
R=rossberg@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2650053005
Cr-Commit-Position: refs/heads/master@{#42655}
2017-01-25 11:53:09 +00:00
clemensh
0ec3a264bc [wasm] Fix check failure on invalid name section
After decoding an invalid function name (e.g. OOB), we stored the parsed
offset and length into the WasmFunction anyway, resulting in a runtime
CHECK failure later on.
This CL fixes this, and adds a regression test.

R=titzer@chromium.org
CC=mtrofin@chromium.org, bradnelson@chromium.org
BUG=chromium:684858

Review-Url: https://codereview.chromium.org/2656713003
Cr-Commit-Position: refs/heads/master@{#42654}
2017-01-25 11:37:48 +00:00
v8-autoroll
fdc5cd7987 Update V8 DEPS.
Rolling v8/build: dbe38ca..24cce87

Rolling v8/tools/clang: 58fecbe..68adbeb

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review-Url: https://codereview.chromium.org/2653123004
Cr-Commit-Position: refs/heads/master@{#42653}
2017-01-25 11:09:32 +00:00
mlippautz
f392922b4a [tests] Fix use-after-scope errors related to weak refs
BUG=v8:5887

Review-Url: https://codereview.chromium.org/2655533004
Cr-Commit-Position: refs/heads/master@{#42652}
2017-01-25 10:46:01 +00:00
titzer
1cbb690366 [wasm] Use ErrorThrower more uniformly in wasm-js.cc
R=rossberg@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2650073003
Cr-Commit-Position: refs/heads/master@{#42651}
2017-01-25 10:40:11 +00:00
rmcilroy
8bae36f963 [Platform] Increase default stack size on Mac OS X to 1MB.
The default stack size of a background thread is 512KB on MacOSX. We default to
1MB stack checks when compiling JS code, so we need to increase this limit
to enable compilation of JS code onto background threads.

Corresponding Chromium CL is https://codereview.chromium.org/2640803002/

BUG=v8:5203

Review-Url: https://codereview.chromium.org/2653673007
Cr-Commit-Position: refs/heads/master@{#42650}
2017-01-25 10:35:12 +00:00
jgruber
a4183e59a7 [stubs] Add initializing constructor to CSA::Variable
It's a common pattern to create a Variable and immediately initialize
it. This adds a new constructor to make that pattern more natural.

BUG=

Review-Url: https://codereview.chromium.org/2657533003
Cr-Commit-Position: refs/heads/master@{#42649}
2017-01-25 10:00:38 +00:00
mstarzinger
efc8cb16d7 [turbofan] Fix accumulator use in bytecode analysis.
This fixes the checks of accumulator usage flags in the computation of
the interpreter register liveness during bytecode analysis. The usage
flags at hand are bit patterns as opposed to flat enum values. Use the
safe accessors instead of plain comparison.

R=jarin@chromium.org
TEST=mjsunit/regress/regress-crbug-683581
BUG=chromium:683581

Review-Url: https://codereview.chromium.org/2651653005
Cr-Commit-Position: refs/heads/master@{#42648}
2017-01-25 09:14:41 +00:00
bmeurer
d0a24e913f [turbofan] Constant-fold JSGetSuperConstructor.
This adds support to constant-fold JSGetSuperConstructor(constructor)
for constructors with stable maps, i.e. where we can add a stability
dependency on the constructors map to get notified when the [[Prototype]]
of constructor changes.

R=petermarshall@chromium.org
BUG=v8:5517

Review-Url: https://codereview.chromium.org/2652763010
Cr-Commit-Position: refs/heads/master@{#42647}
2017-01-25 08:48:49 +00:00
jgruber
4ec372801e [heap] Handle edge case in NewSpaceAllocationCounter test
This test checks that counters accurately reflect the allocated size.
There's an edge case that can occur when, previously to the allocation,
the page does not have enough space left to allocate the requested
object - then we move on to a fresh page, fill the remaining space of
the old page with a filler object, and allocate the requested object on
the new page.

The counters will show the size of the filler object plus the requested
object size, while the test expects only the requested size.

This CL fixes that case by performing two GCs to clear out new space.

BUG=

Review-Url: https://codereview.chromium.org/2652933002
Cr-Commit-Position: refs/heads/master@{#42646}
2017-01-25 07:41:34 +00:00
jgruber
39b858754e [cleanup] Refactor builtins-generator.cc to use TF_BUILTIN macro
BUG=

Review-Url: https://codereview.chromium.org/2653693003
Cr-Commit-Position: refs/heads/master@{#42645}
2017-01-25 07:36:24 +00:00
kozyatinskiy
cb545a8c0c [inspector] change target promise for kDebugWillHandle & kDebugDidHandle
- kDebugPromiseCreated(task, parent_task)
This event occurs when promise is created (PromiseHookType::Init). V8Debugger uses this event to maintain task -> parent task map.

- kDebugEnqueueAsyncFunction(task)
This event occurs when first internal promise for async function is created. V8Debugger collects stack trace at this point.

- kDebugEnqueuePromiseResolve(task),
This event occurs when Promise fulfills with resolved status. V8Debugger collects stack trace at this point.

- kDebugEnqueuePromiseReject(task),
This event occurs when Promise fulfills with rejected status. V8Debugger collects stack trace at this point.

- kDebugPromiseCollected,
This event occurs when Promise is collected and no other chained callbacks can be added. V8Debugger removes information about async task for this promise.

- kDebugWillHandle,
This event occurs when chained promise function (either resolve or reject handler) is called. V8Debugger installs parent promise's stack (based on task -> parent_task map) as current if available or current promise's scheduled stack otherwise.

- kDebugDidHandle,
This event occurs after chained promise function has finished. V8Debugger restores asynchronous call chain to previous one.

With this change all instrumentation calls are related to current promise (before WillHandle and DidHandle were related to next async task).

Before V8Debugger supported only the following:
- asyncTaskScheduled(task1)
- asyncTaskStarted(task1)
- asyncTaskFinished(task1)

Now V8Debugger supports the following:
- asyncTaskScheduled(parent_task)
..
- asyncTaskCreated(task, parent_task),
- asyncTaskStarted(task), uses parent_task scheduled stack
- asyncTaskScheduled(task)
- asyncTaskFinished(task)

Additionally: WillHandle and DidHandle were migrated to PromiseHook API.

More details: https://docs.google.com/document/d/1u19N45f1gSF7M39mGsycJEK3IPyJgIXCBnWyiPeuJFE

BUG=v8:5738
R=dgozman@chromium.org,gsathya@chromium.org,yangguo@chromium.org

Review-Url: https://codereview.chromium.org/2650803003
Cr-Commit-Position: refs/heads/master@{#42644}
2017-01-25 07:05:43 +00:00
bmeurer
9a8e269a23 [turbofan] Maintain the invariant to never inline cross native context.
In the JSCallReducer we'd inline certain builtins like the Array
constructor or Function builtins across native contexts, which at
this point should be mostly safe, but might lead to cross context
leaks in the future (as it's not obvious that the JSCallReducer)
doesn't maintain this invariant. So better safe than sorry.

R=yangguo@chromium.org
BUG=v8:5267

Review-Url: https://codereview.chromium.org/2651133002
Cr-Commit-Position: refs/heads/master@{#42643}
2017-01-25 05:58:59 +00:00
zhengxing.li
bc1117ac03 X87: [Turbofan] Implement call with spread bytecode in assembly code.
port f9367847b0 (r42632)

  original commit message:
  We can share almost all of the architecture-specific builtin code with super-call-with-spread.

  Info to port-writers: The code in CheckSpreadAndPushToStack has changed slightly from what was in Generate_ConstructWithSpread,
  in that we take the length of the spreaded parameters from the JSArray rather than the FixedArray backing store.

BUG=

Review-Url: https://codereview.chromium.org/2652153002
Cr-Commit-Position: refs/heads/master@{#42642}
2017-01-25 05:29:41 +00:00
zhengxing.li
f223d4f5be X87: [TypeFeedbackVector] DeclareGlobals needs a literals array.
port d287c81969 (r42620)

  original commit message:
  [RELAND with one change: until literal arrays are rooted in the outer
  feedback vector (coming in the next days), the runtime-scope.cc change
  is held off.]

  When a function is declared in global scope, the closure is created
  by the DeclareGlobals runtime service. It needs a pointer to the
  literals array, already allocated in the feedback vector. This
  fixes a bug where it's behavior wasn't in sync with CreateClosure,
  which accepts the literals from the vector.

  This enables a follow-on performance improvement in the CompileLazy
  builtin.

BUG=

Review-Url: https://codereview.chromium.org/2653893002
Cr-Commit-Position: refs/heads/master@{#42641}
2017-01-25 05:23:13 +00:00
cbruni
e5608155ae [runtime] Fix Array.prototype.concat with complex @@species
Array.prototype.concat does not properly handle JSProxy species that will
modify the currently visited array.

BUG=682194

Review-Url: https://codereview.chromium.org/2655623004
Cr-Commit-Position: refs/heads/master@{#42640}
2017-01-25 04:37:04 +00:00
brettw
98dbcfde26 Conditionally convert V8 build overrides to declare_args.
We're converting the build_overrides system to the new default_args list of
overrides that can be listed in the toplevel .gn file. This will allow args to
be set on a per-repo basis.

This change conditionally adds the variables currently defined in
build_overrides/v8.gni to build args. This allows V8's build to be used in both
the new and old systems. Once all Chrome and pdfium have been updated, v8's
build overrides and the conditional checks around the new args can be removed.

BUG=684096

Review-Url: https://codereview.chromium.org/2654663003
Cr-Commit-Position: refs/heads/master@{#42639}
2017-01-25 00:20:56 +00:00
leszeks
e56437b630 [ignition] Use absolute values for jump offsets
Since JumpLoop is always backwards, and other jumps are always forwards,
we can store the jump offset as an always positive integer and decide on
the jump direction based on the bytecode. This will save a small amount
of space for large-ish for loops (>128 bytecodes).

Review-Url: https://codereview.chromium.org/2641443002
Cr-Commit-Position: refs/heads/master@{#42638}
2017-01-24 22:09:02 +00:00
franzih
82631263c6 [ast] Simplify NewBoilerplateDescription.
The property backing store size depends on the number of
index keys. Pass index keys to the factory function instead
calculating the size outside.

R=verwaest@chromium.org

BUG=v8:5625

Review-Url: https://codereview.chromium.org/2651533002
Cr-Commit-Position: refs/heads/master@{#42637}
2017-01-24 19:06:03 +00:00
mtrofin
777057763c [wasm] JSAPI conformance: instance.exports has null prototype.
BUG=v8:5885

Review-Url: https://codereview.chromium.org/2649163004
Cr-Commit-Position: refs/heads/master@{#42636}
2017-01-24 19:00:36 +00:00
gsathya
a76e9f38ba [ESnext] stage object rest/spread properties
BUG=v8:5549

Review-Url: https://codereview.chromium.org/2653643004
Cr-Commit-Position: refs/heads/master@{#42635}
2017-01-24 17:25:28 +00:00
titzer
68efecff60 [wasm] Implement WebAssembly.Module.customSections.
R=ahaas@chromium.org,rossberg@chromium.org
BUG=chromium:575167

Review-Url: https://codereview.chromium.org/2626263004
Cr-Commit-Position: refs/heads/master@{#42634}
2017-01-24 15:23:02 +00:00
rmcilroy
7524e523d7 Revert "[Parse] ParseInfo owns the parsing Zone."
Speculative reason for issue 684481.

BUG=chromium:684481
TBR=marja@chromium.org,mstarzinger@chromium.org,ahaas@chromium.org,verwaest@chromium.org,

Original issue's description:
> [Parse] ParseInfo owns the parsing Zone.
>
> Moves ownership of the parsing Zone to ParseInfo with a shared_ptr. This is
> in preperation for enabling background compilation jobs for inner functions
> share the AST in the outer-function's parse zone memory (read-only), with the
> and zone being released when all compilation jobs have completed.
>
> BUG=v8:5203, v8:5215
> Review-Url: https://codereview.chromium.org/2632123006
> Cr-Commit-Position: refs/heads/master@{#42562}
> Committed: 4b0101d369

Review-Url: https://codereview.chromium.org/2648383005
Cr-Commit-Position: refs/heads/master@{#42633}
2017-01-24 14:38:13 +00:00
petermarshall
f9367847b0 [Turbofan] Implement call with spread bytecode in assembly code.
We can share almost all of the architecture-specific builtin code with super-call-with-spread.

Info to port-writers: The code in CheckSpreadAndPushToStack has changed slightly from what was in Generate_ConstructWithSpread, in that we take the length of the spreaded parameters from the JSArray rather than the FixedArray backing store.

BUG=v8:5511

Review-Url: https://codereview.chromium.org/2649143002
Cr-Commit-Position: refs/heads/master@{#42632}
2017-01-24 14:37:01 +00:00
marja
4aedeb1bd5 objects.h splitting: include less objects/ files.
Using a Handle<Foo> as a member doesn't require including foo.h

R=mstarzinger@chromium.org
BUG=v8:5402

Review-Url: https://codereview.chromium.org/2650973003
Cr-Commit-Position: refs/heads/master@{#42631}
2017-01-24 13:24:53 +00:00
tebbi
e225251f25 [tubofan] teach escape analysis about ObjectIsNonCallable
R=mstarzinger@chromium.org, bmeurer@chromium.org

BUG=chromium:669242

Review-Url: https://codereview.chromium.org/2645273003
Cr-Commit-Position: refs/heads/master@{#42630}
2017-01-24 13:18:23 +00:00
titzer
a920c0d92b [wasm] Errors in names section do not fail the whole module.
R=ahaas@chromium.org
BUG=v8:5882

Review-Url: https://codereview.chromium.org/2657463003
Cr-Commit-Position: refs/heads/master@{#42629}
2017-01-24 13:13:26 +00:00
mlippautz
4894bbd439 [profiler] Query retainer infos from embedder instead of using object grouping
BUG=chromium:679724

Review-Url: https://codereview.chromium.org/2627033002
Cr-Commit-Position: refs/heads/master@{#42628}
2017-01-24 12:50:47 +00:00
marja
db1de41a62 [parser] Refactor ParseForStatement.
It was a scary function which handled all possible old-fashioned and
for-each statements at one go. Split it to multiple smaller functions
and made the top level logic clearer.

BUG=

Review-Url: https://codereview.chromium.org/2645353002
Cr-Commit-Position: refs/heads/master@{#42627}
2017-01-24 10:17:02 +00:00
machenbach
f94c7e8f1a [foozzie] Disable optimizations for typed float arrays.
This disables optimizations when using typed float arrays in
correctness fuzzer test cases. Otherwise, different NaN patterns
in float typed arrays might lead to different observations when
using the buffer in an int array view.

BUG=chromium:683579
NOTRY=true
TBR=Jarin, mvstanton, Igor Sheludko

Review-Url: https://codereview.chromium.org/2649923008
Cr-Commit-Position: refs/heads/master@{#42626}
2017-01-24 10:15:55 +00:00
marja
29ede2bf0e test-parsing/NoPessimisticContextAllocation: add a missing test
The "sloppy eval in default param" cases will be useful for the future
tests which assert that parser and preparser produce the same scopes.

BUG=v8:5501, v8:5516

Review-Url: https://codereview.chromium.org/2644333002
Cr-Commit-Position: refs/heads/master@{#42625}
2017-01-24 10:14:45 +00:00
clemensh
3dea55b413 [wasm] Implement stepping in wasm code
Implement stepping by remembering the current step action in the wasm
interpreter handle in WasmDebugInfo, and using it when continuing
execution in the interpreter.
The control flow is as follows: After module compilation, the user sets
a breakpoint in wasm. The respective function is redirected to the
interpreter and the breakpoint is set on the interpreter. When it is
hit, we notify all debug event listeners, which might prepare stepping.
When returning from these listeners, before continuing execution, we
check whether stepping was requested and continue execution in the
interpreter accordingly.

Stepping from Wasm to JS and vice versa will be implemented and tested
in a follow-up CL. Testing this requires breakpoints and stepping in
Wasm to be exposed via the inspector interface, such that we can write
an inspector test. This mixed JS-Wasm-execution is hard to set up in a
cctest.

R=titzer@chromium.org, yangguo@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2649533002
Cr-Commit-Position: refs/heads/master@{#42624}
2017-01-24 10:13:33 +00:00
ahaas
d9253a2f7c [wasm] Change the constant kV8MaxWasmTableSize to a command line flag.
Similar to the maximum memory size this limit caused problems for
the fuzzer due to oom issues. With the command line flag we can limit
the maximum table size for the fuzzer.

R=titzer@chromium.org

Review-Url: https://codereview.chromium.org/2648223004
Cr-Commit-Position: refs/heads/master@{#42623}
2017-01-24 10:12:22 +00:00
titzer
e9b22dde28 [wasm] Do not patch memory references in imported functions.
BUG=v8:5860
R=rossberg@chromium.org

Review-Url: https://codereview.chromium.org/2653533003
Cr-Commit-Position: refs/heads/master@{#42622}
2017-01-24 09:43:57 +00:00