Commit Graph

525 Commits

Author SHA1 Message Date
yangguo
c6b122e8f9 Revert of [WIP][turbofan] Instruction scheduler for Turbofan. (patchset #7 id:120001 of https://codereview.chromium.org/1375253002/ )
Reason for revert:
Does not compile

https://build.chromium.org/p/client.v8/builders/V8%20Arm%20-%20debug%20builder/builds/6870/steps/compile/logs/stdio

Original issue's description:
> [turbofan] Instruction scheduler for Turbofan.
>
> Implement machine instruction scheduling after instruction selection.
>
> Currently only works for arm64.
>
> R=danno@chromium.org, bmeurer@chromium.org, titzer@chromium.org
>
> Committed: https://crrev.com/e11bba3acd5188f0e12686b6fcf3e0ab22989216
> Cr-Commit-Position: refs/heads/master@{#32858}

TBR=jarin@chromium.org,bmeurer@chromium.org,baptiste.afsa@arm.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1526913002

Cr-Commit-Position: refs/heads/master@{#32860}
2015-12-15 11:27:47 +00:00
baptiste.afsa
e11bba3acd [turbofan] Instruction scheduler for Turbofan.
Implement machine instruction scheduling after instruction selection.

Currently only works for arm64.

R=danno@chromium.org, bmeurer@chromium.org, titzer@chromium.org

Review URL: https://codereview.chromium.org/1375253002

Cr-Commit-Position: refs/heads/master@{#32858}
2015-12-15 11:00:24 +00:00
adamk
a229c9b94f Remove --harmony-array-includes flag
Array.prototype.includes shipped in Chrome 47.

Review URL: https://codereview.chromium.org/1513843006

Cr-Commit-Position: refs/heads/master@{#32818}
2015-12-12 01:04:10 +00:00
vogelheim
5819e4be5b Re-re-land FastAccessorBuilder.
... using the RawMachineAssembler and the work in crrev.com/1407313004.

The original change collided with crrev.com/1513543003.

BUG=chromium:508898
LOG=Y

Committed: https://crrev.com/515d9ccd8e6df7bf2ca01e2a55aaad30226399e1
Cr-Commit-Position: refs/heads/master@{#32742}

patch from issue 1474543004 at patchset 260001 (http://crrev.com/1474543004#ps260001)

Committed: https://crrev.com/ee5c38d7db907ff86dd4049721c0cb4bc90a6c4d
Cr-Commit-Position: refs/heads/master@{#32753}

patch from issue 1504713012 at patchset 20001 (http://crrev.com/1504713012#ps20001)

Review URL: https://codereview.chromium.org/1518703002

Cr-Commit-Position: refs/heads/master@{#32786}
2015-12-11 09:54:00 +00:00
littledan
88c8361b8f Unstage non-standard Promise functions
This patch removes Promise functions and methods which are absent
from the ES2015 specification when the --es-staging flag is on.
The patch is being relanded after being reverted due to an
unrelated bug. This version is slightly different as promise_chain
is installed on the context regardless of the flag value, so that
the Promise::Chain API continues to work until it is deprecated.

BUG=v8:3237
R=rossberg
LOG=Y

Review URL: https://codereview.chromium.org/1513873002

Cr-Commit-Position: refs/heads/master@{#32772}
2015-12-10 23:58:26 +00:00
vogelheim
f564231a6b Revert of Re-land FastAccessorBuilder. (patchset #2 id:20001 of https://codereview.chromium.org/1504713012/ )
Reason for revert:
Meeh. Now "V8 Linux - gcmole" bot has issues; apparently due to a somewhat exotic builder configuration.

Original issue's description:
> Re-land FastAccessorBuilder.
>
> ... using the RawMachineAssembler and the work in crrev.com/1407313004.
>
> The original change collided with crrev.com/1513543003.
>
> BUG=chromium:508898
> LOG=Y
>
> Committed: https://crrev.com/515d9ccd8e6df7bf2ca01e2a55aaad30226399e1
> Cr-Commit-Position: refs/heads/master@{#32742}
>
> patch from issue 1474543004 at patchset 260001 (http://crrev.com/1474543004#ps260001)
>
> Committed: https://crrev.com/ee5c38d7db907ff86dd4049721c0cb4bc90a6c4d
> Cr-Commit-Position: refs/heads/master@{#32753}

TBR=epertoso@chromium.org,mstarzinger@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:508898

Review URL: https://codereview.chromium.org/1517683002

Cr-Commit-Position: refs/heads/master@{#32754}
2015-12-10 14:45:55 +00:00
vogelheim
ee5c38d7db Re-land FastAccessorBuilder.
... using the RawMachineAssembler and the work in crrev.com/1407313004.

The original change collided with crrev.com/1513543003.

BUG=chromium:508898
LOG=Y

Committed: https://crrev.com/515d9ccd8e6df7bf2ca01e2a55aaad30226399e1
Cr-Commit-Position: refs/heads/master@{#32742}

patch from issue 1474543004 at patchset 260001 (http://crrev.com/1474543004#ps260001)

Review URL: https://codereview.chromium.org/1504713012

Cr-Commit-Position: refs/heads/master@{#32753}
2015-12-10 14:15:19 +00:00
vogelheim
0a50af8625 Revert of Implement Fast Accessor Builder (patchset #14 id:260001 of https://codereview.chromium.org/1474543004/ )
Reason for revert:
Broke the build, apparently.

Original issue's description:
> Implement FastAccessorBuilder.
>
> ... using the RawMachineAssembler and the work in cl/1407313004
>
> BUG=chromium:508898
> LOG=Y
>
> Committed: https://crrev.com/515d9ccd8e6df7bf2ca01e2a55aaad30226399e1
> Cr-Commit-Position: refs/heads/master@{#32742}

TBR=epertoso@chromium.org,bmeurer@chromium.org,jochen@chromium.org,mstarzinger@chromium.org,mvstanton@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:508898

Review URL: https://codereview.chromium.org/1513203002

Cr-Commit-Position: refs/heads/master@{#32744}
2015-12-10 10:16:35 +00:00
vogelheim
515d9ccd8e Implement FastAccessorBuilder.
... using the RawMachineAssembler and the work in cl/1407313004

BUG=chromium:508898
LOG=Y

Review URL: https://codereview.chromium.org/1474543004

Cr-Commit-Position: refs/heads/master@{#32742}
2015-12-10 10:10:11 +00:00
titzer
27433918f5 Move machine-type.h from src/compiler to src/.
R=bmeurer@chromium.org,jarin@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1498833002

Cr-Commit-Position: refs/heads/master@{#32564}
2015-12-03 13:34:02 +00:00
littledan
c63236328e Revert of Disable non-standard Promise functions in staging (patchset #1 id:1 of https://codereview.chromium.org/1478533002/ )
Reason for revert:
Will test better; there seems to be a bug related to this.

Original issue's description:
> Reland of Disable non-standard Promise functions in staging (patchset #1 id:1 of https://codereview.chromium.org/1473603002/ )
>
> Reason for revert:
> Breakage in Ignition seems unrelated; relanding.
>
> Original issue's description:
> > Revert of Disable non-standard Promise functions in staging (patchset #5 id:80001 of https://codereview.chromium.org/1469543003/ )
> >
> > Reason for revert:
> > [Sheriff] This breaks ignition on arm sim debug:
> > https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20arm%20-%20sim%20-%20debug/builds/5317
> >
> > Seems to not be caught by the cq bot that builds release with dchecks.
> >
> > Original issue's description:
> > > Disable non-standard Promise functions in staging
> > >
> > > This patch removes Promise functions and methods which are absent
> > > from the ES2015 specification when the --es-staging flag is on.
> > >
> > > BUG=v8:3237
> > > R=rossberg
> > > LOG=Y
> > >
> > > Committed: https://crrev.com/941251af7e04d50ac2243da2870249a42111221a
> > > Cr-Commit-Position: refs/heads/master@{#32194}
> >
> > TBR=rossberg@chromium.org,littledan@chromium.org
> > NOPRESUBMIT=true
> > NOTREECHECKS=true
> > NOTRY=true
> > BUG=v8:3237
> >
> > Committed: https://crrev.com/86bd2b3c23b562213d5af158849dcd65f347a827
> > Cr-Commit-Position: refs/heads/master@{#32199}
>
> TBR=rossberg@chromium.org,rmcilroy@chromium.org,machenbach@chromium.org
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:3237
>
> Committed: https://crrev.com/9278b7b05a45c2089007e8b61822af96b5d0c8df
> Cr-Commit-Position: refs/heads/master@{#32235}

TBR=rossberg@chromium.org,rmcilroy@chromium.org,machenbach@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3237

Review URL: https://codereview.chromium.org/1493713004

Cr-Commit-Position: refs/heads/master@{#32530}
2015-12-02 20:35:40 +00:00
danno
3e7e3ed726 [stubs] A new approach to TF stubs
* Add a sibling interface to InterpreterAssembler called
  CodeStubAssembler which provides a wrapper around the
  RawMachineAssembler and is intented to make it easy to build
  efficient cross-platform code stubs. Much of the implementation
  of CodeStubAssembler is shamelessly stolen from the
  InterpreterAssembler, and the idea is to eventually merge the
  two interfaces somehow, probably moving the
  InterpreterAssembler interface over to use the
  CodeStubAssembler. Short-term, however, the two interfaces
  shall remain decoupled to increase our velocity developing the
  two systems in parallel.
* Implement the StringLength stub in TurboFan with the new
  CodeStubAssembler. Replace and remove the old Hydrogen-stub
  version.
* Remove a whole slew of machinery to support JavaScript-style
  code stub generation, since it ultimately proved unwieldy,
  brittle and baroque. This cleanup includes removing the shared
  code stub context, several example stubs and a tangle of build
  file changes.

BUG=v8:4587
LOG=n

Review URL: https://codereview.chromium.org/1475953002

Cr-Commit-Position: refs/heads/master@{#32508}
2015-12-02 12:35:20 +00:00
sigurds
aa0ddf7db4 [turbofan] Initial support for escape analysis.
This is the first part of escape analysis for turbofan.
At the moment, there is no deopt support, and support
for loops is partial (only binary Phis are handled).

The CL includes 4 unittests.

There are also 8 new mjsunit tests, some of which are
skiped as they require features not yet implemented.

BUG=v8:4586
LOG=n

Review URL: https://codereview.chromium.org/1457683003

Cr-Commit-Position: refs/heads/master@{#32498}
2015-12-02 10:53:50 +00:00
bmeurer
5af6017d4b [turbofan] Add binary operation hints for javascript operators.
This is the initial support for binary operation hints on javascript
binary operators, i.e. JSAdd, JSSubtract and so on. The hints are
extracted from the fullcodegen code object before graph building and the
AstGraphBuilder puts those hints on the operators if available.

R=jarin@chromium.org
BUG=v8:4583
LOG=n

Review URL: https://codereview.chromium.org/1487973002

Cr-Commit-Position: refs/heads/master@{#32443}
2015-12-01 09:03:32 +00:00
rossberg
199bbdb40f Create ast/ and parsing/ subdirectories and move appropriate files
Moves all files related to AST and scopes into ast/,
and all files related to scanner & parser to parsing/.

Also eliminates a couple of spurious dependencies.

R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1481613002

Cr-Commit-Position: refs/heads/master@{#32351}
2015-11-26 16:23:07 +00:00
bmeurer
5d18e93bd6 Revert of binary-operator-reducer: reduce mul+div(shift) (patchset #11 id:200001 of https://codereview.chromium.org/1350223006/ )
Reason for revert:
This is also unsound for the reasons outlined in
https://codereview.chromium.org/1473073004/
Will help Fedor to implement a solution based on simplified operators.

Original issue's description:
> binary-operator-reducer: reduce mul+div(shift)
>
> Reduction Input:
>
>     ChangeInt32ToFloat64=>          TruncateFloat64ToInt32
>                          Float64Mul=>
>     ChangeInt32ToFloat64=>          Float64Div=>TruncateFloat64ToInt32
>
> Output:
>
>          =>  TruncateInt64ToInt32
> Int64Mul
>          =>  Int64Shr => TruncateInt64ToInt32
>
> Test code:
>
>     function mul(a, b) {
>       var l = a & 0x3ffffff;
>       var h = b & 0x3ffffff;
>       var m = l * h;
>
>       var rl = m & 0x3ffffff;
>       var rh = (m / 0x4000000) | 0;
>
>       return rl | rh;
>     }
>
>     mul(1, 2);
>     var a0 = mul(0x3ffffff, 0x3ffffff);
>     mul(0x0, 0x0);
>     %OptimizeFunctionOnNextCall(mul);
>     var a1 = mul(0x3ffffff, 0x3ffffff);
>
>     print(a0 + ' == ' + a1);
>
> BUG=
> R=mstarzinger@chromium.org
>
> Committed: https://crrev.com/461e5b49d022335a7fc4e9d172397a4bd48b93d4
> Cr-Commit-Position: refs/heads/master@{#31899}

TBR=mstarzinger@chromium.org,danno@chromium.org,titzer@chromium.org,fedor@indutny.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1478923002

Cr-Commit-Position: refs/heads/master@{#32313}
2015-11-26 06:16:01 +00:00
bmeurer
b0c179daf6 Revert of [compiler] merge binary-operator-reducer (patchset #2 id:20001 of https://codereview.chromium.org/1473073004/ )
Reason for revert:
Unsound use of types in the MachineOperatorReducer. Will work on a sound solution with Fedor.

Original issue's description:
> [compiler] merge binary-operator-reducer
>
> Merge BinaryOperatorReducer into the MachineOperatorReducer class.
> It does not need `Revisit()` calls, because the newly inserted nodes are
> visited anyway, and there are no other methods that need AdvancedReducer
> there.
>
> BUG=
> R=titzer@chromium.org
>
> Committed: https://crrev.com/993ba9d2529a6401b3040b9263f8d06db7dbb4f1
> Cr-Commit-Position: refs/heads/master@{#32298}

TBR=titzer@chromium.org,fedor@indutny.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1476763006

Cr-Commit-Position: refs/heads/master@{#32310}
2015-11-26 03:52:30 +00:00
fedor
993ba9d252 [compiler] merge binary-operator-reducer
Merge BinaryOperatorReducer into the MachineOperatorReducer class.
It does not need `Revisit()` calls, because the newly inserted nodes are
visited anyway, and there are no other methods that need AdvancedReducer
there.

BUG=
R=titzer@chromium.org

Review URL: https://codereview.chromium.org/1473073004

Cr-Commit-Position: refs/heads/master@{#32298}
2015-11-25 19:25:17 +00:00
jarin
13b3925999 [turbofan] Introduce representation-change.cc, move stuff there, minus dead code.
Review URL: https://codereview.chromium.org/1480433003

Cr-Commit-Position: refs/heads/master@{#32258}
2015-11-25 09:59:24 +00:00
littledan
9278b7b05a Reland of Disable non-standard Promise functions in staging (patchset #1 id:1 of https://codereview.chromium.org/1473603002/ )
Reason for revert:
Breakage in Ignition seems unrelated; relanding.

Original issue's description:
> Revert of Disable non-standard Promise functions in staging (patchset #5 id:80001 of https://codereview.chromium.org/1469543003/ )
>
> Reason for revert:
> [Sheriff] This breaks ignition on arm sim debug:
> https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20arm%20-%20sim%20-%20debug/builds/5317
>
> Seems to not be caught by the cq bot that builds release with dchecks.
>
> Original issue's description:
> > Disable non-standard Promise functions in staging
> >
> > This patch removes Promise functions and methods which are absent
> > from the ES2015 specification when the --es-staging flag is on.
> >
> > BUG=v8:3237
> > R=rossberg
> > LOG=Y
> >
> > Committed: https://crrev.com/941251af7e04d50ac2243da2870249a42111221a
> > Cr-Commit-Position: refs/heads/master@{#32194}
>
> TBR=rossberg@chromium.org,littledan@chromium.org
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:3237
>
> Committed: https://crrev.com/86bd2b3c23b562213d5af158849dcd65f347a827
> Cr-Commit-Position: refs/heads/master@{#32199}

TBR=rossberg@chromium.org,rmcilroy@chromium.org,machenbach@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3237

Review URL: https://codereview.chromium.org/1478533002

Cr-Commit-Position: refs/heads/master@{#32235}
2015-11-24 23:18:30 +00:00
machenbach
86bd2b3c23 Revert of Disable non-standard Promise functions in staging (patchset #5 id:80001 of https://codereview.chromium.org/1469543003/ )
Reason for revert:
[Sheriff] This breaks ignition on arm sim debug:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20arm%20-%20sim%20-%20debug/builds/5317

Seems to not be caught by the cq bot that builds release with dchecks.

Original issue's description:
> Disable non-standard Promise functions in staging
>
> This patch removes Promise functions and methods which are absent
> from the ES2015 specification when the --es-staging flag is on.
>
> BUG=v8:3237
> R=rossberg
> LOG=Y
>
> Committed: https://crrev.com/941251af7e04d50ac2243da2870249a42111221a
> Cr-Commit-Position: refs/heads/master@{#32194}

TBR=rossberg@chromium.org,littledan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3237

Review URL: https://codereview.chromium.org/1473603002

Cr-Commit-Position: refs/heads/master@{#32199}
2015-11-24 10:58:03 +00:00
littledan
941251af7e Disable non-standard Promise functions in staging
This patch removes Promise functions and methods which are absent
from the ES2015 specification when the --es-staging flag is on.

BUG=v8:3237
R=rossberg
LOG=Y

Review URL: https://codereview.chromium.org/1469543003

Cr-Commit-Position: refs/heads/master@{#32194}
2015-11-24 08:51:54 +00:00
ishell
138eb324ea Object's body descriptors refactoring.
1) Body descriptors moved to their own header files.
2) Missing body descriptors added.
3) Template versions of HeapObject::Iterate*() methods added.
4) Body descriptors support new kind of queries: IsValidSlot(offset) which can be used for invalid slots filtering.

This is a first step towards virtual and static visitors unification and support in-object properties in built-in (sub-)classes.

Review URL: https://codereview.chromium.org/1440243002

Cr-Commit-Position: refs/heads/master@{#31980}
2015-11-13 12:32:30 +00:00
bmeurer
55c07a8b2f [turbofan] Introduce JSCallReducer to strength reduce JSCallFunction nodes.
The JSCallReducer runs together with inlining and tries to strength
reduce JSCallFunction nodes; currently it can fold
Function.prototype.call and Function.prototype.apply (with arguments),
and make it possible to inline across them.

In the case of Function.prototype.apply with arguments we still have to
leave the JSCreateArguments node in the graph because there might be
other (frame state) uses. Once escape analysis is ready, it will take
care of removing these nodes and adding appropriate transitions for the
deoptimizer.

R=jarin@chromium.org
BUG=v8:4551
LOG=n

Review URL: https://codereview.chromium.org/1445513002

Cr-Commit-Position: refs/heads/master@{#31979}
2015-11-13 12:20:01 +00:00
mostynb
d62efc1284 make v8_use_snapshot configurable in gn
Changing this value is not guaranteed to work yet, but it needs to be
an arg in order to experiment with it.

Review URL: https://codereview.chromium.org/1427343003

Cr-Commit-Position: refs/heads/master@{#31932}
2015-11-11 01:09:15 +00:00
fedor
461e5b49d0 binary-operator-reducer: reduce mul+div(shift)
Reduction Input:

    ChangeInt32ToFloat64=>          TruncateFloat64ToInt32
                         Float64Mul=>
    ChangeInt32ToFloat64=>          Float64Div=>TruncateFloat64ToInt32

Output:

         =>  TruncateInt64ToInt32
Int64Mul
         =>  Int64Shr => TruncateInt64ToInt32

Test code:

    function mul(a, b) {
      var l = a & 0x3ffffff;
      var h = b & 0x3ffffff;
      var m = l * h;

      var rl = m & 0x3ffffff;
      var rh = (m / 0x4000000) | 0;

      return rl | rh;
    }

    mul(1, 2);
    var a0 = mul(0x3ffffff, 0x3ffffff);
    mul(0x0, 0x0);
    %OptimizeFunctionOnNextCall(mul);
    var a1 = mul(0x3ffffff, 0x3ffffff);

    print(a0 + ' == ' + a1);

BUG=
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1350223006

Cr-Commit-Position: refs/heads/master@{#31899}
2015-11-09 20:42:39 +00:00
pkotwicz
be4d1b19df Update v8_external_startup_data_assets for https://codereview.chromium.org/1422793004/
BUG=chromium:547162
LOG=Y

Review URL: https://codereview.chromium.org/1412933009

Cr-Commit-Position: refs/heads/master@{#31868}
2015-11-08 01:44:48 +00:00
pkotwicz
fa4bd0b9ab Add v8_external_startup_data GN rule
The new GN rule will enable removal of code which copies natives_blob.bin and
snapshot_blob.bin in Android GN code (for instance "copy_content_shell_assets").

BUG=547162
LOG=Y

Review URL: https://codereview.chromium.org/1412333005

Cr-Commit-Position: refs/heads/master@{#31835}
2015-11-05 17:29:07 +00:00
cbruni
e7154a0b78 [runtime] Support Symbols in KeyAccumulator
BUG=

Review URL: https://codereview.chromium.org/1425403002

Cr-Commit-Position: refs/heads/master@{#31788}
2015-11-04 14:05:36 +00:00
adamk
4edbe3ac0f [cleanup] Merge harmony-{typed,}array.js into {typed,}array.js
The "harmony"-prefixed files have been included in the snapshot for
several releases now, and were only separate originally to enable
loading them via a runtime flag. This patch simply merges them into
the main implementation files for Arrays and TypedArrays, respectively.

Review URL: https://codereview.chromium.org/1416243007

Cr-Commit-Position: refs/heads/master@{#31767}
2015-11-04 01:08:11 +00:00
bmeurer
4eb41ba738 [turbofan] Split JSGlobalObjectSpecialization into separate class.
The JSNativeContextSpecialization class is getting rather huge with all
the stuff related to property and element access going in. Splitting off
the global object related stuff into JSGlobalObjectSpecialization seems
like a natural separation, especially since the global object
specialization is sort of separate issue anyway.  This is neutral
functionality- and performance-wise.

R=jarin@chromium.org
BUG=v8:4470
LOG=n

Review URL: https://codereview.chromium.org/1417043006

Cr-Commit-Position: refs/heads/master@{#31748}
2015-11-03 14:20:35 +00:00
bmeurer
1195b0e24d [turbofan] Initial support for keyed access to fast JSArrays.
This adds some initial support for keyed element access to fast,
non-holey JSArray objects.

Also renames PropertyAccessInfoFactory to AccessInfoFactory and
PropertyAccessMode to AccessMode.

R=jarin@chromium.org
BUG=v8:4470
LOG=n

Review URL: https://codereview.chromium.org/1418213010

Cr-Commit-Position: refs/heads/master@{#31717}
2015-11-02 18:30:06 +00:00
yangguo
f8a43459d4 Expose string/regexp related public symbols on harmony flag.
R=littledan@chromium.org
BUG=v8:4305, v8:4343, v8:4344, v8:4345
LOG=N

Review URL: https://codereview.chromium.org/1408223004

Cr-Commit-Position: refs/heads/master@{#31702}
2015-11-02 08:43:02 +00:00
bmeurer
06eb555fa3 [turbofan] Move PropertyAccessInfo and friends to a separate file.
Also changed the way that transitioning stores are represented in
a PropertyAccessInfo: There's no dedicated kind, but DataFields
have an optional transition map.

R=jarin@chromium.org
BUG=v8:4470
LOG=n

Review URL: https://codereview.chromium.org/1416973014

Cr-Commit-Position: refs/heads/master@{#31692}
2015-10-30 14:25:22 +00:00
adamk
a4689fc21f Remove flags for spread calls and arrays
These features shipped in M46 without issue.

Review URL: https://codereview.chromium.org/1429653006

Cr-Commit-Position: refs/heads/master@{#31635}
2015-10-28 15:57:27 +00:00
bmeurer
23ac686ff8 [types] Use the TypeCache consistently for common types.
Rename ZoneTypeCache to TypeCache and use a single shared (immutable)
instance consistently to cache the most commonly used types. Also serves
as a chokepoint for defining those types, so we don't repeat the
definition (and possible bugs) in various places.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1409763004

Cr-Commit-Position: refs/heads/master@{#31631}
2015-10-28 13:31:22 +00:00
yangguo
11cd1f77ae Move RootIndexMap out of serializer file.
This is in preparation of using it elsewhere.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1408163003

Cr-Commit-Position: refs/heads/master@{#31499}
2015-10-23 08:28:38 +00:00
Benedikt Meurer
71bde166b1 [turbofan] Remove obsolete JSTypeFeedbackSpecializer and JSTypeFeedbackLowering.
Both the JSTypeFeedbackSpecializer and the JSTypeFeedbackLowering is
dead code by now, since the more general JSNativeContextSpecialization
deals with the property/global load/store type feedback in a way that
also interacts properly with inlining.

BUG=v8:4470
LOG=n
R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1407913003 .

Cr-Commit-Position: refs/heads/master@{#31462}
2015-10-22 10:24:27 +00:00
adamk
02e4d21f4c [es6] Fix scoping for default parameters in arrow functions
When eagerly parsing arrow functions, expressions in default
parameter initializers are parsed in the enclosing scope,
rather than in the function's scope (since that scope does not
yet exist). This leads to VariableProxies being added to the
wrong scope, and scope chains for FunctionLiterals being incorrect.

This patch addresses these problems by adding a subclass of
AstExpressionVisitor that moves VariableProxies to the proper
scope and fixes up scope chains of FunctionLiterals.

This is a revert of the revert https://crrev.com/e41614a058426fb6102e4ab2dd4f98997f00c0fc
with a much-improved (though not yet perfect) Scope::ResetOuterScope
method which properly fixes not only the outer_scope_ pointer but also
fixes the inner_scope_ list in the relevant outer_scopes.

More work likely still needs to be done to make this work completely,
but it's very close to correct.

BUG=v8:4395
LOG=y

Review URL: https://codereview.chromium.org/1414283002

Cr-Commit-Position: refs/heads/master@{#31435}
2015-10-21 12:04:20 +00:00
dpranke
5c1b11b539 Add an external_startup_data config to the GN buildfile.
This change defines a common config for clients of v8 that
need to define V8_USE_EXTERNAL_STARTUP_DATA in order for
client code to be compiled correctly.

R=brettw@chromium.org, jochen@chromium.org
BUG=541791
LOG=n

Review URL: https://codereview.chromium.org/1415773003

Cr-Commit-Position: refs/heads/master@{#31427}
2015-10-21 00:37:46 +00:00
jkummerow
81ee94b650 Move Hydrogen and Lithium to src/crankshaft/
Review URL: https://codereview.chromium.org/1405363003

Cr-Commit-Position: refs/heads/master@{#31410}
2015-10-20 13:25:55 +00:00
bmeurer
e41614a058 Revert of [es6] Fix scoping for default parameters in arrow functions (patchset #5 id:80001 of https://codereview.chromium.org/1405313002/ )
Reason for revert:
Breaks nosnap: http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap%20-%20debug%20-%202/builds/2407/steps/Check/logs/regress-4395

Original issue's description:
> [es6] Fix scoping for default parameters in arrow functions
>
> When eagerly parsing arrow functions, expressions in default
> parameter initializers are parsed in the enclosing scope,
> rather than in the function's scope (since that scope does not
> yet exist). This leads to VariableProxies being added to the
> wrong scope, and scope chains for FunctionLiterals being incorrect.
>
> This patch addresses these problems by adding a subclass of
> AstExpressionVisitor that moves VariableProxies to the proper
> scope and fixes up scope chains of FunctionLiterals.
>
> More work likely still needs to be done to make this work completely,
> but it's very close to correct.
>
> BUG=v8:4395
> LOG=y
>
> Committed: https://crrev.com/cf72aad39e51de9b7074ea039377c1812f4a2c6b
> Cr-Commit-Position: refs/heads/master@{#31402}

TBR=rossberg@chromium.org,caitpotter88@gmail.com,adamk@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4395

Review URL: https://codereview.chromium.org/1417463004

Cr-Commit-Position: refs/heads/master@{#31404}
2015-10-20 10:36:38 +00:00
adamk
cf72aad39e [es6] Fix scoping for default parameters in arrow functions
When eagerly parsing arrow functions, expressions in default
parameter initializers are parsed in the enclosing scope,
rather than in the function's scope (since that scope does not
yet exist). This leads to VariableProxies being added to the
wrong scope, and scope chains for FunctionLiterals being incorrect.

This patch addresses these problems by adding a subclass of
AstExpressionVisitor that moves VariableProxies to the proper
scope and fixes up scope chains of FunctionLiterals.

More work likely still needs to be done to make this work completely,
but it's very close to correct.

BUG=v8:4395
LOG=y

Review URL: https://codereview.chromium.org/1405313002

Cr-Commit-Position: refs/heads/master@{#31402}
2015-10-20 09:15:38 +00:00
bmeurer
f6a886d571 [turbofan] Rename JSGlobalSpecialization to JSNativeContextSpecialization.
R=jarin@chromium.org
BUG=v8:4470
LOG=n

Review URL: https://codereview.chromium.org/1410353002

Cr-Commit-Position: refs/heads/master@{#31356}
2015-10-19 08:21:07 +00:00
jarin
106aecf262 [turbofan] Redundant branch elimination.
Removes a branch that checks for a condition that has been checked on dominators of the branch.

This introduces a new reducer that propagates the list of checked conditions (and their boolean values) through the control flow graph. If it encounters a branch checking a condition with a known value, the branch is eliminated.

The analysis relies on loops being reducible: if a condition has been checked on all paths to loop entry, then it is checked in the loop (regardless what of the conditions checked inside the loop).

The implementation is fairly naive and could be improved:

- all the operation on the condition lists could be made allocation-free when revisited.

- we could try to use a map structure rather than a linked list (to make
lookups faster).

- the merging of control flow could be changed to take into account
  conditions from non-dominating paths (as long as all paths check
  the condition).

Review URL: https://codereview.chromium.org/1376293005

Cr-Commit-Position: refs/heads/master@{#31347}
2015-10-17 17:50:26 +00:00
dpranke
dd8206c81a Use //build_overrides instead of //build/modules for GN builds.
R=machenbach@chromium.org
BUG=chromium:541791
LOG=N

Review URL: https://codereview.chromium.org/1396743005

Cr-Commit-Position: refs/heads/master@{#31246}
2015-10-13 23:56:25 +00:00
jkummerow
c706c0fa19 Add C++ implementation of Object.defineProperties
Not used yet, so this CL shouldn't change behavior.

Review URL: https://codereview.chromium.org/1368753003

Cr-Commit-Position: refs/heads/master@{#31241}
2015-10-13 14:38:35 +00:00
mstarzinger
e5320d8a59 Move builtin JavaScript sources into own directory.
This moves JavaScript source files that are bundled with V8 into a
separate directory. The goal is to improve code readability and also
being able to formalize ideal reviewers by subsequently adding the
OWNERS file. These files almost exclusively contain implementations
of methods fully specified by ES6.

Note that files in the "debug" directory as well as the "d8.js" file
aren't affected by this change.

R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/1398733002

Cr-Commit-Position: refs/heads/master@{#31230}
2015-10-13 09:38:26 +00:00
mstarzinger
0a6863f029 [turbofan] Separate JSInliningHeuristic into own class.
This separates the core machinery and the heuristics involved with
inlining functions calls. So far the heuristic only respects our
%SetForceInlineFlag hint, but it will the place where general inlining
heuristics can live without impeding clarity of the core machinery.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1391903002

Cr-Commit-Position: refs/heads/master@{#31150}
2015-10-07 12:18:32 +00:00
bmeurer
e16dd13d6d [turbofan] Add initial support for global specialization.
Introduce a new JSGlobalSpecialization advanced reducer that runs
during the initial inlining and context specialization, and specializes
the graph to the globals of the native context.  Currently we assume
that we do not inline cross native context, but long-term we will grab
the global object from the JSLoadGlobal/JSStoreGlobal feedback (with the
new global load/store ICs that are currently in the workings), and then
this whole specialization will be fully compositional even across
cross-context inlining.

Note that we cannot really handle most of the stores to global object
property cells because TurboFan doesn't have a mechanism to enforce
certain representations.  Also note that we cannot yet fully benefit
from the type feedback collected on the global object property cells,
because the type system cannot deal with maps in a reasonable way.

CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_rel
R=jarin@chromium.org
BUG=v8:4470
LOG=n

Committed: https://crrev.com/6fbf7903f94924ea066af481719898bd9667b6eb
Cr-Commit-Position: refs/heads/master@{#31139}

Review URL: https://codereview.chromium.org/1387393002

Cr-Commit-Position: refs/heads/master@{#31148}
2015-10-07 12:10:54 +00:00
bmeurer
84065c5f1e Revert of [turbofan] Add initial support for global specialization. (patchset #4 id:60001 of https://codereview.chromium.org/1387393002/ )
Reason for revert:
Breaks GC stress: http://build.chromium.org/p/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/1984/steps/Bisect%20c5528ac1.Retry/logs/regress-crbug-450960

Original issue's description:
> [turbofan] Add initial support for global specialization.
>
> Introduce a new JSGlobalSpecialization advanced reducer that runs
> during the initial inlining and context specialization, and specializes
> the graph to the globals of the native context.  Currently we assume
> that we do not inline cross native context, but long-term we will grab
> the global object from the JSLoadGlobal/JSStoreGlobal feedback (with the
> new global load/store ICs that are currently in the workings), and then
> this whole specialization will be fully compositional even across
> cross-context inlining.
>
> Note that we cannot really handle most of the stores to global object
> property cells because TurboFan doesn't have a mechanism to enforce
> certain representations.  Also note that we cannot yet fully benefit
> from the type feedback collected on the global object property cells,
> because the type system cannot deal with maps in a reasonable way.
>
> CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_rel
> R=jarin@chromium.org
> BUG=v8:4470
> LOG=n
>
> Committed: https://crrev.com/6fbf7903f94924ea066af481719898bd9667b6eb
> Cr-Commit-Position: refs/heads/master@{#31139}

TBR=jarin@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4470

Review URL: https://codereview.chromium.org/1390073004

Cr-Commit-Position: refs/heads/master@{#31144}
2015-10-07 11:42:21 +00:00
bmeurer
6fbf7903f9 [turbofan] Add initial support for global specialization.
Introduce a new JSGlobalSpecialization advanced reducer that runs
during the initial inlining and context specialization, and specializes
the graph to the globals of the native context.  Currently we assume
that we do not inline cross native context, but long-term we will grab
the global object from the JSLoadGlobal/JSStoreGlobal feedback (with the
new global load/store ICs that are currently in the workings), and then
this whole specialization will be fully compositional even across
cross-context inlining.

Note that we cannot really handle most of the stores to global object
property cells because TurboFan doesn't have a mechanism to enforce
certain representations.  Also note that we cannot yet fully benefit
from the type feedback collected on the global object property cells,
because the type system cannot deal with maps in a reasonable way.

CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_rel
R=jarin@chromium.org
BUG=v8:4470
LOG=n

Review URL: https://codereview.chromium.org/1387393002

Cr-Commit-Position: refs/heads/master@{#31139}
2015-10-07 10:26:11 +00:00
mstarzinger
13adffcba8 Remove obsolete lookup-inl.h header.
This removes the lookup-inl.h header file, which actually would break
compilation if included more than once in the codebase. It only holds
methods used solely in the lookup.cc compilation unit.

R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/1375843004

Cr-Commit-Position: refs/heads/master@{#31104}
2015-10-05 16:23:48 +00:00
danno
5cf1c0bcf6 Re-reland: Remove register index/code indirection
Previous to this patch, both the lithium and TurboFan register
allocators tracked allocated registers by "indices", rather than
the register codes used elsewhere in the runtime. This patch
ensures that codes are used everywhere, and in the process cleans
up a bunch of redundant code and adds more structure to how the
set of allocatable registers is defined.

Some highlights of changes:

* TurboFan's RegisterConfiguration class moved to V8's top level
  so that it can be shared with Crankshaft.
* Various "ToAllocationIndex" and related methods removed.
* Code that can be easily shared between Register classes on
  different platforms is now shared.
* The list of allocatable registers on each platform is declared
  as a list rather than implicitly via the register index <->
  code mapping.

Committed: https://crrev.com/80bc6f6e11f79524e3f1ad05579583adfd5f18b2
Cr-Commit-Position: refs/heads/master@{#30913}

Committed: https://crrev.com/7b7a8205d9a00c678fb7a6e032a55fecbc1509cf
Cr-Commit-Position: refs/heads/master@{#31075}

Review URL: https://codereview.chromium.org/1287383003

Cr-Commit-Position: refs/heads/master@{#31087}
2015-10-02 16:55:22 +00:00
danno
00e07b0057 Revert of Reland: Remove register index/code indirection (patchset #20 id:380001 of https://codereview.chromium.org/1287383003/ )
Reason for revert:
Failures on MIPS

Original issue's description:
> Remove register index/code indirection
>
> Previous to this patch, both the lithium and TurboFan register
> allocators tracked allocated registers by "indices", rather than
> the register codes used elsewhere in the runtime. This patch
> ensures that codes are used everywhere, and in the process cleans
> up a bunch of redundant code and adds more structure to how the
> set of allocatable registers is defined.
>
> Some highlights of changes:
>
> * TurboFan's RegisterConfiguration class moved to V8's top level
>   so that it can be shared with Crankshaft.
> * Various "ToAllocationIndex" and related methods removed.
> * Code that can be easily shared between Register classes on
>   different platforms is now shared.
> * The list of allocatable registers on each platform is declared
>   as a list rather than implicitly via the register index <->
>   code mapping.
>
> Committed: https://crrev.com/80bc6f6e11f79524e3f1ad05579583adfd5f18b2
> Cr-Commit-Position: refs/heads/master@{#30913}
>
> Committed: https://crrev.com/7b7a8205d9a00c678fb7a6e032a55fecbc1509cf
> Cr-Commit-Position: refs/heads/master@{#31075}

TBR=akos.palfi@imgtec.com,bmeurer@chromium.org,jarin@chromium.org,paul.lind@imgtec.com,titzer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1380863004

Cr-Commit-Position: refs/heads/master@{#31083}
2015-10-02 15:37:06 +00:00
danno
7b7a8205d9 Remove register index/code indirection
Previous to this patch, both the lithium and TurboFan register
allocators tracked allocated registers by "indices", rather than
the register codes used elsewhere in the runtime. This patch
ensures that codes are used everywhere, and in the process cleans
up a bunch of redundant code and adds more structure to how the
set of allocatable registers is defined.

Some highlights of changes:

* TurboFan's RegisterConfiguration class moved to V8's top level
  so that it can be shared with Crankshaft.
* Various "ToAllocationIndex" and related methods removed.
* Code that can be easily shared between Register classes on
  different platforms is now shared.
* The list of allocatable registers on each platform is declared
  as a list rather than implicitly via the register index <->
  code mapping.

Committed: https://crrev.com/80bc6f6e11f79524e3f1ad05579583adfd5f18b2
Cr-Commit-Position: refs/heads/master@{#30913}

Review URL: https://codereview.chromium.org/1287383003

Cr-Commit-Position: refs/heads/master@{#31075}
2015-10-02 13:59:06 +00:00
alph
0dedff6bf1 Move strings-storage.* to the profiler directory
Review URL: https://codereview.chromium.org/1378253002

Cr-Commit-Position: refs/heads/master@{#31060}
2015-10-01 18:11:03 +00:00
rmcilroy
03369ed2cb [Interpreter] Add support for short (16 bit) operands.
Adds support for short operands, starting with kIdx16. Introduces
BytecodeTraits to enable compile time determination of various traits for a
bytecode, such as size, operands, etc. Reworks BytecodeIterator,
BytecodeArrayBuilder and Bytecodes::Decode to support 16 bit operands. Adds
support to Interpreter to load 16 bit operands.

Also fixes a bug with ToBoolean where it wouldn't get emitted at the start
of a block, and added a test.

BytecodeTraits template magic inspired by oth@chromium.org.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1370893002

Cr-Commit-Position: refs/heads/master@{#31058}
2015-10-01 17:23:14 +00:00
oth
a7e16e5132 [Interpreter] Add for/while/do support to the bytecode generator.
Improve bytecode generation for if when there's no else clause.

Display target addresses for jump instructions in
Bytecode::Disassemble().

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1373903005

Cr-Commit-Position: refs/heads/master@{#31052}
2015-10-01 15:04:27 +00:00
alph
e0606c9f00 Move heap and CPU profilers into a dedicated directory.
Drive-by: remove unnecessary includes.

Review URL: https://codereview.chromium.org/1356223004

Cr-Commit-Position: refs/heads/master@{#30987}
2015-09-28 19:34:18 +00:00
oth
17363fa4f3 [Interpreter] Add interpreter support for compare ops and ToBoolean.
The comparison operators and ToBoolean are implemented by calling into
the runtime. There are new runtime methods are prefixed with Interpreter
to make use case clear.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1369123002

Cr-Commit-Position: refs/heads/master@{#30983}
2015-09-28 18:07:05 +00:00
ulan
6256dc53cc Perform scavenge in idle tasks.
BUG=chromium:490559
LOG=NO

Review URL: https://codereview.chromium.org/1352453004

Cr-Commit-Position: refs/heads/master@{#30944}
2015-09-25 14:49:23 +00:00
danno
3ac27431a9 Revert of Remove register index/code indirection (patchset #17 id:320001 of https://codereview.chromium.org/1287383003/ )
Reason for revert:
Failures on greedy RegAlloc, Fuzzer

Original issue's description:
> Remove register index/code indirection
>
> Previous to this patch, both the lithium and TurboFan register
> allocators tracked allocated registers by "indices", rather than
> the register codes used elsewhere in the runtime. This patch
> ensures that codes are used everywhere, and in the process cleans
> up a bunch of redundant code and adds more structure to how the
> set of allocatable registers is defined.
>
> Some highlights of changes:
>
> * TurboFan's RegisterConfiguration class moved to V8's top level
>   so that it can be shared with Crankshaft.
> * Various "ToAllocationIndex" and related methods removed.
> * Code that can be easily shared between Register classes on
>   different platforms is now shared.
> * The list of allocatable registers on each platform is declared
>   as a list rather than implicitly via the register index <->
>   code mapping.
>
> Committed: https://crrev.com/80bc6f6e11f79524e3f1ad05579583adfd5f18b2
> Cr-Commit-Position: refs/heads/master@{#30913}

TBR=akos.palfi@imgtec.com,bmeurer@chromium.org,jarin@chromium.org,paul.lind@imgtec.com,titzer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1365073002

Cr-Commit-Position: refs/heads/master@{#30914}
2015-09-24 13:39:03 +00:00
danno
80bc6f6e11 Remove register index/code indirection
Previous to this patch, both the lithium and TurboFan register
allocators tracked allocated registers by "indices", rather than
the register codes used elsewhere in the runtime. This patch
ensures that codes are used everywhere, and in the process cleans
up a bunch of redundant code and adds more structure to how the
set of allocatable registers is defined.

Some highlights of changes:

* TurboFan's RegisterConfiguration class moved to V8's top level
  so that it can be shared with Crankshaft.
* Various "ToAllocationIndex" and related methods removed.
* Code that can be easily shared between Register classes on
  different platforms is now shared.
* The list of allocatable registers on each platform is declared
  as a list rather than implicitly via the register index <->
  code mapping.

Review URL: https://codereview.chromium.org/1287383003

Cr-Commit-Position: refs/heads/master@{#30913}
2015-09-24 12:53:13 +00:00
dpranke
7d5d1570d9 Split the GN 'snapshot_toolchain' logic out into an include file.
We need to build parts of v8 with a toolchain that might be different
from both the default (target) toolchain and the regular host toolchain,
because we need the snapshot to have the same bit-width as the target.
V8's build defines a 'snapshot_toolchain' setting for this.

It turns out that we need the value of this toolchain to be exposed
to the Chromium build because some of the test targets (in browser_tests)
depend on d8 and need to be able to built using the same toolchain.

R=brett@chromium.org, jochen@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1350223004

Cr-Commit-Position: refs/heads/master@{#30854}
2015-09-22 02:28:40 +00:00
adamk
7462e99667 Remove on-by-default flag --harmony-object
It's been enabled since M45, which is now well into its stable period,
with no problems reported.

Review URL: https://codereview.chromium.org/1356793002

Cr-Commit-Position: refs/heads/master@{#30835}
2015-09-18 18:37:57 +00:00
brettw
cb2c22321f Use public_deps for v8_base in GN.
The previous code took advantage of the fact that a group's deps are implicitly public, but I'm trying to fix that. This also cleans up some duplicated code between component and non-component builds.

Review URL: https://codereview.chromium.org/1356723002

Cr-Commit-Position: refs/heads/master@{#30820}
2015-09-18 09:32:43 +00:00
hpayer
064be4c296 [heap] Move slots buffer into a separate file.
BUG=

Review URL: https://codereview.chromium.org/1343043002

Cr-Commit-Position: refs/heads/master@{#30746}
2015-09-15 12:35:20 +00:00
brettw
7ec3be731f Remove transitional GN code.
The conditionals were added to facilitate a two-sided build GN config update
where the default optimization config was renamed. This is complete so the
transitional code can be removed.

Review URL: https://codereview.chromium.org/1338163003

Cr-Commit-Position: refs/heads/master@{#30733}
2015-09-15 08:43:35 +00:00
mstarzinger
ea25bf05f8 [heap] Separate scavenger functionality into own file.
This moves scavenging functionality into a separate component so that
neither the scavenger nor objects-visiting need to be exposed outside
the heap.

R=hpayer@chromium.org,mlippautz@chromium.org

Review URL: https://codereview.chromium.org/1323993004

Cr-Commit-Position: refs/heads/master@{#30712}
2015-09-14 11:44:30 +00:00
brettw
ea8cfa929f Optionally use new GN optimization config.
The GN default optimization flag is changing from being specific to the
debug/release status of the build to always being "default_optimization" so
it's easier to override without being conditional on the exact setup in
BUILDCONFIG.gn. See https://codereview.chromium.org/1324623005/

Since V8 is DEPS-ed in, it will need to support both modes to allow a landing.
This patch uses a temporary transitional flag I added to BUILDCONFIG to
indicate which variant should be used. After the patch is landed, we can remove
the new conditions and just remove default_optimization.

Review URL: https://codereview.chromium.org/1333963002

Cr-Commit-Position: refs/heads/master@{#30703}
2015-09-11 18:28:24 +00:00
oth
8df7b4f6b5 [Interpreter] Skeleton bytecode graph builder
Add skeleton version bytecode-graph-builder.{h,cc} for existing
bytecodes.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1291693004

Cr-Commit-Position: refs/heads/master@{#30687}
2015-09-10 16:21:40 +00:00
bmeurer
a1b2ec60b0 [runtime] Move binary operator fallbacks into the runtime.
Replace the ADD, SUB, etc. builtins with proper runtime implementations,
and expose them as runtime calls that can be used by the code stubs and
the interpreter (for now).

Also remove all the support runtime functions for ADD, SUB and friends,
namely %NumberAdd, %NumberSub, and so on.

R=mstarzinger@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg,v8_linux_nosnap_dbg

Review URL: https://codereview.chromium.org/1333843002

Cr-Commit-Position: refs/heads/master@{#30680}
2015-09-10 13:04:33 +00:00
ulan
057514d3fa Use idle task to perform incremental marking steps.
This moves incremental marking steps from gc-idle-time-handler and heap to the new incremental marking task.

BUG=chromium:490559
LOG=NO

Review URL: https://codereview.chromium.org/1265423002

Cr-Commit-Position: refs/heads/master@{#30641}
2015-09-08 15:54:37 +00:00
vogelheim
244cc0a6a9 Remove all gyp BUILD rules with multiple outputs.
- Modify js2c to accept --js and --nojs,
- modify mksnapshot to accept --startup_src
  (instead of a positional parameter, so that it can be omitted),
- modify v8.gyp to use the above so that no target has multiple
  output dependencies, and
- update GN to use the switches above.

(I have not succeeded in fixing the GYP->make translator to properly map
 multi-output rules, so that they work as expected in all edge cases.
 This CL signals defeat on that front, and instead I rewrite the GYP
 file to avoid that situation in the first place.)

R=jochen@chromium.org
BUG=v8:4382
LOG=N

Review URL: https://codereview.chromium.org/1310273009

Cr-Commit-Position: refs/heads/master@{#30640}
2015-09-08 15:24:53 +00:00
fedor
c7392f2e41 [heap] introduce ArrayBufferTracker
Move various ArrayBuffer-related methods from Heap class to the newly
created ArrayBufferTracker. Consolidate and simplify things!

BUG=
R=mlippautz@chromium.org

Review URL: https://codereview.chromium.org/1324023007

Cr-Commit-Position: refs/heads/master@{#30624}
2015-09-07 19:38:30 +00:00
brettw
0014ad92a3 Add a GN import for sanitizers.gni.
The is_*san flags are moving from the master build config file into this
.gni file. This patch will allow V8 to continue compiling when that change
is landed.

Review URL: https://codereview.chromium.org/1330713003

Cr-Commit-Position: refs/heads/master@{#30623}
2015-09-07 15:22:58 +00:00
mlippautz
47d42a9ac1 Adds atomic utilities (based on raw atomic operations) for your convenience:
{AtomicValue}: A simple integer value that can be atomically
read/set/incremented.

{AtomicEnumSet}: Similar to EnumSet this set basically represents an atomic
bitfield based on enums. Atomic operations guarantee that setting one bit does
not race with setting other bits.

{AtomicEnumFlag}: A flag that is based on an enum that can be read and
(attempted to be) changed atomically.

BUG=chromium:524425
LOG=N

Review URL: https://codereview.chromium.org/1310993004

Cr-Commit-Position: refs/heads/master@{#30560}
2015-09-03 12:54:34 +00:00
mstarzinger
c7de3e7f27 [heap] Separate ObjectStats out into its own class.
Note that this is only pulling out the bookkeeping side of things, the
marking visitor that actually records the statistics should also move
into the ObjectStats class. That will be done as a follow-up.

R=mlippautz@chromium.org

Review URL: https://codereview.chromium.org/1326793002

Cr-Commit-Position: refs/heads/master@{#30547}
2015-09-02 16:43:40 +00:00
brettw
89ff78f308 Fix GN arm64 build, add msan support.
The arm64 build is missing a few recently-added files.

Compiling with msan requires that v8 be compiled in arm64 mode. Hook this up.

Review URL: https://codereview.chromium.org/1316233005

Cr-Commit-Position: refs/heads/master@{#30528}
2015-09-01 23:05:28 +00:00
bradnelson
546d9a70ac Add asm.js typer / validator.
Walk asm.js module ASTs, attach concrete type information
in preparation for generating a WASM module.

cctest test coverage (mjsunit coming in later CL).
Expressions, function tables, and foreign functions have coverage.
Statement coverage to be expanded in a later CL.

BUG= https://code.google.com/p/v8/issues/detail?id=4203
TEST=test-asm-validator
R=rossberg@chromium.org,titzer@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/1322773002

Cr-Commit-Position: refs/heads/master@{#30520}
2015-09-01 18:30:43 +00:00
mstarzinger
5f57ebe222 Make isolate.h usable without objects-inl.h header.
This CL us a pure refactoring that makes an empty compilation unit
including just "isolate.h" or "contexts.h" but not "objects-inl.h"
compile without warnings or errors. This is needed to further reduce
the header dependency tangle.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1322883002

Cr-Commit-Position: refs/heads/master@{#30500}
2015-09-01 09:25:27 +00:00
mstarzinger
3d7a34b5c7 [heap] Move IdentityMap data structure out of heap.
This data structure uses the public heap API only and is not specific
to any heap internals. It should be usable throughout V8 and inclusion
of the header file should not be restricted.

R=titzer@chromium.org

Review URL: https://codereview.chromium.org/1320503004

Cr-Commit-Position: refs/heads/master@{#30443}
2015-08-28 13:01:08 +00:00
bradnelson
e2b3edbf31 Spliting out TyperCache into ZoneTypeCache to share with AsmTyper.
The zone type cache would be handy inside the asm.js typer.
Pulling it out into a seperate inlinable header to allow sharing.

BUG=https://code.google.com/p/v8/issues/detail?id=4203
TEST=None
R=andreas@chromium.org,titzer@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/1307093006

Cr-Commit-Position: refs/heads/master@{#30398}
2015-08-26 21:41:05 +00:00
mtrofin
5d954d6506 [turbofan] Deferred blocks splintering.
This change encompasses what is necessary to enable stack checks in loops without suffering large regressions.

Primarily, it consists of a new mechanism for dealing with deferred blocks by "splintering", rather than splitting, inside deferred blocks.

My initial change was splitting along deferred block boundaries, but the regression introduced by stackchecks wasn't resolved conclusively. After investigation, it appears that just splitting ranges along cold block boundaries leads to a greater opportunity for moves on the hot path, hence the suboptimal outcome.

The alternative "splinters" ranges rather than splitting them. While splitting creates 2 ranges and links them (parent-child), in contrast, splintering creates a new independent range with no parent-child relation to the original. The original range appears as if it has a liveness hole in the place of the splintered one. All thus obtained ranges are then register allocated with no change to the register allocator.

The splinters (cold blocks) do not conflict with the hot path ranges, by construction. The hot path ones have less pressure to split, because we remove a source of conflicts. After allocation, we merge the splinters back to their original ranges and continue the pipeline. We leverage the previous changes made for deferred blocks (determining where to spill, for example).

Review URL: https://codereview.chromium.org/1305393003

Cr-Commit-Position: refs/heads/master@{#30357}
2015-08-25 14:47:38 +00:00
bradnelson
10f2c5c33a Adding visitors to regurgitate expression types or reset them.
Adding an AstExpressionVisitor to touch each expression node in
an AST.

Adding TypingReseter to clear the slate after a failed asm.js
validation that has set partial typing information.

Adding a ExpressionTypeCollector to walk the expressions
in an AST and emit them as a string for testing.

Adding tests of the above.

LOG=N
BUG= https://code.google.com/p/v8/issues/detail?id=4203
TEST=test-typing-reset,test-ast-expression-visitor
R=rossberg@chromium.org,titzer@chromium.org

Review URL: https://codereview.chromium.org/1288773007

Cr-Commit-Position: refs/heads/master@{#30336}
2015-08-24 17:16:49 +00:00
mstarzinger
8c70c20568 Remove code.h header and move ParameterCount class.
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1302293002

Cr-Commit-Position: refs/heads/master@{#30291}
2015-08-21 10:25:21 +00:00
mstarzinger
4e39437a02 Separate UnicodeCache out into an own file.
This make inclusion of unicode-inl.h in object.h absolete. Now most
compilation units don't require that header. It also breaks a cycle
within declarations of the scanner.h header.

This tries to remove includes of "-inl.h" headers from normal ".h"
headers, thereby reducing the chance of any cyclic dependencies and
decreasing the average size of our compilation units.

Note that this change still leaves 3 violations of that rule in the
code, checked with the "tools/check-inline-includes.sh" tool.

R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/1287893006

Cr-Commit-Position: refs/heads/master@{#30268}
2015-08-20 11:47:09 +00:00
domenic
6f582f088a Add experimental, non-snapshotted V8 extras
Embedders would use these for features which must be able to be turned
off at runtime, despite being compiled into V8. They can be turned on
and off by the embedder using the --experimental_extras flag, e.g. via
v8::SetFlagsFromString.

R=yangguo@chromium.org, mlippautz@chromium.org, hpayer@chromium.org
BUG=chromium:507137
LOG=Y

Review URL: https://codereview.chromium.org/1284413002

Cr-Commit-Position: refs/heads/master@{#30260}
2015-08-20 00:01:14 +00:00
mstarzinger
e1ad02375a Remove empty string-search.cc file.
R=titzer@chromium.org

Review URL: https://codereview.chromium.org/1295333002

Cr-Commit-Position: refs/heads/master@{#30234}
2015-08-18 18:18:22 +00:00
danno
cbbaf9ea6a [turbofan] Unify referencing of stack slots
Previously, it was not possible to specify StackSlotOperands for all
slots in both the caller and callee stacks. Specifically, the region
of the callee's stack including the saved return address, frame
pointer, function pointer and context pointer could not be addressed
by the register allocator/gap resolver.

In preparation for better tail call support, which will use the gap
resolver to reconcile outgoing parameters, this change makes it
possible to address all slots on the stack, because slots in the
previously inaccessible dead zone may become parameter slots for
outgoing tail calls. All caller stack slots are accessible as they
were before, with slot -1 corresponding to the last stack
parameter. Stack slot indices >= 0 access the callee stack, with slot
0 corresponding to the callee's saved return address, 1 corresponding
to the saved frame pointer, 2 corresponding to the current function
context, 3 corresponding to the frame marker/JSFunction, and slots 4
and above corresponding to spill slots.

The following changes were specifically	needed:

* Frame	has been changed to explicitly manage three areas of the
  callee frame, the fixed header, the spill slot area, and the
  callee-saved register area.
* Conversions from stack slot indices to fp offsets all now go through
  a common bottleneck: OptimizedFrame::StackSlotOffsetRelativeToFp
* The generation of deoptimization translation tables has been changed
  to support the new stack slot indexing scheme. Crankshaft, which
  doesn't support the new slot numbering in its register allocator,
  must adapt the indexes when creating translation tables.
* Callee-saved parameters are now kept below spill slots, not above,
  to support saving only the optimal set of used registers, which is
  only known after register allocation is finished and spill slots
  have been allocated.

Review URL: https://codereview.chromium.org/1261923007

Cr-Commit-Position: refs/heads/master@{#30224}
2015-08-18 14:48:11 +00:00
mstarzinger
366262e606 Remove inline header includes from natives.h header.
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/1303463002

Cr-Commit-Position: refs/heads/master@{#30222}
2015-08-18 14:31:34 +00:00
oth
238397c108 [Interpreter] Minimal bytecode generator.
Bytecode generator for local assignment and basic binary operations.

Command-line flag for printing bytecodes.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1294543002

Cr-Commit-Position: refs/heads/master@{#30221}
2015-08-18 13:46:57 +00:00
yangguo
f3059c43a4 Native context: run prologue.js before runtime.js
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/1294803004

Cr-Commit-Position: refs/heads/master@{#30217}
2015-08-18 11:15:50 +00:00
vogelheim
c69e2eae54 Rework startup-data-util.
- Make the API look like v8::V8::InitializeICU.
  (That is: A static method call, not an object to be created on the stack.)
- Fix path separator on Windows, by calling base::OS::isPathSeparator.
- Move into API, so that it can be called by hello-world & friends.
- Actually call it from hello-world and friends.

R=jochen@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1292053002

Cr-Commit-Position: refs/heads/master@{#30174}
2015-08-14 12:11:46 +00:00
yangguo
67e4b3732a Move regexp implementation into its own folder.
Review URL: https://codereview.chromium.org/1285163003

Cr-Commit-Position: refs/heads/master@{#30144}
2015-08-13 06:55:36 +00:00
yangguo
5df7d689eb Debugger: load debugger builtins as normal native JS.
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/1282793002

Cr-Commit-Position: refs/heads/master@{#30136}
2015-08-12 14:22:22 +00:00
titzer
7a222c612d [turbofan] Remove architecture-specific linkage files and LinkageTraits. Use macro-assembler-defined constants.
R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1272883003

Cr-Commit-Position: refs/heads/master@{#30063}
2015-08-07 10:45:43 +00:00
mstarzinger
325257744f Helpful checks.cc file is being helpful.
R=titzer@chromium.org

Review URL: https://codereview.chromium.org/1276843004

Cr-Commit-Position: refs/heads/master@{#30046}
2015-08-06 13:33:45 +00:00
yangguo
0a1a714f7e Introduce object visitor to estimate the size of a native context.
This is only an estimate since it counts objects that could be shared,
for example strings, cow arrays, heap numbers, etc.

It however ignores objects that could be shared, but may only be used
by the context to be measured, for example shared function infos,
script objects, scope infos, etc.

R=jochen@chromium.org

Review URL: https://codereview.chromium.org/1268333004

Cr-Commit-Position: refs/heads/master@{#30029}
2015-08-05 14:07:33 +00:00
adamk
2e4efcfac2 Add a --harmony-object-observe runtime flag (on by default)
To avoid tanking context startup performance, only the actual installation of the
JS-exposed API is flag-guarded. The remainder of the implementation still
resides in the snapshot.

Review URL: https://codereview.chromium.org/1257063003

Cr-Commit-Position: refs/heads/master@{#30017}
2015-08-04 20:53:32 +00:00
mtrofin
c11ab6f7e5 Setting up the stage for heuristics that preprocess live ranges before register allocation, and are independent of register allocation - e.g. the deferred blocks heuristic, or the split at call sites heuristic.
Added a separate flag for this, since we intend to enable it for the linear allocator as well. Currently, the option is "on" for greedy, as a point in time to enable its testing (through the greedy allocator bots).

BUG=

Review URL: https://codereview.chromium.org/1256313003

Cr-Commit-Position: refs/heads/master@{#30005}
2015-08-04 14:50:05 +00:00
yangguo
4e036f3042 Debugger: refactor ScopeIterator, FrameInspector and DebugEvaluate.
This is a pure refactor and does not change functionality.

R=ulan@chromium.org

Review URL: https://codereview.chromium.org/1264993002

Cr-Commit-Position: refs/heads/master@{#29995}
2015-08-04 12:10:13 +00:00
yangguo
1667c15e37 Debugger: move implementation to a separate folder.
R=cbruni@chromium.org

Review URL: https://codereview.chromium.org/1265923002

Cr-Commit-Position: refs/heads/master@{#29951}
2015-07-31 11:08:15 +00:00
Ben L. Titzer
ca38b15be7 Fix BUILD.gn.
TBR=bmeurer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1263633003

Cr-Commit-Position: refs/heads/master@{#29932}
2015-07-30 12:42:22 +00:00
yangguo
3be39a24bf Move Full-codegen into its own folder.
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/1248443003

Cr-Commit-Position: refs/heads/master@{#29840}
2015-07-24 10:11:57 +00:00
rmcilroy
7877c4e0c7 [interpreter] Add basic framework for bytecode handler code generation.
Adds basic support for generation of interpreter bytecode handler code
snippets. The InterpreterAssembler class exposes a set of low level,
interpreter specific operations which can be used to build a Turbofan
graph. The Interpreter class generates a bytecode handler snippet for
each bytecode by assembling operations using an InterpreterAssembler.

Currently only two simple bytecodes are supported: LoadLiteral0 and Return.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1239793002

Cr-Commit-Position: refs/heads/master@{#29814}
2015-07-23 14:21:39 +00:00
yangguo
8e027195b4 Remove readline support from d8.
Nobody seems to use it. A good alternative is rlwrap.

R=jochen@chromium.org

Review URL: https://codereview.chromium.org/1250223002

Cr-Commit-Position: refs/heads/master@{#29810}
2015-07-23 13:20:31 +00:00
yangguo
cd0015aad0 Remove d8's interactive Javascript debugger.
The code is unmaintained and full of errors...
but this CL wipes them all away.

Nobody seems to use it anyways.

R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/1243213004

Cr-Commit-Position: refs/heads/master@{#29801}
2015-07-23 09:49:33 +00:00
mstarzinger
0788c98d3b [turbofan] Remove bloated GraphBuilder base class.
Using the GraphBuilder base class forces each node creation to go
through a virtual function dispatch just for the sake of saving the
duplication of the NewNode helper methods. In total that added up to
saving minus (sic!) six lines of code.

R=titzer@chromium.org

Review URL: https://codereview.chromium.org/1252093002

Cr-Commit-Position: refs/heads/master@{#29799}
2015-07-23 08:25:40 +00:00
danno
cca5e74a58 [turbofan]: Add a context relaxation Reducer
In many cases, the context that TurboFan's ASTGraphBuilder or subsequent
reduction operations attaches to nodes does not need to be that exact
context, but rather only needs to be one with the same native context,
because it is used internally only to fetch the native context, e.g. for
creating and throwing exceptions.

This reducer recognizes common cases where the context that is specified
for a node can be relaxed to a canonical, less specific one. This
relaxed context can either be the enclosing function's context or a specific
Module or Script context that is explicitly created within the function.

This optimization is especially important for TurboFan-generated code stubs
which use context specialization and inlining to generate optimal code.
Without context relaxation, many extraneous moves are generated to pass
exactly the right context to internal functions like ToNumber and
AllocateHeapNumber, which only need the native context. By turning context
relaxation on, these moves disappear because all these common internal
context uses are unified to the context passed into the stub function, which
is typically already in the correct context register and remains there for
short stubs. It also eliminates the explicit use of a specialized context
constant in the code stub in these cases, which could cause memory leaks.

Review URL: https://codereview.chromium.org/1244583003

Cr-Commit-Position: refs/heads/master@{#29763}
2015-07-20 17:16:14 +00:00
epertoso
df2d1ef979 Don't run the second pass of the pending phantom callbacks if the heap has been torn down.
R=jochen@chromium.org
BUG=511204
LOG=y

Review URL: https://codereview.chromium.org/1246603002

Cr-Commit-Position: refs/heads/master@{#29759}
2015-07-20 15:04:08 +00:00
binji
35b2114874 Atomics Futex API
BUG=chromium:497295
R=jarin@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1208933006

Cr-Commit-Position: refs/heads/master@{#29736}
2015-07-17 17:11:47 +00:00
bbudge
6113058427 Expose SIMD.Float32x4 type to Javascript.
This CL exposes the constructor function, defines type related
information, and implements value type semantics.
It also refactors test/mjsunit/samevalue.js to test SameValue and SameValueZero.

TEST=test/mjsunit/harmony/simd.js, test/cctest/test-simd.cc

LOG=Y
BUG=v8:4124

Committed: https://crrev.com/e5ed3bee99807c502fa7d7a367ec401e16d3f773
Cr-Commit-Position: refs/heads/master@{#29689}

Review URL: https://codereview.chromium.org/1219943002

Cr-Commit-Position: refs/heads/master@{#29712}
2015-07-16 19:43:32 +00:00
hablich
40c38c5a5a Revert of Expose SIMD.Float32x4 type to Javascript. (patchset #14 id:450001 of https://codereview.chromium.org/1219943002/)
Reason for revert:
Seems to brake the latest roll into Chromium: http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_compile_dbg_ng/builds/59796/steps/compile%20%28with%20patch%29/logs/stdio

Original issue's description:
> Expose SIMD.Float32x4 type to Javascript.
> This CL exposes the constructor function, defines type related
> information, and implements value type semantics.
> It also refactors test/mjsunit/samevalue.js to test SameValue and SameValueZero.
>
> TEST=test/mjsunit/harmony/simd.js, test/cctest/test-simd.cc
>
> LOG=Y
> BUG=v8:4124
>
> Committed: https://crrev.com/e5ed3bee99807c502fa7d7a367ec401e16d3f773
> Cr-Commit-Position: refs/heads/master@{#29689}

TBR=rossberg@chromium.org,littledan@chromium.org,martyn.capewell@arm.com,bbudge@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4124

Review URL: https://codereview.chromium.org/1241533004

Cr-Commit-Position: refs/heads/master@{#29701}
2015-07-16 12:36:11 +00:00
bbudge
e5ed3bee99 Expose SIMD.Float32x4 type to Javascript.
This CL exposes the constructor function, defines type related
information, and implements value type semantics.
It also refactors test/mjsunit/samevalue.js to test SameValue and SameValueZero.

TEST=test/mjsunit/harmony/simd.js, test/cctest/test-simd.cc

LOG=Y
BUG=v8:4124

Review URL: https://codereview.chromium.org/1219943002

Cr-Commit-Position: refs/heads/master@{#29689}
2015-07-15 19:17:06 +00:00
machenbach
33593da46c [Sheriff] Fix gn build.
TBR=jochen@chromium.org, rmcilroy@chromium.org, hablich@chromium.org
NOTRY=true

Review URL: https://codereview.chromium.org/1234573003

Cr-Commit-Position: refs/heads/master@{#29637}
2015-07-14 08:40:01 +00:00
rmcilroy
d02f62484e Move SmartPointer to base.
Review URL: https://codereview.chromium.org/1221433021

Cr-Commit-Position: refs/heads/master@{#29604}
2015-07-13 12:38:17 +00:00
danno
a1475dae5d Create a internal native context used only for TF-generated code stubs
Until now, TF-generated code stubs piggy-backed off of the builtin
context. Since generation of code stubs is lazy, stubs generated at
different times in different native contexts would contain embedded
pointers different builtin contexts, leading to cross-context references
and memory leaks.

After this CL, all TF-generated code stubs are generated inside a
internal thinned-out, native context that lives solely for the
purpose of hosting generated code stubs.

Review URL: https://codereview.chromium.org/1213203007

Cr-Commit-Position: refs/heads/master@{#29593}
2015-07-13 09:45:51 +00:00
bmeurer
b19f118c16 [turbofan] Optimize string "length" property access based on types.
Optimize string "length" property access based on static type
information if possible, but also optimistically optimize the access
based on type feedback from the LoadIC.

R=jarin@chromium.org

Committed: https://crrev.com/17add22ff4b9c5ca638502e7708f0d9d99baca40
Cr-Commit-Position: refs/heads/master@{#29543}

Review URL: https://codereview.chromium.org/1216593003

Cr-Commit-Position: refs/heads/master@{#29588}
2015-07-13 06:02:22 +00:00
littledan
a415f59458 Guard @@isConcatSpreadable behind a flag
The breakage to Chrome seems to be based on @@isConcatSpreadable
and turning that part off with this patch fixes the Maps Tips & Tricks
test case.

BUG=chromium:507553
LOG=Y
R=adamk

Review URL: https://codereview.chromium.org/1226063002

Cr-Commit-Position: refs/heads/master@{#29545}
2015-07-08 21:49:58 +00:00
adamk
54572281e9 Revert of [turbofan] Optimize string "length" property access based on types. (patchset #2 id:20001 of https://codereview.chromium.org/1216593003/)
Reason for revert:
Causes crash when running benchmarks/octane/regexp.js on ARM:
http://build.chromium.org/p/client.v8/builders/V8%20Arm/builds/2492/steps/Benchmarks/logs/regexp

Original issue's description:
> [turbofan] Optimize string "length" property access based on types.
>
> Optimize string "length" property access based on static type
> information if possible, but also optimistically optimize the access
> based on type feedback from the LoadIC.
>
> R=jarin@chromium.org
>
> Committed: https://crrev.com/17add22ff4b9c5ca638502e7708f0d9d99baca40
> Cr-Commit-Position: refs/heads/master@{#29543}

TBR=mstarzinger@chromium.org,jarin@chromium.org,bmeurer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1224083002

Cr-Commit-Position: refs/heads/master@{#29544}
2015-07-08 21:30:14 +00:00
bmeurer
17add22ff4 [turbofan] Optimize string "length" property access based on types.
Optimize string "length" property access based on static type
information if possible, but also optimistically optimize the access
based on type feedback from the LoadIC.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1216593003

Cr-Commit-Position: refs/heads/master@{#29543}
2015-07-08 19:12:58 +00:00
rmcilroy
ea560a9be9 [turbofan] Move RawMachineAssembler back to src/compiler.
The RawMachineAssembler will be used to build the interpreter, so it needs
to move back to src/compiler.

This reverts commit b5b00cc031.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1221303014

Cr-Commit-Position: refs/heads/master@{#29519}
2015-07-07 15:02:51 +00:00
ulan
a7f62edb71 Reland "Replace reduce-memory mode in idle notification with delayed clean-up GC."
This reverts commit 269918927a.
This reverts commit 435b3c873a.

The failing test is fixing in chromium.

BUG=chromium:490559
LOG=NO
TBR=hpayer@chromium.org

Review URL: https://codereview.chromium.org/1208993009

Cr-Commit-Position: refs/heads/master@{#29512}
2015-07-07 11:37:53 +00:00
bmeurer
ef661b0804 [turbofan] Reland "Add new JSFrameSpecialization reducer." and "Perform OSR deconstruction early and remove type propagation.".
We have to reland these two commits at once, because the first breaks
some asm.js benchmarks without the second. The change was reverted
because of bogus checks in the verifier, which will not work in the
presence of OSR (and where hidden because of the type back propagation
hack in OSR so far). Original messages are below:

[turbofan] Add new JSFrameSpecialization reducer.

The JSFrameSpecialization specializes an OSR graph to the current
unoptimized frame on which we will perform the on-stack replacement.
This is used for asm.js functions, where we cannot reuse the OSR
code object anyway because of context specialization, and so we could as
well specialize to the max instead.

It works by replacing all OsrValues in the graph with their values
in the JavaScriptFrame.

The idea is that using this trick we get better performance without
doing the unsound backpropagation of types to OsrValues later. This
is the first step towards fixing OSR for TurboFan.

[turbofan] Perform OSR deconstruction early and remove type propagation.

This way we don't have to deal with dead pre-OSR code in the graph
and risk optimizing the wrong code, especially we don't make
optimistic assumptions in the dead code that leaks into the OSR code
(i.e. deopt guards are in dead code, but the types propagate to OSR
code via the OsrValue type back propagation).

BUG=v8:4273
LOG=n
R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1226673005

Cr-Commit-Position: refs/heads/master@{#29486}
2015-07-06 11:11:26 +00:00
machenbach
9e71cdba48 Revert "[turbofan] Add new JSFrameSpecialization reducer."
Also revert "[turbofan] Perform OSR deconstruction early and remove type propagation."

This reverts commit b0a852e8c2.

This reverts commit cdbb6c485b.

NOTRY=true
NOTREECHECKS=true
BUG=v8:4273
LOG=n
TBR=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1225743002

Cr-Commit-Position: refs/heads/master@{#29480}
2015-07-06 10:01:42 +00:00
bmeurer
b0a852e8c2 [turbofan] Add new JSFrameSpecialization reducer.
The JSFrameSpecialization specializes an OSR graph to the current
unoptimized frame on which we will perform the on-stack replacement.
This is used for asm.js functions, where we cannot reuse the OSR code
object anyway because of context specialization, and so we could as well
specialize to the max instead.

It works by replacing all OsrValues in the graph with their values in
the JavaScriptFrame.

The idea is that using this trick we get better performance without
doing the unsound backpropagation of types to OsrValues later. This is
the first step towards fixing OSR for TurboFan.

R=jarin@chromium.org
BUG=v8:4273
LOG=n

Review URL: https://codereview.chromium.org/1225683004

Cr-Commit-Position: refs/heads/master@{#29476}
2015-07-06 08:27:12 +00:00
machenbach
269918927a Revert of Replace reduce-memory mode in idle notification with delayed clean-up GC. (patchset #17 id:320001 of https://codereview.chromium.org/1218863002/)
Reason for revert:
[Sheriff] Looks like it blocks the roll (bisected). Speculative revert.
https://codereview.chromium.org/1210293003/

Original issue's description:
> Replace reduce-memory mode in idle notification with delayed clean-up GC.
>
> BUG=490559
> LOG=NO
>
> Committed: https://crrev.com/0ecd9e1bd2c6b519d4e7285f46cb7e844bc2235c
> Cr-Commit-Position: refs/heads/master@{#29451}

TBR=hpayer@chromium.org,ulan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=490559

Review URL: https://codereview.chromium.org/1226703002

Cr-Commit-Position: refs/heads/master@{#29470}
2015-07-05 18:19:03 +00:00
ulan
0ecd9e1bd2 Replace reduce-memory mode in idle notification with delayed clean-up GC.
BUG=490559
LOG=NO

Review URL: https://codereview.chromium.org/1218863002

Cr-Commit-Position: refs/heads/master@{#29451}
2015-07-02 15:41:36 +00:00
littledan
a1dcac3df7 Include Harmony Array/TypedArray methods unconditionally
Conditionally including Array and TypedArray methods seems to cause
a slowdown in V8 context creation, possibly due to the new code added.

BUG=chromium:504629
R=adamk@chromium.org
LOG=Y

Review URL: https://codereview.chromium.org/1215863003

Cr-Commit-Position: refs/heads/master@{#29430}
2015-07-01 23:10:21 +00:00
mtrofin
1cd60451de [turbofan] Greedy allocator refactoring.
Separated core greedy allocator concepts, exposing the APIs we would want to continue working with. In particular, this change completely reworks CoalescedLiveRanges to reflect the fact that we expect more than one possible conflict, scrapping the initial design of the structure. Since this is a critical part of the design, this change may be thought of as a full rewrite of the algorithm.

Reduced all heuristics to just 2 essential ones: split "somewhere", which we'll still need when all other heuristics fail; and spill.

Introduced a simple primitive for splitting - at GapPosition::START. The goal is to use such primitives to quickly and reliably author heuristics.

I expected this primitive to "just work" for any arbitrary instruction index within a live range - e.g. its middle. That's not the case, it seems to upset execution in certain scenarios. Restricting to either before/after use positions seems to work. I'm still investigating what the source of failures is in the case of "arbitrary instruction in the range" case.

I intended to document the rationale and prove the soundness of always using START for splits, but I will postpone to after this last remaining issue is resolved.

Review URL: https://codereview.chromium.org/1205173002

Cr-Commit-Position: refs/heads/master@{#29352}
2015-06-29 15:56:33 +00:00
machenbach
9295dd0d94 Fix gn build deps.
Fix c/p error from https://codereview.chromium.org/1217483002/

TBR=jochen@chromium.org

Review URL: https://codereview.chromium.org/1214013002

Cr-Commit-Position: refs/heads/master@{#29338}
2015-06-27 19:39:55 +00:00
dslomov
b4f49586ab [destructuring] Re-index materialized literals in arrow function parameters.
R=wingo@igalia.com
BUG=v8:811
LOG=N

Review URL: https://codereview.chromium.org/1212473002

Cr-Commit-Position: refs/heads/master@{#29337}
2015-06-26 21:39:53 +00:00
machenbach
3e38d64495 Fix missing source dependencies.
BUG=

Review URL: https://codereview.chromium.org/1217483002

Cr-Commit-Position: refs/heads/master@{#29328}
2015-06-26 14:24:52 +00:00
bmeurer
5056c8219a [turbofan] Revive the useful parts of the SimplifiedOperatorReducer.
This partially reverts https://codereview.chromium.org/1162563002
because we might actually be able to optimize certain combinations
now due to dead code elimination.

R=titzer@chromium.org

Review URL: https://codereview.chromium.org/1202263006

Cr-Commit-Position: refs/heads/master@{#29277}
2015-06-25 04:47:16 +00:00
bmeurer
733a246386 [turbofan] Proper dead code elimination as regular reducer.
The three different concerns that the ControlReducer used to deal with
are now properly separated into

  a.) DeadCodeElimination, which is a regular AdvancedReducer, that
      propagates Dead via control edges,
  b.) CommonOperatorReducer, which does strength reduction on common
      operators (i.e. Branch, Phi, and friends), and
  c.) GraphTrimming, which removes dead->live edges from the graph.

This will make it possible to run the DeadCodeElimination together with
other passes that actually introduce Dead nodes, i.e. typed lowering;
and it opens the door for general inlining without two stage fix point
iteration.

To make the DeadCodeElimination easier and more uniform, we basically
reverted the introduction of DeadValue and DeadEffect, and changed the
Dead operator to produce control, value and effect. Note however that
this is not a requirement, but merely a way to make dead propagation
easier and more uniform. We could always go back and decide to have
different Dead operators if some other change requires that.

Note that there are several additional opportunities for cleanup now,
i.e. OSR deconstruction could be a regular reducer now, and we don't
need to use TheHole as dead value marker in the GraphReducer. And we can
actually run the dead code elimination together with the other passes
instead of using separate passes over the graph.  We will do this in
follow up CLs.

R=jarin@chromium.org, mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1193833002

Cr-Commit-Position: refs/heads/master@{#29146}
2015-06-19 12:07:26 +00:00
bmeurer
80a6e53935 [turbofan] Move graph trimming functionality to dedicated GraphTrimmer.
Up until now that was still mixed with control reduction in the
ControlReducer. This separation allows us to remove the horrible
Reducer::Finish hack and also do graph trimming at more appropriate
places in the pipeline (i.e. trim dead nodes after generic lowering,
which can also make nodes dead).

R=jarin@chromium.org,mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1188433010

Cr-Commit-Position: refs/heads/master@{#29077}
2015-06-17 10:56:37 +00:00
mtrofin
4e0b7b0cf5 Separated the new register allocator in its own files.
Opportunistically removed GreedyAllocator::TryReuseSpillForPhi because it is actually unsuitable for Greedy. It was copied from Linear and it relies on hints, however, the current implementation of hints assumes linear scan.

This change doesn't aim to address performance nor correctness for Greedy.

BUG=

Review URL: https://codereview.chromium.org/1184183002

Cr-Commit-Position: refs/heads/master@{#29054}
2015-06-16 17:10:31 +00:00
bmeurer
b5b00cc031 [turbofan] Move RawMachineAssembler to unittests.
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1177353003

Cr-Commit-Position: refs/heads/master@{#28993}
2015-06-12 10:33:19 +00:00
dslomov
b64e13b0d8 [destructuring] Refactor duplicate parameter name detection.
Pushed the detection logic down to ParseAndClassifyIdentifier in
preparation to having patterns in parameter positions.

R=arv@chromium.org,rossberg@chromium.org,wingo@igalia.com
BUG=v8:811
LOG=N

Review URL: https://codereview.chromium.org/1170153003

Cr-Commit-Position: refs/heads/master@{#28876}
2015-06-09 17:13:48 +00:00
brettw
4cf578a1ea Make v8 snapshot public in component build.
This was already public in a non-component build. This means that targets
dependent on the "v8" target can take the results of the snapshot as inputs.

This also renames the component mode checking from keying off of the
component_mode string to checking the is_component_build flag, which is now the
recommended way to do this check.

Review URL: https://codereview.chromium.org/1167223002

Cr-Commit-Position: refs/heads/master@{#28856}
2015-06-09 08:36:16 +00:00
binji
e59e40a354 Implement Atomics API
This is behind the flag "--harmony-atomics", and it only works on
SharedArrayBuffers. This implementation only includes the runtime functions.
The TurboFan implementation will be next.

The draft spec for Atomics can be found here:
https://docs.google.com/document/d/1NDGA_gZJ7M7w1Bh8S0AoDyEqwDdRh4uSoTPSNn77PFk

BUG=
LOG=n

Review URL: https://codereview.chromium.org/1162503002

Cr-Commit-Position: refs/heads/master@{#28796}
2015-06-03 17:58:42 +00:00
bmeurer
e2e47f30be [turbofan] First step towards sanitizing for-in and making it optimizable.
In a nutshell: The FILTER_KEY builtin is gone, and was replaced by a
simple runtime call to ForInFilter, which does everything and is even
cheaper (because FILTER_KEY used to call into the runtime anyway).
And ForInFilter returns either the name or undefined, which makes it
possible to remove the control flow construction from the AstGraphBuilder,
and thereby make both the initialization and the per-loop code of for-in
optimizable later (in typed lowering).

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1160983004

Cr-Commit-Position: refs/heads/master@{#28711}
2015-06-01 07:20:58 +00:00
jarin
9058ac3be1 Remove the experimental perf jit support until the license is clarified.
BUG=

Review URL: https://codereview.chromium.org/1148293009

Cr-Commit-Position: refs/heads/master@{#28697}
2015-05-29 10:39:52 +00:00
bmeurer
19482d29e5 [turbofan] Remove the useless SimplifiedOperatorReducer.
The SimplifiedOperatorReducer is (mostly) unused, except for the very
rough store elimination, and just eats compilation time.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1162563002

Cr-Commit-Position: refs/heads/master@{#28673}
2015-05-28 08:38:13 +00:00
binji
aff8ebb0eb Implement SharedArrayBuffer.
This adds a new external type (v8::SharedArrayBuffer) that uses a JSArrayBuffer
under the hood. It can be distinguished from an ArrayBuffer by the newly-added
is_shared() bit.

Currently there is no difference in functionality between a SharedArrayBuffer
and an ArrayBuffer. However, a future CL will add the Atomics API, which is
only available on an SharedArrayBuffer. All non-atomic accesses are identical
to ArrayBuffer accesses.

LOG=N
BUG=

Review URL: https://codereview.chromium.org/1136553006

Cr-Commit-Position: refs/heads/master@{#28594}
2015-05-22 13:43:17 +00:00
yangguo
57ee3c0f6e Revert of Implement SharedArrayBuffer (patchset #7 id:120001 of https://codereview.chromium.org/1136553006/)
Reason for revert:
breaks build

Original issue's description:
> Implement SharedArrayBuffer.
>
> This adds a new external type (v8::SharedArrayBuffer) that uses a JSArrayBuffer under the hood. It can be distinguished from an ArrayBuffer by the newly-added is_shared() bit.
>
> Currently there is no difference in functionality between a SharedArrayBuffer and an ArrayBuffer. However, a future CL will add the Atomics API, which is only available on an SharedArrayBuffer. All non-atomic accesses are identical to ArrayBuffer accesses.
>
> BUG=
>
> Committed: https://crrev.com/57170bff7baf341c666252a7f6a49e9c08d51263
> Cr-Commit-Position: refs/heads/master@{#28588}

TBR=jarin@chromium.org,jochen@chromium.org,binji@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1149203003

Cr-Commit-Position: refs/heads/master@{#28589}
2015-05-22 12:17:49 +00:00
binji
57170bff7b Implement SharedArrayBuffer.
This adds a new external type (v8::SharedArrayBuffer) that uses a JSArrayBuffer under the hood. It can be distinguished from an ArrayBuffer by the newly-added is_shared() bit.

Currently there is no difference in functionality between a SharedArrayBuffer and an ArrayBuffer. However, a future CL will add the Atomics API, which is only available on an SharedArrayBuffer. All non-atomic accesses are identical to ArrayBuffer accesses.

BUG=

Review URL: https://codereview.chromium.org/1136553006

Cr-Commit-Position: refs/heads/master@{#28588}
2015-05-22 12:06:44 +00:00
yangguo
e56585077b Use shared container to manage imports/exports.
Also changed string.js and math.js to adapt this change.

R=jkummerow@chromium.org

Committed: https://crrev.com/e25058b0b7b9831162579564fc8935d568c1ecdd
Cr-Commit-Position: refs/heads/master@{#28521}

Review URL: https://codereview.chromium.org/1143993003

Cr-Commit-Position: refs/heads/master@{#28533}
2015-05-21 06:15:19 +00:00