1. 25 Sep, 2015 5 commits
    • jarin's avatar
      [turbofan] Check node input/use consistency for changed operators and new nodes. · 1c2867c0
      jarin authored
      Verifies consistency of node inputs and uses:
      - node inputs should agree with the input count computed from the node's operator.
      - effect inputs should have effect outputs (or be a sentinel).
      - control inputs should have control outputs (or be a sentinel).
      - frame state inputs should be frame states (or be a sentinel).
      - if the node has control uses, it should produce control.
      - if the node has effect uses, it should produce effect.
      - if the node has frame state uses, it must be a frame state.
      
      I also removed some tests, either because they did not seem to be useful (scheduler) or they tested dead functionality (diamond effect phi).
      
      Review URL: https://codereview.chromium.org/1368913002
      
      Cr-Commit-Position: refs/heads/master@{#30927}
      1c2867c0
    • julien.gilli's avatar
      Update post-mortem metadata generation · 56a0a797
      julien.gilli authored
      mdb_v8, a post-mortem debugger for Node.js, now uses JSArrayBuffer's
      backing_store property and JSArrayBufferView's byte_offset property to
      get access to the content of Buffer instances in node (which are
      Uint8Array instances). This change adds post-mortem metadata for these
      two properties.
      
      This change also fixes a typo in
      inobject_properties_of_constructor_function_index_offset that was added
      to gen-postmortem-metadata in a previous change. It should be named
      inobject_properties_or_constructor_function_index instead.
      
      R=bmeurer@chromium.org
      
      Review URL: https://codereview.chromium.org/1363403003
      
      Cr-Commit-Position: refs/heads/master@{#30926}
      56a0a797
    • bmeurer's avatar
      [es6] Remove left-overs from Function.prototype.toMethod. · ff2c9eac
      bmeurer authored
      The actual Function.prototype.toMethod was removed some time already,
      but there were some stuff (esp. %ToMethod) left in the tree, including
      tests for %ToMethod.  This code (and esp. the tests) cause trouble in
      the process of moving bound functions away from JSFunction; so since
      the code is unused anyway, we can as well remove it.
      
      The original removal of Function.prototype.toMethod was in February
      2015 in 68e48975.
      
      R=jarin@chromium.org
      BUG=v8:3330
      LOG=n
      
      Review URL: https://codereview.chromium.org/1366063002
      
      Cr-Commit-Position: refs/heads/master@{#30925}
      ff2c9eac
    • v8-autoroll's avatar
      Update V8 DEPS. · bd35b54d
      v8-autoroll authored
      Rolling v8/tools/clang to 1f65dc9f9e1879a25d79a8bc46a12265532e4a0f
      
      TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
      
      Review URL: https://codereview.chromium.org/1368903002
      
      Cr-Commit-Position: refs/heads/master@{#30924}
      bd35b54d
    • chunyang.dai's avatar
      X87: [turbofan] Call ArgumentsAccessStub to materialize arguments. · 8322defd
      chunyang.dai authored
      port 9b12ec9a (r30919)
      
      original commit message:
      
          This lowers JSCreateArgument nodes to call the ArgumentsAccessStub for
          help with materializing arguments objects when possible. Along the way
          this changes the calling convention of said stub to take parameters in
          registers instead of on the stack.
      
      R=weiliang.lin@intel.com
      BUG=
      
      Review URL: https://codereview.chromium.org/1368873002
      
      Cr-Commit-Position: refs/heads/master@{#30923}
      8322defd
  2. 24 Sep, 2015 27 commits
    • stefan.penner's avatar
      Don’t smash globals used by the test helper itself. · ab989898
      stefan.penner authored
      Since https://codereview.chromium.org/366103005 the promise tests null out
      various globals, to ensure the promise implementation doesn’t itself rely
      on functions patchable by monkeys.
      
      Unfortunately, doing so breaks test assertion failures which rely on
      those globals.
      
      This isn’t the ideal solution, but does improve the current state.
      
      R=littledan@chromium.org,domenic@chromium.org
      LOG=N
      BUG=
      
      Review URL: https://codereview.chromium.org/1370583002
      
      Cr-Commit-Position: refs/heads/master@{#30922}
      ab989898
    • ofrobots's avatar
      [heap] refactor inline allocation step code · 1c5e511d
      ofrobots authored
      Once I improved byte accounting done for incremental mark in [1], there is some
      code duplication that becomes apparent. This commit refactors the duplicated
      code into a private method on NewSpace. This also makes it easy to add new
      consumers of inline allocation steps in the future.
      
      [1] https://codereview.chromium.org/1274453002/
      
      R=hpayer@chromium.org
      BUG=
      
      Review URL: https://codereview.chromium.org/1351983002
      
      Cr-Commit-Position: refs/heads/master@{#30921}
      1c5e511d
    • mstarzinger's avatar
      [turbofan] Remove dead code from Diamond class. · d90fdd13
      mstarzinger authored
      R=titzer@chromium.org
      
      Review URL: https://codereview.chromium.org/1365963003
      
      Cr-Commit-Position: refs/heads/master@{#30920}
      d90fdd13
    • mstarzinger's avatar
      [turbofan] Call ArgumentsAccessStub to materialize arguments. · 9b12ec9a
      mstarzinger authored
      This lowers JSCreateArgument nodes to call the ArgumentsAccessStub for
      help with materializing arguments objects when possible. Along the way
      this changes the calling convention of said stub to take parameters in
      registers instead of on the stack.
      
      R=mvstanton@chromium.org
      
      Review URL: https://codereview.chromium.org/1348773002
      
      Cr-Commit-Position: refs/heads/master@{#30919}
      9b12ec9a
    • oth's avatar
      [Interpreter] Basic flow control. · 347fa906
      oth authored
      + Add bytecodes for conditional and unconditional jumps.
      + Add bytecodes for test/compare operations.
      + Expose jumps in bytecode-array-builder and add BytecodeLabel class for
        identifying jump targets.
      + Add support for if..then...else in the bytecode-generator.
      + Implement jump bytecodes in the interpreter. Test/compare operations
        dependent on runtime call for comparisons.
      
      BUG=v8:4280
      LOG=N
      
      Review URL: https://codereview.chromium.org/1343363002
      
      Cr-Commit-Position: refs/heads/master@{#30918}
      347fa906
    • machenbach's avatar
      [test] Make fuzzer output the archive file name for easy upload. · fac9e220
      machenbach authored
      NOTRY=true
      
      Review URL: https://codereview.chromium.org/1365083002
      
      Cr-Commit-Position: refs/heads/master@{#30917}
      fac9e220
    • mstarzinger's avatar
      [turbofan] Make Node::set_op safer via wrapper. · da9c42dd
      mstarzinger authored
      This introduces the NodeProperties::ChangeOp helper which guards node
      operator changes so that additional checking can be done without any
      additional dependencies being pulled into the Node class. For now only
      the input count is checked, but additional checking might follow.
      
      R=jarin@chromium.org
      
      Review URL: https://codereview.chromium.org/1366753003
      
      Cr-Commit-Position: refs/heads/master@{#30916}
      da9c42dd
    • cbruni's avatar
      PrototypeInfo.validity_cell: adding comment · 9e5b0a5a
      cbruni authored
      BUG=
      
      Review URL: https://codereview.chromium.org/1370443002
      
      Cr-Commit-Position: refs/heads/master@{#30915}
      9e5b0a5a
    • danno's avatar
      Revert of Remove register index/code indirection (patchset #17 id:320001 of... · 3ac27431
      danno authored
      Revert of Remove register index/code indirection (patchset #17 id:320001 of https://codereview.chromium.org/1287383003/ )
      
      Reason for revert:
      Failures on greedy RegAlloc, Fuzzer
      
      Original issue's description:
      > Remove register index/code indirection
      >
      > Previous to this patch, both the lithium and TurboFan register
      > allocators tracked allocated registers by "indices", rather than
      > the register codes used elsewhere in the runtime. This patch
      > ensures that codes are used everywhere, and in the process cleans
      > up a bunch of redundant code and adds more structure to how the
      > set of allocatable registers is defined.
      >
      > Some highlights of changes:
      >
      > * TurboFan's RegisterConfiguration class moved to V8's top level
      >   so that it can be shared with Crankshaft.
      > * Various "ToAllocationIndex" and related methods removed.
      > * Code that can be easily shared between Register classes on
      >   different platforms is now shared.
      > * The list of allocatable registers on each platform is declared
      >   as a list rather than implicitly via the register index <->
      >   code mapping.
      >
      > Committed: https://crrev.com/80bc6f6e11f79524e3f1ad05579583adfd5f18b2
      > Cr-Commit-Position: refs/heads/master@{#30913}
      
      TBR=akos.palfi@imgtec.com,bmeurer@chromium.org,jarin@chromium.org,paul.lind@imgtec.com,titzer@chromium.org
      NOPRESUBMIT=true
      NOTREECHECKS=true
      NOTRY=true
      
      Review URL: https://codereview.chromium.org/1365073002
      
      Cr-Commit-Position: refs/heads/master@{#30914}
      3ac27431
    • danno's avatar
      Remove register index/code indirection · 80bc6f6e
      danno authored
      Previous to this patch, both the lithium and TurboFan register
      allocators tracked allocated registers by "indices", rather than
      the register codes used elsewhere in the runtime. This patch
      ensures that codes are used everywhere, and in the process cleans
      up a bunch of redundant code and adds more structure to how the
      set of allocatable registers is defined.
      
      Some highlights of changes:
      
      * TurboFan's RegisterConfiguration class moved to V8's top level
        so that it can be shared with Crankshaft.
      * Various "ToAllocationIndex" and related methods removed.
      * Code that can be easily shared between Register classes on
        different platforms is now shared.
      * The list of allocatable registers on each platform is declared
        as a list rather than implicitly via the register index <->
        code mapping.
      
      Review URL: https://codereview.chromium.org/1287383003
      
      Cr-Commit-Position: refs/heads/master@{#30913}
      80bc6f6e
    • titzer's avatar
      Refactor the StackFrameIterator::ComputeType() method to look up the code... · 5c35f5e3
      titzer authored
      Refactor the StackFrameIterator::ComputeType() method to look up the code object (if any) before looking at the magic markers.
      
      This will allow per-code-kind logic more easily in the future (e.g. for WASM).
      
      BUG=
      
      Review URL: https://codereview.chromium.org/1350763004
      
      Cr-Commit-Position: refs/heads/master@{#30912}
      5c35f5e3
    • pierre.langlois's avatar
      [arm] Optimize vcmp when lhs operand is #0.0 · d1472d65
      pierre.langlois authored
      This patch checks the type of the lhs operand of a floating point
      comparison for ARM, and commutes the operands if it is #0.0.  It allows
      us to optimize a comparison with zero, as the vcmp instruction
      accepts #0.0 as rhs operand.
      
      Code before for "0.0 < 0.123":
      ------------------------------
      movw ip, #29360
      movt ip, #37224
      movw r9, #31981
      movt r9, #16319
      vmov d0, ip, r9
      mov ip, #0
      vmov d1, ip, ip
      vcmp.f64 d1, d0
      vmrs APSR, FPSCR
      bcc +12
      
      Code after:
      -----------
      movw ip, #29360
      movt ip, #37224
      movw r9, #31981
      movt r9, #16319
      vmov d0, ip, r9
      vcmp.f64 d0, #0.0
      vmrs APSR, FPSCR
      bgt +12
      
      BUG=
      
      Review URL: https://codereview.chromium.org/1361913003
      
      Cr-Commit-Position: refs/heads/master@{#30911}
      d1472d65
    • rmcilroy's avatar
      [Interpreter] Add support for loading globals in the interpreter. · 8087c49d
      rmcilroy authored
      Adds LdaGlobal bytecode and augments BytecodeGenerator to load globals for
      global variables and function calls.
      
      Modified TestBytecodeGenerator to add the ability to specify that a bytecode
      operand has an unknown value (used so we don't need to figure out the slot
      index of a global). Also added a helper which checks equality of BytecodeArray
      with the expected snipptets.
      
      Modified TestInterpreter to allow it to take snippets of JS and have the
      BytecodeGenerator generate the bytecode rather than having to build a
      BytecodeArray manually. This is used to enable the global tests.
      
      BUG=v8:4280
      LOG=N
      
      Review URL: https://codereview.chromium.org/1361113002
      
      Cr-Commit-Position: refs/heads/master@{#30910}
      8087c49d
    • martyn.capewell's avatar
      [turbofan] Elide fp32 convert for const compares · 809f6b15
      martyn.capewell authored
      Reduce operations of the form f64cmp(fp32to64(x), k) to f32cmp(x, k) when k
      can be encoded as a 32-bit float.
      
      Review URL: https://codereview.chromium.org/1365623002
      
      Cr-Commit-Position: refs/heads/master@{#30909}
      809f6b15
    • chunyang.dai's avatar
      X87: [es6] Introduce spec compliant IsConstructor. · 11fd60f5
      chunyang.dai authored
      port 8fe3ac07 (30902).
      
      original commit message:
      
          There was already a bit on the Map named "function with prototype",
          which basically meant that the Map was a map for a JSFunction that could
          be used as a constructor. Now this CL generalizes that bit to
          IsConstructor, which says that whatever (Heap)Object you are looking at
          can be used as a constructor (i.e. the bit is also set for bound
          functions that can be used as constructors and proxies that have a
          [[Construct]] internal method).
      
          This way we have a single chokepoint for IsConstructor checking, which
          allows us to get rid of the various ways in which we tried to guess
          whether something could be used as a constructor or not.
      
          Drive-by-fix: Renamed IsConstructor on FunctionKind to
          IsClassConstructor to resolve the weird name clash, and the
          IsClassConstructor name also matches the spec.
      
      BUG=
      
      Review URL: https://codereview.chromium.org/1362313002
      
      Cr-Commit-Position: refs/heads/master@{#30908}
      11fd60f5
    • chunyang.dai's avatar
      X87: [runtime] Remove weird pushing of something on StackOverflow. · 46d61217
      chunyang.dai authored
      port 556b522a (r30883)
      
      original commit message:
      
          We somehow try to push some stuff on the stack when we detect a stack
          overflow, that we don't need. Even worse we might access outside the
          valid stack bounds. Since we don't need this, it's gone.
      
      BUG=
      
      Review URL: https://codereview.chromium.org/1367943002
      
      Cr-Commit-Position: refs/heads/master@{#30907}
      46d61217
    • machenbach's avatar
      [test] Fetch mozilla test data from SVN. · 8c174202
      machenbach authored
      NOTRY=true
      
      Review URL: https://codereview.chromium.org/1367933002
      
      Cr-Commit-Position: refs/heads/master@{#30906}
      8c174202
    • pierre.langlois's avatar
      [arm64] Explicit commuted conditions in unittests · cf38725d
      pierre.langlois authored
      This patch explicitly names commuted conditions for floating point
      comparisons, instead of relying on CommuteFlagsCondition.  Otherwise, a
      bug in this function would not be caught.
      
      BUG=
      
      Review URL: https://codereview.chromium.org/1364773002
      
      Cr-Commit-Position: refs/heads/master@{#30905}
      cf38725d
    • chunyang.dai's avatar
      X87: [builtin] Refactor Invoke to deal with any kind of callable. · 78be1562
      chunyang.dai authored
      port 634d1d86 (r30874).
      
      original commit message:
      
          Now both Execution::Call and Execution::New can deal with any
          kind of target and will raise a proper exception if the target is not
          callable (which is not yet spec compliant for New, as we would
          have to check IsConstructor instead, which we don't have yet).
      
          Now we no longer need to do any of these weird call/construct
          delegate gymnastics in C++, and we finally have a single true
          bottleneck for Call/Construct abstract operations in the code
          base, with only a few special handlings left in the compilers to
          optimize the JSFunction case.
      
      BUG=
      
      Review URL: https://codereview.chromium.org/1362293002
      
      Cr-Commit-Position: refs/heads/master@{#30904}
      78be1562
    • chunyang.dai's avatar
      X87: [ic] Introduce BOOLEAN state for CompareIC. · 28de5bf8
      chunyang.dai authored
      port 10c5f2e8
      
      original commit message:
      
          Slow path for relational comparison of boolean primitive values
          now goes through the runtime, which made the slow path even
          slower than it already was. So in order to repair the regression,
          we just track boolean feedback for comparisons and use that
          to generate decent code in Crankshaft (not the best possible
          code, but good enough for Crankshaft; TurboFan will be able
          to do better on that).
      
      BUG=
      
      Review URL: https://codereview.chromium.org/1367523005
      
      Cr-Commit-Position: refs/heads/master@{#30903}
      28de5bf8
    • bmeurer's avatar
      [es6] Introduce spec compliant IsConstructor. · 8fe3ac07
      bmeurer authored
      There was already a bit on the Map named "function with prototype",
      which basically meant that the Map was a map for a JSFunction that could
      be used as a constructor. Now this CL generalizes that bit to
      IsConstructor, which says that whatever (Heap)Object you are looking at
      can be used as a constructor (i.e. the bit is also set for bound
      functions that can be used as constructors and proxies that have a
      [[Construct]] internal method).
      
      This way we have a single chokepoint for IsConstructor checking, which
      allows us to get rid of the various ways in which we tried to guess
      whether something could be used as a constructor or not.
      
      Drive-by-fix: Renamed IsConstructor on FunctionKind to
      IsClassConstructor to resolve the weird name clash, and the
      IsClassConstructor name also matches the spec.
      
      CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg,v8_linux_nosnap_dbg
      R=jarin@chromium.org, rossberg@chromium.org
      BUG=v8:4413, v8:4430
      LOG=n
      
      Committed: https://crrev.com/8de4d9351df4cf66c8a128d561a6e331d196be54
      Cr-Commit-Position: refs/heads/master@{#30900}
      
      Review URL: https://codereview.chromium.org/1358423002
      
      Cr-Commit-Position: refs/heads/master@{#30902}
      8fe3ac07
    • bmeurer's avatar
      Revert of [es6] Introduce spec compliant IsConstructor. (patchset #2 id:20001... · 656ebdce
      bmeurer authored
      Revert of [es6] Introduce spec compliant IsConstructor. (patchset #2 id:20001 of https://codereview.chromium.org/1358423002/ )
      
      Reason for revert:
      Failed on Fuzzer and MIPS bot.
      
      Original issue's description:
      > [es6] Introduce spec compliant IsConstructor.
      >
      > There was already a bit on the Map named "function with prototype",
      > which basically meant that the Map was a map for a JSFunction that could
      > be used as a constructor. Now this CL generalizes that bit to
      > IsConstructor, which says that whatever (Heap)Object you are looking at
      > can be used as a constructor (i.e. the bit is also set for bound
      > functions that can be used as constructors and proxies that have a
      > [[Construct]] internal method).
      >
      > This way we have a single chokepoint for IsConstructor checking, which
      > allows us to get rid of the various ways in which we tried to guess
      > whether something could be used as a constructor or not.
      >
      > Drive-by-fix: Renamed IsConstructor on FunctionKind to
      > IsClassConstructor to resolve the weird name clash, and the
      > IsClassConstructor name also matches the spec.
      >
      > R=jarin@chromium.org, rossberg@chromium.org
      > BUG=v8:4430
      > LOG=n
      >
      > Committed: https://crrev.com/8de4d9351df4cf66c8a128d561a6e331d196be54
      > Cr-Commit-Position: refs/heads/master@{#30900}
      
      TBR=jarin@chromium.org,rossberg@chromium.org
      NOPRESUBMIT=true
      NOTREECHECKS=true
      NOTRY=true
      BUG=v8:4430
      
      Review URL: https://codereview.chromium.org/1360403002
      
      Cr-Commit-Position: refs/heads/master@{#30901}
      656ebdce
    • bmeurer's avatar
      [es6] Introduce spec compliant IsConstructor. · 8de4d935
      bmeurer authored
      There was already a bit on the Map named "function with prototype",
      which basically meant that the Map was a map for a JSFunction that could
      be used as a constructor. Now this CL generalizes that bit to
      IsConstructor, which says that whatever (Heap)Object you are looking at
      can be used as a constructor (i.e. the bit is also set for bound
      functions that can be used as constructors and proxies that have a
      [[Construct]] internal method).
      
      This way we have a single chokepoint for IsConstructor checking, which
      allows us to get rid of the various ways in which we tried to guess
      whether something could be used as a constructor or not.
      
      Drive-by-fix: Renamed IsConstructor on FunctionKind to
      IsClassConstructor to resolve the weird name clash, and the
      IsClassConstructor name also matches the spec.
      
      R=jarin@chromium.org, rossberg@chromium.org
      BUG=v8:4430
      LOG=n
      
      Review URL: https://codereview.chromium.org/1358423002
      
      Cr-Commit-Position: refs/heads/master@{#30900}
      8de4d935
    • chunyang.dai's avatar
      X87: [builtins] Add support for NewTarget to Execution::New. · 5ced12c1
      chunyang.dai authored
      port 1dfac69f (r30857).
      
      original commit message:
      
          Introduce new builtins Construct and ConstructFunction (in line
          with the Call and CallFunction builtins that we already have) as
          proper bottleneck for Construct and [[Construct]] on JSFunctions.
          Use these builtins to support passing NewTarget from C++ to
          JavaScript land.
      
          Long-term we want the CallConstructStub to be used for
          gathering feedback on entry to construction chain (i.e. the
          initial new Foo), and use the Construct builtins to do the
          actual work inside the construction chain (i.e. calling into
          super and stuff).
      
      BUG=
      
      Review URL: https://codereview.chromium.org/1362573002
      
      Cr-Commit-Position: refs/heads/master@{#30899}
      5ced12c1
    • chunyang.dai's avatar
      X87: [turbofan] Add support for reinterpreting integers as floating point and vice versa. · b785daa7
      chunyang.dai authored
      port c610a222 (r30849).
      
      original commit message:
      
      BUG=
      
      Review URL: https://codereview.chromium.org/1362783003
      
      Cr-Commit-Position: refs/heads/master@{#30898}
      b785daa7
    • chunyang.dai's avatar
      X87: [ic] Also collect known map for relational comparison. · 687ef62e
      chunyang.dai authored
      port e56f265f (r30852).
      
      original commit message:
      
          Previously we only collected the known map for equality comparisons. But
          if we also collect it for relational comparisons, we can inline a fast
          path of ToPrimitive on the objects, which is especially interesting
          since both sides have the same map.
      
          For now we only inline a very limited subset of ToPrimitive in
          Crankshaft, which is when the receiver map (and its prototype chain)
          doesn't have @@toPrimitive, and both valueOf and toString are the
          default versions on the %ObjectPrototype%. In this case the relational
          comparison would reduce to a string comparison of "[object CLASS]" with
          itself and so we can reduce that to a boolean constant plus map checks
          on both left and right hand side, plus code dependencies on the
          prototype chain. This repairs the regression on box2d.
      
      BUG=
      
      Review URL: https://codereview.chromium.org/1342243005
      
      Cr-Commit-Position: refs/heads/master@{#30897}
      687ef62e
    • v8-autoroll's avatar
      Update V8 DEPS. · 5e6f7a6c
      v8-autoroll authored
      Rolling v8/tools/clang to 1cde9025c16dfc3e23be2db010b24f657c255b4c
      
      TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
      
      Review URL: https://codereview.chromium.org/1359983006
      
      Cr-Commit-Position: refs/heads/master@{#30896}
      5e6f7a6c
  3. 23 Sep, 2015 8 commits