Commit Graph

2390 Commits

Author SHA1 Message Date
Jaroslav Sevcik
3fe7d698b8 [turbofan] Optimize array destructuring
This CL introduces type narrowing and constant folding reducers
to constant fold code that comes out of inlined destructuring
of arrays. In particular, array iterator introduces code that
contains a phi of a temporary array that blocks escape analysis.
The phi comes from conditional that can be evaluated statically
(i.e., constant folded), so with better constant folding we
allow escape analysis to get rid of the temporary array.

On a quick micro-benchmark below, we see more than 6x improvement.
This is close to the hand-optimized version - if we replace
body of f with 'return b + a', we get 220ms (versus 218ms with
destructuring).

function f(a, b) {
  [b, a] = [a, b];
  return a + b;
}

function sum(count) {
  let s = 0;
  for (let i = 0; i < count; i++) {
    s += f(1, 2);
  }
  return s;
}

// Warm up
sum(1e5); sum(1e5);
console.time("destructure array");
sum(1e8);
console.timeEnd("destructure array");

console.timeEnd: destructure array, 213.526000

console.timeEnd: destructure array, 1503.537000

Bug: v8:7728
Change-Id: Ib7aec1d5897989e6adb1af1eddd516d8b3866db5
Reviewed-on: https://chromium-review.googlesource.com/1047672
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53048}
2018-05-08 06:21:37 +00:00
Peter Marshall
87d7dda296 [tests] Add unit tests for StringsStorage and document the API.
Change-Id: Iccc86d0116f5d23f523e25ff02696a9fb8312223
Reviewed-on: https://chromium-review.googlesource.com/1044545
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53022}
2018-05-07 14:02:48 +00:00
Andreas Haas
6380476c71 [wasm] Make wasm::ValueType independent of the MachineRepresentation
R=clemensh@chromium.org
CC=​titzer@chromium.org

Change-Id: I4951bf7ffc8baf51225e7bef60349186811b9f76
Reviewed-on: https://chromium-review.googlesource.com/1024037
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53020}
2018-05-07 11:54:56 +00:00
Toon Verwaest
0f7721719d Remove the catch variable name from the extension field of catch contexts
Instead rely on the scope info containing the name as well.

Change-Id: Ie1f96ea023a793b11209510566f6831b1dfd40ab
Reviewed-on: https://chromium-review.googlesource.com/1042567
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52983}
2018-05-04 10:12:08 +00:00
Ben L. Titzer
2c0edb48cd [wasm] Rename XXXOperand to XXXImmediate
R=clemensh@chromium.org
CC=ahaas@chromium.org

Change-Id: Ibcbc5e43e7095d9783f49ad2c3f27338100c4fdf
Reviewed-on: https://chromium-review.googlesource.com/1039489
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52953}
2018-05-03 12:41:54 +00:00
Toon Verwaest
39496a95c5 Replace Context::closure with Context::scope_info, allowing closure to die.
There are likely cleanups that can be done after this CL:
- context-related functions in the interpreter and compiler take ScopeInfo as
well as ScopeType and slot-count as input. The latter 2 should be directly
derived from the former. We should be able to drop FunctionContextParameters.
- ContextExtension is probably not needed anymore, since we now always have the
correct scope_info directly in the SCOPE_INFO_INDEX slot.

Bug: v8:7066
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ie1f6134c686a9f2183e54730d9cdd598a9e5ab67
Reviewed-on: https://chromium-review.googlesource.com/785151
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52952}
2018-05-03 12:34:17 +00:00
Leszek Swirski
18bc285621 Revert "[parser] Slice the source string where possible"
This reverts commit 2df5e7a7b6.

Reason for revert: Mystery crashes https://bugs.chromium.org/p/chromium/issues/detail?id=838805

Original change's description:
> [parser] Slice the source string where possible
> 
> When internalizing string literals (for quoted strings or property names),
> try to create a sliced string of the source string rather than allocating
> a copy of the bytes.
> 
> This will not work for string literals that contain escapes (e.g. unicode
> escapes), and currently does not support two-byte strings.
> 
> Bug: chromium:818642
> Change-Id: I686e5ad36baecd1a84ce5e124118431249b6c980
> Reviewed-on: https://chromium-review.googlesource.com/1010282
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52898}

TBR=marja@chromium.org,yangguo@chromium.org,jarin@chromium.org,mlippautz@chromium.org,leszeks@chromium.org,verwaest@chromium.org

Change-Id: I598b6668c43a3e843e2dd8e60852b2b2f3461954
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:818642
Reviewed-on: https://chromium-review.googlesource.com/1039885
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52919}
2018-05-02 15:32:13 +00:00
Leszek Swirski
2df5e7a7b6 [parser] Slice the source string where possible
When internalizing string literals (for quoted strings or property names),
try to create a sliced string of the source string rather than allocating
a copy of the bytes.

This will not work for string literals that contain escapes (e.g. unicode
escapes), and currently does not support two-byte strings.

Bug: chromium:818642
Change-Id: I686e5ad36baecd1a84ce5e124118431249b6c980
Reviewed-on: https://chromium-review.googlesource.com/1010282
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52898}
2018-05-01 15:38:19 +00:00
Gabriel Charette
4ac96190f7 [V8 Platform] Better WorkerThreads APIs.
As discussed @ https://chromium-review.googlesource.com/c/chromium/src/+/957761#message-4ba6c1bf637f91507544efc89a31e3e4dd407715
and again @ https://chromium-review.googlesource.com/c/chromium/src/+/957761#message-6d0430e640c82f2d5463259fecdc7fabf945b958

Get rid of task runners for WorkerThreads API (use case is always a
one-off task in which case a static call is fine -- just like in
Chromium's base/task_scheduler/post_task.h)

Calling into V8Platform* from any worker thread is safe, what was previously
unsafe was using an Isolate* from worker threads but Isolate* was dropped
from the new worker threads APIs so this is now irrelevant.

Bug: chromium:817421
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Idd2dbc081edfbcb8985eeb45eb64ffb2555fcf7c
Reviewed-on: https://chromium-review.googlesource.com/978443
Commit-Queue: Gabriel Charette <gab@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52893}
2018-04-30 19:05:40 +00:00
Jaroslav Sevcik
f53dfd934d Replace array index masking with the poisoning approach.
The idea is to mark all the branches and loads participating in array
bounds checks, and let them contribute-to/use the poisoning register.
In the code, the marks for array indexing operations now contain
"Critical" in their name. By default (--untrusted-code-mitigations),
we only instrument the "critical" operations with poisoning.

With that in place, we also remove the array masking approach based
on arithmetic.

Since we do not propagate the poison through function calls,
we introduce a node for poisoning an index that is passed through
function call - the typical example is the bounds-checked index
that is passed to the CharCodeAt builtin.

Most of the code in this CL is threads through the three levels of
protection (safe, critical, unsafe) for loads, branches and flags.

Bug: chromium:798964

Change-Id: Ief68e2329528277b3ba9156115b2a6dcc540d52b
Reviewed-on: https://chromium-review.googlesource.com/995413
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52883}
2018-04-30 13:22:44 +00:00
Jaroslav Sevcik
ba616de103 [turbofan] Remove the hacky Type::operator-> overload
This removes Type::operator-> which was used to split the change that
removed undefined misuse of Type* to represent integers.

Bug: v8:3770
Change-Id: I9a5bce5ccdc75461a7b939b4070cb58fe6040d99
Reviewed-on: https://chromium-review.googlesource.com/1033736
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52878}
2018-04-30 09:39:12 +00:00
Jaroslav Sevcik
e2ab7dae47 [turbofan] Stop mis-using Type* to represent integers.
This is part of the effort to decrease the amount of undefined behavior.
that v8 relies on.

The main change here is to represent types with class Type rather than
with pointer Type*. To make the CL smaller, I used an operator overload
hack to separate the change from `->` to `.`. I am working on a CL that
will remove the operator and change all those arrows to dots.

Bug: v8:3770
Change-Id: I71a197cb739a1467937bc95c2a757fab0469aa22
Reviewed-on: https://chromium-review.googlesource.com/1032551
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52872}
2018-04-28 06:38:46 +00:00
Clemens Hammacher
8466b71ad8 [wasm] Split off wasm-linkage.h
Linkage-related methods were declared in wasm-compiler.h and
implemented in wasm-linkage.cc. This required all users of e.g. wasm
call descriptors to include the whole wasm compiler header. Also, some
wasm linkage information is independent of turbofan and also used
outside of the compiler directory.

This CL splits off wasm-linkage.h (with minimal includes) and puts it
in src/wasm. This allows to use that information without including
compiler headers (will clean up several uses in follow-up CLs).

R=mstarzinger@chromium.org, titzer@chromium.org

Bug: v8:7570
Change-Id: Ifcae70b4ea7932cda30953b325c2b87c4176c598
Reviewed-on: https://chromium-review.googlesource.com/1013701
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52849}
2018-04-27 13:43:49 +00:00
Sigurd Schneider
63b46569b8 [turbofan] Move Number.parseInt to JSCallReducer
This CL also removes the JSBuiltinReducer, which is no longer needed.

Bug: v8:7340, v8:7250
Change-Id: I28896f6ce0d352047ea1cb7ea6de490818840faf
Reviewed-on: https://chromium-review.googlesource.com/1027853
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52799}
2018-04-26 07:06:24 +00:00
Ben Smith
9166affb29 [wasm] Implement importing mutable globals
The WasmInstanceObject stores two new arrays:

- imported_mutable_globals_buffers_: a FixedArray of all the imported
  globals' array buffers.
- imported_mutable_globals: a calloc'd array of Addresses pointing to
  the mutable global in its array buffer.

When accessing the global, the generated code looks up the address in
imported_mutable_globals to find where to load/store.

Bug: v8:7625
Change-Id: I60844c21a788fce28f346455f10f2283d1c152e9
Reviewed-on: https://chromium-review.googlesource.com/1020602
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52794}
2018-04-25 18:57:48 +00:00
Camillo Bruni
a3142476ba [runtime] Do not refer directly to the closure stored in the context
This is is a preparatory CL to detach the JSFunction from the Context.
We mainly rewrite the DebugScopeInterator to no longer rely on the a
JSFunction to be around. Additionally the empty_function needs to have
a proper ScopeInfo now.

Drive-by-fix: Improve ScopeInfo debug printing

Bug: v8:7066
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I2f2fa0e78914a12e076384e0e1234c2322ad1ee8
Reviewed-on: https://chromium-review.googlesource.com/918721
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52791}
2018-04-25 17:24:02 +00:00
Kim-Anh Tran
e47072c97a [wasm] Basic wasm tier-up
Wasm tier-up first compiles the whole module using Liftoff, and then
using Turbofan. The idea is to achieve fast start-up times by first
running Liftoff-compiled code. In the meantime we finish compilation
with Turbofan, and replace the Liftoff-compiled code as soon
as Turbofan finished compilation, thus achieving high performance.
Tier-up is enabled through the flag FLAG_wasm_tier_up.

Bug: v8:6600
Change-Id: I70552969c53d909a591666a1e7ce1ee1419b2f34
Reviewed-on: https://chromium-review.googlesource.com/1010422
Commit-Queue: Kim-Anh Tran <kimanh@google.com>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52759}
2018-04-24 13:56:23 +00:00
Andreas Haas
3a56441a8c [wasm][cleanup] Move ValueType into its own header file
This CL splits the definition of ValueType and its helper functions
into its own header file.

R=clemensh@chromium.org

Bug: v8:7570
Change-Id: I3aa776edb45839d7d38836e131df45732c685310
Reviewed-on: https://chromium-review.googlesource.com/1021810
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52758}
2018-04-24 13:55:18 +00:00
Sigurd Schneider
9557a91ff7 [turbofan] Move isNaN/isFinite to JSCallReducer
This CL also adds the simplified operator NumberIsNaN.

Bug: v8:7340, v8:7250
Change-Id: Ifa44cf59b30ee700f7df61f8d58782a43fd0f3c5
Reviewed-on: https://chromium-review.googlesource.com/1023391
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52726}
2018-04-23 11:08:36 +00:00
Georg Neis
021e9b089e Remove incorrect receiver checks from some array methods.
Several functions on Array.prototype incorrectly threw a TypeError just
because their receiver was sealed or frozen.

Bug: v8:7677
Change-Id: I4ec38bfbf468f9bd676f1c0b341c8a50cf814f15
Reviewed-on: https://chromium-review.googlesource.com/1021870
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52718}
2018-04-23 08:57:35 +00:00
Mythri
84c84fb36f Fix interpreter-assembler-unittest to check poisoning on unaligned loads
Check for poisoned loads in unaligned loads in
interpreter-assembler-unittest node matcher.

Change-Id: I5007ed1767edb035181c66028dda064b7792267f
Reviewed-on: https://chromium-review.googlesource.com/1018902
Reviewed-by: Miran Karić <miran.karic@mips.com>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52700}
2018-04-20 07:20:01 +00:00
Michael Achenbach
0cb1ee7f9f Revert "[compiler] Temporarily turn some DCHECKs into CHECKs."
This reverts commit f52b4b3b81.

Reason for revert: Makes benchmarks time out:
https://crbug.com/834655

Original change's description:
> [compiler] Temporarily turn some DCHECKs into CHECKs.
> 
> This turns most DCHECKs in the register allocator code into CHECKs,
> which hopefully will tell us more about the crashes in crbug 831822.
> 
> This CL will eventually be reverted again.
> 
> Bug: chromium:831822
> Change-Id: I123ed507949ecab50bb0aaaf9e91978c9c2d8d65
> Reviewed-on: https://chromium-review.googlesource.com/1016762
> Commit-Queue: Georg Neis <neis@chromium.org>
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52673}

TBR=neis@chromium.org,sigurds@chromium.org

Change-Id: Ic2b37a3ce04516c5871b801015153ce84e622e90
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:831822
Reviewed-on: https://chromium-review.googlesource.com/1018860
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52679}
2018-04-19 08:00:27 +00:00
Georg Neis
f52b4b3b81 [compiler] Temporarily turn some DCHECKs into CHECKs.
This turns most DCHECKs in the register allocator code into CHECKs,
which hopefully will tell us more about the crashes in crbug 831822.

This CL will eventually be reverted again.

Bug: chromium:831822
Change-Id: I123ed507949ecab50bb0aaaf9e91978c9c2d8d65
Reviewed-on: https://chromium-review.googlesource.com/1016762
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52673}
2018-04-18 14:28:37 +00:00
Christian O. Andersson
894b95fe38 [ignition] Optimizing Smi only comparisons
There are various situations where we explicitly compare a SMI against
another SMI (e.g., BuildIndexedJump). This is also a common pattern for
generated code (e.g., comparing a loop variable with an integer). Instead
of using the generic equality/strict-equality stub for this, which is
expensive, this CL offers a simple comparison stub, repurposing the
TestEqualStrictNoFeedback bytecode to TestReferenceEqual

Bug: v8:5310
Change-Id: Ib2b47cd24d5386cf0d20d3bd794776dc6e3a02a5
Reviewed-on: https://chromium-review.googlesource.com/1007542
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Christian O. Andersson <cricke@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52655}
2018-04-18 04:54:54 +00:00
Dan Elphick
7d291c7286 [heap] Add a read-only permission
Add a new permission kRead to PageAllocator::Permission and
OS::MemoryPermission and implement it in platform-*.

Not used yet, because it needs corresponding changes in chromium.

Bug: v8:7464
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I9f84251eff593536cbcc1cde04641d696c79d65c
Reviewed-on: https://chromium-review.googlesource.com/1006756
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52636}
2018-04-17 08:26:43 +00:00
Jakob Kummerow
f7d6b19f6c [ubsan] Fix many static_cast<int32_t> with undefined behavior
Casting from a floating-point type to an integer type is undefined behavior
if the integral part of the float cannot be represented in the range of the
int.

Bug: v8:3770, chromium:831145
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I2e85ea8b0f09bbeeb3e0dcc1135fc747fa312f6d
Reviewed-on: https://chromium-review.googlesource.com/1011651
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52631}
2018-04-17 02:02:18 +00:00
Vincent Belliard
abfcc1124c [arm64][Liftoff] Start Liftoff implementation.
First version which can compile a very basic code.

Change-Id: I3b98412a5ca39a28f8fe5b60516b82c6981dd187
Reviewed-on: https://chromium-review.googlesource.com/993232
Commit-Queue: Vincent Belliard <vincent.belliard@arm.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52622}
2018-04-16 16:16:47 +00:00
Jakob Kummerow
2459046c1d [ubsan] Change Address typedef to uintptr_t
The "Address" type is V8's general-purpose type for manipulating memory
addresses. Per the C++ spec, pointer arithmetic and pointer comparisons
are undefined behavior except within the same array; since we generally
don't operate within a C++ array, our general-purpose type shouldn't be
a pointer type.

Bug: v8:3770
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ib96016c24a0f18bcdba916dabd83e3f24a1b5779
Reviewed-on: https://chromium-review.googlesource.com/988657
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52601}
2018-04-14 01:25:28 +00:00
Jakob Kummerow
cfc6a5c2c6 Reland: [cleanup] Refactor the Factory
There is no good reason to have the meat of most objects' initialization
logic in heap.cc, all wrapped by the CALL_HEAP_FUNCTION macro. Instead,
this CL changes the protocol between Heap and Factory to be AllocateRaw,
and all object initialization work after (possibly retried) successful
raw allocation happens in the Factory.

This saves about 20KB of binary size on x64.

Original review: https://chromium-review.googlesource.com/c/v8/v8/+/959533
Originally landed as r52416 / f9a2e24bbc

Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Id072cbe6b3ed30afd339c7e502844b99ca12a647
Reviewed-on: https://chromium-review.googlesource.com/1000540
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52492}
2018-04-09 19:52:22 +00:00
Michael Starzinger
fa7171c541 [wasm] Remove obsolete {weak_exported_functions} field.
R=clemensh@chromium.org

Change-Id: I51e4210334a50ebb9ed7172c112083d6c3d784d9
Reviewed-on: https://chromium-review.googlesource.com/1000776
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52477}
2018-04-09 14:13:52 +00:00
Leszek Swirski
6bd1d3c280 [objects] Merge SFI outer_scope_info and feedback_metadata
Merge the outer_scope_info and feedback_metadata fields on
SharedFunctionInfo. outer_scope_info is only used during parsing,
and feedback_metadata is only available after compilation, so the
two never exist at the same time. Thus, they can share a field slot.

The exception is un-compiling and re-compiling a function, where we
need the outer_scope_info again. Fortunately, the outer_scope_info
can be re-calculated from the SFI's scope_info.

Bug: v8:7606
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I6b97fefe859e89df75ad870da4a0bfa4b869772a
Reviewed-on: https://chromium-review.googlesource.com/992432
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52454}
2018-04-06 15:06:04 +00:00
Michael Achenbach
503e07c3ef Revert "[cleanup] Refactor the Factory"
This reverts commit f9a2e24bbc.

Reason for revert: gc stress failures not all fixed by follow up.

Original change's description:
> [cleanup] Refactor the Factory
> 
> There is no good reason to have the meat of most objects' initialization
> logic in heap.cc, all wrapped by the CALL_HEAP_FUNCTION macro. Instead,
> this CL changes the protocol between Heap and Factory to be AllocateRaw,
> and all object initialization work after (possibly retried) successful
> raw allocation happens in the Factory.
> 
> This saves about 20KB of binary size on x64.
> 
> Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
> Change-Id: Icbfdc4266d7be8b48d2fe085f03411743dc6a0ca
> Reviewed-on: https://chromium-review.googlesource.com/959533
> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52416}

TBR=jkummerow@chromium.org,yangguo@chromium.org,mstarzinger@chromium.org,hpayer@chromium.org

Change-Id: Idbbc53478742f3e9525eee83342afc6aedae122f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/999414
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52420}
2018-04-06 07:23:19 +00:00
Jakob Kummerow
f9a2e24bbc [cleanup] Refactor the Factory
There is no good reason to have the meat of most objects' initialization
logic in heap.cc, all wrapped by the CALL_HEAP_FUNCTION macro. Instead,
this CL changes the protocol between Heap and Factory to be AllocateRaw,
and all object initialization work after (possibly retried) successful
raw allocation happens in the Factory.

This saves about 20KB of binary size on x64.

Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Icbfdc4266d7be8b48d2fe085f03411743dc6a0ca
Reviewed-on: https://chromium-review.googlesource.com/959533
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52416}
2018-04-06 00:23:46 +00:00
Andreas Haas
ae958346a0 [wasm][anyref] Decode anyref globals
Add support for decoding anyref globals, and some drive-by cleanups.

R=titzer@chromium.org

Bug: v8:7581
Change-Id: I3527f996a3fa1a890918a5924e951fbafa394cf2
Reviewed-on: https://chromium-review.googlesource.com/997655
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52391}
2018-04-05 12:17:41 +00:00
Ross McIlroy
3a0419a635 [Compiler] Split up Unoptimized/Optimized CompilationInfo and CompilationJobs
With the Ignition + Turbofan pipeline there is very little overlap between the data
needed for unoptimized compilation and optimized compilation. As a result, it is
cleaner to split up the CompilationInfo into UnoptimizedCompilationInfo and
OptimizedCompilationInfo.

Doing so also necessitate splitting up CompilationJob into UnoptimizedCompilationJob
and OptimizedCompilationJob - again there is not much overlap so this seems cleaner.

Change-Id: I1056ad520937b7f8582e4fc3ca8f4910742de30a
Reviewed-on: https://chromium-review.googlesource.com/995895
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52369}
2018-04-04 21:09:01 +00:00
Michael Achenbach
b27ee43a0f Reland "[build] Remove legacy isolate configurations"
This is a reland of 712b66da81

Breakage is fixed on infra side by:
https://crrev.com/c/983417

Original change's description:
> [build] Remove legacy isolate configurations
>
> Bug: chromium:669910
> Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
> Change-Id: Iad58563fd4bb35501493f88af83362b1206a186c
> Reviewed-on: https://chromium-review.googlesource.com/982630
> Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52267}

Bug: chromium:669910
Change-Id: I6c06a1fe9587206aa4e983befb105327bfec4154
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/983573
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52273}
2018-03-28 12:36:55 +00:00
Michael Achenbach
77a71f85c1 Revert "[build] Remove legacy isolate configurations"
This reverts commit 712b66da81.

Reason for revert:
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20-%20builder/builds/32049

Original change's description:
> [build] Remove legacy isolate configurations
> 
> Bug: chromium:669910
> Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
> Change-Id: Iad58563fd4bb35501493f88af83362b1206a186c
> Reviewed-on: https://chromium-review.googlesource.com/982630
> Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52267}

TBR=machenbach@chromium.org,yangguo@chromium.org,sergiyb@chromium.org,jgruber@chromium.org

Change-Id: I1955325b0b419b38d793ab205131de8de08cb50a
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:669910
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/983418
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52268}
2018-03-28 10:57:28 +00:00
Michael Achenbach
712b66da81 [build] Remove legacy isolate configurations
Bug: chromium:669910
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Iad58563fd4bb35501493f88af83362b1206a186c
Reviewed-on: https://chromium-review.googlesource.com/982630
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52267}
2018-03-28 10:35:05 +00:00
Tobias Tebbi
1ef6c4374e [turbofan] unify interpreter and JIT speculation poisoning
This CL changes the poisoning in the interpreter to use the
infrastructure used in the JIT.

This does not change the original flag semantics:

--branch-load-poisoning enables JIT mitigations as before.

--untrusted-code-mitigation enables the interpreter mitigations
  (now realized using the compiler back-end), but does not enable
  the back-end based mitigations for the Javascript JIT. So in effect
  --untrusted-code-mitigation makes the CSA pipeline for bytecode handlers
  use the same mechanics (including changed register allocation) that
  --branch-load-poisoning enables for the JIT.

Bug: chromium:798964
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: If7f6852ae44e32e6e0ad508e9237f24dec7e5b27
Reviewed-on: https://chromium-review.googlesource.com/928881
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52243}
2018-03-27 12:55:28 +00:00
Gabriel Charette
1983f3055d [V8 Platform] Make CallOnWorkerThread use std::unique_ptr
This is done now while embedders have yet to adapt to the new API before
it becomes hard to migrate.

Also renamed variable/methods to use "worker threads" rather than
"background" nomenclature.

Extracted from https://chromium-review.googlesource.com/c/v8/v8/+/978443/7
while resolving the more contentious bits around using task runners.

TBR=rmcilroy@chromium.org

Bug: chromium:817421
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ie3ddf15a708e829c0f718d89bebf3e96d1990c16
Reviewed-on: https://chromium-review.googlesource.com/980953
Commit-Queue: Gabriel Charette <gab@chromium.org>
Reviewed-by: Gabriel Charette <gab@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52231}
2018-03-26 17:43:22 +00:00
Michael Achenbach
5b7c873188 [build] Add data deps for executable tests
Bug: chromium:669910
Change-Id: I0d9a8c7277cfcedd464db44733803ccc4693ae70
Reviewed-on: https://chromium-review.googlesource.com/979952
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52222}
2018-03-26 13:37:03 +00:00
Ulan Degenbaev
d65d57a7fa [heap] Track average mutator utilization in GC tracer.
The mutator utilizaton is computed for each mark-compact GC cycle as
mutator_time / total_time, where
- total_time is the time from the end of the previous GC to the end of
  the current GC
- mutator_time = total_time - incremental_steps_duration - gc_time.

Bug: chromium:824214
Change-Id: Ie1814f22f0816a3c9c579107f4950f6fc8c8a72d
Reviewed-on: https://chromium-review.googlesource.com/978215
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52221}
2018-03-26 13:36:00 +00:00
Peter Marshall
bba9ace3f6 [cleanup] Remove is_constructor param from NewSFI
This param is no longer used to construct the SFI.

Bug: v8:7503
Change-Id: Ic93c91ce0ad9acf84da7f382c9a170c732db7176
Reviewed-on: https://chromium-review.googlesource.com/977926
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52205}
2018-03-26 08:41:38 +00:00
Sigurd Schneider
3f7b6a0f7e [turbofan] Rename StringFromCharCode to StringFromSingleCharCode
This CL also cleans up some related naming in typed-optimization.

R=neis@chromium.org

Bug: v8:7531, v8:7570
Change-Id: If80e0e9642aaf6c58b164db2e1e0632cd5b0d051
Reviewed-on: https://chromium-review.googlesource.com/978066
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52182}
2018-03-23 13:56:58 +00:00
Michael Starzinger
e5e19bf764 [wasm] Move source position tables off-heap.
This moves source position tables associated with WasmCode objects to be
located outside the garbage-collected heap. There now is a clear link to
the source position table from code, making the one-to-one relationship
and its lifetime explicit.

R=ahaas@chromium.org
BUG=v8:7424

Change-Id: I9d0b332732508c302ba525059ef02559f45aa2f6
Reviewed-on: https://chromium-review.googlesource.com/975565
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52178}
2018-03-23 12:33:53 +00:00
Andreas Haas
68b4026c20 [wasm][anyref] Implement decoding of new instructions
R=titzer@chromium.org

Bug: v8:7581
Change-Id: I66bf50bc1243cb5e4b9f2693febf91f74077a2f4
Reviewed-on: https://chromium-review.googlesource.com/978002
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52176}
2018-03-23 12:21:58 +00:00
Leszek Swirski
51ded9d3c0 Reland^2: Remove SFI code field
This is a reland of d8f564eac6

TBR=mstarzinger@chromium.org,yangguo@chromium.org,jgruber@chromium.org

Original change's description:
> Reland: Remove SFI code field
>
> Remove the SharedFunctionInfo code field, inferring the code object
> from the function_data field instead. In some cases, the function_data
> field can now hold a Code object (e.g. some WASM cases).
>
> (Reland of https://chromium-review.googlesource.com/952452)
>
> TBR=mstarzinger@chromium.org
>
> Bug: chromium:783853
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
> Change-Id: I10ea5be7ceed1b51362a2fad9be7397624d69343
> Reviewed-on: https://chromium-review.googlesource.com/970649
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52136}

Bug: chromium:783853
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I5187851b923e9a92f43daf8cb99e662786cbb839
Reviewed-on: https://chromium-review.googlesource.com/975942
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52159}
2018-03-22 17:06:06 +00:00
Leszek Swirski
52e939e9ee [turbofan] Fix accumulator liveness on suspends
SuspendGenerator needs the accumulator to be live so that it can return
it.

Bug: chromium:806723
Change-Id: Iaa88fce96c36876e3e4256324ca650d475480c10
Reviewed-on: https://chromium-review.googlesource.com/975404
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52147}
2018-03-22 13:46:04 +00:00
Leszek Swirski
48f89fbdc4 Revert "Reland: Remove SFI code field"
This reverts commit d8f564eac6.

Reason for revert: Breaks mac asan (https://build.chromium.org/p/client.v8/builders/V8%20Mac64%20ASAN/builds/17067)

Original change's description:
> Reland: Remove SFI code field
> 
> Remove the SharedFunctionInfo code field, inferring the code object
> from the function_data field instead. In some cases, the function_data
> field can now hold a Code object (e.g. some WASM cases).
> 
> (Reland of https://chromium-review.googlesource.com/952452)
> 
> TBR=mstarzinger@chromium.org
> 
> Bug: chromium:783853
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
> Change-Id: I10ea5be7ceed1b51362a2fad9be7397624d69343
> Reviewed-on: https://chromium-review.googlesource.com/970649
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52136}

TBR=yangguo@chromium.org,mstarzinger@chromium.org,jgruber@chromium.org,leszeks@chromium.org

Change-Id: I348ec7a9d837a7b068fd08312b77e87abf21be7b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:783853
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/975305
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52143}
2018-03-22 12:56:54 +00:00
Leszek Swirski
d8f564eac6 Reland: Remove SFI code field
Remove the SharedFunctionInfo code field, inferring the code object
from the function_data field instead. In some cases, the function_data
field can now hold a Code object (e.g. some WASM cases).

(Reland of https://chromium-review.googlesource.com/952452)

TBR=mstarzinger@chromium.org

Bug: chromium:783853
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I10ea5be7ceed1b51362a2fad9be7397624d69343
Reviewed-on: https://chromium-review.googlesource.com/970649
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52136}
2018-03-22 11:16:20 +00:00
Andreas Haas
80df03e31f [wasm][anyref] Add support for AnyRef in signature decoding
R=titzer@chromium.org

Bug: v8:7581
Change-Id: I51c585aafa71cbc20565974929cba8327d7f8427
Reviewed-on: https://chromium-review.googlesource.com/973305
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52133}
2018-03-22 10:24:33 +00:00
Sigurd Schneider
c35eee3b56 [cleanup] Remove more OpParameter
Bug: v8:7570, v8:7517
Change-Id: Ia62a9afeec0d0df1596198deec6165a3f02edeaa
Reviewed-on: https://chromium-review.googlesource.com/973606
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52120}
2018-03-21 17:02:39 +00:00
Sigurd Schneider
b73cbb32c5 [turbofan] Move Number.isSafeInteger to JSCallReducer
This also introduces two new simplified operators, ObjectIsSafeInteger
and NumberIsSafeInteger.

Bug: v8:7340, v8:7250
Change-Id: I9a3028d844e6614ed248a03fe24b431fb54938f0
Reviewed-on: https://chromium-review.googlesource.com/973221
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52112}
2018-03-21 13:12:18 +00:00
Eric Holk
7c61c3ce6e [wasm] Add new API for enabling trap handler
The new API supersedes the old `RegisterDefaultSignalHandler` and flag
combination. Now the embedder must explicitly call
`EnableWebAssemblyTrapHandler` to activate the trap handler and optionally
install the default signal handler. The old flag is now used only by D8 to
decide whether to call this function.

Bug: v8:5277

Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I05fbb2138138bfc95b14361aabd712db84789b4a
Reviewed-on: https://chromium-review.googlesource.com/963179
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52081}
2018-03-20 18:06:38 +00:00
Leszek Swirski
9b4d8fe41f Revert "Remove SFI code field"
This reverts commit 520b025f72.

Reason for revert: Breaks internal-snapshot build: https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20-%20internal%20snapshot/builds/14603

Original change's description:
> Remove SFI code field
> 
> Remove the SharedFunctionInfo code field, inferring the code object
> from the function_data field instead. In some cases, the function_data
> field can now hold a Code object (e.g. some WASM cases).
> 
> Bug: chromium:783853
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
> Change-Id: I1219a4d6aa5abaa9fee54dda883da7a3186e347a
> Reviewed-on: https://chromium-review.googlesource.com/952452
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52064}

TBR=yangguo@chromium.org,mstarzinger@chromium.org,jgruber@chromium.org,leszeks@chromium.org,bmeurer@chromium.org,verwaest@chromium.org

Change-Id: Iaf464ed29ba4317bbbb255c1aec76fb65cddba84
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:783853
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/970647
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52066}
2018-03-20 13:47:34 +00:00
Leszek Swirski
520b025f72 Remove SFI code field
Remove the SharedFunctionInfo code field, inferring the code object
from the function_data field instead. In some cases, the function_data
field can now hold a Code object (e.g. some WASM cases).

Bug: chromium:783853
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I1219a4d6aa5abaa9fee54dda883da7a3186e347a
Reviewed-on: https://chromium-review.googlesource.com/952452
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52064}
2018-03-20 13:14:53 +00:00
Michael Achenbach
188cca4dac [test] Skip death-tests for mac64 asan
NOTRY=true

Bug: chromium:820416
Change-Id: If995357345c2916ed5a3c8d1ad94f783cf6d633a
Reviewed-on: https://chromium-review.googlesource.com/968249
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52031}
2018-03-19 14:13:59 +00:00
Marja Hölttä
38525dd209 [reland] [in-place weak refs] Use WeakArray in Script::shared_function_infos.
For serializer changes, see goo.gl/Kh2eop

Previous version: https://chromium-review.googlesource.com/955593

BUG=v8:7308

Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I14c92874d04545eb6d04590bedb21dc402326401
Reviewed-on: https://chromium-review.googlesource.com/968245
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52027}
2018-03-19 13:33:24 +00:00
Clemens Hammacher
468a9303fd [wasm] Call FatalProcessOutOfMemory on OOM
Instead of returning nullptr, just always call FatalProcessOutOfMemory
when we cannot allocate more memory.
In a follow-up CL, this should be extended to first try to run a GC and
see if this freed enough memory.
This CL is intentionally minimal in order to make it backmergable.

The unittest for WasmCodeManager needs to be refactored into a
parameterized test, such that each individual (parameterized) test can
die with OOM without affecting other tests.

R=mstarzinger@chromium.org

Bug: chromium:822266
Change-Id: I1336aa05ed50124b77ffaa4435ec9bed70e15c18
Reviewed-on: https://chromium-review.googlesource.com/966501
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52025}
2018-03-19 13:30:30 +00:00
Kim-Anh Tran
3ffdaaad7e [wasm] Extract compilation state from ModuleCompiler and AsyncCompileJob
The compilation state of a native module is now extracted into its own
datastructure. It reflects which functions are left to compile, and contains
task managers to accomplish parallel and asynchronous compilation.

Bug: 
Change-Id: I45308c7b32ba78e6c83f2d260990846a653bbd9c
Reviewed-on: https://chromium-review.googlesource.com/958865
Commit-Queue: Kim-Anh Tran <kimanh@google.com>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52013}
2018-03-19 10:36:52 +00:00
Sigurd Schneider
59ca2ab4b2 [turbofan] Move Number.isNaN to JSCallReducer
Bug: v8:7340, v8:7250
Change-Id: I7bc40c204678995a5ed9b0675b4f838c5e8e6c4a
Reviewed-on: https://chromium-review.googlesource.com/966066
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51997}
2018-03-16 15:06:28 +00:00
Sigurd Schneider
8a94f074de [turbofan] Move Number.isInteger to JSCallReducer
This also adds ObjectIsInteger and NumberIsInteger
operators.

Bug: v8:7340, v8:7250
Change-Id: I8067276d12c8532931f90e6397f8435362c2f9af
Reviewed-on: https://chromium-review.googlesource.com/951602
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51991}
2018-03-16 12:34:34 +00:00
Camillo Bruni
dd5c7fe73d [runtime] Store position information on ScopeInfo
This CL ads a StartPosition and EndPosition accessors on SFI and
ScopeInfo to facilitate future refactoring. In a future CL the
start and end position are no longer stored directly on SFIs.

This CL will temporarily increase memory since the position info
is duplicated on the SFI and the ScopeInfo.

Drive-by-fix: Clean up some constants in ScopeInfo

Bug: v8:7066
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I1a8c5dd4e2156c007e04d92e72e478b915516e0d
Reviewed-on: https://chromium-review.googlesource.com/955629
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51987}
2018-03-16 11:51:04 +00:00
Sigurd Schneider
516c25b412 [turbofan] Move Number.isFinite to JSCallReducer
This also introduces two new simplified operators,
NumberIsFinite and ObjectIsFiniteNumber; the latter
handles all values, and the former is a fast-path
of the fast-path that is inserted by typed optimization
if we know the input has Type::Number.

Bug: v8:7340, v8:7250
Change-Id: I1b4812c01bf470bbff40fb3da6e11da543a22cd2
Reviewed-on: https://chromium-review.googlesource.com/951244
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51980}
2018-03-16 09:14:09 +00:00
Ben L. Titzer
c5253448c2 [wasm] Refactorings to improve naming
- Rename WasmCode::owner() to WasmCode::native_module() and
- Make {shared} field of WasmCompiledModule no-longer const, since
  it had a setter masquerading under the
  {OnWasmModuleDeserialization()}.
- Refactor and simplify the flow of "owner" in module-compiler.cc

R=mstarzinger@chromium.org

Change-Id: If9ee371124678fbbc845fc4e93279bf14f8f7ce8
Reviewed-on: https://chromium-review.googlesource.com/964263
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51959}
2018-03-15 13:47:58 +00:00
Caitlin Potter
b8229612bf Reland "[esnext] re-implement template strings"
- Add a new bytecode for the ToString operation, replacing the old
intrinsic call (currently does not collect type feedback).
- Add a new AST node to represent TemplateLiterals, and avoid
generating unnecessary ToString operations in some simple cases.
- Use a single feedback slot for each string addition, because the
type feedback should always be the same for each addition

This seems to produce a very slight improvement on JSTests benchmarks
and bench-ruben.js from v8:7415, and it's possible that type feedback
for the ToString bytecode could provide more opportunities to eliminate
the runtime call in TurboFan.

Doesn't touch tagged templates

[esnext] fix OOB read in ASTPrinter::VisistTemplateLiteral

Fixes an error where TemplateLiteral printing in --print-ast
would try to read an element beyond the length of a vector.

BUG=v8:7415, chromium:820596
R=adamk@chromium.org, gsathya@chromum.org, rmcilroy@chromium.org, ishell@chromium.org, bmeurer@chromium.org

Change-Id: Ie56894f73a6445550a5f95f42160c4e29ab1da42
Reviewed-on: https://chromium-review.googlesource.com/958408
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Cr-Commit-Position: refs/heads/master@{#51933}
2018-03-14 18:12:09 +00:00
Stephan Herhut
49a1a9a467 [wasm] Parse function names on demand
Function names are optional in wasm and might not be present for most
functions. Instead of storing an empty name with each function, this
change loads names, if present, on first access of the name.

This also fixes an inconsistency with streaming compilation. Under
streaming compilation, functions are compiled before parsing the name
section. Hence, they always received an empty name. With this change,
assignment of names is typically deferred until the whole module was
parsed.

Bug: chromium:820291
Change-Id: I86d76aa40b7c45897d152725547795c8b6b9b9ba
Reviewed-on: https://chromium-review.googlesource.com/955647
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51909}
2018-03-13 16:53:10 +00:00
Michael Achenbach
73f049e445 Revert "[in-place weak refs] Use WeakArray in Script::shared_function_infos."
This reverts commit bf9ab7294d.

Reason for revert:
https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20debug/builds/22169

Original change's description:
> [in-place weak refs] Use WeakArray in Script::shared_function_infos.
> 
> For serializer changes, see goo.gl/Kh2eop
> 
> BUG=v8:7308
> 
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
> Change-Id: I2b790413a4c0d8c8cc0c07ba7b901c965d64eb11
> Reviewed-on: https://chromium-review.googlesource.com/955593
> Commit-Queue: Marja Hölttä <marja@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51895}

TBR=ulan@chromium.org,marja@chromium.org,yangguo@chromium.org,hpayer@chromium.org

Change-Id: Ib9552d5c2c284ff27463e61a054c60cc20f2f8cc
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7308
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/960121
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51896}
2018-03-13 10:13:54 +00:00
Marja Hölttä
bf9ab7294d [in-place weak refs] Use WeakArray in Script::shared_function_infos.
For serializer changes, see goo.gl/Kh2eop

BUG=v8:7308

Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I2b790413a4c0d8c8cc0c07ba7b901c965d64eb11
Reviewed-on: https://chromium-review.googlesource.com/955593
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51895}
2018-03-13 09:22:30 +00:00
Eric Holk
e4402ed0bc Ensure ArrayBuffers are not neutered twice
Bug: chromium:813876
Change-Id: I71c571e4185eff3a7386141a408dcb820a70ff95
Reviewed-on: https://chromium-review.googlesource.com/933594
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51890}
2018-03-12 22:55:59 +00:00
Benedikt Meurer
f269570290 [cleanup] Drop spread.js for good.
Use IteratorToList to implement CallWithSpread and ConstructWithSpread
instead.

Bug: v8:7310
Change-Id: Ic1c44cc97914fa4fb92da8c568ac66f3ae78e520
Reviewed-on: https://chromium-review.googlesource.com/956073
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51871}
2018-03-12 09:44:11 +00:00
Michael Achenbach
b8128279a3 Revert "[esnext] re-implement template strings"
This reverts commit 8ae19e08b1.

Reason for revert:
Speculative revert for layout test:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/22215

See:
https://github.com/v8/v8/wiki/Blink-layout-tests

Original change's description:
> [esnext] re-implement template strings
> 
> - Add a new bytecode for the ToString operation, replacing the old
> intrinsic call (currently does not collect type feedback).
> - Add a new AST node to represent TemplateLiterals, and avoid
> generating unnecessary ToString operations in some simple cases.
> - Use a single feedback slot for each string addition, because the
> type feedback should always be the same for each addition
> 
> This seems to produce a very slight improvement on JSTests benchmarks
> and bench-ruben.js from v8:7415, and it's possible that type feedback
> for the ToString bytecode could provide more opportunities to eliminate
> the runtime call in TurboFan.
> 
> Doesn't touch tagged templates
> 
> BUG=v8:7415
> R=​rmcilroy@chromium.org, ishell@chromium.org, bmeurer@chromium.org
> 
> Change-Id: If5a8c68558431f058db894d65776324abf54218e
> Reviewed-on: https://chromium-review.googlesource.com/945408
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Commit-Queue: Caitlin Potter <caitp@igalia.com>
> Cr-Commit-Position: refs/heads/master@{#51853}

TBR=rmcilroy@chromium.org,caitp@igalia.com,ishell@chromium.org,bmeurer@chromium.org

Change-Id: Id0529b065493ffc20c8f2b1abacc4c1484c3c046
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7415
Reviewed-on: https://chromium-review.googlesource.com/958163
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51862}
2018-03-10 16:45:30 +00:00
Caitlin Potter
8ae19e08b1 [esnext] re-implement template strings
- Add a new bytecode for the ToString operation, replacing the old
intrinsic call (currently does not collect type feedback).
- Add a new AST node to represent TemplateLiterals, and avoid
generating unnecessary ToString operations in some simple cases.
- Use a single feedback slot for each string addition, because the
type feedback should always be the same for each addition

This seems to produce a very slight improvement on JSTests benchmarks
and bench-ruben.js from v8:7415, and it's possible that type feedback
for the ToString bytecode could provide more opportunities to eliminate
the runtime call in TurboFan.

Doesn't touch tagged templates

BUG=v8:7415
R=rmcilroy@chromium.org, ishell@chromium.org, bmeurer@chromium.org

Change-Id: If5a8c68558431f058db894d65776324abf54218e
Reviewed-on: https://chromium-review.googlesource.com/945408
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Cr-Commit-Position: refs/heads/master@{#51853}
2018-03-09 18:14:07 +00:00
jgruber
3b99189b5d Add external references macro list
The macro list avoids duplication in external-reference-table and will
allow us to statically determine the size of the table in a follow-up.

TBR=mlippautz@chromium.org

Bug: v8:6666
Change-Id: I06bb2e8c25970b3c1047dafd6c63d7ca291fe37e
Reviewed-on: https://chromium-review.googlesource.com/956187
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51850}
2018-03-09 16:43:06 +00:00
Jakob Kummerow
96e2e8588d Reland "[bigint] Serialization support for BigInts"
This is a reland of 609aaa5549

Originally reviewed at: https://chromium-review.googlesource.com/952626

Tbr: adamk@chromium.org
Bug: v8:6791
Change-Id: If0699fbfb280192bed61538ccc67c7c95893e691
Reviewed-on: https://chromium-review.googlesource.com/954665
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51819}
2018-03-08 17:37:35 +00:00
Tobias Tebbi
501f250c0b [turbofan] [cleanup] remove UnalignedLoadRepresentation
UnalignedLoad is the only kind of load operation that defines its own
UnalignedLoadRepresentation type alias and LoadRepresentationOf function.
This is a problem because it means we cannot use the LOAD_MATCHER
infrastructure without defining all of this boilerplate for all the other
kinds of load operations. Since these aliases serve no real purpose,
it is best to unify UnalignedLoad to how its peers are handled.

Change-Id: I51a591eb82fb85edee66512136b23276e851f767
Reviewed-on: https://chromium-review.googlesource.com/951683
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51802}
2018-03-08 10:30:55 +00:00
Jaroslav Sevcik
383ec7b506 [turbofan] IA32 port of branch load poisoning.
The tricky part here is to take away one register from register
allocation for the mask. The only problem is with calls that need
an input operand to be passed in the poison register. For such calls,
we change the register constraint in the instruction selector
to pass the value in whatever place the register allocator sees fit.
During code generation, we then copy the value from that place
to the poison register. By that time, the mask is not necessary
(once we bake the mask into the target, it should be done before
this move).

For the branches, the mask update does not use cmov (unlike x64)
because cmov does not take an immediate and we do not have
a scratch register. Instead we use bit-twiddling tricks
(suggested by @tebbi). For example, here is the code for masking
register update after a bailout on non-zero:

  jnz deopt_bailout    ;; Bailout branch
  setnz bl             ;; These three instructions update the mask
  add  ebx, 255
  sar  ebx, 31

(On x64, the sequence is:

  jnz deopt_bailout
  mov r10, 0      ;; We have a scratch register for zero
  cmovnz r9, r10  ;; Set to zero if we execute this branch
                  ;; in branch mis-speculation
)


This CL also fixes a bug in register configuration, where we used
to wrongly restrict the array of register name.

Change-Id: I5fceff2faf8bdc527d9934afc284b749574ab69e
Bug: chromium:798964
Reviewed-on: https://chromium-review.googlesource.com/946251
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51798}
2018-03-08 08:25:42 +00:00
Michael Achenbach
f48ab38a34 Revert "[bigint] Serialization support for BigInts"
This reverts commit 609aaa5549.

Reason for revert:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/22157

Original change's description:
> [bigint] Serialization support for BigInts
> 
> Bug: v8:6791
> Change-Id: I6d428d0bfc08b7447cd4a961b9f4053c89ed158b
> Reviewed-on: https://chromium-review.googlesource.com/952626
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51795}

TBR=adamk@chromium.org,jkummerow@chromium.org

Change-Id: I3c5ab51c40fcd897638d039d433cd764ca7f4e77
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6791
Reviewed-on: https://chromium-review.googlesource.com/954942
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51796}
2018-03-08 05:59:41 +00:00
Jakob Kummerow
609aaa5549 [bigint] Serialization support for BigInts
Bug: v8:6791
Change-Id: I6d428d0bfc08b7447cd4a961b9f4053c89ed158b
Reviewed-on: https://chromium-review.googlesource.com/952626
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51795}
2018-03-08 00:25:29 +00:00
Fadi Meawad
1ccbfb0019 Fix ThreadTicks.ThreadNow test on windows
The test is flaky because the OS does not sleep for the full requested
time. Adding a check for the OS sleep time.

Bug: v8:7492
Change-Id: I495ecc6595238bc1771adc434e766543513a0256
Reviewed-on: https://chromium-review.googlesource.com/937818
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Fadi Meawad <fmeawad@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51774}
2018-03-06 17:02:48 +00:00
Sigurd Schneider
388e505a24 [cleanup] Remove OpParameter(Node*) helper
This also introduces FrameStateInfoOf helper.

Bug: v8:7517, v8:7310
Change-Id: If2dd1257fb9384fe957a980077a65154cc014d3b
Reviewed-on: https://chromium-review.googlesource.com/946009
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51718}
2018-03-05 10:05:05 +00:00
Georg Neis
2e2860f74f [ic] Introduce new IC for storing into array literals.
... and use it in the implementation of array literal spreads,
replacing calls to %AppendElement.

Array spreads in destructuring will be taken care of in a separate CL.

Bug: v8:5940, v8:7446
Change-Id: Idec52398902a7fd3c1244852cf73246f142404f0
Reviewed-on: https://chromium-review.googlesource.com/915364
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51709}
2018-03-02 21:12:57 +00:00
Clemens Hammacher
cdf0c2e801 Account for different interpretations of "trivially copyable"
Unfortunately, different runtime libraries and/or compilers differ on
whether a class without any copy constructor, move constructor, copy
assignment and move assignment operator is considered trivially
copyable.
See discussion on https://crrev.com/c/941521.

This CL adds a comment about this, and deletes a test for this specific
case.

R=mstarzinger@chromium.org
CC=jyan@ca.ibm.com, ivica.bogosavljevic@mips.com

Change-Id: Ie07adda370e5e955b782e72356b50121477d4623
Reviewed-on: https://chromium-review.googlesource.com/944081
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51704}
2018-03-02 15:45:14 +00:00
Sigurd Schneider
2daca1c6a8 Reland "[turbofan] Preserve order of compares in switches"
This is a reland of b8bc26d099

Original change's description:
> [turbofan] Preserve order of compares in switches
> 
> This CL makes sure that control flow optimization does
> not change the order of switches that ultimately get
> lowered to a series of comparisons anyway.
> 
> Bug: v8:7326
> Change-Id: If004de6b71a7e9504d37754c847ca108a64e49db
> Reviewed-on: https://chromium-review.googlesource.com/941952
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51679}

Bug: v8:7326
Change-Id: Ifbe61dece499c98bbd49fa3ae9b99ccf4e955ddc
Reviewed-on: https://chromium-review.googlesource.com/945770
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51691}
2018-03-02 12:03:42 +00:00
Gabriel Charette
70222a9d03 [v8 platform] Rename BackgroundThread methods to WorkerThreads method.
Follow-up to https://chromium-review.googlesource.com/c/v8/v8/+/941442.

"background" refers to a priority and is inappropriate to refer to
worker threads as many tasks posted to worker threads by v8 are in
fact high priority.

Also took advantage of this rename to make NumberOfWorkerThreads()
return an int instead of size_t. While it is never negative, int is
simpler and Google C++ style guide states to avoid unsigned integers in
such cases (ref. "On Unsigned Integers" @
https://google.github.io/styleguide/cppguide.html#Integer_Types).

The Chromium embedder for that call provided an int which was converted
to size_t for this override and most often casted back down to int on the
v8 side, adding churn, and readability overhead.

R=ahaas@chromium.org

Bug: v8:7310
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ib5280df73d2846b111d985be65a10b049995ea6a
Reviewed-on: https://chromium-review.googlesource.com/941944
Commit-Queue: Gabriel Charette <gab@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51662}
2018-03-01 15:30:35 +00:00
Clemens Hammacher
9dd6f0d089 Fix is_trivially_copyable check for MSVC and older stdlibc++
MSVC 2015 and 2017 implement std::is_trivially_copyable, but not
correctly. Hence, reimplement it using more low-level primitives.

For stdlibc++ versions below 5.0, we already have a workaround for the
missing support of std::is_trivially_copyable, but this is an unsound
approximation, because it is ignoring move constructor, move assignment
and copy assignment. Therefore, do not use this approximation for
asserting trivial copyability of a type.

Finally, add unittests for the new is_trivially_copyable
implementations.

R=mstarzinger@chromium.org
CC=loorongjie@gmail.com

Change-Id: I9ee56a65882e8c94b72c9a2d484edd27963a5d89
Reviewed-on: https://chromium-review.googlesource.com/941521
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51651}
2018-03-01 13:05:12 +00:00
Gabriel Charette
86b4b5345a [v8 platform] Get rid of unused ExpectedRuntime parameter.
With a temporary intermediate step to allow adapting embedders before
getting rid of the ExpectedRuntime method altogether.

The method is being renamed to CallOnWorkerThread() as an effort to
go away from "background" nomenclature for worker threads ("background"
usually refers to a priority but worker threads are commonly used for
high priority tasks in v8).
Other CLs will follow to rename other "background" APIs.

Bug: v8:7310
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I2fd4eac7458708d4eacb0f4871c982a567a3865e
Reviewed-on: https://chromium-review.googlesource.com/941442
Commit-Queue: Gabriel Charette <gab@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51645}
2018-03-01 10:35:42 +00:00
Kim-Anh Tran
1516520832 [wasm] Introduce Tier enum to replace the current is_liftoff flag
Bug: v8:7310
Change-Id: I87bdb640a3c006a268974b34808f184307badeb2
Reviewed-on: https://chromium-review.googlesource.com/934243
Commit-Queue: Kim-Anh Tran <kimanh@google.com>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51644}
2018-03-01 08:56:00 +00:00
Nico Weber
58b386c4de Make v8 build with -Wmicrosoft-cast under clang-cl.
gcc and clang (and the standard) don't allow implicit conversion of
function pointers to object pointers. MSVC does allow that, and since
system headers require this to work, clang-cl allows it too -- but
it emits a -Wmicrosoft-cast warning (which we currently suppress in
the Chromium build, but which we want to enable.)

As a side effect, when printing a function pointer to a stream, MSVC
(and clang-cl) will pick the operator<<(void*) overload, while gcc
and clang will pick operator<<(bool) since the best allowed conversion
they find is from function pointer to bool.

To prevent the clang-cl warning, we need to make sure that we never
directly print a function pointer to a stream. In v8, this requires
two changes:

1. Give PrintCheckOperand() an explicit specialization for function
   pointers and explicitly cast to void* there.  This ports
   https://codereview.chromium.org/2515283002/ to V8, and also fixes a
   bug on non-Windows where DCHECK() of function pointers would print
   "(1 vs 1)" instead of the function's addresses.
   (The bug remains with member function pointers,
   where it's not clear what to print instead of the 1.)

2. has_output_operator<T> must not use operator<< on its argument
   in an evaluated context if T is a function pointer.  This patch
   modifies has_output_operator<> to use an unevaluated context instead,
   which is simpler than the current approach (and matches what Chromium's
   base does), but changes behavior    in minor (boring) ways
   (see template-utils-unittest.cc), since operator<<() is now
   called with a temporary and only operator<<() implementations callable
   with a temporary are considered.
   A more complicated but behavior-preserving alternative would be to
   add an explicit specialization for function pointers. You can see
   this variant in patch set 1 on gerrit.

Bug: chromium:550065
Change-Id: Idc2854d6c258b7fc0b959604006d8952a79eca3d
Reviewed-on: https://chromium-review.googlesource.com/940004
Commit-Queue: Nico Weber <thakis@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51636}
2018-02-28 18:06:57 +00:00
Michael Starzinger
fafd1cdd35 Move exception handler table into instruction stream.
This changes the encoding of the {HandlerTable} from an array of Smi
values to a byte array. It allows embedding of said array into the
instruction stream of {Code} objects (similar to how safepoint tables
work). For interpreted bytecode the table is attached as a {ByteArray}
to the bytecode.

The advantage of this approach is a more compact encoding and also the
ability to move such tables easily off the GC'ed heap if needed (as is
done for WebAssembly code for example).

R=jarin@chromium.org

Change-Id: I3320415dff69b3d1053825bda0d667a28232bf6d
Reviewed-on: https://chromium-review.googlesource.com/934642
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51589}
2018-02-27 10:20:35 +00:00
Jakob Kummerow
ef2aba3325 [test][cleanup] Clean up value-serializer-unittest.cc
Refactor the helpers to use return values instead of continuation functors.
This reduces compilation time in Release mode from 30s to 10s (Debug: 10->7s).
Also shorten the boilerplate code a bit.

Bug: v8:7310
Change-Id: Icf6309e4fd5478a1f55979112d1219bc7eaf4e6d
Reviewed-on: https://chromium-review.googlesource.com/938316
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51584}
2018-02-27 02:05:55 +00:00
Michael Achenbach
ac790b1132 [test] Skip flaky test on windows
NOTRY=true

Bug: v8:7492
Change-Id: Ie25281f8efa30d14574c7b53b4ab8a22d1344535
Reviewed-on: https://chromium-review.googlesource.com/934847
Reviewed-by: Fadi Meawad <fmeawad@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51531}
2018-02-23 18:45:28 +00:00
Sigurd Schneider
0165432e20 [cleanup] Rename Word to Int32/IntPtr depending on context
Bug: v8:7310
Change-Id: I3b9832c7090d5c4b2f425f85095b0d7bae29fbfd
Reviewed-on: https://chromium-review.googlesource.com/934321
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51519}
2018-02-23 14:34:07 +00:00
Marja Hölttä
f8569ff38a [data structures] Fix ZoneChunkList some more.
Currently, pop_back() doesn't update size. Fix that.

BUG=v8:7489

Change-Id: If11d2ddcaae3223289c168c1e6e1ad94d6775516
Reviewed-on: https://chromium-review.googlesource.com/934456
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51517}
2018-02-23 14:20:07 +00:00
Sigurd Schneider
53e00e3900 Reland "[turbofan] Move String.* functions to JSCallReducer"
This is a reland of 3ff4b44735.

Original version did not handle V8_INTL_SUPPORT.

Original change's description:
> [turbofan] Move String.* functions to JSCallReducer
>
> Bug: v8:7250, v8:7340
> Change-Id: Ibb8d5badf89c66bd9bcb6bb390256ae81d0e899c
> Reviewed-on: https://chromium-review.googlesource.com/913208
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51505}

Bug: v8:7250, v8:7340
Change-Id: Id908cbcfaa9e9cf5459d6d3289e6ec00e387d287
Reviewed-on: https://chromium-review.googlesource.com/934268
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51514}
2018-02-23 13:43:28 +00:00
Marja Hölttä
4be3f416e6 [data structures] Fix ZoneChunkList end iterator.
BUG=v8:7478

Change-Id: Iad67d49729dfeb89fde26772689a22098f491b8a
Reviewed-on: https://chromium-review.googlesource.com/931548
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51510}
2018-02-23 13:08:13 +00:00
Sigurd Schneider
0ef07c95f4 Revert "[turbofan] Move String.* functions to JSCallReducer"
This reverts commit 3ff4b44735.

Reason for revert: Does not handle V8_INTL_SUPPORT correctly

Original change's description:
> [turbofan] Move String.* functions to JSCallReducer
> 
> Bug: v8:7250, v8:7340
> Change-Id: Ibb8d5badf89c66bd9bcb6bb390256ae81d0e899c
> Reviewed-on: https://chromium-review.googlesource.com/913208
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51505}

TBR=sigurds@chromium.org,bmeurer@chromium.org

Change-Id: I6efb3b758b0fcadc012a90c4175de3c1ebccee95
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7250, v8:7340
Reviewed-on: https://chromium-review.googlesource.com/934267
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51507}
2018-02-23 12:41:04 +00:00
Sigurd Schneider
3ff4b44735 [turbofan] Move String.* functions to JSCallReducer
Bug: v8:7250, v8:7340
Change-Id: Ibb8d5badf89c66bd9bcb6bb390256ae81d0e899c
Reviewed-on: https://chromium-review.googlesource.com/913208
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51505}
2018-02-23 12:22:13 +00:00
Sigurd Schneider
6be614fb2d Reland "[turbofan] Disable speculation for JSCall nodes by default"
This is a reland of ccbbdb93a1.

Original change's description:
> [turbofan] Disable speculation for JSCall nodes by default
>
> Change-Id: I7360601f4e1b419cf8d35480b068418bdd700be9
> Reviewed-on: https://chromium-review.googlesource.com/928649
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51467}

Bug: v8:7340

Change-Id: I5557afcdad0c7f9610a396dcfa45f8985a13c1ba
Reviewed-on: https://chromium-review.googlesource.com/931546
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51496}
2018-02-23 08:31:41 +00:00
Benedikt Meurer
aff1f3788b [cleanup] Introduce a dedicated FeedbackCell.
This is preparatory cleanup work for eventually tracking the functions
(rather than concrete closures) in the CALL_IC, also for builtins like
the default PromiseCapability [[Resolve]] and [[Reject]] functions. It
adds a new FeedbackCell type, which is used by JSFunctions consistently
now to reference the feedback vector (or undefined if not the function
is not compiled yet or is a native/asm.js function).

This also changes the calling convention for FastNewClosure builtin and
the JSCreateClosure operator in TurboFan to carry the FeedbackCell here
instead of the parent FeedbackVector and the slot index. In addition we
eliminate the now unused %InterpreterNewClosure runtime function.

Bug: v8:2206, v8:7253, v8:7310
Change-Id: Ib4ce456e276e0273e57c163dcdd0b33abf863656
Reviewed-on: https://chromium-review.googlesource.com/928403
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51474}
2018-02-22 13:18:48 +00:00
Benedikt Meurer
aa7ccc233c Revert "[turbofan] Disable speculation for JSCall nodes by default"
This reverts commit ccbbdb93a1.

Reason for revert: https://logs.chromium.org/v/?s=chromium%2Fbb%2Fclient.v8%2FV8_Linux%2F23316%2F%2B%2Frecipes%2Fsteps%2FBisect_50a6e301%2F0%2Fsteps%2FRetry_-_nosse3%2F0%2Flogs%2FJSCallReducerTest.Mat..%2F0

Original change's description:
> [turbofan] Disable speculation for JSCall nodes by default
> 
> Change-Id: I7360601f4e1b419cf8d35480b068418bdd700be9
> Reviewed-on: https://chromium-review.googlesource.com/928649
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51467}

TBR=sigurds@chromium.org,bmeurer@chromium.org

Change-Id: I5a1988902730be9e962b17a434251db82d834b98
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/931401
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51471}
2018-02-22 12:33:18 +00:00
Sigurd Schneider
50a6e301a2 [turbofan] Don't insert {Int32Constant}s in JSCallReducer
Bug: chromium:814336, v8:7250, v8:7340
Change-Id: I9345778cabf24f1278ca7364ef7e223038c5aeee
Reviewed-on: https://chromium-review.googlesource.com/929121
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51468}
2018-02-22 11:35:20 +00:00
Sigurd Schneider
ccbbdb93a1 [turbofan] Disable speculation for JSCall nodes by default
Change-Id: I7360601f4e1b419cf8d35480b068418bdd700be9
Reviewed-on: https://chromium-review.googlesource.com/928649
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51467}
2018-02-22 11:33:15 +00:00
Sigurd Schneider
fb0144f6f9 [turbofan] Move Math.* builtins to JSCallReducer
This CL also adds speculation to all Math builtins,
and refactors the JSCallReducer.

Bug: v8:7250, v8:7240
Change-Id: Icdaddb767e875bb191939d907f65c7a8dcf79b8b
Reviewed-on: https://chromium-review.googlesource.com/873916
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51426}
2018-02-21 12:21:20 +00:00
Justin Ridgewell
f6b6f71ba2 Consolidate UTF-8 Vector<char> to uc16 decoding into Iterator
Too many files know how to deal with decoding, counting, and splitting UTF-8
into uc16 chars. This consolidates several callers who deal with full
(Vector<char>, not streaming) bytes by using a UTF-8 Iterator to decode bytes
into individual uc16 chars.

R=marja@chromium.org

Bug: 
Change-Id: Ia36df3e8c1abd0398415ad23a474557c71c19a01
Reviewed-on: https://chromium-review.googlesource.com/831093
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Justin Ridgewell <jridgewell@google.com>
Cr-Commit-Position: refs/heads/master@{#51405}
2018-02-20 20:04:41 +00:00
Peter Marshall
46c199a5c7 [turbofan] Inline promise constructor in turbofan.
Inline the promise constructor when we have one argument and target
matches new_target.

This is not complete, and is sitting behind an experimental flag for
now. We need to fix deoptimization by providing proper frame states.

Create a unittest class for JSCallReducer - just assert whether there
was a change or not, rather than specify the exact graph that should be
produced.

Bug: v8:7253
Change-Id: Ib6886a8feb2799f47cd647853cabcf12a189bc25
Reviewed-on: https://chromium-review.googlesource.com/919282
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51389}
2018-02-20 09:01:51 +00:00
Sigurd Schneider
e1ca671e45 [debug] Ensure breaking on inlined builtins works
This ensures that breaking on inlined builtins works, even when
compiling concurrently. This CL also introduces the member
Isolate::AbortConcurrentOptimization.

R=sigurds@chromium.org

Bug: v8:178
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ie6cbb48ebde18036888af2dd715862e7a14ddf9d
Reviewed-on: https://chromium-review.googlesource.com/912468
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51384}
2018-02-20 07:52:51 +00:00
Jakob Kummerow
bd0b32f545 Reland "[bigint] Add BigInt64Array, BigUint64Array"
This is a reland of dda0419ecd.

Originally reviewed-on: https://chromium-review.googlesource.com/914513
and landed as refs/heads/master@{#51342}.

Bug: v8:6791
Change-Id: I3b3a069da7a0e64c38a81b3110dc5ece4887cb19
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/924665
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51352}
2018-02-19 10:23:18 +00:00
Michael Achenbach
cb7a15fede Revert "[bigint] Add BigInt64Array, BigUint64Array"
This reverts commit dda0419ecd.

Reason for revert: msvc unhappy:
https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20msvc/builds/1434

Original change's description:
> [bigint] Add BigInt64Array, BigUint64Array
> 
> Bug: v8:6791
> Tbr: hpayer@chromium.org
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: I637e9084d2fe4869ad0be2fb996149ab9940f346
> Reviewed-on: https://chromium-review.googlesource.com/914513
> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51342}

TBR=jkummerow@chromium.org,neis@chromium.org,hpayer@chromium.org

Change-Id: I49237fa323f0d3ea70e744d92d5cbdd4d5c4b39f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6791
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/924663
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51344}
2018-02-17 06:01:31 +00:00
Jakob Kummerow
dda0419ecd [bigint] Add BigInt64Array, BigUint64Array
Bug: v8:6791
Tbr: hpayer@chromium.org
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I637e9084d2fe4869ad0be2fb996149ab9940f346
Reviewed-on: https://chromium-review.googlesource.com/914513
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51342}
2018-02-17 04:52:29 +00:00
Bill Budge
95e39b0623 [API] Don't use VM methods of v8::ArrayBuffer::Allocator.
- Replaces calls to Allocator Reserve, Free, and SetPermissions
  with equivalent page allocator calls (allocation.h).
- Un-implements these methods to catch usage, in preparation for
  removing these.

Bug: chromium:799573
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Id233b7a9cfc8e332c64e514f6359e8b670c2d75e
Reviewed-on: https://chromium-review.googlesource.com/911883
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Eric Holk <eholk@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51340}
2018-02-16 22:51:17 +00:00
Bill Budge
018f119223 [memory] Add a test for RX page permission.
Bug: chromium:799573
Change-Id: I467c74b5b26bc6f1e1a35c1104df12b77f072bac
Reviewed-on: https://chromium-review.googlesource.com/923430
Reviewed-by: Eric Holk <eholk@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51338}
2018-02-16 21:52:44 +00:00
Jakob Kummerow
8ac70e8663 Work on -Wimplicit-fallthrough for v8
This doesn't enable the warning yet, but adds V8_FALLTHROUGH annotations
in enough places so that v8 can build with the warning on on my linux box.

Found one real bug
(in effect-control-linearizer.cc,
https://chromium-review.googlesource.com/c/v8/v8/+/850392/3/src/compiler/effect-control-linearizer.cc#825
).

Bug: chromium:812686
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I3542550b9c24b545641d0f0fc43f28f2780b0ab3
Reviewed-on: https://chromium-review.googlesource.com/911731
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Nico Weber <thakis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51322}
2018-02-16 13:32:25 +00:00
Adam Klein
5aad943dfe Remove mtrofin and rossberg from OWNERS
Tbr: jarin@chromium.org
Change-Id: I17477e2c82398b228a366a3d1fd8eb521dd51eae
Reviewed-on: https://chromium-review.googlesource.com/922270
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51317}
2018-02-15 23:48:43 +00:00
Toon Verwaest
313e33a709 Remove %_ClassOf and SharedFunctionInfo::instance_class_name
instance_class_name takes up space unnecessarily, and %_ClassOf and
class_name implement [[Class]] which isn't part of ES2015+ anymore.

Bug: 
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I3a73f732ad83a616817fde9992f4e4d584638fa8
Reviewed-on: https://chromium-review.googlesource.com/776683
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51309}
2018-02-15 11:52:08 +00:00
Caitlin Potter
d3ca0d0050 [esnext] implement spec change to TaggedTemplate callsite caching
Implements the change outlined in https://github.com/tc39/ecma262/pull/890,
which has been ratified and pulled into the specification. In particular,
template callsite objects are no longer kept in a global, eternal Map, but
are instead associated with their callsite, which can be collected. This
prevents a memory leak incurred by TaggedTemplate calls.

Changes, summarized:

    - Remove the TemplateMap and TemplateMapShape objects, instead caching
      template objects in the feedback vector.
    - Remove the `hash` member of TemplateObjectDescriptor, and the Equals
      method (used by TemplateMap)
    - Add a new FeedbackSlotKind (kTemplateObject), which behaves similarly
      to FeedbackSlotKind::kLiteral, but prevents eval caching. This ensures
      that a new feedback vector is always created for eval() containing tagged
      templates, even when the CompilationCache is used.
    - GetTemplateObject bytecode now takes a feedback index, and only calls
      into the runtime if the feedback is Smi::kZero (uninitialized).

BUG=v8:3230, v8:2891
R=littledan@chromium.org, yangguo@chromium.org, bmeurer@chromium.org,
rmcilroy@chromium.org

Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I7827bc148d3d93e2b056ebf63dd624da196ad423
Reviewed-on: https://chromium-review.googlesource.com/624564
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51248}
2018-02-12 17:06:18 +00:00
Junliang Yan
ae0447fa48 [test] Allow two timing output to be the same
some time the output of these two could be the same
if machine is fast enough.

Change-Id: I1d9c0191657abae3d053517d45059065df2d44dc
Reviewed-on: https://chromium-review.googlesource.com/911873
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#51247}
2018-02-12 16:37:46 +00:00
Ross McIlroy
a021b6c42d [Ignition] [TurboFan] Generate speculation poison in code generator.
Moves generation of speculation poison to be based on the PC target vs the
actual PC being executed. The speculation poison is generated in the prologue
of the generated code if CompilationInfo::kGenerateSpeculationPoison is set.
The result is stored in a known register, which can then be read using the
SpeculationPoison machine node.

Currently we need to ensure the SpeculationPoison node is scheduled right after
the code prologue so that the poison register doesn't get clobbered. This is
currently not verified, however it's only use is in RawMachineAssembler where
it is manually scheduled early.

The Ignition bytecode handlers are updated to use this speculation poison
rather than one generated by comparing the target bytecode.

BUG=chromium:798964

Change-Id: I2a3d0cfc694e88d7a8fe893282bd5082f693d5e2
Reviewed-on: https://chromium-review.googlesource.com/893160
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51229}
2018-02-12 09:26:58 +00:00
Ben L. Titzer
855cb90db7 Normalize names of call descriptor local variables
This is a purely cosmetic change. Rename all local variables and
parameters of type CallDescriptor* to "call_descriptor".
For locals that are now named "call_descriptor", use auto upon
initialization, following the Google style guide
(https://google.github.io/styleguide/cppguide.html#auto).

Note: fields in structs and classes were not renamed in this CL.

R=clemensh@chromium.org,mstarzinger@chromium.org,jarin@chromium.org

Change-Id: Ic6f7afdba12f7b97741b098a9d0e0f58c41c587e
Reviewed-on: https://chromium-review.googlesource.com/909866
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51223}
2018-02-09 22:09:07 +00:00
Ivica Bogosavljevic
488737d99f [MIPS] Add Sreten Kovacevic as owner of MIPS files
Change-Id: I9cc0cc5ffe9175132634bea87cfc24cc5439e592
Reviewed-on: https://chromium-review.googlesource.com/911389
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#51216}
2018-02-09 15:35:49 +00:00
Gabriel Charette
85b8daed63 Add V8.GC.ParallelTaskLatencyMicroSeconds metric.
It will record the time-to-schedule-after-job-start for different
task types to try to highlight use cases where contention might
be a problem (and show improvements to it later).

Also introducing AsyncTimedHistogram to support this use case whose
reported timings go beyond a single scope (i.e. the async version of
ScopedTimedHistogram).

Bug: chromium:807606
Change-Id: Ib4d581fa8b001723dfe8c91102280e9608b4fabb
Reviewed-on: https://chromium-review.googlesource.com/899365
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Gabriel Charette <gab@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51131}
2018-02-06 21:53:49 +00:00
Gabriel Charette
db73d446b9 Bring Time(Delta)::Min/Max() and related helpers to V8.
Copied as-is modulo compile tweaks from Chromium's base.

Copied tests highlighting existing overflow issues with V8's impl...

TimeDelta::Max() will initially be used in V8 to flag events that
never triggered in a TimedHistogram.

Also constexpr'ed a few things while I was in there, it's harmless
at worst and helps a little at best.
Ideally would constexpr all the Time*::From*() methods like in
Chromium but that has inlining implications and I don't know the
impact that could have on V8.

Bug: chromium:807606
Change-Id: If5aa92759d985be070e12af4dd20f0159169048b
Reviewed-on: https://chromium-review.googlesource.com/899342
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Gabriel Charette <gab@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51073}
2018-02-02 15:38:55 +00:00
Bill Budge
a1fc3c7b14 [memory] Make sure parameters are properly aligned in AllocatePages.
- Adds a DCHECK to AllocatePages to enforce hint address alignment.
- Adds a DCHECK to AllocatePages to make length a multiple of allocation
  granularity.
- Properly aligns the hint address in MemoryAllocator::AllocateChunk
  to MemoryChunk::kAlignment.

This is to conform more closely to Chromium's page allocator API.

Bug:chromium:756050

Change-Id: Ib991fa80609834107829a9559f4b5b6b0996fc72
Reviewed-on: https://chromium-review.googlesource.com/898095
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51065}
2018-02-02 13:54:28 +00:00
Michal Majewski
2fe1af4787 [test] Remove dead code from suites and tests
Bug: v8:6917
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I6bfea537347fb236d41b31f0c6c64c108928bf28
Reviewed-on: https://chromium-review.googlesource.com/897784
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michał Majewski <majeski@google.com>
Cr-Commit-Position: refs/heads/master@{#51033}
2018-02-01 14:12:49 +00:00
Peter Marshall
8622d899d8 [turbofan] Eliminate switch operations with constant input.
Where the value we are switching on is a constant, we can just look
through each IfValue case and replace the switch and go straight to
the appropriate case. If no case matches, expect and go to the
IfDefault.

For the (unrealistic) example in the linked bug, this improves
performance ~1.5x.

Bug: v8:7389
Change-Id: I7ffe209bda9ed22571ea106396b18e0bcf9a1e22
Reviewed-on: https://chromium-review.googlesource.com/893141
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51029}
2018-02-01 13:23:52 +00:00
Gabriel Charette
954146a5cf Make TimeTicks::Now() high-resolution whenever possible with low-latency.
It was already always high-resolution on POSIX but was never high
resolution on Windows. Windows does support low latency high-resolution
timers for the majority of our user base.

TimeTicks::HighResolutionNow() was only explicitly requested in testing
frameworks. As such I left the call in place but made it DCHECK that
it's running on a Windows machine on which high-resolution clocks are
used. This confirms that none of our test fleet has regressed with this
change (the previous HighResolutionNow() used to be slightly more
aggressive and also do it in a few configurations where we now fallback
to low-resolution now).

This implementation was copied as-is (modulo minor v8 API
compatibility tweaks). These implementations were the same in the
past but had diverged when, sadly, the same bug was fixed separately
years apart, in Chromium and V8:
chromium: https://codereview.chromium.org/1284053004 + https://codereview.chromium.org/2393953003
v8: https://codereview.chromium.org/1304873011

This is a prerequisite to add metrics around parallel task execution
(low-resolution clocks are useless at that level, but we also don't want
to incur high-latency clocks on machines that can't afford it cheaply).

Bug: chromium:807606
Change-Id: Id18e7be895d8431ebd0e565a1bdf358fe7838489
Reviewed-on: https://chromium-review.googlesource.com/897485
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Gabriel Charette <gab@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51027}
2018-02-01 11:55:42 +00:00
Michal Majewski
804cc9f385 [test] Remove context usage from test processors
Bug: v8:6917
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Id5a7b41502dfd4be43496b1edb958522a8eb0c31
Reviewed-on: https://chromium-review.googlesource.com/895588
Commit-Queue: Michał Majewski <majeski@google.com>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51023}
2018-02-01 10:35:02 +00:00
Gabriel Charette
18c1942371 Do not block in non-main thread tasks in ItemParallelJobTests.
Otherwise bots with a low number of cores will hang trying to schedule
a mere 4 tasks.
This change allowing scheduling of an arbitrary number of test tasks,
the count was also augmented to better stress test the system.

Bug: chromium:805932
Change-Id: Ia10cd583c0675c256b4fd5d2765b50855d77a7f9
Reviewed-on: https://chromium-review.googlesource.com/895584
Commit-Queue: Gabriel Charette <gab@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51019}
2018-02-01 09:09:29 +00:00
Tobias Tebbi
2778b46081 Reland "[turbofan] disable indirect jumps in Turbofan generated switches"
This is a reland of 957ac3641c.

To avoid a race condition TSAN found when accessing FLAG_turbo_disable_switch_jump_table
in the InstructionSelector, this now threads the flag through the CompilationInfo.

Original change's description:
> [turbofan] disable indirect jumps in Turbofan generated switches
>
> Bug:
> Change-Id: I326bf518f895e7c030376210e7797f3dd4a9ae1f
> Reviewed-on: https://chromium-review.googlesource.com/873643
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50984}

Change-Id: I76c2804f140cc116e30881bfd05365a09240e605
Reviewed-on: https://chromium-review.googlesource.com/895643
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51014}
2018-02-01 08:03:04 +00:00
Michal Majewski
d3083b46ee [test] Move options to test config
Bug: v8:6917
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I254d2e545709029346f585b02a9edf91d3f27893
Reviewed-on: https://chromium-review.googlesource.com/893321
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michał Majewski <majeski@google.com>
Cr-Commit-Position: refs/heads/master@{#50996}
2018-01-31 13:46:29 +00:00
Michael Achenbach
16e3f6362d [test] Skip tests that timeout on chromebooks
TBR=gab@chromium.org
NOTRY=true

Bug: chromium:805932
Change-Id: I76e5acb5f2e749f7240abb0cb0596fdf8b72badf
Reviewed-on: https://chromium-review.googlesource.com/895602
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50988}
2018-01-31 12:05:06 +00:00
Michal Majewski
5ede3cb533 Reland "[test] Random seed processor"
This is a reland of 0db74d4974.

Original change's description:
> [test] Random seed processor
> 
> 1. --total-timeout-sec now available for ./run-tests.py. It can be
> useful with infinite seed stressing
> 2. random seed dropped from the context. Now JSON progress indicator
> gets it from the list of command args.
> 
> Bug: v8:6917
> Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
> Change-Id: I73e535bc8face9b913c696b8d5e3a246fa231004
> Reviewed-on: https://chromium-review.googlesource.com/888524
> Commit-Queue: Michał Majewski <majeski@google.com>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50964}

Bug: v8:6917
Change-Id: I1ea376a4abffce5ab65f4834ea7e6d6011765ffa
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/894204
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michał Majewski <majeski@google.com>
Cr-Commit-Position: refs/heads/master@{#50978}
2018-01-31 09:53:34 +00:00
Michael Achenbach
ba30988cbc Revert "[test] Random seed processor"
This reverts commit 0db74d4974.

Reason for revert: https://chromium-swarm.appspot.com/task?id=3b609f9976bac610&refresh=10&show_raw=1

Original change's description:
> [test] Random seed processor
> 
> 1. --total-timeout-sec now available for ./run-tests.py. It can be
> useful with infinite seed stressing
> 2. random seed dropped from the context. Now JSON progress indicator
> gets it from the list of command args.
> 
> Bug: v8:6917
> Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
> Change-Id: I73e535bc8face9b913c696b8d5e3a246fa231004
> Reviewed-on: https://chromium-review.googlesource.com/888524
> Commit-Queue: Michał Majewski <majeski@google.com>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50964}

TBR=machenbach@chromium.org,sergiyb@chromium.org,majeski@google.com

Change-Id: I2d96ea328cda2d09b01ff455e47c77d567fafe00
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6917
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/894522
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50970}
2018-01-30 22:05:03 +00:00
Gabriel Charette
de49b57404 Reland "Smoother distribution of worker assignment in parallel task array."
This is a reland of 76195d9e08.

It was reverted because the new parallel tasks (with higher number
of workers) hang on client.v8.ports bots. Since each test task steals
the worker thread it's assigned but only processes one item before
waiting for completion by others: I think the problem is that there
aren't enough workers in client.v8.ports' config. There aren't any
try bots for this config... reduce the tests to use 4 tasks and
hope for the best (i.e. a 4 core machine that uses "num cores")...

Original change's description:
> Smoother distribution of worker assignment in parallel task array.
>
> This is a merge of https://chromium-review.googlesource.com/c/v8/v8/+/888704
> and https://chromium-review.googlesource.com/c/v8/v8/+/887084
>
> Which implements the fix in CL 887084 correctly in a world where
> there can be more tasks_ than items_ (crbug.com/806237).
>
> Bug: chromium:805932
> Change-Id: I05401be4fdce442644a8973281a9d88bd959b271
> Reviewed-on: https://chromium-review.googlesource.com/892883
> Commit-Queue: Gabriel Charette <gab@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50956}

Reverted-on: https://chromium-review.googlesource.com/893462

Bug: chromium:805932
Change-Id: I4d0bda3b9f52e9160e613a8f34a95e48b814bb9e
Reviewed-on: https://chromium-review.googlesource.com/893362
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Gabriel Charette <gab@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50967}
2018-01-30 20:03:53 +00:00
Gabriel Charette
396e7bc801 Revert "Smoother distribution of worker assignment in parallel task array."
This reverts commit 76195d9e08.

Reason for revert: New parallel tests timeout on the waterfall (I think because it's configured to use less worker threads and TaskProcessingOneItem is currently designed to steal a worker but only process one item...).

Original change's description:
> Smoother distribution of worker assignment in parallel task array.
> 
> This is a merge of https://chromium-review.googlesource.com/c/v8/v8/+/888704
> and https://chromium-review.googlesource.com/c/v8/v8/+/887084
> 
> Which implements the fix in CL 887084 correctly in a world where
> there can be more tasks_ than items_ (crbug.com/806237).
> 
> Bug: chromium:805932
> Change-Id: I05401be4fdce442644a8973281a9d88bd959b271
> Reviewed-on: https://chromium-review.googlesource.com/892883
> Commit-Queue: Gabriel Charette <gab@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50956}

TBR=gab@chromium.org,hpayer@chromium.org,mlippautz@chromium.org

Change-Id: Icf52eb3afeb9467557c1e0db6922d590466943f0
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:805932
Reviewed-on: https://chromium-review.googlesource.com/893462
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Gabriel Charette <gab@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50965}
2018-01-30 16:33:36 +00:00
Michal Majewski
0db74d4974 [test] Random seed processor
1. --total-timeout-sec now available for ./run-tests.py. It can be
useful with infinite seed stressing
2. random seed dropped from the context. Now JSON progress indicator
gets it from the list of command args.

Bug: v8:6917
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I73e535bc8face9b913c696b8d5e3a246fa231004
Reviewed-on: https://chromium-review.googlesource.com/888524
Commit-Queue: Michał Majewski <majeski@google.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50964}
2018-01-30 15:50:49 +00:00
Gabriel Charette
76195d9e08 Smoother distribution of worker assignment in parallel task array.
This is a merge of https://chromium-review.googlesource.com/c/v8/v8/+/888704
and https://chromium-review.googlesource.com/c/v8/v8/+/887084

Which implements the fix in CL 887084 correctly in a world where
there can be more tasks_ than items_ (crbug.com/806237).

Bug: chromium:805932
Change-Id: I05401be4fdce442644a8973281a9d88bd959b271
Reviewed-on: https://chromium-review.googlesource.com/892883
Commit-Queue: Gabriel Charette <gab@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50956}
2018-01-30 11:58:24 +00:00
Yang Guo
b1d09bf6c5 [gyp] move build targets for tests to gypfiles.
Bug: v8:7335
Change-Id: I6610bba00ff558de5826934c326fc2873c91a1a3
Reviewed-on: https://chromium-review.googlesource.com/890742
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50944}
2018-01-30 06:31:00 +00:00
Gabriel Charette
2407b2bd1b Revert "v8::ItemParallelJob : Do not launch more Tasks than there are Items to process."
This reverts commit 8a27c7d396.

Reason for revert: 

Having more tasks then work items is intentional in some use cases, i.e. Scavenging where RunInParallel() does parallel processing on a dynamic workload *after* the initial set of work items:

    {
      barrier_->Start();
      TimedScope scope(&scavenging_time);
      PageScavengingItem* item = nullptr;
      while ((item = GetItem<PageScavengingItem>()) != nullptr) {
        item->Process(scavenger_);
        item->MarkFinished();
      }
      do {
        scavenger_->Process(barrier_);
      } while (!barrier_->Wait());
      scavenger_->Process();
    }

Original change's description:
> v8::ItemParallelJob : Do not launch more Tasks than there are Items to process.
> 
> Except when there are 0 items. For some reason I don't quite understand yet, not
> calling Run() on tasks_[0] when there are 0 items results in DCHECKs...
> 
> Bug: chromium:806237
> Change-Id: I38c8fffde64a42f93f4efda492832651137eebd7
> Reviewed-on: https://chromium-review.googlesource.com/888704
> Commit-Queue: Gabriel Charette <gab@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50924}

TBR=gab@chromium.org,mlippautz@chromium.org

Change-Id: Iad2ab16bb41f339de8e3fbca1c08c5d26b8a0111
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:806237
Reviewed-on: https://chromium-review.googlesource.com/891186
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Gabriel Charette <gab@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50928}
2018-01-29 16:03:46 +00:00
Michael Starzinger
b47427740d [arm][arm64] Implement {kSpeculationFence} operator.
R=tebbi@chromium.org

Change-Id: Iae9a3774eb7913388350ce3cd0a96d6a6cca25e8
Reviewed-on: https://chromium-review.googlesource.com/885845
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50926}
2018-01-29 13:43:53 +00:00
Ross McIlroy
c9941af275 [Intepreter] Add poisoning to bytecode operand reads.
BUG=chromium:798964

Change-Id: I63c373ef3f27a3295fc79f5c82d78b5fd89a83da
Reviewed-on: https://chromium-review.googlesource.com/888752
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50925}
2018-01-29 12:56:43 +00:00
Gabriel Charette
8a27c7d396 v8::ItemParallelJob : Do not launch more Tasks than there are Items to process.
Except when there are 0 items. For some reason I don't quite understand yet, not
calling Run() on tasks_[0] when there are 0 items results in DCHECKs...

Bug: chromium:806237
Change-Id: I38c8fffde64a42f93f4efda492832651137eebd7
Reviewed-on: https://chromium-review.googlesource.com/888704
Commit-Queue: Gabriel Charette <gab@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50924}
2018-01-29 12:53:53 +00:00
Jaroslav Sevcik
ff394b4453 [turbofan] Remove unused instruction continuation handling for stack checks.
Bug: v8:5267
Change-Id: I649554733fdbd00c8e82b09aca35b0ff1f823560
Reviewed-on: https://chromium-review.googlesource.com/890262
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50919}
2018-01-29 09:07:07 +00:00
Ross McIlroy
cb0bc43f20 [Interpreter] Refactor bytecode register access.
Refactors bytecode register access to avoid having to deal with register indexes
directly.

 - Changes Load/StoreRegister to Load/StoreRegisterAtOperandIndex
 - Adds RegisterList abstraction for dealin with lists of registers
 - Adds helpers for Loading / Storing register pairs / triples.

Change-Id: I34427e4bd7314dce0230572212580d6a93ccc2d4
Reviewed-on: https://chromium-review.googlesource.com/887062
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50899}
2018-01-26 14:00:58 +00:00
Deepti Gandluri
1abeb5a3b1 [wasm] Implement wasm sign extension opcodes
- Shift opcode numbers for asmjs-compat opcodes
 - Add --experimental-wasm-se flag to gate sign extension opccodes
 - Fix codegen for ia32 movsx instructions

Bug: v8:6532
Change-Id: If7c9eff5ac76d24496effb2314ae2601bb8bba85
Reviewed-on: https://chromium-review.googlesource.com/838403
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50875}
2018-01-25 23:18:08 +00:00
Michael Starzinger
db7bdf4829 Revert "[platform] Remove {PageAllocator::kReadWriteExecute}."
This reverts commit bf19e60cc5.

Reason for revert: Two issues discovered with W^X in V8's 6.5 branch (see v8:7272 and chromium:793428). Still need a way to disable the feature.

Original change's description:
> [platform] Remove {PageAllocator::kReadWriteExecute}.
> 
> Now that write-protection of code memory is enabled everywhere and V8 is
> fully W^X compliant, we can remove the permission mode in question.
> 
> R=​hpayer@chromium.org
> BUG=v8:6792
> 
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: I80fe95ac6bb0e2d1ad6d993154ce45d492d941be
> Reviewed-on: https://chromium-review.googlesource.com/866855
> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Reviewed-by: Bill Budge <bbudge@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50770}

TBR=bbudge@chromium.org,mstarzinger@chromium.org,hpayer@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:6792
Change-Id: If4a205497ac83084a4092560363affb13b391462
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/883461
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50834}
2018-01-24 12:49:47 +00:00
Ali Ijaz Sheikh
95249bca1f [heap] allocation step should before limit update
Do a step before selecting the limit for the next step. However, as seen
on crbug.com/795323, while this fix makes us more precise in our
accounting, we do ending up seeing steps more frequently. This ends up
invoking the idle scavenger more frequently. To compensate, we adjust
the idle scavenger step size.

Bug: 
Change-Id: I7bc2b1785a564dee27aa3ce6a5a196efe9eb6283
Reviewed-on: https://chromium-review.googlesource.com/838440
Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50816}
2018-01-23 19:32:05 +00:00
Leszek Swirski
c869d40d5a [ignition] Single-switch generator bytecode
Currently, yields and awaits inside loops compile to bytecode which
switches to the top of the loop header, and switch again once inside the
loop. This is to make loops reducible.

This replaces this switching logic with a single switch bytecode that
directly jumps to the bytecode being resumed. Among other things, this
allows us to no longer maintain the generator state after the switch at
the top of the function, and avoid having to track loop suspend counts.

TurboFan still needs to have reducible loops, so we now insert loop
header switches during bytecode graph building, for suspends that are
discovered to be inside loops during bytecode analysis. We do, however,
do some environment magic across loop headers since we know that we will
continue switching if and only if we reached that loop header via a
generator resume. This allows us to generate fewer phis and tighten
liveness.

Change-Id: Id2720ce1d6955be9a48178322cc209b3a4b8d385
Reviewed-on: https://chromium-review.googlesource.com/866734
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50804}
2018-01-23 14:27:02 +00:00
Michael Lippautz
dfa36e9fab [object-stats] Add unittest for clashing instance types
Bug: v8:7266
Change-Id: I1436d39281caa9daf33289840d19a4a5e1ba476d
Reviewed-on: https://chromium-review.googlesource.com/880843
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50795}
2018-01-23 11:38:15 +00:00
Yang Guo
f9934aa9cf [gyp] move gyp files from src to gypfiles.
Bug: v8:7341
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I90879be3a94745859b7da7c9bb9b6533af11cc2d
Reviewed-on: https://chromium-review.googlesource.com/878221
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50790}
2018-01-23 09:54:36 +00:00