Commits · dacb3d76a7cb651f986bb08a590e001e3bf23fbb · Linshizhi / V8

18 Aug, 2015 29 commits

Add a makefile option for wasm prototype. · dacb3d76

bradnelson authored Aug 18, 2015

Adding wasm=on when invoking make will build with the wasm prototype, Ex:

make x64.debug wasm=on V=1

BUG=None
TEST=manual
R=titzer@chromium.org,ncbray@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/1293073004

Cr-Commit-Position: refs/heads/master@{#30236}

dacb3d76

[turbofan] Fix stack->stack double moves for pushing on ia32 and x64. · d0bacc61

titzer authored Aug 18, 2015

R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1299023002

Cr-Commit-Position: refs/heads/master@{#30235}

d0bacc61

Remove empty string-search.cc file. · e1ad0237

mstarzinger authored Aug 18, 2015

R=titzer@chromium.org

Review URL: https://codereview.chromium.org/1295333002

Cr-Commit-Position: refs/heads/master@{#30234}

e1ad0237

Disable regress-crbug-518748 on debug · 49d1004b

Ben Smith authored Aug 18, 2015

Seems to fail only on V8 Linux - debug - code serializer
(See http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20debug%20-%20code%20serializer/builds/3762)

BUG=chromium:518748
TBR=mstarzinger@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1294163003 .

Cr-Commit-Position: refs/heads/master@{#30233}

49d1004b

Remove grab-bag includes of v8.h from runtime entries. · d2168c2d

mstarzinger authored Aug 18, 2015

R=titzer@chromium.org

Review URL: https://codereview.chromium.org/1293053004

Cr-Commit-Position: refs/heads/master@{#30232}

d2168c2d

[d8] Fix compile failure due to kMaxWorkers · 10073c78

Ben Smith authored Aug 18, 2015

TBR=adamk@chromium.org

Review URL: https://codereview.chromium.org/1302593002 .

Cr-Commit-Position: refs/heads/master@{#30231}

10073c78

[d8 Workers] Add max worker count, throw an exception if too many. · 29e44142

binji authored Aug 18, 2015

BUG=chromium:518748
R=mstarzinger@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1284683004

Cr-Commit-Position: refs/heads/master@{#30230}

29e44142

[d8] Fix flakiness when calling quit() with isolates · 41fa3573

binji authored Aug 18, 2015

Don't use exit(), use Shell::Exit() (which calls _exit() instead). This won't
run C++ static destructors, atexit() functions, etc., which can occasionally
cause flaky failures.

BUG=v8:4279
R=machenbach@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1294913005

Cr-Commit-Position: refs/heads/master@{#30229}

41fa3573

Add presubmit check for header inclusion violation. · ee4a6396

mstarzinger authored Aug 18, 2015

This warns about include directives of inline headers within normal
header files. Note that this warning should not close the tree or
prevent the CQ from landing the patch.

R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/1293273005

Cr-Commit-Position: refs/heads/master@{#30228}

ee4a6396

Make heap.h usable without objects-inl.h header. · f2796382

mstarzinger authored Aug 18, 2015

This CL us a pure refactoring that makes an empty compilation unit
including just "heap.h" but not "objects-inl.h" compile without
warnings or errors. This is needed to further reduce the header
dependency tangle.

R=mlippautz@chromium.org

Review URL: https://codereview.chromium.org/1301583003

Cr-Commit-Position: refs/heads/master@{#30227}

f2796382

[Interpreter] Add implementations for load immediate bytecodes. · f36cc258

rmcilroy authored Aug 18, 2015

Adds implementations and tests for the following bytecodes:
  - LdaZero
  - LdaSmi8
  - LdaUndefined
  - LdaNull
  - LdaTheHole
  - LdaTrue
  - LdaFalse
  - LdaLdar
  - LdaStar

Also adds  Smi tagging / untagging and OperandType typed
BytecodeOperand operations to InterpreterAssembler.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1294793002

Cr-Commit-Position: refs/heads/master@{#30226}

f36cc258

Allowing optional build of a WASM prototype behind a gyp define. · a2462683

bradnelson authored Aug 18, 2015

Place a copy of the v8-native-prototype in third_party/wasm.
GYP_DEFINES='v8_wasm=1' gclient runhooks

BUG=None
TEST=None
R=titzer@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/1294543006

Cr-Commit-Position: refs/heads/master@{#30225}

a2462683

[turbofan] Unify referencing of stack slots · cbbaf9ea

danno authored Aug 18, 2015

Previously, it was not possible to specify StackSlotOperands for all
slots in both the caller and callee stacks. Specifically, the region
of the callee's stack including the saved return address, frame
pointer, function pointer and context pointer could not be addressed
by the register allocator/gap resolver.

In preparation for better tail call support, which will use the gap
resolver to reconcile outgoing parameters, this change makes it
possible to address all slots on the stack, because slots in the
previously inaccessible dead zone may become parameter slots for
outgoing tail calls. All caller stack slots are accessible as they
were before, with slot -1 corresponding to the last stack
parameter. Stack slot indices >= 0 access the callee stack, with slot
0 corresponding to the callee's saved return address, 1 corresponding
to the saved frame pointer, 2 corresponding to the current function
context, 3 corresponding to the frame marker/JSFunction, and slots 4
and above corresponding to spill slots.

The following changes were specifically	needed:

* Frame	has been changed to explicitly manage three areas of the
  callee frame, the fixed header, the spill slot area, and the
  callee-saved register area.
* Conversions from stack slot indices to fp offsets all now go through
  a common bottleneck: OptimizedFrame::StackSlotOffsetRelativeToFp
* The generation of deoptimization translation tables has been changed
  to support the new stack slot indexing scheme. Crankshaft, which
  doesn't support the new slot numbering in its register allocator,
  must adapt the indexes when creating translation tables.
* Callee-saved parameters are now kept below spill slots, not above,
  to support saving only the optimal set of used registers, which is
  only known after register allocation is finished and spill slots
  have been allocated.

Review URL: https://codereview.chromium.org/1261923007

Cr-Commit-Position: refs/heads/master@{#30224}

cbbaf9ea

Skip regress-4279 for --isolates tests. · 54f18db8

yangguo authored Aug 18, 2015

R=hablich@chromium.org
BUG=v8:4378
LOG=N

Review URL: https://codereview.chromium.org/1290383004

Cr-Commit-Position: refs/heads/master@{#30223}

54f18db8

Remove inline header includes from natives.h header. · 366262e6

mstarzinger authored Aug 18, 2015

R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/1303463002

Cr-Commit-Position: refs/heads/master@{#30222}

366262e6

[Interpreter] Minimal bytecode generator. · 238397c1

oth authored Aug 18, 2015

Bytecode generator for local assignment and basic binary operations.

Command-line flag for printing bytecodes.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1294543002

Cr-Commit-Position: refs/heads/master@{#30221}

238397c1

Native context: Fix issue when running prologue.js before runtime.js · c01f419e

yangguo authored Aug 18, 2015

%InstallFunctionsFromArray is not entirely equivalent to the old
InstallFunctions implementation, which causes gc stress failures.

TBR=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/1287203006

Cr-Commit-Position: refs/heads/master@{#30220}

c01f419e

[interpreter]: Changes to interpreter builtins for accumulator and register file registers. · 00df60d1

rmcilroy authored Aug 18, 2015

Makes the following modifications to the interpreter builtins and
InterpreterAssembler:
 - Adds an accumulator register and initializes it to undefined()
 - Adds a register file pointer register and use it instead of FramePointer to
   access registers
 - Modifies builtin to support functions with 0 regiters in the register file
 - Modifies builtin to Call rather than TailCall to first bytecode handler.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1289863003

Cr-Commit-Position: refs/heads/master@{#30219}

00df60d1

[api,heap] Fix external GC callbacks. · 8aef4429

mlippautz authored Aug 18, 2015

* Add types to properly report what has been executed in the GC
* Unify GCPrologueCallback and GCEpilogueCallback into GCCallback
* Report processing of second round weak handels, either synchronously or asynchronously

BUG=chromium:521946
LOG=N

Review URL: https://codereview.chromium.org/1298113003

Cr-Commit-Position: refs/heads/master@{#30218}

8aef4429

Native context: run prologue.js before runtime.js · f3059c43

yangguo authored Aug 18, 2015

R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/1294803004

Cr-Commit-Position: refs/heads/master@{#30217}

f3059c43

Skip regress-crbug-501711 for --isolates tests. · 1ecc6715

yangguo authored Aug 18, 2015

TBR=hablich@chromium.org
BUG=v8:4378
LOG=N

Review URL: https://codereview.chromium.org/1295813006

Cr-Commit-Position: refs/heads/master@{#30216}

1ecc6715

Reland of move property loads from js builtins objects from runtime. (patchset... · 8e1176a5

yangguo authored Aug 18, 2015

Reland of move property loads from js builtins objects from runtime. (patchset #1 id:1 of https://codereview.chromium.org/1297803003/ )

Reason for revert:
Debug isolate failure has nothing to do with this CL.

Original issue's description:
> Revert of Remove property loads from js builtins objects from runtime. (patchset #2 id:20001 of https://codereview.chromium.org/1293113002/ )
>
> Reason for revert:
> Still failures in debug-isolates tests
>
> Original issue's description:
> > Remove property loads from js builtins objects from runtime.
> >
> > R=cbruni@chromium.org
> >
> > Committed: https://crrev.com/40f6e80d22d2e146b781aa661b76087ab9a492c4
> > Cr-Commit-Position: refs/heads/master@{#30199}
> >
> > Committed: https://crrev.com/f22d0f205031054a5f3116e052c81ae85741e8e0
> > Cr-Commit-Position: refs/heads/master@{#30209}
>
> TBR=cbruni@chromium.org,hpayer@chromium.org
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
>
> Committed: https://crrev.com/4106a4cbb701b5fe7d0b639e28a4ebfca5c05630
> Cr-Commit-Position: refs/heads/master@{#30213}

TBR=cbruni@chromium.org,hpayer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1298733003

Cr-Commit-Position: refs/heads/master@{#30215}

8e1176a5

MIPS: Fix bug in disassembler for JALR · 70c90758

Djordje.Pesic authored Aug 18, 2015

Adding missing rd register in JALR disassembly, for mips and mipps64

Review URL: https://codereview.chromium.org/1297183002

Cr-Commit-Position: refs/heads/master@{#30214}

70c90758

Revert of Remove property loads from js builtins objects from runtime.... · 4106a4cb

yangguo authored Aug 18, 2015

Revert of Remove property loads from js builtins objects from runtime. (patchset #2 id:20001 of https://codereview.chromium.org/1293113002/ )

Reason for revert:
Still failures in debug-isolates tests

Original issue's description:
> Remove property loads from js builtins objects from runtime.
>
> R=cbruni@chromium.org
>
> Committed: https://crrev.com/40f6e80d22d2e146b781aa661b76087ab9a492c4
> Cr-Commit-Position: refs/heads/master@{#30199}
>
> Committed: https://crrev.com/f22d0f205031054a5f3116e052c81ae85741e8e0
> Cr-Commit-Position: refs/heads/master@{#30209}

TBR=cbruni@chromium.org,hpayer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1297803003

Cr-Commit-Position: refs/heads/master@{#30213}

4106a4cb

[turbofan] Remove the output_index field that was unused in Node::Use. · fc17eec9
jarin authored Aug 18, 2015
```
BUG=

Review URL: https://codereview.chromium.org/1294913003

Cr-Commit-Position: refs/heads/master@{#30212}
```
fc17eec9
Only evacuation candidate pages have a slots buffer, just visit these pages when filtering slots. · 51333720
hpayer authored Aug 18, 2015
```
BUG=

Review URL: https://codereview.chromium.org/1299623003

Cr-Commit-Position: refs/heads/master@{#30211}
```
51333720

Reenable code recompilation verification. · 85fff2dc

yangguo authored Aug 18, 2015

BUG=chromium:516304
LOG=N

Review URL: https://codereview.chromium.org/1267953002

Cr-Commit-Position: refs/heads/master@{#30210}

85fff2dc

Remove property loads from js builtins objects from runtime. · f22d0f20

yangguo authored Aug 18, 2015

R=cbruni@chromium.org

Committed: https://crrev.com/40f6e80d22d2e146b781aa661b76087ab9a492c4
Cr-Commit-Position: refs/heads/master@{#30199}

Review URL: https://codereview.chromium.org/1293113002

Cr-Commit-Position: refs/heads/master@{#30209}

f22d0f20

Update V8 DEPS. · 2f9dba2d

v8-autoroll authored Aug 18, 2015

Rolling v8/third_party/icu to 89dcdec16381883782b9cc9cff38e00f047a0f46

Rolling v8/tools/clang to 5b12e334ec0e571a8e1f68d028dc5427b58c17ec

TBR=machenbach@chromium.org

Review URL: https://codereview.chromium.org/1294523005

Cr-Commit-Position: refs/heads/master@{#30208}

2f9dba2d

17 Aug, 2015 11 commits

Point @@isConcatSpreadable test failure line at the correct bug · 780fe187

Adam Klein authored Aug 17, 2015

BUG=v8:4317
LOG=n
TBR=littledan@chromium.org

Review URL: https://codereview.chromium.org/1285983004 .

Cr-Commit-Position: refs/heads/master@{#30207}

780fe187

[simd.js] Macro-ize more SIMD code. · 7f646094

bbudge authored Aug 17, 2015

Use macros for factory functions, and in hydrogen code stubs.

LOG=N
BUG=v8:4124

Review URL: https://codereview.chromium.org/1293533003

Cr-Commit-Position: refs/heads/master@{#30206}

7f646094

Revert "Regularly check hash set addresses to verify memory integrity." · 225a2b6f

hpayer authored Aug 17, 2015

This debug check is not needed anymore.

This reverts commit ce311ed0.

BUG=

Review URL: https://codereview.chromium.org/1300663002

Cr-Commit-Position: refs/heads/master@{#30205}

225a2b6f

[heap] Get rid of unused regexp includes. · 4aa9a9fe

mlippautz authored Aug 17, 2015

BUG=

Review URL: https://codereview.chromium.org/1290403002

Cr-Commit-Position: refs/heads/master@{#30204}

4aa9a9fe

[turbofan] Support unboxed float and double stack parameters and add tests. · 0492bb32

titzer authored Aug 17, 2015

R=jarin@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1291113003

Cr-Commit-Position: refs/heads/master@{#30203}

0492bb32

[heap] Unify MarkingDeque push and unshift operations. · 26241740

mstarzinger authored Aug 17, 2015

R=hpayer@chromium.org

Review URL: https://codereview.chromium.org/1294093003

Cr-Commit-Position: refs/heads/master@{#30202}

26241740

Revert of Remove property loads from js builtins objects from runtime.... · 76dc58c9

hablich authored Aug 17, 2015

Revert of Remove property loads from js builtins objects from runtime. (patchset #1 id:1 of https://codereview.chromium.org/1293113002/ )

Reason for revert:
Reverting because it made the waterfall red http://build.chromium.org/p/client.v8/builders/V8%20Win32%20-%20nosnap%20-%20shared/builds/8390

Original issue's description:
> Remove property loads from js builtins objects from runtime.
>
> R=cbruni@chromium.org
>
> Committed: https://crrev.com/40f6e80d22d2e146b781aa661b76087ab9a492c4
> Cr-Commit-Position: refs/heads/master@{#30199}

TBR=cbruni@chromium.org,yangguo@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1294123002

Cr-Commit-Position: refs/heads/master@{#30201}

76dc58c9

Filter out slot buffer slots, that point to SMIs in dead objects. · 8606664b

hpayer authored Aug 17, 2015

The following situation may happen which reproduces this bug:
(1) We allocate JSObject A on an evacuation candidate.
(2) We allocate JSObject B on a non-evacuation candidate.
(3) Incremental marking starts and marks object A and B.
(4) We create a reference from B.field = A; which records the slot B.field since A is on an evacuation candidate.
(5) After that we write a SMI into B.field.
(6) After that B goes into dictionary mode and shrinks its original size. B.field is now outside of the JSObject, i.e B.field is in memory that will be freed by the sweeper threads.
(7) GC is triggered.
(8) BUG: Slots buffer filtering walks over the slots buffer, SMIs are not filtered out because we assumed that SMIs are just ignored when the slots get updated later. However, recorded SMI slots of dead objects may be overwritten by double values at evacuation time.
(9) During evacuation, a heap number that looks like a valid pointer is moved over B.field.
(10) The slots buffer is scanned for updates, follows B.field since it looks like a pointer (the double value looks like a pointer), and crashes.

BUG=chromium:519577,chromium:454297
LOG=y

Review URL: https://codereview.chromium.org/1286343004

Cr-Commit-Position: refs/heads/master@{#30200}

8606664b

Remove property loads from js builtins objects from runtime. · 40f6e80d

yangguo authored Aug 17, 2015

R=cbruni@chromium.org

Review URL: https://codereview.chromium.org/1293113002

Cr-Commit-Position: refs/heads/master@{#30199}

40f6e80d

Default-enable external startup snapshot for, like, everywhere. · ec4bb0e9

vogelheim authored Aug 17, 2015

BUG=

Review URL: https://codereview.chromium.org/1209223005

Cr-Commit-Position: refs/heads/master@{#30198}

ec4bb0e9

[turbofan] Handle void return in simplified-lowering.cc. · 0aac6858

titzer authored Aug 17, 2015

R=jarin@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1296933002

Cr-Commit-Position: refs/heads/master@{#30197}

0aac6858