Commit Graph

39442 Commits

Author SHA1 Message Date
Alexei Filippov
3ed5dfb8a3 [cpu-profiler] turn several std::map's into unordered_map's.
Change-Id: I8b9308d7628d7efc2a2212ef3a3aa52ccddbfb36
Reviewed-on: https://chromium-review.googlesource.com/1048036
Commit-Queue: Alexei Filippov <alph@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53133}
2018-05-11 19:05:45 +00:00
Matheus Marchini
e9b66e8728 [inspector] explicitly declare default constructor
Node.js still support older versions of clang, and some of those
versions require us to explicitly declare default constructors for
classes. While updating V8 to 6.7 on Node.js we hit a build failure on
Mac OS X and FreeBSD because there was one constructor not complying
with that rule. This commit fixes it.

R=bmeurer@google.com, franzih@google.com, ofrobots@google.com, yangguo@google.com

Bug: v8:7743
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I1f57f0c88c27e4755c9e05f6fedd9def55d8cb77
Reviewed-on: https://chromium-review.googlesource.com/1050666
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
Cr-Commit-Position: refs/heads/master@{#53132}
2018-05-11 17:48:45 +00:00
Michael Starzinger
f6fbbc0c51 [wasm] Move {export_wrappers} field to {WasmModuleObject}.
This makes the fact that export wrapper code is shared across instances
explicit by hanging the {export_wrappers} array off the module object
instead of the instance-specific {WasmCompiledModule} object.

R=titzer@chromium.org

Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ic5c73bcc17f759e520c105317361e5654628b99e
Reviewed-on: https://chromium-review.googlesource.com/1051987
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53131}
2018-05-11 16:00:58 +00:00
sreten.kovacevic
a2430e247c [Liftoff][mips64] Change {kLoadI32} case
In case of {kLoadI32}, use same sequence of instructions as in case
of {kI64LoadI32S}. This fixes irregular behavior on target.

TEST=cctest/test-run-wasm/RunWasmLiftoff_I32ShrSOnDifferentRegisters

Change-Id: I7ae6915c8b9bacb682e01db2c00f0c280dbb8254
Reviewed-on: https://chromium-review.googlesource.com/1054878
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#53130}
2018-05-11 14:53:36 +00:00
Ulan Degenbaev
97ddfc3e3d Reland "[heap] Unprotect code pages on demand in MinorMC"
This reverts commit be2f237d85.

Original change's description:
> [heap] Unprotect code pages on demand in MinorMC
>
> This reduces average pause of MinorMC in Richards benchmark from 0.32ms
> to 0.25ms:
>
> baseline pause
>   len: 22
>   min: 0.3
>   max: 0.6
>   avg: 0.322727272727
>   [0,5[: 22
>
> pause
>   len: 22
>   min: 0.2
>   max: 0.7
>   avg: 0.254545454545
>   [0,5[: 22
>
> Bug: chromium:651354

Change-Id: I9d70037dda612528368fb1ba330dc6f6510a14a6
Reviewed-on: https://chromium-review.googlesource.com/1055450
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53129}
2018-05-11 14:48:56 +00:00
Ulan Degenbaev
dc1906a71d [heap] Optimize root visitor of MinorMC
The root visitor now collects marked roots in the marking worklist and
filters out objects that are not in the new space.

This reduces average marking time in MinorMC in Richards from 0.08ms
to 0.04ms:

baseline mark:
  len: 22
  min: 0.07
  max: 0.18
  avg: 0.0809090909091
  [0,5[: 22

mark
  len: 22
  min: 0.03
  max: 0.13
  avg: 0.0409090909091
  [0,5[: 22

Bug: chromium:651354
Change-Id: I979e2f5ba331f88029b69bab23978f7fcadb7024
Reviewed-on: https://chromium-review.googlesource.com/1055490
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53128}
2018-05-11 14:12:15 +00:00
Ulan Degenbaev
be2f237d85 Revert "[heap] Unprotect code pages on demand in MinorMC"
This reverts commit 0bf9c60c09.

Reason for revert: breaks minor_mc bot

Original change's description:
> [heap] Unprotect code pages on demand in MinorMC
> 
> This reduces average pause of MinorMC in Richards benchmark from 0.32ms
> to 0.25ms:
> 
> baseline pause
>   len: 22
>   min: 0.3
>   max: 0.6
>   avg: 0.322727272727
>   [0,5[: 22
> 
> pause
>   len: 22
>   min: 0.2
>   max: 0.7
>   avg: 0.254545454545
>   [0,5[: 22
> 
> Bug: chromium:651354
> Change-Id: I701ca800d7c6986534d1de2e3051476e91a88d7d
> Reviewed-on: https://chromium-review.googlesource.com/1055507
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53125}

TBR=ulan@chromium.org,hpayer@chromium.org,mlippautz@chromium.org

Change-Id: Ib227e37fa60d608f94c3111a9b431baf0f488790
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:651354
Reviewed-on: https://chromium-review.googlesource.com/1053970
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53127}
2018-05-11 13:43:56 +00:00
Michael Starzinger
a116902ec9 [iwyu] Don't include "bytecode-register.h" from "objects.h".
R=titzer@chromium.org
BUG=v8:7754,v8:7490

Change-Id: Ib6d34c1716f9f877c7e04391ee59c2a12df2d0d3
Reviewed-on: https://chromium-review.googlesource.com/1054873
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53126}
2018-05-11 13:15:45 +00:00
Ulan Degenbaev
0bf9c60c09 [heap] Unprotect code pages on demand in MinorMC
This reduces average pause of MinorMC in Richards benchmark from 0.32ms
to 0.25ms:

baseline pause
  len: 22
  min: 0.3
  max: 0.6
  avg: 0.322727272727
  [0,5[: 22

pause
  len: 22
  min: 0.2
  max: 0.7
  avg: 0.254545454545
  [0,5[: 22

Bug: chromium:651354
Change-Id: I701ca800d7c6986534d1de2e3051476e91a88d7d
Reviewed-on: https://chromium-review.googlesource.com/1055507
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53125}
2018-05-11 13:06:25 +00:00
Dan Elphick
fad99f5e21 [objects] Disallow externalizing RO_SPACE 2-byte strings
This was already the case for 1-byte strings. This prevents crashes when
attempting to externalize such strings.

Bug: chromium:842078, v8:7464
Change-Id: I3092a6748edaf77b2689f7b6f6b949929998e508
Reviewed-on: https://chromium-review.googlesource.com/1054290
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53124}
2018-05-11 12:37:55 +00:00
Hannes Payer
fc663faa50 Abort optimized code compilation gracefully when code allocation fails.
Currently we are throwing an out-of-memory fatal error.

Bug: chromium:840329
Change-Id: I736dee890b6a338b458c9a4cc1c3fbb95e95742b
Reviewed-on: https://chromium-review.googlesource.com/1050285
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53123}
2018-05-11 11:51:55 +00:00
Igor Sheludko
93bcce68a8 [csa] Typify dictionary related code.
Bug: v8:7754
Change-Id: I44d20d55f5da0a0f95b89a565dbe21304c6d174c
Reviewed-on: https://chromium-review.googlesource.com/1052111
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53122}
2018-05-11 11:46:16 +00:00
Hannes Payer
8251c14664 [heap] Cleanup: Use std::atomic<T> instead of base::AtomicNumber<T> in sweeper.
Bug: chromium:842083
Change-Id: Ided2d8542e4501250208dde6146f00da77410f48
Reviewed-on: https://chromium-review.googlesource.com/1054234
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53121}
2018-05-11 11:29:35 +00:00
Hannes Payer
ff5bb7e5ce [heap] Cleanup: Use std::atomic<T> instead of base::AtomicNumber<T> in concurrent marker.
Bug: chromium:842083
Change-Id: I4ce2b58aa7fcafe7e886a3c80d3ddf7bfe3e4415
Reviewed-on: https://chromium-review.googlesource.com/1055389
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53120}
2018-05-11 09:38:05 +00:00
Hannes Payer
ace192211b Revert "[heap] Clear the memory of pooled pages when allocating from the pool."
This reverts commit c280e7d4f4.

Reason for revert: <INSERT REASONING HERE>

Original change's description:
> [heap] Clear the memory of pooled pages when allocating from the pool.
>
> Bug: chromium:999634
> Change-Id: Ia7a0dd6ddc2477a7656a26548e9a247470d9143f
> Reviewed-on: https://chromium-review.googlesource.com/1041688
> Commit-Queue: Hannes Payer <hpayer@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52948}

TBR=hpayer@chromium.org,mlippautz@chromium.org

Change-Id: I838d5fe1e6c6ac8b726a90a44b2eacbea9057866
Reviewed-on: https://chromium-review.googlesource.com/1054070
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53119}
2018-05-11 08:57:36 +00:00
Kanghua Yu
4233436350 [turbofan][x64] Reduce compare-zero followed by flags-setting binop
On IA architecture, arithmetic and shifting operations set the flags
according to the computation result.

    subl rsi,0x1
    REX.W movq rbx,[rbx+0x17]
    cmpl rsi, 0                       <-- TO BE REDUCED
    jnz 0x3f54d2dcef0
==>
    REX.W movq rbx,[rbx+0x17]
    subl rsi,0x1
    jnz 0x3f54d2dcef0
&
    orl rdx,rbx
    cmpl rdx,0x0                      <-- TO BE REDUCED
    jnz 0x3f54d22b0f5
==>
    orl rdx,rbx
    jnz 0x3f54d22b0f5

Change-Id: If69c023712212ad7b9fa8b29f4b98274f7885e35
Reviewed-on: https://chromium-review.googlesource.com/1051445
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Kanghua Yu <kanghua.yu@intel.com>
Cr-Commit-Position: refs/heads/master@{#53118}
2018-05-11 02:42:54 +00:00
Ivica Bogosavljevic
a83277498c [wasm] Force proper code alignment in wasm serializer
Test mjsunit/wasm/compiled-module-serialization fails on those
architectures that do not support missaligned memory access.
We fix this by adding padding between code header and code start
in NativeModule serializer/deserializer so the code start is
properly aligned.

TEST=mjsunit/wasm/compiled-module-serializationx

Change-Id: I4f35b78a1190194088795b6f09becc3ad4251fdb
Reviewed-on: https://chromium-review.googlesource.com/1044186
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53117}
2018-05-10 15:02:55 +00:00
Dan Elphick
0b4b14bc48 [elements] Avoid NOP operation when shrinking HashTables
Avoid writing NumberOfElements to HashTable when it hasn't changed as
the HashTable could be in RO_SPACE and this operation will crash.

Bug: v8:841592
Change-Id: Iffadd567fc10aa9cd13d953da81275464b16c6c0
Reviewed-on: https://chromium-review.googlesource.com/1052693
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53116}
2018-05-10 11:09:59 +00:00
Alexey Kozyatinskiy
aab49f372f [inspector] do not allocate scope inside CallStackDepth
Allocation is super slow and produce big performance regression on
blink side.

Bug: chromium:839567,chromium:839809
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I3e9989435515ecfaedaee60c1f0c6939b9053e95
Reviewed-on: https://chromium-review.googlesource.com/1053105
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53115}
2018-05-09 22:31:39 +00:00
Vincent Belliard
65f8a5c790 [arm64][Liftoff] implement calls
Remove cp from cache register list

Bug: v8:6600
Change-Id: If17d4558e4f89dd620c757e2a8288658f1489435
Reviewed-on: https://chromium-review.googlesource.com/1047645
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Vincent Belliard <vincent.belliard@arm.com>
Cr-Commit-Position: refs/heads/master@{#53114}
2018-05-09 22:03:39 +00:00
Alexei Filippov
1426ea1d6d [cpu-profiler] Lazily create CPU profiler.
We cannot drop the deprecated API right away because we need to keep binary compatiblity.
As a short term solution create CPU profiler lazily if the API is called.

BUG=v8:7070

Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I04029844895976b25db165f4fba6afbfe1681913
Reviewed-on: https://chromium-review.googlesource.com/1047848
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53113}
2018-05-09 19:13:29 +00:00
Andreas Haas
0263383d69 [wasm] Move the CompilationManager into the WasmEngine
The CompilationManager was introduced to manage the memory of
AsyncCompileJobs. However, by now this can be done better by the new
WasmEngine.

This CL just moves the code to wasm-engine.[h,cc] and adjusts the
callsites.

R=titzer@chromium.org

Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Icd2c1f19feeaa854c74e020b41e314b8ad00cea5
Reviewed-on: https://chromium-review.googlesource.com/1052109
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53112}
2018-05-09 16:41:35 +00:00
Clemens Hammacher
aae0732c72 Reland "Fix SourcePositionInfo for wasm"
This is a reland of e084eea628.
Undefined behavious was fixed in https://crrev.com/c/1051235.

Original change's description:
> Fix SourcePositionInfo for wasm
>
> In wasm we often don't have a SharedFunctionInfo associated with a
> compilation job, so we can't get a Script. Just print "unknown" in
> these cases (instead of crashing).
>
> R=titzer@chromium.org
> CC=​herhut@chromium.org
>
> Bug: chromium:840757, v8:7738
> Change-Id: I850c6adfd9e07c9a0f6dd018f1a9314feb89d887
> Reviewed-on: https://chromium-review.googlesource.com/1049632
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53080}

TBR=titzer@chromium.org

Bug: chromium:840757, v8:7738
Change-Id: If04040a33766955cfed78e7c27226dd04c3f9b9f
Reviewed-on: https://chromium-review.googlesource.com/1051266
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53111}
2018-05-09 16:39:55 +00:00
Igor Sheludko
ddd840884b [csa] Introduce TrySmi[Add/Sub](TNode<Smi>, TNode<Smi>, Label* if_overflow) helpers.
Bug: v8:7570
Change-Id: I2101a3fed996385b076352d20a2ca4d65c31a828
Reviewed-on: https://chromium-review.googlesource.com/1044374
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53110}
2018-05-09 16:19:15 +00:00
Clemens Hammacher
ae8405080d [x64] Add disassembler support for 'pause'
The 'pause' instruction is used for implementing retpolines. It is
currently being printed as 'nop', which is incorrect.

R=titzer@chromium.org

Change-Id: I134b6dae332103fd7f9b3c4e5520f0d5db06ba74
Reviewed-on: https://chromium-review.googlesource.com/1051789
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53109}
2018-05-09 16:06:52 +00:00
Clemens Hammacher
7d356ac492 [Liftoff] Implement retpoline for indirect calls
As SSCA mitigation, use retpoline for each indirect call. We currently
only support retpolines on ia32 and x64.

R=titzer@chromium.org

Bug: v8:6600, chromium:798964
Change-Id: I32472c15e149977b00bf923f4d87e259b7b54800
Reviewed-on: https://chromium-review.googlesource.com/1052113
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53108}
2018-05-09 16:05:46 +00:00
Clemens Hammacher
c8ae9729ec [lsan] Ignore code comments
Code comments are heap-allocated and never freed. We don't want to
attach them to the code object via a finalizer, since that could change
gc timing and heap layout when you enable code comments. They are used
to testing only anyway, so leaking is acceptable here.

R=bmeurer@chromium.org, jarin@chromium.org

Bug: v8:7738
Change-Id: I27b0f95db1d66b57f4f113c154f23edb84e6700d
Reviewed-on: https://chromium-review.googlesource.com/1051241
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53107}
2018-05-09 15:13:34 +00:00
Dominic Farolino
c9a728aaa0 [inspector] implement console.countReset()
Implement console.countReset() from the WHATWG Console Standard

R=bmeurer@chromium.org, dgozman@chromium.org, kozyatinskiy@chromium.org

Bug: chromium:839947
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I8a900e9cdf3e5b08506f709cf6497476c8c6c00b
Reviewed-on: https://chromium-review.googlesource.com/1044902
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Dominic Farolino <domfarolino@gmail.com>
Cr-Commit-Position: refs/heads/master@{#53106}
2018-05-09 14:59:04 +00:00
Marja Hölttä
f3b7f8eed9 [in-place weak refs] Cleanup: Add types to CSA::LoadFeedbackVectorSlot callsites.
Bug: v8:7308

Change-Id: I967e036dc584f585dddda0eef480389a33e45bdf
Reviewed-on: https://chromium-review.googlesource.com/1046649
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53103}
2018-05-09 14:52:04 +00:00
Igor Sheludko
09d4ba01ee [builtins] Properly handle non-simple target in Object.assign.
Plus a bit of CSA typification.

Bug: v8:7725
Change-Id: I43fea4a4c0739f9c24d84035816b046e742372ee
Reviewed-on: https://chromium-review.googlesource.com/1051653
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53102}
2018-05-09 13:44:00 +00:00
Simon Zünd
18f2636ac7 [array] Add counter for sorting non-packed JSArrays.
This CL adds a counter for sorting non-packed JSArrays where
Object.prototype was modified, or the prototype of the instance
differs from Array.prototype.

This is the V8 side of the change.
The Chromium-side CL: https://crrev.com/c/1051651

R=jgruber@chromium.org

Bug: v8:7382
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I3ce9789a5df4bb9af5d1bfc89681fcd112e28e83
Reviewed-on: https://chromium-review.googlesource.com/1051650
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53101}
2018-05-09 13:35:10 +00:00
Clemens Hammacher
199533558e Fix undefined behaviour on CommentOperator
The {CommentOperator}, used for implementing the --code-comments flag,
is not UBSan-safe. This CL fixes this and adds a test which uses code
comments.

R=bmeurer@chromium.org

Bug: v8:7744
Change-Id: Ia6ec509e77d998df085ac7377cb24854354e3aa2
Reviewed-on: https://chromium-review.googlesource.com/1051235
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53100}
2018-05-09 13:31:21 +00:00
Marja Hölttä
d951495561 [in-place weak refs] Write the CSA::DispatchMaybeObject check differently.
The previous version was correct too, since we check sminess before. But with the
new check, it's easier to see it's correct.

BUG=v8:7308

Change-Id: I1632353ee5dfd305479858ec4a690b17bb70e6a6
Reviewed-on: https://chromium-review.googlesource.com/1039525
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53099}
2018-05-09 13:19:16 +00:00
Clemens Hammacher
9e94bb23b6 [wasm] Use correct type for {NativeModule::remaining_uncommitted_}
Instead of {base::AtomicNumber<intptr_t>} use {std::atomic<size_t>},
since we really want to store a size_t in there, and only abused
negative values before to avoid a compare-and-swap loop.

R=mstarzinger@chromium.org

Bug: v8:7570
Change-Id: Ibff0fe0550396f11b343f7e3c098ccf94f6e8dbb
Reviewed-on: https://chromium-review.googlesource.com/1049067
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53098}
2018-05-09 13:18:10 +00:00
Igor Sheludko
11aaf0fb84 [api] Move tagging scheme definition up in include/v8.h
... in order to be able to use it in other constants definitions in the header.

Bug: v8:7570
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Id5d6ae34ab401ecf063bf5897b87b6bb87c24960
Reviewed-on: https://chromium-review.googlesource.com/1032782
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53097}
2018-05-09 13:17:07 +00:00
Dan Elphick
9d5aea8dc4 Reland "[heap] Move even more objects into RO_SPACE"
Moves all Oddballs, empty_feedback_metadata, lots of symbols and
immortal heap numbers and several other empty collection objects.

      RO_SPACE  NEW_SPACE  OLD_SPACE  CODE_SPACE  MAP_SPACE  LO_SPACE
old      31800          0     241976       24032        176         0
new      35080          0     238680       24032        176         0
diff     +3280                 -3296

Reland of https://chromium-review.googlesource.com/c/v8/v8/+/1025996,
without the empty_property_dictionary which is not read-only.

Bug: v8:7464
Change-Id: I84840d86eb3e5906ddb8b4c4e9e70bfec0cf78bc
Reviewed-on: https://chromium-review.googlesource.com/1049611
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53096}
2018-05-09 13:12:01 +00:00
Georg Neis
cff007f43a [torque] Map Torque's JSFunction to V8's JSFunction.
The 'generates' clause was missing (so I suppose it got mapped
to JSReceiver).

Change-Id: I146546921e552f17dbadf74082b31315bf868bf7
Reviewed-on: https://chromium-review.googlesource.com/1032434
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53093}
2018-05-09 09:38:09 +00:00
Hannes Payer
15e40c3860 [heap] Remove unused CodeRange CommitRawMemory and UncommitRawMemory functions.
Change-Id: I14237a71c34872e114d7e2afb73a758e011fd731
Reviewed-on: https://chromium-review.googlesource.com/1051239
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53092}
2018-05-09 09:34:49 +00:00
Mike Stanton
5945e1ccd0 [Builtins] Torque version of Array.prototype.forEach()
BUG=v8:7672

Change-Id: I0c157ce88b31312dfbea7a149c1d9fbdfb398278
Reviewed-on: https://chromium-review.googlesource.com/1013524
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53091}
2018-05-09 08:58:39 +00:00
Clemens Hammacher
d5f29907f7 [msan] Treat more memory uninitialized
After closing a handle scope, and when allocating a new segment in a
zone, treat that memory as uninitialized in MSan. This will hopefully
catch more errors than handle zapping, which needs to be enabled
explicitly.

R=ahaas@chromium.org

Bug: v8:7570
Change-Id: Ie3be07434bed878fb607a522787514421f397197
Reviewed-on: https://chromium-review.googlesource.com/1046657
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53089}
2018-05-09 08:39:04 +00:00
Clemens Hammacher
b50ac57d12 [Liftoff][cleanup] Fix comment and use register constant
The comment in {CallRuntime} was misleading. The {rsi}/{esi} register
did not hold the instance, but the context instead. The generated code
was correct thought.

R=titzer@chromium.org

Change-Id: I18020a04ac75faedf7ad5e4b07cab27ae0aedae7
Reviewed-on: https://chromium-review.googlesource.com/1051232
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53088}
2018-05-09 08:37:59 +00:00
Dan Elphick
600641338d Reland "[heap] Mark RO_SPACE as read-only after deserialization"
This is a reland of 40f1aaf330

Put back padding clearing into the SerializeObject method but only when
the String is not in RO_SPACE. For RO_SPACE strings, if required
iterate over the space before serialization clearing the strings.

Original change's description:
> [heap] Mark RO_SPACE as read-only after deserialization
>
> Adds MarkAsReadOnly and MarkAsReadWrite to ReadOnlySpace. The latter
> is only usable with ReadOnlySpace::WritableScope to avoid the space
> being left writable). MarkAsReadOnly updates the high water mark and
> makes several previously mutating methods into no-ops.
>
> Moves some writes to immutable objects out of the bootstrapper to
> setup-heap-internal so they don't write to a read-only page.
>
> Also avoid writing hashes to strings that already have the value set as
> that invariably means writing to the "0" and "1" constant strings in
> RO_SPACE.
>
> Before serialization, it makes RO_SPACE writable again so that any
> padding can be cleared before writing it.
>
> Bug: v8:7464
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
> Change-Id: I22edc20dba7dde8943991a8fcaf87244af4490a3
> Reviewed-on: https://chromium-review.googlesource.com/1014128
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52943}

Bug: v8:7464
Change-Id: Ia8386c4ff5f5df3207f584caf7a9b1ff1e405f25
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/1042145
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53087}
2018-05-09 08:31:49 +00:00
Ben L. Titzer
e847124b01 [wasm] Refactor WasmGraphBuilder to use MachineGraph
This CL removes the JSGraph from WasmGraphBuilder and uses MachineGraph,
which is independent of the isolate, instead. In addition to using
the machine graph in the WasmGraphBuilder, this CL splits off a subclass
for compiling wrappers that does have a JSGraph and encapsulates it in
the .cc file. This makes the separation of WASM function graphs and WASM
wrapper graphs more explicit.

R=mstarzinger@chromium.org
CC=ahaas@chromium.org
BUG=v8:7721

Change-Id: I3c190baef2084919d22a9a89a8c9f11d2ddcf3d0
Reviewed-on: https://chromium-review.googlesource.com/1050266
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53086}
2018-05-09 08:05:06 +00:00
Peter Marshall
3e9f8a4f63 [cpu-profiler] Add a HandleScope to limit memory consumption.
The handles created for each SharedFunctionInfo within
SourcePosition::InliningStack live for the life of the profile,
reaching 5MiB+ on an example server application for Node.

This HandleScope limits their lifetime locally, given that the handles
do not escape.

This saves ~10% of peak memory.

Bug: v8:7719
Change-Id: I97ce0fd3658be89fdd9cb9c1369ea5bfae0ce579
Reviewed-on: https://chromium-review.googlesource.com/1049647
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53085}
2018-05-09 08:03:05 +00:00
Michael Starzinger
8c57a54b86 [wasm] Create module object in async compilation earlier.
This makes sure that the {WasmModuleObject} has been allocated before
any debug events are fired. Since {WasmScript} objects reference the
module object, it needs to be allocated earlier by now.

R=ahaas@chromium.org
TEST=debugger/regress/regress-crbug-840288
BUG=chromium:840288

Change-Id: I02783ce126c463ac953eb2192acb65f3a5d420a1
Reviewed-on: https://chromium-review.googlesource.com/1050246
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53084}
2018-05-09 07:54:56 +00:00
Jaroslav Sevcik
d520ebb9a8 [turbofan] Fix NumberFloor typing.
Bug: chromium:841117
Change-Id: I1e83dfc82f87d0b49d3cca96290ae1d738e37d20
Reviewed-on: https://chromium-review.googlesource.com/1051228
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53083}
2018-05-09 07:32:46 +00:00
Michael Achenbach
2b6fb352a6 Revert "Fix SourcePositionInfo for wasm"
This reverts commit e084eea628.

Reason for revert:
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20UBSanVptr/builds/3163

Original change's description:
> Fix SourcePositionInfo for wasm
> 
> In wasm we often don't have a SharedFunctionInfo associated with a
> compilation job, so we can't get a Script. Just print "unknown" in
> these cases (instead of crashing).
> 
> R=​titzer@chromium.org
> CC=​​herhut@chromium.org
> 
> Bug: chromium:840757, v8:7738
> Change-Id: I850c6adfd9e07c9a0f6dd018f1a9314feb89d887
> Reviewed-on: https://chromium-review.googlesource.com/1049632
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53080}

TBR=titzer@chromium.org,clemensh@chromium.org

Change-Id: Ib2020ea3f2b778df9fe50ccbe803938f2f4fd709
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:840757, v8:7738
Reviewed-on: https://chromium-review.googlesource.com/1051265
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53082}
2018-05-09 07:11:03 +00:00
Junliang Yan
7ff35bd542 PPC/s390: [builtins] Convert CEntry/GetProperty/StringAdd stubs to builtins
Port d8131cd63a

Original Commit Message:

    Stubs and builtins are very similar. The main differences are that
    stubs can be parameterized and may be generated at runtime, whereas
    builtins are generated at mksnapshot-time and shipped with the snapshot
    (or embedded into the binary).

    My main motivation for these conversions is that we can generate
    faster calls and jumps to (embedded) builtins callees from (embedded)
    builtin callers. Instead of going through the builtins constants table
    indirection, we can simply do a pc-relative call/jump.

    This also unlocks other refactorings, e.g. removal of
    CallRuntimeDelayed.

R=jgruber@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: I193e4275470d492912a7d0f8523c3b8c29f1b146
Reviewed-on: https://chromium-review.googlesource.com/1050732
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#53081}
2018-05-08 21:56:35 +00:00
Clemens Hammacher
e084eea628 Fix SourcePositionInfo for wasm
In wasm we often don't have a SharedFunctionInfo associated with a
compilation job, so we can't get a Script. Just print "unknown" in
these cases (instead of crashing).

R=titzer@chromium.org
CC=​herhut@chromium.org

Bug: chromium:840757, v8:7738
Change-Id: I850c6adfd9e07c9a0f6dd018f1a9314feb89d887
Reviewed-on: https://chromium-review.googlesource.com/1049632
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53080}
2018-05-08 18:23:04 +00:00
Hannes Payer
8ddaafb143 Revert "[heap] Clear from space after garbage collection."
This reverts commit 494068c1c2.

Reason for revert: https://bugs.chromium.org/p/chromium/issues/detail?id=840282

Original change's description:
> [heap] Clear from space after garbage collection.
>
> Bug: chromium:829771
> Change-Id: I9e71e6cbba347dd6951e5415332e5178df9b5122
> Reviewed-on: https://chromium-review.googlesource.com/1041685
> Commit-Queue: Hannes Payer <hpayer@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52957}

TBR=hpayer@chromium.org,mlippautz@chromium.org

Bug: chromium:829771
Change-Id: I3c36baaf849a7d5dbf48db2ae2178e15b3b886f8
Reviewed-on: https://chromium-review.googlesource.com/1049888
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53079}
2018-05-08 18:04:44 +00:00
Dan Elphick
8751debc3f [cleanup] Remove unused parameters from heap/*
Removes lots of parameters that are never used (found using
-Wunused-parameter).

Also wires up the pretenure parameter for Factory::NewFrameArray so it's
actually used.

Change-Id: I486e22ac0683afb84bba6a286947674254f93832
Reviewed-on: https://chromium-review.googlesource.com/1041687
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53077}
2018-05-08 16:23:02 +00:00
Clemens Hammacher
35e3fda172 [Liftoff] Add masking for indirect calls
Next SSCA mitigation: Mask the function index on indirect calls. This
avoids speculative jumps to arbitrary memory.

R=titzer@chromium.org

Bug: v8:6600, chromium:798964
Change-Id: Id4a54fbb42096655d48965b63202bb58f98dc9aa
Reviewed-on: https://chromium-review.googlesource.com/1049627
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53076}
2018-05-08 15:47:39 +00:00
Leszek Swirski
b3f0cc098e [weakref] Fix another MaybeObject conversion in ObjectStats
Change-Id: I2afefab5bf43abee5e5dc66224cea1c68fb85179
Reviewed-on: https://chromium-review.googlesource.com/1049973
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53075}
2018-05-08 14:31:09 +00:00
Alexey Kozyatinskiy
4c5926d593 [debug] handle termination after break
If termination was requested on pause we should handle it properly as
soon as execution resumed.

R=yangguo@chromium.org

Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ica50500094138097f115545db716264126fbe59e
Reviewed-on: https://chromium-review.googlesource.com/1049486
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53074}
2018-05-08 14:25:41 +00:00
Clemens Hammacher
8ae6bc6068 [asan] Move asan macros to asan.h
Similar to msan.h, asan should get its own header file such that the
functionality can be reused.

R=ahaas@chromium.org

Bug: v8:7570
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ib81e4ff4b1d08158df7730c32345d4facf9453b0
Reviewed-on: https://chromium-review.googlesource.com/1046656
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53073}
2018-05-08 14:14:34 +00:00
Andreas Haas
8aee014194 [wasm] Remove the wasm-stream-compilation flag
In addition to a git grep I ran the
virtual/enable_wasm_streaming/http/tests/wasm_streaming/wasm_response_apis.html
layout test locally to confirm that the flag is not used in Chrome.

R=titzer@chromium.org

Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I00d013b85b585d26e50aacaeb82fb0b1ce1ff56c
Reviewed-on: https://chromium-review.googlesource.com/1049965
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53072}
2018-05-08 14:13:29 +00:00
Clemens Hammacher
f3745430f1 [msan] Add static type checks for non-msan builds
Currently, non-msan builds don't check the arguments for
MSAN_ALLOCATED_UNINITIALIZED_MEMORY and MSAN_MEMORY_IS_INITIALIZED
calls, so type errors will only be reported on the msan builder.
This CL adds static_asserts for non-msan builds.

Drive-by: Rename MEMORY_SANITIZER to V8_USE_MEMORY_SANITIZER and move
it to macros.h, where also other such macros (like
V8_USE_ADDRESS_SANITIZER) live.

R=ahaas@chromium.org

Bug: v8:7570
Change-Id: If6c3c6e0d1287b5f1e0c59828cd028d1beac933d
Reviewed-on: https://chromium-review.googlesource.com/1046655
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53071}
2018-05-08 14:08:29 +00:00
Leszek Swirski
fd9addd7e4 [weakref] Fix MaybeObject conversion in ObjectStats
Fixes the MaybeObject->Object conversion in ObjectStats to allow Smis,
rather than just HeapObjects.

Change-Id: I845613c47bb6ca696d444a025100b471fb385980
Reviewed-on: https://chromium-review.googlesource.com/1049925
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53070}
2018-05-08 13:25:49 +00:00
Tobias Tebbi
b1df16f832 [torque] refactor BUILD.gn to list torque sources in one place
Change-Id: Ibb6e10caaa4fcdb29c35baef71cf1b4faef45bc4
Reviewed-on: https://chromium-review.googlesource.com/1042389
Reviewed-by: Daniel Clifford <danno@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53069}
2018-05-08 12:48:49 +00:00
Camillo Bruni
61af2762ef [CSA] Temporarily disable bounds check in CSA::LoadArrayElement
Loading the length from a PropertyArray is currently broken.

Bug: v8:7732
Change-Id: Ia05f314f2f4822a8821801889b7a58f75b3f198c
Reviewed-on: https://chromium-review.googlesource.com/1049610
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53067}
2018-05-08 12:37:33 +00:00
Simon Zünd
369b447695 [array] Remove ShadowPrototypeElements post-processing from sort.
To stay compatible with JSC, Array.p.sort did a post-processing step
that shadowed elements from the prototype chain.

Some time ago, JSC changed and no longer exhibits this behavior. To
preserve comptibility and stay consistent with RemoveArrayHoles,
this CL removes this post-processing step altogether and adjusts
tests to expect the new behavior.

R=cbruni@chromium.org, jgruber@chromium.org

Bug: v8:7382
Change-Id: Iecedc37cea25001d3768b99a3a9de3a2db90ba82
Reviewed-on: https://chromium-review.googlesource.com/1047286
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53066}
2018-05-08 12:30:12 +00:00
Choongwoo Han
0b49d9f52a Remove unused functions
Remove InitialArrayPrototypeHasInitialArrayPrototypeMap and
HasInitialFastElementsKindMap introduced by
http://crrev.com/55efb6cc5dd0ae28b9cc41da31fe86069487c113,
but not used after
http://crrev.com/1525374ff5a564b55b748ad33e6cd0d0ea684006.

Change-Id: I1182221a95d5fc1ac953139e400533efe420bd19
Reviewed-on: https://chromium-review.googlesource.com/1045951
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53065}
2018-05-08 12:25:12 +00:00
Clemens Hammacher
9f5018c9b0 [Liftoff] Add code comments on debug builds
Code comments help a lot to understand the generated code. Add a
comment before each instruction, and some special comments for longer
instructions.

R=titzer@chromium.org

Bug: v8:6600
Change-Id: Ic18974e5cc89e23533e3abc54b0389723b77ff73
Reviewed-on: https://chromium-review.googlesource.com/1049626
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53064}
2018-05-08 12:23:22 +00:00
Simon Zünd
855850eb7f [array] Move CopyFromPrototype to runtime
This CL re-implements CopyFromPrototype, that is used during sorting,
as a runtime function, in preparation to move Array.p.sort to CSA.

CopyFromPrototype is called for sparse non-arrays, where elements
might be available on the prototype chain. For compatibility with
JSC, we copy them to the object itself and sort only own properties.

Bug: v8:7382
Change-Id: I4f5c14995cf9769c4f9f1d62b3a5bfde6d386556
Reviewed-on: https://chromium-review.googlesource.com/1044205
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53061}
2018-05-08 11:07:01 +00:00
Simon Zünd
2793d72cd7 [array] Move SafeRemoveArrayHoles to runtime
This CL implements the functionality of SafeRemoveArrayHoles (JS),
which is used as a pre-processing step for sorting, in a runtime
function.

SafeRemoveArrayHoles is a generic fallback, when an existing runtime
function fails to remove holes/move undefineds to the end of an array.

This CL extends the existing runtime function to also support JSProxy
objects, and objects where indices have accessors.

R=cbruni@chromium.org, jgruber@chromium.org

Bug: v8:7382
Change-Id: I4881539cf2171caba08ff6e3e50320291f49839c
Reviewed-on: https://chromium-review.googlesource.com/1041950
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53060}
2018-05-08 11:05:56 +00:00
Clemens Hammacher
1871c8c52b [wasm] Allow use of full wasm code space
On system which required a contiguous code range, we currently limit
the committed wasm code space to the heap code space. Since
https://crrev.com/c/1044195, this was only 128MB, making bigger
benchmarks fail.
There is no need to link the two limits, thus just remove that logic.

R=titzer@chromium.org

Change-Id: Id61f5dd28c96c3d2b7fcd730751285c6fc144bc5
Reviewed-on: https://chromium-review.googlesource.com/1049648
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53059}
2018-05-08 11:04:52 +00:00
Michael Starzinger
fe91e0bd69 [wasm] Start sharing JS-to-Wasm wrappers.
This shares JS-to-Wasm wrapper code across instances belonging to the
same module object. We no longer need to copy the wrappers since they
are by now independent of the concrete instance.

R=titzer@chromium.org
BUG=v8:7424

Change-Id: I54188eae6378e53cc274cd19f8e652ffdba72ee5
Reviewed-on: https://chromium-review.googlesource.com/1049607
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53058}
2018-05-08 10:59:46 +00:00
Michael Starzinger
55b70e8686 [wasm] Load instances from {WasmExportedFunction} objects.
This changes JS-to-Wasm wrappers to no longer embed a WeakCell with the
associated instance into the code, but load the instance object from the
passed {WasmExportedFunction} object instead.

R=titzer@chromium.org
BUG=v8:7424

Change-Id: I5403f882912eb23e760fabe70207440648754a69
Reviewed-on: https://chromium-review.googlesource.com/1028053
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53057}
2018-05-08 10:31:56 +00:00
Dan Elphick
f5fda7c83a Revert "[heap] Move even more objects into RO_SPACE"
This reverts commit b19d123fce.

Reason for revert: It breaks the more important change: https://chromium-review.googlesource.com/c/v8/v8/+/1042145
(Because it adds mutable objects to RO_SPACE).

Original change's description:
> [heap] Move even more objects into RO_SPACE
> 
> Moves all Oddballs, empty_feedback_metadata, lots of symbols and
> immortal heap numbers and several other empty collection objects.
> 
>       RO_SPACE  NEW_SPACE  OLD_SPACE  CODE_SPACE  MAP_SPACE  LO_SPACE
> old      31592          0     221160       33280        176         0
> new      35016          0     217736       33280        176         0
> diff     +3424                 -3424
> 
> Bug: v8:7464
> Change-Id: Ic99411bcbcb9c9a48b33c59dddb68359278fb0b3
> Reviewed-on: https://chromium-review.googlesource.com/1025996
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53053}

TBR=hpayer@chromium.org,mlippautz@chromium.org,delphick@chromium.org

Change-Id: Ieb81f88fe348fcffb67c153c0b116670318814f5
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7464
Reviewed-on: https://chromium-review.googlesource.com/1049555
Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53056}
2018-05-08 10:02:27 +00:00
Ivo Markovic
225d5ed190 Mips[64] Replace at register with kScratchReg where possible
at register is used a lot in macro-assembler-mips[64].cc and
we should not use it as temporary register in other parts of code

Change-Id: I7ef038cdf4f8c57aa76823e7ee0ffb40b62731cd
Reviewed-on: https://chromium-review.googlesource.com/1027816
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Reviewed-by: Sreten Kovacevic <sreten.kovacevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#53055}
2018-05-08 09:47:51 +00:00
Ben L. Titzer
e008ee7363 [turbofan] PipelineWasmCompileJob uses MachineGraph
R=mvstanton@chromium.org
CC=mstarzinger@chromium.org

Bug: v8:7721
Change-Id: I8baf4c8d52d0a5bd4a3b8d832624438f465f9390
Reviewed-on: https://chromium-review.googlesource.com/1047609
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53054}
2018-05-08 09:39:51 +00:00
Dan Elphick
b19d123fce [heap] Move even more objects into RO_SPACE
Moves all Oddballs, empty_feedback_metadata, lots of symbols and
immortal heap numbers and several other empty collection objects.

      RO_SPACE  NEW_SPACE  OLD_SPACE  CODE_SPACE  MAP_SPACE  LO_SPACE
old      31592          0     221160       33280        176         0
new      35016          0     217736       33280        176         0
diff     +3424                 -3424

Bug: v8:7464
Change-Id: Ic99411bcbcb9c9a48b33c59dddb68359278fb0b3
Reviewed-on: https://chromium-review.googlesource.com/1025996
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53053}
2018-05-08 08:34:16 +00:00
jgruber
cc399a0dc4 Stage String.p.matchAll
Bug: v8:6890
Change-Id: I4002326cb79165ce6edb79a943d66de156b90116
Reviewed-on: https://chromium-review.googlesource.com/1046053
Reviewed-by: Peter Wong <peter.wm.wong@gmail.com>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53052}
2018-05-08 08:27:36 +00:00
Marja Hölttä
33157f3de7 [in-place weak refs] Replace the WeakCell(transition_map) in FeedbackVector.
- Make FeedbackVector backing store a WeakFixedArray.
- "feedback" is always strong but "extra" might be weak.
- Whenever the handler stored in FeedbackVector is a WeakCell to a transition
  Map, replace it with an in-place weak reference.
For a more detailed description of the changes, see the design doc

https://docs.google.com/document/d/1P8cIme2wKszdYt64ObAiuh6pXgLnrrn80Hpl1ejJbOU/edit#heading=h.ijx1oculrikp

BUG=v8:7308

Change-Id: I72c5cf6597ef24d4c22a1fe8e25b67ca196d4ec8
Reviewed-on: https://chromium-review.googlesource.com/1027855
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53051}
2018-05-08 08:08:26 +00:00
Tobias Tebbi
365e7d4b9e [torque] refactor Type to expose the implementation pointer directly
Change-Id: I61a594e194082577135dbc82b2673bf477105ef3
Reviewed-on: https://chromium-review.googlesource.com/1046949
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53050}
2018-05-08 07:54:26 +00:00
Clemens Hammacher
f33575be45 [wasm] Remove unneeded DeferredHandleScope
R=ahaas@chromium.org

Bug: v8:7733
Change-Id: Ib3133e882c0a798f76478492a6663356267a1578
Reviewed-on: https://chromium-review.googlesource.com/1049546
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53049}
2018-05-08 07:37:26 +00:00
Jaroslav Sevcik
3fe7d698b8 [turbofan] Optimize array destructuring
This CL introduces type narrowing and constant folding reducers
to constant fold code that comes out of inlined destructuring
of arrays. In particular, array iterator introduces code that
contains a phi of a temporary array that blocks escape analysis.
The phi comes from conditional that can be evaluated statically
(i.e., constant folded), so with better constant folding we
allow escape analysis to get rid of the temporary array.

On a quick micro-benchmark below, we see more than 6x improvement.
This is close to the hand-optimized version - if we replace
body of f with 'return b + a', we get 220ms (versus 218ms with
destructuring).

function f(a, b) {
  [b, a] = [a, b];
  return a + b;
}

function sum(count) {
  let s = 0;
  for (let i = 0; i < count; i++) {
    s += f(1, 2);
  }
  return s;
}

// Warm up
sum(1e5); sum(1e5);
console.time("destructure array");
sum(1e8);
console.timeEnd("destructure array");

console.timeEnd: destructure array, 213.526000

console.timeEnd: destructure array, 1503.537000

Bug: v8:7728
Change-Id: Ib7aec1d5897989e6adb1af1eddd516d8b3866db5
Reviewed-on: https://chromium-review.googlesource.com/1047672
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53048}
2018-05-08 06:21:37 +00:00
Hidy Han
9a49396c7c Provide API to expose non-empty top source url.
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I6390806935ada277db965718a804ab090b3be5dd
Reviewed-on: https://chromium-review.googlesource.com/1041157
Reviewed-by: Pavel Feldman <pfeldman@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Commit-Queue: Hidy Han <hidyhan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53047}
2018-05-07 20:47:19 +00:00
Clemens Hammacher
bce97fd2ef Convert all CRLF to LF
We had four files in git which used CRLF. After adding a .gitattributes
file with "* text=auto", we should not get any new ones. This CL
converts the four existing files to LF.

R=mathias@chromium.org

Bug: v8:7570
Change-Id: Ia9c92f4bed14c6669de7d60390627a11de6450b8
Reviewed-on: https://chromium-review.googlesource.com/1047611
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53046}
2018-05-07 18:55:09 +00:00
Georg Neis
e91cd3c5aa [proxies] Add missing stack overflow check.
Bug: v8:7716
Change-Id: I9cf71c1e9431ee751db595b6c94c09dab5f1610b
Reviewed-on: https://chromium-review.googlesource.com/1047612
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53045}
2018-05-07 18:50:09 +00:00
Clemens Hammacher
ec1bf81bb9 [trap-handler] Add missing newlines
If trap handlers cannot be installed, we printed two lines to stdout
and stderr, both not terminated by a newline. This CL adds a newline to
one output and uses the FATAL macro for the other, highlighting the
error better and showing the location where it happens.

R=eholk@chromium.org

Bug: v8:7570
Change-Id: Ic24f48f92b87528e0fd5889badf2c90d765e451a
Reviewed-on: https://chromium-review.googlesource.com/1047606
Reviewed-by: Eric Holk <eholk@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53043}
2018-05-07 17:18:09 +00:00
Ben L. Titzer
6e2f6a6c44 [turbofan] MachineOperatorReducer uses MachineGraph
R=mstarzinger@chromium.org

Bug: v8:7721
Change-Id: I8fd2c532c36bfd5faec2947d3154a2984c13ed46
Reviewed-on: https://chromium-review.googlesource.com/1047668
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53042}
2018-05-07 16:57:59 +00:00
Eugene Ostroukhov
23652c5f4c [tracing] Custom tag for the traceEvents array
This API will be used by Node.js to provide output compatible with
Chrome devtools.

Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I265495f8af39bfc78d7fdbe43ac308f0920e817d
Reviewed-on: https://chromium-review.googlesource.com/1044491
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Eugene Ostroukhov <eostroukhov@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53041}
2018-05-07 16:54:59 +00:00
Michael Starzinger
713e10c69e [wasm] Make {WasmExportedFunction} fields easier to reach.
This moves the internal fields on {WasmExportedFunction} objects from
being properties with private symbols to a separate structure instead.
The new {WasmExportedFunctionData} structure can hang off the underlying
shared function info which is created for each exported function. This
reduces the number of transitions, speeds up instantiation, and makes it
easier to reach them from generated code (in the future).

R=titzer@chromium.org
BUG=v8:7424

Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Iaa733b6c9f7bea96246d6680756aa7101669a1a9
Reviewed-on: https://chromium-review.googlesource.com/1047025
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53040}
2018-05-07 16:53:09 +00:00
Alexei Filippov
fcc1ebb55a [cpu-profiler] Extract rare used fields of CodeEntry to an optional object.
The RareData objects contain fields that often absent in CodeEntry'es.
They are created as needed when a corresponding field is added.
This reduces CodeEntry size on x64 by 40% from 136 to 80 bytes.

BUG=v8:7719

Change-Id: I1f3c6255aa2f228895e835b536c743396131db31
Reviewed-on: https://chromium-review.googlesource.com/1045885
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53039}
2018-05-07 16:33:58 +00:00
Sigurd Schneider
ca1a502fe3 [turbolizer] Print schedule for stub code
We lost the print functionality for stub schedules somewhere on the
way. This re-adds the appropriate call to TraceSchedule to get it
going again.

Bug: v8:7327
Change-Id: I245823b440542708410d2253f9f4e78b2e22f3c9
Reviewed-on: https://chromium-review.googlesource.com/1047270
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53038}
2018-05-07 16:32:48 +00:00
Ben L. Titzer
d7f550688f [turbofan] Move Dead node up to MachineGraph
In preparation for cleaning up PipelineData to use a MachineGraph
where appropriate, move the dead node up to MachineGraph.

R=ahaas@chromium.org

Bug: v8:7721
Change-Id: I3f9d456aef7cf4d80adbc93ae938636ffcc3712d
Reviewed-on: https://chromium-review.googlesource.com/1046828
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53037}
2018-05-07 16:30:08 +00:00
Clemens Hammacher
79c7e1897a [wasm] Use retpoline for indirect calls
Retpolines were never used for off-heap wasm code. This CL adds them.

R=titzer@chromium.org

Bug: chromium:840376, chromium:798964
Change-Id: I9f1b2150cce484f831a83663d1fb06555e7eac82
Reviewed-on: https://chromium-review.googlesource.com/1047385
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53036}
2018-05-07 16:27:08 +00:00
Ben L. Titzer
e677d54a79 [wasm] Use inline field inits
R=clemensh@chromium.org

Change-Id: Ib1a0105e3347a5ccafdb72dadd9aa144ab77732c
Reviewed-on: https://chromium-review.googlesource.com/1046970
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53035}
2018-05-07 16:15:08 +00:00
Sathya Gunasekaran
386caa2e6b [ES6] Ship array.prototype.values
Bug: v8:4247
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Ibf5e7dd39cb81ac47af871edbe079d73839f9c1c
Reviewed-on: https://chromium-review.googlesource.com/1045184
Reviewed-by: Michael Hablich <hablich@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53034}
2018-05-07 15:49:58 +00:00
Peter Marshall
7c57434400 [cleanup] Change native_groups_ to use unordered map.
Trying to reduce use of our self-baked data structures.

Bug: v8:7570
Change-Id: I419a932b6b8904810844d40a5636e423df832197
Reviewed-on: https://chromium-review.googlesource.com/1032739
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53033}
2018-05-07 15:44:58 +00:00
Marja Hölttä
e01a83afc8 [reland] [in-place weak refs] Fix: allow weak array types in large object space.
BUG=v8:7308

Change-Id: Ic69665c8a2606ec40ab06881e0501e33ee0621a0
Reviewed-on: https://chromium-review.googlesource.com/1046653
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53031}
2018-05-07 15:41:13 +00:00
Erik Luo
a9b2373d30 [debug] fix NewInstanceWithSideEffectType dcheck for mode
The DCHECK was incorrect. This new API method can be called from any
debug mode since the embedder does not know which mode we are in.

It should only apply the side effect logic when the mode is
kSideEffects.

Bug: chromium:829571
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I11b0e5194b151a2b88171d6be21c3ccbba9cd408
Reviewed-on: https://chromium-review.googlesource.com/1046162
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Erik Luo <luoe@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53030}
2018-05-07 15:40:08 +00:00
Peter Marshall
645efbfd1e [typedarrays] Throw on construction of a detached typed array.
Bug: chromium:840106
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I0090cdecaf9194f3ed2d716c6f5f698e33cbdf0d
Reviewed-on: https://chromium-review.googlesource.com/1046827
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53029}
2018-05-07 15:30:48 +00:00
Mike Stanton
5e22e397b1 [TurboFan] Initialize boolean types correctly for background compiles.
Change-Id: If1aefb00299ac0c88bdc84b5b77b58582dd8b9b4
Reviewed-on: https://chromium-review.googlesource.com/1047105
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53028}
2018-05-07 15:20:48 +00:00
jgruber
d8131cd63a [builtins] Convert CEntry/GetProperty/StringAdd stubs to builtins
Stubs and builtins are very similar. The main differences are that
stubs can be parameterized and may be generated at runtime, whereas
builtins are generated at mksnapshot-time and shipped with the snapshot
(or embedded into the binary).

My main motivation for these conversions is that we can generate
faster calls and jumps to (embedded) builtins callees from (embedded)
builtin callers. Instead of going through the builtins constants table
indirection, we can simply do a pc-relative call/jump.

This also unlocks other refactorings, e.g. removal of
CallRuntimeDelayed.

TBR=mlippautz@chromium.org

Bug: v8:6666
Change-Id: I4cd63477f19a330ec70bbf20e2af8a42fb05fabb
Reviewed-on: https://chromium-review.googlesource.com/1044245
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53027}
2018-05-07 15:02:42 +00:00
Daniel Clifford
dd5cdcee43 [torque] 'bool' is now 'true|false' not 'yes|no'
In the process, rename Boolean constants (i.e. JavaScript constants),
to 'True' and 'False'. This uncovered a bug in the internal handling
of True/False labels was fixed (they shouldn't be Values and Torque
shouldn't conflate Labels with other Declarables, throwing exceptions
when they're improperly used in the wrong context). Furthermore,
the internal labels used for True and False for if statements
have been renamed so that they can't be aliased from user Torque code.

Change-Id: I09dbd2241d2bc2f1daff53862dee1b601810060c
Reviewed-on: https://chromium-review.googlesource.com/1044370
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53026}
2018-05-07 14:57:58 +00:00
Hannes Payer
ea3e9de657 [heap] Introduce a CodeSpace class.
Bug: chromium:840329
Change-Id: If45a98c7f8a97f2482ac1bed7f7dda7d6e62b6b9
Reviewed-on: https://chromium-review.googlesource.com/1046658
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53025}
2018-05-07 14:55:08 +00:00
Clemens Hammacher
3708887893 [wasm] Clean up methods in NativeModule
Define simple accessors in the header and give them lower case names.

R=mstarzinger@chromium.org

Bug: v8:7570
Change-Id: I2914013fdea2218189275bbaa9f98ea5de0ccd7c
Reviewed-on: https://chromium-review.googlesource.com/1046546
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53024}
2018-05-07 14:29:19 +00:00
Peter Marshall
87d7dda296 [tests] Add unit tests for StringsStorage and document the API.
Change-Id: Iccc86d0116f5d23f523e25ff02696a9fb8312223
Reviewed-on: https://chromium-review.googlesource.com/1044545
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53022}
2018-05-07 14:02:48 +00:00
Kanghua Yu
aa6e58ce9d [x64] Replace movl_subl instruction with leal
This eliminates one instruction for following pattern:
  movl rX, rY       // TruncateInt64ToInt32
  subl rX, imm32
==>
  leal rX, [rY - imm32]

R=bmeurer@chromium.org

Change-Id: I4164e1407f5953302051e905555da14d3ca6680a
Reviewed-on: https://chromium-review.googlesource.com/1046381
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Kanghua Yu <kanghua.yu@intel.com>
Cr-Commit-Position: refs/heads/master@{#53021}
2018-05-07 12:25:26 +00:00
Andreas Haas
6380476c71 [wasm] Make wasm::ValueType independent of the MachineRepresentation
R=clemensh@chromium.org
CC=​titzer@chromium.org

Change-Id: I4951bf7ffc8baf51225e7bef60349186811b9f76
Reviewed-on: https://chromium-review.googlesource.com/1024037
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53020}
2018-05-07 11:54:56 +00:00
Michael Achenbach
08bfc14b68 Revert "[in-place weak refs] Fix: allow weak array types in large object space."
This reverts commit 96186c4f1a.

Reason for revert: All gc stress bots time out:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20gc%20stress/builds/16361

Original change's description:
> [in-place weak refs] Fix: allow weak array types in large object space.
> 
> BUG=v8:7308,chromium:839953
> 
> Change-Id: I3738dc8169730763a587a2452421a54aff11e38e
> Reviewed-on: https://chromium-review.googlesource.com/1046645
> Commit-Queue: Marja Hölttä <marja@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53016}

TBR=ulan@chromium.org,marja@chromium.org

Change-Id: I030638c27fd8990b9dab3d25a582039fb893bf78
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7308, chromium:839953
Reviewed-on: https://chromium-review.googlesource.com/1046549
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53019}
2018-05-07 11:52:17 +00:00
Camillo Bruni
7235c8515a [CSA] Remove overzealous type check
Bug: chromium:840220
Change-Id: I37404902e99a83d029aab36411b199fad60497b0
Reviewed-on: https://chromium-review.googlesource.com/1046066
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53018}
2018-05-07 11:20:56 +00:00
Marja Hölttä
96186c4f1a [in-place weak refs] Fix: allow weak array types in large object space.
BUG=v8:7308,chromium:839953

Change-Id: I3738dc8169730763a587a2452421a54aff11e38e
Reviewed-on: https://chromium-review.googlesource.com/1046645
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53016}
2018-05-07 09:53:14 +00:00
Yang Guo
9fb02b526f Allow function callbacks to have Proxy as receiver.
R=verwaest@chromium.org

Bug: v8:5773
Change-Id: Ifd29a1116ee8c86b8d8d24485bbfd19e260ab66b
Reviewed-on: https://chromium-review.googlesource.com/1046088
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53015}
2018-05-07 09:09:42 +00:00
Peter Marshall
6f72af25fe [cpu-profiler] Remove name_prefix field from CodeEntry
We can save a pointer of space for each CodeEntry by removing this
field which we don't really need. Instead of concatenating the name
string on demand, concatenate the prefix eagerly.

Reduces sizeof(CodeEntry) from 136 to 128 on 64-bit.

Bug: v8:7719

Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Id346a8f36794e337e8c886f8d1969431424539b0
Reviewed-on: https://chromium-review.googlesource.com/1039825
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53014}
2018-05-07 08:54:53 +00:00
Camillo Bruni
633910e6e5 [CSA] Add bounds check for indexed loads and stores
Change-Id: I9d8b13df0af987d9fcacdf57f2cfd71ec21b3ff9
Reviewed-on: https://chromium-review.googlesource.com/1042708
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53013}
2018-05-07 08:30:30 +00:00
Camillo Bruni
dcbd52341e [runtime] The return of the StringTable shrinking
This CL fixes a bug where we would accidentally shrink to the same size of
the StringTable causing repeated unecessary allocations.

Bug: v8:5443, chromium:818642
Change-Id: I353b179616d5293f6d7143e7381ae6711343a835
Reviewed-on: https://chromium-review.googlesource.com/1044207
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53012}
2018-05-07 07:46:40 +00:00
Sathya Gunasekaran
b934607d4c [iwyu] Split out ordered hash tables
TBR: hpayer@chromium.org
Bug: v8:6443
Change-Id: I1750475084cbcd783551d9b7c65c8ccca9b63ea3
Reviewed-on: https://chromium-review.googlesource.com/1045615
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53010}
2018-05-06 18:42:40 +00:00
Eric Holk
72f6a76dd1 [wasm] Correct guard region allocation behavior
Change-Id: I19106adfd5407cbef05142fde3b7eb00ecd8ff52
Reviewed-on: https://chromium-review.googlesource.com/1043256
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53007}
2018-05-04 23:42:47 +00:00
Eric Holk (eholk)
bb60967e36 [wasm] Refactor trap handlers to make way for Windows support
In preparing for adding trap-based bounds checking to Windows, this
change refactors the code to separate the platform-specific portions
from that which can be shared between platforms.

Internally, we've renamed `RegisterDefaultSignalHandler` to
`RegisterDefaultTrapHandler` to more accurately represent the
difference in terminology between Linux (signals) and Windows
(exceptions). The external API is left the same so as not to break
downstream clients.

This CL is primarily to make room for Windows support. Future CLs
will begin adding support for Windows.

This is a reincarnation of https://crrev.com/c/626558.

Bug: v8:6743
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Iaa8bfd68c14cd1d17933b12c24cb8dd5ee8a21d6
Reviewed-on: https://chromium-review.googlesource.com/998829
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53006}
2018-05-04 23:00:12 +00:00
Alexei Filippov
a31320f59c [profiler] Refactoring: decouple StringsStorage from Heap object.
Change-Id: I450efa4916bd774265991f987f4be618ba2eb1d2
Reviewed-on: https://chromium-review.googlesource.com/1045168
Commit-Queue: Alexei Filippov <alph@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53005}
2018-05-04 22:34:04 +00:00
Alexei Filippov
8ec48b2117 [cpu-profiler] Do not store CodeEntries between profiling sessions.
ProfilerListener which holds CodeEntries has been moved from Logger to
CpuProfiler. This way we can clear entries when all the profiles
produced by a particular CpuProfiler are deleted.

BUG=v8:7719

Change-Id: I31d47dc7da44648c8fb8e87b47e2e6260d3dc5c3
Reviewed-on: https://chromium-review.googlesource.com/1043050
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53004}
2018-05-04 20:58:44 +00:00
Erik Luo
4b52f96480 [debug] add ability to do side-effect-free call to NewInstance
Creating a new instance from a v8::Function will invoke its
constructor. If it is an API callback that has not been marked as
kHasNoSideEffect, this CL introduces a way to invoke it without
throwing.

Calls within the constructor are still checked for side effects.

Bug: chromium:829571
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ia4e410d487e2847bc511cb96f0be30a3563991f6
Reviewed-on: https://chromium-review.googlesource.com/1034116
Commit-Queue: Erik Luo <luoe@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53003}
2018-05-04 16:47:24 +00:00
Michael Starzinger
133f752033 [wasm] Make WebAssembly scripts point to {WasmModuleObject}.
This makes {Script} objects created for WebAssembly no longer reference
a concrete instance object, but a module object instead. All uses of the
field in question only require module-wide information and the script is
meant to represent the set of all instances, not just one concrete
instance.

R=clemensh@chromium.org

Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I751d4b75c8a970cffcb1a37b6c22ff69e9ee5489
Reviewed-on: https://chromium-review.googlesource.com/1043871
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53002}
2018-05-04 16:37:35 +00:00
Daniel Clifford
aeb86d57fd [torque]: Add constexpr keyword/types for compile-time evaluation
Torque expressions of type constexpr are evaluated at compile-time
rather than runtime. They are backed by C++ types rather than
TNode<X> types, so the macro functions that are called by generated
C++ code expect values to be computed when the snapshot is generated
rather than by TurboFan-generated code.

Specifically, "if" statements can have a constexpr modifier. With this
modifier, a type of "constexpr bool" is expected rather than "bool",
and in that case instead of generating a CSA BranchIf, it generates
a C++ "if (<bool expression>)" that generates code for only the true or
false path based on the bool value at torque-execution (compile time)
rather than generating both paths (including inserting phi nodes
for variables modified on either branch at the re-merge at the end
of the if) and dynamically dispatching to the true or false path
during d8/Chrome/node.js execution (runtime) using a CSA BranchIf.

Change-Id: I8238e25aaadbfc618847e04556e96a3949ea5a8d
Reviewed-on: https://chromium-review.googlesource.com/1042085
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53001}
2018-05-04 15:48:54 +00:00
Clemens Hammacher
40a95443c9 [Liftoff] Add memory masking
First untrusted code mitigation in Liftoff: Mask memory accesses (loads
and stores) by the mask stored in the WasmInstanceObject.

R=titzer@chromium.org

Bug: v8:6600, chromium:798964
Change-Id: Iddf577977451444b51c42fbc2ad34430832a9e71
Reviewed-on: https://chromium-review.googlesource.com/1044215
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53000}
2018-05-04 15:32:49 +00:00
Vincent Belliard
ba8c6a6f0c [arm64][Liftoff] implement integer division
Bug: v8:6600
Change-Id: I1bd2db402d6e97ab468dc24cd4d12bef6523d784
Reviewed-on: https://chromium-review.googlesource.com/1043091
Commit-Queue: Vincent Belliard <vincent.belliard@arm.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52999}
2018-05-04 15:05:19 +00:00
jgruber
2d3f6f9103 [api] Add Module::GetUnboundScript()
This method is intended for use by code caching as follows:

1. The module is compiled (and perhaps instantiated).
2. The embedder fetches and stores the module's unbound script (i.e.
   the shared function info).
3. Module evaluation, maybe triggering lazy compilation.
4. Generated code for the module (which hangs off the shared function
   info) is inserted into the code cache.

Subsequent module loads can load from the code cache prior to
evaluation.

Bug: v8:7685
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I80018cd921ab1a18323906a548b249e19d9f9509
Reviewed-on: https://chromium-review.googlesource.com/1041745
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52998}
2018-05-04 14:52:29 +00:00
Daniel Clifford
be9b5f4c10 [torque]: Fix bugs reported by Peter Wong
* Empty string literals (e.g. "" and '') were not recognized a strings. This is
  now fixed.
* return statements without expressions (e.g. for functions with void return
  types) caused crashes.

Change-Id: Ied60f9abffca457a0d85c9e01e3795839fe777c9
Reviewed-on: https://chromium-review.googlesource.com/1042310
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52997}
2018-05-04 14:32:29 +00:00
Hannes Payer
6b1457cfd6 Reduce maximal code range size to 128M on Linux, Windows, and OSX for x64 and ia32.
Bug: chromium:800348, chromium:827627, chromium:839750
Change-Id: I112e20b83eb1937476ebb4f30cf5679113759c0c
Reviewed-on: https://chromium-review.googlesource.com/1044195
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52996}
2018-05-04 13:47:09 +00:00
Clemens Hammacher
c20d7f6605 [Liftoff] Fix conditional spilling on div and rem
On div and rem on ia32 and x64, we sometimes need to spill. If this
spilling code happens inside of a branch, the cache state will reflect
that the value was spilled, even though the actual spilling code might
not have executed.

R=titzer@chromium.org

Bug: v8:6600, chromium:839800
Change-Id: I93b681a23119f903feb54235d6d44a7cbd5815fe
Reviewed-on: https://chromium-review.googlesource.com/1044185
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52995}
2018-05-04 13:36:39 +00:00
Clemens Hammacher
2b4c8496d5 [wasm] Fix data race in CompilationState
The {baseline_compilation_units_} and {tiering_compilation_units_}
fields should only be accessed if the {mutex_} is held.
Also, the number of compilation units is already taken care of inside
of {RestartBackgroundTasks}, so no need to explicitly pass it.

R=ahaas@chromium.org

Change-Id: I8f36ed141b587ee1bea41291545f39546d8cf24e
Reviewed-on: https://chromium-review.googlesource.com/1044213
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52994}
2018-05-04 13:35:29 +00:00
Clemens Hammacher
55d6721d98 [wasm][cleanup] Remove obsolete AddressHasher
Since address is a uintptr_t, there is no need to implement a specific
hasher.

R=mstarzinger@chromium.org

Bug: v8:7570
Change-Id: I47e652929ef201e742224541d9df4360444e3ba8
Reviewed-on: https://chromium-review.googlesource.com/1044209
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52993}
2018-05-04 13:23:54 +00:00
Benoît Lizé
e0c31d63dd Fix ExternalString::ExternalPayloadSize().
ExternalString::kShortSize is not the same as i::kShortSize, caused
incorrect reporting for code stats for two byte strings.

Bug: chromium:837659
Change-Id: Icbb39f2103aa4fa72bd5b1258cb8e1d4aee10441
Reviewed-on: https://chromium-review.googlesource.com/1044212
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Benoit L <lizeb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52992}
2018-05-04 13:22:49 +00:00
Clemens Hammacher
1a6cf58bbc [base] Move implicit_cast to macros.h
macros.h already not only defines macros, but also templatized helpers
like {bit_cast} and {arraysize}. Thus {implicit_cast} also belongs
there.

R=tebbi@chromium.org

Bug: v8:7570
Change-Id: Iaea6075dad359d62498453575f22d73ca84e2323
Reviewed-on: https://chromium-review.googlesource.com/1042401
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52991}
2018-05-04 12:46:09 +00:00
Ben L. Titzer
bc218a2ecd [compiler] Factor MachineGraph out from JSGraph
This CL factors the parts of the JSGraph that only depend on the
machine part of JSGraph into a separate base class, MachineGraph.
This helps separate the two layers and also allows the MachineGraph
to be constructed without an Isolate, which is needed for fully
asynchronous compilation, a goal for WASM.

R=mstarzinger@chromium.org
CC=jarin@chromium.org, mvstanton@chromium.org

BUG=v8:7721

Change-Id: Ie8bc3de40159332645dcb3cadcee581e1bf9830a
Reviewed-on: https://chromium-review.googlesource.com/1043746
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52990}
2018-05-04 12:37:39 +00:00
Clemens Hammacher
5d11921320 [Liftoff] Stage Liftoff and tier up behind --future
In order to get more test coverage (also on ClusterFuzz), stage Liftoff
and tier up behind --future.

R=hablich@chromium.org
CC=​​titzer@chromium.org

Bug: v8:6600
Change-Id: I718e17957b26f60aa4c002333035f693344806e0
Reviewed-on: https://chromium-review.googlesource.com/1042385
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Hablich <hablich@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52987}
2018-05-04 11:48:18 +00:00
Wez
ca3e146ecb Rename PromotedSpaceSizeOfObjects() to OldGenerationSizeOfObjects().
The Promoted* prefix was used to refer both to the total number of old
generation objects, and to the delta of objects moved from the new to
old generations.

PromotedTotalSize() is also renamed, to reflect the actual calculation
it performs

Bug: chromium:837583
Change-Id: Id27a0661618257ef64eb469a83bb49c0e8ce6923
Reviewed-on: https://chromium-review.googlesource.com/1042314
Commit-Queue: Wez <wez@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52986}
2018-05-04 11:15:18 +00:00
Michael Starzinger
56e8b09936 Reland "[wasm] Maintain link from Instance to Module."
This is a reland of a0c57368a9

Original change's description:
> [wasm] Maintain link from Instance to Module.
> 
> This moves the link from a {WasmInstanceObject} to its corresponding
> {WasmModuleObject} into the right place and also makes it strong. This
> ensures that an instance always keeps the underlying module alive and
> hence removes the situation of an "orphaned instance".
> 
> R=clemensh@chromium.org
> 
> Change-Id: Id59f6a49740af8ef0248679c3d2c696bb9776944
> Reviewed-on: https://chromium-review.googlesource.com/1041691
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52942}

Change-Id: I9854400bfc1d22bd258f17118fcb7460cdc3acd5
Reviewed-on: https://chromium-review.googlesource.com/1043786
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52985}
2018-05-04 10:16:58 +00:00
Daniel Clifford
9cd8995fa3 [Torque]: add assert(), unreachable and debug statements
- In debug builds, 'assert(<expr>)' evaluates and aborts execution
  if the provided Torque expression is false at runtime.
  assert(<expr>) supports the same set of expressions protocols
  as Toruqe's if statement, i.e. both bool values and BranchIf-
  style tests. Upon failure, the assertion prints the Torque
  source code of the failed expression, not the generated CSA
  code.
- 'unreachable' calls CSA's Unreachable() and signals to Torque
  that code execution cannot continue (i.e. its statement
  returns the 'never' type). In debug builds, the line number
  and position of the statement are printed before breaking.
- 'debug' calls CSA's DebugBreak(). In debug builds, the line
  number and position of the 'debug' are printed before breaking.

Change-Id: I4efd052536bb402c097a0d5f7be56e154b5b3676
Reviewed-on: https://chromium-review.googlesource.com/1042570
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52984}
2018-05-04 10:13:18 +00:00
Toon Verwaest
0f7721719d Remove the catch variable name from the extension field of catch contexts
Instead rely on the scope info containing the name as well.

Change-Id: Ie1f96ea023a793b11209510566f6831b1dfd40ab
Reviewed-on: https://chromium-review.googlesource.com/1042567
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52983}
2018-05-04 10:12:08 +00:00
Miran.Karic
a1892ff9c4 MIPS[64]: Fix mips port.
The CL fixes the mips port in the CL [debug] introduced runtime side
effect check (7a2c371383), that caused
several test failures.

BUG=

Change-Id: Ia1b45fd57d7b77c912562c97f7fc6bf2aa378fe2
Reviewed-on: https://chromium-review.googlesource.com/1030193
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Commit-Queue: Miran Karić <miran.karic@mips.com>
Cr-Commit-Position: refs/heads/master@{#52982}
2018-05-04 09:30:07 +00:00
Toon Verwaest
4c972d669a Cleanup: Remove unnecessary ContextExtension wrapper
Bug: v8:7066
Change-Id: Icfcb40b2048997c158fba5f3e250145bed4ca1e3
Reviewed-on: https://chromium-review.googlesource.com/1042386
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52981}
2018-05-04 09:24:17 +00:00
Wez
b9c81f51d4 Remove unused StackGuard::HandleGCInterrupt API.
Change-Id: I58f3eb9259822650a3b31010213e3df030821be2
Reviewed-on: https://chromium-review.googlesource.com/1042187
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Wez <wez@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52980}
2018-05-04 08:48:57 +00:00
Michael Starzinger
91d9b4eee9 [wasm] Fix HeapNumber allocation effect dependency.
This makes sure that allocations of {HeapNumber} objects happening in
the JS-to-Wasm and Wasm-to-JS wrappers are ordered with respect to
changes of the {trap_handler::IsThreadInWasm} predicate. Otherwise the
compiler can (and will) move the allocations across changes of this
predicate and cause safety checks to fire.

R=clemensh@chromium.org

Change-Id: I5366ec0c184929fbd5b60c827d9908fb6ca1d91a
Reviewed-on: https://chromium-review.googlesource.com/1042399
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52979}
2018-05-04 08:33:27 +00:00
Clemens Hammacher
310f37e414 [Liftoff] Implement grow_memory
The grow_memory opcode basically just executes a runtime call, but
needs to check a condition first, and convert to and from Smi.

R=titzer@chromium.org

Bug: v8:6600
Change-Id: If7d62a8bb0ca6d02bd47ef6048cc65da502b002b
Reviewed-on: https://chromium-review.googlesource.com/1042185
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52978}
2018-05-04 08:07:37 +00:00
Clemens Hammacher
a5551d924a [assembler] Avoid hiding of Register::bit method on arm64
On arm64, we had {RegisterBase::bit} (defined in assembler.h) and
{CPURegister::bit} (defined in assembler-arm.h). {CPURegister} inherits
from {RegisterBase}. The two methods methods have different
behaviour on the special {no_reg}, which is only relied on in very few
places.
This CL fixes these places to avoid the use of {no_reg}, and removes
the overwritten method.

R=mstarzinger@chromium.org
CC=​rodolph.perfetta@arm.com

Change-Id: I859cc0d4ffc48fae018ee262f3e5403774db87a8
Reviewed-on: https://chromium-review.googlesource.com/1042188
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Rodolph Perfetta <rodolph.perfetta%arm.com@gtempaccount.com>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52977}
2018-05-04 06:53:37 +00:00
Erik Luo
405c1dc7d4 [debug] whitelist Array.p.splice, typeof methods
Side effect free whitelist now
- supports 'typeof' when it performs Load operations
- runtime checks for Array.p.splice

Bug: v8:7588
Change-Id: I45bcd705f8d3f2d2ee61f018566439bf56d1bcbc
Reviewed-on: https://chromium-review.googlesource.com/1037926
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Erik Luo <luoe@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52976}
2018-05-04 06:25:37 +00:00
Jakob Kummerow
45a2d9c518 Fix "x is not iterable" error message consistency
Since 94ce16b704, when loading an iterator from null or undefined, we
generate the error message "x is not iterable" instead of the unwieldy
"Cannot read property 'Symbol(Symbol.iterator)' of undefined". However
Runtime::GetObjectProperty, which is used as slow path by LoadICs, did
not check for this case, leading to different messages being generated
depending on IC state.

Bug: chromium:823130
Change-Id: Ie98500b97efef401aac9880b9af47d58c3c2825d
Reviewed-on: https://chromium-review.googlesource.com/1042951
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52974}
2018-05-03 23:13:21 +00:00
Junliang Yan
2489567d6a PPC/s390: [builtins] Update isolate-independent list & related fixups
Port 519bd47f6c

Original Commit Message:

    With the exception of the InterpreterEntryTrampoline, all builtins are
    now isolate-independent and can be embedded into the binary.

    This CL updates the corresponding list and also contains a few smallish
    tweaks to support having these builtins off the heap:

    * wasm: copy the off-heap builtin, not its trampoline.
    * Code::contains: support off-heap builtins.
    * JSFunction::is_compiled: compare builtin index instead of identity
      (this is relevant during mksnapshot when we transition from the
      on-heap builtin to its off-heap representation + the trampoline).
    * Remove old DCHECKs.
    * A few tweaks in macro-assembler ports that have snuck in recently.

R=jgruber@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: Ib16ce35f5ebdade42720f536ac521c79e7c46778
Reviewed-on: https://chromium-review.googlesource.com/1042927
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#52973}
2018-05-03 22:20:10 +00:00
Junliang Yan
7b046d047a Reland "PPC/s390: [interpreter] correctly advance over debug scaling prefixes."
This is a reland of dfdc31355d

Original change's description:
> PPC/s390: [interpreter] correctly advance over debug scaling prefixes.
> 
> Port 7a07d74b09
> 
> R=yangguo@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
> BUG=
> LOG=N
> 
> Change-Id: I99553fde819cbdc8a12df5b82d9d7230ba4ef8b3
> Reviewed-on: https://chromium-review.googlesource.com/1042355
> Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
> Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
> Cr-Commit-Position: refs/heads/master@{#52970}

Change-Id: I012e79ef5fbff37a8ded8c8cf5d4aaf324cd6ccb
Reviewed-on: https://chromium-review.googlesource.com/1043026
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#52972}
2018-05-03 20:49:29 +00:00
Junliang Yan
5919d34e90 Revert "PPC/s390: [interpreter] correctly advance over debug scaling prefixes."
This reverts commit dfdc31355d.

Reason for revert: <INSERT REASONING HERE>

Original change's description:
> PPC/s390: [interpreter] correctly advance over debug scaling prefixes.
> 
> Port 7a07d74b09
> 
> R=​yangguo@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
> BUG=
> LOG=N
> 
> Change-Id: I99553fde819cbdc8a12df5b82d9d7230ba4ef8b3
> Reviewed-on: https://chromium-review.googlesource.com/1042355
> Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
> Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
> Cr-Commit-Position: refs/heads/master@{#52970}

TBR=yangguo@chromium.org,michael_dawson@ca.ibm.com,jyan@ca.ibm.com,joransiu@ca.ibm.com

Change-Id: I04fadaa81a6dd124811c002ab4ffa61e3785b717
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/1043025
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#52971}
2018-05-03 20:15:08 +00:00
Junliang Yan
dfdc31355d PPC/s390: [interpreter] correctly advance over debug scaling prefixes.
Port 7a07d74b09

R=yangguo@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: I99553fde819cbdc8a12df5b82d9d7230ba4ef8b3
Reviewed-on: https://chromium-review.googlesource.com/1042355
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#52970}
2018-05-03 19:37:07 +00:00
Junliang Yan
e0d2c6c2b3 PPC/s390: Reland: [builtins] Patch self-references in constants table
Port ab9e012426

Original Commit Message:

    Original CL: https://crrev.com/c/1018468

    During code generation, we generate self-references (i.e. references to
    the Code object currently being generated) as references to a temporary
    handle. When the final Code object has been allocated, the handle's
    location is fixed up and RelocInfo iteration fixes up all references
    embedded in the generated code.

    This adds support for this mechanism to the builtins constants table
    builder. CodeObject() is now a new handle pointing to a dedicated
    self-reference marker in order to distinguish between self-references
    and references to undefined. In Factory::NewCode, we patch up
    the constants table.

R=jgruber@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: Iba0f4435125b9d6c3fda7fc3e9836494b6eb6f45
Reviewed-on: https://chromium-review.googlesource.com/1042216
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#52969}
2018-05-03 18:42:02 +00:00
Junliang Yan
efc92f0d4a PPC/s390: [objects.h splitting] Move classes related to api callbacks.
Port a9db2c74b5

R=marja@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=v8:5402,v8:7570
LOG=N

Change-Id: Ife3c7463066eb747c27c1479c76106b51e568f92
Reviewed-on: https://chromium-review.googlesource.com/1042451
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#52968}
2018-05-03 18:40:57 +00:00
Camillo Bruni
c0035a4f30 [verify-heap] Improve elements verification
This is a preparatory CL to find a potential regression on x86.

Bug: chromium:835558
Change-Id: I3859b59d1497d4b7447ad38ee352cf4bbdeb4502
Reviewed-on: https://chromium-review.googlesource.com/1027842
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52967}
2018-05-03 18:08:42 +00:00
Bill Budge
0a1b8f9692 [wasm] Avoid extra copies when serializing the native module
- Separates measuring from wasm::SerializeNativeModule so caller
  can allocate or reserve the buffer memory. Call site thus avoid
  one unnecessary copy.

Bug: chromium:719007
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I50412c0c0279114dcdc1aead810ad39e7c4e2a6e
Reviewed-on: https://chromium-review.googlesource.com/1039183
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52965}
2018-05-03 15:32:14 +00:00
Vincent Belliard
72f9d38072 [arm64][Liftoff] implement stack slot allocation
Bug: v8:6600
Change-Id: I1d8447349f73985653d3124c2b76d8756b0bf30a
Reviewed-on: https://chromium-review.googlesource.com/1040673
Commit-Queue: Vincent Belliard <vincent.belliard@arm.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52964}
2018-05-03 15:09:57 +00:00
Vincent Belliard
5841a47ee4 [arm64][Liftoff] implement trap instructions
Define and use TurboAssembler::AssertUnreachable

Bug: v8:6600
Change-Id: I6901896ea4fd7e0fe24dd76a1afbb409a24a2994
Reviewed-on: https://chromium-review.googlesource.com/1040766
Commit-Queue: Vincent Belliard <vincent.belliard@arm.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52963}
2018-05-03 15:07:57 +00:00
Vincent Belliard
7208d6459d [arm64][Liftoff] implement jumps
Bug: v8:6600
Change-Id: I9e4b4770286cb08e83dd5dbf9b5ae5cfd7d4d411
Reviewed-on: https://chromium-review.googlesource.com/1040649
Commit-Queue: Vincent Belliard <vincent.belliard@arm.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52962}
2018-05-03 15:05:56 +00:00
Vincent Belliard
ddc1bb0631 [arm64][Liftoff] implement conditional set instructions
Bug: v8:6600
Change-Id: If52fd4600c178354cb0631d062be71d19cc10a89
Reviewed-on: https://chromium-review.googlesource.com/1040669
Commit-Queue: Vincent Belliard <vincent.belliard@arm.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52961}
2018-05-03 15:03:47 +00:00
Vincent Belliard
c42c53068c [arm64][Liftoff] implement integer unary operators
Bug: v8:6600
Change-Id: Ia494d7fefee2dc6ae6f31ea73e35c0921953c2c0
Reviewed-on: https://chromium-review.googlesource.com/1040666
Commit-Queue: Vincent Belliard <vincent.belliard@arm.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52959}
2018-05-03 14:43:28 +00:00
Camillo Bruni
edec62077e [logging] Reduce FailureMessage buffer size
This should reduce the probability of running out of stack space while logging
a fatal error message.
Additionally this CL distinguishes the error OOM error message when there is no
isolate available on the background thread.

Bug: chromium:839166
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I17e929f322dda20127fbf86a6154af5460e53490
Reviewed-on: https://chromium-review.googlesource.com/1041964
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52958}
2018-05-03 14:34:47 +00:00
Hannes Payer
494068c1c2 [heap] Clear from space after garbage collection.
Bug: chromium:829771
Change-Id: I9e71e6cbba347dd6951e5415332e5178df9b5122
Reviewed-on: https://chromium-review.googlesource.com/1041685
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52957}
2018-05-03 13:46:25 +00:00
Clemens Hammacher
d78d026d08 [wasm] Remove dead code kind
{kCopiedStub} is not used any more since https://crrev.com/c/1012024.

R=mstarzinger@chromium.org

Change-Id: Idb0049f7d0bb0215cef902daba49591596f93668
Reviewed-on: https://chromium-review.googlesource.com/1042225
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52956}
2018-05-03 13:45:17 +00:00
Benoît Lizé
1a0efd803a Report the per-isolate total size of scripts source.
As with other code size stats, this doesn't distinguish between live and
dead objects, and doesn't scan the young generation.

Also make ExternalString::is_short() const.

Bug: chromium:837659
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I72815edb719ba61d9727e226ff1da0fc4af22a24
Reviewed-on: https://chromium-review.googlesource.com/1032994
Commit-Queue: Benoit L <lizeb@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52955}
2018-05-03 13:43:55 +00:00
Bill Budge
5db17032a1 [ia32] Fix problem with ambiguous constructor (on OSX)
Change-Id: I6bc23527f63e86ecde228c85d499c55278ff555e
Reviewed-on: https://chromium-review.googlesource.com/1041949
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52954}
2018-05-03 13:26:04 +00:00
Ben L. Titzer
2c0edb48cd [wasm] Rename XXXOperand to XXXImmediate
R=clemensh@chromium.org
CC=ahaas@chromium.org

Change-Id: Ibcbc5e43e7095d9783f49ad2c3f27338100c4fdf
Reviewed-on: https://chromium-review.googlesource.com/1039489
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52953}
2018-05-03 12:41:54 +00:00
Toon Verwaest
39496a95c5 Replace Context::closure with Context::scope_info, allowing closure to die.
There are likely cleanups that can be done after this CL:
- context-related functions in the interpreter and compiler take ScopeInfo as
well as ScopeType and slot-count as input. The latter 2 should be directly
derived from the former. We should be able to drop FunctionContextParameters.
- ContextExtension is probably not needed anymore, since we now always have the
correct scope_info directly in the SCOPE_INFO_INDEX slot.

Bug: v8:7066
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ie1f6134c686a9f2183e54730d9cdd598a9e5ab67
Reviewed-on: https://chromium-review.googlesource.com/785151
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52952}
2018-05-03 12:34:17 +00:00
Marja Hölttä
7ed2e31bd9 [wasm] iwyu part 3
BUG=v8:7490

Change-Id: I10f5339f3d7e634934d59d744334a045276fbed6
Reviewed-on: https://chromium-review.googlesource.com/1041906
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52951}
2018-05-03 12:19:25 +00:00
Michael Achenbach
ab814fb833 Revert "[logging] Remove unused code"
This reverts commit c32f661486.

Reason for revert:
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20TSAN/builds/20563

Original change's description:
> [logging] Remove unused code
> 
> This removes unused mutex, headers from log.(h|cc).
> 
> Change-Id: Ie4dc69a7efa9494b21ff6e2b19828bd740e3a47c
> Reviewed-on: https://chromium-review.googlesource.com/1041967
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52946}

TBR=jarin@chromium.org,cbruni@chromium.org

Change-Id: I48b63c7fc6a10e118b735f708db37d353ba6c0f7
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/1041969
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52950}
2018-05-03 12:11:15 +00:00
Michael Achenbach
79a99dfc10 Revert "[wasm] Maintain link from Instance to Module."
This reverts commit a0c57368a9.

Reason for revert: Speculative revert due to failures with custom
snapshot:
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/19061

Local bisect also points to this change:
http://shortn/_IhVxU2FKLu

Original change's description:
> [wasm] Maintain link from Instance to Module.
> 
> This moves the link from a {WasmInstanceObject} to its corresponding
> {WasmModuleObject} into the right place and also makes it strong. This
> ensures that an instance always keeps the underlying module alive and
> hence removes the situation of an "orphaned instance".
> 
> R=​clemensh@chromium.org
> 
> Change-Id: Id59f6a49740af8ef0248679c3d2c696bb9776944
> Reviewed-on: https://chromium-review.googlesource.com/1041691
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52942}

TBR=mstarzinger@chromium.org,clemensh@chromium.org

Change-Id: I1830e6ce14314f06f918a0c428182bfd68354ad9
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/1041968
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52949}
2018-05-03 11:56:25 +00:00
Hannes Payer
c280e7d4f4 [heap] Clear the memory of pooled pages when allocating from the pool.
Bug: chromium:999634
Change-Id: Ia7a0dd6ddc2477a7656a26548e9a247470d9143f
Reviewed-on: https://chromium-review.googlesource.com/1041688
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52948}
2018-05-03 11:43:12 +00:00
Daniel Clifford
90415437fb Refactor/cleanup various Torque classes, inclduing making Type a Declarable
This is a preparatory step for implementing generics. Along the way, clean up
and encapsulate a bunch of code, including:

* Fully encapsulate Scope by adding the new class ScopeChain that provide an
  abstraction for creating and activating scopes.
* Untangle Modules and Scopes.
* Unify scope activation so that it is always associated with an AST node
  and triggered by a RAII helper class.
* Unify (somewhat) how builtins and macros are created, fixing a few
  inconsistencies with when and how parameters and their types are declared.
* Create a new Declarations class that brokers between the visitor classes and
  the ScopeChain. This moves handling of declaration-related errors out of the
  visitors but also makes it possible to do so without polluting Scope and
  ScopeChain with details about resolving SourcePositions in error cases.

Change-Id: I180017d4cf39ccf5ef1d20b84f53284c252f8d87
Reviewed-on: https://chromium-review.googlesource.com/1038504
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52947}
2018-05-03 11:38:52 +00:00
Jaroslav Sevcik
c32f661486 [logging] Remove unused code
This removes unused mutex, headers from log.(h|cc).

Change-Id: Ie4dc69a7efa9494b21ff6e2b19828bd740e3a47c
Reviewed-on: https://chromium-review.googlesource.com/1041967
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52946}
2018-05-03 11:12:18 +00:00
Michael Achenbach
d14bca61b3 Revert "[heap] Mark RO_SPACE as read-only after deserialization"
This reverts commit 40f1aaf330.

Reason for revert:
https://luci-milo.appspot.com/buildbot/client.v8/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/21000

Original change's description:
> [heap] Mark RO_SPACE as read-only after deserialization
> 
> Adds MarkAsReadOnly and MarkAsReadWrite to ReadOnlySpace. The latter
> is only usable with ReadOnlySpace::WritableScope to avoid the space
> being left writable). MarkAsReadOnly updates the high water mark and
> makes several previously mutating methods into no-ops.
> 
> Moves some writes to immutable objects out of the bootstrapper to
> setup-heap-internal so they don't write to a read-only page.
> 
> Also avoid writing hashes to strings that already have the value set as
> that invariably means writing to the "0" and "1" constant strings in
> RO_SPACE.
> 
> Before serialization, it makes RO_SPACE writable again so that any
> padding can be cleared before writing it.
> 
> Bug: v8:7464
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
> Change-Id: I22edc20dba7dde8943991a8fcaf87244af4490a3
> Reviewed-on: https://chromium-review.googlesource.com/1014128
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52943}

TBR=yangguo@chromium.org,hpayer@chromium.org,mlippautz@chromium.org,delphick@chromium.org

Change-Id: Id4770c0fdb21cd9eea2f62a019f44a6bdea8f0a7
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7464
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/1041948
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52944}
2018-05-03 10:17:19 +00:00
Dan Elphick
40f1aaf330 [heap] Mark RO_SPACE as read-only after deserialization
Adds MarkAsReadOnly and MarkAsReadWrite to ReadOnlySpace. The latter
is only usable with ReadOnlySpace::WritableScope to avoid the space
being left writable). MarkAsReadOnly updates the high water mark and
makes several previously mutating methods into no-ops.

Moves some writes to immutable objects out of the bootstrapper to
setup-heap-internal so they don't write to a read-only page.

Also avoid writing hashes to strings that already have the value set as
that invariably means writing to the "0" and "1" constant strings in
RO_SPACE.

Before serialization, it makes RO_SPACE writable again so that any
padding can be cleared before writing it.

Bug: v8:7464
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I22edc20dba7dde8943991a8fcaf87244af4490a3
Reviewed-on: https://chromium-review.googlesource.com/1014128
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52943}
2018-05-03 09:46:28 +00:00
Michael Starzinger
a0c57368a9 [wasm] Maintain link from Instance to Module.
This moves the link from a {WasmInstanceObject} to its corresponding
{WasmModuleObject} into the right place and also makes it strong. This
ensures that an instance always keeps the underlying module alive and
hence removes the situation of an "orphaned instance".

R=clemensh@chromium.org

Change-Id: Id59f6a49740af8ef0248679c3d2c696bb9776944
Reviewed-on: https://chromium-review.googlesource.com/1041691
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52942}
2018-05-03 09:36:38 +00:00
Marja Hölttä
687795e3b2 [iwyu] Fixes related to src/machine-type.h
Restores some sensemaking properties, such as making src/machine-type.h (lower
level header) independent of src/zone/zone.h (higher level header).

BUG=v8:7490

Change-Id: Ibc6e5c7a75e4aaf917d086cf70267abc7ee9a9b0
Reviewed-on: https://chromium-review.googlesource.com/1039586
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52941}
2018-05-03 09:29:08 +00:00
Ben L. Titzer
2461fdfda8 [wasm] Remove some redundant/unnecessary DisallowHeapAllocation scopes
R=mstarzinger@chromium.org

Change-Id: I57ff09601a9e84cc5b53ff06a446b7dfc3c026b2
Reviewed-on: https://chromium-review.googlesource.com/1032742
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52940}
2018-05-03 09:25:28 +00:00
Clemens Hammacher
741166f6f9 [Liftoff] Implement {MoveToReturnRegister} platform independent
Now that wasm-linkage.h is split off, we can easily implement
{MoveToReturnRegister} in platform independent code.

R=titzer@chromium.org

Bug: v8:6600
Change-Id: I072a0ee48d58ed29e0df489016f838915c3f2cb2
Reviewed-on: https://chromium-review.googlesource.com/1041690
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52939}
2018-05-03 09:15:38 +00:00
Simon Zünd
d0ecfe25d6 [typedarray] Change Torque sort implementation
This CL changes how TypedArray.p.sort is implemented in Torque, mainly
to address the binary memory size of the builtin.

With this CL the memory comes down from 53611 to 4215 (as reported
by --print-builtin-size on a x64.release build).
With the following performance impact
on the relevant benchmarks:

Benchmark  Original (JS)   Torque (initial)    This CL

IntTypes            83.9              263.7      202.3
BigIntTypes         32.1               54.6       47.2
FloatTypes          99.3              138.7      109.3

This is achieved by pushing the Load/Store dispatch based on
the elements kind into separate builtins that are executed
for each load/store. This results in only one version of the
sorting algorithm instead of one version per elements kind.

R=jgruber@chromium.org

Bug: chromium:837282
Change-Id: I7fe2da3cbfd01531d070128126a0d56d3dd6bdcc
Reviewed-on: https://chromium-review.googlesource.com/1033744
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52937}
2018-05-03 08:18:28 +00:00
Dan Elphick
28279bd8f5 [cleanup] Remove unused Executability parameter
Removes unused parameter from CommitBlock and CommitMemory functions.

Change-Id: I4b79c1802060f1f70e06fd39532758fcdae2bead
Reviewed-on: https://chromium-review.googlesource.com/1039830
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52936}
2018-05-03 07:56:37 +00:00
jgruber
519bd47f6c [builtins] Update isolate-independent list & related fixups
With the exception of the InterpreterEntryTrampoline, all builtins are
now isolate-independent and can be embedded into the binary.

This CL updates the corresponding list and also contains a few smallish
tweaks to support having these builtins off the heap:

* wasm: copy the off-heap builtin, not its trampoline.
* Code::contains: support off-heap builtins.
* JSFunction::is_compiled: compare builtin index instead of identity
  (this is relevant during mksnapshot when we transition from the
  on-heap builtin to its off-heap representation + the trampoline).
* Remove old DCHECKs.
* A few tweaks in macro-assembler ports that have snuck in recently.

Bug: v8:6666
Change-Id: Iabf5b47ade3826a4da35b6b75a4e61614f0158b0
Reviewed-on: https://chromium-review.googlesource.com/1032777
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52935}
2018-05-03 07:48:07 +00:00
Yang Guo
7a07d74b09 [interpreter] correctly advance over debug scaling prefixes.
R=leszeks@chromium.org, ulan@chromium.org

Bug: chromium:835973
Change-Id: I35600e1da60bb6cd3b87cd1573791355e310aa9c
Reviewed-on: https://chromium-review.googlesource.com/1032430
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52933}
2018-05-03 07:02:57 +00:00
Alexey Kozyatinskiy
67bb22e319 [inspector] do not resume on agent disable if there is other agents
If there is more then one agent accepts current pause, we should resume
only when last agent is disabled.

R=dgozman@chromium.org

Bug: chromium:834056
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I2904b3f4ab76117511e16450dd575ebf3e20a068
Reviewed-on: https://chromium-review.googlesource.com/1041207
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52931}
2018-05-03 06:23:12 +00:00
Sathya Gunasekaran
cfc79faa93 [hashtable] Move data table to the beginning
TBR: hpayer@chromium.org
Bug: v8:6443, v8:7569
Change-Id: Idd952ed0a832c469b76f1cbc919f700e09dc975d
Reviewed-on: https://chromium-review.googlesource.com/1031559
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52930}
2018-05-03 06:22:07 +00:00
Jungshik Shin
a9e2b2ce20 Move DateTimeFormat.formatToParts to CPP from JS
Bug: None
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Ie8a0db70a2f29567718fbacfd33fcd412109d069
Reviewed-on: https://chromium-review.googlesource.com/1034282
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52929}
2018-05-03 01:12:49 +00:00
Eric Holk
37693e0ad6 [wasm] Use V8::FatalProcessOutOfMemory when SetPermissions fails
SetPermissions causes memory that was previously reserved but uncommitted to be
committed. This could put us over the committed memory limit for the process,
causing SetPermissions to fail. In this case, we should report this as an out of
memory error rather than a crash.

Bug: chromium:838880
Change-Id: I2785aa9f5608fa04196fee2b280e0c6df2f56ca8
Reviewed-on: https://chromium-review.googlesource.com/1040657
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52928}
2018-05-03 01:09:29 +00:00
Sathya Gunasekaran
11f576d1cd Revert "[heap] Verify that newly allocated MemoryChunks are pre-initialzed with 0."
This reverts commit 77aba17a40.

Reason for revert: broke gc stress bot
https://ci.chromium.org/buildbot/client.v8/V8%20Mac64%20GC%20Stress/743

Original change's description:
> [heap] Verify that newly allocated MemoryChunks are pre-initialzed with 0.
> 
> Bug: chromium:829771
> Change-Id: I78eab59fded3f41c93ecb3d5d8a30e1bddc4576e
> Reviewed-on: https://chromium-review.googlesource.com/1039747
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Hannes Payer <hpayer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52925}

TBR=hpayer@chromium.org,mlippautz@chromium.org

Change-Id: I3053cb9d052e520dd6a41f54a6c7e1654fa4d1f3
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:829771
Reviewed-on: https://chromium-review.googlesource.com/1041245
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52927}
2018-05-03 01:03:00 +00:00
Deepti Gandluri
4e668f8e2f Clean up visitors for Atomic operations
Bug: v8:6532, v8:7570
Change-Id: Ieca502a6a13449ea65e47fb43f0e3d7cb5a09a7d
Reviewed-on: https://chromium-review.googlesource.com/1031176
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52926}
2018-05-02 19:22:02 +00:00
Hannes Payer
77aba17a40 [heap] Verify that newly allocated MemoryChunks are pre-initialzed with 0.
Bug: chromium:829771
Change-Id: I78eab59fded3f41c93ecb3d5d8a30e1bddc4576e
Reviewed-on: https://chromium-review.googlesource.com/1039747
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52925}
2018-05-02 19:15:52 +00:00
Deepti Gandluri
996fe2d24c [int64-lowering] Remove unused functions
Bug:v8:7510

R=ahaas@chromium.org

Change-Id: Id3c6b4ebcb89300c4b886c79f4c688bc18648b06
Reviewed-on: https://chromium-review.googlesource.com/1036650
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52924}
2018-05-02 19:00:02 +00:00
Michael Lippautz
55d00c95b0 [heap] Fix ArrayBufferTracker accessing already swept byte length
The tracker needs to maintain the byte length as there is no order guarantee
when sweeping pages and the byte length may be a HeapNumber that is stored on a
different page.

The abstraction for ArrayBuffers is left untouched. We distinguish between the
following cases:
1. Regular AB (backing_store and bye_length should be used)
2. AB allocated using kReservation but not part of wasm
3. AB allocated using kReservation and part of wasm

In practice, 2. does not exist, but we still maintain "allocation_base" and
"allocation_length" which fall back to backing_store and byte_length in this
case. The problematic part is that they look like innocent getters on the
object but actually refer to different data structures or on-heap objects.

Since 2. does not exist, and 3. looks up the bounds in its own tracker, it is
fine for ArrayBufferTracker to pass backing_store and tracked byte_length.

Bug: v8:7701
Change-Id: Ib89d5fe94fce5cef8e5d8343a5415a3b9ad0deba
Reviewed-on: https://chromium-review.googlesource.com/1039385
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52923}
2018-05-02 18:16:18 +00:00
Ali Ijaz Sheikh
a3770c731e [tracing] add INTERNAL_TRACE_EVENT_ADD_WITH_ID_TID_AND_TIMESTAMP
Change-Id: I3cc0dd01d5e33ca7579a4c0dc8f5e65e6b7c76f4
Reviewed-on: https://chromium-review.googlesource.com/924507
Reviewed-by: Fadi Meawad <fmeawad@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
Cr-Commit-Position: refs/heads/master@{#52922}
2018-05-02 17:44:54 +00:00
Eric Holk
19617ec0c3 Reland "[wasm] Always enable guard regions on 64-bit platforms"
This is a reland of ad221d144a

Original change's description:
> [wasm] Always enable guard regions on 64-bit platforms
> 
> This change makes full 8 GiB guard regions always enabled on 64-bit
> platforms.
> 
> Additionally, since all Wasm memory allocation paths have some form of
> guard regions, this removes and simplifies most of the logic around
> whether to enable guard regions.
> 
> This is a reland of https://crrev.com/c/985142.
> 
> Bug: v8:7619
> Change-Id: I8bf1f86d6f89fd0bb2144431c7628f15a6b00ba0
> Reviewed-on: https://chromium-review.googlesource.com/996466
> Reviewed-by: Brad Nelson <bradnelson@chromium.org>
> Commit-Queue: Eric Holk <eholk@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52412}

Bug: v8:7619
Change-Id: I0f311305472ca2305ad2fa9163560ff54c1422c2
Reviewed-on: https://chromium-review.googlesource.com/999872
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52921}
2018-05-02 16:44:38 +00:00
Eric Holk
07ef612fbf [wasm] Remove racy DCHECKs
These DCHECKs involve reading and comparing two variables that may be modified
on a separate thread. Thus, there is no way to ensure these comparisons happen
atomically. This leads to runtime failures that are otherwise benign.

The other option would be to take the memory tracker mutex, but this seems
unnecessary given that two atomic counters is sufficient and these checks are
only used during debug builds.

Bug: chromium:838043
Change-Id: I1b87698c46c550bd2d58bfef956b5a07cb2ec52c
Reviewed-on: https://chromium-review.googlesource.com/1038886
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52920}
2018-05-02 16:05:28 +00:00
Leszek Swirski
18bc285621 Revert "[parser] Slice the source string where possible"
This reverts commit 2df5e7a7b6.

Reason for revert: Mystery crashes https://bugs.chromium.org/p/chromium/issues/detail?id=838805

Original change's description:
> [parser] Slice the source string where possible
> 
> When internalizing string literals (for quoted strings or property names),
> try to create a sliced string of the source string rather than allocating
> a copy of the bytes.
> 
> This will not work for string literals that contain escapes (e.g. unicode
> escapes), and currently does not support two-byte strings.
> 
> Bug: chromium:818642
> Change-Id: I686e5ad36baecd1a84ce5e124118431249b6c980
> Reviewed-on: https://chromium-review.googlesource.com/1010282
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52898}

TBR=marja@chromium.org,yangguo@chromium.org,jarin@chromium.org,mlippautz@chromium.org,leszeks@chromium.org,verwaest@chromium.org

Change-Id: I598b6668c43a3e843e2dd8e60852b2b2f3461954
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:818642
Reviewed-on: https://chromium-review.googlesource.com/1039885
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52919}
2018-05-02 15:32:13 +00:00
Choongwoo Han
aa15b7dc98 [map] Normalize hole for formatting an exception
The first element of a given iterable argument can be a hole. Thus,
normalize the first element so that we can correctly format the
exception message with "undefined" for a hole element, instead of "NaN".

Bug: v8:7715
Change-Id: I62edd09e361ebeebab642bb82db29b73a2c7b193
Reviewed-on: https://chromium-review.googlesource.com/1038951
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52917}
2018-05-02 12:55:47 +00:00
jgruber
ab9e012426 Reland: [builtins] Patch self-references in constants table
Original CL: https://crrev.com/c/1018468

During code generation, we generate self-references (i.e. references to
the Code object currently being generated) as references to a temporary
handle. When the final Code object has been allocated, the handle's
location is fixed up and RelocInfo iteration fixes up all references
embedded in the generated code.

This adds support for this mechanism to the builtins constants table
builder. CodeObject() is now a new handle pointing to a dedicated
self-reference marker in order to distinguish between self-references
and references to undefined. In Factory::NewCode, we patch up
the constants table.

TBR=yangguo@chromium.org,mlippautz@chromium.org

Bug: v8:6666
Change-Id: I3fa422c57de99c9851dc7a86394a8387c7c2b397
Reviewed-on: https://chromium-review.googlesource.com/1039366
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52916}
2018-05-02 12:33:06 +00:00
Sigurd Schneider
d9c9b00353 [turbofan] Fix wrong optimization of Number.parseInt
We incorrectly used a TurboFan typer check for {0,10,undefined} on the
radix argument on Number.parseInt, which was internally widened to the
checking whether radix is in range 0-10 or undefined. This CL introduces
two separate checks.

Bug: chromium:838766
Change-Id: I5ebfc1c82bad5b9794b4f844e79e4df01f541a83
Reviewed-on: https://chromium-review.googlesource.com/1039197
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52914}
2018-05-02 12:24:07 +00:00
Choongwoo Han
c77c869cd1 Do not throw if the array is empty in Map constructor
Bug: chromium:837939
Change-Id: Iaca2bc5b52f47d8add13ed9b82497a53cb522933
Reviewed-on: https://chromium-review.googlesource.com/1034043
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52913}
2018-05-02 12:03:26 +00:00
Clemens Hammacher
a05dc3652d [Liftoff] Implement current_memory
R=titzer@chromium.org

Bug: v8:6600
Change-Id: I2eb914e7558c01d924cb9d39f18e1c3a5f5c72e5
Reviewed-on: https://chromium-review.googlesource.com/1035123
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52912}
2018-05-02 11:43:06 +00:00
Marja Hölttä
c56cabb5ea [wasm] iwyu part 2
BUG=v8:7490

Change-Id: I2a597eda708b2ea34c9e32e39556159b48591b61
Reviewed-on: https://chromium-review.googlesource.com/1039196
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52911}
2018-05-02 11:22:56 +00:00
Benedikt Meurer
ca7639239f [promises] Correctly run before/after hooks for await.
This fixes a bug where we didn't run before/after hooks for await when
the debugger is not active, as reported downstream in
https://github.com/nodejs/node/issues/20274

Change-Id: I1948d1884c591418d87ffd1d0ccb2bebf4e908f1
Reviewed-on: https://chromium-review.googlesource.com/1039386
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52909}
2018-05-02 10:51:34 +00:00
Marja Hölttä
a9db2c74b5 [objects.h splitting] Move classes related to api callbacks.
BUG=v8:5402,v8:7570

Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I56beb15109a3557ba514e8d17880b1a37a109031
Reviewed-on: https://chromium-review.googlesource.com/1032552
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52908}
2018-05-02 10:24:44 +00:00
Choongwoo Han
23d38099da Make a transition for too many JSFunction properties
If we add new properties by assigning JSFunction values, properties
array was not changed into a dictionary map.

Bug: v8:7461
Change-Id: Ie16f974502d0ba362e3650a409c27cdc5856a373
Reviewed-on: https://chromium-review.googlesource.com/1028110
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52907}
2018-05-02 09:05:24 +00:00
Pierre Langlois
34fc7f621c [perf-prof] Let UnwindingInfoWriter know about throw and debug abort.
In order to keep track of where the return address is stored in each block, the
UnwindingInfoWriter needs to know if a block exits the current function.
However, we would only mark returns and tail-calls as exists, while we also have
kArchDebugAbort, kArchThrowTerminator and kArchDeoptimize. This would lead to
assertions when generating the snapshot in debug mode with
`v8_perf_prof_unwinding_info = true`.

Bug: v8:7660
Change-Id: Iee2ab222251f6922dd21442e12cbb6b56534bf54
Reviewed-on: https://chromium-review.googlesource.com/1019504
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#52906}
2018-05-02 08:41:54 +00:00