Commit Graph

34586 Commits

Author SHA1 Message Date
jbroman
0004733c08 ValueSerializer: Add more checks before trying to allocate memory for a dense array.
Found with libfuzzer. The length is automatically converted to int (thus
large sizes could become negative, even though they are legal "array sizes").
Besides that, the length is coerced to a SMI (which is an even tighter
constraint on 32-bit systems, where it limits the legal sizes to 2^30 - 1).

Add checks that the length of a dense array is below that threshold, and also
fail fast if a length that is provided obviously could not be the correct dense
length (because there isn't enough data left in the buffer to populate such an
array).

BUG=chromium:148757

Review-Url: https://codereview.chromium.org/2399873002
Cr-Commit-Position: refs/heads/master@{#40094}
2016-10-07 17:53:23 +00:00
petermarshall
58529ed3a0 [builtins] Move StringIndexOf to a C++ builtin.
BUG=v8:5364

Review-Url: https://codereview.chromium.org/2350963004
Cr-Commit-Position: refs/heads/master@{#40093}
2016-10-07 17:04:12 +00:00
bjaideep
65b0b2d7bd PPC/s390: Reland "[turbofan] Discard the shared code entry in the optimized code map."
Port ec132e05ec

Original commit message:

    (GcStress failure was unrelated.)

    At one time, we hoped to generate the same code for different
    native contexts. But in truth, much performance comes from optimizing
    on the native context. Now we abandon this pathway.

R=mvstanton@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com

BUG=
LOG=N

Review-Url: https://codereview.chromium.org/2401043002
Cr-Commit-Position: refs/heads/master@{#40092}
2016-10-07 16:41:22 +00:00
machenbach
b072d014d8 [test] Skip more flaky wasm tests for gc stress
BUG=v8:5451,v8:5496
TBR=mtrofin@chromium.org, titzer@chromium.org, ahaas@chromium.org
NOTRY=true
NOTREECHECKS=true

Review-Url: https://codereview.chromium.org/2399343003
Cr-Commit-Position: refs/heads/master@{#40091}
2016-10-07 16:36:57 +00:00
rmcilroy
2c9b5844f9 [Interpreter] Remove an invalid DCHECK.
A wide jump can be patched with a non-wide jump target operand, so the
DCHECK added in r39637 was wrong.

BUG=chromium:652430

Review-Url: https://codereview.chromium.org/2400203002
Cr-Commit-Position: refs/heads/master@{#40090}
2016-10-07 14:55:16 +00:00
mstarzinger
891600068d [compiler] Allow debug compilation for top-level eval.
This removes the restriction of only allowing lazy compilation for
top-level eval code with a context. We can by now compile such code
without a concrete closure.

R=yangguo@chromium.org

Review-Url: https://codereview.chromium.org/2400973002
Cr-Commit-Position: refs/heads/master@{#40089}
2016-10-07 13:42:44 +00:00
jbroman
e4cc955780 ValueSerializer: Check for no matching ArrayBufferView type being found.
Previously this would result in applying trying to find a size modulo zero,
which causes SIGFPE. This approach was preferred over adding a default case
to preserve the ability of the compiler to detect unhandled switch cases
(within the valid range of the enum).

BUG=chromium:148757

Review-Url: https://codereview.chromium.org/2395073003
Cr-Commit-Position: refs/heads/master@{#40088}
2016-10-07 13:15:07 +00:00
jgruber
9ef4c3af25 Add Smi::Zero and replace all Smi::FromInt(0) calls
BUG=

Committed: https://crrev.com/7db0ecdec3cf330766575cb7973b983f3f1e3020
Review-Url: https://codereview.chromium.org/2381843002
Cr-Original-Commit-Position: refs/heads/master@{#40080}
Cr-Commit-Position: refs/heads/master@{#40087}
2016-10-07 13:05:26 +00:00
Mike Stanton
ec132e05ec Reland "[turbofan] Discard the shared code entry in the optimized code map."
(GcStress failure was unrelated.)

At one time, we hoped to generate the same code for different
native contexts. But in truth, much performance comes from optimizing
on the native context. Now we abandon this pathway.

BUG=
TBR=bmeurer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true

Review URL: https://codereview.chromium.org/2402663002 .

Cr-Commit-Position: refs/heads/master@{#40086}
2016-10-07 13:00:51 +00:00
danno
e0741946cb [stubs] Port NumberToStringSub to Turbofan
In the process, also fix a merge hiccup that clobbered https://codereview.chromium.org/2003663002/ back in May.

BUG=chromium:608675
LOG=N

Review-Url: https://codereview.chromium.org/2397223002
Cr-Commit-Position: refs/heads/master@{#40085}
2016-10-07 12:29:11 +00:00
machenbach
c64288d9db [test] Add missing js-test resource.
The create.js file is loaded unconditionally in run.js,
therefore we need to add it to resources, otherwise it
fails on Android.

TBR=caitp@igalia.com
NOTRY=true

Review-Url: https://codereview.chromium.org/2401883002
Cr-Commit-Position: refs/heads/master@{#40084}
2016-10-07 12:28:03 +00:00
mstarzinger
3de42b3f22 [parser] Deprecate ParseInfo constructor taking closure.
This removes the {ParseInfo} constructor consuming a closure, replacing
all uses to pass only the shared function info. The goal is to make the
fact that parsing is independent of a concrete closure explicit.

R=jochen@chromium.org
BUG=v8:2206

Review-Url: https://codereview.chromium.org/2396963003
Cr-Commit-Position: refs/heads/master@{#40083}
2016-10-07 12:26:54 +00:00
jgruber
d1545f8ecc Revert "Add Smi::Zero and replace all Smi::FromInt(0) calls"
This reverts commit 7db0ecdec3.

Manual revert since automatic revert is too large for the web interface.

BUG=
TBR=bmeurer@chromium.org,mstarzinger@chromium.org,yangguo@chromium.org,ahaas@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true

Review-Url: https://codereview.chromium.org/2396353002
Cr-Commit-Position: refs/heads/master@{#40082}
2016-10-07 12:22:56 +00:00
mvstanton
c59d2f09ec Revert of [turbofan] Discard the shared code entry in the optimized code map. (patchset #3 id:40001 of https://codereview.chromium.org/2401653002/ )
Reason for revert:
Possible GCSTRESS failure, investigating.

Original issue's description:
> [turbofan] Discard the shared code entry in the optimized code map.
>
> At one time, we hoped to generate the same code for different
> native contexts. But in truth, much performance comes from optimizing
> on the native context. Now we abandon this pathway.
>
> BUG=
>
> Committed: https://crrev.com/55af3c44c99a6e4cd6d53df775023d760ad2b2c3
> Cr-Commit-Position: refs/heads/master@{#40079}

TBR=mstarzinger@chromium.org,ishell@chromium.org,bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review-Url: https://codereview.chromium.org/2403453002
Cr-Commit-Position: refs/heads/master@{#40081}
2016-10-07 12:08:07 +00:00
jgruber
7db0ecdec3 Add Smi::Zero and replace all Smi::FromInt(0) calls
BUG=

Review-Url: https://codereview.chromium.org/2381843002
Cr-Commit-Position: refs/heads/master@{#40080}
2016-10-07 11:03:43 +00:00
mvstanton
55af3c44c9 [turbofan] Discard the shared code entry in the optimized code map.
At one time, we hoped to generate the same code for different
native contexts. But in truth, much performance comes from optimizing
on the native context. Now we abandon this pathway.

BUG=

Review-Url: https://codereview.chromium.org/2401653002
Cr-Commit-Position: refs/heads/master@{#40079}
2016-10-07 11:02:08 +00:00
neis
194e418614 [test] Fix exception parsing in test262.
The _ParseException function in testcfg.py made incorrect assumptions about how
exceptions are printed (I believe it expected a trace like that produced by
Error).

R=littledan@chromium.org
BUG=v8:5136

Review-Url: https://codereview.chromium.org/2386103010
Cr-Commit-Position: refs/heads/master@{#40078}
2016-10-07 10:21:06 +00:00
clemensh
7461fc6c21 [wasm] Fix memory bug
In CreateModuleObjectFromBytes, pointers to the raw bytes will be stored
inside the decoded WasmModule, and still used after allocating V8 stuff
in WasmModule::CompileFunctions. We thus cannot pass a raw pointer to
the V8 heap.
Fix this by copying the bytes before decoding.

R=mtrofin@chromium.org, titzer@chromium.org

Review-Url: https://codereview.chromium.org/2402633002
Cr-Commit-Position: refs/heads/master@{#40077}
2016-10-07 10:12:37 +00:00
titzer
e3ff4cf8c9 [wasm] Implement importing of WebAssembly.Memory.
R=mtrofin@chromium.org,gdeepti@chromium.org
BUG=chromium:575167

Review-Url: https://codereview.chromium.org/2392943006
Cr-Commit-Position: refs/heads/master@{#40076}
2016-10-07 09:34:27 +00:00
hpayer
e5b07adfb1 [heap] Use the thread-safe free modes also for RemoveRange in SlotSet.
BUG=chromium:648568

Review-Url: https://codereview.chromium.org/2397373002
Cr-Commit-Position: refs/heads/master@{#40075}
2016-10-07 09:16:07 +00:00
jochen
940efafd3d Teach Scopes whether they will end up being lazily compiled or not
For now keep the logic in compiler.cc and add a DCHECK that the scopes
and compiler.cc agree.

Use this knowledge to only created ScopeInfos for literals we'll
actually compile.

BUG=v8:5394,v8:5422
R=marja@chromium.org,verwaest@chromium.org

Review-Url: https://codereview.chromium.org/2399833002
Cr-Commit-Position: refs/heads/master@{#40074}
2016-10-07 09:13:03 +00:00
bmeurer
78f16b39ca [turbofan] CheckedTaggedToInt32 doesn't distinguish undefined and hole.
R=mvstanton@chromium.org
BUG=v8:5267

Review-Url: https://codereview.chromium.org/2397253002
Cr-Commit-Position: refs/heads/master@{#40073}
2016-10-07 09:10:40 +00:00
bmeurer
0f7f6e33ba [builtins] Migrate Number.parseFloat to a TurboFan builtin.
This implicitly convers parseFloat on the global object as well, since
it's the same function. This is mostly straight-forward, but adds
another fast case for HeapNumbers as well.

R=ishell@chromium.org

Review-Url: https://codereview.chromium.org/2395373002
Cr-Commit-Position: refs/heads/master@{#40072}
2016-10-07 08:59:02 +00:00
clemensh
e5aade74fe Revert of [esnext] ship String.prototype.padStart / String.prototype.padEnd (patchset #1 id:1 of https://codereview.chromium.org/2382193002/ )
Reason for revert:
Causes several GC bugs, e.g. https://build.chromium.org/p/client.v8.ports/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20gc%20stress/builds/2858/steps/Mjsunit/logs/debug-constructed-by

Original issue's description:
> [esnext] ship String.prototype.padStart / String.prototype.padEnd
>
> Enable the --harmony-string-padding flag by default
>
> BUG=v8:4954
> R=adamk@chromium.org, littledan@chromium.org
>
> Committed: https://crrev.com/8352a0feaccfd9a19f3b38564ed2c0859dd6e3d5
> Cr-Commit-Position: refs/heads/master@{#40060}

TBR=littledan@chromium.org,adamk@chromium.org,foolip@chromium.org,caitp@igalia.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4954

Review-Url: https://codereview.chromium.org/2398183003
Cr-Commit-Position: refs/heads/master@{#40071}
2016-10-07 08:41:41 +00:00
mstarzinger
18f287572e [parser] Remove obsolete ParseInfo::is_global flag.
R=marja@chromium.org

Review-Url: https://codereview.chromium.org/2392303004
Cr-Commit-Position: refs/heads/master@{#40070}
2016-10-07 08:30:01 +00:00
neis
0d2830a265 Minor comment fixes.
R=adamk@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2394173002
Cr-Commit-Position: refs/heads/master@{#40069}
2016-10-07 08:23:48 +00:00
jochen
dedf6f6d74 Reland of land "Turn libbase into a component" (patchset #1 id:1 of https://codereview.chromium.org/2396933002/ )
Reason for revert:
let's see whether it sticks this time

Original issue's description:
> Revert of Reland "Turn libbase into a component" (patchset #1 id:1 of https://codereview.chromium.org/2395553002/ )
>
> Reason for revert:
> Speculative revert due to very strange-looking win/dbg failures
> which reference SignedDivisionByConstant:
>
> https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20debug/builds/12736
>
> Original issue's description:
> > Reland "Turn libbase into a component"
> >
> > Original issue's description:
> > > Turn libbase into a component
> > >
> > > This is a precondition for turning libplatform into a component
> > >
> > > BUG=v8:5412
> > > R=jgruber@chromium.org,machenbach@chromium.org
> > > CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_compile_
> > dbg_ng;master.tryserver.chromium.android:android_clang_dbg_recipe
> > >
> > > Committed: https://crrev.com/614e615775f732d71b5ee94ed29737d8de687104
> > > Cr-Commit-Position: refs/heads/master@{#39950}
> >
> > BUG=v8:5412
> > TBR=jgruber@chromium.org,machenbach@chromium.org
> > CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_compile_dbg_ng;master.tryserver.chromium.android:android_clang_dbg_recipe;master.tryserver.chromium.mac:mac_chromium_compile_dbg_ng
> >
> > Committed: https://crrev.com/17cb51254cafa932025e9980b60f89f756d411cb
> > Cr-Commit-Position: refs/heads/master@{#39969}
>
> TBR=jgruber@chromium.org,machenbach@chromium.org,jochen@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:5412
>
> Committed: https://crrev.com/e75b9f6ed5da39e6c7a8d70cf48afbc9958afc85
> Cr-Commit-Position: refs/heads/master@{#40009}

TBR=jgruber@chromium.org,machenbach@chromium.org,adamk@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=v8:5412

Review-Url: https://codereview.chromium.org/2399323002
Cr-Commit-Position: refs/heads/master@{#40068}
2016-10-07 07:56:52 +00:00
gdeepti
19dab886a4 [wasm] Simd128 types should not be available in asmjs modules.
- Added gating code in the module-decoder to allow SIMD code only when
 it can be decoded correctly
 - SIMD128 values should not be exported to JS
 - Try/Catch should not be available in asmjs modules
 - Trivial fixes for S128  values

BUG=chromium:648079

R=ahaas@chromium.org, titzer@chromium.org, bradnelson@chromium.org

Review-Url: https://codereview.chromium.org/2400863003
Cr-Commit-Position: refs/heads/master@{#40067}
2016-10-07 07:52:19 +00:00
jwolfe
a78c5ea518 Fix comment typos
Review-Url: https://codereview.chromium.org/2399933005
Cr-Commit-Position: refs/heads/master@{#40066}
2016-10-07 07:22:00 +00:00
v8-autoroll
571c39d069 Update V8 DEPS.
Rolling v8/build: 67604e1..792a87c

Rolling v8/tools/clang: 1f92f99..30c5a8b

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review-Url: https://codereview.chromium.org/2393083006
Cr-Commit-Position: refs/heads/master@{#40065}
2016-10-07 03:30:30 +00:00
kozyatinskiy
fac3b6fa46 [inspector] filter useless in preview internal properties
Only subset of internal properties can be useful in preview, report only them.

BUG=chromium:653610
R=dgozman@chromium.org

Review-Url: https://codereview.chromium.org/2399003003
Cr-Commit-Position: refs/heads/master@{#40064}
2016-10-07 01:16:28 +00:00
mtrofin
b1fb83d58a Fix build error due to conflicting changes.
Strongly typing module_bytes needs a patch for the
serialization code.

Serialization bypasses module bytes, so their presence can't
be compulsory.

BUG=

Review-Url: https://codereview.chromium.org/2397303002
Cr-Commit-Position: refs/heads/master@{#40063}
2016-10-06 21:17:39 +00:00
clemensh
8c7a413c9f [wasm] Remove three fields from wasm object
Use information in the WasmCompiledModule instead.

R=titzer@chromium.org,mtrofin@chromium.org

Review-Url: https://codereview.chromium.org/2396043002
Cr-Commit-Position: refs/heads/master@{#40062}
2016-10-06 20:02:59 +00:00
clemensh
550364fb12 [wasm] Extend wasm object validation to WasmCompiledModule
I am removing three fields from the wasm object in a follow-up commit,
and using information in the compiled module instead. In order to not
weaken the verification, this commit adds appropriate checks on the
compiled module.

R=titzer@chromium.org,mtrofin@chromium.org

Review-Url: https://codereview.chromium.org/2394663008
Cr-Commit-Position: refs/heads/master@{#40061}
2016-10-06 19:59:51 +00:00
caitp
8352a0feac [esnext] ship String.prototype.padStart / String.prototype.padEnd
Enable the --harmony-string-padding flag by default

BUG=v8:4954
R=adamk@chromium.org, littledan@chromium.org

Review-Url: https://codereview.chromium.org/2382193002
Cr-Commit-Position: refs/heads/master@{#40060}
2016-10-06 19:53:31 +00:00
ziyang
411aa27a47 PPC/s390: [turbofan] JSGenericLowering mostly uses builtins instead of code stubs now
Port 0c168a90ff

R=tebbi@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, bjaideep@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com
BUG=

Review-Url: https://codereview.chromium.org/2397193003
Cr-Commit-Position: refs/heads/master@{#40059}
2016-10-06 19:39:26 +00:00
mtrofin
917ef616cc [wasm] Support recompilation if deserialization fails.
One step closer to the informally-agreed upon specification
that structured cloning will always succeed, meaning, if
we fail to deserialize (e.g. because version mismatch in
serialized format and v8 version), we recompile.

As part of this work, the deserializer will need to become
more resilient to invalid input data, and fail graciously
rather than CHECK-ing. This CL addresses some of that,
sufficient to unblock the current serialization tests.
Subsequent CLs will add more testing and the appropriate
fixes.

BUG=639090

Review-Url: https://codereview.chromium.org/2395793003
Cr-Commit-Position: refs/heads/master@{#40058}
2016-10-06 19:33:57 +00:00
adamk
3aeaf49781 [modules] Add basic path normalization to d8's module loader
d8 now elides './' when constructing absolute paths.
'../' is still not normalized.

R=neis@chromium.org
BUG=v8:1569

Review-Url: https://codereview.chromium.org/2393243002
Cr-Commit-Position: refs/heads/master@{#40057}
2016-10-06 19:32:37 +00:00
gsathya
9d836ec64a [promises] fix deferred object leak
This patch sets `this` to be undefined when calling resolve and reject
functions attached to the deferred.

BUG=v8:5476

Review-Url: https://codereview.chromium.org/2399053003
Cr-Commit-Position: refs/heads/master@{#40056}
2016-10-06 18:29:35 +00:00
adamk
b5c542bac8 Avoid static initializers in PropertyAccessCompiler
Introduce AccessCompilerData which hangs off the Isolate, and initialize
it when the first PropertyAccessCompiler is instantiated. This avoids
TSAN failures when trying to access load/store calling convention arrays.

BUG=v8:5427

Review-Url: https://codereview.chromium.org/2389313002
Cr-Commit-Position: refs/heads/master@{#40055}
2016-10-06 18:20:08 +00:00
alph
4b575dfcef [profiler] Tracing-based CPU profiler.
A new V8 API object v8::TracingCpuProfiler is introduced.
Client can create it on an isolate to enable JS CPU profiles collected
during tracing session.

Once the v8.cpu_profile2 tracing category is enabled the profiler emits
CpuProfile and CpuProfileChunk events with the profile data.

BUG=chromium:406277

Review-Url: https://codereview.chromium.org/2396733002
Cr-Commit-Position: refs/heads/master@{#40054}
2016-10-06 18:14:24 +00:00
adamk
549690f2bf Remove now-unused TailCallExpressionProduction from ExpressionClassifier
R=ishell@chromium.org

Review-Url: https://codereview.chromium.org/2395003002
Cr-Commit-Position: refs/heads/master@{#40053}
2016-10-06 17:53:39 +00:00
kozyatinskiy
88702e08bc [inspector] fix test expectations for command-line-api-with-bound-function
TBR=dgozman@chromium.org

Review-Url: https://codereview.chromium.org/2397193002
Cr-Commit-Position: refs/heads/master@{#40052}
2016-10-06 16:20:15 +00:00
tebbi
0c168a90ff [turbofan] JSGenericLowering mostly uses builtins instead of code stubs now
BUG=v8:5431

Review-Url: https://codereview.chromium.org/2372113004
Cr-Commit-Position: refs/heads/master@{#40051}
2016-10-06 15:46:26 +00:00
titzer
e97ca6ec47 [wasm] Refactor import handling for 0xC.
Imports and exports in 0xC can be much more than functions, including
tables, memories, and globals. This CL refactors the underlying
organization of imports and exports to support these new import types.

BUG=

Committed: https://crrev.com/599f8a83420346d9cba5ff97bd2a7520468207b6
Review-Url: https://codereview.chromium.org/2390113003
Cr-Original-Commit-Position: refs/heads/master@{#40033}
Cr-Commit-Position: refs/heads/master@{#40050}
2016-10-06 15:43:22 +00:00
alph
3990953ba8 [tracing] Add support for TracedValue JSON serializer.
BUG=chromium:406277

Review-Url: https://codereview.chromium.org/2399463004
Cr-Commit-Position: refs/heads/master@{#40049}
2016-10-06 15:27:13 +00:00
heimbuef
fc840361e3 Replaced different means of zone pooling/reusing by one zone segment pool
BUG=v8:5409

Committed: https://crrev.com/a124feb0760896c8be61de08004a08c3bc9b4b3f
Review-Url: https://codereview.chromium.org/2348303002
Cr-Original-Commit-Position: refs/heads/master@{#39633}
Cr-Commit-Position: refs/heads/master@{#40048}
2016-10-06 15:16:41 +00:00
leszeks
c9b908a060 [ignition] Inline the add for strings in AddWithFeedback
There's no point going through all the checks in the Add stub when we
already know that both sides are strings.

Review-Url: https://codereview.chromium.org/2395083002
Cr-Commit-Position: refs/heads/master@{#40047}
2016-10-06 15:13:55 +00:00
jbroman
3a14fc91b9 Throw a deserialization error internally in ValueDeserializer (previously-missed cases).
Caught with libfuzzer.

BUG=chromium:148757

Review-Url: https://codereview.chromium.org/2394983002
Cr-Commit-Position: refs/heads/master@{#40046}
2016-10-06 15:12:51 +00:00
mstarzinger
98e3ed6b21 [turbofan] Enable BytecodeGraphBuilder by default.
This enables the {BytecodeGraphBuilder} whenever heuristics in the
compilation pipeline determine both Ignition and TurboFan to be used.
There no longer needs to be an explicit flag passed in order to build
graphs from bytecode.

R=bmeurer@chromium.org

Review-Url: https://codereview.chromium.org/2363413005
Cr-Commit-Position: refs/heads/master@{#40045}
2016-10-06 15:11:42 +00:00