Commit Graph

5417 Commits

Author SHA1 Message Date
mythria
d0e01b0ba0 [Interpreter] Adds a placeholder merge node when visiting jumps.
This is to fix a bug in the bytecode graph builder. This cl adds a new merge
node before we copy the environment on conditional/unconditional jumps. Since
these environments could be merged later, we add a place holder merge so that
the control dependencies are correctly merged. If we do not have a merge node
we may incorrectly merge the dependencies into the previous block.
For ex: test-run-variables/ContextStoreVariables in cctests.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1641143002

Cr-Commit-Position: refs/heads/master@{#33591}
2016-01-28 16:22:01 +00:00
mtrofin
d1083526a6 Preparing the terrain for frame elision. This change is necessary to
avoid jump threading erasing the reconstruction of a frame, if the
frame was elided.

BUG=

Review URL: https://codereview.chromium.org/1642823002

Cr-Commit-Position: refs/heads/master@{#33590}
2016-01-28 16:15:12 +00:00
ivica.bogosavljevic
ca404f3c15 Revert of MIPS: Add FPXX support to MIPS32R2 (patchset #3 id:40001 of https://codereview.chromium.org/1586223004/ )
Reason for revert:
Revert patch due to a number of failures appearing on the MIPS v8 simulator

Original issue's description:
> MIPS: Add FPXX support to MIPS32R2
>
> The JIT code generated by V8 is FPXX compliant
> when v8 compiled with FPXX flag. This allows the code to
> run in both FP=1 and FP=0 mode. It also alows v8 to be used
> as a library by both FP32 and FP64 binaries.
>
> BUG=
>
> Committed: https://crrev.com/95110dde666158a230a823fd50a68558ad772320
> Cr-Commit-Position: refs/heads/master@{#33576}

TBR=paul.lind@imgtec.com,gergely.kis@imgtec.com,akos.palfi@imgtec.com,ilija.pavlovic@imgtec.com,marija.antic@imgtec.com,miran.karic@imgtec.com,balazs.kilvady@imgtec.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1646813003

Cr-Commit-Position: refs/heads/master@{#33583}
2016-01-28 13:09:39 +00:00
bmeurer
cb9b801069 [builtins] Make Math.max and Math.min fast by default.
The previous versions of Math.max and Math.min made it difficult to
optimize those (that's why we already have custom code in Crankshaft),
and due to lack of ideas what to do about the variable number of
arguments, we will probably need to stick in special code in TurboFan
as well; so inlining those builtins is off the table, hence there's no
real advantage in having them around as "not quite JS" with extra work
necessary in the optimizing compilers to still make those builtins
somewhat fast in cases where we cannot inline them (also there's a
tricky deopt loop in Crankshaft related to Math.min and Math.max, but
that will be dealt with later).

So to sum up: Instead of trying to make Math.max and Math.min semi-fast
in the optimizing compilers with weird work-arounds support %_Arguments
%_ArgumentsLength, we do provide the optimal code as native builtins
instead and call it a day (which gives a nice performance boost on some
benchmarks).

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1641083003

Cr-Commit-Position: refs/heads/master@{#33582}
2016-01-28 13:07:09 +00:00
titzer
d51398feea [wasm] Fix decoding failures for tableswitch.
R=ahaas@chromium.org, bradnelson@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1642043002

Cr-Commit-Position: refs/heads/master@{#33581}
2016-01-28 12:54:42 +00:00
mstarzinger
8bfa1ea33a [interpreter] Translate exception handlers into graph.
This translates the exception handler table attached to a bytecode array
correctly into exceptional projections within the TurboFan graph. We
perform an abstract simulation of handlers that are being entered and
exited by the bytecode iteration to track the correct handler for each
node.

R=oth@chromium.org
BUG=v8:4674
LOG=n

Review URL: https://codereview.chromium.org/1641723002

Cr-Commit-Position: refs/heads/master@{#33580}
2016-01-28 12:18:24 +00:00
ivica.bogosavljevic
95110dde66 MIPS: Add FPXX support to MIPS32R2
The JIT code generated by V8 is FPXX compliant
when v8 compiled with FPXX flag. This allows the code to
run in both FP=1 and FP=0 mode. It also alows v8 to be used
as a library by both FP32 and FP64 binaries.

BUG=

Review URL: https://codereview.chromium.org/1586223004

Cr-Commit-Position: refs/heads/master@{#33576}
2016-01-28 09:34:01 +00:00
alph
4bf8bf784f Fix CollectSampleAPI test flakiness.
There might be more native functions at root node, e.g. b.CreateDoubleResultArray

TBR=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1644663003

Cr-Commit-Position: refs/heads/master@{#33564}
2016-01-27 20:26:05 +00:00
mvstanton
a702785156 Revert of Type Feedback Vector lives in the closure (patchset #2 id:20001 of https://codereview.chromium.org/1642613002/ )
Reason for revert:
Bug: failing to use write barrier when writing code entry into closure.

Original issue's description:
> Reland of Type Feedback Vector lives in the closure
>
> (Fixed a bug found by nosnap builds.)
>
> We get less "pollution" of type feedback if we have one vector per native
> context, rather than one for the whole system. This CL moves the vector
> appropriately.
>
> We rely more heavily on the Optimized Code Map in the SharedFunctionInfo. The
> vector actually lives in the first slot of the literals array (indeed there is
> great commonality between those arrays, they can be thought of as the same
> thing). So we make greater effort to ensure there is a valid literals array
> after compilation.
>
> This meant, for performance reasons, that we needed to extend
> FastNewClosureStub to support creating closures with literals. And ultimately,
> it drove us to move the optimized code map lookup out of FastNewClosureStub
> and into the compile lazy builtin.
>
> The heap change is trivial so I TBR Hannes for it...
>
> TBR=hpayer@chromium.org
> BUG=
>
> Committed: https://crrev.com/d984b3b0ce91e55800f5323b4bb32a06f8a5aab1
> Cr-Commit-Position: refs/heads/master@{#33548}

TBR=bmeurer@chromium.org,yangguo@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1643533003

Cr-Commit-Position: refs/heads/master@{#33556}
2016-01-27 15:05:38 +00:00
mlippautz
004ce08da6 Reland of "[heap] Parallel newspace evacuation, semispace copy, and compaction \o/"
This reverts commit 85ba94f28c.

All parallelism can be turned off using --predictable, or --noparallel-compaction.

This patch completely parallelizes
 - semispace copy: from space -> to space (within newspace)
 - newspace evacuation: newspace -> oldspace
 - oldspace compaction: oldspace -> oldspace

Previously newspace has been handled sequentially (semispace copy, newspace
evacuation) before compacting oldspace in parallel. However, on a high level
there are no dependencies between those two actions, hence we parallelize them
altogether. We base the number of evacuation tasks on the overall set of
to-be-processed pages (newspace + oldspace compaction pages).

Some low-level details:
 - The hard cap on number of tasks has been lifted
 - We cache store buffer entries locally before merging them back into the global
   StoreBuffer in a finalization phase.
 - We cache AllocationSite operations locally before merging them back into the
   global pretenuring storage in a finalization phase.
 - AllocationSite might be compacted while they would be needed for newspace
   evacuation. To mitigate any problems we defer checking allocation sites for
   newspace till merging locally buffered data.

CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_asan_rel,v8_linux64_tsan_rel,v8_mac64_asan_rel
BUG=chromium:524425
LOG=N
R=hpayer@chromium.org, ulan@chromium.org

Review URL: https://codereview.chromium.org/1640563004

Cr-Commit-Position: refs/heads/master@{#33552}
2016-01-27 13:24:59 +00:00
mvstanton
d984b3b0ce Reland of Type Feedback Vector lives in the closure
(Fixed a bug found by nosnap builds.)

We get less "pollution" of type feedback if we have one vector per native
context, rather than one for the whole system. This CL moves the vector
appropriately.

We rely more heavily on the Optimized Code Map in the SharedFunctionInfo. The
vector actually lives in the first slot of the literals array (indeed there is
great commonality between those arrays, they can be thought of as the same
thing). So we make greater effort to ensure there is a valid literals array
after compilation.

This meant, for performance reasons, that we needed to extend
FastNewClosureStub to support creating closures with literals. And ultimately,
it drove us to move the optimized code map lookup out of FastNewClosureStub
and into the compile lazy builtin.

The heap change is trivial so I TBR Hannes for it...

TBR=hpayer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1642613002

Cr-Commit-Position: refs/heads/master@{#33548}
2016-01-27 12:53:42 +00:00
mstarzinger
e3014ad848 [interpreter] Fix BytecodeGraphBuilder for disabled deopt.
This ensures that the BytecodeGraphBuilder can generate correct graphs
even when deoptimization has not been enabled. This configuration is not
enabled in production, and we might eventually decide to deprecate it
for good. Until then, this is a quick fix.

R=jarin@chromium.org
TEST=cctest/test-pipeline

Review URL: https://codereview.chromium.org/1640683002

Cr-Commit-Position: refs/heads/master@{#33545}
2016-01-27 12:08:27 +00:00
oth
95bec7e7b1 [interpreter] Reduce move operations for wide register support.
Introduces the concept of transfer direction to register operands. This
enables the register translator to emit exactly the moves that a
bytecode having it's register operands translated needs.

BUG=v8:4280,v8:4675
LOG=N

Review URL: https://codereview.chromium.org/1633153002

Cr-Commit-Position: refs/heads/master@{#33544}
2016-01-27 11:15:56 +00:00
titzer
1e1f72f3a6 [wasm] Factor out WasmModuleInstance from ModuleEnv.
R=ahaas@chromium.org,bradnelson@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1637923002

Cr-Commit-Position: refs/heads/master@{#33541}
2016-01-27 11:04:40 +00:00
machenbach
85ba94f28c Revert of [heap] Parallel newspace evacuation, semispace copy, and compaction \o/ (patchset #16 id:620001 of https://codereview.chromium.org/1577853007/ )
Reason for revert:
[Sheriff] Leads to crashes on all webrtc chromium testers, e.g.:
https://build.chromium.org/p/chromium.webrtc/builders/Mac%20Tester/builds/49664

Original issue's description:
> [heap] Parallel newspace evacuation, semispace copy, and compaction \o/
>
> All parallelism can be turned off using --predictable, or --noparallel-compaction.
>
> This patch completely parallelizes
>  - semispace copy: from space -> to space (within newspace)
>  - newspace evacuation: newspace -> oldspace
>  - oldspace compaction: oldspace -> oldspace
>
> Previously newspace has been handled sequentially (semispace copy, newspace
> evacuation) before compacting oldspace in parallel. However, on a high level
> there are no dependencies between those two actions, hence we parallelize them
> altogether. We base the number of evacuation tasks on the overall set of
> to-be-processed pages (newspace + oldspace compaction pages).
>
> Some low-level details:
>  - The hard cap on number of tasks has been lifted
>  - We cache store buffer entries locally before merging them back into the global
>    StoreBuffer in a finalization phase.
>  - We cache AllocationSite operations locally before merging them back into the
>    global pretenuring storage in a finalization phase.
>  - AllocationSite might be compacted while they would be needed for newspace
>    evacuation. To mitigate any problems we defer checking allocation sites for
>    newspace till merging locally buffered data.
>
> CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_asan_rel,v8_linux64_tsan_rel,v8_mac64_asan_rel
> BUG=chromium:524425
> LOG=N
> R=hpayer@chromium.org, ulan@chromium.org
>
> Committed: https://crrev.com/8f0fd8c0370ae8c5aab56491b879d7e30c329062
> Cr-Commit-Position: refs/heads/master@{#33523}

TBR=hpayer@chromium.org,ulan@chromium.org,mlippautz@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:524425

Review URL: https://codereview.chromium.org/1643473002

Cr-Commit-Position: refs/heads/master@{#33539}
2016-01-27 09:11:51 +00:00
yangguo
a2baaaac93 [regexp] implement case-insensitive unicode regexps.
BUG=v8:2952
LOG=N

Review URL: https://codereview.chromium.org/1599303002

Cr-Commit-Position: refs/heads/master@{#33538}
2016-01-27 08:25:38 +00:00
neis
2a0e4225dd Fix bug where generators got closed prematurely.
In a generator function, the parser rewrites a return statement into a "final"
yield.  A final yield used to close the generator, which was incorrect because
the return may occur inside a try-finally clause and so the generator may not
yet terminate.

BUG=

Review URL: https://codereview.chromium.org/1634553002

Cr-Commit-Position: refs/heads/master@{#33537}
2016-01-27 08:13:24 +00:00
adamk
b874e3d521 Treat yield expressions as an AssignmentPattern error
They were already treated as a BindingPattern error; this patch simply
replaces that call with one marking them as both a binding and assignment
error, and adds parsing tests for both cases.

BUG=v8:4707
LOG=n

Review URL: https://codereview.chromium.org/1632303002

Cr-Commit-Position: refs/heads/master@{#33528}
2016-01-26 21:15:53 +00:00
alph
7068caf5fd Add CollectSample API function to CpuProfiler
It allows embedder to inject a stack sample on demand.

BUG=chromium:579191
LOG=N

Review URL: https://codereview.chromium.org/1631043002

Cr-Commit-Position: refs/heads/master@{#33527}
2016-01-26 20:48:28 +00:00
rmcilroy
04c00ee938 [Interpreter] Implement do expressions.
Implements do expressions for the Ignition.

BUG=v8:4685
LOG=N

Review URL: https://codereview.chromium.org/1632213002

Cr-Commit-Position: refs/heads/master@{#33525}
2016-01-26 17:19:14 +00:00
mlippautz
8f0fd8c037 [heap] Parallel newspace evacuation, semispace copy, and compaction \o/
All parallelism can be turned off using --predictable, or --noparallel-compaction.

This patch completely parallelizes
 - semispace copy: from space -> to space (within newspace)
 - newspace evacuation: newspace -> oldspace
 - oldspace compaction: oldspace -> oldspace

Previously newspace has been handled sequentially (semispace copy, newspace
evacuation) before compacting oldspace in parallel. However, on a high level
there are no dependencies between those two actions, hence we parallelize them
altogether. We base the number of evacuation tasks on the overall set of
to-be-processed pages (newspace + oldspace compaction pages).

Some low-level details:
 - The hard cap on number of tasks has been lifted
 - We cache store buffer entries locally before merging them back into the global
   StoreBuffer in a finalization phase.
 - We cache AllocationSite operations locally before merging them back into the
   global pretenuring storage in a finalization phase.
 - AllocationSite might be compacted while they would be needed for newspace
   evacuation. To mitigate any problems we defer checking allocation sites for
   newspace till merging locally buffered data.

CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_asan_rel,v8_linux64_tsan_rel,v8_mac64_asan_rel
BUG=chromium:524425
LOG=N
R=hpayer@chromium.org, ulan@chromium.org

Review URL: https://codereview.chromium.org/1577853007

Cr-Commit-Position: refs/heads/master@{#33523}
2016-01-26 15:08:31 +00:00
jarin
cfaeb63b68 Replace HeapType with a non-templated FieldType class.
This replace HeapType with a dedicated class that implements just what we need for field type tracking. In the next CL, I plan to remove FieldType::Iterator because FieldType can iterate over at most one map.

The ultimate plan is to get rid of templates in types.(h|cc) and remove type-inl.h.

TBR=rossberg@chromium.org

Review URL: https://codereview.chromium.org/1636013002

Cr-Commit-Position: refs/heads/master@{#33521}
2016-01-26 15:03:57 +00:00
mvstanton
e2e7dc32ef Revert of Type Feedback Vector lives in the closure (patchset #12 id:260001 of https://codereview.chromium.org/1563213002/ )
Reason for revert:
FAilure on win32 bot, need to investigate webkit failures.

Original issue's description:
> Type Feedback Vector lives in the closure
>
> We get less "pollution" of type feedback if we have one vector per native
> context, rather than one for the whole system. This CL moves the vector
> appropriately.
>
> We rely more heavily on the Optimized Code Map in the SharedFunctionInfo. The
> vector actually lives in the first slot of the literals array (indeed there is
> great commonality between those arrays, they can be thought of as the same
> thing). So we make greater effort to ensure there is a valid literals array
> after compilation.
>
> This meant, for performance reasons, that we needed to extend
> FastNewClosureStub to support creating closures with literals. And ultimately,
> it drove us to move the optimized code map lookup out of FastNewClosureStub
> and into the compile lazy builtin.
>
> The heap change is trivial so I TBR Hannes for it...
>
> TBR=hpayer@chromium.org
>
> BUG=
>
> Committed: https://crrev.com/a5200f7ed4d11c6b882fa667da7a1864226544b4
> Cr-Commit-Position: refs/heads/master@{#33518}

TBR=bmeurer@chromium.org,akos.palfi@imgtec.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1632993003

Cr-Commit-Position: refs/heads/master@{#33520}
2016-01-26 15:02:29 +00:00
mvstanton
a5200f7ed4 Type Feedback Vector lives in the closure
We get less "pollution" of type feedback if we have one vector per native
context, rather than one for the whole system. This CL moves the vector
appropriately.

We rely more heavily on the Optimized Code Map in the SharedFunctionInfo. The
vector actually lives in the first slot of the literals array (indeed there is
great commonality between those arrays, they can be thought of as the same
thing). So we make greater effort to ensure there is a valid literals array
after compilation.

This meant, for performance reasons, that we needed to extend
FastNewClosureStub to support creating closures with literals. And ultimately,
it drove us to move the optimized code map lookup out of FastNewClosureStub
and into the compile lazy builtin.

The heap change is trivial so I TBR Hannes for it...

TBR=hpayer@chromium.org

BUG=

Review URL: https://codereview.chromium.org/1563213002

Cr-Commit-Position: refs/heads/master@{#33518}
2016-01-26 14:21:08 +00:00
oth
19df7a20f0 [interpreter] Wide register support.
This increases the size of register operands to be 16-bit.

Not all bytecodes have wide register variants, so when they are
needed a register translator will copy them into a small area
reserved at the top of the 8-bit register range and these registers
are supplied as arguments to the bytecode with 8-bit operands.

This is non-intrusive for typical bytecode where the number of
registers is less than 120. For bytecodes with wide register
operands (above the window) their index needs to be translated
to avoid the reserved translation window.

Enables splay.js to run in Octane and a handful of mjsunit tests.

BUG=v8:4280,v8:4675
LOG=NO

Review URL: https://codereview.chromium.org/1613163002

Cr-Commit-Position: refs/heads/master@{#33516}
2016-01-26 13:56:17 +00:00
mlippautz
8391d425ed [heap] Cleanup SemiSpace
- Remove semispace target capacity: It's unused and adds some unneeded
  complexity

- Enforcing decl order for SemiSpace
- Move forward declarations in spaces.h to top
- Add all members to default constructor

BUG=chromium:581076
LOG=N

Review URL: https://codereview.chromium.org/1631713002

Cr-Commit-Position: refs/heads/master@{#33515}
2016-01-26 13:50:33 +00:00
mstarzinger
fd5505ca15 [interpreter] Fix how 'throw' is translated to TurboFan.
This fixes the translation of 'throw' bytecodes to TurboFan graphs. The
correct runtime function is being used now, also the frame states are
attached to the correct nodes now.

R=mythria@chromium.org
TEST=cctest/test-run-jsexceptions/ThrowMessageIndirectly
BUG=v8:4674
LOG=n

Review URL: https://codereview.chromium.org/1636033002

Cr-Commit-Position: refs/heads/master@{#33513}
2016-01-26 13:23:44 +00:00
rmcilroy
befe61fa3e [Interpreter] Add native function literal support.
Adds support for calling native function literals. Moves the logic for building
the native function's SharedFunctionInfo out of full-codegen into compiler.cc
to allow it to be shared between fullcodegen and Ignition.

BUG=v8:4686
LOG=N

Review URL: https://codereview.chromium.org/1635553002

Cr-Commit-Position: refs/heads/master@{#33510}
2016-01-26 11:30:46 +00:00
mstarzinger
b707ca4b54 [interpreter] Deprecate --ignition-fallback-on-catch flag.
The current support for try-catch in the interpreter can handle most of
the cases appearing in our test suite. Also the flag in question did not
detect try-finally constructs. This removes the flag and instead extends
the test expectations.

R=rmcilroy@chromium.org
BUG=v8:4674
LOG=n

Review URL: https://codereview.chromium.org/1631593003

Cr-Commit-Position: refs/heads/master@{#33494}
2016-01-25 15:57:51 +00:00
jochen
85f32f1fc8 Don't NULL-check GlobalHandle::Node::object_
If it's Smi::FromInt(0), the NULL check would trigger. Instead, use the
handle-zap value to mean "not set".

BUG=v8:3647,chromium:580651
R=vogelheim@chromium.org
LOG=y

Review URL: https://codereview.chromium.org/1628173002

Cr-Commit-Position: refs/heads/master@{#33492}
2016-01-25 13:10:09 +00:00
mlippautz
5eff542054 [heap] Cleanup: Remove WAS_SWEPT flag.
- Completely rely on the concurrent sweeping state for SweepingCompleted()
- Rename the state accordingly.

CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_asan_rel,v8_linux64_tsan_rel,v8_mac64_asan_rel
R=hpayer@chromium.org

Review URL: https://codereview.chromium.org/1614953002

Cr-Commit-Position: refs/heads/master@{#33490}
2016-01-25 12:33:35 +00:00
rmcilroy
9602f4b2d2 [Interpreter] Remove skips which have been fixed with Exceptions and For...Of.
BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1627943003

Cr-Commit-Position: refs/heads/master@{#33489}
2016-01-25 12:23:38 +00:00
rmcilroy
677e54e244 [Interpreter] Always store current context in the frames context slot.
Change the interpreter to always store the current context in the frame's
context slot instead of the function context. This makes it possible to
restore the correct context during deopt.

BUG=v8:4678,v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1604923002

Cr-Commit-Position: refs/heads/master@{#33477}
2016-01-23 00:07:49 +00:00
mstarzinger
00b0a53685 [interpreter] Re-enable some tests that pass by now.
These tests have been disabled while support for try-finally was work in
progress. By now control flow is connected properly and the tests pass.

R=oth@chromium.org
BUG=v8:4674
LOG=n

Review URL: https://codereview.chromium.org/1626503002

Cr-Commit-Position: refs/heads/master@{#33474}
2016-01-22 17:11:17 +00:00
ofrobots
f7304757ae Revert "Revert of [profiler] Implement POC Sampling Heap Profiler (patchset #12 id:220001 of https://codereview.chromium.org/1555553002/ )"
This reverts commit 77df8659c2.

BUG=

Review URL: https://codereview.chromium.org/1618693004

Cr-Commit-Position: refs/heads/master@{#33473}
2016-01-22 16:36:57 +00:00
mstarzinger
475d178f2e [interpreter] Add ReThrow bytecode for try-finally support.
This adds an explicit ReThrow bytecode to be used in the modelling of
try-finally statements. An exception that is being re-thrown should not
trigger message object creation or location computation and hence cannot
use the existing Throw bytecode.

R=rmcilroy@chromium.org
TEST=cctest/test-interpreter/InterpreterTryFinally
BUG=v8:4674
LOG=n

Review URL: https://codereview.chromium.org/1621673002

Cr-Commit-Position: refs/heads/master@{#33472}
2016-01-22 16:26:16 +00:00
rmcilroy
380f8c8f46 [Interpreter] Add ForOf support.
Adds support for ForOf to the interpreter.

BUG=v8:4685
LOG=N

Review URL: https://codereview.chromium.org/1618693005

Cr-Commit-Position: refs/heads/master@{#33470}
2016-01-22 15:54:59 +00:00
mstarzinger
42630a8224 [interpreter] Fix bogus test expecation for bytecode generator.
TBR=rmcilroy@chromium.org
TEST=cctest/test-bytecode-generator
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1612373004

Cr-Commit-Position: refs/heads/master@{#33466}
2016-01-22 13:04:39 +00:00
mstarzinger
e175e39fed [interpreter] Implement handling of try-finally constructs.
This models function local control flow through try-finally constructs
using a token dispatch mechanism. All paths through the finally block
are assigned a token, at the end of the finally block a switch construct
dispatches according to this token.

R=oth@chromium.org,rmcilroy@chromium.org
BUG=v8:4674
LOG=n

Review URL: https://codereview.chromium.org/1613443002

Cr-Commit-Position: refs/heads/master@{#33465}
2016-01-22 12:43:57 +00:00
rmcilroy
847ac580f1 [Interpreter] Ensure context is popped when we break or continue
Break and continue operations need to pop the context chain to the
correct context before jumping to the target.

BUG=v8:4280,v8:4678
LOG=N

Review URL: https://codereview.chromium.org/1618693002

Cr-Commit-Position: refs/heads/master@{#33464}
2016-01-22 12:42:47 +00:00
mstarzinger
ca51c204e1 [interpreter] Fix return address when entering exception handler.
This fixes the broken return address when the exception handler within
interpreted bytecode is being entered via stack unwinding. The address
in question will never actually be taken, but our stack walker uses this
address to determine whether a frame is interpreted.

R=rmcilroy@chromium.org
TEST=cctest/test-interpreter/InterpreterTryCatch
BUG=v8:4674
LOG=n

Review URL: https://codereview.chromium.org/1615063002

Cr-Commit-Position: refs/heads/master@{#33463}
2016-01-22 11:17:12 +00:00
ishell
ed2be747ad Array length reduction should throw in strict mode if it can't delete an element.
When accessor getter callback is called the v8::PropertyCallbackInfo::ShouldThrowOnError() is always false, since according to ES6 there's no difference between strict and non-strict property loads. For the setter case the v8::PropertyCallbackInfo::ShouldThrowOnError() returns true if the property is set in strict context.

Interceptors follow same idea: for getter, enumerator and query callbacks the v8::PropertyCallbackInfo::ShouldThrowOnError() is always false, and for setter and deleter callback the v8::PropertyCallbackInfo::ShouldThrowOnError() returns true in strict context.

This CL also cleans up the CallApiGetterStub and removes bogus asserts from [arm] Push(reg1, reg2, ..., regN) that prevented from pushing a set of registers containing duplicates.

BUG=v8:4267
LOG=Y

Committed: https://crrev.com/1d3e837fcbbd9d9fd5e72dfe85dfd47c025f3c9f
Cr-Commit-Position: refs/heads/master@{#33438}

Review URL: https://codereview.chromium.org/1587073003

Cr-Commit-Position: refs/heads/master@{#33461}
2016-01-22 09:53:51 +00:00
ofrobots
77df8659c2 Revert of [profiler] Implement POC Sampling Heap Profiler (patchset #12 id:220001 of https://codereview.chromium.org/1555553002/ )
Reason for revert:
The random nature of the tests caused the following buildbot to fail: https://build.chromium.org/p/client.v8/builders/V8%20Linux%20gcc%204.8/builds/4724/steps/Check/logs/stdio

Original issue's description:
> [profiler] Implement POC Sampling Heap Profiler
>
> This implements a proof-of-concept sampling based heap profiler inspired by
> tcmalloc's heap profiler [1] and Go's mprof/memprofile [2].
>
> The basic idea is the sample allocations using a randomized Poisson process. At
> any point in time we can cheaply request the set of live sample objects that
> should be a representative sample of heap. Samples include stack-traces from the
> allocation sites, making this an effective tool for memory leak debugging.
>
> Unlike AllocationTracking, this is intended to be cheap and usable online in
> production.
>
> The proof-of-concept is only sampling new-space allocations at this point.
> Support for sampling paged space and native allocations is anticipated in the
> future.
>
> [1] http://goog-perftools.sourceforge.net/doc/heap_profiler.html
> [2] http://blog.golang.org/profiling-go-programs
>
> Committed: https://crrev.com/e5a9947811db9c9e23557dbad27f8b8a349b3262
> Cr-Commit-Position: refs/heads/master@{#33448}

TBR=jochen@chromium.org,alph@chromium.org,hpayer@chromium.org,yangguo@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1615173002

Cr-Commit-Position: refs/heads/master@{#33449}
2016-01-21 22:08:55 +00:00
ofrobots
e5a9947811 [profiler] Implement POC Sampling Heap Profiler
This implements a proof-of-concept sampling based heap profiler inspired by
tcmalloc's heap profiler [1] and Go's mprof/memprofile [2].

The basic idea is the sample allocations using a randomized Poisson process. At
any point in time we can cheaply request the set of live sample objects that
should be a representative sample of heap. Samples include stack-traces from the
allocation sites, making this an effective tool for memory leak debugging.

Unlike AllocationTracking, this is intended to be cheap and usable online in
production.

The proof-of-concept is only sampling new-space allocations at this point.
Support for sampling paged space and native allocations is anticipated in the
future.

[1] http://goog-perftools.sourceforge.net/doc/heap_profiler.html
[2] http://blog.golang.org/profiling-go-programs

Review URL: https://codereview.chromium.org/1555553002

Cr-Commit-Position: refs/heads/master@{#33448}
2016-01-21 21:13:44 +00:00
machenbach
575e90c1d0 Revert of Array length reduction should throw in strict mode if it can't delete an element. (patchset #7 id:220001 of https://codereview.chromium.org/1587073003/ )
Reason for revert:
[Sheriff] Breaks layout tests. Please fix upstream.
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/4077

Original issue's description:
> Array length reduction should throw in strict mode if it can't delete an element.
>
> When accessor getter callback is called the v8::PropertyCallbackInfo::ShouldThrowOnError() is always false, since according to ES6 there's no difference between strict and non-strict property loads. For the setter case the v8::PropertyCallbackInfo::ShouldThrowOnError() returns true if the property is set in strict context.
>
> Interceptors follow same idea: for getter, enumerator and query callbacks the v8::PropertyCallbackInfo::ShouldThrowOnError() is always false, and for setter and deleter callback the v8::PropertyCallbackInfo::ShouldThrowOnError() returns true in strict context.
>
> This CL also cleans up the CallApiGetterStub and removes bogus asserts from [arm] Push(reg1, reg2, ..., regN) that prevented from pushing a set of registers containing duplicates.
>
> BUG=v8:4267
> LOG=Y
>
> Committed: https://crrev.com/1d3e837fcbbd9d9fd5e72dfe85dfd47c025f3c9f
> Cr-Commit-Position: refs/heads/master@{#33438}

TBR=verwaest@chromium.org,ishell@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4267

Review URL: https://codereview.chromium.org/1611313003

Cr-Commit-Position: refs/heads/master@{#33444}
2016-01-21 18:54:28 +00:00
titzer
3b6b8119ff [wasm] Add utilities to print out WASM ast directly from the bytes.
Motivated by finding a bug in a larger module, this CL adds the ability
to dump out a byte-by-byte, nested view of the decoded AST. This
byte-by-byte output uses the opcode enum to make it readable, but is
suitable for pasting into a byte[] in C or JS and thus making a regression
test.

Also fix a bug; the case of running out of registers for indirect calls.

R=ahaas@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1616973004

Cr-Commit-Position: refs/heads/master@{#33442}
2016-01-21 16:11:19 +00:00
ishell
1d3e837fcb Array length reduction should throw in strict mode if it can't delete an element.
When accessor getter callback is called the v8::PropertyCallbackInfo::ShouldThrowOnError() is always false, since according to ES6 there's no difference between strict and non-strict property loads. For the setter case the v8::PropertyCallbackInfo::ShouldThrowOnError() returns true if the property is set in strict context.

Interceptors follow same idea: for getter, enumerator and query callbacks the v8::PropertyCallbackInfo::ShouldThrowOnError() is always false, and for setter and deleter callback the v8::PropertyCallbackInfo::ShouldThrowOnError() returns true in strict context.

This CL also cleans up the CallApiGetterStub and removes bogus asserts from [arm] Push(reg1, reg2, ..., regN) that prevented from pushing a set of registers containing duplicates.

BUG=v8:4267
LOG=Y

Review URL: https://codereview.chromium.org/1587073003

Cr-Commit-Position: refs/heads/master@{#33438}
2016-01-21 14:23:09 +00:00
yangguo
e709aa24c0 [regexp] implement character classes for unicode regexps.
We divide character ranges into
- BMP, matched normally.
- non-BMP, matched as alternatives of surrogate pair ranges.
- lone surrogates, matched with lookaround assertion that its indeed lone.

R=erik.corry@gmail.com
BUG=v8:2952
LOG=N

Committed: https://crrev.com/ea820ad5fa282a323a86fe20e64f83ee67ba5f04
Cr-Commit-Position: refs/heads/master@{#33432}

Review URL: https://codereview.chromium.org/1578253005

Cr-Commit-Position: refs/heads/master@{#33437}
2016-01-21 13:33:26 +00:00
yangguo
fe19b11e53 [debugger] remove break point hit count and ignore count.
These features are not used by devtools and consequently not
exposed through the devtools protocol. They make the debugger
unnecessarily complex. If we decide that we need this, we should
implement this on a higher layer.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1607193003

Cr-Commit-Position: refs/heads/master@{#33436}
2016-01-21 13:15:29 +00:00
yangguo
4de91c5367 Revert of [regexp] implement character classes for unicode regexps. (patchset #11 id:220001 of https://codereview.chromium.org/1578253005/ )
Reason for revert:
Compile failure on arm.

https://build.chromium.org/p/client.v8/builders/V8%20Arm%20-%20debug%20builder/builds/7341/steps/compile/logs/stdio

Original issue's description:
> [regexp] implement character classes for unicode regexps.
>
> We divide character ranges into
> - BMP, matched normally.
> - non-BMP, matched as alternatives of surrogate pair ranges.
> - lone surrogates, matched with lookaround assertion that its indeed lone.
>
> R=erik.corry@gmail.com
> BUG=v8:2952
> LOG=N
>
> Committed: https://crrev.com/ea820ad5fa282a323a86fe20e64f83ee67ba5f04
> Cr-Commit-Position: refs/heads/master@{#33432}

TBR=littledan@chromium.org,erik.corry@gmail.com,erikcorry@google.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:2952

Review URL: https://codereview.chromium.org/1618753002

Cr-Commit-Position: refs/heads/master@{#33434}
2016-01-21 12:38:31 +00:00