Commit Graph

44803 Commits

Author SHA1 Message Date
Andreas Haas
ca199ef872 Reland [wasm] Stop decoding operands after error.
The problem was that parts of Simd8x16ShuffleOperand were uninitialized.

Original message:

[wasm] Stop decoding operands after error.

When we decode operands of WebAssembly instructions, we do not use the
current pc but a pc of the instruction plus some offset. However, the
pc of the instruction + offset can become invalid in case of a decoder
error. Therefore we have to stop decoding operands explicitly in case
of an error.

R=clemensh@chromium.org

Bug: chromium:795131
Change-Id: I732bc23547dbe531019d81a4397d22165a26d46b
Reviewed-on: https://chromium-review.googlesource.com/833934
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50211}
2017-12-19 17:29:00 +00:00
Bill Budge
b7f15425bb Revert "[Memory] Speculative fix for sanitizer flakiness."
This reverts commit dc5493f4a8.

Reason for revert: Broke TSAN
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20TSAN/builds/18819

Original change's description:
> [Memory] Speculative fix for sanitizer flakiness.
> 
> - When allocating virtual memory, make sure addresses don't interfere
>   with hard-coded sanitizer regions.
> 
> Bug: v8:7146
> Change-Id: I5bcb664b32bf53c8581772fe329190da6033701f
> Reviewed-on: https://chromium-review.googlesource.com/833171
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Commit-Queue: Bill Budge <bbudge@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50208}

TBR=bbudge@chromium.org,ulan@chromium.org,hpayer@chromium.org,mlippautz@chromium.org

Change-Id: I8b0fcda1510854fe7fac3aba8c1a462e3350c639
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7146
Reviewed-on: https://chromium-review.googlesource.com/834070
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50210}
2017-12-19 17:04:55 +00:00
Michal Majewski
56b2b3be5e [test] Fix --report output.
Fix report mode and make it use testcase properties so statusfile
outcomes can be private.

Bug: v8:6917
Change-Id: Id38e89e0ba427c3bbb7ad12ba93e02beb7e46219
Reviewed-on: https://chromium-review.googlesource.com/833909
Commit-Queue: Michał Majewski <majeski@google.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50209}
2017-12-19 16:35:39 +00:00
Bill Budge
dc5493f4a8 [Memory] Speculative fix for sanitizer flakiness.
- When allocating virtual memory, make sure addresses don't interfere
  with hard-coded sanitizer regions.

Bug: v8:7146
Change-Id: I5bcb664b32bf53c8581772fe329190da6033701f
Reviewed-on: https://chromium-review.googlesource.com/833171
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50208}
2017-12-19 15:38:10 +00:00
Michal Majewski
5e6fd798f9 [test] Fixed target_name in json progress indicator
Pass shell name instead of an absolute path.

Bug: v8:796166
Change-Id: Ia9472e893fd2cb3fde2a94997f3e9daf30da06ea
Reviewed-on: https://chromium-review.googlesource.com/833917
Commit-Queue: Michał Majewski <majeski@google.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50207}
2017-12-19 15:23:54 +00:00
Igor Sheludko
21a6239113 [classes] Set proper representation during fast class boilerplate instantiation.
Bug: chromium:791368
Change-Id: I86d9df38698d9c8b6109d0a11579fa28810ba1dc
Reviewed-on: https://chromium-review.googlesource.com/833908
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50206}
2017-12-19 15:22:50 +00:00
Clemens Hammacher
cbd308945f [asm.js] Add masking to memory accesses
Similar to wasm, do also mask memory accesses from asm.js code as an
additional protection against OOB accesses.

R=ahaas@chromium.org
CC=titzer@chromium.org, mstarzinger@chromium.org

Change-Id: Iee7124c6d6078fb52cd1caa37b013c919c5505fb
Reviewed-on: https://chromium-review.googlesource.com/833914
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50205}
2017-12-19 15:07:49 +00:00
Leszek Swirski
9128e8bf1b [ignition] Move object/array literal init to bytecode gen
Move the object and array literal flag and depth initialization to when
they are visited by the bytecode generator. This avoids issues with
doing this initialization before we know whether the (syntactic) literal
is actually a literal value or a destructuring assignment.

Bug: chromium:795922
Bug: v8:7178
Change-Id: I022178ab4bc9e71f80560f3b78a759d95d4d0584
Reviewed-on: https://chromium-review.googlesource.com/833882
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50204}
2017-12-19 14:50:19 +00:00
Michal Majewski
4695e97905 [test] Move getting outcomes to the statusfile
Bug: v8:6917
Change-Id: I175fa426546f2f3775a35f1094dfb19e06b2185d
Reviewed-on: https://chromium-review.googlesource.com/832394
Commit-Queue: Michał Majewski <majeski@google.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50203}
2017-12-19 14:35:16 +00:00
Michal Majewski
e0c4321479 [test] Prepare new API for statusfile parsing.
First step in moving all statusfile logic into statusfile.py.

Introduce StatusFile object that will be used for storing and managing
outcomes.

Bug: v8:6917
Change-Id: I024f9b1d029830345149422a08a8905e92545252
Reviewed-on: https://chromium-review.googlesource.com/832433
Commit-Queue: Michał Majewski <majeski@google.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50202}
2017-12-19 14:26:26 +00:00
Michal Majewski
c0173165ee [test] Update testsuite unittests.
Fix unittests since they were incompatible with the
new testcase and testsuite API.

Bug: v8:6917
Change-Id: I917bf58e21402e0b90bc91c0483ade0e7c90bdd6
Reviewed-on: https://chromium-review.googlesource.com/832392
Commit-Queue: Michał Majewski <majeski@google.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50201}
2017-12-19 14:13:56 +00:00
Michal Majewski
1f60466659 [test] Store outcomes in the testcase
Bug: v8:6917
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: Ia52d4bedbeff5b93915ef69a2dc78f6d92669061
Reviewed-on: https://chromium-review.googlesource.com/832467
Commit-Queue: Michał Majewski <majeski@google.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50200}
2017-12-19 14:10:06 +00:00
Michael Achenbach
8ae67cf18e Revert "[wasm] Stop decoding operands after error."
This reverts commit 6633ad56d8.

Reason for revert:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/builds/18850

Original change's description:
> [wasm] Stop decoding operands after error.
> 
> When we decode operands of WebAssembly instructions, we do not use the
> current pc but a pc of the instruction plus some offset. However, the
> pc of the instruction + offset can become invalid in case of a decoder
> error. Therefore we have to stop decoding operands explicitly in case
> of an error.
> 
> R=​clemensh@chromium.org
> 
> Bug: chromium:795131
> Change-Id: I3b7b45782c71a70364adf930bee3e94a1be88fea
> Reviewed-on: https://chromium-review.googlesource.com/832867
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50196}

TBR=ahaas@chromium.org,clemensh@chromium.org

Change-Id: I5a67f77285fdedc7f4645f8efaaf0087b4046011
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:795131
Reviewed-on: https://chromium-review.googlesource.com/832650
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50199}
2017-12-19 13:42:37 +00:00
Yang Guo
fe2d98ae1a Fix --serialization-statistics.
R=jgruber@chromium.org

Bug: v8:7227, v8:7228
Change-Id: I2c567a6bf4a3d1128559ae440182bd14fb78d005
Reviewed-on: https://chromium-review.googlesource.com/832462
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50198}
2017-12-19 12:55:46 +00:00
Sathya Gunasekaran
022d1ab234 Remove slow path branch
The fast paths aren't pure and have side effects like calling out to
the debugger and runtime calls. Note: These aren't "fast" paths per se,
but just *native promise* code paths.

Forcing the slow path omits these calls to the debugger and runtime
causing test failures.

Bug: v8:7148
Change-Id: Idf46a33622a6edf03d69fefa4c6bfb7efc8ea625
Reviewed-on: https://chromium-review.googlesource.com/824102
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50197}
2017-12-19 12:46:11 +00:00
Andreas Haas
6633ad56d8 [wasm] Stop decoding operands after error.
When we decode operands of WebAssembly instructions, we do not use the
current pc but a pc of the instruction plus some offset. However, the
pc of the instruction + offset can become invalid in case of a decoder
error. Therefore we have to stop decoding operands explicitly in case
of an error.

R=clemensh@chromium.org

Bug: chromium:795131
Change-Id: I3b7b45782c71a70364adf930bee3e94a1be88fea
Reviewed-on: https://chromium-review.googlesource.com/832867
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50196}
2017-12-19 12:45:06 +00:00
Michael Achenbach
a0421ac45e [tools] Merge ChangeLog from latest release
This is to make the diffs on rolls and releases smaller.

NOTRY=true

Change-Id: I3fb837a70e7b5be0f9d5b5b7ea6318d6a22ebd32
Reviewed-on: https://chromium-review.googlesource.com/832464
Reviewed-by: Michael Hablich <hablich@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50195}
2017-12-19 12:30:56 +00:00
Georg Neis
ee40f4efa5 [bigint,compiler] Pass BigInt binop feedback through to Turbofan.
It's still unused there but now at least it ends up in the
feedback vector.

Bug: v8:6791
Change-Id: I0114d317830b80be4715c74dc5a8950fff4d3485
Reviewed-on: https://chromium-review.googlesource.com/829136
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50194}
2017-12-19 12:20:36 +00:00
Andreas Haas
e04238b744 [wasm][multi-return] Fix problem with unused stack returns
There was an issue when the caller of a function with multiple returns
did not use all values which were returned over the stack. The caller
used only the used returns to calculate the offsets on the stack,
whereas the callee used all returns to calculate the offsets.

With this CL also the caller uses all returns to calculate the stack
offsets and thereby agrees again with the callee on the location of
all returns.

In addition I fixed an issue on x64: A quad word is reserved on the
stack frame to spill callee-saved FP registers, which is not pointer
size.

R=titzer@chromium.org

Change-Id: Ibe56b4b57e4b6e59071a868805b1237412344f93
Reviewed-on: https://chromium-review.googlesource.com/824043
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50193}
2017-12-19 11:37:36 +00:00
Clemens Hammacher
44aa135a6e [asm.js] Implement loads in terms of regular branches
This is the counterpart of https://crrev.com/c/822471.
It implements asm.js bounds checks for loads using normal branch nodes
and removes the need for CheckedLoad, improving maintainability at some
small cost to compilation time.

R=ahaas@chromium.org
CC=mstarzinger@chromium.org, titzer@chromium.org

Change-Id: I7a2716f364b9e4d7beb9cc460eb028c3bd1c3a99
Reviewed-on: https://chromium-review.googlesource.com/832457
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50192}
2017-12-19 11:31:16 +00:00
Sigurd Schneider
5e18f84953 [turbofan] Add benchmarks for String.indexOf
Bug: v8:7127, v8:6270
Change-Id: Ic35a9b7a5145115736934b0c7de6ace26e9c0e51
Reviewed-on: https://chromium-review.googlesource.com/832966
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50191}
2017-12-19 10:54:37 +00:00
Yang Guo
ad126d46bb Make SharedFunctionInfo::GetSourceCodeHarmony GC-safe.
R=mlippautz@chromium.org

Bug: chromium:795856
Change-Id: I2a631a94e4bc0c000842923a962e812e0370b837
Reviewed-on: https://chromium-review.googlesource.com/832454
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50190}
2017-12-19 10:43:16 +00:00
Sigurd Schneider
43577d6571 [turbofan] Fix VectorSlotPair printer
Bug: v8:7127
Change-Id: I9081710445bf44e1af18e8f254f373c5736792a5
Reviewed-on: https://chromium-review.googlesource.com/832477
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50189}
2017-12-19 10:19:56 +00:00
Jakob Gruber
95df7aa6fd [regexp] Add DotAll flag to regexp fuzzer
Teach the fuzzer about the new DotAll flag.

Bug: v8:6612
Change-Id: I92d6bfd920f5daef6733b1c547063ede718ecc8f
Reviewed-on: https://chromium-review.googlesource.com/832748
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50188}
2017-12-19 10:06:15 +00:00
Clemens Hammacher
f4d4292dc1 [asm.js] Fix bounds check on 64bit systems
The memory size is always stored as 32 bit value, so the comparison
should always be done in 32 bit space.

R=ahaas@chromium.org

Change-Id: Ic059e63bf1dc9e8bf568dbb5f8d7ccde1da4761a
Reviewed-on: https://chromium-review.googlesource.com/832473
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50187}
2017-12-19 09:51:26 +00:00
Michael Achenbach
0621bf4683 Update V8 DEPS.
Rolling v8/build: 9caf5bf..9f00b2f

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/9cfb34e..035dfdb

Rolling v8/third_party/instrumented_libraries: 2841745..b7578b4

Rolling v8/tools/clang: ec766dc..07e0150

Rolling v8/tools/luci-go: 45a8a51..564ab65

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: Ibb83e4858f476caaece11b8365234351a2211995
Reviewed-on: https://chromium-review.googlesource.com/832788
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50186}
2017-12-19 09:37:15 +00:00
Michael Achenbach
d51df831d7 [test] Remove promises-aplus test suite
Bug: 
Change-Id: I7d4152139548d8a24c0b444dfff3c363bf92680b
Reviewed-on: https://chromium-review.googlesource.com/816836
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50185}
2017-12-19 09:29:26 +00:00
Clemens Hammacher
352e4bf2e8 [wasm] Some CHECK / DCHECK fixes
Even inside an "#ifdef DEBUG", we still want to use the DCHECK macro
instead of CHECK in order to get the "correct" error message.

Drive-by: Remove "#ifdef DEBUG" around DCHECKS in macro-assembler-x64.cc

R=ahaas@chromium.org
CC=mtrofin@chromium.org

Change-Id: I5b92c87fa9b10e5751cc2704d6218bee292cfb8f
Reviewed-on: https://chromium-review.googlesource.com/832687
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50184}
2017-12-19 08:03:03 +00:00
Clemens Hammacher
e1e2aa06dd Refactor FATAL macro
Remove comment about usage of FATAL, UNREACHABLE and UNIMPLEMENTED,
which was deprecated since https://crrev.com/1410713006.
Also, refactor the FATAL macro and use it for implementing UNREACHABLE
and UNIMPLEMENTED, and in more code. The benefit over printf +
CHECK(false) is that the compiler knows that FATAL will never return.

R=bmeurer@chromium.org

Change-Id: I8c2ab3b4e6edfe8eff5ec6fdf3d92b15d0ed7126
Reviewed-on: https://chromium-review.googlesource.com/832726
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50183}
2017-12-19 07:57:12 +00:00
Michael Achenbach
4faed83040 Revert "Enable --harmony-function-tostring by default"
This reverts commit c3dda0bbac.

Reason for revert: Breaks gc stress bots:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20gc%20stress/builds/14266

Original change's description:
> Enable --harmony-function-tostring by default
>
> Update tests to work with new behavior.
>
> This feature is shipping in Firefox 54, so compatibility risk is low.
>
> R=​littledan@chromium.org, adamk@chromium.org, caitp@igalia.com
> CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_trusty_blink_rel
>
> Bug: v8:4958
> Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
> Change-Id: Ib16d19468cf935f961d7bcd856ebbeb5692d3e61
> Reviewed-on: https://chromium-review.googlesource.com/546941
> Commit-Queue: Josh Wolfe <jwolfe@igalia.com>
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50178}

TBR=adamk@chromium.org,hablich@chromium.org,kozyatinskiy@chromium.org,littledan@chromium.org,caitp@igalia.com,jwolfe@igalia.com

Change-Id: Ie5dd0bd2b97ae6d0126edec6373e48abe0eeb3f0
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:4958
Reviewed-on: https://chromium-review.googlesource.com/832649
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50182}
2017-12-19 07:47:35 +00:00
Sergiy Byelozyorov
2c4704abf5 Whitespace CL to trigger CI bots
TBR=sergiyb@chromium.org

No-Try: true
Change-Id: I16311dee2256f800f9d8fd297e1d45ae301fa207
Reviewed-on: https://chromium-review.googlesource.com/832452
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50181}
2017-12-19 03:08:42 +00:00
Sergiy Byelozyorov
d48bab7cc0 Whitespace CL to trigger CI builders
TBR=sergiyb@chromium.org

No-Try: true
Change-Id: I86256c61155e42c193a2532adc15392c0bf33e3b
Reviewed-on: https://chromium-review.googlesource.com/832451
Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50180}
2017-12-19 03:02:52 +00:00
marcin
6e174eb826 Remove initial whitespace & empty lines to decrease JS files size
Patch will decrease size of JS files included into Chrome APK
(about 11 KB now)

Bug: 
Change-Id: I701c9904fbf22fd295199f255601dea6524a3766
Reviewed-on: https://chromium-review.googlesource.com/821071
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Marcin Wiącek <marcin@mwiacek.com>
Cr-Commit-Position: refs/heads/master@{#50179}
2017-12-19 00:04:19 +00:00
Josh Wolfe
c3dda0bbac Enable --harmony-function-tostring by default
Update tests to work with new behavior.

This feature is shipping in Firefox 54, so compatibility risk is low.

R=littledan@chromium.org, adamk@chromium.org, caitp@igalia.com
CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_trusty_blink_rel

Bug: v8:4958
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: Ib16d19468cf935f961d7bcd856ebbeb5692d3e61
Reviewed-on: https://chromium-review.googlesource.com/546941
Commit-Queue: Josh Wolfe <jwolfe@igalia.com>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50178}
2017-12-18 23:17:17 +00:00
Igor Sheludko
6767c3dec2 [ic] Encode lexical variable access as a smi in Load/StoreGlobalIC.
This CL removes LoadScriptContextFieldStub and StoreScriptContextFieldStub.

Bug: v8:7206, chromium:576312
Change-Id: I217eeb726ca7d1ec85a67331da4941b9ac2a4b7a
Reviewed-on: https://chromium-review.googlesource.com/831867
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50177}
2017-12-18 22:15:01 +00:00
Alexey Kozyatinskiy
3928133c96 [inspector] async function call is not candidate for stepping
We should not report promise created for async function as candidate
for stepping. Regular StepInto works fine in this case.

TBR=dgozman@chromium.org

Bug: none
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I8dafec5417df0de593cb2a1c06d6a11093e7c64b
Reviewed-on: https://chromium-review.googlesource.com/828024
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50176}
2017-12-18 18:53:59 +00:00
Andreas Haas
bd3efe2851 [x64] Implement movdqu in the disassembler
I also added a test for movdqa, which was already implemented.

R=bmeurer@chromium.org

Change-Id: I6dd5cba072f1439dcdfb5f975de116e4534c7581
Reviewed-on: https://chromium-review.googlesource.com/832466
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50175}
2017-12-18 18:17:10 +00:00
Clemens Hammacher
70c3658806 [wasm] Store native context in weak link
The WasmCompiledModule is kept alive from the Script, which again is
kept alive then the debugger is enabled. This, however, should not keep
the whole context alive, including the global object.
Hence, we only store a weak reference to the native context.

R=ahaas@chromium.org

Bug: chromium:750256
Change-Id: Ia409995c40fb3e90665534fbc94c6eafc081c4e5
Reviewed-on: https://chromium-review.googlesource.com/832126
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50174}
2017-12-18 18:07:09 +00:00
Clemens Hammacher
a1fcd77714 [wasm] Dehandlify WasmCompiledModule interface
The interface of {WasmCompiledModule} currently mostly receives and
provides handles to the contained data. Other interfaces don't (see
{object-macros.h}.
This leads to performance and memory overhead for chained accesses like
{instance->compiled_module()->shared()->script()}, because intermediate
accessors allocate Handles for no reason. It also breaks the
constraints that lower-case accessors should be trivial to execute, but
allocating a handle is not trivial (should not be done in a loop if not
needed).
It also silences gcmole errors, as documented in
https://crrev.com/c/832268.

R=ahaas@chromium.org, mtrofin@chromium.org

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ib82fb295977a47b4a8ab9bae9c9b6e2b235ad5e5
Reviewed-on: https://chromium-review.googlesource.com/832387
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50173}
2017-12-18 16:58:08 +00:00
Sigurd Schneider
8e8d8623a7 [turbofan] Add feedback to CheckString node
This CL allows deopts from CheckString to disable
speculation.

Bug: v8:7127, v8:6270
Change-Id: I029caeb61c509e5eb51b169ac42596d632f7c75a
Reviewed-on: https://chromium-review.googlesource.com/831866
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50172}
2017-12-18 16:47:28 +00:00
Sigurd Schneider
1103d4cfef [turbofan] Allow deopt in Array.push to disallow speculation
This CL passes feedback from the element kind deopt points
in Array.push to the deoptimizer. If the deopt points are
triggered, further speculation on Array.push is disallowed.

Bug: v8:7127, v8:7204
Change-Id: Ie91dee598bd8b8797110c8f468406327226893a4
Reviewed-on: https://chromium-review.googlesource.com/831523
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50171}
2017-12-18 16:41:37 +00:00
Leszek Swirski
06309e15a0 [parser] Move optimization disabling to parser
Move the one remaining optimization disabling in AST numbering (native
function literals) to be in the parser.

Bug: v8:7178
Change-Id: Icd96020622cbe64afa11b42c5831618247e3e021
Reviewed-on: https://chromium-review.googlesource.com/814399
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50170}
2017-12-18 16:30:32 +00:00
Clemens Hammacher
9a241228cf [asm.js] Fix continue target in for loops
Make sure that a continue still executed the increment part of a for
loop by adding another nested block for the body, which is the break
target for a continue in the body. The increment code lives outside
this block, in the original loop.

R=bradnelson@chromium.org
CC=mstarzinger@chromium.org

Bug: chromium:788916
Change-Id: I178b874ffac16d9237a0f4da097d2742bd93335a
Reviewed-on: https://chromium-review.googlesource.com/832447
Commit-Queue: Brad Nelson <bradnelson@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50169}
2017-12-18 16:29:27 +00:00
Leszek Swirski
c9d88eed62 [parser] Move literal initialization to parser
Move literal initialization out of AST numbering and into the parser.
The initialization includes setting the depth and flags of Object and
Array literals, and calculating the emit store of object literals.

Bug: v8:7178
Change-Id: I9af59a2fea44f8a1adcc5a0261f29ce97fa8da92
Reviewed-on: https://chromium-review.googlesource.com/814634
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50168}
2017-12-18 16:14:47 +00:00
Sigurd Schneider
0298df882b [turbofan] Add feedback to CheckSmi
This change is quite invasive, because CheckSmi is lowered
through representation change depending on UseInfo to several
different checked conversion operators. This CL adds feedback
to every checked conversion operator to Int32.

Bug: v8:7127, v8:7204
Change-Id: Icb780e5a69d321c2ec161c3c2a32984bdcf101f1
Reviewed-on: https://chromium-review.googlesource.com/831521
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50167}
2017-12-18 15:52:38 +00:00
Clemens Hammacher
d69b2df947 [wasm] Add code printing for native wasm code
This makes --print-code and --print-wasm-code also print code emitted
on the native wasm heap.
It also extends code printing to include the code kind and the index.

R=mtrofin@chromium.org

Change-Id: I39c23f4b65168c059f23477ec5d264924ca83e82
Reviewed-on: https://chromium-review.googlesource.com/831987
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50166}
2017-12-18 15:49:07 +00:00
Clemens Hammacher
362e989451 [wasm] Fix several gc issues
The pattern "handle->foo(factory->NewXX())" is unsafe, because the
evaluation order of the receiver (dereferencing the handle) and the
argument (allocating something on the heap) is undefined. If the
receiver is evaluated first, then the allocation in the evaluation of
the argument might invalidate the receiver.
In general, gcmole should catch these errors, but sadly, if the
method "foo" receives a Handle, it seems to not catch them.
We should generally refactor our getters and setters to receive and
return raw pointers instead of handles, just like most other code in
our code base.

R=mtrofin@chromium.org, ahaas@chromium.org

Bug: v8:7224
Change-Id: If9e84e4ca7efe02c40b97a8c5c549c222947d6bb
Reviewed-on: https://chromium-review.googlesource.com/832268
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50165}
2017-12-18 15:46:27 +00:00
Igor Sheludko
584fb75a27 [ic] Restructure API load/store data handlers.
... by "inlining" the Tuple2 object into the data handler.

Bug: v8:7206, v8:5561
Change-Id: I8517b2faa8d13bd16b8ec99c7ea8ab97c73a5f2a
Reviewed-on: https://chromium-review.googlesource.com/819233
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50164}
2017-12-18 15:32:38 +00:00
Michal Majewski
03165cb93b [test] Store expected outcomes in the testcase.
Bug: v8:6917
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I69d15801b79bf7aa846582367e9f3037b6612431
Reviewed-on: https://chromium-review.googlesource.com/829033
Commit-Queue: Michał Majewski <majeski@google.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50163}
2017-12-18 14:51:20 +00:00
Clemens Hammacher
7dcfe1a70e [wasm] Additional masking to memory accesses
Add additional protection against OOB accesses by masking the
index to access by a mask precomputed from the memory size.

R=clemensh@chromium.org, bradnelson@chromium.org

Change-Id: I1d5875121e1904074b115a2c88ca773b6c1c1a66
Reviewed-on: https://chromium-review.googlesource.com/830394
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50162}
2017-12-18 14:45:19 +00:00