Commit Graph

40455 Commits

Author SHA1 Message Date
Adam Klein
cff5470a62 [cleanup] Modernize creation of JSON, Math, and Intl objects
Before this patch, those builtin objects all used a strange-looking
pattern for creation that involved creating a new constructor
function (likely in order to get their ES5 [[Class]] set
appropriately).

But in modern times, with @@toStringTag as the mechanism of returning
the correct toString value, there should be no need for those extra
hoops, so simply use the Object constructor instead.

Change-Id: Id841dace26bf71f73ec25a71f1297d502438b27c
Reviewed-on: https://chromium-review.googlesource.com/533922
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45963}
2017-06-15 18:24:02 +00:00
Adam Klein
405fafb838 [runtime|cleanup] Remove implementation of unreachable runtime functions
Change-Id: Ie4d21d2fc10db40efb42d66c9438ce3f3f01ce79
Reviewed-on: https://chromium-review.googlesource.com/533804
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45962}
2017-06-15 18:22:58 +00:00
Georg Neis
e53fdff9da [modules] Fix setting variables via debug-scopes.
I incorrectly assumed that ScopeIterator::SetModuleVariableValue gets called
when the frame is the module function.

R=jgruber@chromium.org, kozyatinskiy@chromium.org

Bug: v8:1569, v8:6484
Change-Id: I1fbad8ccde57280149547c78e679527f7a0c89dd
Reviewed-on: https://chromium-review.googlesource.com/535620
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45961}
2017-06-15 15:46:48 +00:00
Leszek Swirski
920796b3a4 Revert "[frames] Make interpreted frame detection stricter (reland)"
This reverts commit b7a036a6f1.

Reason for revert: We don't want to ever access the heap when walking the stack

Original change's description:
> [frames] Make interpreted frame detection stricter (reland)
> 
> When iterating over stack frames, make the interpreted frame detection
> require that the frame header contains the bytecode array.
> 
> Currently, the stack frame iterator supports bytecode handlers that
> don't create stack frames by checking if the top of the stack (i.e. the
> return address) is the interpreter entry trampoline. However, optimized
> code tail called from the interpreter entry trampoline can move the
> stack pointer without clearing the stack, which means it can end up with
> a pointer into the interpreter entry trampoline on the top of its stack
> (in an uninitialized value), and be interpreted as an interpreted frame.
> 
> To avoid such optimized code frames being interpreted as interpreted
> frames, we now additionally test the frame header, to see if it contains
> a valid pointer to a BytecodeArray.
> 
> Reland of https://chromium-review.googlesource.com/c/535646/
> 
> Change-Id: Iefbf305c9e4b43bebd2fc111663671d2b675e64a
> Reviewed-on: https://chromium-review.googlesource.com/536935
> Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#45959}

TBR=kozyatinskiy@chromium.org,leszeks@chromium.org

Change-Id: I52a62c8e11af4d1565af92f10113b955f8c2c2f2
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/536938
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45960}
2017-06-15 15:16:10 +00:00
Leszek Swirski
b7a036a6f1 [frames] Make interpreted frame detection stricter (reland)
When iterating over stack frames, make the interpreted frame detection
require that the frame header contains the bytecode array.

Currently, the stack frame iterator supports bytecode handlers that
don't create stack frames by checking if the top of the stack (i.e. the
return address) is the interpreter entry trampoline. However, optimized
code tail called from the interpreter entry trampoline can move the
stack pointer without clearing the stack, which means it can end up with
a pointer into the interpreter entry trampoline on the top of its stack
(in an uninitialized value), and be interpreted as an interpreted frame.

To avoid such optimized code frames being interpreted as interpreted
frames, we now additionally test the frame header, to see if it contains
a valid pointer to a BytecodeArray.

Reland of https://chromium-review.googlesource.com/c/535646/

Change-Id: Iefbf305c9e4b43bebd2fc111663671d2b675e64a
Reviewed-on: https://chromium-review.googlesource.com/536935
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45959}
2017-06-15 13:57:03 +00:00
v8-autoroll
8f74122165 Update V8 DEPS.
Rolling v8/build: 4280b28..3ab6155

Rolling v8/third_party/catapult: 597f96e..59a182b

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Change-Id: Idaf4f74956b999fe846a21efb85850e50e619bbb
Reviewed-on: https://chromium-review.googlesource.com/536514
Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45958}
2017-06-15 03:26:39 +00:00
jshin
4aeb94a42d Use ICU for ID_START, ID_CONTINUE and WhiteSpace check
Use ICU to check ID_Start, ID_Continue and WhiteSpace even for BMP
when V8_INTL_SUPPORT is on (which is default).

Change LineTerminator::Is() to check 4 code points from
ES#sec-line-terminators instead of using tables and Lookup function.

Remove Lowercase::Is(). It's not used anywhere.

Update webkit/{ToNumber,parseFloat}.js to have the correct expectation
for U+180E and the corresponding expected files. This is a follow-up to
an earlier change ( https://codereview.chromium.org/2720953003 ).

CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_win_dbg,v8_mac_dbg;master.tryserver.chromium.android:android_arm64_dbg_recipe
CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_linux_noi18n_rel_ng

BUG=v8:5370,v8:5155
TEST=unittests --gtest_filter=CharP*
TEST=webkit: ToNumber, parseFloat
TEST=test262: built-ins/Number/S9.3*, built-ins/parse{Int,Float}/S15*
TEST=test262: language/white-space/mong*
TEST=test262: built-ins/String/prototype/trim/u180e
TEST=mjsunit: whitespaces

Review-Url: https://codereview.chromium.org/2331303002
Cr-Commit-Position: refs/heads/master@{#45957}
2017-06-14 20:32:49 +00:00
Jaideep Bajwa
8e646bd08c PPC: [heap] Make write barrier safe for the concurrent marker.
Port bd3d091dba

Original Commit Message:

    With concurrent marking the write barrier should trigger even if the
    object is black because the concurrent marker could have fetched
    object field before marking the object black.

R=ulan@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=chromium:694255
LOG=N

Change-Id: I3e3b5b467ab3c2eca45ac8d85523c8af4f5f5d4b
Reviewed-on: https://chromium-review.googlesource.com/535736
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Jaideep Bajwa <bjaideep@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#45956}
2017-06-14 16:59:49 +00:00
Ulan Degenbaev
74aa3ad011 [heap] Add trivial BodyDescriptorWeak for objects without weak fields.
This patch also changes the visitor of BytecodeArray to use
BytecodeArray::BodyDescriptor.

BUG=chromium:733159

Change-Id: I2ac72c97ec51996b5b100c447b543895180f4f78
Reviewed-on: https://chromium-review.googlesource.com/535674
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45955}
2017-06-14 16:01:16 +00:00
Leszek Swirski
8b5fe28cce Revert "[frames] Make interpreted frame detection stricter"
This reverts commit f577b2bb38.

Reason for revert: Failure on https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20verify%20csa/builds/1978

Original change's description:
> [frames] Make interpreted frame detection stricter
> 
> When iterating over stack frames, make the interpreted frame detection
> require that the frame header contains the bytecode array.
> 
> Currently, the stack frame iterator supports bytecode handlers that
> don't create stack frames by checking if the top of the stack (i.e. the
> return address) is the interpreter entry trampoline. However, optimized
> code tail called from the interpreter entry trampoline can move the
> stack pointer without clearing the stack, which means it can end up with
> a pointer into the interpreter entry trampoline on the top of its stack
> (in an uninitialized value), and be interpreted as an interpreted frame.
> 
> To avoid such optimized code frames being interpreted as interpreted
> frames, we now additionally test the frame header, to see if it contains
> a BytecodeArray.
> 
> Change-Id: I4bafcf0f7ce3c973a2e5a312f054d72312bb8a70
> Reviewed-on: https://chromium-review.googlesource.com/535646
> Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#45951}

TBR=kozyatinskiy@chromium.org,leszeks@chromium.org

Change-Id: Icc009cf97b816f6c33574782ed9ab473387886c9
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/535478
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45954}
2017-06-14 16:00:13 +00:00
Toon Verwaest
f719f772f0 Drop invalid DCHECK, hashes can be 0
Bug: chromiume:733118
Change-Id: Ic144342d86fc84bf5c4700cec357ac8f3c6b2cb3
Reviewed-on: https://chromium-review.googlesource.com/535522
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45953}
2017-06-14 15:44:57 +00:00
Michael Lippautz
21389501f5 [heap] Fix adjusting of area end when shrinking large pages
Bug: chromium:733059, chromium:724947
Change-Id: Id7abc22ee0975cd609cc06a02552f68e9e0077e8
Reviewed-on: https://chromium-review.googlesource.com/535596
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45952}
2017-06-14 15:18:01 +00:00
Leszek Swirski
f577b2bb38 [frames] Make interpreted frame detection stricter
When iterating over stack frames, make the interpreted frame detection
require that the frame header contains the bytecode array.

Currently, the stack frame iterator supports bytecode handlers that
don't create stack frames by checking if the top of the stack (i.e. the
return address) is the interpreter entry trampoline. However, optimized
code tail called from the interpreter entry trampoline can move the
stack pointer without clearing the stack, which means it can end up with
a pointer into the interpreter entry trampoline on the top of its stack
(in an uninitialized value), and be interpreted as an interpreted frame.

To avoid such optimized code frames being interpreted as interpreted
frames, we now additionally test the frame header, to see if it contains
a BytecodeArray.

Change-Id: I4bafcf0f7ce3c973a2e5a312f054d72312bb8a70
Reviewed-on: https://chromium-review.googlesource.com/535646
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45951}
2017-06-14 15:16:51 +00:00
Alexey Kozyatinskiy
c2a7550f47 [inspector] expose module variables for Debugger.evaluateOnCallFrame method
Context::Lookup method should support Module variables.

Bug: chromium:717670
Change-Id: I58d3448b9048c7f9dd7ab8b720803b3503cf91ae
Reviewed-on: https://chromium-review.googlesource.com/519389
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45950}
2017-06-14 14:58:12 +00:00
Pierre Langlois
30a29fa26d [arm] Cleanup addrmod1 encoding and Operand class
This cleanup is the result of trying to modify the `Assembler::addrmod1` method
and realising it's very easy to break it. It handles three groups of
instructions with different operands and uses `r0` when a register is not used:

- General case:            rd, rn, (rm|rm shift #imm|rm shift rs)
- Comparison instructions:     rn, (rm|rm shift #imm|rm shift rs)
- Move instructions        rd,     (rm|rm shift #imm|rm shift rs)

Let's use `no_reg` instead of `r0` with explicit checks and assertions so that
it's clear this method is used with multiple types of instructions.
Additionaly, keep the order of operands as "rd", "rn", "rm".

As drive-by fixes, I've taken the opportunity to add a few helper methods to the
`Operand` class.

Bug: 
Change-Id: If8140d804bc90dea1d3c186b3cee54297f91462a
Reviewed-on: https://chromium-review.googlesource.com/531284
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45949}
2017-06-14 14:02:17 +00:00
georgia.kouveli
51a6789bed [arm64] Fix assertion in IsImmLLiteral and enable literal pool tests.
BUG=

Review-Url: https://codereview.chromium.org/2922983002
Cr-Commit-Position: refs/heads/master@{#45948}
2017-06-14 13:52:00 +00:00
jgruber
b1ee17e588 [regexp] Add a RegExp.p.exec fast path for ATOM regexps
Until now, ATOM regexps (i.e. simple patterns don't require regexp matching
logic but can use generic string matching algorithms instead) have always gone
through the slow runtime.

This CL implements a fast path in CSA which simply calls StringIndexOf
internally and then sets up the last-match-info as required.

Local microbenchmarks show a 30% improvement for RE.p.exec on ATOM regexps,
and a 5% improvement on Octane/RegExp.

Bug: v8:6462
Change-Id: I35b4c5caf416fa35fe388dd58e34dea55b098d09
Reviewed-on: https://chromium-review.googlesource.com/535455
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45947}
2017-06-14 13:47:38 +00:00
Caitlin Potter
8ada753888 Reland "[builtins] port Promise.all to CSA"
Simplifies the implementation of IteratorClose in IteratorBuiltinsAssembler, and makes clear that it is only invoked when an exception occurs. Adds exception handling support to GetIterator, IteratorStep, and IteratorCloseOnException.

Moves the Promise.all resolveElement closure and it's caller to
builtins-promise-gen.cc.

Instead of creating an internal array (and copying its elements into a
result
array), a single JSArray is allocated, and appended with
BuildAppendJSArray(),
falling back to %CreateDataProperty(), and elements are updated in the
resolve
closure the same way. This should always be unobservable.

This CL increases the size of snapshot_blob.bin on an x64.release build
by 8.51kb

BUG=v8:5343
R=cbruni@chromium.org, gsathysa@chromium.org, jgruber@chromium.org, hpayer@chromium.org, tebbi@chromium.org

Change-Id: I29c4a529154ef49ad65555ce6ddc2c5b7c9de6b3
Reviewed-on: https://chromium-review.googlesource.com/508473
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45946}
2017-06-14 13:19:37 +00:00
jarin
b267efc706 [deoptimizer] Fix printing of uint32 values.
Review-Url: https://codereview.chromium.org/2937943002
Cr-Commit-Position: refs/heads/master@{#45945}
2017-06-14 12:44:31 +00:00
Jakob Kummerow
2bdb74f75d [cleanup] Refactor parts of builtins-number-gen.cc
Bug: v8:6474

Change-Id: I24d067ac77c2cb557d0b3f6e2c8c512761c160f1
Reviewed-on: https://chromium-review.googlesource.com/531384
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45944}
2017-06-14 12:42:27 +00:00
Michael Starzinger
b5f16bba2a [deoptimizer] Remove support for full-codegen frames.
This removes support for reconstructing stack frames for full-codegen
from the deoptimizer. We no longer deoptimize to such code. This also
allows us to remove the {DeoptimizationOutputData} data structure.

R=jarin@chromium.org
BUG=v8:6409

Change-Id: Id28ef05aa985b6877b5c91926a7d7d0d6d6e661d
Reviewed-on: https://chromium-review.googlesource.com/535537
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45943}
2017-06-14 12:41:22 +00:00
Marja Hölttä
dfb453d713 [objects.h splitting] Fix: inline Factory funcs again.
These were too aggressively de-inlined as part of
https://chromium-review.googlesource.com/c/528102 .

BUG=chromium:733161

Change-Id: I88e9f969dcd6142cbbbb2662edd8108ad687c522
Reviewed-on: https://chromium-review.googlesource.com/535640
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45942}
2017-06-14 12:40:17 +00:00
Michael Achenbach
c94d9d41b8 [build] Fix cfi build
NOTRY=true
NOTREECHECKS=true
TBR=vogelheim@chromium.org

Bug: chromium:726584
Change-Id: I7a20b8897e6db681acec76c135e4d17674e17729
Reviewed-on: https://chromium-review.googlesource.com/535517
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45941}
2017-06-14 12:00:09 +00:00
Ulan Degenbaev
ec27afa8a8 [heap] Fix test-api/Regress528 for concurrent marking.
BUG=chromium:694255
TBR=mlippautz@chromium.org

Change-Id: I5c6fbb392d68a348e3a8b3fb52368232883e9931
Reviewed-on: https://chromium-review.googlesource.com/535594
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45940}
2017-06-14 11:47:06 +00:00
Michael Starzinger
f251e9501c [fullcodegen] Remove support for bailout preparation.
This removes the ability to prepare bailout points in code generated by
the {FullCodeGenerator}. Such code is no longer used as the target of
deoptimization attempts, hence storing deoptimization data is obsolete.

R=jarin@chromium.org
BUG=v8:6409

Change-Id: I3200182a6e88014ce953881fa0d1ac0bc65ee424
Reviewed-on: https://chromium-review.googlesource.com/533153
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45939}
2017-06-14 10:48:02 +00:00
Ulan Degenbaev
bd3d091dba [heap] Make write barrier safe for the concurrent marker.
With concurrent marking the write barrier should trigger even if the
object is black because the concurrent marker could have fetched
object field before marking the object black.

BUG=chromium:694255

Change-Id: Icacc5672defeec85936e37d7d06780c74b97732c
Reviewed-on: https://chromium-review.googlesource.com/533614
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45938}
2017-06-14 09:23:58 +00:00
Michael Lippautz
e459d4b150 [heap] Fix CHECK in concurrent marking
TBR=ulan@chromium.org
NOTRY=true

Bug: chromium:694255
Change-Id: I430fad8916112141eec60914d73640b31d3da9d4
Reviewed-on: https://chromium-review.googlesource.com/535555
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45937}
2017-06-14 08:47:37 +00:00
Michael Starzinger
4c79e6f9ec [test] Remove remaining "noTF" variants of js-perf-tests.
R=machenbach@chromium.org
BUG=v8:6408

Change-Id: I3c785acd30d8feb0541e9acdf0c44225a01cb71c
Reviewed-on: https://chromium-review.googlesource.com/533154
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45936}
2017-06-14 08:12:15 +00:00
Camillo Bruni
66fe2d496d [heap-verify] Relax arguments verification
For unknown Argument object Maps we have to expect that constants fields
are kept on the Map.

Bug: chromium:729597
Change-Id: I110f77455ce434a431c8de27d021b1a5deb86f30
Reviewed-on: https://chromium-review.googlesource.com/532900
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45935}
2017-06-14 07:19:20 +00:00
jgruber
68699c4733 [cleanup] Refactor usages of builtin callables
This completes refactoring started in 0a355777c3.

Bug: v8:6474
Change-Id: Ia2ea66e10e4f1d55551fe145f67f4021ae254b23
Reviewed-on: https://chromium-review.googlesource.com/532997
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45934}
2017-06-14 06:51:23 +00:00
v8-autoroll
84ed74f420 Update V8 DEPS.
Rolling v8/build: 05cc70d..4280b28

Rolling v8/third_party/catapult: e6b02f2..597f96e

Rolling v8/tools/clang: fbd95a5..b7068ad

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Change-Id: I338f86ce6466baded9fcbaea5ed0c00739a661b3
Reviewed-on: https://chromium-review.googlesource.com/535313
Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45933}
2017-06-14 06:50:18 +00:00
machenbach
21ee6d8f8b Revert of [wasm] Increase WebAssembly.Memory maximum size to ~2GB (patchset #10 id:200001 of https://codereview.chromium.org/2903153002/ )
Reason for revert:
gc stress failure:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20gc%20stress/builds/11122

Original issue's description:
> [wasm] Increase WebAssembly.Memory maximum size to 2GB
>
> BUG=v8:6478, chromium:729768
>
> R=bradnelson@chromium.org, eholk@chromium.org
>
> Review-Url: https://codereview.chromium.org/2903153002
> Cr-Commit-Position: refs/heads/master@{#45931}
> Committed: 7e6ed62071

TBR=bradnelson@chromium.org,eholk@chromium.org,gdeepti@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:6478, chromium:729768

Review-Url: https://codereview.chromium.org/2935243002
Cr-Commit-Position: refs/heads/master@{#45932}
2017-06-14 06:39:46 +00:00
gdeepti
7e6ed62071 [wasm] Increase WebAssembly.Memory maximum size to 2GB
BUG=v8:6478, chromium:729768

R=bradnelson@chromium.org, eholk@chromium.org

Review-Url: https://codereview.chromium.org/2903153002
Cr-Commit-Position: refs/heads/master@{#45931}
2017-06-14 00:55:24 +00:00
Ben Smith
284a4804f2 [SAB] Move creation of SharedArrayBuffer/Atomics to InitializeGlobal
It is only attached to the global object if the --harmony-sharedarraybuffer
flag is enabled, but this allows more objects to be added to the snapshot which
seems to reduce the amount of heap memory used per context.

Bug: chromium:724053
Change-Id: I5d1115a0e3ed9abf41cb3ab80d19d622cbef7b93
Reviewed-on: https://chromium-review.googlesource.com/534594
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45930}
2017-06-13 23:45:44 +00:00
bbudge
5d7039eac3 [WASM] Simplify SIMD shuffle opcodes.
- Eliminates S32x4Shuffle, S16x8Shuffle opcodes. All shuffles are subsumed
  by S8x16Shuffle. This aligns us with the latest WASM SIMD spec.

LOG=N
BUG=v8:6020

Review-Url: https://codereview.chromium.org/2923103003
Cr-Commit-Position: refs/heads/master@{#45929}
2017-06-13 23:40:51 +00:00
bbudge
a4cf434f5b [ARM64] Support 128 bit moves and swaps in code generator.
LOG=N
BUG=v8:6020

Review-Url: https://codereview.chromium.org/2928853002
Cr-Commit-Position: refs/heads/master@{#45928}
2017-06-13 22:26:54 +00:00
bmeurer
aea68b5a26 [turbofan] Inline ReturnReceiver builtin into TurboFan.
Builtins::kReturnReceiver is used for the Symbol.iterator function on
iterators, and just returns the iterator itself. For example, for-of
or yield* with a generator will first call generator[Symbol.iterator](),
which simply returns the generator itself. Inlining this particular
builtin into TurboFan is trivial and avoids that call completely,
enabling more possibilities for LoadElimination and EscapeAnalysis
to get rid of even more checks in common generator code.

BUG=v8:6344,v8:6351,v8:6354
R=jgruber@chromium.org

Review-Url: https://codereview.chromium.org/2938683002
Cr-Commit-Position: refs/heads/master@{#45927}
2017-06-13 19:47:54 +00:00
Ulan Degenbaev
223a6f63ea [heap] Fix compile error in concurrent marker.
Change-Id: Ie79607b16270a50ef74261ee8e34a3f1321454c1
Reviewed-on: https://chromium-review.googlesource.com/534233
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45926}
2017-06-13 19:19:05 +00:00
bmeurer
b11c557d32 [builtins] Properly optimize Object.prototype.isPrototypeOf.
Port the baseline implementation of Object.prototype.isPrototypeOf to
the CodeStubAssembler, sharing the existing prototype chain lookup logic
with the instanceof / OrdinaryHasInstance implementation. Based on that,
do the same in TurboFan, introducing a new JSHasInPrototypeChain
operator, which encapsulates the central prototype chain walk logic.

This speeds up Object.prototype.isPrototypeOf by more than a factor of
four, so that the code

  A.prototype.isPrototypeOf(a)

is now performance-wise on par with

  a instanceof A

for the case where A is a regular constructor function and a is an
instance of A.

Since instanceof does more than just the fundamental prototype chain
lookup, it was discovered in Node core that O.p.isPrototypeOf would
be a more appropriate alternative for certain sanity checks, since
it's less vulnerable to monkey-patching. In addition, the Object
builtin would also avoid the performance-cliff associated with
instanceof (due to the Symbol.hasInstance hook), as for example hit
by https://github.com/nodejs/node/pull/13403#issuecomment-305915874.
The main blocker was the missing performance of isPrototypeOf, since
it was still a JS builtin backed by a runtime call.

This CL also adds more test coverage for the
Object.prototype.isPrototypeOf builtin, especially when called from
optimized code.

CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_rel_ng
BUG=v8:5269,v8:5989,v8:6483
R=jgruber@chromium.org

Review-Url: https://codereview.chromium.org/2934893002
Cr-Commit-Position: refs/heads/master@{#45925}
2017-06-13 19:14:00 +00:00
Adam Klein
8196e10265 [builtins] Move most WeakMap/WeakSet code from JS to C++ builtins
They were already implemented mostly in C++ (only error/negative
cases were handled in script), so this is mostly just a cleanup.
Only the constructors remain in script after this CL.

Bug: v8:6354
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I5b3579337a8e33dc30d49c2da5cfd42baec697bb
Reviewed-on: https://chromium-review.googlesource.com/531670
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45924}
2017-06-13 19:12:15 +00:00
Michael Lippautz
041d7339e3 [heap] Fix memory allocator counters for partially releasing pages
Bug: chromium:724947
Change-Id: I287677b2cf18154bcbc0d0a5b15d12455d73d0c3
Reviewed-on: https://chromium-review.googlesource.com/534153
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45923}
2017-06-13 18:55:53 +00:00
Michael Achenbach
a0aec7b29e [build] Split v8_base on static-library builds on windows
Bug: v8:6461
Change-Id: Iafabf2d53aa6492b78a9e5ae683f010453bb195d
Reviewed-on: https://chromium-review.googlesource.com/533014
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45922}
2017-06-13 18:26:53 +00:00
Ulan Degenbaev
d701edfc15 [base] Make the current platform accessor atomic.
TracingCpuProfiler test updates the current plaform while
concurrent marking is running.

This patch also disables stress-incremental-marking for
mjsunit/regress-430201.

BUG=chromium:694255

Change-Id: I85ff538c47bce0300cde3204989ef3f9512b805f
Reviewed-on: https://chromium-review.googlesource.com/533873
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45921}
2017-06-13 17:51:55 +00:00
Michael Lippautz
35b9776f81 [heap] Move AccessMode out from MarkBit into globals
Bug: 
Change-Id: I5ea0e072c3ac100a6f3bed62a9a4d2c11d2b7c9a
Reviewed-on: https://chromium-review.googlesource.com/533414
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45920}
2017-06-13 17:49:17 +00:00
Michael Lippautz
4a2d015537 [heap] Avoid map loads in LiveObjectIterator
Help the compiler a bit by moving the loads into the ctor.

Bug: 
Change-Id: I62deff0ee7252ea78dfec380e791ec958886005d
Reviewed-on: https://chromium-review.googlesource.com/533534
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45919}
2017-06-13 16:58:12 +00:00
Mircea Trofin
5db4364f47 [wasm] Correctly reset memory size to default instead of 0.
Bug: chromium:731351
Change-Id: I810986cba2f575da9de2c4bb70c250784148eeb5
Reviewed-on: https://chromium-review.googlesource.com/532634
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45918}
2017-06-13 16:39:52 +00:00
Igor Sheludko
24d40afb03 [runtime] Cleanup SharedFunctionInfo fields definitions (9).
Introduce DEFINE_FIELD_OFFSET_CONSTANTS macro for defining a contiguous
sequence of field offsets.
In addition, this CL turns last two Smi fields to int fields.

Bug: v8:6470
Change-Id: I12a6ad8d7b444772dbc01bba6734080f1d5eccdc
Reviewed-on: https://chromium-review.googlesource.com/532913
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45917}
2017-06-13 16:17:00 +00:00
Toon Verwaest
cbaae3b6e0 [runtime] Use IsDecimalDigit in StringHasher rather than manual check
Bug: 
Change-Id: Ia347ed26ae93730a6bc58bcd6f5edb19b8ded5a9
Reviewed-on: https://chromium-review.googlesource.com/533413
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45916}
2017-06-13 15:45:59 +00:00
Ulan Degenbaev
7eaf3a01e0 [debugger] Abort incremental marking in debug::GetLoadedScripts.
The GC performed in GetLoadedScripts currently finalizes incremental
marking, which fails in some tests due to floating garbage.

BUG=chromium:694255

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ic1fdd2fb123c02ed7bea4c9fb53024574758b536
Reviewed-on: https://chromium-review.googlesource.com/533334
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45915}
2017-06-13 15:29:25 +00:00
hpayer
ded5a1933e [heap] Retire V8_MAX_SEMISPACE_SIZE compile time flag.
Use the flags to configure the maximum semi-space size instead.

BUG=

Review-Url: https://codereview.chromium.org/2941473003
Cr-Commit-Position: refs/heads/master@{#45914}
2017-06-13 15:28:33 +00:00