Commit Graph

46465 Commits

Author SHA1 Message Date
Benedikt Meurer
0875778fd8 [turbofan] Teach TurboFan about the TypedArray constructor.
This introduces a new JSCreateTypedArray operator, backed by a dedicated
CreateTypedArray builtin, and adds support to lowering new TypedArray
calls to this operator. This way we avoid the overhead of going through
the generic construct stub machinery for hot code. This not only
recovers the performance regression on the typed array constructor
benchmarks, but even improves slightly beyond what we had in 6.6.

We might in the future try to fully inline the TypedArray constructor
into optimized code for certain cases.

Bug: chromium:820726, v8:7503, v8:7518
Change-Id: Ied465924d5695db576d533792f1db68456b9b5ea
Reviewed-on: https://chromium-review.googlesource.com/959010
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51973}
2018-03-15 20:46:16 +00:00
Clemens Hammacher
bed027648e [d8] Wait for wasm background compilation to complete
Prevent d8 from exiting while wasm background compilation is still
going on. This prevents the need to use the testRunner to execute
webassembly tests in d8.

R=yangguo@chromium.org
CC=ahaas@chromium.org

Change-Id: I86fb7ce260fc56ee87040742f77b0ff86b8fbd53
Reviewed-on: https://chromium-review.googlesource.com/964221
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51972}
2018-03-15 20:19:17 +00:00
Eric Holk
dfe7eb84e3 Mark neteured ArrayBuffers as not neuterable
Bug: chromium:821368
Change-Id: I4e7032d76a0ac0e291b9dab2f7bcb58ce84827cf
Reviewed-on: https://chromium-review.googlesource.com/963601
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51971}
2018-03-15 18:19:32 +00:00
Benedikt Meurer
c65f0a78c3 [turbofan] NumberToString can return non-sequential strings.
TurboFan assumed that the output of NumberToString is always a
sequential string, since that's what we put into the number to
string table. However we might eventually morph these strings
into ThinStrings when we need to internalize them, in which case
the type in TurboFan will be wrong, and we read out of bounds.

Also-By: tebbi@chromium.org
Bug: chromium:822284
Change-Id: I5aebe73028b95849fff72bba262c517677112353
Reviewed-on: https://chromium-review.googlesource.com/964523
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51970}
2018-03-15 17:52:12 +00:00
Erik Luo
3813cbf210 [debug] use flag to decide whether interceptor has side effect
Adds a flag onto InterceptorInfo to mark an interceptor's getter,
query, and enumerator callbacks as side-effect-free.

Bug: v8:7515
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Iafc5d2fa554d6d9a38604e179ea5b884c3b77af0
Reviewed-on: https://chromium-review.googlesource.com/957870
Commit-Queue: Erik Luo <luoe@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51969}
2018-03-15 17:40:12 +00:00
Ben L. Titzer
3669ff293e [wasm] Remove dead code from wasm-code-specialization
R=clemensh@chromium.org

Change-Id: I97cadf40e441c5d19a1ea9b03a5d2f04505f04c5
Reviewed-on: https://chromium-review.googlesource.com/964365
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51968}
2018-03-15 17:37:32 +00:00
Mathias Bynens
697d39abff [esnext] Implement Array.prototype.{flatten,flatMap} 🥙
Proposal repo: https://tc39.github.io/proposal-flatMap/

Bug: v8:7220
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I61661fc6d5c39d084ce5c96a9e150e5c26799e2d
Also-By: bmeurer@chromium.org
Reviewed-on: https://chromium-review.googlesource.com/957043
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51967}
2018-03-15 17:26:12 +00:00
jgruber
f8fb4a5c74 [builtins] Verify process-independence in release mode
These checks are critical even in release mode. They won't impact
runtime performance since this happens at snapshot-time.

TBR=yangguo@chromium.org

Bug: v8:6666
Change-Id: I342d9f80c6b882363da00630385686ac6a02cf5d
Reviewed-on: https://chromium-review.googlesource.com/964524
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51966}
2018-03-15 16:58:12 +00:00
Benedikt Meurer
d6e2398a9d Reland "[turbofan] Consistently use String feedback for JSAdd."
This is a reland of d504203e93

Original change's description:
> [turbofan] Consistently use String feedback for JSAdd.
> 
> Currently we didn't always consistently use the String feedback on
> JSAdd, but only if JSTypedLowering would already figure out statically
> that one of the inputs is already a String. That leads to some odd
> performance cliffs, as highlighted in the referenced bug.
> 
> This CL fixes the JSTypedLowering::ReduceJSAdd to always bake in the
> String feedback. This improves the relevant performance tests from the
> bug from
> 
>   console.timeEnd: Runtime join3, 967.512000
>   console.timeEnd: Runtime join, 1004.599000
>   console.timeEnd: Runtime join3, 1124.764000
>   console.timeEnd: Runtime join, 966.164000
>   console.timeEnd: Runtime join3, 1145.296000
>   console.timeEnd: Runtime join, 966.176000
>   console.timeEnd: Runtime join3, 1145.272000
>   console.timeEnd: Runtime join, 931.266000
> 
> to
> 
>   console.timeEnd: Runtime join3, 903.050000
>   console.timeEnd: Runtime join, 856.509000
>   console.timeEnd: Runtime join3, 945.144000
>   console.timeEnd: Runtime join, 840.038000
>   console.timeEnd: Runtime join3, 927.965000
>   console.timeEnd: Runtime join, 841.263000
>   console.timeEnd: Runtime join3, 929.342000
>   console.timeEnd: Runtime join, 858.143000
> 
> which corresponds to an 8-18% improvement.
> 
> Bug: v8:7415
> Change-Id: I62e008298e4ee0864885b37817c91d055acf2a09
> Reviewed-on: https://chromium-review.googlesource.com/936643
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51551}

Bug: v8:7415
Change-Id: Idbc889dc070f764dacf3bf535e41d0e66ab09bea
Reviewed-on: https://chromium-review.googlesource.com/964421
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51965}
2018-03-15 16:12:50 +00:00
Sathya Gunasekaran
acae2f2b65 [ignition] Set correct expression position for ObjectLiteral keys/values
Given the following input,
  const config = {
    min: Math.min(1, 2),
    func: myfunc(),
  }

Previously, the error was,
  ➜ ./out.gn/x64.release/d8 _test.js
  _test.js:3: ReferenceError: myfunc is not defined
    min: Math.min(1, 2),
              ^
  ReferenceError: myfunc is not defined
      at _test.js:3:13

Now, the error is,
  ➜ ./out.gn/x64.release/d8 _test.js
  _test.js:4: ReferenceError: myfunc is not defined
    func: myfunc(),
          ^
  ReferenceError: myfunc is not defined
      at _test.js:4:9

Bug: v8:7507
Change-Id: Ia65b445fdbc1369ecce80f4fc2040e500c807d40
Reviewed-on: https://chromium-review.googlesource.com/964182
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51964}
2018-03-15 15:36:41 +00:00
Benedikt Meurer
ef546d6872 [turbofan, ia32] Fix moves from constant to poison register.
This makes the moves from constants to the poisoning register
explicit so that the register allocator does not have to burn
a register on it.

Bug: chromium:798964, chromium:820726, v8:7503, v8:7518
Change-Id: Ifc8f9a2f685405dd38fec583bb0e20c3f0320903
Reviewed-on: https://chromium-review.googlesource.com/964202
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51963}
2018-03-15 15:05:08 +00:00
Jakob Gruber
fda0d684c3 Revert "[builtins] Remove off-heap builtins from the snapshot"
This reverts commit f1b1ec70a6.

Reason for revert: Tentative revert for https://logs.chromium.org/v/?s=chromium%2Fbb%2Fclient.v8.fyi%2FV8-Blink_Mac%2F13696%2F%2B%2Frecipes%2Fsteps%2Fwebkit_unit_tests%2F0%2Fstdout

Original change's description:
> [builtins] Remove off-heap builtins from the snapshot
> 
> This CL is the final major step towards shipping off-heap-safe builtins
> embedded into the binary.
> 
> Prior to snapshot serialization, we now:
> * create the embedded blob containing off-heap instruction streams,
> * use that to generate embedded.cc (containing embedded binary data),
> * replace off-heap-safe builtins with trampolines,
> * and serialize those into the final snapshot.
> 
> The new RelocInfo::OFF_HEAP_TARGET kind is used to fix up trampoline
> targets on deserialization.
> 
> Bug: v8:6666
> Change-Id: Ib07aea9e3bd7ecdec42291c1388b3a7453ea96ce
> Reviewed-on: https://chromium-review.googlesource.com/950775
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51960}

TBR=yangguo@chromium.org,mstarzinger@chromium.org,jgruber@chromium.org

Change-Id: I58dd4bf9a99d37416855b48807150e1dd9ecd9e8
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6666
Reviewed-on: https://chromium-review.googlesource.com/964363
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51962}
2018-03-15 14:25:10 +00:00
Hannes Payer
ef99ff6ed4 [heap] Don't spawn new GC tasks when the heap is in TEAR_DOWN state.
Change-Id: I57da95525e09820ed1a1697cc4eb1e39ecb7c7cc
Reviewed-on: https://chromium-review.googlesource.com/964282
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51961}
2018-03-15 14:23:58 +00:00
jgruber
f1b1ec70a6 [builtins] Remove off-heap builtins from the snapshot
This CL is the final major step towards shipping off-heap-safe builtins
embedded into the binary.

Prior to snapshot serialization, we now:
* create the embedded blob containing off-heap instruction streams,
* use that to generate embedded.cc (containing embedded binary data),
* replace off-heap-safe builtins with trampolines,
* and serialize those into the final snapshot.

The new RelocInfo::OFF_HEAP_TARGET kind is used to fix up trampoline
targets on deserialization.

Bug: v8:6666
Change-Id: Ib07aea9e3bd7ecdec42291c1388b3a7453ea96ce
Reviewed-on: https://chromium-review.googlesource.com/950775
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51960}
2018-03-15 13:51:29 +00:00
Ben L. Titzer
c5253448c2 [wasm] Refactorings to improve naming
- Rename WasmCode::owner() to WasmCode::native_module() and
- Make {shared} field of WasmCompiledModule no-longer const, since
  it had a setter masquerading under the
  {OnWasmModuleDeserialization()}.
- Refactor and simplify the flow of "owner" in module-compiler.cc

R=mstarzinger@chromium.org

Change-Id: If9ee371124678fbbc845fc4e93279bf14f8f7ce8
Reviewed-on: https://chromium-review.googlesource.com/964263
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51959}
2018-03-15 13:47:58 +00:00
Sathya Gunasekaran
4c09a92fc4 [numeric separator] Stage numeric separators
Bug: v8:7317
Change-Id: I44713155597549a148bdab7a6f16641cc3918a66
Reviewed-on: https://chromium-review.googlesource.com/962147
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51958}
2018-03-15 13:11:58 +00:00
Michael Achenbach
19e1100c15 [build] Don't generate snapshot.cc with external startup data
Bug: v8:7441
Change-Id: I4dda34f22a1281c869fdf7b31108908f834ab30c
Reviewed-on: https://chromium-review.googlesource.com/960034
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51957}
2018-03-15 12:50:57 +00:00
Ulan Degenbaev
6ad63309ed [api] Restore v8::V8::InitializeICU API.
This function re-uses the implementation of InitializeICUDefaultLocation.

Removal of the API breaks embedders' code without providing any benefit.

Bug: v8:7561
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I006cd307887ac132f574af26ca9cd1d5e5317644
Reviewed-on: https://chromium-review.googlesource.com/963024
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51956}
2018-03-15 12:32:21 +00:00
Hannes Payer
ab0565af06 [heap] Add a TEAR_DOWN state to heap states which is set when the heap is tearing down.
Bug: chromium:818585
Change-Id: I31032ba230ee2eb9f0bbcab0af720e23c3d6ae11
Reviewed-on: https://chromium-review.googlesource.com/962428
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51955}
2018-03-15 12:31:17 +00:00
Michael Starzinger
56d7986f39 [wasm] Remove obsolete parameter from {ModuleCompiler}.
R=clemensh@chromium.org
BUG=v8:7549

Change-Id: I713b458236cd0257eeb468caa2c6cfb68afb7a37
Reviewed-on: https://chromium-review.googlesource.com/964122
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51954}
2018-03-15 12:21:16 +00:00
Daniel Clifford
9d043828f2 Remove extraneous include from objects.h
Change-Id: Ic682a8e0a3340fe20a0f6300508197e6ec8f211d
Reviewed-on: https://chromium-review.googlesource.com/963710
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51953}
2018-03-15 12:20:12 +00:00
Clemens Hammacher
0fc3634047 [d8] Don't process message queues in load
After processing the string loaded from a file, don't process message
queues. Otherwise, stack traces generated in any processed task will
contain the stack trace of the load. This also introduces
nondeterminism, since it depends on the timing whether something will
be processed inside the load or outside.

Drive-by: Introduce enums for the different bools, to make their
meaning more obvious at call sites.

R=yangguo@chromium.org
CC=herhut@chromium.org

Change-Id: Ib48ee01be8c443a2a408ecb1c9e34bb9ba5a8fe7
Reviewed-on: https://chromium-review.googlesource.com/964141
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51952}
2018-03-15 12:19:07 +00:00
Ulan Degenbaev
9fe417cb7f [api] Restore the simple version of Message::GetEndColumn API.
This also undeprecates Message::GetStartColumn API.

The simple versions are easier to use for the embedders and have the
same implementation as the complex versions.

Bug: v8:7560
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I656161b04c5d9de6d1de9435b7825009f96572a5
Reviewed-on: https://chromium-review.googlesource.com/963322
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51951}
2018-03-15 12:16:38 +00:00
Sathya Gunasekaran
e77eebfe3b [numeric separator] Simplify error handling
Pointing to the exact spot of the incorrect numeric separator seems
clearer both in terms of the error itself, and the resulting code in
scanner because we don't have to keep track of the start position.

Previously, the error was:
  ➜ ./out.gn/x64.release/d8 --harmony-numeric-separator -e '0x1__1'
  unnamed:1: SyntaxError: Only one underscore is allowed as numeric separator
  0x1__1
  ^^^^
  SyntaxError: Only one underscore is allowed as numeric separator

Now, the error is:
  ➜ ./out.gn/x64.release/d8 --harmony-numeric-separator -e '0x1__1'
  unnamed:1: SyntaxError: Only one underscore is allowed as numeric separator
  0x1__1
      ^
  SyntaxError: Only one underscore is allowed as numeric separator


Bug: v8:7317
Change-Id: I7df1b39816e51a97234da6ed0fca1bf8c0223c3e
Reviewed-on: https://chromium-review.googlesource.com/962241
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51950}
2018-03-15 12:09:06 +00:00
Tobias Tebbi
a1fe961c7c Revert "[turbofan] Consistently use String feedback for JSAdd."
This reverts commit d504203e93.

Reason for revert: b/74469145

Original change's description:
> [turbofan] Consistently use String feedback for JSAdd.
> 
> Currently we didn't always consistently use the String feedback on
> JSAdd, but only if JSTypedLowering would already figure out statically
> that one of the inputs is already a String. That leads to some odd
> performance cliffs, as highlighted in the referenced bug.
> 
> This CL fixes the JSTypedLowering::ReduceJSAdd to always bake in the
> String feedback. This improves the relevant performance tests from the
> bug from
> 
>   console.timeEnd: Runtime join3, 967.512000
>   console.timeEnd: Runtime join, 1004.599000
>   console.timeEnd: Runtime join3, 1124.764000
>   console.timeEnd: Runtime join, 966.164000
>   console.timeEnd: Runtime join3, 1145.296000
>   console.timeEnd: Runtime join, 966.176000
>   console.timeEnd: Runtime join3, 1145.272000
>   console.timeEnd: Runtime join, 931.266000
> 
> to
> 
>   console.timeEnd: Runtime join3, 903.050000
>   console.timeEnd: Runtime join, 856.509000
>   console.timeEnd: Runtime join3, 945.144000
>   console.timeEnd: Runtime join, 840.038000
>   console.timeEnd: Runtime join3, 927.965000
>   console.timeEnd: Runtime join, 841.263000
>   console.timeEnd: Runtime join3, 929.342000
>   console.timeEnd: Runtime join, 858.143000
> 
> which corresponds to an 8-18% improvement.
> 
> Bug: v8:7415
> Change-Id: I62e008298e4ee0864885b37817c91d055acf2a09
> Reviewed-on: https://chromium-review.googlesource.com/936643
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51551}

TBR=jarin@chromium.org,bmeurer@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:7415
Change-Id: I106a314bcd4187abdad6dc11306226d0c28ef524
Reviewed-on: https://chromium-review.googlesource.com/963522
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51949}
2018-03-15 11:44:36 +00:00
Vasili Skurydzin
3032a9ffb5 PPC/s390: [TurboFan] Use the FlagsContinuation more effectively
Port ab9ac99458

Original Commit Message:

    We can reduce boilerplate if we pass the continuation to
    some InstructionSelector::Emit.* methods.

R=mvstanton@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: Ia9ddd0dcf5d6115ee9f8c35e1b05c10f9f0c4b39
Reviewed-on: https://chromium-review.googlesource.com/959441
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#51948}
2018-03-15 11:43:16 +00:00
Clemens Hammacher
410893e9a9 [Liftoff][x64] Assert that 32-bit values are zero extended
On x64, the upper 32 bit of a register holding a 32-bit value are
always zero. Add several assertions to check that. This is particularly
important for memory accesses, where the whole 64-bit register is used
as offset for the memory access.

R=titzer@chromium.org

Bug: v8:6600
Change-Id: Ifd3c6e90bb0056dbc2b8c66de919f35c7787965b
Reviewed-on: https://chromium-review.googlesource.com/963321
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51947}
2018-03-15 11:28:12 +00:00
Sathya Gunasekaran
ad6c11f2df [numeric-separator] Enable test262 tests
Bug: v8:7317
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I2920abc732b9006a24fcf11edb6bb779ac627d5a
Reviewed-on: https://chromium-review.googlesource.com/961064
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51946}
2018-03-15 11:23:06 +00:00
Ulan Degenbaev
29471bdb36 [heap-profiler] Annotate "const/let" refs in top level script context.
This patch extends ExtractContextReferences to handle all declaration
contexts, not only function/module/eval contexts.

Bug: chromium:817954
Change-Id: Ibe2827a9d6b2939552da26a60df959c9b22ea059
Reviewed-on: https://chromium-review.googlesource.com/962763
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51945}
2018-03-15 11:20:26 +00:00
Junliang Yan
7c8476a2b6 [memory] fix endian issue on FeedbackMetadata::synchronized_slot_count
Bug: v8:7558
Change-Id: I7f4eae87fad6b707c5defa033f4eaf6037c864ba
Reviewed-on: https://chromium-review.googlesource.com/963166
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51944}
2018-03-15 10:36:26 +00:00
Sathya Gunasekaran
9c98391015 [numeric separator] Ban implicit octal support
Bug: v8:7317
Change-Id: I20fb706c05852668a5a6ae8b69c150ae2e6b2f65
Reviewed-on: https://chromium-review.googlesource.com/960901
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51943}
2018-03-15 10:34:56 +00:00
sreten.kovacevic
0b67384afd [Liftoff][mips] Implement CallerFrameSlot instructions
Implement Push and Load CallerFrameSlot instructions.
Also, fix some issues that was revealed after these changes.

Bug: v8:6600
Change-Id: I658c26b0dcec489e7e549d4f1fbd4ccd89a6ea99
Reviewed-on: https://chromium-review.googlesource.com/964001
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#51942}
2018-03-15 10:24:27 +00:00
Michael Starzinger
b20aafb967 [wasm] Remove dead exported wrapper handling from {NativeModule}.
R=titzer@chromium.org

Change-Id: I9c947440e4e92ff7176d8dc2f334182c524898f9
Reviewed-on: https://chromium-review.googlesource.com/962451
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51941}
2018-03-15 10:12:46 +00:00
Ilija Pavlovic
8581e30929 [mips]: Skip mjsunit/harmony/bigint/regressions.
This test creates a BigInt object with size more then 250 MB. On certain
test systems, this large memory consumption will cause the test failing.
Therefore, this test will be skipped for MIPS32 architecture.

TEST=mjsunit/harmony/bigint/regressions
BUG=

Change-Id: I21bf86c3e6058818c6db3ed8970c0f1e3873e0a6
Reviewed-on: https://chromium-review.googlesource.com/962381
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#51940}
2018-03-15 09:34:46 +00:00
Yang Guo
aaa854d6b4 Also install sysroot for building Node.
Previously install-sysroot.py relied on gyp. This should be fixed now.
This way, tools/node/fetch_deps.py can also be used to fetch
dependencies when building V8 to run V8 tests from a Node.js checkout.

R=machenbach@chromium.org

Change-Id: Ic4ee425d6ae744c32f604d14fbfdb0554a00c486
Reviewed-on: https://chromium-review.googlesource.com/962421
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51939}
2018-03-15 08:24:56 +00:00
Erik Luo
d452a7f63a [inspector] queryObjects() should take objectGroup
Now, 'queryObjects' takes an optional 'objectGroup' argument,
allowing the frontend to release the response value.

This is important because each call produces a new Array, which
could not be released before.

Bug: chromium:815263
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I18c9a68c4ba45020fce9eea63cb263396a18d498
Reviewed-on: https://chromium-review.googlesource.com/935153
Commit-Queue: Erik Luo <luoe@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51938}
2018-03-14 20:12:56 +00:00
Junliang Yan
25363b8f2e [wasm] Make NativeModule::LinkAll to use CodeSpecialization
- Update CodeSpecialization::RelocateDirectCalls and ApplyToWholeInstance to take a native module instead
- Use CodeSpecialization on NativeModule::LinkAll

Bug: v8:7539
Change-Id: I71ceb3114e8a0fca71dfa32f0721ef5fb4485eb4
Reviewed-on: https://chromium-review.googlesource.com/959592
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51937}
2018-03-14 19:58:03 +00:00
Michael Lippautz
a07b245e01 [heap-profiler] Annotate global handle
Annotate global handle with label to identify the context held alive for
debugging in DevTools

Bug: chromium:811842
Change-Id: I24f08b4d01939421ba1b7ec7b03982f00ebbdd1a
Reviewed-on: https://chromium-review.googlesource.com/962788
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51936}
2018-03-14 19:49:03 +00:00
Corentin Wallez
7b88f3569e auto_roll.py: use LUCI for the optional GPU tests on Linux
TBR=machenbach@chromium.org

BUG=chromium:815092

Change-Id: Ib49dc50e41f0a7ec26d974b3d9d302003230f6e4
Reviewed-on: https://chromium-review.googlesource.com/962993
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Corentin Wallez <cwallez@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51935}
2018-03-14 19:21:04 +00:00
Sergiy Byelozyorov
083171e989 Whitespace CL
TBR=sergiyb@chromium.org

No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Bug: chromium:821689
Change-Id: Ia4010368738791ded4f0b27ef28d54ca3961e165
Reviewed-on: https://chromium-review.googlesource.com/962790
Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51934}
2018-03-14 18:44:02 +00:00
Caitlin Potter
b8229612bf Reland "[esnext] re-implement template strings"
- Add a new bytecode for the ToString operation, replacing the old
intrinsic call (currently does not collect type feedback).
- Add a new AST node to represent TemplateLiterals, and avoid
generating unnecessary ToString operations in some simple cases.
- Use a single feedback slot for each string addition, because the
type feedback should always be the same for each addition

This seems to produce a very slight improvement on JSTests benchmarks
and bench-ruben.js from v8:7415, and it's possible that type feedback
for the ToString bytecode could provide more opportunities to eliminate
the runtime call in TurboFan.

Doesn't touch tagged templates

[esnext] fix OOB read in ASTPrinter::VisistTemplateLiteral

Fixes an error where TemplateLiteral printing in --print-ast
would try to read an element beyond the length of a vector.

BUG=v8:7415, chromium:820596
R=adamk@chromium.org, gsathya@chromum.org, rmcilroy@chromium.org, ishell@chromium.org, bmeurer@chromium.org

Change-Id: Ie56894f73a6445550a5f95f42160c4e29ab1da42
Reviewed-on: https://chromium-review.googlesource.com/958408
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Cr-Commit-Position: refs/heads/master@{#51933}
2018-03-14 18:12:09 +00:00
Ben L. Titzer
39bc48e283 [wasm] Add untagged context properties to WasmInstanceObject
This CL is preparation for moving the contents of the WasmContext
directly into the WasmInstanceObject. The moved fields are all untagged
pointers to C++ memory or untagged sizes which will be used in
generated machine code for WASM. They are not currently used, but
they are all set to kHeapObjectTag to make sure they are not
interpreted as tagged by the GC, using a custom object descriptor.

R=mstarzinger@chromium.org
CC=clemensh@chromium.org

Bug: v8:7424
Change-Id: Ie5d5161df32564dcac74c6ff659f1a38ddca3cb0
Reviewed-on: https://chromium-review.googlesource.com/961065
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51932}
2018-03-14 17:59:59 +00:00
Sergiy Byelozyorov
507fe1d105 Whitespace CL
TBR=sergiyb@chromium.org

No-Try: true
No-Presubmit: true
Bug: chromium:821689
Change-Id: Ia5c13fb9d22a5695025434f3e48821469a79a0a3
Reviewed-on: https://chromium-review.googlesource.com/963021
Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51931}
2018-03-14 17:58:41 +00:00
Clemens Hammacher
92a37d0218 [Liftoff] Add integer conversions
This adds support for i32.wrap/i64, i64.extend_s/i32, and
i64.extend_u/i32.

R=titzer@chromium.org

Bug: v8:6600
Change-Id: Iaeac1d24a53d044151cb244fffe3eab04314d908
Reviewed-on: https://chromium-review.googlesource.com/962281
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51930}
2018-03-14 15:41:19 +00:00
Dan Elphick
7f44053c9e [builtins] Skip redundantly setting array length in Array.from
Now that Array.from() always calls the runtime to set the length if it's
not equal to the current length, don't actually set it on the fast path
since it's unobservable and doesn't change anything.

Also remove check for the array being writable since it's no longer
needed.

Change-Id: I0928d80b445807912fd925f7957c9a76385fc6bc
Reviewed-on: https://chromium-review.googlesource.com/961403
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51929}
2018-03-14 14:39:26 +00:00
Michael Starzinger
4dc6889753 [objects] Remove unused {Code::trap_handler_index} field.
R=titzer@chromium.org
BUG=v8:7549

Change-Id: Ie77a22f0a6204d673d130be45ca20d5986cddd88
Reviewed-on: https://chromium-review.googlesource.com/962423
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51928}
2018-03-14 14:21:34 +00:00
Michael Starzinger
662cfb44e4 [wasm] Remove obsolete {WasmFunctionInfo} structure.
R=titzer@chromium.org
BUG=v8:7549

Change-Id: Ibae3ea41306ae89ee5caaa6ab2fdec6f08f2040c
Reviewed-on: https://chromium-review.googlesource.com/962361
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51927}
2018-03-14 13:46:08 +00:00
Ben L. Titzer
9123f3a490 [wasm] Remove WASM_TABLE_SIZE_REFERENCE and related
This removes the relocation mode and code specialization for table
sizes. These are now stored in the context and not inlined into code.

Bug: v8:7549, v8:7424

R=mstarzinger@chromium.org

Change-Id: I4cec78fdd365cd0c1dab9f5f4b40ffb69f540bda
Reviewed-on: https://chromium-review.googlesource.com/962221
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51926}
2018-03-14 13:45:03 +00:00
Michael Starzinger
a7aa926459 [wasm] Remove unused {WasmCompiledModule::function_tables} field.
R=clemensh@chromium.org
BUG=v8:7549

Change-Id: Ied73ba2c146441c87c5ada65285037b68a83abe1
Reviewed-on: https://chromium-review.googlesource.com/962026
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51925}
2018-03-14 13:14:32 +00:00
Benedikt Meurer
c54d93d6d0 [turbofan] Fix inconsistent treatment of SpeculativeToNumber.
This is a partial revert of e583fc836b.
The reasoning here is that the treatment of SpeculativeToNumber[hint]
was not consistent (which led to the original bug that caused the
performance regression): The semantics of the operator is that it turns
its input into a number, and might bailout if the input is too complex
to accomplish that within optimized code. It can use the hint to handle
even fewer cases without the risk of a deoptimization loop. However it
cannot rely on the hint influencing the output, especially not before
SimplifiedLowering ran. The code for the OOB element access however
relied on the hint being enforced, which caused the original bug.

This CL repairs that and instead uses CheckSmi for the OOB element
access guard.

Also-By: tebbi@chromium.org
Bug: chromium:819298, chromium:820729
Change-Id: I9b2170ccf9b5561d698c0108e93e538cac1e708c
Reviewed-on: https://chromium-review.googlesource.com/961066
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51924}
2018-03-14 13:13:13 +00:00