Skip to content

V
V8
Switch branch/tag
  1. 22 Aug, 2016 1 commit
  3. 08 Aug, 2016 1 commit
  5. 03 Aug, 2016 1 commit
  7. 26 Jul, 2016 1 commit
  9. 21 Jul, 2016 1 commit
  11. 11 Jul, 2016 1 commit
  13. 08 Jul, 2016 1 commit
  15. 30 Jun, 2016 1 commit
    • jgruber's avatar
      [builtins] New frame type for exits to C++ builtins · 5febc27b
      jgruber authored 
      Prior to this commit, calls to C++ builtins created standard exit
frames, which are skipped when constructing JS stack traces. In order to
show these calls on traces, we introduce a new builtin exit frame type.

Builtin exit frames contain target and new.target on the stack and are
not skipped during stack trace construction.

BUG=v8:4815
R=bmeurer@chromium.org, yangguo@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel;tryserver.v8:v8_linux_nosnap_dbg

Committed: https://crrev.com/3c60c6b105f39344f93a8407f41534e5e60cf19a
Review-Url: https://codereview.chromium.org/2090723005
Cr-Original-Commit-Position: refs/heads/master@{#37384}
Cr-Commit-Position: refs/heads/master@{#37416}
      5febc27b
  17. 29 Jun, 2016 2 commits
  19. 28 Jun, 2016 1 commit
    • ahaas's avatar
      Reland [heap] Avoid the use of cells to point from code to new-space objects. · 5e058540
      ahaas authored 
      The reason for reverting is: This breaks gc-stress bot:
https://chromegw.corp.google.com/i/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot

Abortion of compaction could cause duplicate entries in the typed-old-to-new remembered set. These duplicates could cause a DCHECK to trigger which checks that slots recorded in the remembered set never point to to-space. This reland-CL allows duplicates in the remembered set by removing the DCHECK, and additionally clears entries in the remembered set if objects are moved.

Original issue's description:

Cells were needed originally because there was no typed remembered set to
record direct pointers from code space to new space. A previous
CL (https://codereview.chromium.org/2003553002/) already introduced
the remembered set, this CL uses it.

This CL
* stores direct pointers in code objects, even if the target is in new space,
* records the slot of the pointer in typed-old-to-new remembered set,
* adds a list which stores weak code-to-new-space references,
* adds a test to test-heap.cc for weak code-to-new-space references,
* removes prints in tail-call-megatest.js

Review-Url: https://codereview.chromium.org/2097023002
Cr-Commit-Position: refs/heads/master@{#37325}
      5e058540
  21. 23 Jun, 2016 2 commits
    • vogelheim's avatar
      Revert of Reland [heap] Avoid the use of cells to point from code to new-space... · 25d59e9d
      vogelheim authored 
      Revert of Reland [heap] Avoid the use of cells to point from code to new-space objects. (patchset #3 id:40001 of https://codereview.chromium.org/2091733002/ )

Reason for revert:
This breaks gc-stress bot: https://chromegw.corp.google.com/i/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot

#
# Fatal error in ../../src/heap/mark-compact.cc, line 3715
# Check failed: Page::FromAddress(reinterpret_cast<HeapObject*>(*slot)->address()) ->IsFlagSet(Page::PAGE_NEW_NEW_PROMOTION).
#

I can reproduce locally, and local revert also fixes it -> revert.

Reproduce with:
 out/Debug/d8 --test --random-seed=2140216864 --nohard-abort --nodead-code-elimination --nofold-constants --enable-slow-asserts --debug-code --verify-heap --allow-natives-syntax --harmony-tailcalls test/mjsunit/mjsunit.js  test/mjsunit/es6/tail-call-megatest-shard2.js --gc-interval=500 --stress-compaction --concurrent-recompilation-queue-length=64 --concurrent-recompilation-delay=500 --concurrent-recompilation

(Maybe run in loop; it's flaky when broken; but passes reliably w/ revert.)

Original issue's description:
> Reland [heap] Avoid the use of cells to point from code to new-space objects.
>
> The reason for reverting was: [Sheriff] Breaks arm debug:
> https://build.chromium.org/p/client.v8.ports/builders/V8%20Linux%20-%20arm%20-%20sim%20-%20debug/builds/1038.
>
> The problem was the dereferencing of handles for smi checks. It turned out
> that these smi checks can be removed anyways, both on arm and on mips.
>
> Additionally some rebasing was necessary.
>
> Original issue's description:
>
> Cells were needed originally because there was no typed remembered set to
> record direct pointers from code space to new space. A previous
> CL (https://codereview.chromium.org/2003553002/) already introduced
> the remembered set, this CL uses it.
>
> This CL
> * stores direct pointers in code objects, even if the target is in new space,
> * records the slot of the pointer in typed-old-to-new remembered set,
> * adds a list which stores weak code-to-new-space references,
> * adds a test to test-heap.cc for weak code-to-new-space references,
> * removes prints in tail-call-megatest.js
>
> R=mlippautz@chromium.org
>
> Committed: https://crrev.com/5508e16592522658587da71ba6743c8e832fe4d1
> Cr-Commit-Position: refs/heads/master@{#37217}

TBR=mlippautz@chromium.org,ahaas@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review-Url: https://codereview.chromium.org/2090983002
Cr-Commit-Position: refs/heads/master@{#37221}
      25d59e9d
    • ahaas's avatar
      Reland [heap] Avoid the use of cells to point from code to new-space objects. · 5508e165
      ahaas authored 
      The reason for reverting was: [Sheriff] Breaks arm debug:
https://build.chromium.org/p/client.v8.ports/builders/V8%20Linux%20-%20arm%20-%20sim%20-%20debug/builds/1038.

The problem was the dereferencing of handles for smi checks. It turned out
that these smi checks can be removed anyways, both on arm and on mips.

Additionally some rebasing was necessary.

Original issue's description:

Cells were needed originally because there was no typed remembered set to
record direct pointers from code space to new space. A previous
CL (https://codereview.chromium.org/2003553002/) already introduced
the remembered set, this CL uses it.

This CL
* stores direct pointers in code objects, even if the target is in new space,
* records the slot of the pointer in typed-old-to-new remembered set,
* adds a list which stores weak code-to-new-space references,
* adds a test to test-heap.cc for weak code-to-new-space references,
* removes prints in tail-call-megatest.js

R=mlippautz@chromium.org

Review-Url: https://codereview.chromium.org/2091733002
Cr-Commit-Position: refs/heads/master@{#37217}
      5508e165
  23. 21 Jun, 2016 2 commits
  25. 01 Jun, 2016 1 commit
  27. 10 May, 2016 1 commit
  29. 30 Apr, 2016 1 commit
    • bmeurer's avatar
      [turbofan] Run everything after representation selection concurrently. · d1b3d426
      bmeurer authored 
      Further refactor the pipeline to even run the first scheduler (part of
the effect control linearization) concurrently. This temporarily
disables most of the write barrier elimination, but we will get back to
that later.

Drive-by-fix: Remove the dead code from ChangeLowering, and stack
allocate the Typer in the pipeline. Also migrate the AllocateStub to a
native code builtin, so that we have the code object + a handle to it
available all the time.

CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux64_tsan_rel
R=mstarzinger@chromium.org
BUG=v8:4969
LOG=n

Review-Url: https://codereview.chromium.org/1926023002
Cr-Commit-Position: refs/heads/master@{#35918}
      d1b3d426
  31. 19 Apr, 2016 1 commit
  33. 12 Apr, 2016 2 commits
  35. 11 Apr, 2016 1 commit
  37. 06 Apr, 2016 1 commit
    • bmeurer's avatar
      [generators] Decouple generator resume from fullcodegen. · 974721c6
      bmeurer authored 
      Introduce a ResumeGeneratorTrampoline, which does the actual stack state
reconstruction (currently always restores a fullcodegen frame), and
introduce appropriate TurboFan builtins for %GeneratorPrototype%.next,
%GeneratorPrototype%.return and %GeneratorPrototype%.throw based on
this native builtin.

Also unify the flooding in case of step-in to always work based on
JSFunction and remove the special casing for JSGeneratorObject.

R=mstarzinger@chromium.org, neis@chromium.org
TBR=rossberg@chromium.org
BUG=chromium:513471
LOG=n

Review URL: https://codereview.chromium.org/1865833002

Cr-Commit-Position: refs/heads/master@{#35283}
      974721c6
  39. 01 Apr, 2016 2 commits
  41. 21 Mar, 2016 1 commit
    • bmeurer's avatar
      [stubs] Split ToNumberStub into reusable subparts. · b7aa4c3a
      bmeurer authored 
      Split ToNumberStub into the entry ToNumberStub, and two new stubs,
StringToNumberStub and NonNumberToNumberStub, which can be used when we
already know something about the input (i.e. in various branches of the
code stubs, or in TurboFan graphs).

Also introduce an appropriate StringToNumber simplified operator for
TurboFan, that is pure and is lowered to an invocation of the newly
added StringToNumberStub.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1818923002

Cr-Commit-Position: refs/heads/master@{#34922}
      b7aa4c3a
  43. 16 Mar, 2016 3 commits
  45. 08 Mar, 2016 1 commit
    • danno's avatar
      [runtime] Unify and simplify how frames are marked · 9dcd0857
      danno authored 
      Before this CL, various code stubs used different techniques
for marking their frames to enable stack-crawling and other
access to data in the frame. All of them were based on a abuse
of the "standard" frame representation, e.g. storing the a
context pointer immediately below the frame's fp, and a
function pointer after that. Although functional, this approach
tends to make stubs and builtins do an awkward, unnecessary
dance to appear like standard frames, even if they have
nothing to do with JavaScript execution.

This CL attempts to improve this by:

* Ensuring that there are only two fundamentally different
  types of frames, a "standard" frame and a "typed" frame.
  Standard frames, as before, contain both a context and
  function pointer. Typed frames contain only a minimum
  of a smi marker in the position immediately below the fp
  where the context is in standard frames.
* Only interpreted, full codegen, and optimized Crankshaft and
  TurboFan JavaScript frames use the "standard" format. All
  other frames use the type frame format with an explicit
  marker.
* Typed frames can contain one or more values below the
  type marker. There is new magic macro machinery in
  frames.h that simplifies defining the offsets of these fields
  in typed frames.
* A new flag in the CallDescriptor enables specifying whether
  a frame is a standard frame or a typed frame. Secondary
  register location spilling is now only enabled for standard
  frames.
* A zillion places in the code have been updated to deal with
  the fact that most code stubs and internal frames use the
  typed frame format. This includes changes in the
  deoptimizer, debugger, and liveedit.
* StandardFrameConstants::kMarkerOffset is deprecated,
  (CommonFrameConstants::kContextOrFrameTypeOffset
  and StandardFrameConstants::kFrameOffset are now used
  in its stead).

LOG=N

Review URL: https://codereview.chromium.org/1696043002

Cr-Commit-Position: refs/heads/master@{#34571}
      9dcd0857
  47. 07 Mar, 2016 1 commit
    • ishell's avatar
      [crankshaft] Support ES6 tail call elimination. · 22938040
      ishell authored 
      HInvokeFunction and HApplyArguments instructions now support tail calling.

Inlining of calls at tail position is not supported yet and therefore still disabled.

The tail-call-megatest was modified so that the usages of "arguments" object do not disable Crankshaft.

TBR=bmeurer@chromium.org
BUG=v8:4698
LOG=N

Review URL: https://codereview.chromium.org/1760253003

Cr-Commit-Position: refs/heads/master@{#34542}
      22938040
  49. 19 Feb, 2016 1 commit
    • bmeurer's avatar
      [stubs] Introduce a dedicated FastNewObjectStub. · ba2077aa
      bmeurer authored 
      Move the already existing fast case for %NewObject into a dedicated
FastNewObjectStub that we can utilize in places where we would otherwise
fallback to %NewObject immediately, which is rather expensive.

Also use FastNewObjectStub as the generic implementation of JSCreate,
which should make constructor inlining based on SharedFunctionInfo (w/o
specializing to a concrete closure) viable soon.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1708313002

Cr-Commit-Position: refs/heads/master@{#34136}
      ba2077aa
  51. 10 Feb, 2016 1 commit
    • mlippautz's avatar
      [heap] Move to page lookups for SemiSpace, NewSpace, and Heap containment methods · cfbd2561
      mlippautz authored 
      Preparing the young generation for (real) non-contiguous backing memory, this
change removes object masks that are used to compute containment in semi and new
space. The masks are replaced by lookups for object tags and page headers, where
possible.

Details:
- Use the fast checks (page header lookups) for containment in regular code.
- Use the slow version that masks out the page start adress and iterates all
  pages of a space for debugging/verification.
- The slow version works for off-heap/unmapped memory.
- Encapsulate all checks for the old->new barrier in Heap::RecordWrite().

BUG=chromium:581412
LOG=N

Review URL: https://codereview.chromium.org/1632913003

Cr-Commit-Position: refs/heads/master@{#33857}
      cfbd2561
  53. 04 Feb, 2016 1 commit
  55. 28 Jan, 2016 1 commit
    • bmeurer's avatar
      [builtins] Make Math.max and Math.min fast by default. · cb9b8010
      bmeurer authored 
      The previous versions of Math.max and Math.min made it difficult to
optimize those (that's why we already have custom code in Crankshaft),
and due to lack of ideas what to do about the variable number of
arguments, we will probably need to stick in special code in TurboFan
as well; so inlining those builtins is off the table, hence there's no
real advantage in having them around as "not quite JS" with extra work
necessary in the optimizing compilers to still make those builtins
somewhat fast in cases where we cannot inline them (also there's a
tricky deopt loop in Crankshaft related to Math.min and Math.max, but
that will be dealt with later).

So to sum up: Instead of trying to make Math.max and Math.min semi-fast
in the optimizing compilers with weird work-arounds support %_Arguments
%_ArgumentsLength, we do provide the optimal code as native builtins
instead and call it a day (which gives a nice performance boost on some
benchmarks).

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1641083003

Cr-Commit-Position: refs/heads/master@{#33582}
      cb9b8010
  57. 21 Jan, 2016 1 commit
    • bmeurer's avatar
      [for-in] Sanitize for-in optimizations and fix bailout points. · f48bf12f
      bmeurer authored 
      The PrepareId bailout location was used incorrectly in Crankshaft and,
as it turns out, is not required anyway (once you do it right). Also
there was some premature optimization going on with the CheckEnumCache
(trying to load null from roots only once), plus we can be smarter about
the null/undefined check anyway.

The idea behind this changes is to prepare unification of the two
different ForInPrepare implementations that we now have, with the end
result being that we only use the new implementation that was recently
added for the interpreter.

R=jarin@chromium.org
BUG=v8:3650
LOG=n

Review URL: https://codereview.chromium.org/1618613002

Cr-Commit-Position: refs/heads/master@{#33426}
      f48bf12f
  59. 20 Jan, 2016 1 commit
  61. 18 Jan, 2016 2 commits
    • ahaas's avatar
      Revert of [turbofan] Implement rounding of floats on x64 and ia32 without... · 900b2933
      ahaas authored 
      Revert of [turbofan] Implement rounding of floats on x64 and ia32 without sse4.1. (patchset #2 id:20001 of https://codereview.chromium.org/1584663007/ )

Reason for revert:
Code is incorrect for -0.

Original issue's description:
> [turbofan] Implement rounding of floats on x64 and ia32 without sse4.1.
>
> The implementation sets the rounding mode flag and then uses the
> cvtsd2si and cvtsi2sd instructions (convert between float and int) to do
> the rounding. Input values outside int range either don't have to be
> rounded anyways, or are rounded by calculating input + 2^52 - 2^52 for
> positive inputs, or input -2^52 + 2^52 for negative inputs. The original
> rounding mode is restored afterwards.
>
> R=titzer@chromium.org
>
> B=575379
>
> Committed: https://crrev.com/fa5d09e547abe79a8c82f780deb980c53ad78beb
> Cr-Commit-Position: refs/heads/master@{#33367}

TBR=titzer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1593313010

Cr-Commit-Position: refs/heads/master@{#33369}
      900b2933
    • ahaas's avatar
      [turbofan] Implement rounding of floats on x64 and ia32 without sse4.1. · fa5d09e5
      ahaas authored 
      The implementation sets the rounding mode flag and then uses the
cvtsd2si and cvtsi2sd instructions (convert between float and int) to do
the rounding. Input values outside int range either don't have to be
rounded anyways, or are rounded by calculating input + 2^52 - 2^52 for
positive inputs, or input -2^52 + 2^52 for negative inputs. The original
rounding mode is restored afterwards.

R=titzer@chromium.org

B=575379

Review URL: https://codereview.chromium.org/1584663007

Cr-Commit-Position: refs/heads/master@{#33367}
      fa5d09e5
  63. 16 Jan, 2016 1 commit
    • ahaas's avatar
      [turbofan] Add the RoundInt32ToFloat32 operator to turbofan. · e06f7d78
      ahaas authored 
      The new operator converts an int32 input to float32. If the input cannot
be represented exactly in float32, the value is rounded using the
round-ties-even rounding mode (the default rounding mode).

I provide implementations of the new operator for x64, ia32, arm, arm64,
mips, mips64, ppc, and ppc64.

R=titzer@chromium.org, v8-arm-ports@googlegroups.com, v8-mips-ports@googlegroups.com, v8-ppc-ports@googlegroups.com

Review URL: https://codereview.chromium.org/1589363002

Cr-Commit-Position: refs/heads/master@{#33347}
      e06f7d78