bmeurer [Mon, 1 Jun 2015 11:41:21 +0000 (04:41 -0700)]
[turbofan] First steps towards optimizing for-in loops.
This is basically a port of the majority of optimizations that are
applied to for-in in full codegen. But it is not done during graph
building, but instead during typed lowering, which way less adhoc than
what the other compilers do.
Review URL: https://codereview.chromium.org/
1155313008
Cr-Commit-Position: refs/heads/master@{#28726}
mstarzinger [Mon, 1 Jun 2015 11:40:13 +0000 (04:40 -0700)]
[turbofan] Disable optimization of dynamic lookup slots.
Note that this essentially disables optimization of "with" as well.
R=hablich@chromium.org
BUG=chromium:491897,chromium:491018
LOG=N
Review URL: https://codereview.chromium.org/
1158343003
Cr-Commit-Position: refs/heads/master@{#28725}
conradw [Mon, 1 Jun 2015 11:39:01 +0000 (04:39 -0700)]
[strong] Implement per-object restrictions behaviour of delete operator
Implements the strong mode proposal's restrictions on the behaviour of the
delete operator for strong objects.
Setting the strong bit is still wip, so this change will only affect those
objects that have the bit correctly set. The tests reflect this, and will be
expanded as more objects can be marked as strong.
Attempt 2, last version did not work with API.
BUG=v8:3956
LOG=N
Review URL: https://codereview.chromium.org/
1156573002
Cr-Commit-Position: refs/heads/master@{#28724}
bmeurer [Mon, 1 Jun 2015 10:58:51 +0000 (03:58 -0700)]
Revert of Re-enable on-heap typed array allocation (patchset #1 id:1 of https://codereview.chromium.org/
1166433004/)
Reason for revert:
Win32 breakage
Original issue's description:
> Re-enable on-heap typed array allocation
>
> BUG=v8:3996
> R=mstarzinger@chromium.org
> LOG=y
>
> Committed: https://crrev.com/
f91df1f25dec4f1982c40af6118da8b699777475
> Cr-Commit-Position: refs/heads/master@{#28722}
TBR=mstarzinger@chromium.org,jochen@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3996
Review URL: https://codereview.chromium.org/
1158193004
Cr-Commit-Position: refs/heads/master@{#28723}
jochen [Mon, 1 Jun 2015 10:07:09 +0000 (03:07 -0700)]
Re-enable on-heap typed array allocation
BUG=v8:3996
R=mstarzinger@chromium.org
LOG=y
Review URL: https://codereview.chromium.org/
1166433004
Cr-Commit-Position: refs/heads/master@{#28722}
dusan.milosavljevic [Mon, 1 Jun 2015 09:47:42 +0000 (02:47 -0700)]
MIPS64: Fix lithium arithmetic operations for integers to sign-extend result.
TEST=mjsunit/asm/double-lo
BUG=
Review URL: https://codereview.chromium.org/
1161713003
Cr-Commit-Position: refs/heads/master@{#28721}
chunyang.dai [Mon, 1 Jun 2015 09:21:50 +0000 (02:21 -0700)]
X87: Make KeyedStores from a sloppy arguments array use a handler.
port
3a1d7335cf6a623f39c306e0bc0e82ccccc54818 (r28683)
original commit message:
This finishes up work begun by CL (https://codereview.chromium.org/
546683003/) some months ago.
BUG=
Review URL: https://codereview.chromium.org/
1163603003
Cr-Commit-Position: refs/heads/master@{#28720}
chunyang.dai [Mon, 1 Jun 2015 09:11:28 +0000 (02:11 -0700)]
X87: [crankshaft] Record inlined shared function infos instead of closures.
port
388e791df91c299507d62f91bc4f618a4dc80276 (r28672).
original commit message:
The list of inlined functions is used in exactly two places - for live
edit and to prevent code flushing for inlined functions - and those are
fine with SharedFunctionInfo and don't require a closure.
This is one additional step towards inlining based on SharedFunctionInfo
instead of JSFunction.
BUG=
Review URL: https://codereview.chromium.org/
1143003003
Cr-Commit-Position: refs/heads/master@{#28719}
chunyang.dai [Mon, 1 Jun 2015 09:04:41 +0000 (02:04 -0700)]
X87: VectorICs: allocating slots for store ics in ast nodes.
port
5450fc07ba07615a70f5ed8379dc23c3275d6fe3 (r18659)
original commit message:
Also adapt code generation to pass the slot to the
store/keyed-store ic. AST nodes ObjectLiteral, Assignment,
ForEach, Call and CountOperation now include one or more
feedback vector ic slot ids.
BUG=
Review URL: https://codereview.chromium.org/
1155383003
Cr-Commit-Position: refs/heads/master@{#28718}
chunyang.dai [Mon, 1 Jun 2015 08:55:20 +0000 (01:55 -0700)]
X87: [es6] Support super.property in eval and arrow functions
port
44e9810345cea9bfd6861905bc6856db7db5a25c (r28644)
original commit message:
When we enter a method that needs access to the [[HomeObject]]
we allocate a local variable `.home_object` and assign it the
value from the [[HomeObject]] private symbol. Something along
the lines of:
method() {
var .home_object = %ThisFunction()[home_object_symbol];
...
}
BUG=
Review URL: https://codereview.chromium.org/
1158543004
Cr-Commit-Position: refs/heads/master@{#28717}
chunyang.dai [Mon, 1 Jun 2015 08:53:06 +0000 (01:53 -0700)]
X87: Move hash code from hidden string to a private symbol
port
eca5b5d7abc0a9028cb9832087fbf2ed59dadf92 (r28622).
original commit message:
* Hash code is now just done with a private own symbol instead of the hidden string, which predates symbols.
* In the long run we should do all hidden properties this way and get rid of the
hidden magic 0-length string with the zero hash code. The advantages include
less complexity and being able to do things from JS in a natural way.
* Initially, the performance of weak set regressed, because it's a little harder
to do the lookup in C++. Instead of heroics in C++ to make things faster I
moved some functionality into JS and got the performance back. JS is supposed to be good at looking up named properties on objects.
* This also changes hash codes of Smis so that they are always Smis.
Performance figures are in the comments to the code review. Summary: Most of js-perf-test/Collections is neutral. Set and Map with object keys are 40-50% better. WeakMap is -5% and WeakSet is +9%.
In the code review comments is a patch with an example of the heroics we could do in C++ to make lookup faster (I hope we don't have to do this. Instead of checking for the property, then doing a new
In a similar vein we could give the magic zero hash code to the hash code
symbol. Then when we look up the hash code we would sometimes see the table
with all the hidden properties. This dual use of the field for either the hash
code or the table with all hidden properties and the hash code is rather ugly,
and this CL gets rid of it. I'd be loath to bring it back. On the benchmarks quoted above it's slightly slower than moving the hash code lookup to JS like in this CL.
One worry is that the benchmark results above are more monomorphic than real
world code, so may be overstating the performance benefits of moving to JS. I
think this is part of a general issue we have with handling polymorphic code in
JS and any solutions there will benefit this solution, which boils down to
regular property access. Any improvement there will lift all boats.
BUG=
Review URL: https://codereview.chromium.org/
1153963010
Cr-Commit-Position: refs/heads/master@{#28716}
chunyang.dai [Mon, 1 Jun 2015 08:45:20 +0000 (01:45 -0700)]
X87: Move work to omit unnecessary ObjectLiteral stores to the numbering pass.
port
32de677805877bbf8d697926e09c23963a27e191 (r29615)
original commit message:
The reason is that this information will be needed to compute the number of
vector ic slots done at numbering time.
BUG=
Review URL: https://codereview.chromium.org/
1165693002
Cr-Commit-Position: refs/heads/master@{#28715}
hablich [Mon, 1 Jun 2015 07:40:02 +0000 (00:40 -0700)]
For Micro-benchmarks for 'with'
R=arv@chromium.org, mstarzinger@chromium.org
BUG=v8:4131
LOG=n
Review URL: https://codereview.chromium.org/
1153363002
Cr-Commit-Position: refs/heads/master@{#28714}
mstarzinger [Mon, 1 Jun 2015 07:35:06 +0000 (00:35 -0700)]
[turbofan] New operator for loads of DYNAMIC_[GLOBAL,LOCAL].
This introduces two new operators for loads of variables bound to
Variable::LOOKUP locations. Currently they all still lower to runtime
calls, but will allow optimization during typed lowering.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/
1155103004
Cr-Commit-Position: refs/heads/master@{#28713}
jochen [Mon, 1 Jun 2015 07:26:38 +0000 (00:26 -0700)]
Also expose DefineOwnProperty
In contrast to CreateDataProperty, this will always call out to JS
BUG=475206
R=adamk@chromium.org,verwaest@chromium.org
LOG=y
Review URL: https://codereview.chromium.org/
1167473002
Cr-Commit-Position: refs/heads/master@{#28712}
bmeurer [Mon, 1 Jun 2015 07:20:50 +0000 (00:20 -0700)]
[turbofan] First step towards sanitizing for-in and making it optimizable.
In a nutshell: The FILTER_KEY builtin is gone, and was replaced by a
simple runtime call to ForInFilter, which does everything and is even
cheaper (because FILTER_KEY used to call into the runtime anyway).
And ForInFilter returns either the name or undefined, which makes it
possible to remove the control flow construction from the AstGraphBuilder,
and thereby make both the initialization and the per-loop code of for-in
optimizable later (in typed lowering).
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/
1160983004
Cr-Commit-Position: refs/heads/master@{#28711}
michael_dawson [Mon, 1 Jun 2015 06:51:39 +0000 (23:51 -0700)]
Fix compile failure for AIX
Fix another may be uninitialized compile failure on AIX
in src/heap/heap.cc
R=svenpanne@chromium.org, mbrandy@us.ibm.com
BUG=
Review URL: https://codereview.chromium.org/
1153233004
Cr-Commit-Position: refs/heads/master@{#28710}
jacob.bramley [Mon, 1 Jun 2015 04:26:27 +0000 (21:26 -0700)]
[arm] Fix detection of architecture versions.
Use __ARM_ARCH_6ZK__ instead of __ARM_ARCH_6KZ__. The architecture is
technically called ARMv6KZ, but GCC has always called it 6ZK.
Clang defines __ARM_ARCH_6K__ for this target, and is unaffected.
BUG=v8:3978
LOG=N
Review URL: https://codereview.chromium.org/
1145973004
Cr-Commit-Position: refs/heads/master@{#28709}
v8-autoroll [Mon, 1 Jun 2015 03:35:59 +0000 (20:35 -0700)]
Update V8 DEPS.
Rolling v8/tools/clang to
ed19e3a88ba8dccc757b6f2e76d06c5d1355cfa3
TBR=machenbach@chromium.org
Review URL: https://codereview.chromium.org/
1166613002
Cr-Commit-Position: refs/heads/master@{#28708}
erikcorry [Sun, 31 May 2015 10:01:56 +0000 (03:01 -0700)]
Remove spurious prints from GC logging
R=hpayer@chromium.org, szager@chromium.org
TBR=hpayer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1149413003
Cr-Commit-Position: refs/heads/master@{#28707}
v8-autoroll [Sun, 31 May 2015 03:23:18 +0000 (20:23 -0700)]
Update V8 DEPS.
Rolling v8/tools/clang to
4a73eedb03ade4ca209eadcf768737ca01bf7b4a
TBR=machenbach@chromium.org
Review URL: https://codereview.chromium.org/
1163663004
Cr-Commit-Position: refs/heads/master@{#28706}
v8-autoroll [Sat, 30 May 2015 03:25:44 +0000 (20:25 -0700)]
Update V8 DEPS.
Rolling v8/buildtools to
fa660d47fa1a6c649d5c29e001348447c55709e6
Rolling v8/tools/clang to
fbd2e50b735151d7745bca153f7f17ea896dcfb7
TBR=machenbach@chromium.org
Review URL: https://codereview.chromium.org/
1158313003
Cr-Commit-Position: refs/heads/master@{#28705}
erikcorry [Fri, 29 May 2015 16:24:39 +0000 (09:24 -0700)]
Even without --trace-gc dump the last few GC messages on OOM
If we crash V8 due to out-of-memory then we print the last 3 GCs on
stdout as we crash. Also records the last 3 GCs on the stack so that
it will be part of the minidump.
R=hpayer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1159513003
Cr-Commit-Position: refs/heads/master@{#28704}
titzer [Fri, 29 May 2015 14:05:39 +0000 (07:05 -0700)]
[turbofan] Clean up cctest "framework" for dealing with native calls.
R=mstarzinger@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1164603002
Cr-Commit-Position: refs/heads/master@{#28703}
bbudge [Fri, 29 May 2015 13:18:13 +0000 (06:18 -0700)]
Clean up aligned allocation code in preparation for SIMD alignments.
Moves alignment fill calculations into two static Heap methods.
Adds a Heap method to handle the complex case where filler is potentially needed before and after a heap object.
Makes DoubleAlignForDeserialization explicitly fill after an already
aligned object.
LOG=N
BUG=v8:4124
Committed: https://crrev.com/
fcfb080eb9a637f0ae066bed4c45095e60df8a84
Cr-Commit-Position: refs/heads/master@{#28687}
Review URL: https://codereview.chromium.org/
1150593003
Cr-Commit-Position: refs/heads/master@{#28702}
yangguo [Fri, 29 May 2015 12:56:26 +0000 (05:56 -0700)]
Debugger: PreservePositionScope should clear positions inside the scope.
The point of this change is so that when emitting code for a call in
FullCodegen::VisitCall, the statement position is not associated to
any code that loads the function, but to the actual CallIC.
R=mvstanton@chromium.org
BUG=chromium:481896
LOG=N
Review URL: https://codereview.chromium.org/
1157543004
Cr-Commit-Position: refs/heads/master@{#28701}
vogelheim [Fri, 29 May 2015 12:19:40 +0000 (05:19 -0700)]
Fix free-after-free bug in ExternalStreamingStream::ResetToBookmark.
R=jochen@chromium.org
BUG=chromium:470930
LOG=N
Review URL: https://codereview.chromium.org/
1156103015
Cr-Commit-Position: refs/heads/master@{#28700}
ishell [Fri, 29 May 2015 11:37:10 +0000 (04:37 -0700)]
Reland "Fixed a couple of failing DCHECK(has_pending_exception()). (patchset #1 id:1 of https://codereview.chromium.org/
1151373002/ )"
BUG=chromium:491062
LOG=N
Review URL: https://codereview.chromium.org/
1157273002
Cr-Commit-Position: refs/heads/master@{#28699}
conradw [Fri, 29 May 2015 11:33:15 +0000 (04:33 -0700)]
[strong] Implement per-object restrictions behaviour of property freezing
Implements the strong mode proposal's restrictions on changing a strong object's
writable, non-configurable property to non-writable.
Setting the strong bit is still wip, so this change will only affect those
objects that have the bit correctly set. The tests reflect this, and will be
expanded as more objects can be marked as strong.
BUG=v8:3956
LOG=N
Review URL: https://codereview.chromium.org/
1142393003
Cr-Commit-Position: refs/heads/master@{#28698}
jarin [Fri, 29 May 2015 10:39:43 +0000 (03:39 -0700)]
Remove the experimental perf jit support until the license is clarified.
BUG=
Review URL: https://codereview.chromium.org/
1148293009
Cr-Commit-Position: refs/heads/master@{#28697}
yangguo [Fri, 29 May 2015 10:05:22 +0000 (03:05 -0700)]
Debugger: consider try-finally scopes not catching wrt debug events.
R=mstarzinger@chromium.org
BUG=chromium:492522
LOG=Y
Review URL: https://codereview.chromium.org/
1154163006
Cr-Commit-Position: refs/heads/master@{#28696}
mstarzinger [Fri, 29 May 2015 09:17:19 +0000 (02:17 -0700)]
[turbofan] Enforce stricter constraints on Throw nodes.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/
1162633002
Cr-Commit-Position: refs/heads/master@{#28695}
erikcorry [Fri, 29 May 2015 09:04:57 +0000 (02:04 -0700)]
grokdump.py - some support for on-stack HeapStats
R=ulan@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1142343009
Cr-Commit-Position: refs/heads/master@{#28694}
hpayer [Fri, 29 May 2015 08:06:19 +0000 (01:06 -0700)]
Treat links that organize weak objects weakly.
BUG=
Review URL: https://codereview.chromium.org/
1158423002
Cr-Commit-Position: refs/heads/master@{#28693}
bmeurer [Fri, 29 May 2015 06:37:17 +0000 (23:37 -0700)]
[x64] Fix useless deopt in for-in.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/
1157423003
Cr-Commit-Position: refs/heads/master@{#28692}
rodolph.perfetta [Fri, 29 May 2015 05:31:25 +0000 (22:31 -0700)]
[arm] Fix vmov immediate for ARMv6.
vmov immediate was always emitting movt for some immediates wether or
not the CPU supported ARMv7.
BUG=v8:4019
LOG=n
Review URL: https://codereview.chromium.org/
1160093002
Cr-Commit-Position: refs/heads/master@{#28691}
v8-autoroll [Fri, 29 May 2015 03:33:48 +0000 (20:33 -0700)]
Update V8 DEPS.
Rolling v8/tools/clang to
5413f2a11e1b56c30e28769b9ff1086797c11b28
TBR=machenbach@chromium.org
Review URL: https://codereview.chromium.org/
1167453002
Cr-Commit-Position: refs/heads/master@{#28690}
arv [Thu, 28 May 2015 18:50:38 +0000 (11:50 -0700)]
Cleanup ast numbering for super.prop in arrows
Follow up to https://codereview.chromium.org/
1135243004
For now we need to call set_base_id in AstNumberingVisitor because
TurboFan needs a bailout id for super.prop in a lot of cases.
BUG=None
LOG=N
R=adamk@chromium.org, mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/
1153053005
Cr-Commit-Position: refs/heads/master@{#28689}
bbudge [Thu, 28 May 2015 18:17:44 +0000 (11:17 -0700)]
Revert of Clean up aligned allocation code in preparation for SIMD alignments. (patchset #14 id:300001 of https://codereview.chromium.org/
1150593003/)
Reason for revert:
Breaks mjsunit, webkit, mozilla, benchmarks.
TBR=hpayer@chromium.org
Original issue's description:
> Clean up aligned allocation code in preparation for SIMD alignments.
>
> Moves alignment fill calculations into two static Heap methods.
> Adds a Heap method to handle the complex case where filler is potentially needed before and after a heap object.
> Makes DoubleAlignForDeserialization explicitly fill after an already
> aligned object.
>
> LOG=N
> BUG=v8:4124
>
> Committed: https://crrev.com/
fcfb080eb9a637f0ae066bed4c45095e60df8a84
> Cr-Commit-Position: refs/heads/master@{#28687}
TBR=hpayer@chromium.org,bmeurer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4124
Review URL: https://codereview.chromium.org/
1159123002
Cr-Commit-Position: refs/heads/master@{#28688}
bbudge [Thu, 28 May 2015 17:19:39 +0000 (10:19 -0700)]
Clean up aligned allocation code in preparation for SIMD alignments.
Moves alignment fill calculations into two static Heap methods.
Adds a Heap method to handle the complex case where filler is potentially needed before and after a heap object.
Makes DoubleAlignForDeserialization explicitly fill after an already
aligned object.
LOG=N
BUG=v8:4124
Review URL: https://codereview.chromium.org/
1150593003
Cr-Commit-Position: refs/heads/master@{#28687}
mbrandy [Thu, 28 May 2015 15:58:09 +0000 (08:58 -0700)]
PPC: Make KeyedStores from a sloppy arguments array use a handler.
Port
3a1d7335cf6a623f39c306e0bc0e82ccccc54818
Original commit message:
This finishes up work begun by CL (https://codereview.chromium.org/
546683003/) some months ago.
R=mvstanton@chromium.org, dstence@us.ibm.com, michael_dawson@ca.ibm.com
BUG=
Review URL: https://codereview.chromium.org/
1160933003
Cr-Commit-Position: refs/heads/master@{#28686}
mbrandy [Thu, 28 May 2015 15:57:02 +0000 (08:57 -0700)]
PPC: Fix '[crankshaft] Record inlined shared function infos instead of closures.'
R=bmeurer@chromium.org, dstence@us.ibm.com, michael_dawson@ca.ibm.com
BUG=
Review URL: https://codereview.chromium.org/
1143153013
Cr-Commit-Position: refs/heads/master@{#28685}
sergiyb [Thu, 28 May 2015 15:02:42 +0000 (08:02 -0700)]
Converted V8 CQ config to proto-format
This will land with https://chromereviews.googleplex.com/
202967013
R=akuegel@chromium.org, machenbach@chromium.org
BUG=471767
NOTRY=true
LOG=N
Review URL: https://codereview.chromium.org/
1161873004
Cr-Commit-Position: refs/heads/master@{#28684}
mvstanton [Thu, 28 May 2015 14:55:59 +0000 (07:55 -0700)]
Make KeyedStores from a sloppy arguments array use a handler.
This finishes up work begun by CL (https://codereview.chromium.org/
546683003/) some months ago.
BUG=
Review URL: https://codereview.chromium.org/
1149053004
Cr-Commit-Position: refs/heads/master@{#28683}
bmeurer [Thu, 28 May 2015 14:01:17 +0000 (07:01 -0700)]
[turbofan] Simplify graph construction for for-in.
This is an initial step towards a faster and less incorrect
implementation of for-in in TurboFan.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/
1153403002
Cr-Commit-Position: refs/heads/master@{#28682}
mstarzinger [Thu, 28 May 2015 13:22:48 +0000 (06:22 -0700)]
[turbofan] Introduce prediction for exception handlers.
This introduces a conservative prediction for each exception handler
whether it will locally catch an exception or re-throw it to outside
the code bondaries. It will allow for a more intuitive prediction of
whether an exception is considered "caught" or "uncaught".
R=bmeurer@chromium.org,yangguo@chromium.org
BUG=chromium:492522
LOG=N
Review URL: https://codereview.chromium.org/
1158563008
Cr-Commit-Position: refs/heads/master@{#28681}
erikcorry [Thu, 28 May 2015 13:12:06 +0000 (06:12 -0700)]
grokdump.py: work around int size limits on xrange
R=hpayer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1158933007
Cr-Commit-Position: refs/heads/master@{#28680}
machenbach [Thu, 28 May 2015 13:06:35 +0000 (06:06 -0700)]
[test] Fix assert for predictable mode in test runner.
NOTRY=true
Review URL: https://codereview.chromium.org/
1156663009
Cr-Commit-Position: refs/heads/master@{#28679}
jochen [Thu, 28 May 2015 12:49:31 +0000 (05:49 -0700)]
Update all callsites of the TryCatch ctor to pass an Isolate
BUG=4134
R=vogelheim@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/
1154423004
Cr-Commit-Position: refs/heads/master@{#28678}
bmeurer [Thu, 28 May 2015 12:12:43 +0000 (05:12 -0700)]
[turbofan] Record SharedFunctionInfo of inlined functions.
We need the shared function info of inlined functions to prevent code
flushing for their unoptimized code, and also to make sure that liveedit
can find the proper functions to deoptimize.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/
1156403002
Cr-Commit-Position: refs/heads/master@{#28677}
machenbach [Thu, 28 May 2015 11:50:44 +0000 (04:50 -0700)]
[test] Use instrumented libc++ for asan and tsan builds.
BUG=chromium:489254
LOG=n
Review URL: https://codereview.chromium.org/
1143173005
Cr-Commit-Position: refs/heads/master@{#28676}
bmeurer [Thu, 28 May 2015 10:30:54 +0000 (03:30 -0700)]
[deoptimizer] Materialize double values as smis whenever possible.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/
1156393002
Cr-Commit-Position: refs/heads/master@{#28675}
bmeurer [Thu, 28 May 2015 09:12:50 +0000 (02:12 -0700)]
[turbofan] Remove the JSGraph dependency from the ControlFlowOptimizer.
The control flow optimization should work independent of the JSGraph. We
used the JSGraph there because it was convinient, not because it was
necessary.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/
1160863003
Cr-Commit-Position: refs/heads/master@{#28674}
bmeurer [Thu, 28 May 2015 08:38:02 +0000 (01:38 -0700)]
[turbofan] Remove the useless SimplifiedOperatorReducer.
The SimplifiedOperatorReducer is (mostly) unused, except for the very
rough store elimination, and just eats compilation time.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/
1162563002
Cr-Commit-Position: refs/heads/master@{#28673}
bmeurer [Thu, 28 May 2015 07:11:53 +0000 (00:11 -0700)]
[crankshaft] Record inlined shared function infos instead of closures.
The list of inlined functions is used in exactly two places - for live
edit and to prevent code flushing for inlined functions - and those are
fine with SharedFunctionInfo and don't require a closure.
This is one additional step towards inlining based on SharedFunctionInfo
instead of JSFunction.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/
1145893003
Cr-Commit-Position: refs/heads/master@{#28672}
yangguo [Thu, 28 May 2015 07:05:01 +0000 (00:05 -0700)]
Throw illegal exception when formatting with invalid template index.
R=arv@chromium.org
BUG=chromium:492526
LOG=N
Review URL: https://codereview.chromium.org/
1146923004
Cr-Commit-Position: refs/heads/master@{#28671}
yangguo [Thu, 28 May 2015 06:30:08 +0000 (23:30 -0700)]
Do not eagerly convert exception to string when creating a message object
R=mstarzinger@chromium.org
BUG=chromium:490680
LOG=Y
Review URL: https://codereview.chromium.org/
1157563005
Cr-Commit-Position: refs/heads/master@{#28670}
bmeurer [Thu, 28 May 2015 04:10:43 +0000 (21:10 -0700)]
[turbofan] Remove frame state TODOs from VisitForInBody.
Neither the increment nor the comparison can deoptimize, so we don't
need proper frame states there.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/
1148323003
Cr-Commit-Position: refs/heads/master@{#28669}
v8-autoroll [Thu, 28 May 2015 03:28:31 +0000 (20:28 -0700)]
Update V8 DEPS.
Rolling v8/build/gyp to
29e94a3285ee899d14d5e56a6001682620d3778f
Rolling v8/tools/clang to
dc8f173e7fe10badbd9e29cd6eadc32ec552e691
TBR=machenbach@chromium.org
Review URL: https://codereview.chromium.org/
1156373003
Cr-Commit-Position: refs/heads/master@{#28668}
akos.palfi [Wed, 27 May 2015 18:55:41 +0000 (11:55 -0700)]
Skip simdjs/shell_test_runner on big-endian platforms.
This test is little-endian specific and therefore it can't run
correctly on big-endian platforms.
BUG=
Review URL: https://codereview.chromium.org/
1155113008
Cr-Commit-Position: refs/heads/master@{#28667}
mbrandy [Wed, 27 May 2015 17:26:22 +0000 (10:26 -0700)]
PPC: VectorICs: allocating slots for store ics in ast nodes.
Port
5450fc07ba07615a70f5ed8379dc23c3275d6fe3
Original commit message:
Also adapt code generation to pass the slot to the
store/keyed-store ic. AST nodes ObjectLiteral, Assignment,
ForEach, Call and CountOperation now include one or more
feedback vector ic slot ids.
R=mvstanton@chromium.org, dstence@us.ibm.com, michael_dawson@ca.ibm.com
BUG=
Review URL: https://codereview.chromium.org/
1156503003
Cr-Commit-Position: refs/heads/master@{#28666}
mbrandy [Wed, 27 May 2015 17:22:00 +0000 (10:22 -0700)]
PPC: [es6] Support super.property in eval and arrow functions
Port
44e9810345cea9bfd6861905bc6856db7db5a25c
Original commit message:
When we enter a method that needs access to the [[HomeObject]]
we allocate a local variable `.home_object` and assign it the
value from the [[HomeObject]] private symbol. Something along
the lines of:
method() {
var .home_object = %ThisFunction()[home_object_symbol];
...
}
R=arv@chromium.org, dstence@us.ibm.com, michael_dawson@ca.ibm.com
BUG=
Review URL: https://codereview.chromium.org/
1161603004
Cr-Commit-Position: refs/heads/master@{#28665}
conradw [Wed, 27 May 2015 17:06:36 +0000 (10:06 -0700)]
[strong] Implement per-object restrictions behaviour for prototype setting
Implements the strong mode proposal's restrictions on the ability of user code
to modify the prototype of strong objects.
Setting the strong bit is still wip, so this change will only affect those
objects that have the bit correctly set. The tests reflect this, and will be
expanded as more objects can be marked as strong.
BUG=v8:3956
LOG=N
Review URL: https://codereview.chromium.org/
1143623002
Cr-Commit-Position: refs/heads/master@{#28664}
machenbach [Wed, 27 May 2015 16:18:22 +0000 (09:18 -0700)]
[test] Add sanitizer coverage to gyp configs.
BUG=chromium:489254
LOG=n
Review URL: https://codereview.chromium.org/
1158903002
Cr-Commit-Position: refs/heads/master@{#28663}
ulan [Wed, 27 May 2015 16:09:01 +0000 (09:09 -0700)]
Fix cctest/test-unboxed-doubles/IncrementalWriteBarrierObjectShiftFieldsRight after 5e87a0.
Make sure that when manual evacuation candidate selection is enabled we do not select more pages than requested.
BUG=
TBR=hpayer@chromium.org
Review URL: https://codereview.chromium.org/
1157293002
Cr-Commit-Position: refs/heads/master@{#28662}
vogelheim [Wed, 27 May 2015 15:43:30 +0000 (08:43 -0700)]
Fix DCHECK on SetBookmark.
The DCHECK was a lie. The idea was that - when a bookmark is set -
the scanner must clearly be at a character boundary and hence the
bookmark does not need to save a 'partial' UTF-8 code point. The
first part is true - the Scanner is always at a character boundary -
but the 'partial' UTF-8 code point is at the end of a block, not at
the current character position of the Scanner.
Hence, the 'partial' character needs to be saved as well.
jkummerow: Thanks for noticing.
BUG=chromium:470930
R=jochen@chromium.org, jkummerow@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/
1154773004
Cr-Commit-Position: refs/heads/master@{#28661}
jochen [Wed, 27 May 2015 15:03:28 +0000 (08:03 -0700)]
Introduce v8::Object::CreateDataProperty
Also deprecate ForceSet
BUG=chromium:475206
R=adamk@chromium.org,verwaest@chromium.org
LOG=y
Review URL: https://codereview.chromium.org/
1154233003
Cr-Commit-Position: refs/heads/master@{#28660}
mvstanton [Wed, 27 May 2015 14:26:11 +0000 (07:26 -0700)]
VectorICs: allocating slots for store ics in ast nodes.
Also adapt code generation to pass the slot to the
store/keyed-store ic. AST nodes ObjectLiteral, Assignment,
ForEach, Call and CountOperation now include one or more
feedback vector ic slot ids.
BUG=
Review URL: https://codereview.chromium.org/
1161623002
Cr-Commit-Position: refs/heads/master@{#28659}
hpayer [Wed, 27 May 2015 14:13:04 +0000 (07:13 -0700)]
Treat weak references in context weakly in write barrier.
BUG=
Review URL: https://codereview.chromium.org/
1152153004
Cr-Commit-Position: refs/heads/master@{#28658}
v8-autoroll [Wed, 27 May 2015 14:10:22 +0000 (07:10 -0700)]
Update V8 DEPS.
Rolling v8/buildtools to
a85661f97e83c620a8a1d0255829eb7a674e12cc
TBR=machenbach@chromium.org
Review URL: https://codereview.chromium.org/
1145043004
Cr-Commit-Position: refs/heads/master@{#28657}
machenbach [Wed, 27 May 2015 14:05:49 +0000 (07:05 -0700)]
Revert of Use CLOCK_REALTIME_COARSE when available. (patchset #1 id:1 of https://codereview.chromium.org/
1151283005/)
Reason for revert:
[Sheriff] This leads to several failures in chromium and blocks our roll:
https://codereview.chromium.org/
1154363002/
Bisect (https://codereview.chromium.org/
1152553004/) points to this CL.
Please add the failing chromium trybot on a reland of this CL.
Original issue's description:
> Use CLOCK_REALTIME_COARSE when available.
>
> On systems that have CLOCK_REALTIME_COARSE with good enough resolution,
> we can avoid making a system call to get the current time; it's serviced
> from the vDSO.
>
> This is v2 of the patch. v1 can be found at [0] but was reverted in [1]
> because of Chromium sandbox restrictions. The necessary changes have
> been applied upstream in [2].
>
> [0] https://codereview.chromium.org/
1125003002
> [1] https://codereview.chromium.org/
1130083003
> [2] https://codereview.chromium.org/
1133653002
>
> BUG=
> LOG=N
>
> Committed: https://crrev.com/
28cea2b749f24ba33e6e0c8e343dd0d6258ee302
> Cr-Commit-Position: refs/heads/master@{#28639}
TBR=jochen@chromium.org,bmeurer@chromium.org,ben@strongloop.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/
1154783003
Cr-Commit-Position: refs/heads/master@{#28656}
conradw [Wed, 27 May 2015 13:55:02 +0000 (06:55 -0700)]
[strong] fix strong array, object prototypes
Strong Object/Array literals are currently being created with incorrect
internal prototypes. This CL fixes this and extends the test suite to check.
BUG=
LOG=N
Review URL: https://codereview.chromium.org/
1158933002
Cr-Commit-Position: refs/heads/master@{#28655}
machenbach [Wed, 27 May 2015 13:50:43 +0000 (06:50 -0700)]
[test] Remove default for zero test cases.
BUG=
Review URL: https://codereview.chromium.org/
1153103003
Cr-Commit-Position: refs/heads/master@{#28654}
vegorov [Wed, 27 May 2015 13:48:56 +0000 (06:48 -0700)]
gdb-v8-support.py: add FindAnywhere helper.
R=jkummerow@chromium.org
NOTRY=true
Review URL: https://codereview.chromium.org/
1157683007
Cr-Commit-Position: refs/heads/master@{#28653}
hpayer [Wed, 27 May 2015 13:09:14 +0000 (06:09 -0700)]
Scale old generation growing strategy based on allocation rate.
Before we used to scale the growing factor based on freed global handles (which may have caused jank when many global handles got freed on site navigation).
BUG=
Review URL: https://codereview.chromium.org/
1158433003
Cr-Commit-Position: refs/heads/master@{#28652}
ulan [Wed, 27 May 2015 13:07:47 +0000 (06:07 -0700)]
New algorithm for selecting evacuation candidates
This lifts the sqrt(n) limit on number of evacuation candidates,
replaces O(n * sqrt(n)) algorithm with O(n*log(n)) algorithm, and
removes hard-coded constants.
Evacuation candidates are selected as follows:
1) Sort pages from the most free to the least free.
2) Select the first m pages as evacuation candidates such that m is as
large as possible under the two conditions:
- The total size of live objects in the first m pages does not exceed
the given limit. This is based on the assumption that the evacuation cost is
proportional to the total size of moved objects.
- The fragmentation of the (m+1)-th page does not exceed the given
limit.
Review URL: https://codereview.chromium.org/
1038313003
Cr-Commit-Position: refs/heads/master@{#28651}
jkummerow [Wed, 27 May 2015 12:30:34 +0000 (05:30 -0700)]
[turbofan] Fix type feedback for JSStoreNamed
And delete remnants of non-vectorized LoadICs from the type feedback oracle
Review URL: https://codereview.chromium.org/
1147253004
Cr-Commit-Position: refs/heads/master@{#28650}
bmeurer [Wed, 27 May 2015 11:01:51 +0000 (04:01 -0700)]
[turbofan] Use Start as sentinel for frame states.
This simplifies inlining, in that we only need to update uses of Start
and inputs of End instead of walking the whole inlinee to update all
outer frame states.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/
1146403008
Cr-Commit-Position: refs/heads/master@{#28649}
bmeurer [Wed, 27 May 2015 08:35:31 +0000 (01:35 -0700)]
[turbofan] Optimize && and || in test context.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/
1160683003
Cr-Commit-Position: refs/heads/master@{#28648}
vogelheim [Wed, 27 May 2015 07:10:31 +0000 (00:10 -0700)]
Mark class as exported to fix win build.
TBR=machenbach@chromium.org
BUG=chromium:470930
LOG=N
Review URL: https://codereview.chromium.org/
1149923006
Cr-Commit-Position: refs/heads/master@{#28647}
bmeurer [Wed, 27 May 2015 04:23:29 +0000 (21:23 -0700)]
[turbofan] Optimize strict equality of unique values.
If both inputs to JSStrictEqual/JSStrictNotEqual are unique values (i.e.
values with a canonical representation), we can lower the comparison to
ReferenceEqual instead of StringEqual or CompareIC.
Review URL: https://codereview.chromium.org/
1154303002
Cr-Commit-Position: refs/heads/master@{#28646}
v8-autoroll [Wed, 27 May 2015 03:27:13 +0000 (20:27 -0700)]
Update V8 DEPS.
Rolling v8/third_party/icu to
f1ad7f9ba957571dc692ea3e187612c685615e19
Rolling v8/tools/clang to
dbc958e1b51949ca815ca31a8f9bf4a760ca1d35
TBR=machenbach@chromium.org
Review URL: https://codereview.chromium.org/
1160693002
Cr-Commit-Position: refs/heads/master@{#28645}
arv [Tue, 26 May 2015 20:29:47 +0000 (13:29 -0700)]
[es6] Support super.property in eval and arrow functions
When we enter a method that needs access to the [[HomeObject]]
we allocate a local variable `.home_object` and assign it the
value from the [[HomeObject]] private symbol. Something along
the lines of:
method() {
var .home_object = %ThisFunction()[home_object_symbol];
...
}
BUG=v8:3867, v8:4031
LOG=N
Review URL: https://codereview.chromium.org/
1135243004
Cr-Commit-Position: refs/heads/master@{#28644}
machenbach [Tue, 26 May 2015 19:50:42 +0000 (12:50 -0700)]
[test] Verbose test runner output on windows.
TBR=jkummerow@chromium.org
NOTRY=true
Review URL: https://codereview.chromium.org/
1156133006
Cr-Commit-Position: refs/heads/master@{#28643}
adamk [Tue, 26 May 2015 18:50:14 +0000 (11:50 -0700)]
Add {Map,Set}::FromArray to the API
These are similar to the Map/Set constructors when called with an array,
except that they are guaranteed to be side-effect free if called with
a packed array.
This will be useful in implementing structured clone which, as
specified in HTML, speaks in terms of the internal [[MapData]]
and [[SetData]] slots without going through the exposed iteration
ES semantics.
BUG=v8:3340
LOG=y
Review URL: https://codereview.chromium.org/
1155893003
Cr-Commit-Position: refs/heads/master@{#28642}
mike [Tue, 26 May 2015 18:31:35 +0000 (11:31 -0700)]
[es6] Define generator prototype as writable prop
The April 14 2015 final draft of the ES6 specification states that the
`prototype` property of generator function instances should be writable.
BUG=v8:4140, v8:4140
LOG=N
R=arv@chromium.org
Review URL: https://codereview.chromium.org/
1153633003
Cr-Commit-Position: refs/heads/master@{#28641}
adamk [Tue, 26 May 2015 18:13:22 +0000 (11:13 -0700)]
Add {Map,Set}::AsArray to the API
These return arrays representing the current contents of the given
Map/Set. They are similar to what would be returned by the JS code:
Array.from(collection)
except that they are guaranteed side-effect free.
This will be useful in implementing structured clone which, as
specified in HTML, speaks in terms of the internal [[MapData]]
and [[SetData]] slots without going through the exposed iteration
ES semantics.
BUG=v8:3340
LOG=y
Review URL: https://codereview.chromium.org/
1148383007
Cr-Commit-Position: refs/heads/master@{#28640}
ben [Tue, 26 May 2015 18:10:34 +0000 (11:10 -0700)]
Use CLOCK_REALTIME_COARSE when available.
On systems that have CLOCK_REALTIME_COARSE with good enough resolution,
we can avoid making a system call to get the current time; it's serviced
from the vDSO.
This is v2 of the patch. v1 can be found at [0] but was reverted in [1]
because of Chromium sandbox restrictions. The necessary changes have
been applied upstream in [2].
[0] https://codereview.chromium.org/
1125003002
[1] https://codereview.chromium.org/
1130083003
[2] https://codereview.chromium.org/
1133653002
BUG=
LOG=N
Review URL: https://codereview.chromium.org/
1151283005
Cr-Commit-Position: refs/heads/master@{#28639}
hpayer [Tue, 26 May 2015 17:46:49 +0000 (10:46 -0700)]
Fix overflow in allocation throughput calculation.
BUG=chromium:492021
LOG=n
Review URL: https://codereview.chromium.org/
1148953009
Cr-Commit-Position: refs/heads/master@{#28638}
adamk [Tue, 26 May 2015 17:36:48 +0000 (10:36 -0700)]
Add basic API support for Map & Set
Only supports constructing new objects and returning size.
Followup patch will need to add ability to retrieve and
set contents in order to support structured clone.
Also removes a bunch of outdated "experimental" markers from v8.h.
BUG=v8:3340
LOG=y
Review URL: https://codereview.chromium.org/
1157453002
Cr-Commit-Position: refs/heads/master@{#28637}
mbrandy [Tue, 26 May 2015 15:51:03 +0000 (08:51 -0700)]
PPC: Vector ICs: Introduce Store and KeyedStore IC code stubs.
Port
a86384f192f88458bb46eece0a8f2709979057b8
Original commit message:
Also introduce new interface descriptors for the trampoline and full
versions of those stubs.
Currently, the stubs aren't functional.
R=mvstanton@chromium.org, dstence@us.ibm.com, michael_dawson@ca.ibm.com
BUG=
Review URL: https://codereview.chromium.org/
1159483003
Cr-Commit-Position: refs/heads/master@{#28636}
ulan [Tue, 26 May 2015 15:48:20 +0000 (08:48 -0700)]
Fix windows builder after
fe9a16b6.
TBR=hpayer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/
1161623003
Cr-Commit-Position: refs/heads/master@{#28635}
mbrandy [Tue, 26 May 2015 15:44:47 +0000 (08:44 -0700)]
PPC: Move hash code from hidden string to a private symbol
Port
eca5b5d7abc0a9028cb9832087fbf2ed59dadf92
Original commit message:
* Hash code is now just done with a private own symbol instead of the hidden string, which predates symbols.
* In the long run we should do all hidden properties this way and get rid of the
hidden magic 0-length string with the zero hash code. The advantages include
less complexity and being able to do things from JS in a natural way.
* Initially, the performance of weak set regressed, because it's a little harder
to do the lookup in C++. Instead of heroics in C++ to make things faster I
moved some functionality into JS and got the performance back. JS is supposed to be good at looking up named properties on objects.
* This also changes hash codes of Smis so that they are always Smis.
Performance figures are in the comments to the code review. Summary: Most of js-perf-test/Collections is neutral. Set and Map with object keys are 40-50% better. WeakMap is -5% and WeakSet is +9%. After the measurements, I fixed global proxies, which cost 1% on most tests and 5% on the weak ones :-(.
In the code review comments is a patch with an example of the heroics we could do in C++ to make lookup faster (I hope we don't have to do this. Instead of checking for the property, then doing a new lookup to insert it, we could do one lookup and handle the addition immediately). With the current benchmarks above this buys us nothing, but if we go back to doing more lookups in C++ instead of in stubs and JS then it's a win.
In a similar vein we could give the magic zero hash code to the hash code
symbol. Then when we look up the hash code we would sometimes see the table
with all the hidden properties. This dual use of the field for either the hash
code or the table with all hidden properties and the hash code is rather ugly,
and this CL gets rid of it. I'd be loath to bring it back. On the benchmarks quoted above it's slightly slower than moving the hash code lookup to JS like in this CL.
One worry is that the benchmark results above are more monomorphic than real
world code, so may be overstating the performance benefits of moving to JS. I
think this is part of a general issue we have with handling polymorphic code in
JS and any solutions there will benefit this solution, which boils down to
regular property access. Any improvement there will lift all boats.
R=erikcorry@chromium.org, dstence@us.ibm.com, michael_dawson@ca.ibm.com
BUG=
Review URL: https://codereview.chromium.org/
1157123002
Cr-Commit-Position: refs/heads/master@{#28634}
mbrandy [Tue, 26 May 2015 15:43:34 +0000 (08:43 -0700)]
PPC: Move work to omit unnecessary ObjectLiteral stores to the numbering pass.
Port
32de677805877bbf8d697926e09c23963a27e191
Original commit message:
The reason is that this information will be needed to compute the number of
vector ic slots done at numbering time.
R=mvstanton@chromium.org, dstence@us.ibm.com, michael_dawson@ca.ibm.com
BUG=
Review URL: https://codereview.chromium.org/
1153113002
Cr-Commit-Position: refs/heads/master@{#28633}
ulan [Tue, 26 May 2015 15:42:20 +0000 (08:42 -0700)]
Fix test-heap/OldSpaceAllocationCounter.
TBR=hpayer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/
1156113003
Cr-Commit-Position: refs/heads/master@{#28632}
machenbach [Tue, 26 May 2015 14:51:35 +0000 (07:51 -0700)]
[test] Sync in *san configurations from chromium.
This configures *san in v8 just like in chromium's
common.gypi. I also addresses compilation problems with ICU
and usage of instrumented libc++.
TBR=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/
1146863006
Cr-Commit-Position: refs/heads/master@{#28631}
ulan [Tue, 26 May 2015 13:51:48 +0000 (06:51 -0700)]
Temporary fix for test-heap/OldSpaceAllocationCounter.
TBR=hpayer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/
1155683006
Cr-Commit-Position: refs/heads/master@{#28630}
machenbach [Tue, 26 May 2015 13:22:18 +0000 (06:22 -0700)]
[test] Correctly merge expected test outcomes.
Without this change, wildcards always overwrite the outcomes
of more specific rules. Now we always merge.
Review URL: https://codereview.chromium.org/
1153073002
Cr-Commit-Position: refs/heads/master@{#28629}
yangguo [Tue, 26 May 2015 13:06:38 +0000 (06:06 -0700)]
Correctly hook up materialized receiver into the evaluation context chain.
R=ulan@chromium.org
BUG=chromium:491943
LOG=Y
Review URL: https://codereview.chromium.org/
1157993002
Cr-Commit-Position: refs/heads/master@{#28628}
hablich [Tue, 26 May 2015 13:05:25 +0000 (06:05 -0700)]
Temporary auto-CC'ing hablich to x87 changes
BUG=
NOTRY=true
Review URL: https://codereview.chromium.org/
1157993003
Cr-Commit-Position: refs/heads/master@{#28627}