Commit Graph

32817 Commits

Author SHA1 Message Date
jgruber
ea6b9609a6 Handle stack overflows in NoSideEffectToString
An infinite recursion can be triggered when NoSideEffectToString is
called on an error object with its name property set to itself.

BUG=633998

Review-Url: https://codereview.chromium.org/2206313002
Cr-Commit-Position: refs/heads/master@{#38325}
2016-08-04 07:45:11 +00:00
jgruber
a53d468747 Properly handle exceptions in cctests
Thrown exceptions must be handled before another exception is thrown.
This fixes all remaining test failures exposed by not clearing pending
exceptions in JSEntryStub.

BUG=v8:5259

Review-Url: https://codereview.chromium.org/2207923002
Cr-Commit-Position: refs/heads/master@{#38324}
2016-08-04 07:22:11 +00:00
jgruber
76193d4b6c Fix several stack-traces tests using assertUnreachable()
These tests all called assertUnreachable within a try/catch block.

BUG=v8:5246

Review-Url: https://codereview.chromium.org/2209663003
Cr-Commit-Position: refs/heads/master@{#38323}
2016-08-04 07:22:10 +00:00
hablich
39a5998f04 [Infra] Whitespace change for switching Ignition benchmarks.
Ignition benchmarks will be switched to --ignition-staging.

TBR=machenbach@chromium.org
NOTRY=true
NOTREECHECKS=true
NOPRESUBMIT=true

Review-Url: https://codereview.chromium.org/2210873002
Cr-Commit-Position: refs/heads/master@{#38322}
2016-08-04 07:18:03 +00:00
bmeurer
887583a15a [turbofan] Use CheckMaps for the COW check on elements.
Use a single CheckMaps node instead of the sequence of LoadField,
ReferenceEqual and CheckIf. This also makes it easier to eliminate
the COW check if there are multiple of them in a row.

R=yangguo@chromium.org

Review-Url: https://codereview.chromium.org/2216453002
Cr-Commit-Position: refs/heads/master@{#38321}
2016-08-04 06:07:27 +00:00
zhengxing.li
6f94976b02 X87: Clear exceptions in Invoke instead of JSEntryStub.
port cdae865436 (r38292)

  original commit message:
  A corresponding flag was added as well to help us find out what breaks when we
  do not clear pending exceptions on each JS entry.

BUG=

Review-Url: https://codereview.chromium.org/2212733002
Cr-Commit-Position: refs/heads/master@{#38320}
2016-08-04 04:27:37 +00:00
v8-autoroll
3c9823972f Update V8 DEPS.
Rolling v8/build to c6b327c244be25a972266cad3228279266a03c66

Rolling v8/buildtools to 88c6fc5bde77b9477345f0885cd88d4a57ad1844

Rolling v8/tools/mb to 72a708590a056993adf080a92211ddc8221010e7

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review-Url: https://codereview.chromium.org/2212753002
Cr-Commit-Position: refs/heads/master@{#38319}
2016-08-04 03:24:30 +00:00
gsathya
140b898091 [promises] Avoid creating resolving functions in
Promise.resolve

Instead of creating resolve and reject closures, directly
call ResolvePromise after creating the promise.

Using the following as a microbenchmark --
```
var b = 0;
var start = performance.now();
for (var i = 0; i < 1000000; i++) {
  Promise.resolve(1).then((val) => {
    b += val;
    if (b == 1000000) print(performance.now() - start)
  });
}
```

I see a 16.01% improvement over 5 runs with this patch.

BUG=v8:5046

Review-Url: https://codereview.chromium.org/2143553002
Cr-Commit-Position: refs/heads/master@{#38318}
2016-08-03 22:59:39 +00:00
titzer
6cf621ec89 [wasm] Require global names to be validate UTF-8.
R=ahaas@chromium.org,bradnelson@chromium.org
BUG=chromium:628542

Review-Url: https://codereview.chromium.org/2207183002
Cr-Commit-Position: refs/heads/master@{#38317}
2016-08-03 22:55:43 +00:00
gsathya
80329cdd34 [promises] remove duplicate var initialization
BUG=v8:5046

Review-Url: https://codereview.chromium.org/2209773003
Cr-Commit-Position: refs/heads/master@{#38316}
2016-08-03 22:04:13 +00:00
lpy
c9c448c305 Revert of [Tracing] Embed V8 runtime call stats into tracing. (patchset #8 id:140001 of https://codereview.chromium.org/2187693002/ )
Reason for revert:
Mac64 ASAN failure. https://build.chromium.org/p/client.v8/builders/V8%20Mac64%20ASAN/builds/7810/steps/Check/logs/Threading4

Original issue's description:
> [Reland][Tracing] Embed V8 runtime call stats into tracing.
>
> Currently we have V8 RuntimeCallStats that is independently from tracing when
> running d8 with flag --runtime_call_stats. This patch embeds V8 runtime call
> stats into tracing, by having a global table of runtime call counters each
> isolate, resetting the table each time we enter a top level trace event, and
> dumping the table for each top level trace event. This will make trace file more
> compat, as well as enable runtime call stats in tracing system.
>
> This patch adds ~5% overhead to V8 when the category is enabled, we measure the
> overhead by running a script when category is enabled.
>
> BUG=v8:5089
>
> Committed: https://crrev.com/d014866173eaa2b548c566217b2c94b1d49385fa
> Committed: https://crrev.com/1ca3b73bba4a7253ca8eeef39321d70e7d414331
> Cr-Original-Commit-Position: refs/heads/master@{#38270}
> Cr-Commit-Position: refs/heads/master@{#38314}

TBR=cbruni@chromium.org,fmeawad@chromium.org,machenbach@chromium.org,bmeurer@chromium.org,adamk@chromium.org,rmcilroy@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5089

Review-Url: https://codereview.chromium.org/2200373003
Cr-Commit-Position: refs/heads/master@{#38315}
2016-08-03 21:47:10 +00:00
lpy
1ca3b73bba [Reland][Tracing] Embed V8 runtime call stats into tracing.
Currently we have V8 RuntimeCallStats that is independently from tracing when
running d8 with flag --runtime_call_stats. This patch embeds V8 runtime call
stats into tracing, by having a global table of runtime call counters each
isolate, resetting the table each time we enter a top level trace event, and
dumping the table for each top level trace event. This will make trace file more
compat, as well as enable runtime call stats in tracing system.

This patch adds ~5% overhead to V8 when the category is enabled, we measure the
overhead by running a script when category is enabled.

BUG=v8:5089

Committed: https://crrev.com/d014866173eaa2b548c566217b2c94b1d49385fa
Review-Url: https://codereview.chromium.org/2187693002
Cr-Original-Commit-Position: refs/heads/master@{#38270}
Cr-Commit-Position: refs/heads/master@{#38314}
2016-08-03 20:48:38 +00:00
machenbach
276f15d4c1 [build] Enable v8 backtrace on all standalone bots
BUG=

Review-Url: https://codereview.chromium.org/2204593009
Cr-Commit-Position: refs/heads/master@{#38313}
2016-08-03 19:46:16 +00:00
bjaideep
31554f5b03 PPC/s390: Clear exceptions in Invoke instead of JSEntryStub
Port cdae865436

Original commit message:

    A corresponding flag was added as well to help us find out what breaks when we
    do not clear pending exceptions on each JS entry.

R=jgruber@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com

BUG=5259
LOG=N

Review-Url: https://codereview.chromium.org/2208073003
Cr-Commit-Position: refs/heads/master@{#38312}
2016-08-03 18:24:52 +00:00
hpayer
d2cf6e2956 [heap] Temporarily use old live object iterator to investigate Win 10 memory regression.
BUG=chromium:633537

Review-Url: https://codereview.chromium.org/2205373002
Cr-Commit-Position: refs/heads/master@{#38311}
2016-08-03 18:11:43 +00:00
jochen
46f98c7154 Rename internal ParseLazy to DoParseLazy to match DoParseProgram
R=verwaest@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2201093004
Cr-Commit-Position: refs/heads/master@{#38310}
2016-08-03 17:30:56 +00:00
rmcilroy
437cf79455 [Interpreter] Move SharedFunctionInfo creation to finalization step.
Moves the creation of SharedFunctionInfo for function literals to the
finalization step. This is required for bytecode generation to be
performed off-thread.

BUG=v8:5203

Review-Url: https://codereview.chromium.org/2179303005
Cr-Commit-Position: refs/heads/master@{#38309}
2016-08-03 16:43:50 +00:00
bmeurer
b947fff8af [turbofan] Don't generate unnecessary minus zero checks.
When we do a checked conversion from Tagged or Float64 to Int32, we used
to always do a minus zero check, even if we already know that the input
cannot be minus zero. Now we actually do the check only if we have
evidence that the input might be minus zero.

R=epertoso@chromium.org
BUG=v8:4583

Review-Url: https://codereview.chromium.org/2202993005
Cr-Commit-Position: refs/heads/master@{#38308}
2016-08-03 16:36:15 +00:00
weiliang.lin
0872d08b00 [x64]: add cmpps/cmppd instructions
BUG=

Review-Url: https://codereview.chromium.org/2170323002
Cr-Commit-Position: refs/heads/master@{#38307}
2016-08-03 15:25:28 +00:00
sampsong
4ffe9777a0 S390: Enable unaligned accesses and character preloading in regexp.
R=joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com, bjaideep@ca.ibm.com
BUG=

Review-Url: https://codereview.chromium.org/2072863003
Cr-Commit-Position: refs/heads/master@{#38306}
2016-08-03 15:17:52 +00:00
haraken
c8241635f1 Change an output parameter of Maybe<T>::To() from a reference to a pointer
This is a follow-up fix for https://codereview.chromium.org/2194793003/

BUG=

Review-Url: https://codereview.chromium.org/2205203002
Cr-Commit-Position: refs/heads/master@{#38305}
2016-08-03 15:10:23 +00:00
rmcilroy
aacbdacb89 [Crankshaft] Move don't crankshaft check before EnsureDeoptimizationSupport.
Avoids compiling baseline code when the function isn't able to be
optimized by crankshaft.

BUG=chromium:632289

Review-Url: https://codereview.chromium.org/2194453002
Cr-Commit-Position: refs/heads/master@{#38304}
2016-08-03 15:02:38 +00:00
alph
09954144b0 Remove non essential weak next_* links from the heap snapshot.
Remove the 'next' link for Code, JSFunction, and Context.

Review-Url: https://codereview.chromium.org/2209673002
Cr-Commit-Position: refs/heads/master@{#38303}
2016-08-03 15:02:37 +00:00
mstarzinger
827b1f412b [stubs] Turn FastCloneRegExpStub into a TurboFan code stub.
R=danno@chromium.org
BUG=chromium:608675

Review-Url: https://codereview.chromium.org/2207553002
Cr-Commit-Position: refs/heads/master@{#38302}
2016-08-03 14:51:25 +00:00
klaasb
8097eeb9f2 [interpreter] Add CreateFunctionContext bytecode
Add a new bytecode to create a function context. The handler inlines
FastNewFunctionContextStub.

BUG=v8:4280
LOG=n

Review-Url: https://codereview.chromium.org/2187523002
Cr-Commit-Position: refs/heads/master@{#38301}
2016-08-03 14:43:26 +00:00
jgruber
588eefef6d Fix a double-throw in JSReceiver::DefineProperties
If ToObject() has thrown, do not throw another exception. The reason
this does not currently fail is that 1. Errors used to be created
through JS natives, and 2. the JSEntryStub clears any pending
exceptions. So, when calling into JS to create the new error, the old
exception was cleared.

BUG=5259

Review-Url: https://codereview.chromium.org/2208683002
Cr-Commit-Position: refs/heads/master@{#38300}
2016-08-03 14:43:25 +00:00
cbruni
ce49c32973 [api] Add v8::Object::SetAlignedPointerInInternalFields
This new API function allows for setting several internal fields at once.
By avoiding crossing the API each time for setting an internal property we
can speed up the wrapper creation which has to set two fields for every new
object.

BUG=chromium:630217

Review-Url: https://codereview.chromium.org/2185963002
Cr-Commit-Position: refs/heads/master@{#38299}
2016-08-03 14:39:34 +00:00
hpayer
33fab42ed3 [heap] Jump over one word fillers in LiveObjectIterator
BUG=chromium:630386

Review-Url: https://codereview.chromium.org/2210493002
Cr-Commit-Position: refs/heads/master@{#38298}
2016-08-03 14:31:32 +00:00
caitp
c4ee3d9474 [builtins] fix mapcheck in Array.includes fast-case when searching for String
Use LoadInstanceType() rather than LoadMapInstanceType(), as this part of the
code is operating on a JS-accessible HeapObject rather than a Map.

BUG=chromium:633883, v8:5162
R=mstarzinger@chromium.org, bmeurer@chromium.org

Review-Url: https://codereview.chromium.org/2207903002
Cr-Commit-Position: refs/heads/master@{#38297}
2016-08-03 14:27:38 +00:00
jgruber
14061979f7 Port the second Factory::NewError variant
BUG=

Review-Url: https://codereview.chromium.org/2210463002
Cr-Commit-Position: refs/heads/master@{#38296}
2016-08-03 13:57:31 +00:00
jgruber
2fc2bbdd41 Move ErrorToString to runtime
BUG=

Review-Url: https://codereview.chromium.org/2206183002
Cr-Commit-Position: refs/heads/master@{#38295}
2016-08-03 13:53:43 +00:00
jgruber
03924dbf90 Move FormatStackTrace to ErrorUtils
BUG=

Review-Url: https://codereview.chromium.org/2206203002
Cr-Commit-Position: refs/heads/master@{#38294}
2016-08-03 13:49:55 +00:00
bbudge
b3ba7b8136 [Turbofan] Make RegisterAllocatorVerifier tolerant of shared slots.
LOG=N
BUG=V8:5187

Review-Url: https://codereview.chromium.org/2205093002
Cr-Commit-Position: refs/heads/master@{#38293}
2016-08-03 13:49:54 +00:00
jgruber
cdae865436 Clear exceptions in Invoke instead of JSEntryStub
A corresponding flag was added as well to help us find out what breaks when we
do not clear pending exceptions on each JS entry.

BUG=5259

Review-Url: https://codereview.chromium.org/2208663002
Cr-Commit-Position: refs/heads/master@{#38292}
2016-08-03 13:40:04 +00:00
jochen
7036d96b57 Add a mode to completely deserialize scope chains
This will allow for the background parser to parse inner functions

BUG=v8:5215
R=marja@chromium.org,verwaest@chromium.org

Review-Url: https://codereview.chromium.org/2198043002
Cr-Commit-Position: refs/heads/master@{#38291}
2016-08-03 13:31:04 +00:00
bmeurer
cf4b9307ad [turbofan] Consume SignedSmall feedback for number operations.
So far we treated SignedSmall and Signed32 feedback the same for number
operations. However it would be beneficial to generate (a lot) less code
if we only do a Smi check on the inputs instead of doing the full Smi +
HeapNumber + conversion check that we need to do for Signed32 feedback.

R=epertoso@chromium.org
BUG=v8:4583

Review-Url: https://codereview.chromium.org/2207893002
Cr-Commit-Position: refs/heads/master@{#38290}
2016-08-03 12:47:53 +00:00
jgruber
d48170dbf5 Move NoSideEffectToString to C++
BUG=

Review-Url: https://codereview.chromium.org/2206573002
Cr-Commit-Position: refs/heads/master@{#38289}
2016-08-03 12:22:23 +00:00
mstarzinger
fa1fd5a600 [turbofan] Remove deprecated FrameStateBeforeAndAfter.
The helper class in question is no longer needed now that frame states
representing the "before" state is not attached to nodes anymore. They
are represented by appropriate {Checkpoint} nodes in the graph now.

R=bmeurer@chromium.org
BUG=v8:5021

Review-Url: https://codereview.chromium.org/2205243002
Cr-Commit-Position: refs/heads/master@{#38288}
2016-08-03 12:14:32 +00:00
cbruni
bdb4e2cb4c [api] Fix possible OOB when using SetAndGrow
R=jkummerow@chromium.org
BUG=chromium:630217

Review-Url: https://codereview.chromium.org/2201023004
Cr-Commit-Position: refs/heads/master@{#38287}
2016-08-03 11:47:00 +00:00
neis
f813494fcc [debug] Don't notify listener of exceptions internal to a desugaring.
In the parser, we desugar yield* with the help of a regular yield. One
particular implementation detail of this desugaring is that when the user calls
the generator's throw method, this throws an exception that we immediately
catch. This exception should not be visible to the user, but through Devtools'
"Pause on Caught Exceptions" feature it used to be.

This CL extends the type of catch predictions with a new value for such internal
exceptions and uses that for the offending try-catch statement in yield*.  It
instruments the debugger to _not_ trigger an exception event in that case.

R=yangguo@chromium.org
TBR=littledan@chromium.org
BUG=v8:5218

Review-Url: https://codereview.chromium.org/2203803002
Cr-Commit-Position: refs/heads/master@{#38286}
2016-08-03 11:27:49 +00:00
alph
b123476bcb Bring heap snapshot Map iterator up to date.
1. Do not mark code_cache as a weak container.
2. Support layout_descriptor field.

Review-Url: https://codereview.chromium.org/2204133002
Cr-Commit-Position: refs/heads/master@{#38285}
2016-08-03 11:01:58 +00:00
epertoso
a86397d890 [turbofan] Reduces x << y ^ x >>> (32 - y) to x ror (32 - y).
The MachineOperatorReducer was only reducing word32 expressions of the type x << y | x >>> (32 - y) (and variants) to the equivalent Word32Ror. This CL applies the same pattern-matching logic to Word32Xor.

BUG=

Review-Url: https://codereview.chromium.org/2199323003
Cr-Commit-Position: refs/heads/master@{#38284}
2016-08-03 10:58:07 +00:00
bmeurer
66e96fc9d7 [turbofan] Unify number operation typing rules.
Move all the typing rules for unary and binary number operations to the
OperationTyper and use them for both the regular Typer as well as the
retyper that runs as part of SimplifiedLowering.

R=epertoso@chromium.org

Review-Url: https://codereview.chromium.org/2202883005
Cr-Commit-Position: refs/heads/master@{#38283}
2016-08-03 10:43:01 +00:00
mstarzinger
cc1e84b96c [turbofan] Remove eager frame state from all nodes.
This completely removes the ability from nodes to point directly to the
frame state representing their eager bailout point. All nodes now either
have zero or one frame state inputs. These frame states can by now be
found via checkpoints in the graph.

R=bmeurer@chromium.org
BUG=v8:5021

Review-Url: https://codereview.chromium.org/2020323004
Cr-Commit-Position: refs/heads/master@{#38282}
2016-08-03 10:39:09 +00:00
mlippautz
3458111863 [heap] Remove allocation step from FreeList::Allocate
This avoids double accounting since we also have the call in the bottleneck.

R=hpayer@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2206623003
Cr-Commit-Position: refs/heads/master@{#38281}
2016-08-03 10:39:08 +00:00
mstarzinger
0c8e3cea4b [turbofan] Remove eager frame state from bitwise ops.
This removes the frame state input representing the before-state from
nodes having any int32 bitwise operator. Lowering that inserts number
conversions of the inputs has to be disabled when deoptimization is
enabled, because the frame state layout is no longer known.

R=epertoso@chromium.org
BUG=v8:5021,v8:4746

Review-Url: https://codereview.chromium.org/2194383004
Cr-Commit-Position: refs/heads/master@{#38280}
2016-08-03 08:38:51 +00:00
cbruni
60f9e60be0 [api] Fix IsSimpleInstantion check in InstantiatObject
We have a simple instantiation at hand if the new.target is from the same
context, not the other way around.

BUG=chromium:630217

Review-Url: https://codereview.chromium.org/2201113002
Cr-Commit-Position: refs/heads/master@{#38279}
2016-08-03 07:52:39 +00:00
yangguo
25c0501c8f [inspector] fix GYP/MSVS build warnings.
R=machenbach@chromium.org

Review-Url: https://codereview.chromium.org/2206943002
Cr-Commit-Position: refs/heads/master@{#38278}
2016-08-03 07:46:56 +00:00
jochen
2f8d4f4425 Do an access check before compiling code via eval()
Similarly to how we check whether the entered context has access to the target
context when invoking the function constructor, we should check the involved
contexts before invoking eval().

I forgot to add this in the initial CL that adds the check for the function
constructor. Move the code to a common location, and use it for the GlobalEval
builtin as well.

BUG=chromium:541703
R=verwaest@chromium.org

Review-Url: https://codereview.chromium.org/2199343002
Cr-Commit-Position: refs/heads/master@{#38277}
2016-08-03 07:42:53 +00:00
jgruber
8592c450a6 Fix an OOB read through CallSite.GetFunctionName
The func_index parameter passed to GetWasmFunctionNameFromTable can be
user-controlled through the CallSite constructor. Catch out-of-bounds
reads and return null as the function name in such cases.

This applies to the 5.3 branch and will be reverted on TOT in a bit.

BUG=632965

Review-Url: https://codereview.chromium.org/2199333002
Cr-Commit-Position: refs/heads/master@{#38276}
2016-08-03 07:35:24 +00:00