Commit Graph

40488 Commits

Author SHA1 Message Date
Michael Starzinger
fea10e322f [turbofan] Remove dead (and scary) {OsrHelper} constructor.
R=neis@chromium.org

Change-Id: I23298e2c0adcfdc4e6e963e98cde641bef9cdb5b
Reviewed-on: https://chromium-review.googlesource.com/539296
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45996}
2017-06-19 10:31:10 +00:00
Michael Starzinger
5524aca31a [crankshaft] Remove dead {TypeFeedbackOracle}.
R=mvstanton@chromium.org
BUG=v8:6408

Change-Id: I228d276670a3540cdc593442ae79084b84a915d3
Reviewed-on: https://chromium-review.googlesource.com/538617
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45995}
2017-06-19 10:28:00 +00:00
Wiktor Garbacz
de9269f3c3 Reland#2 [parser] Refactor streaming scanner streams.
Unify, simplify logic, reduce UTF8 specific handling.

Intend of this is also to have stream views.
Stream views can be used concurrently by multiple threads, but
only one thread may fetch new data from the underlying source.
This together with unified stream view creation is intended to be
used for parse tasks.

BUG=v8:6093

Change-Id: I83c6f1e6ad280c28da690da41c466dfcbb7915e6
Reviewed-on: https://chromium-review.googlesource.com/535474
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45994}
2017-06-19 10:18:01 +00:00
jarin
d6c9e534c8 [ic] Make prototypes fast when storing through keyed store IC.
Toon suggested this as a mitigation to the problem of prototype fast mode switching invalidating prototype chain validity cell, and thus sending keyed store ICs to megamorphic state.

BUG=chromium:723479

Review-Url: https://codereview.chromium.org/2943313002
Cr-Commit-Position: refs/heads/master@{#45993}
2017-06-19 10:17:30 +00:00
hpayer
0d2ed6c328 [heap] Allow a minimum semi-space size of 512K.
This CL also reduces the minimum semi-space size to 512K.

BUG=chromium:716032
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_rel_ng

Review-Url: https://codereview.chromium.org/2942543002
Cr-Commit-Position: refs/heads/master@{#45992}
2017-06-19 10:16:13 +00:00
Michael Starzinger
bc717ae84b [ast] Remove BailoutId and TypeFeedbackId from AST.
This removes both {BailoutId} as well as {TypeFeedbackId} numbers from
almost all AST nodes. The only exception are {IterationStatement} nodes
which still require an ID for on-stack replacement support.

R=verwaest@chromium.org
BUG=v8:6409

Change-Id: I5f7b7673ae5797b9cbc9741144d304f0d31d4446
Reviewed-on: https://chromium-review.googlesource.com/538792
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45991}
2017-06-19 09:01:03 +00:00
Georg Neis
f626d5df7e [compiler] Make OsrHelper a member of PipelineData.
... in order to avoid creating an OsrHelper during code assembly,
because its constructor accesses the heap.

Bug: v8:6048
Change-Id: I3bf592a5a0f91752a9f5ec35982f962445512bb7
Reviewed-on: https://chromium-review.googlesource.com/530370
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45990}
2017-06-19 08:14:23 +00:00
bmeurer
53b6f27674 [turbofan] Do constant-folding of JSHasInPrototypeChain early.
We need to constant-fold JSHasInPrototypeChain nodes early during
inlining, otherwise we already miss a couple of optimization
opportunities if we wait until after typing. This moves the
constant-folding part of the JSHasInPrototypeChain lowering back to
JSNativeContextSpecialization, where it was before the changes in
https://codereview.chromium.org/2934893002 (part of
JSOrdinaryHasInstance lowering back then).

BUG=v8:5269,v8:5989,v8:6483,chromium:733158
R=jgruber@chromium.org

Review-Url: https://codereview.chromium.org/2943293002
Cr-Commit-Position: refs/heads/master@{#45989}
2017-06-19 08:00:07 +00:00
bmeurer
a9b9c7ab8c [objects] Relax JSBoundFunction verification.
The heap verifier does certain invariant checks on JSBoundFunction
objects, i.e. it assumes that the bound_target_function is a proper
JSReceiver. The Deoptimizer cannot maintain this invariant, because it
first allocates the JSBoundFunction in an invalid state and only
afterwards fix up the state. But the GC (and thus the heap verifier)
can observe this invalid state why materializing field values, so
we need to relax the verification slightly.

BUG=chromium:729573,chromium:732176
R=mstarzinger@chromium.org

Review-Url: https://codereview.chromium.org/2933283002
Cr-Commit-Position: refs/heads/master@{#45988}
2017-06-19 07:09:06 +00:00
v8-autoroll
8a32788f39 Update V8 DEPS.
Rolling v8/build: c6f78e9..bf51d56

Rolling v8/third_party/catapult: 59a182b..57e600c

Rolling v8/tools/clang: a248bd9..7659b77

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Change-Id: Ifc9e2d8d7e1f2a1b223ffa3b20d55b1880eb88e7
Reviewed-on: https://chromium-review.googlesource.com/538261
Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45987}
2017-06-19 03:26:50 +00:00
Sathya Gunasekaran
0831927a33 [Collections] Implement OrderedHashMap::Add
Bug: v8:5717
Change-Id: I6bed5f36b7d32cd893c4d1cb1bcc9f21b7fac2f1
Reviewed-on: https://chromium-review.googlesource.com/527932
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45986}
2017-06-17 00:51:03 +00:00
Leszek Swirski
86b3b92230 [profiler] Don't cast bytecode array to avoid heap DCHECKs
When iterating over stack frames in the cpu profiler, don't perform any
object casts that have heap-testing DCHECKs. Instead, access values on
the frame by offsets directly, and only check their tags for validity.

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ia54b18f8ab947c1827f17483806104f0d1d34136
Reviewed-on: https://chromium-review.googlesource.com/536973
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45985}
2017-06-16 17:02:56 +00:00
Toon Verwaest
8bc4fe57a4 [runtime] Get rid of unnecessary DictionaryDetailsAtPut
Bug: 
Change-Id: I87b2c33dbf537aae949b25b2cd56fd20985e5980
Reviewed-on: https://chromium-review.googlesource.com/538659
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45984}
2017-06-16 16:25:04 +00:00
Toon Verwaest
e94a97ffb8 [runtime] Drop unnecessary NameDictionaryBase
This class contained a by-now unnecessary optimization of FindEntry. Since we always deal with internalized names by now anyway, there's no need to micro-optimize locally (it's a nop).

Bug: 
Change-Id: I5a0046bcd23e2cb77c5902e850bac6211bd5518f
Reviewed-on: https://chromium-review.googlesource.com/538581
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45983}
2017-06-16 16:07:48 +00:00
Mythri
18d05c8727 [Interpreter] Refactor arithmetic bytecode handlers.
The Smi versions of arithmetic bytecodes (AddSmi, SubSmi, MulSmi,
DivSmi, ModSmi) have a fast path for Smi case and call to a builtin
on the slow path. However, this builtin is only used by these bytecode
handlers. This cl removes the builtins and inlines them into
bytecode handlers. This will also save few checks in the slow-path.

Subtract, multiply, divide and modulus also share the same checks to 
collect type feedback on several cases. This cl also refactors them
to share the same code.

Also removed a couple of TODOs that are no longer relevant.

Bug: v8:4280, v8:6474
Change-Id: Id23bd61c2074564a1beacb0632165f52370ff226
Reviewed-on: https://chromium-review.googlesource.com/530845
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45982}
2017-06-16 14:39:52 +00:00
Camillo Bruni
c2c4de293f [runtime] Handle deprecated boilerplate maps correctly
With the introduction of the fast-cloning double fields in the CSA stub for
literals we forgot to check for deprecated maps. As a result every subsequent
IC-miss would have to migrate the objects from such boilerplates.

This CL makes sure we don't use the deprecated map when copying boilerplates,
thus restoring the original behavior.

Bug: v8:6211 chromium:728682
Change-Id: If9ea1e0c5c6fb4236cb7a82ea33306a600925ac3
Reviewed-on: https://chromium-review.googlesource.com/538677
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45981}
2017-06-16 12:51:10 +00:00
Camillo Bruni
2850bdd727 [CSA] Use IsHeapNumber helper in older CSA code
Change-Id: I224ea998eccf8fa18766b71962d487bb02768c78
Reviewed-on: https://chromium-review.googlesource.com/518146
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45980}
2017-06-16 12:06:18 +00:00
Camillo Bruni
1539f12568 [CSA] Use IsSetWord32 and IsClearWord32 helpers
Change-Id: If9debcecd714494e24adf895eb077d5ba51528d2
Reviewed-on: https://chromium-review.googlesource.com/535619
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45979}
2017-06-16 11:51:04 +00:00
Michael Starzinger
e48a2ef590 [crankshaft] Remove HOptimizedGraphBuilder and friends.
R=jarin@chromium.org
BUG=v8:6408

Change-Id: I1bc4f8f5ba37cf8a3632939356f56231ccc3226f
Reviewed-on: https://chromium-review.googlesource.com/535458
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45978}
2017-06-16 11:45:34 +00:00
Tobias Tebbi
a969ab67f8 [turbofan] teach escape analysis about oddly occurring NumberLessThan node
Bug: chromium:733181
Change-Id: If5b0bc8592ba71962237814ad521499afda22edf
Reviewed-on: https://chromium-review.googlesource.com/538653
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45977}
2017-06-16 11:00:40 +00:00
Michael Lippautz
c4ca06f3dc [heap] Cleanup page initialization
Remove dead code on the way.

Bug: v8:6474
Change-Id: I7edb4277bc53ee92edf9523b943492782ec6efac
Reviewed-on: https://chromium-review.googlesource.com/538652
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45976}
2017-06-16 10:53:40 +00:00
Camillo Bruni
015edc60ff [runtime] Don't store object literal boilerplates on first run
Storing the boilerplate on the first run leads to memory ovehead for code
that is run only once. Hence we directly return the creating literal on the
first run and only start creating copies from the second run on.

Bug: v8:6211
Change-Id: I69b96d124a5b594b991fdbcc76dbf935d973ffad
Reviewed-on: https://chromium-review.googlesource.com/530688
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45975}
2017-06-16 10:43:19 +00:00
Mythri
97b8ab3342 Reset profiler ticks when the type feedback changes.
Profiler ticks are reset when the type feedback changes for Load / Store ICs.
This cl extends this to other operations as well. This allows us to tier up
functions when the feedback vectors are stable. This is the first step for
a set of follow up cls that will change the heuristics used in
runtime-profiler.

Bug: 
Change-Id: I875209712c6161e425a03475c14890a49155c0e1
Reviewed-on: https://chromium-review.googlesource.com/529165
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45974}
2017-06-16 09:41:27 +00:00
jarin
126451d319 [turbofan] Refactor property access building.
This is in preparation for lowering monomorphic loads during graph building.

This essentially moves the parts that will be shared to a separate class/file
(proparty-access-builder.(cc|h)).

I should say that we will not want to do accessor inlining during graph
building because that would require us to create frame states
(which is the thing we would like to avoid doing).

Review-Url: https://codereview.chromium.org/2936673005
Cr-Commit-Position: refs/heads/master@{#45973}
2017-06-16 09:34:04 +00:00
Michael Starzinger
e47f37ebd0 [runtime] Fix detection of construct frames in stack traces.
This removes the heuristic from {JSStackFrame::IsConstructor} that tried
to infer whether a frame was called as a constructor or not from the
receiver value. We are now carrying along the appropriate bit derived
from the frame type instead.

R=jgruber@chromium.org
TEST=message/regress/regress-5727
BUG=v8:5727

Change-Id: I0e2f1d0f95485c84c4ebcd3cbfe0123c6afd2e01
Reviewed-on: https://chromium-review.googlesource.com/500313
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45972}
2017-06-16 09:27:36 +00:00
Ulan Degenbaev
d5dd51ae6d [heap] Refactor SlotSet atomics.
This patch makes the SlotSet bucket type non-atomic by default
and explicitly converts buckets to Atomic32/AtomicWord for each
operation.

Change-Id: Ifaa60a53eb68ca579185be23e379995aeeabe343
Reviewed-on: https://chromium-review.googlesource.com/535481
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45971}
2017-06-16 08:47:13 +00:00
Michael Lippautz
80781b03a4 [heap/platform] Release unused over reserved memory
Affects the Windows case where we over reserve for alignment reasons but
actually already get aligned memory.

Implemented on allocator level to potentially cover other platforms as
well.

Bug: 
Change-Id: I4859451f157e1e363db27413a43345fdd1990a06
Reviewed-on: https://chromium-review.googlesource.com/535454
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45970}
2017-06-16 08:46:03 +00:00
Camillo Bruni
0fa7998222 [printing] Improve JSFunction printing
Change-Id: Ia209def2faef1f765f74dc153fd8b4800c25be17
Reviewed-on: https://chromium-review.googlesource.com/521063
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45969}
2017-06-16 08:37:33 +00:00
v8-autoroll
cbf5738a7c Update V8 DEPS.
Rolling v8/build: 3ab6155..c6f78e9

Rolling v8/buildtools: b53a03d..ee9c3a7

Rolling v8/tools/clang: b7068ad..a248bd9

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Change-Id: I3b501ec3151ba17a417a6e0876437b49e6a8435a
Reviewed-on: https://chromium-review.googlesource.com/538234
Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45968}
2017-06-16 03:36:53 +00:00
gdeepti
1ff3e7ea33 [wasm] Increase WebAssembly.Memory maximum size to 2GB
BUG=v8:6478, chromium:729768

R=bradnelson@chromium.org, eholk@chromium.org

Review-Url: https://codereview.chromium.org/2903153002
Cr-Original-Commit-Position: refs/heads/master@{#45931}
Committed: 7e6ed62071
Review-Url: https://codereview.chromium.org/2903153002
Cr-Commit-Position: refs/heads/master@{#45967}
2017-06-16 03:35:09 +00:00
Adam Klein
431abca0ca Revert "[builtins] Move most WeakMap/WeakSet code from JS to C++ builtins"
This reverts commit 8196e10265.

Reason for revert: Performance regression due to hashcode lookup.

Original change's description:
> [builtins] Move most WeakMap/WeakSet code from JS to C++ builtins
> 
> They were already implemented mostly in C++ (only error/negative
> cases were handled in script), so this is mostly just a cleanup.
> Only the constructors remain in script after this CL.
> 
> Bug: v8:6354
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: I5b3579337a8e33dc30d49c2da5cfd42baec697bb
> Reviewed-on: https://chromium-review.googlesource.com/531670
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Commit-Queue: Adam Klein <adamk@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#45924}

TBR=adamk@chromium.org,cbruni@chromium.org,gsathya@chromium.org
Bug: v8:6354, chromium:733238
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng

Change-Id: Ia5a741b9587886298f3ca057f6a6adeba556b8e0
Reviewed-on: https://chromium-review.googlesource.com/537207
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45966}
2017-06-15 22:04:38 +00:00
Sathya Gunasekaran
bc2c785c20 [parser] Better error message when destructuring against undefined/null
Previously, when destructuring against null or undefined we would
print:

  d8> var { x } = null
  (d8):1: TypeError: Cannot match against 'undefined' or 'null'.
  var { x } = null
  ^
  TypeError: Cannot match against 'undefined' or 'null'.
      at (d8):1:1


The above message uses the term "match" which isn't a common term in
JavaScript to describe destructuring. This message also doesn't
provide the name of the property that fails destructuring.

This patch changes the error message to be:

  d8> var { x } = null;
  (d8):1: TypeError: Cannot destructure property `x` of 'undefined' or 'null'.
  var { x } = null;
        ^
  TypeError: Cannot destructure property `x` of 'undefined' or 'null'.
      at (d8):1:1

This patch changes the message to say "destructure" instead of "match".

This patch adds support for printing property names that are string
literals. We iterate through every property and pick the first string
literal property name if it exists. This provides at least some
feedback to the developer.

This patch also makes the pointer point to the position of the
property name that fails destructuring.

For computed and numeric property names, we print a generic error:
  d8> var { 1: x } = null
  (d8):1: TypeError: Cannot destructure against 'undefined' or 'null'.
  var { 1: x } = null
  ^
  TypeError: Cannot destructure against 'undefined' or 'null'.
      at (d8):1:1

Bug: v8:6499
Change-Id: I35b1ac749489828686f042975294b9926e2dfc53
Reviewed-on: https://chromium-review.googlesource.com/537341
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45965}
2017-06-15 21:52:58 +00:00
Adam Klein
390ad8c5c7 [bootstrapper|cleanup] Simplify creation of Atomics object
The Atomics object is a normal object, just like Math, JSON, etc., so
we should be able to set it up in the same way those are set up
since cff5470a62.

Change-Id: I46a9ba990707c0659f1a62f628b2c69204e536f8
Reviewed-on: https://chromium-review.googlesource.com/537076
Reviewed-by: Ben Smith <binji@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45964}
2017-06-15 20:38:08 +00:00
Adam Klein
cff5470a62 [cleanup] Modernize creation of JSON, Math, and Intl objects
Before this patch, those builtin objects all used a strange-looking
pattern for creation that involved creating a new constructor
function (likely in order to get their ES5 [[Class]] set
appropriately).

But in modern times, with @@toStringTag as the mechanism of returning
the correct toString value, there should be no need for those extra
hoops, so simply use the Object constructor instead.

Change-Id: Id841dace26bf71f73ec25a71f1297d502438b27c
Reviewed-on: https://chromium-review.googlesource.com/533922
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45963}
2017-06-15 18:24:02 +00:00
Adam Klein
405fafb838 [runtime|cleanup] Remove implementation of unreachable runtime functions
Change-Id: Ie4d21d2fc10db40efb42d66c9438ce3f3f01ce79
Reviewed-on: https://chromium-review.googlesource.com/533804
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45962}
2017-06-15 18:22:58 +00:00
Georg Neis
e53fdff9da [modules] Fix setting variables via debug-scopes.
I incorrectly assumed that ScopeIterator::SetModuleVariableValue gets called
when the frame is the module function.

R=jgruber@chromium.org, kozyatinskiy@chromium.org

Bug: v8:1569, v8:6484
Change-Id: I1fbad8ccde57280149547c78e679527f7a0c89dd
Reviewed-on: https://chromium-review.googlesource.com/535620
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45961}
2017-06-15 15:46:48 +00:00
Leszek Swirski
920796b3a4 Revert "[frames] Make interpreted frame detection stricter (reland)"
This reverts commit b7a036a6f1.

Reason for revert: We don't want to ever access the heap when walking the stack

Original change's description:
> [frames] Make interpreted frame detection stricter (reland)
> 
> When iterating over stack frames, make the interpreted frame detection
> require that the frame header contains the bytecode array.
> 
> Currently, the stack frame iterator supports bytecode handlers that
> don't create stack frames by checking if the top of the stack (i.e. the
> return address) is the interpreter entry trampoline. However, optimized
> code tail called from the interpreter entry trampoline can move the
> stack pointer without clearing the stack, which means it can end up with
> a pointer into the interpreter entry trampoline on the top of its stack
> (in an uninitialized value), and be interpreted as an interpreted frame.
> 
> To avoid such optimized code frames being interpreted as interpreted
> frames, we now additionally test the frame header, to see if it contains
> a valid pointer to a BytecodeArray.
> 
> Reland of https://chromium-review.googlesource.com/c/535646/
> 
> Change-Id: Iefbf305c9e4b43bebd2fc111663671d2b675e64a
> Reviewed-on: https://chromium-review.googlesource.com/536935
> Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#45959}

TBR=kozyatinskiy@chromium.org,leszeks@chromium.org

Change-Id: I52a62c8e11af4d1565af92f10113b955f8c2c2f2
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/536938
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45960}
2017-06-15 15:16:10 +00:00
Leszek Swirski
b7a036a6f1 [frames] Make interpreted frame detection stricter (reland)
When iterating over stack frames, make the interpreted frame detection
require that the frame header contains the bytecode array.

Currently, the stack frame iterator supports bytecode handlers that
don't create stack frames by checking if the top of the stack (i.e. the
return address) is the interpreter entry trampoline. However, optimized
code tail called from the interpreter entry trampoline can move the
stack pointer without clearing the stack, which means it can end up with
a pointer into the interpreter entry trampoline on the top of its stack
(in an uninitialized value), and be interpreted as an interpreted frame.

To avoid such optimized code frames being interpreted as interpreted
frames, we now additionally test the frame header, to see if it contains
a valid pointer to a BytecodeArray.

Reland of https://chromium-review.googlesource.com/c/535646/

Change-Id: Iefbf305c9e4b43bebd2fc111663671d2b675e64a
Reviewed-on: https://chromium-review.googlesource.com/536935
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45959}
2017-06-15 13:57:03 +00:00
v8-autoroll
8f74122165 Update V8 DEPS.
Rolling v8/build: 4280b28..3ab6155

Rolling v8/third_party/catapult: 597f96e..59a182b

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Change-Id: Idaf4f74956b999fe846a21efb85850e50e619bbb
Reviewed-on: https://chromium-review.googlesource.com/536514
Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45958}
2017-06-15 03:26:39 +00:00
jshin
4aeb94a42d Use ICU for ID_START, ID_CONTINUE and WhiteSpace check
Use ICU to check ID_Start, ID_Continue and WhiteSpace even for BMP
when V8_INTL_SUPPORT is on (which is default).

Change LineTerminator::Is() to check 4 code points from
ES#sec-line-terminators instead of using tables and Lookup function.

Remove Lowercase::Is(). It's not used anywhere.

Update webkit/{ToNumber,parseFloat}.js to have the correct expectation
for U+180E and the corresponding expected files. This is a follow-up to
an earlier change ( https://codereview.chromium.org/2720953003 ).

CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_win_dbg,v8_mac_dbg;master.tryserver.chromium.android:android_arm64_dbg_recipe
CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_linux_noi18n_rel_ng

BUG=v8:5370,v8:5155
TEST=unittests --gtest_filter=CharP*
TEST=webkit: ToNumber, parseFloat
TEST=test262: built-ins/Number/S9.3*, built-ins/parse{Int,Float}/S15*
TEST=test262: language/white-space/mong*
TEST=test262: built-ins/String/prototype/trim/u180e
TEST=mjsunit: whitespaces

Review-Url: https://codereview.chromium.org/2331303002
Cr-Commit-Position: refs/heads/master@{#45957}
2017-06-14 20:32:49 +00:00
Jaideep Bajwa
8e646bd08c PPC: [heap] Make write barrier safe for the concurrent marker.
Port bd3d091dba

Original Commit Message:

    With concurrent marking the write barrier should trigger even if the
    object is black because the concurrent marker could have fetched
    object field before marking the object black.

R=ulan@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=chromium:694255
LOG=N

Change-Id: I3e3b5b467ab3c2eca45ac8d85523c8af4f5f5d4b
Reviewed-on: https://chromium-review.googlesource.com/535736
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Jaideep Bajwa <bjaideep@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#45956}
2017-06-14 16:59:49 +00:00
Ulan Degenbaev
74aa3ad011 [heap] Add trivial BodyDescriptorWeak for objects without weak fields.
This patch also changes the visitor of BytecodeArray to use
BytecodeArray::BodyDescriptor.

BUG=chromium:733159

Change-Id: I2ac72c97ec51996b5b100c447b543895180f4f78
Reviewed-on: https://chromium-review.googlesource.com/535674
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45955}
2017-06-14 16:01:16 +00:00
Leszek Swirski
8b5fe28cce Revert "[frames] Make interpreted frame detection stricter"
This reverts commit f577b2bb38.

Reason for revert: Failure on https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20verify%20csa/builds/1978

Original change's description:
> [frames] Make interpreted frame detection stricter
> 
> When iterating over stack frames, make the interpreted frame detection
> require that the frame header contains the bytecode array.
> 
> Currently, the stack frame iterator supports bytecode handlers that
> don't create stack frames by checking if the top of the stack (i.e. the
> return address) is the interpreter entry trampoline. However, optimized
> code tail called from the interpreter entry trampoline can move the
> stack pointer without clearing the stack, which means it can end up with
> a pointer into the interpreter entry trampoline on the top of its stack
> (in an uninitialized value), and be interpreted as an interpreted frame.
> 
> To avoid such optimized code frames being interpreted as interpreted
> frames, we now additionally test the frame header, to see if it contains
> a BytecodeArray.
> 
> Change-Id: I4bafcf0f7ce3c973a2e5a312f054d72312bb8a70
> Reviewed-on: https://chromium-review.googlesource.com/535646
> Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#45951}

TBR=kozyatinskiy@chromium.org,leszeks@chromium.org

Change-Id: Icc009cf97b816f6c33574782ed9ab473387886c9
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/535478
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45954}
2017-06-14 16:00:13 +00:00
Toon Verwaest
f719f772f0 Drop invalid DCHECK, hashes can be 0
Bug: chromiume:733118
Change-Id: Ic144342d86fc84bf5c4700cec357ac8f3c6b2cb3
Reviewed-on: https://chromium-review.googlesource.com/535522
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45953}
2017-06-14 15:44:57 +00:00
Michael Lippautz
21389501f5 [heap] Fix adjusting of area end when shrinking large pages
Bug: chromium:733059, chromium:724947
Change-Id: Id7abc22ee0975cd609cc06a02552f68e9e0077e8
Reviewed-on: https://chromium-review.googlesource.com/535596
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45952}
2017-06-14 15:18:01 +00:00
Leszek Swirski
f577b2bb38 [frames] Make interpreted frame detection stricter
When iterating over stack frames, make the interpreted frame detection
require that the frame header contains the bytecode array.

Currently, the stack frame iterator supports bytecode handlers that
don't create stack frames by checking if the top of the stack (i.e. the
return address) is the interpreter entry trampoline. However, optimized
code tail called from the interpreter entry trampoline can move the
stack pointer without clearing the stack, which means it can end up with
a pointer into the interpreter entry trampoline on the top of its stack
(in an uninitialized value), and be interpreted as an interpreted frame.

To avoid such optimized code frames being interpreted as interpreted
frames, we now additionally test the frame header, to see if it contains
a BytecodeArray.

Change-Id: I4bafcf0f7ce3c973a2e5a312f054d72312bb8a70
Reviewed-on: https://chromium-review.googlesource.com/535646
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45951}
2017-06-14 15:16:51 +00:00
Alexey Kozyatinskiy
c2a7550f47 [inspector] expose module variables for Debugger.evaluateOnCallFrame method
Context::Lookup method should support Module variables.

Bug: chromium:717670
Change-Id: I58d3448b9048c7f9dd7ab8b720803b3503cf91ae
Reviewed-on: https://chromium-review.googlesource.com/519389
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45950}
2017-06-14 14:58:12 +00:00
Pierre Langlois
30a29fa26d [arm] Cleanup addrmod1 encoding and Operand class
This cleanup is the result of trying to modify the `Assembler::addrmod1` method
and realising it's very easy to break it. It handles three groups of
instructions with different operands and uses `r0` when a register is not used:

- General case:            rd, rn, (rm|rm shift #imm|rm shift rs)
- Comparison instructions:     rn, (rm|rm shift #imm|rm shift rs)
- Move instructions        rd,     (rm|rm shift #imm|rm shift rs)

Let's use `no_reg` instead of `r0` with explicit checks and assertions so that
it's clear this method is used with multiple types of instructions.
Additionaly, keep the order of operands as "rd", "rn", "rm".

As drive-by fixes, I've taken the opportunity to add a few helper methods to the
`Operand` class.

Bug: 
Change-Id: If8140d804bc90dea1d3c186b3cee54297f91462a
Reviewed-on: https://chromium-review.googlesource.com/531284
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45949}
2017-06-14 14:02:17 +00:00
georgia.kouveli
51a6789bed [arm64] Fix assertion in IsImmLLiteral and enable literal pool tests.
BUG=

Review-Url: https://codereview.chromium.org/2922983002
Cr-Commit-Position: refs/heads/master@{#45948}
2017-06-14 13:52:00 +00:00
jgruber
b1ee17e588 [regexp] Add a RegExp.p.exec fast path for ATOM regexps
Until now, ATOM regexps (i.e. simple patterns don't require regexp matching
logic but can use generic string matching algorithms instead) have always gone
through the slow runtime.

This CL implements a fast path in CSA which simply calls StringIndexOf
internally and then sets up the last-match-info as required.

Local microbenchmarks show a 30% improvement for RE.p.exec on ATOM regexps,
and a 5% improvement on Octane/RegExp.

Bug: v8:6462
Change-Id: I35b4c5caf416fa35fe388dd58e34dea55b098d09
Reviewed-on: https://chromium-review.googlesource.com/535455
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45947}
2017-06-14 13:47:38 +00:00