Commit Graph

39442 Commits

Author SHA1 Message Date
Vincent Belliard
5841a47ee4 [arm64][Liftoff] implement trap instructions
Define and use TurboAssembler::AssertUnreachable

Bug: v8:6600
Change-Id: I6901896ea4fd7e0fe24dd76a1afbb409a24a2994
Reviewed-on: https://chromium-review.googlesource.com/1040766
Commit-Queue: Vincent Belliard <vincent.belliard@arm.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52963}
2018-05-03 15:07:57 +00:00
Vincent Belliard
7208d6459d [arm64][Liftoff] implement jumps
Bug: v8:6600
Change-Id: I9e4b4770286cb08e83dd5dbf9b5ae5cfd7d4d411
Reviewed-on: https://chromium-review.googlesource.com/1040649
Commit-Queue: Vincent Belliard <vincent.belliard@arm.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52962}
2018-05-03 15:05:56 +00:00
Vincent Belliard
ddc1bb0631 [arm64][Liftoff] implement conditional set instructions
Bug: v8:6600
Change-Id: If52fd4600c178354cb0631d062be71d19cc10a89
Reviewed-on: https://chromium-review.googlesource.com/1040669
Commit-Queue: Vincent Belliard <vincent.belliard@arm.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52961}
2018-05-03 15:03:47 +00:00
Vincent Belliard
c42c53068c [arm64][Liftoff] implement integer unary operators
Bug: v8:6600
Change-Id: Ia494d7fefee2dc6ae6f31ea73e35c0921953c2c0
Reviewed-on: https://chromium-review.googlesource.com/1040666
Commit-Queue: Vincent Belliard <vincent.belliard@arm.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52959}
2018-05-03 14:43:28 +00:00
Camillo Bruni
edec62077e [logging] Reduce FailureMessage buffer size
This should reduce the probability of running out of stack space while logging
a fatal error message.
Additionally this CL distinguishes the error OOM error message when there is no
isolate available on the background thread.

Bug: chromium:839166
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I17e929f322dda20127fbf86a6154af5460e53490
Reviewed-on: https://chromium-review.googlesource.com/1041964
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52958}
2018-05-03 14:34:47 +00:00
Hannes Payer
494068c1c2 [heap] Clear from space after garbage collection.
Bug: chromium:829771
Change-Id: I9e71e6cbba347dd6951e5415332e5178df9b5122
Reviewed-on: https://chromium-review.googlesource.com/1041685
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52957}
2018-05-03 13:46:25 +00:00
Clemens Hammacher
d78d026d08 [wasm] Remove dead code kind
{kCopiedStub} is not used any more since https://crrev.com/c/1012024.

R=mstarzinger@chromium.org

Change-Id: Idb0049f7d0bb0215cef902daba49591596f93668
Reviewed-on: https://chromium-review.googlesource.com/1042225
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52956}
2018-05-03 13:45:17 +00:00
Benoît Lizé
1a0efd803a Report the per-isolate total size of scripts source.
As with other code size stats, this doesn't distinguish between live and
dead objects, and doesn't scan the young generation.

Also make ExternalString::is_short() const.

Bug: chromium:837659
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I72815edb719ba61d9727e226ff1da0fc4af22a24
Reviewed-on: https://chromium-review.googlesource.com/1032994
Commit-Queue: Benoit L <lizeb@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52955}
2018-05-03 13:43:55 +00:00
Bill Budge
5db17032a1 [ia32] Fix problem with ambiguous constructor (on OSX)
Change-Id: I6bc23527f63e86ecde228c85d499c55278ff555e
Reviewed-on: https://chromium-review.googlesource.com/1041949
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52954}
2018-05-03 13:26:04 +00:00
Ben L. Titzer
2c0edb48cd [wasm] Rename XXXOperand to XXXImmediate
R=clemensh@chromium.org
CC=ahaas@chromium.org

Change-Id: Ibcbc5e43e7095d9783f49ad2c3f27338100c4fdf
Reviewed-on: https://chromium-review.googlesource.com/1039489
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52953}
2018-05-03 12:41:54 +00:00
Toon Verwaest
39496a95c5 Replace Context::closure with Context::scope_info, allowing closure to die.
There are likely cleanups that can be done after this CL:
- context-related functions in the interpreter and compiler take ScopeInfo as
well as ScopeType and slot-count as input. The latter 2 should be directly
derived from the former. We should be able to drop FunctionContextParameters.
- ContextExtension is probably not needed anymore, since we now always have the
correct scope_info directly in the SCOPE_INFO_INDEX slot.

Bug: v8:7066
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ie1f6134c686a9f2183e54730d9cdd598a9e5ab67
Reviewed-on: https://chromium-review.googlesource.com/785151
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52952}
2018-05-03 12:34:17 +00:00
Marja Hölttä
7ed2e31bd9 [wasm] iwyu part 3
BUG=v8:7490

Change-Id: I10f5339f3d7e634934d59d744334a045276fbed6
Reviewed-on: https://chromium-review.googlesource.com/1041906
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52951}
2018-05-03 12:19:25 +00:00
Michael Achenbach
ab814fb833 Revert "[logging] Remove unused code"
This reverts commit c32f661486.

Reason for revert:
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20TSAN/builds/20563

Original change's description:
> [logging] Remove unused code
> 
> This removes unused mutex, headers from log.(h|cc).
> 
> Change-Id: Ie4dc69a7efa9494b21ff6e2b19828bd740e3a47c
> Reviewed-on: https://chromium-review.googlesource.com/1041967
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52946}

TBR=jarin@chromium.org,cbruni@chromium.org

Change-Id: I48b63c7fc6a10e118b735f708db37d353ba6c0f7
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/1041969
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52950}
2018-05-03 12:11:15 +00:00
Michael Achenbach
79a99dfc10 Revert "[wasm] Maintain link from Instance to Module."
This reverts commit a0c57368a9.

Reason for revert: Speculative revert due to failures with custom
snapshot:
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/19061

Local bisect also points to this change:
http://shortn/_IhVxU2FKLu

Original change's description:
> [wasm] Maintain link from Instance to Module.
> 
> This moves the link from a {WasmInstanceObject} to its corresponding
> {WasmModuleObject} into the right place and also makes it strong. This
> ensures that an instance always keeps the underlying module alive and
> hence removes the situation of an "orphaned instance".
> 
> R=​clemensh@chromium.org
> 
> Change-Id: Id59f6a49740af8ef0248679c3d2c696bb9776944
> Reviewed-on: https://chromium-review.googlesource.com/1041691
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52942}

TBR=mstarzinger@chromium.org,clemensh@chromium.org

Change-Id: I1830e6ce14314f06f918a0c428182bfd68354ad9
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/1041968
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52949}
2018-05-03 11:56:25 +00:00
Hannes Payer
c280e7d4f4 [heap] Clear the memory of pooled pages when allocating from the pool.
Bug: chromium:999634
Change-Id: Ia7a0dd6ddc2477a7656a26548e9a247470d9143f
Reviewed-on: https://chromium-review.googlesource.com/1041688
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52948}
2018-05-03 11:43:12 +00:00
Daniel Clifford
90415437fb Refactor/cleanup various Torque classes, inclduing making Type a Declarable
This is a preparatory step for implementing generics. Along the way, clean up
and encapsulate a bunch of code, including:

* Fully encapsulate Scope by adding the new class ScopeChain that provide an
  abstraction for creating and activating scopes.
* Untangle Modules and Scopes.
* Unify scope activation so that it is always associated with an AST node
  and triggered by a RAII helper class.
* Unify (somewhat) how builtins and macros are created, fixing a few
  inconsistencies with when and how parameters and their types are declared.
* Create a new Declarations class that brokers between the visitor classes and
  the ScopeChain. This moves handling of declaration-related errors out of the
  visitors but also makes it possible to do so without polluting Scope and
  ScopeChain with details about resolving SourcePositions in error cases.

Change-Id: I180017d4cf39ccf5ef1d20b84f53284c252f8d87
Reviewed-on: https://chromium-review.googlesource.com/1038504
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52947}
2018-05-03 11:38:52 +00:00
Jaroslav Sevcik
c32f661486 [logging] Remove unused code
This removes unused mutex, headers from log.(h|cc).

Change-Id: Ie4dc69a7efa9494b21ff6e2b19828bd740e3a47c
Reviewed-on: https://chromium-review.googlesource.com/1041967
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52946}
2018-05-03 11:12:18 +00:00
Michael Achenbach
d14bca61b3 Revert "[heap] Mark RO_SPACE as read-only after deserialization"
This reverts commit 40f1aaf330.

Reason for revert:
https://luci-milo.appspot.com/buildbot/client.v8/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/21000

Original change's description:
> [heap] Mark RO_SPACE as read-only after deserialization
> 
> Adds MarkAsReadOnly and MarkAsReadWrite to ReadOnlySpace. The latter
> is only usable with ReadOnlySpace::WritableScope to avoid the space
> being left writable). MarkAsReadOnly updates the high water mark and
> makes several previously mutating methods into no-ops.
> 
> Moves some writes to immutable objects out of the bootstrapper to
> setup-heap-internal so they don't write to a read-only page.
> 
> Also avoid writing hashes to strings that already have the value set as
> that invariably means writing to the "0" and "1" constant strings in
> RO_SPACE.
> 
> Before serialization, it makes RO_SPACE writable again so that any
> padding can be cleared before writing it.
> 
> Bug: v8:7464
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
> Change-Id: I22edc20dba7dde8943991a8fcaf87244af4490a3
> Reviewed-on: https://chromium-review.googlesource.com/1014128
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52943}

TBR=yangguo@chromium.org,hpayer@chromium.org,mlippautz@chromium.org,delphick@chromium.org

Change-Id: Id4770c0fdb21cd9eea2f62a019f44a6bdea8f0a7
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7464
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/1041948
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52944}
2018-05-03 10:17:19 +00:00
Dan Elphick
40f1aaf330 [heap] Mark RO_SPACE as read-only after deserialization
Adds MarkAsReadOnly and MarkAsReadWrite to ReadOnlySpace. The latter
is only usable with ReadOnlySpace::WritableScope to avoid the space
being left writable). MarkAsReadOnly updates the high water mark and
makes several previously mutating methods into no-ops.

Moves some writes to immutable objects out of the bootstrapper to
setup-heap-internal so they don't write to a read-only page.

Also avoid writing hashes to strings that already have the value set as
that invariably means writing to the "0" and "1" constant strings in
RO_SPACE.

Before serialization, it makes RO_SPACE writable again so that any
padding can be cleared before writing it.

Bug: v8:7464
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I22edc20dba7dde8943991a8fcaf87244af4490a3
Reviewed-on: https://chromium-review.googlesource.com/1014128
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52943}
2018-05-03 09:46:28 +00:00
Michael Starzinger
a0c57368a9 [wasm] Maintain link from Instance to Module.
This moves the link from a {WasmInstanceObject} to its corresponding
{WasmModuleObject} into the right place and also makes it strong. This
ensures that an instance always keeps the underlying module alive and
hence removes the situation of an "orphaned instance".

R=clemensh@chromium.org

Change-Id: Id59f6a49740af8ef0248679c3d2c696bb9776944
Reviewed-on: https://chromium-review.googlesource.com/1041691
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52942}
2018-05-03 09:36:38 +00:00
Marja Hölttä
687795e3b2 [iwyu] Fixes related to src/machine-type.h
Restores some sensemaking properties, such as making src/machine-type.h (lower
level header) independent of src/zone/zone.h (higher level header).

BUG=v8:7490

Change-Id: Ibc6e5c7a75e4aaf917d086cf70267abc7ee9a9b0
Reviewed-on: https://chromium-review.googlesource.com/1039586
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52941}
2018-05-03 09:29:08 +00:00
Ben L. Titzer
2461fdfda8 [wasm] Remove some redundant/unnecessary DisallowHeapAllocation scopes
R=mstarzinger@chromium.org

Change-Id: I57ff09601a9e84cc5b53ff06a446b7dfc3c026b2
Reviewed-on: https://chromium-review.googlesource.com/1032742
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52940}
2018-05-03 09:25:28 +00:00
Clemens Hammacher
741166f6f9 [Liftoff] Implement {MoveToReturnRegister} platform independent
Now that wasm-linkage.h is split off, we can easily implement
{MoveToReturnRegister} in platform independent code.

R=titzer@chromium.org

Bug: v8:6600
Change-Id: I072a0ee48d58ed29e0df489016f838915c3f2cb2
Reviewed-on: https://chromium-review.googlesource.com/1041690
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52939}
2018-05-03 09:15:38 +00:00
Simon Zünd
d0ecfe25d6 [typedarray] Change Torque sort implementation
This CL changes how TypedArray.p.sort is implemented in Torque, mainly
to address the binary memory size of the builtin.

With this CL the memory comes down from 53611 to 4215 (as reported
by --print-builtin-size on a x64.release build).
With the following performance impact
on the relevant benchmarks:

Benchmark  Original (JS)   Torque (initial)    This CL

IntTypes            83.9              263.7      202.3
BigIntTypes         32.1               54.6       47.2
FloatTypes          99.3              138.7      109.3

This is achieved by pushing the Load/Store dispatch based on
the elements kind into separate builtins that are executed
for each load/store. This results in only one version of the
sorting algorithm instead of one version per elements kind.

R=jgruber@chromium.org

Bug: chromium:837282
Change-Id: I7fe2da3cbfd01531d070128126a0d56d3dd6bdcc
Reviewed-on: https://chromium-review.googlesource.com/1033744
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52937}
2018-05-03 08:18:28 +00:00
Dan Elphick
28279bd8f5 [cleanup] Remove unused Executability parameter
Removes unused parameter from CommitBlock and CommitMemory functions.

Change-Id: I4b79c1802060f1f70e06fd39532758fcdae2bead
Reviewed-on: https://chromium-review.googlesource.com/1039830
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52936}
2018-05-03 07:56:37 +00:00
jgruber
519bd47f6c [builtins] Update isolate-independent list & related fixups
With the exception of the InterpreterEntryTrampoline, all builtins are
now isolate-independent and can be embedded into the binary.

This CL updates the corresponding list and also contains a few smallish
tweaks to support having these builtins off the heap:

* wasm: copy the off-heap builtin, not its trampoline.
* Code::contains: support off-heap builtins.
* JSFunction::is_compiled: compare builtin index instead of identity
  (this is relevant during mksnapshot when we transition from the
  on-heap builtin to its off-heap representation + the trampoline).
* Remove old DCHECKs.
* A few tweaks in macro-assembler ports that have snuck in recently.

Bug: v8:6666
Change-Id: Iabf5b47ade3826a4da35b6b75a4e61614f0158b0
Reviewed-on: https://chromium-review.googlesource.com/1032777
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52935}
2018-05-03 07:48:07 +00:00
Yang Guo
7a07d74b09 [interpreter] correctly advance over debug scaling prefixes.
R=leszeks@chromium.org, ulan@chromium.org

Bug: chromium:835973
Change-Id: I35600e1da60bb6cd3b87cd1573791355e310aa9c
Reviewed-on: https://chromium-review.googlesource.com/1032430
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52933}
2018-05-03 07:02:57 +00:00
Alexey Kozyatinskiy
67bb22e319 [inspector] do not resume on agent disable if there is other agents
If there is more then one agent accepts current pause, we should resume
only when last agent is disabled.

R=dgozman@chromium.org

Bug: chromium:834056
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I2904b3f4ab76117511e16450dd575ebf3e20a068
Reviewed-on: https://chromium-review.googlesource.com/1041207
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52931}
2018-05-03 06:23:12 +00:00
Sathya Gunasekaran
cfc79faa93 [hashtable] Move data table to the beginning
TBR: hpayer@chromium.org
Bug: v8:6443, v8:7569
Change-Id: Idd952ed0a832c469b76f1cbc919f700e09dc975d
Reviewed-on: https://chromium-review.googlesource.com/1031559
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52930}
2018-05-03 06:22:07 +00:00
Jungshik Shin
a9e2b2ce20 Move DateTimeFormat.formatToParts to CPP from JS
Bug: None
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Ie8a0db70a2f29567718fbacfd33fcd412109d069
Reviewed-on: https://chromium-review.googlesource.com/1034282
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52929}
2018-05-03 01:12:49 +00:00
Eric Holk
37693e0ad6 [wasm] Use V8::FatalProcessOutOfMemory when SetPermissions fails
SetPermissions causes memory that was previously reserved but uncommitted to be
committed. This could put us over the committed memory limit for the process,
causing SetPermissions to fail. In this case, we should report this as an out of
memory error rather than a crash.

Bug: chromium:838880
Change-Id: I2785aa9f5608fa04196fee2b280e0c6df2f56ca8
Reviewed-on: https://chromium-review.googlesource.com/1040657
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52928}
2018-05-03 01:09:29 +00:00
Sathya Gunasekaran
11f576d1cd Revert "[heap] Verify that newly allocated MemoryChunks are pre-initialzed with 0."
This reverts commit 77aba17a40.

Reason for revert: broke gc stress bot
https://ci.chromium.org/buildbot/client.v8/V8%20Mac64%20GC%20Stress/743

Original change's description:
> [heap] Verify that newly allocated MemoryChunks are pre-initialzed with 0.
> 
> Bug: chromium:829771
> Change-Id: I78eab59fded3f41c93ecb3d5d8a30e1bddc4576e
> Reviewed-on: https://chromium-review.googlesource.com/1039747
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Hannes Payer <hpayer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52925}

TBR=hpayer@chromium.org,mlippautz@chromium.org

Change-Id: I3053cb9d052e520dd6a41f54a6c7e1654fa4d1f3
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:829771
Reviewed-on: https://chromium-review.googlesource.com/1041245
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52927}
2018-05-03 01:03:00 +00:00
Deepti Gandluri
4e668f8e2f Clean up visitors for Atomic operations
Bug: v8:6532, v8:7570
Change-Id: Ieca502a6a13449ea65e47fb43f0e3d7cb5a09a7d
Reviewed-on: https://chromium-review.googlesource.com/1031176
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52926}
2018-05-02 19:22:02 +00:00
Hannes Payer
77aba17a40 [heap] Verify that newly allocated MemoryChunks are pre-initialzed with 0.
Bug: chromium:829771
Change-Id: I78eab59fded3f41c93ecb3d5d8a30e1bddc4576e
Reviewed-on: https://chromium-review.googlesource.com/1039747
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52925}
2018-05-02 19:15:52 +00:00
Deepti Gandluri
996fe2d24c [int64-lowering] Remove unused functions
Bug:v8:7510

R=ahaas@chromium.org

Change-Id: Id3c6b4ebcb89300c4b886c79f4c688bc18648b06
Reviewed-on: https://chromium-review.googlesource.com/1036650
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52924}
2018-05-02 19:00:02 +00:00
Michael Lippautz
55d00c95b0 [heap] Fix ArrayBufferTracker accessing already swept byte length
The tracker needs to maintain the byte length as there is no order guarantee
when sweeping pages and the byte length may be a HeapNumber that is stored on a
different page.

The abstraction for ArrayBuffers is left untouched. We distinguish between the
following cases:
1. Regular AB (backing_store and bye_length should be used)
2. AB allocated using kReservation but not part of wasm
3. AB allocated using kReservation and part of wasm

In practice, 2. does not exist, but we still maintain "allocation_base" and
"allocation_length" which fall back to backing_store and byte_length in this
case. The problematic part is that they look like innocent getters on the
object but actually refer to different data structures or on-heap objects.

Since 2. does not exist, and 3. looks up the bounds in its own tracker, it is
fine for ArrayBufferTracker to pass backing_store and tracked byte_length.

Bug: v8:7701
Change-Id: Ib89d5fe94fce5cef8e5d8343a5415a3b9ad0deba
Reviewed-on: https://chromium-review.googlesource.com/1039385
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52923}
2018-05-02 18:16:18 +00:00
Ali Ijaz Sheikh
a3770c731e [tracing] add INTERNAL_TRACE_EVENT_ADD_WITH_ID_TID_AND_TIMESTAMP
Change-Id: I3cc0dd01d5e33ca7579a4c0dc8f5e65e6b7c76f4
Reviewed-on: https://chromium-review.googlesource.com/924507
Reviewed-by: Fadi Meawad <fmeawad@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
Cr-Commit-Position: refs/heads/master@{#52922}
2018-05-02 17:44:54 +00:00
Eric Holk
19617ec0c3 Reland "[wasm] Always enable guard regions on 64-bit platforms"
This is a reland of ad221d144a

Original change's description:
> [wasm] Always enable guard regions on 64-bit platforms
> 
> This change makes full 8 GiB guard regions always enabled on 64-bit
> platforms.
> 
> Additionally, since all Wasm memory allocation paths have some form of
> guard regions, this removes and simplifies most of the logic around
> whether to enable guard regions.
> 
> This is a reland of https://crrev.com/c/985142.
> 
> Bug: v8:7619
> Change-Id: I8bf1f86d6f89fd0bb2144431c7628f15a6b00ba0
> Reviewed-on: https://chromium-review.googlesource.com/996466
> Reviewed-by: Brad Nelson <bradnelson@chromium.org>
> Commit-Queue: Eric Holk <eholk@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52412}

Bug: v8:7619
Change-Id: I0f311305472ca2305ad2fa9163560ff54c1422c2
Reviewed-on: https://chromium-review.googlesource.com/999872
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52921}
2018-05-02 16:44:38 +00:00
Eric Holk
07ef612fbf [wasm] Remove racy DCHECKs
These DCHECKs involve reading and comparing two variables that may be modified
on a separate thread. Thus, there is no way to ensure these comparisons happen
atomically. This leads to runtime failures that are otherwise benign.

The other option would be to take the memory tracker mutex, but this seems
unnecessary given that two atomic counters is sufficient and these checks are
only used during debug builds.

Bug: chromium:838043
Change-Id: I1b87698c46c550bd2d58bfef956b5a07cb2ec52c
Reviewed-on: https://chromium-review.googlesource.com/1038886
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52920}
2018-05-02 16:05:28 +00:00
Leszek Swirski
18bc285621 Revert "[parser] Slice the source string where possible"
This reverts commit 2df5e7a7b6.

Reason for revert: Mystery crashes https://bugs.chromium.org/p/chromium/issues/detail?id=838805

Original change's description:
> [parser] Slice the source string where possible
> 
> When internalizing string literals (for quoted strings or property names),
> try to create a sliced string of the source string rather than allocating
> a copy of the bytes.
> 
> This will not work for string literals that contain escapes (e.g. unicode
> escapes), and currently does not support two-byte strings.
> 
> Bug: chromium:818642
> Change-Id: I686e5ad36baecd1a84ce5e124118431249b6c980
> Reviewed-on: https://chromium-review.googlesource.com/1010282
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52898}

TBR=marja@chromium.org,yangguo@chromium.org,jarin@chromium.org,mlippautz@chromium.org,leszeks@chromium.org,verwaest@chromium.org

Change-Id: I598b6668c43a3e843e2dd8e60852b2b2f3461954
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:818642
Reviewed-on: https://chromium-review.googlesource.com/1039885
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52919}
2018-05-02 15:32:13 +00:00
Choongwoo Han
aa15b7dc98 [map] Normalize hole for formatting an exception
The first element of a given iterable argument can be a hole. Thus,
normalize the first element so that we can correctly format the
exception message with "undefined" for a hole element, instead of "NaN".

Bug: v8:7715
Change-Id: I62edd09e361ebeebab642bb82db29b73a2c7b193
Reviewed-on: https://chromium-review.googlesource.com/1038951
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52917}
2018-05-02 12:55:47 +00:00
jgruber
ab9e012426 Reland: [builtins] Patch self-references in constants table
Original CL: https://crrev.com/c/1018468

During code generation, we generate self-references (i.e. references to
the Code object currently being generated) as references to a temporary
handle. When the final Code object has been allocated, the handle's
location is fixed up and RelocInfo iteration fixes up all references
embedded in the generated code.

This adds support for this mechanism to the builtins constants table
builder. CodeObject() is now a new handle pointing to a dedicated
self-reference marker in order to distinguish between self-references
and references to undefined. In Factory::NewCode, we patch up
the constants table.

TBR=yangguo@chromium.org,mlippautz@chromium.org

Bug: v8:6666
Change-Id: I3fa422c57de99c9851dc7a86394a8387c7c2b397
Reviewed-on: https://chromium-review.googlesource.com/1039366
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52916}
2018-05-02 12:33:06 +00:00
Sigurd Schneider
d9c9b00353 [turbofan] Fix wrong optimization of Number.parseInt
We incorrectly used a TurboFan typer check for {0,10,undefined} on the
radix argument on Number.parseInt, which was internally widened to the
checking whether radix is in range 0-10 or undefined. This CL introduces
two separate checks.

Bug: chromium:838766
Change-Id: I5ebfc1c82bad5b9794b4f844e79e4df01f541a83
Reviewed-on: https://chromium-review.googlesource.com/1039197
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52914}
2018-05-02 12:24:07 +00:00
Choongwoo Han
c77c869cd1 Do not throw if the array is empty in Map constructor
Bug: chromium:837939
Change-Id: Iaca2bc5b52f47d8add13ed9b82497a53cb522933
Reviewed-on: https://chromium-review.googlesource.com/1034043
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52913}
2018-05-02 12:03:26 +00:00
Clemens Hammacher
a05dc3652d [Liftoff] Implement current_memory
R=titzer@chromium.org

Bug: v8:6600
Change-Id: I2eb914e7558c01d924cb9d39f18e1c3a5f5c72e5
Reviewed-on: https://chromium-review.googlesource.com/1035123
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52912}
2018-05-02 11:43:06 +00:00
Marja Hölttä
c56cabb5ea [wasm] iwyu part 2
BUG=v8:7490

Change-Id: I2a597eda708b2ea34c9e32e39556159b48591b61
Reviewed-on: https://chromium-review.googlesource.com/1039196
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52911}
2018-05-02 11:22:56 +00:00
Benedikt Meurer
ca7639239f [promises] Correctly run before/after hooks for await.
This fixes a bug where we didn't run before/after hooks for await when
the debugger is not active, as reported downstream in
https://github.com/nodejs/node/issues/20274

Change-Id: I1948d1884c591418d87ffd1d0ccb2bebf4e908f1
Reviewed-on: https://chromium-review.googlesource.com/1039386
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52909}
2018-05-02 10:51:34 +00:00
Marja Hölttä
a9db2c74b5 [objects.h splitting] Move classes related to api callbacks.
BUG=v8:5402,v8:7570

Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I56beb15109a3557ba514e8d17880b1a37a109031
Reviewed-on: https://chromium-review.googlesource.com/1032552
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52908}
2018-05-02 10:24:44 +00:00
Choongwoo Han
23d38099da Make a transition for too many JSFunction properties
If we add new properties by assigning JSFunction values, properties
array was not changed into a dictionary map.

Bug: v8:7461
Change-Id: Ie16f974502d0ba362e3650a409c27cdc5856a373
Reviewed-on: https://chromium-review.googlesource.com/1028110
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52907}
2018-05-02 09:05:24 +00:00
Pierre Langlois
34fc7f621c [perf-prof] Let UnwindingInfoWriter know about throw and debug abort.
In order to keep track of where the return address is stored in each block, the
UnwindingInfoWriter needs to know if a block exits the current function.
However, we would only mark returns and tail-calls as exists, while we also have
kArchDebugAbort, kArchThrowTerminator and kArchDeoptimize. This would lead to
assertions when generating the snapshot in debug mode with
`v8_perf_prof_unwinding_info = true`.

Bug: v8:7660
Change-Id: Iee2ab222251f6922dd21442e12cbb6b56534bf54
Reviewed-on: https://chromium-review.googlesource.com/1019504
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#52906}
2018-05-02 08:41:54 +00:00
Clemens Hammacher
c63c5c22c1 [wasm] Remove unneeded i64 to i32 truncation
This is a leftover of the time where the memory size was stored as
64 bit value. Now it is stored as 32 bit value, so no need to truncate.

R=ahaas@chromium.org

Change-Id: I44a1505ebd564aee53e4c9a7168738fcb855264b
Reviewed-on: https://chromium-review.googlesource.com/1034883
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52905}
2018-05-02 07:48:45 +00:00
Simon Zünd
af177a0ca0 [refactoring] Add types to CreateArrayIterator.
This CL also adds types to a user and three builtins that make use
of CreateArrayIterator.

R=petermarshall@chromium.org

Bug: v8:7570
Change-Id: I96b647a9a57e825db717b40ecec2340b0a3d367d
Reviewed-on: https://chromium-review.googlesource.com/1032779
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52904}
2018-05-02 06:40:23 +00:00
Kenton Varda
5a9b1d5bc8 Cleanup: Move thread_data_table_ to end of Isolate class.
In b49206ded9 I changed thread_data_table_ and thread_data_table_mutex_ from
static members to regular class member variables. To do this, I only deleted
the `static` keyword and left the declarations where they were. This was a
little odd in that all of the dynamic class members are declared together in
one place, but now these two new members weren't next to the rest. Making it
a little bit weirder is the fact that these two new members actually ended up
being the first members of the class, since the exsiting dynamic members were
declared later.

This change merely moves these two members down to the end of the dynamic
member variable list, where they probably should have gone.

Bug: chromium:837477

Change-Id: If993935cc56c8026bb7331493ed657c42ba06ac7
Reviewed-on: https://chromium-review.googlesource.com/1036478
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52902}
2018-05-01 18:53:00 +00:00
Vincent Belliard
d9bb26522f [arm64][Liftoff] implement stack operations
Bug: v8:6600
Change-Id: Icdb53714f50add1a9e25025c5b7d52b90d071aa5
Reviewed-on: https://chromium-review.googlesource.com/1036939
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Vincent Belliard <vincent.belliard@arm.com>
Cr-Commit-Position: refs/heads/master@{#52901}
2018-05-01 17:53:21 +00:00
Junliang Yan
48e9f76f3f Fix type mismatch error on s390
On s390, size_t is defined to be long unsigned int, while Address is unsigned
int. Therefore, GCC is complaining conflicting types for parameter 'T'
('long unsigned int' and 'unsigned int') for the Min function.

R=ofrobots@google.com, hpayer@chromium.org, mstarzinger@chromium.org, mlippautz@chromium.org

Change-Id: Ib04edebad24da694ccd06ff572ee50d3db7f87ff
Reviewed-on: https://chromium-review.googlesource.com/1035542
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#52900}
2018-05-01 16:28:09 +00:00
Vincent Belliard
306b40c7a0 [arm64][Liftoff] implement floating point operations
Bug: v8:6600
Change-Id: I442a76ffc3bcb5e93a7865eb30740556b18cbd79
Reviewed-on: https://chromium-review.googlesource.com/1033731
Commit-Queue: Vincent Belliard <vincent.belliard@arm.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52899}
2018-05-01 15:46:29 +00:00
Leszek Swirski
2df5e7a7b6 [parser] Slice the source string where possible
When internalizing string literals (for quoted strings or property names),
try to create a sliced string of the source string rather than allocating
a copy of the bytes.

This will not work for string literals that contain escapes (e.g. unicode
escapes), and currently does not support two-byte strings.

Bug: chromium:818642
Change-Id: I686e5ad36baecd1a84ce5e124118431249b6c980
Reviewed-on: https://chromium-review.googlesource.com/1010282
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52898}
2018-05-01 15:38:19 +00:00
Gabriel Charette
4ac96190f7 [V8 Platform] Better WorkerThreads APIs.
As discussed @ https://chromium-review.googlesource.com/c/chromium/src/+/957761#message-4ba6c1bf637f91507544efc89a31e3e4dd407715
and again @ https://chromium-review.googlesource.com/c/chromium/src/+/957761#message-6d0430e640c82f2d5463259fecdc7fabf945b958

Get rid of task runners for WorkerThreads API (use case is always a
one-off task in which case a static call is fine -- just like in
Chromium's base/task_scheduler/post_task.h)

Calling into V8Platform* from any worker thread is safe, what was previously
unsafe was using an Isolate* from worker threads but Isolate* was dropped
from the new worker threads APIs so this is now irrelevant.

Bug: chromium:817421
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Idd2dbc081edfbcb8985eeb45eb64ffb2555fcf7c
Reviewed-on: https://chromium-review.googlesource.com/978443
Commit-Queue: Gabriel Charette <gab@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52893}
2018-04-30 19:05:40 +00:00
Gabriel Charette
4b13a22ff4 [V8 Platform] Introduce CallDelayedOnWorkerThread()
GetWorkerThreadsTaskRunner() was about to be phased out [1] but v8
r52818 landed ahead  of it.

Add CallDelayedOnWorkerThread() to the new worker thread API to support
this use case before phasing out GetWorkerThreadsTaskRunner()

[1] https://chromium-review.googlesource.com/c/v8/v8/+/978443

Implemented it in d8+cctest+default-platform right away to avoid
requiring a non-null Isolate* (and yet another transitional API).

R=ahaas@chromium.org, kozyatinskiy@chromium.org

Bug: chromium:817421
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I2bee08fee08cf15a664d31cc6817e21cebe1d140
Reviewed-on: https://chromium-review.googlesource.com/1033584
Commit-Queue: Gabriel Charette <gab@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52892}
2018-04-30 18:39:51 +00:00
Eric Holk
9286358071 [wasm][interpreter] Clear thread in wasm flag on exceptional return
A stack overflow can be thrown by JSEntryStub, which means the
thread-in-wasm flag will not have the expected value. To accommodate
this, we now clear the flag during exceptional returns if it is set.

Bug: chromium:834624
Change-Id: I8359af79886ab98dfecc2fb39ca19118b7fa38eb
Reviewed-on: https://chromium-review.googlesource.com/1019570
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52891}
2018-04-30 17:13:19 +00:00
Michael Starzinger
39f5f79e3c [wasm] Move native context field into {WasmInstanceObject}.
R=clemensh@chromium.org
BUG=v8:7424

Change-Id: I334d0521982e173650da7dd5da0627197dff171b
Reviewed-on: https://chromium-review.googlesource.com/1035124
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52890}
2018-04-30 17:07:59 +00:00
Michael Starzinger
67f451aa40 [wasm] Remove some dead and obsolete fields.
R=ahaas@chromium.org

Change-Id: I8db129e18dff445a3650a0d5c14da835aaa262d9
Reviewed-on: https://chromium-review.googlesource.com/1033742
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52889}
2018-04-30 16:11:58 +00:00
Clemens Hammacher
b2f1d583d0 [Liftoff] Implement the unreachable opcode
R=ahaas@chromium.org

Bug: v8:6600
Change-Id: Id2fd843aa15f7a414205ac413432bd8cfec6e88b
Reviewed-on: https://chromium-review.googlesource.com/1034862
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52888}
2018-04-30 16:05:18 +00:00
Simon Zünd
9035ca190a [refactoring] Return TNode in AllocateFixedArray.
R=petermarshall@chromium.org

Bug: v8:7570
Change-Id: I0418ea6d2eb114ddac4d7be1251f429596464b79
Reviewed-on: https://chromium-review.googlesource.com/1032438
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52887}
2018-04-30 15:54:36 +00:00
Michael Starzinger
c224c67a1a [wasm] Move {use_trap_handler} field into {NativeModule}.
The predicate in question is specific to the code generated for a given
module, hence specific to the {NativeModule} and independent of the
instance.

R=ahaas@chromium.org

Change-Id: I108ee8126897ed732e8c52b549de170339a125a8
Reviewed-on: https://chromium-review.googlesource.com/1033741
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52886}
2018-04-30 15:32:07 +00:00
Georgia Kouveli
0600afddd3 [arm64] Use direct calls where possible.
This includes the following changes:
- Limit code space to 128 MB.
- Use direct branches wherever possible.
- Where not possible, continue using load literal followed by an indirect
  branch.
- Sort RelocInfo by target_address_address for the serializer, since mixing
  load literal instructions and branch instructions messes up that order.
- Ensure we always wipe out targets in the serializer (not just for the
  snapshot) in order to be able to distinguish between constant pool entries
  and branch instructions.

Change-Id: I1a1029ce2a5f72a3a94802daf267d14a42c7c790
Reviewed-on: https://chromium-review.googlesource.com/939175
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
Cr-Commit-Position: refs/heads/master@{#52885}
2018-04-30 15:02:27 +00:00
Ivica Bogosavljevic
735875f82c MIPS64: Fix Reland "[builtins] Introduce further constant & external reference indirections"
Fix 3f99a376dd

A typo in the port caused failuire of about 300 tests. This CL
fixes it.

TEST=cctest/test-api/CatchExceptionFromWith,cctest/test-api/MessageHandler1

Change-Id: Ia2f4c9502d00fe1a6ee581f8a9b41a574b688dab
Reviewed-on: https://chromium-review.googlesource.com/1033735
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#52884}
2018-04-30 13:32:14 +00:00
Jaroslav Sevcik
f53dfd934d Replace array index masking with the poisoning approach.
The idea is to mark all the branches and loads participating in array
bounds checks, and let them contribute-to/use the poisoning register.
In the code, the marks for array indexing operations now contain
"Critical" in their name. By default (--untrusted-code-mitigations),
we only instrument the "critical" operations with poisoning.

With that in place, we also remove the array masking approach based
on arithmetic.

Since we do not propagate the poison through function calls,
we introduce a node for poisoning an index that is passed through
function call - the typical example is the bounds-checked index
that is passed to the CharCodeAt builtin.

Most of the code in this CL is threads through the three levels of
protection (safe, critical, unsafe) for loads, branches and flags.

Bug: chromium:798964

Change-Id: Ief68e2329528277b3ba9156115b2a6dcc540d52b
Reviewed-on: https://chromium-review.googlesource.com/995413
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52883}
2018-04-30 13:22:44 +00:00
Michael Starzinger
9011927acd [wasm] Make {ProtectedInstructions} unique per module.
Now that we no longer clone {WasmCode} objects, the referenced protected
instructions became unique to each such object. We no longer need to
maintain a reference count on the protected instructions.

R=clemensh@chromium.org

Change-Id: Iaa5b9cd4b56cc06d75f7d0b71429b6147378c2ca
Reviewed-on: https://chromium-review.googlesource.com/1034061
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52881}
2018-04-30 11:47:24 +00:00
Marja Hölttä
833c3dbf97 [in-place weak refs prework] Remove dead FeedbackVector::copy.
BUG=v8:7308

Change-Id: I55400096095619e2995a50adadf93253fc95d34c
Reviewed-on: https://chromium-review.googlesource.com/1034057
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52880}
2018-04-30 11:21:09 +00:00
Clemens Hammacher
33dadf962b [objects] Remove redundant FIELD_ADDR_CONST
Since the switch of Address from byte* to uintptr_t, we technically
cannot differentiate between constant field addresses and non-constant
ones.
Thus remove the FIELD_ADDR_CONST macro, and use the identical
FIELD_ADDR instead.

R=jkummerow@chromium.org

Bug: v8:7570
Change-Id: Iea4dde36b42c6d0f0ea80a965806f1dbd7adcd39
Reviewed-on: https://chromium-review.googlesource.com/1032746
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52879}
2018-04-30 11:19:54 +00:00
Jaroslav Sevcik
ba616de103 [turbofan] Remove the hacky Type::operator-> overload
This removes Type::operator-> which was used to split the change that
removed undefined misuse of Type* to represent integers.

Bug: v8:3770
Change-Id: I9a5bce5ccdc75461a7b939b4070cb58fe6040d99
Reviewed-on: https://chromium-review.googlesource.com/1033736
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52878}
2018-04-30 09:39:12 +00:00
Michael Starzinger
42392e8317 [wasm] Allow sharing of WasmCode across instances.
This shares {NativeModule} and associated {WasmCode} objects across
multiple WebAssembly instances in the same Isolate. It also removes
support for cloning the aforementioned objects.

R=clemensh@chromium.org
BUG=v8:7424

Change-Id: I35334bd68f87e5871c244ee33dfcecb9da326b9f
Reviewed-on: https://chromium-review.googlesource.com/1032780
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52877}
2018-04-30 09:22:11 +00:00
Marja Hölttä
98eebe1c8d [iwyu] Wasm iwyu.
BUG=v8:7490,v8:7570

Change-Id: I74fa43a747b0d399c700acc43eb82e15ea90ba16
Reviewed-on: https://chromium-review.googlesource.com/1032736
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52876}
2018-04-30 08:13:51 +00:00
Predrag Rudic
4d71565a2b [parser] Skipping inner funcs: Fix debug mode check for big endian
Fix failing test mjsunit/skipping-inner-functions on big endian
platforms.

Change-Id: If35c5a663a296fab6ad6011cf0a101133ec6a237
Reviewed-on: https://chromium-review.googlesource.com/1029954
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52875}
2018-04-30 08:09:31 +00:00
Caitlin Potter
a7e6b0ee42 [objects] fix forced slow path in MigrateSlowToFast
Without this change, we could disable slow paths required when symbols
such as toStringTag are present on a receiver, but accessors or
interceptors are not (added in 31800120cc)

This change modifies this behaviour to not unset the previously set bit
if these forced slow path conditions are not met.

BUG=v8:7706
R=bmeurer@chromium.org

Change-Id: Id7bceb0e749da52e2dbcde0a310a865a89f24066
Reviewed-on: https://chromium-review.googlesource.com/1034210
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Cr-Commit-Position: refs/heads/master@{#52874}
2018-04-29 11:59:57 +00:00
Jaroslav Sevcik
e2ab7dae47 [turbofan] Stop mis-using Type* to represent integers.
This is part of the effort to decrease the amount of undefined behavior.
that v8 relies on.

The main change here is to represent types with class Type rather than
with pointer Type*. To make the CL smaller, I used an operator overload
hack to separate the change from `->` to `.`. I am working on a CL that
will remove the operator and change all those arrows to dots.

Bug: v8:3770
Change-Id: I71a197cb739a1467937bc95c2a757fab0469aa22
Reviewed-on: https://chromium-review.googlesource.com/1032551
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52872}
2018-04-28 06:38:46 +00:00
jing.bao
d997955cf7 [ia32][wasm] Add packing integer conversions
I16x8SConvertI32x4, I16x8UConvertI32x4,
I8x16SConvertI16x8, I8x16UConvertI16x8

Add packsswb/packssdw/packuswb/packusdw

Change-Id: Ibb661a20fa032d732fec20b3d48190f44d2d4bd4
Reviewed-on: https://chromium-review.googlesource.com/1027123
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Jing Bao <jing.bao@intel.com>
Cr-Commit-Position: refs/heads/master@{#52870}
2018-04-28 02:01:46 +00:00
Jungshik Shin
ea9e2c6400 Remove flags for plural rules and number formatToParts
Intl.PluralRules and Intl.NumberFormat.prototype.formatToParts
were shipped in 6.3 and 6.4, respectively.

Remove harmony_plural_rules and harmony_number_format_to_parts.

Bug: v8:5601, v8:5244
Test: mjsunit/intl-pluralrules-select
Test: mjsunit/intl-numberformat-formattoparts
Test: test262/intl402/PluralRules/unit/harmony/intl-numberformat-formattoparts
Test: test262/intl402/NumberFormat/prototype/formatToParts/*
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I1752622484bf9a0a8b9d810db54fc238f4caf3f3
Reviewed-on: https://chromium-review.googlesource.com/1032260
Commit-Queue: Jungshik Shin <jshin@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52866}
2018-04-27 20:02:48 +00:00
Ben Smith
2747d0e6da [wasm] Fix some bugs in mut global implementation
* If the mutability of the global object doesn't match the module, then
  it should throw a LinkError.
* There was a missing `return` when importing a Number as a mutable
  global.
* All globals were being exported as immutable.
* Attempting to set the value of an immutable global should throw a
  TypeError.
* The length of the setter function should be 1.

Bug: v8:7625
Change-Id: I08d6a428506a18db15eecadf4cbcee89e0658924
Reviewed-on: https://chromium-review.googlesource.com/1031626
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52865}
2018-04-27 19:14:36 +00:00
Vincent Belliard
2a7b2d6f93 [arm64][Liftoff] implement Load and Store
Bug: v8:6600

Change-Id: I3aa174e28db83ca9e9f7a7b65c8007af8227908a
Reviewed-on: https://chromium-review.googlesource.com/1028764
Commit-Queue: Vincent Belliard <vincent.belliard@arm.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52864}
2018-04-27 18:55:36 +00:00
Eric Holk
f083d35327 [wasm][cleanup] Fix typo
Bug: v8:7570
Change-Id: I90d9cb6c22c34017df2fd1613f3c94bb6a9afb52
Reviewed-on: https://chromium-review.googlesource.com/1033452
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52863}
2018-04-27 18:42:16 +00:00
Vincent Belliard
c6efd71495 [arm64][Liftoff] implement LoadConstant, LoadFromInstance and FillInstanceInto
Bug: v8:6600

Change-Id: Iec1804b89ed853833596a498bb1dfc15bb16c4ce
Reviewed-on: https://chromium-review.googlesource.com/1028763
Commit-Queue: Vincent Belliard <vincent.belliard@arm.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52861}
2018-04-27 18:14:45 +00:00
Bill Budge
28e015dbaf [wasm] Refactor wasm-serialization to fix alignment
- Alignment of code sections is only relative to start of header. Code
  should be aligned in the buffer.
- Rewrites Reader/Writer classes to make global alignment easier.
- Rewrites the native serialization to simplify things in preparation
  for switch to streaming serialization APIs.

Bug: chromium:719007
Change-Id: I0397bc84a8d009b4fd7f5286bb5abc527bb0db95
Reviewed-on: https://chromium-review.googlesource.com/1027433
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52860}
2018-04-27 17:40:07 +00:00
Andreas Haas
441e6d4a3c [wasm] Do an additional IsWasmModuleObject check during instantiation
When WebAssembly.instantiate or WebAssembly.instantiateStreaming is
called in JavaScript, internally we transfrom it into
WebAssembly.compile(buffer).then(WebAssembly.instantiate). However,
modifying the prototype of WebAssembly.Module can change the result of
WebAssembly.compile(buffer). With this CL we make sure that even if the
result of WebAssembly.compile is modified, there is still no type
confusion. In the long term we have to do a refactoring and remove
this internal transformation.

R=mstarzinger@chromium.org

Bug: chromium:837417
Change-Id: I376068b8b8b01b991ec450162da6a62ae7030c62
Reviewed-on: https://chromium-review.googlesource.com/1032392
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52859}
2018-04-27 17:34:05 +00:00
Vincent Belliard
8e102e049c [arm64][Liftoff] implement integer binary operations
Bug: v8:6600

Change-Id: I2e18700344ce57c78c096fba1956d82f9e29ffa6
Reviewed-on: https://chromium-review.googlesource.com/1026469
Commit-Queue: Vincent Belliard <vincent.belliard@arm.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52858}
2018-04-27 17:06:07 +00:00
Camillo Bruni
a3c48cf2c9 Reland "[elements] Improve Array.prototype.splice speed"
This reverts commit 9a7c4bfe1e.

Reason for revert: <INSERT REASONING HERE>

Original change's description:
> Revert "[elements] Improve Array.prototype.splice speed"
> 
> This reverts commit dcdabdc86a.
> 
> Reason for revert: broke tsan.
> 
> Original change's description:
> > [elements] Improve Array.prototype.splice speed
> > 
> > By using memmove for SMI elements we get a roughly 3x speedup over the slower
> > iterative copying with write barriers.
> > 
> > Bug: chromium:835558
> > Change-Id: I73da07a1648a3495ff78212ffa1ed949d205a7d2
> > Reviewed-on: https://chromium-review.googlesource.com/1028236
> > Reviewed-by: Igor Sheludko <ishell@chromium.org>
> > Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#52792}
> 
> TBR=cbruni@chromium.org,ishell@chromium.org
> 
> Change-Id: I77c46fe3d47d651de3c39df9fbf5f30c340188e2
> No-Presubmit: true
> No-Tree-Checks: true
> No-Try: true
> Bug: chromium:835558
> Reviewed-on: https://chromium-review.googlesource.com/1028337
> Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52795}

TBR=kozyatinskiy@chromium.org,cbruni@chromium.org,ishell@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: chromium:835558
Change-Id: I57aedb3536b81c97cf4e7ab6d863aa1dc24c20b4
Reviewed-on: https://chromium-review.googlesource.com/1032743
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52857}
2018-04-27 17:04:26 +00:00
Michael Achenbach
77d9089042 Revert "[builtins] Patch self-references in constants table"
This reverts commit 6379e2a464.

Reason for revert:
https://logs.chromium.org/v/?s=chromium%2Fbb%2Fclient.v8%2FV8_Win64%2F23855%2F%2B%2Frecipes%2Fsteps%2FCheck%2F0%2Flogs%2Fmkgrokdump%2F0

Original change's description:
> [builtins] Patch self-references in constants table
> 
> During code generation, we generate self-references (i.e. references to
> the Code object currently being generated) as references to a temporary
> handle. When the final Code object has been allocated, the handle's
> location is fixed up and RelocInfo iteration fixes up all references
> embedded in the generated code.
> 
> This adds support for this mechanism to the builtins constants table
> builder. CodeObject() is now a new handle pointing to a dedicated
> self-reference marker in order to distinguish between self-references
> and references to undefined. In Factory::NewCode, we patch up
> the constants table.
> 
> Bug: v8:6666
> Change-Id: If74ed91bb1c3b8abb20ff2f0a87d1bcd9a1b0511
> Reviewed-on: https://chromium-review.googlesource.com/1018468
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52854}

TBR=yangguo@chromium.org,mlippautz@chromium.org,jgruber@chromium.org

Change-Id: I8cf8c4b43f51285ea913c6c8fdd339bd9ea645df
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6666
Reviewed-on: https://chromium-review.googlesource.com/1033092
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52856}
2018-04-27 16:00:42 +00:00
Junliang Yan
e5f1b968b8 PPC/s390: Reland "[builtins] Introduce further constant & external reference indirections"
Port 3f99a376dd

Original Commit Message:

    This is a reland of f5d308510a

    Original change's description:
    > [builtins] Introduce further constant & external reference indirections
    >
    > This introduces further indirections for embedded constants and
    > external references for builtins generated by the macro-assembler.
    > The used mechanisms (LookupConstant and LookupExternalReference) are
    > identical to what we already use in CSA.
    >
    > Almost all builtins are now isolate-independent in both release and
    > debug modes. snapshot_blob.bin is roughly 670K smaller in embedded
    > builds vs. non-embedded builds, while libv8.so is roughly 280K larger.
    >
    > Bug: v8:6666
    > Change-Id: I7a6c2193ef5a763e6cf7543dd51597d6fff6c110
    > Reviewed-on: https://chromium-review.googlesource.com/1006581
    > Commit-Queue: Jakob Gruber <jgruber@chromium.org>
    > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
    > Cr-Commit-Position: refs/heads/master@{#52810}

R=jgruber@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: I037faebce37a866091dc35e04500790591292622
Reviewed-on: https://chromium-review.googlesource.com/1031397
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#52855}
2018-04-27 15:58:10 +00:00
jgruber
6379e2a464 [builtins] Patch self-references in constants table
During code generation, we generate self-references (i.e. references to
the Code object currently being generated) as references to a temporary
handle. When the final Code object has been allocated, the handle's
location is fixed up and RelocInfo iteration fixes up all references
embedded in the generated code.

This adds support for this mechanism to the builtins constants table
builder. CodeObject() is now a new handle pointing to a dedicated
self-reference marker in order to distinguish between self-references
and references to undefined. In Factory::NewCode, we patch up
the constants table.

Bug: v8:6666
Change-Id: If74ed91bb1c3b8abb20ff2f0a87d1bcd9a1b0511
Reviewed-on: https://chromium-review.googlesource.com/1018468
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52854}
2018-04-27 15:38:10 +00:00
Michael Starzinger
d71bcfcb54 [wasm] Make {NativeModule} independent of instance.
This removes the last reference from {NativeModule} that made it
specific to a concrete WebAssembly instance, by only referencing the
{WasmSharedModuleData} instead of a {WasmCompiledModule}. Note that
eventually we want to remove this reference completely to become even
independent of the underlying Isolate soon.

R=clemensh@chromium.org
BUG=v8:7424

Change-Id: I29b8cde8beadeef75c90e90fbff1830f2bf4e636
Reviewed-on: https://chromium-review.googlesource.com/1032433
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52853}
2018-04-27 14:22:35 +00:00
Ben L. Titzer
8ba3f1366d [wasm] Handlify table entry helpers
R=clemensh@chromium.org

Change-Id: Iade16b07a24dca8ac542e68becad734d977b673a
Reviewed-on: https://chromium-review.googlesource.com/1032778
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52852}
2018-04-27 14:11:34 +00:00
Georg Neis
61c9503965 [torque] Minor cleanups.
- Refine the type of 'hole'.
- Remove the mysterious 'receiver' definition.
- Remove the declaration of a non-existing Print function.

Bug: v8:7570
Change-Id: If093b456a9bc31c5673ada87f262c0cfcadf11ad
Reviewed-on: https://chromium-review.googlesource.com/1032737
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52851}
2018-04-27 13:59:49 +00:00
Simon Zünd
9f01281656 [refactoring] Remove unused CSA methods.
Bug: v8:7570
Change-Id: I2c6551fdd1a53323065f9c23e5bee793e9f561cf
Reviewed-on: https://chromium-review.googlesource.com/1032774
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#52850}
2018-04-27 13:49:39 +00:00
Clemens Hammacher
8466b71ad8 [wasm] Split off wasm-linkage.h
Linkage-related methods were declared in wasm-compiler.h and
implemented in wasm-linkage.cc. This required all users of e.g. wasm
call descriptors to include the whole wasm compiler header. Also, some
wasm linkage information is independent of turbofan and also used
outside of the compiler directory.

This CL splits off wasm-linkage.h (with minimal includes) and puts it
in src/wasm. This allows to use that information without including
compiler headers (will clean up several uses in follow-up CLs).

R=mstarzinger@chromium.org, titzer@chromium.org

Bug: v8:7570
Change-Id: Ifcae70b4ea7932cda30953b325c2b87c4176c598
Reviewed-on: https://chromium-review.googlesource.com/1013701
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52849}
2018-04-27 13:43:49 +00:00
Dan Elphick
4655c9d369 [heap] Move all Maps into RO_SPACE
Allocates almost all maps found in the start up snapshot into RO_SPACE.
There are 2 JSObject maps that are excluded as they contain a mutable cell.

Also updates VerifyReadOnlyPointers to check that RO_SPACE objects' maps are
also in RO_SPACE. Previously the invariant did not hold for Strings which still
had their maps in MAP_SPACE.

Also moves invalid_prototype_validity_cell to RO_SPACE.

    RO_SPACE  NEW_SPACE  OLD_SPACE  CODE_SPACE  MAP_SPACE  LO_SPACE
old    22024          0     229184       32928       8184         0
new    31488          0     229184       32928        176         0

Bug: v8:7464
Change-Id: I870d22cc5234ba60b3ef8a2ada590ee6ae426c9f
Reviewed-on: https://chromium-review.googlesource.com/1013494
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52848}
2018-04-27 13:33:29 +00:00
sreten.kovacevic
e4df13984c [Liftoff][mips] Implement div and rem instructions
Bug: v8:6600
Change-Id: I49b3180603651609ce575e540169f995587f9d88
Reviewed-on: https://chromium-review.googlesource.com/1032615
Commit-Queue: Sreten Kovacevic <sreten.kovacevic@mips.com>
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#52847}
2018-04-27 13:29:39 +00:00
Camillo Bruni
37b8684ec3 [CSA] Type CodeStubAssembler::Is* methods
Bug: v8:7570
Change-Id: I74b482b670ce0e78dca012cbe8d9c2f65fdae5b9
Reviewed-on: https://chromium-review.googlesource.com/1030554
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52846}
2018-04-27 12:45:21 +00:00
Dan Elphick
440533d5d4 [builtins] Remove new_target from ArrayBuiltinsAssembler
Removes new_target member and getter since none of the Array builtins in
builtins-array-gen.* use it (since none of them are constructors).

delete new_target getter and member variable

Bug: v8:7570
Change-Id: Ia23af014750278d64447bb58171955d909fdb5a8
Reviewed-on: https://chromium-review.googlesource.com/1032556
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52845}
2018-04-27 12:26:41 +00:00
sreten.kovacevic
c0c073e65c [Liftoff][mips64] Implement f32/f64 conversion to i64/u64
Bug: v8:6600
Change-Id: Ieefbd4530f068b41895a8eb608a480b563968d63
Reviewed-on: https://chromium-review.googlesource.com/1030331
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Commit-Queue: Sreten Kovacevic <sreten.kovacevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#52844}
2018-04-27 12:05:30 +00:00
Ivica Bogosavljevic
443b9de184 MIPS: Fix [builtins] Introduce further constant & external reference indirections
Temporary register at was rewritten. We use different register.

Change-Id: If3a162765ee29eb1d03d3f29345328cf79244e41
Reviewed-on: https://chromium-review.googlesource.com/1032616
Reviewed-by: Sreten Kovacevic <sreten.kovacevic@mips.com>
Commit-Queue: Sreten Kovacevic <sreten.kovacevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#52843}
2018-04-27 12:03:09 +00:00
Peter Marshall
f8597b25c1 [cleanup] Change objects_by_info_ to use unordered map.
Trying to reduce use of our self-baked data structures.

Bug: v8:7570
Change-Id: I3c8598ece74b6434c8baa69810a384b5209dd107
Reviewed-on: https://chromium-review.googlesource.com/1032442
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52842}
2018-04-27 11:56:57 +00:00
Marja Hölttä
0a01b62022 [objects.h splitting] Move TemplateInfo + related classes.
BUG=v8:5402,v8:7570

Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ia97efa31495b371805eb469be8395aaa19c7628d
Reviewed-on: https://chromium-review.googlesource.com/1032431
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52841}
2018-04-27 11:15:44 +00:00
Peter Marshall
1961008a03 [cleanup] Change CounterMap to use unordered map.
Trying to reduce use of our self-baked data structures.

Bug: v8:7570
Change-Id: Ie4257911b388d320e4c5da5108cd763d3ab9299f
Reviewed-on: https://chromium-review.googlesource.com/1032555
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52840}
2018-04-27 11:01:18 +00:00
Clemens Hammacher
feada70894 [Liftoff] Implement f64.min and f64.max
This adds support for f64.min and f64.max, implemented on ia32, x64,
mips and mips64.

R=ahaas@chromium.org

Bug: v8:6600
Change-Id: Ib4383df08692c76df5861fe71a96c4354fdf10c1
Reviewed-on: https://chromium-review.googlesource.com/1028235
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52838}
2018-04-27 10:36:58 +00:00
Georg Neis
649c25263b [cleanup] Remove some obsolete TODOs.
R=sigurds@chromium.org

Bug: v8:7570
Change-Id: I3f077940117467be98fbb3c2a30684af8eaaf801
Reviewed-on: https://chromium-review.googlesource.com/1032432
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52837}
2018-04-27 10:27:27 +00:00
sreten.kovacevic
600033e65c [Liftoff][mips] Implement f32 min/max
Fix initial implementation of min/max f32 instructions.

Bug: v8:6600
Change-Id: Icb30515b692caef2c33bd85f468e83c17cdef2a3
Reviewed-on: https://chromium-review.googlesource.com/1030493
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Commit-Queue: Sreten Kovacevic <sreten.kovacevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#52836}
2018-04-27 09:57:17 +00:00
Ben L. Titzer
a17083ee3a [wasm] Rename WasmModuleWrapper to Managed<WasmModule>
R=ahaas@chromium.org

Bug: v8:7570
Change-Id: I5327d1b8e2f2bf4c1538f565442305a0e1f05b65
Reviewed-on: https://chromium-review.googlesource.com/1032550
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52835}
2018-04-27 09:41:17 +00:00
Ben L. Titzer
903d87312e [wasm] Fix target instance for indirect calls to imports
In the case of an indirect call to an imported function, the target
instance stored in the IFT was actually wrong.

Bug: chromium:834619
Change-Id: Id2ac4158335ecf2b58e1983ce37df852a9ebd1b2
Reviewed-on: https://chromium-review.googlesource.com/1030174
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52831}
2018-04-27 08:27:56 +00:00
Marja Hölttä
a6c44361c8 [iwyu, objects.h splitting] Outline MarkCompactCollector::MarkingWorklist::PrintWorklist.
Calls a function defined in map-inl.h which mark-compact.h is not allowed to
include.

BUG=v8:7490,v8:5402,v8:7570

Change-Id: I51cef646fc2b650208d4e59b92bcd1e406ddd7fd
Reviewed-on: https://chromium-review.googlesource.com/1032332
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52829}
2018-04-27 08:02:05 +00:00
Jakob Kummerow
32b5cad1da [elements.cc] Specialize CollectValuesOrEntriesImpl
When collecting the values of an object with Smi or Object elements
kind, there are no allocations, so we don't need to create a short-
lived handle for each value. This gives a small performance benefit
in general, and in particular on ia32 by reducing register pressure
causes clang to spill less, which fixes the regression in the issue
mentioned below.

Bug: chromium:833591
Change-Id: I5eb0c6164b2972306ce965ec101687cab486bf0d
Reviewed-on: https://chromium-review.googlesource.com/1029417
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52825}
2018-04-27 06:19:34 +00:00
Jakob Kummerow
8d236192a1 [heap] Fine-tune write barrier for strong references
There is no need to remove an object pointer's heap object
tag when all we want is the Page that it's on. Also, apply
to IncrementalMarking's writebarrier the optimization that
crrev.com/e570e67383577c7f5ab6da7beb68631bab4ba75d brought
to the old-to-new barrier.

Change-Id: Ic9328d7d6f5c01073288a3e87931ea6095750740
Reviewed-on: https://chromium-review.googlesource.com/1029413
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52824}
2018-04-27 06:18:25 +00:00
Jungshik Shin
919270e024 Fix the fast path for locale canonicalization
Not all 2 or 3 letter language codes are canonical. Some of them need
to be canonicalized.

Specifically, exclude {jw,ji,iw,in} and all three-letter codes from the
fast path except for 'fil'.

{jw,ji,iw,in} are deprecated ISO 639 codes for
{Javanese, Yiddish, Hebrew, Indonesian}. They should be
canonicalized to {jv,yi,he,id}. So, do not return early
in the fast path, but pass it down to the full canonicalization.

In addition, there are 70+ deprecated 3-letter codes that need to be
replaced by their modern equivalents. Instead of checking and replacing
in v8, just pass them to ICU to handle.

Along with the following ICU change, two more tests will pass.

  https://chromium-review.googlesource.com/c/chromium/deps/icu/+/1026797

These two tests still fail because of the disagreement between ICU and the test
expectations about 5 grandfathered tags with no preferred value (e.g.
i-default, zh-min, cel-gaulish).

  'intl402/Intl/getCanonicalLocales/canonicalized-tags'
  'intl402/Intl/getCanonicalLocales/preferred-grandfathered'

Bug: v8:5693, v8:7669
Test: test262/intl402/language-tags-canonicalized.js
Test: test262/intl402/Intl/preferred-variants.js
Test: intl/general/language_tags_with_preferred_values.js
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Ide7e9c90ac046859604c7b71c641f84ce9c64be5
Reviewed-on: https://chromium-review.googlesource.com/1023379
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jungshik Shin <jshin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52823}
2018-04-26 18:10:04 +00:00
Ben Smith
e3c9f26626 [wasm] Update WebAssembly.Global constructor
The new spec has two arguments, the first is the global descriptor, and
the second is the initial value:

    new WebAssembly.Global({type: i32}, 42);

If the initial value argument is omitted, the value is set to 0.

Bug: v8:7625
Change-Id: I679d4b7c49c69ec7ffcdfeb8ae506fa7ab9bba95
Reviewed-on: https://chromium-review.googlesource.com/1028847
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52822}
2018-04-26 18:01:53 +00:00
Kim-Anh Tran
b3ff8eb9cf [wasm] Log top-tier code
Top-tier code needs to be explicitly logged after
compilation.

Change-Id: Ic3c54ff4b7bddd44516a611398b7373fe0acc8d4
Reviewed-on: https://chromium-review.googlesource.com/1030391
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Kim-Anh Tran <kimanh@google.com>
Cr-Commit-Position: refs/heads/master@{#52821}
2018-04-26 16:30:22 +00:00
Ben L. Titzer
b66226828f [wasm] Implement Managed<T> with std::shared_ptr<T>
This CL simplifies and extends the implementation of Managed<T>
and now uses a std::shared_ptr<T> underneath in order to offer
cross-isolate management of C++ allocated memory.

R=mstarzinger@chromium.org
CC=ulan@chromium.org

Bug: v8:7424
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Id43a26f565677e8c9cdfd73810568d4f2b1871fe
Reviewed-on: https://chromium-review.googlesource.com/1028190
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52820}
2018-04-26 15:53:42 +00:00
jgruber
3f99a376dd Reland "[builtins] Introduce further constant & external reference indirections"
This is a reland of f5d308510a

Original change's description:
> [builtins] Introduce further constant & external reference indirections
>
> This introduces further indirections for embedded constants and
> external references for builtins generated by the macro-assembler.
> The used mechanisms (LookupConstant and LookupExternalReference) are
> identical to what we already use in CSA.
>
> Almost all builtins are now isolate-independent in both release and
> debug modes. snapshot_blob.bin is roughly 670K smaller in embedded
> builds vs. non-embedded builds, while libv8.so is roughly 280K larger.
>
> Bug: v8:6666
> Change-Id: I7a6c2193ef5a763e6cf7543dd51597d6fff6c110
> Reviewed-on: https://chromium-review.googlesource.com/1006581
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52810}

TBR=mstarzinger@chromium.org

Bug: v8:6666
Change-Id: I73dfe207f2c5f79a9a06c165c75f5619e88a5a17
Reviewed-on: https://chromium-review.googlesource.com/1030550
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52819}
2018-04-26 15:27:22 +00:00
Alexey Kozyatinskiy
c1e4885f7d Reland "[inspector] added timeout for Debugger.evaluateOnCallFrame method"
This is a reland of 436faae044

Original change's description:
> [inspector] added timeout for Debugger.evaluateOnCallFrame method
> 
> R=dgozman@chromium.org,yangguo@chromium.org
> 
> Bug: none
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
> Change-Id: I569899f245190ca2fa720bdb837db1263e8058d5
> Reviewed-on: https://chromium-review.googlesource.com/1023035
> Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52798}

Bug: none
Change-Id: I91219382b5dc45b54dd8e5c64d9f0d11c849b9c8
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Reviewed-on: https://chromium-review.googlesource.com/1030510
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52818}
2018-04-26 15:08:52 +00:00
sreten.kovacevic
bb965ff7fb [Liftoff][mips] Implement jump on target
Implement emit_jump when target is in register.

Bug: v8:6600
Change-Id: Idd8fc739ac9997cad53feffdfcee5ae25d9ad6ee
Reviewed-on: https://chromium-review.googlesource.com/1030453
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#52816}
2018-04-26 14:44:42 +00:00
Vincent Belliard
076ff421e5 [arm64][Liftoff] add AbortCompilation
When a liftoff function bails out after generating some constant pool,
this avoids to trigger a check in the Assembler destructor.

Bug: v8:6600

Change-Id: I79c595605bc0add1f3f5617ac7feedf162081d8a
Reviewed-on: https://chromium-review.googlesource.com/1026647
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Vincent Belliard <vincent.belliard@arm.com>
Cr-Commit-Position: refs/heads/master@{#52815}
2018-04-26 14:35:30 +00:00
Ivica Bogosavljevic
b8166b34fd MIPS[64]: Fix call to PrepareCallCFunction in liftoff
In liftoff, call to PrepareCallCFunction was using at as scratch
register. This is a very bad idea, since at is later used in
underlying macro assembler

TEST=cctest/test-run-wasm-64/RunWasmLiftoff_Regression_6858

Change-Id: Ifbc43678731d2833d2faa2f20fe79ea9e3089002
Reviewed-on: https://chromium-review.googlesource.com/1030430
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Sreten Kovacevic <sreten.kovacevic@mips.com>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#52814}
2018-04-26 13:50:42 +00:00
jgruber
a9da85e7c8 Revert "[builtins] Introduce further constant & external reference indirections"
This reverts commit f5d308510a.

Breakages:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20noi18n%20-%20debug/builds/20370
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20-%20custom%20snapshot%20-%20debug/builds/21174

TBR=yangguo@chromium.org

No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6666
Change-Id: Ic4d28fccf647aadcac0a60430b7fb66d22ce4577
Reviewed-on: https://chromium-review.googlesource.com/1030431
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52813}
2018-04-26 13:42:53 +00:00
jgruber
5958788c1a Fix intl builtins in IsIsolateIndependent predicate
Intl builtins must stay behind V8_INTL_SUPPORT.

This fixes:
ci.chromium.org/buildbot/client.v8.ports/V8%20Mips%20-%20builder/16733

TBR=yangguo@chromium.org

No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6666
Change-Id: I001df26585e376c6e242ece88612e10417529037
Reviewed-on: https://chromium-review.googlesource.com/1030272
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52811}
2018-04-26 13:15:33 +00:00
jgruber
f5d308510a [builtins] Introduce further constant & external reference indirections
This introduces further indirections for embedded constants and
external references for builtins generated by the macro-assembler.
The used mechanisms (LookupConstant and LookupExternalReference) are
identical to what we already use in CSA.

Almost all builtins are now isolate-independent in both release and
debug modes. snapshot_blob.bin is roughly 670K smaller in embedded
builds vs. non-embedded builds, while libv8.so is roughly 280K larger.

Bug: v8:6666
Change-Id: I7a6c2193ef5a763e6cf7543dd51597d6fff6c110
Reviewed-on: https://chromium-review.googlesource.com/1006581
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52810}
2018-04-26 13:01:41 +00:00
jgruber
27ed807156 Open a HandleScope before NearHeapLimitCallback
This should fix the recent frequent pause-on-oom failures.
The callback attempted to create a handle without a HandleScope.

Bug: v8:7631
Change-Id: Id15ba287896d62d3205585d14204f0c92a8823f8
Reviewed-on: https://chromium-review.googlesource.com/1030211
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52809}
2018-04-26 12:37:11 +00:00
Stephan Herhut
48d508cb45 [wasm] Add I32AtomicCompareExchange to interpreter
This adds support for the I32AtomicCompareExchange operations in the
interpreter. Also, the interpreter will now fail if it encounters
an unknown opcode from the atomic prefix.

Bug: chromium:826069
Change-Id: Iec1742271f4fdd83fcaa09ca72c24d1cf8c58835
Reviewed-on: https://chromium-review.googlesource.com/1029867
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52807}
2018-04-26 12:02:11 +00:00
sreten.kovacevic
19896840c7 [Liftoff][mips] Implement f32/f64 to i32/u32 conversion
Implement float to i32/u32 conversion on mips. Also, fix order
of arguments in some macro-assembler instructions used for these
conversions.

Bug: v8:6600
Change-Id: I94c91f8ac7796ac66fb3cf0129a2a27c1a6ec336
Reviewed-on: https://chromium-review.googlesource.com/1028232
Commit-Queue: Sreten Kovacevic <sreten.kovacevic@mips.com>
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#52806}
2018-04-26 10:10:51 +00:00
Camillo Bruni
46e0a8bf0a [printing] Improve DescriptorArray printing
- display enum cache
- display capacity

Change-Id: I79eed54af36b1fbb5435d96b650c0823be380e20
Reviewed-on: https://chromium-review.googlesource.com/1027874
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52804}
2018-04-26 09:06:58 +00:00
Clemens Hammacher
bff2672a53 [Liftoff] Implement f32.min and f32.max
This adds support for f32.min and f32.max, implemented on ia32, x64,
mips and mips64.

R=ahaas@chromium.org

Bug: v8:6600
Change-Id: If73abf3cf46011ba84158ed2ec02d074adcf4ba2
Reviewed-on: https://chromium-review.googlesource.com/1027841
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52803}
2018-04-26 09:05:18 +00:00
Stephan Herhut
0380b69af5 Allow use of ordinary shared array buffer in wasm threads
For wasm memory buffers, we normally require the memory to be allocated
via WebAssembly.Memory, which will set a is_wasm_memory flag and
register the memory with the wasm allocation tracker. This CL weakens
that requirement in a DCHECK to allow for running experimental threaded
applications even though the is_wasm_memory flag is not currently
propagated via postMessage.

Bug: chromium:836800
Change-Id: I4613b8651423307ce4cd466c0df28fc43244ec4f
Reviewed-on: https://chromium-review.googlesource.com/1027813
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52801}
2018-04-26 07:36:56 +00:00
Michael Achenbach
694a61fa5f Revert "[inspector] added timeout for Debugger.evaluateOnCallFrame method"
This reverts commit 436faae044.

Reason for revert: Introduces flakes:
https://build.chromium.org/p/client.v8/builders/V8%20Linux/builds/24482
https://build.chromium.org/p/client.v8/builders/V8%20Win32/builds/13557
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20ASAN/builds/25210

Original change's description:
> [inspector] added timeout for Debugger.evaluateOnCallFrame method
> 
> R=​dgozman@chromium.org,yangguo@chromium.org
> 
> Bug: none
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
> Change-Id: I569899f245190ca2fa720bdb837db1263e8058d5
> Reviewed-on: https://chromium-review.googlesource.com/1023035
> Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52798}

TBR=dgozman@chromium.org,yangguo@chromium.org,kozyatinskiy@chromium.org

Change-Id: I63ee0d19642856a7c0c2128bfa4c4620974d1919
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: none
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Reviewed-on: https://chromium-review.googlesource.com/1029910
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52800}
2018-04-26 07:22:45 +00:00
Sigurd Schneider
63b46569b8 [turbofan] Move Number.parseInt to JSCallReducer
This CL also removes the JSBuiltinReducer, which is no longer needed.

Bug: v8:7340, v8:7250
Change-Id: I28896f6ce0d352047ea1cb7ea6de490818840faf
Reviewed-on: https://chromium-review.googlesource.com/1027853
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52799}
2018-04-26 07:06:24 +00:00
Alexey Kozyatinskiy
436faae044 [inspector] added timeout for Debugger.evaluateOnCallFrame method
R=dgozman@chromium.org,yangguo@chromium.org

Bug: none
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I569899f245190ca2fa720bdb837db1263e8058d5
Reviewed-on: https://chromium-review.googlesource.com/1023035
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52798}
2018-04-25 21:33:51 +00:00
Jungshik Shin
f2974002ec TimeClip before formatting in Intl.DateTimeFormat
https://github.com/tc39/ecma402/pull/194 requires that
TimeClip be called before formatting in Intl.DateTimeFormat.

Bug: v8:7471
Test: test262/intl402/DateTimeFormat/prototype/format/time-clip*
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Iad80376ae7598aab3e4df84a6cbbcd8691e16e09
Reviewed-on: https://chromium-review.googlesource.com/1027442
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jungshik Shin <jshin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52796}
2018-04-25 20:17:29 +00:00
Aleksey Kozyatinskiy
9a7c4bfe1e Revert "[elements] Improve Array.prototype.splice speed"
This reverts commit dcdabdc86a.

Reason for revert: broke tsan.

Original change's description:
> [elements] Improve Array.prototype.splice speed
> 
> By using memmove for SMI elements we get a roughly 3x speedup over the slower
> iterative copying with write barriers.
> 
> Bug: chromium:835558
> Change-Id: I73da07a1648a3495ff78212ffa1ed949d205a7d2
> Reviewed-on: https://chromium-review.googlesource.com/1028236
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52792}

TBR=cbruni@chromium.org,ishell@chromium.org

Change-Id: I77c46fe3d47d651de3c39df9fbf5f30c340188e2
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:835558
Reviewed-on: https://chromium-review.googlesource.com/1028337
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52795}
2018-04-25 19:46:50 +00:00
Ben Smith
9166affb29 [wasm] Implement importing mutable globals
The WasmInstanceObject stores two new arrays:

- imported_mutable_globals_buffers_: a FixedArray of all the imported
  globals' array buffers.
- imported_mutable_globals: a calloc'd array of Addresses pointing to
  the mutable global in its array buffer.

When accessing the global, the generated code looks up the address in
imported_mutable_globals to find where to load/store.

Bug: v8:7625
Change-Id: I60844c21a788fce28f346455f10f2283d1c152e9
Reviewed-on: https://chromium-review.googlesource.com/1020602
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52794}
2018-04-25 18:57:48 +00:00
Alexey Kozyatinskiy
e81b0db787 [runtime] added v8::Isolate::SafeForTerminationScope and isolate flag
When only_terminate_in_safe_scope flag is passed as CreateParams for
v8::Isolate, V8 does not trigger intrruption for termination if there
is no explicit SafeForTerminationeScope.
Scope enables termination only in direct v8 calls, any recursive calls
require explicit SafeForTerminationScope.

R=yangguo@chromium.org

Bug: chromium:820640
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Iac17e30a4b47aa84e70e9218ca0adca9d07f726e
Reviewed-on: https://chromium-review.googlesource.com/1025390
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52793}
2018-04-25 18:11:58 +00:00
Camillo Bruni
dcdabdc86a [elements] Improve Array.prototype.splice speed
By using memmove for SMI elements we get a roughly 3x speedup over the slower
iterative copying with write barriers.

Bug: chromium:835558
Change-Id: I73da07a1648a3495ff78212ffa1ed949d205a7d2
Reviewed-on: https://chromium-review.googlesource.com/1028236
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52792}
2018-04-25 17:41:31 +00:00
Camillo Bruni
a3142476ba [runtime] Do not refer directly to the closure stored in the context
This is is a preparatory CL to detach the JSFunction from the Context.
We mainly rewrite the DebugScopeInterator to no longer rely on the a
JSFunction to be around. Additionally the empty_function needs to have
a proper ScopeInfo now.

Drive-by-fix: Improve ScopeInfo debug printing

Bug: v8:7066
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I2f2fa0e78914a12e076384e0e1234c2322ad1ee8
Reviewed-on: https://chromium-review.googlesource.com/918721
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52791}
2018-04-25 17:24:02 +00:00
Camillo Bruni
e570e67383 [heap][elements] Improve Array.prototype.splice speed
- 30% speedup by adding HeapObject shortcut for Heap::InNewSpace

Bug: chromium:835558
Change-Id: I48b5ec43a5ecdd7d82827c955ab418fdeff449d8
Reviewed-on: https://chromium-review.googlesource.com/1027471
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52790}
2018-04-25 17:00:46 +00:00
Ben Smith
6a50560650 [wasm] Implement WebAssembly.Global import/export
The mutable-globals proposal spec allows importing as Numbers or
WebAssembly.Global values, but always exports as WebAssembly.Global.

Since the value is always boxed, we can also import/export i64 values.

This CL also includes support for export of mutable globals. Since the
underlying ArrayBuffer that stores the global's value is shared between
the module and the WebAssembly.Global object, all that needs to be done
is remove the validation check.

Bug: v8:7625
Change-Id: I24d763e3bc193d229a7cc33b2f2690a473c6f2bc
Reviewed-on: https://chromium-review.googlesource.com/1018406
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52789}
2018-04-25 16:54:06 +00:00
Kim-Anh Tran
5ef33ea5a2 [wasm] Update counters after tier-up
Statistics need to be updated after top-tier code is added to
the native module.

Change-Id: Ie3a76caf233a2c3929b40fd0371c3069724b5289
Reviewed-on: https://chromium-review.googlesource.com/1027854
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Kim-Anh Tran <kimanh@google.com>
Cr-Commit-Position: refs/heads/master@{#52787}
2018-04-25 15:30:02 +00:00
Camillo Bruni
76cab5ff78 Fix Object.entries/.values with non-enumerable properties
Iterate over all descriptors instead of bailing out early and missing
enumerable properties later.

Bug: chromium:836145
Change-Id: I104f7ea89480383b6b4b9204942a166bdf8e0597
Reviewed-on: https://chromium-review.googlesource.com/1027832
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52786}
2018-04-25 13:44:32 +00:00
Clemens Hammacher
52f07582e0 [Liftoff] Implement i64 division and remainder
This adds support for i64.div_s, i64.div_u, i64.rem_s, and i64.rem_u.

R=ahaas@chromium.org

Bug: v8:6600
Change-Id: I37e564684b278c8d2f664a859851c67f4bd83190
Reviewed-on: https://chromium-review.googlesource.com/1027612
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52785}
2018-04-25 12:59:11 +00:00
Clemens Hammacher
7f78e75a72 [Liftoff] Implement the select opcode
R=ahaas@chromium.org

Bug: v8:6600
Change-Id: Iaa46324dfcf3b20f42d6a7448fca9ef2bbf241e9
Reviewed-on: https://chromium-review.googlesource.com/1027851
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52784}
2018-04-25 12:41:06 +00:00
Predrag Rudic
8a712b007c MIPS [Liftoff] Add missing case for Load
Change-Id: Ide0b3cab6c1cdb6cbb1b189852b309e08c1c504f
Reviewed-on: https://chromium-review.googlesource.com/1028010
Reviewed-by: Sreten Kovacevic <sreten.kovacevic@mips.com>
Commit-Queue: Sreten Kovacevic <sreten.kovacevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#52783}
2018-04-25 12:31:31 +00:00
Sigurd Schneider
6435107583 [turbofan] Move Date.now/Date.p.getTime to JSCallReducer
This CL also introduces an effect dependent simplified operator
DateNow and associated lowerings.

Bug: v8:7340, v8:7250
Change-Id: Icd4a8c3c45a8dbe7ef490fc3ee68c0c68bbed011
Reviewed-on: https://chromium-review.googlesource.com/1024836
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52782}
2018-04-25 12:06:01 +00:00
Kim-Anh Tran
074429a429 [wasm] Create runtime objects directly after compilation finishes
We want to ensure that all runtime objects are created as soon as
compilation finishes. Instead of scheduling another foreground thread
to create these runtime objects, we now call it directly from the already
executing foreground thread.

Change-Id: I9e8f47dba237de16e0bac119f1649496c8525b37
Reviewed-on: https://chromium-review.googlesource.com/1027712
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Kim-Anh Tran <kimanh@google.com>
Cr-Commit-Position: refs/heads/master@{#52779}
2018-04-25 11:48:51 +00:00
Andreas Haas
2a3c2c73d5 Reland: [refactoring] Remove the isolate from signatures of ExternalReferences
I missed one required change which was hidden behind an #if. The fix is in
the diff between Patch 1 and Patch 3.

Original message:
In this CL I remove the isolate from signatures of ExternalReference
accessor functions where the isolate is not used. The uses of the
isolate were already removed in previous CLs.

Changes:
* I split the ExternalReference list in external-reference.h into
those which need the isolate for initialization and those which do not.

* I removed the public constructors and replaced them by
  ExternalReference::Create(). The reason is to separate external
  creation more clearly from internal creation, because externally
  created ExternalReferences sometimes need redirection, whereas
  internally created ExternalReferences are just stored as they are.
  In addition, by removing the isolate from the signature of the
  public constructors, they suddenly exactly matched the interal
  constructor.

* Replace all uses of the public constructors with
  ExternalReference::Create().

* Remove the isolate from all call sites where necessary.


This is a step towards making WebAssembly compilation independent of
the isolate.

R=mstarzinger@chromium.org

Bug: v8:7570
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I750c162f5d58ed32e866722b0db920f8b9bd8057
Reviewed-on: https://chromium-review.googlesource.com/1026673
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52777}
2018-04-25 09:47:30 +00:00
Simon Zünd
3ea1ad234c [typedarray] Implement TypedArray.p.sort using Torque.
This CL implements TypedArray.p.sort in Torque. The Torque
version works basically the same as the existing JS builtin:

When no comparison function is provided, the C++ fast path builtin
is used. Otherwise a quicksort written in Torque is used, with
a InsertionSort fallback for smaller arrays.

The JS quicksort implementation also containes a more elaborate
third pivot calculation for larger arrays. This is currently not done.

Reported benchmark results are only for those, where a custom
comparison function is provided. The numbers for the C++ path stayed
the same.

Benchmark   Current (JS)       Torque    Speedup

IntTypes            83.9        263.7        3.1
BigIntTypes         32.1         54.6        1.7
FloatTypes          99.3        138.7        1.4

R=danno@chromium.org, jgruber@chromium.org

Bug: v8:7382
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I7abe7ceff525bab24f302d2f06b5961cca770d24
Reviewed-on: https://chromium-review.googlesource.com/1021691
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52776}
2018-04-25 09:03:40 +00:00
Predrag Rudic
2393710a27 [bigint] Add big endian support for BigInts serialization
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I3fc1b53c43e53e12e041178912f372f33068d67c
Reviewed-on: https://chromium-review.googlesource.com/1023418
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52775}
2018-04-25 08:29:20 +00:00
Georg Neis
a12413531d [modules] Anticipate stack overflow when traversing module graph.
Bug: chromium:836124
Change-Id: I82d29408476c9c5b2c62a6368f32575e33932ef3
Reviewed-on: https://chromium-review.googlesource.com/1025890
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52774}
2018-04-25 08:20:10 +00:00
Simon Zünd
44a000fd4b [torque] Add negative decimal literals.
This CL changes the DECIMAL_LITERAL lexer rule to allow
negative decimal literals as well.

This could also be achieved by using the unary minus operation,
which would occur an runtime overhead and feel counter-intuitive
for literals (imho).

R=tebbi@chromium.org

Change-Id: Ib01aa1930254bcd85a161de385b0fd4f176feb46
Reviewed-on: https://chromium-review.googlesource.com/1027473
Reviewed-by: Daniel Clifford <danno@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#52773}
2018-04-25 07:54:40 +00:00
Jaroslav Sevcik
549a3143d5 [turbofan] Prepare the Type class for UB treatment.
This is just code reshuffling to enable changing Type* to Type.

Bug: v8:3770
Change-Id: I8ed4ff41b480cab377d115c57c49d6f6c0c46d6d
Reviewed-on: https://chromium-review.googlesource.com/1025897
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52772}
2018-04-25 06:48:19 +00:00
jing.bao
2aa995bf9b [wasm]implement simd lowering for packing integer conversions
I16x8SConvertI32x4, I16x8UConvertI32x4,
I8x16SConvertI16x8, I8x16UConvertI16x8

Change-Id: Iab462c3fb6c60de7b54a925e438862362605fe8d
Reviewed-on: https://chromium-review.googlesource.com/1016178
Reviewed-by: Aseem Garg <aseemgarg@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Jing Bao <jing.bao@intel.com>
Cr-Commit-Position: refs/heads/master@{#52771}
2018-04-25 02:16:48 +00:00
Erik Luo
9b3dafb99a [debug] expose SideEffectType when setting template accessors
This expands the SideEffectType flag to cover whitelisting embedder
callbacks that are setup with Template accessors.

- v8::ObjectTemplate::SetNativeDataProperty
- v8::ObjectTemplate::SetLazyDataProperty
- v8::ObjectTemplate::SetAccessor

Bug: v8:7515
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ieda6c793141ab249c4f41d00e6572fe2a29ac629
Reviewed-on: https://chromium-review.googlesource.com/1015896
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Erik Luo <luoe@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52770}
2018-04-24 22:52:48 +00:00
Andreas Haas
7bfed2ad42 Revert "[refactoring] Remove the isolate from signatures of ExternalReferences"
This reverts commit 44ea425ab1.

Reason for revert: https://ci.chromium.org/buildbot/client.v8.ports/V8%20Arm%20-%20debug%20builder/13575

Original change's description:
> [refactoring] Remove the isolate from signatures of ExternalReferences
> 
> In this CL I remove the isolate from signatures of ExternalReference
> accessor functions where the isolate is not used. The uses of the
> isolate were already removed in previous CLs.
> 
> Changes:
> * I split the ExternalReference list in external-reference.h into
> those which need the isolate for initialization and those which do not.
> 
> * I removed the public constructors and replaced them by
>   ExternalReference::Create(). The reason is to separate external
>   creation more clearly from internal creation, because externally
>   created ExternalReferences sometimes need redirection, whereas
>   internally created ExternalReferences are just stored as they are.
>   In addition, by removing the isolate from the signature of the
>   public constructors, they suddenly exactly matched the interal
>   constructor.
> 
> * Replace all uses of the public constructors with
>   ExternalReference::Create().
> 
> * Remove the isolate from all call sites where necessary.
> 
> 
> This is a step towards making WebAssembly compilation independent of
> the isolate.
> 
> Bug: v8:7570
> R=​mstarzinger@chromium.org
> 
> Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
> Change-Id: I14f511fc6acc50ab2d6a6641299f5ddbeabef0da
> Reviewed-on: https://chromium-review.googlesource.com/1018982
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52768}

TBR=mstarzinger@chromium.org,ahaas@chromium.org

Change-Id: I7c0d8d420f815cede23d550dee8942ac4d7791cc
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7570
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/1026570
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52769}
2018-04-24 20:02:00 +00:00
Andreas Haas
44ea425ab1 [refactoring] Remove the isolate from signatures of ExternalReferences
In this CL I remove the isolate from signatures of ExternalReference
accessor functions where the isolate is not used. The uses of the
isolate were already removed in previous CLs.

Changes:
* I split the ExternalReference list in external-reference.h into
those which need the isolate for initialization and those which do not.

* I removed the public constructors and replaced them by
  ExternalReference::Create(). The reason is to separate external
  creation more clearly from internal creation, because externally
  created ExternalReferences sometimes need redirection, whereas
  internally created ExternalReferences are just stored as they are.
  In addition, by removing the isolate from the signature of the
  public constructors, they suddenly exactly matched the interal
  constructor.

* Replace all uses of the public constructors with
  ExternalReference::Create().

* Remove the isolate from all call sites where necessary.


This is a step towards making WebAssembly compilation independent of
the isolate.

Bug: v8:7570
R=mstarzinger@chromium.org

Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I14f511fc6acc50ab2d6a6641299f5ddbeabef0da
Reviewed-on: https://chromium-review.googlesource.com/1018982
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52768}
2018-04-24 18:39:27 +00:00
Eric Holk
45dd38c167 [wasm] Add metrics for Wasm memory allocation
This adds two new UMA histograms to give us more insight into Wasm
memory allocation.

The first records the result of every attempt to to allocate a Wasm
backing store. This will let us know things like how often we
explicitly trigger a GC, or how often we hit our address space limit.

The second records how many megabytes of address space Wasm reserves.
A sample is added every time the number either increases or decreases.
This metric will give us a sense of how many outstanding Wasm memories
there are in typical usage.

Change-Id: I38c1bc1ad915c26b6cda3c373ededdd395193a4c
Reviewed-on: https://chromium-review.googlesource.com/1024646
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52767}
2018-04-24 18:08:37 +00:00
Sathya Gunasekaran
238dff2664 [hashtable] Move FindOrderedHashTableEntry to CSA
... from BaseCollectionsAssembler

Bug: v8:7569
Change-Id: I938257b18372bbe8a43af3f25c85d192950be8fa
Reviewed-on: https://chromium-review.googlesource.com/1026053
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52766}
2018-04-24 16:30:18 +00:00
Sathya Gunasekaran
cec163026a [hashtable] Move ordered hash table allocation to CSA
.. from BaseCollectionsAssembler

Bug: v8:7569
Change-Id: I87fd35dbd82ad5752c857f35b63403ca348bf305
Reviewed-on: https://chromium-review.googlesource.com/1024700
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52765}
2018-04-24 16:20:27 +00:00
Clemens Hammacher
75922ead2b [Liftoff] Implement i32.rem_u and i32.rem_s
This adds support for i32.rem_u and i32.rem_s, implemented on ia32 and
x64.

R=ahaas@chromium.org

Bug: v8:6600
Change-Id: Id08a51f7a0dcb7a1ed43c5a97be7a7dafff85397
Reviewed-on: https://chromium-review.googlesource.com/1023932
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52764}
2018-04-24 16:15:37 +00:00
Dan Elphick
75288a03be [torque] Use StringConstant when generating strings
Use StringConstant instead of NewStringFromAsciiChecked so strings are
deduplicated.

Change-Id: I0c5395be6d06caacd7d257b61bd2372da2fce427
Reviewed-on: https://chromium-review.googlesource.com/1025815
Reviewed-by: Daniel Clifford <danno@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52763}
2018-04-24 15:45:39 +00:00
Clemens Hammacher
6e83096491 [cleanup] Use CodeReference in Disassembler
This avoids some code duplication.

R=mstarzinger@chromium.org

Bug: v8:7570
Change-Id: Ib8f9095945e688e24351529f8e782614453f2161
Reviewed-on: https://chromium-review.googlesource.com/1023416
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52762}
2018-04-24 14:35:38 +00:00
Kim-Anh Tran
e47072c97a [wasm] Basic wasm tier-up
Wasm tier-up first compiles the whole module using Liftoff, and then
using Turbofan. The idea is to achieve fast start-up times by first
running Liftoff-compiled code. In the meantime we finish compilation
with Turbofan, and replace the Liftoff-compiled code as soon
as Turbofan finished compilation, thus achieving high performance.
Tier-up is enabled through the flag FLAG_wasm_tier_up.

Bug: v8:6600
Change-Id: I70552969c53d909a591666a1e7ce1ee1419b2f34
Reviewed-on: https://chromium-review.googlesource.com/1010422
Commit-Queue: Kim-Anh Tran <kimanh@google.com>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52759}
2018-04-24 13:56:23 +00:00
Andreas Haas
3a56441a8c [wasm][cleanup] Move ValueType into its own header file
This CL splits the definition of ValueType and its helper functions
into its own header file.

R=clemensh@chromium.org

Bug: v8:7570
Change-Id: I3aa776edb45839d7d38836e131df45732c685310
Reviewed-on: https://chromium-review.googlesource.com/1021810
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52758}
2018-04-24 13:55:18 +00:00
Sigurd Schneider
5043ab6fba [turbofan] Move Array.isArray to JSCallReducer/JSTypedLowering
This CL introduces a JSOperator for Array.isArray and moves the
corresponding lowering to JSCallReducer and JSTypedLowering.

Bug: v8:7340, v8:7250
Change-Id: Iaa7ced2ad34bec8cccc9da1041007261168cf4b3
Reviewed-on: https://chromium-review.googlesource.com/1025092
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52757}
2018-04-24 13:54:13 +00:00
Sigurd Schneider
e698cd3633 [deoptimizer] Improve readability of debug output
Bug: v8:7679
Change-Id: If8b6d9ad4f93eb2b98878c916625b7a344e5900c
Reviewed-on: https://chromium-review.googlesource.com/1021532
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52756}
2018-04-24 13:49:08 +00:00
Andreas Haas
49712d8acf [wasm] Call AsyncInstantiate directly when instantiating a module object
WebAssembly.instantiate is polymorphic, it can either take a module
object as parameter, or a buffer source which should be compiled first.
To share code between the two implementations, the module object was
first passed to a promise (i.e. which is the result of compilation).
However, passing the module object to a promise has a side effect if
the module object has a then function. To avoid this side effect I
remove this code sharing and call AsyncInstantiate directly in case
the parameter is a module object.

R=mstarzinger@chromium.org

Bug: chromium:836141
Change-Id: I67b76d0d7761c5aeb2cf1deda45b6842e494eed4
Reviewed-on: https://chromium-review.googlesource.com/1025774
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52755}
2018-04-24 13:01:18 +00:00
Clemens Hammacher
ba864684e7 [wasm] Fix remaining external refs to take Address
Passing a pointer of the needed type, and then reading using
ReadUnalignedValue is pointless, since the compiler can assume
alignment of the pointer value.
This CL fixes the remaining external refs of wasm to take an Address to
a single buffer.

R=ahaas@chromium.org

Bug: v8:7570, v8:3770
Change-Id: If8a7324a4703e1e900cb3c5644baef207e6a371d
Reviewed-on: https://chromium-review.googlesource.com/1023406
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52754}
2018-04-24 12:35:28 +00:00
Kenton Varda
b49206ded9 ThreadDataTable: Change global linked list to per-Isolate hash map.
For use cases with a large number of threads or a large number of isolates (or
both), ThreadDataTable can be a major performance bottleneck due to O(n)
lookup time of the linked list. Switching to a hash map reduces this to O(1).

Example 1: Sandstorm.io, a Node.js app that utilizes "fibers", was observed
spending the majority of CPU time iterating over the ThreadDataTable.
See: https://sandstorm.io/news/2016-09-30-fiber-bomb-debugging-story

Example 2: Cloudflare's Workers engine, a high-multi-tenancy web server
framework built on V8 (but not Node), creates large numbers of threads and
isolates per-process. It saw a 34x improvement in throughput when we applied
this patch.

Cloudflare has been using a patch in production since the Workers launch which
replaces the linked list with a hash map -- but still global.

This commit builds on that but goes further and creates a separate hash map
and mutex for each isolate, with the table being a member of the Isolate
class. This avoids any globals and should reduce lock contention.

Bug: v8:5338
Change-Id: If0d11509afb2e043b888c376e36d3463db931b47
Reviewed-on: https://chromium-review.googlesource.com/1014407
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52753}
2018-04-24 10:01:26 +00:00
Marja Hölttä
705d34e691 [torque] iwyu
BUG=v8:7490

Change-Id: I03421657d4abc3cd6e27ffafa6b922ea0e83b2b4
Reviewed-on: https://chromium-review.googlesource.com/1016381
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52752}
2018-04-24 08:58:20 +00:00
Daniel Clifford
480cc98950 Fix Torque memory leaks identified by ASAN
Bug: v8:7666
Change-Id: Ida9b6f964261bad75a4eb5d567ad37ec82569bcc
Reviewed-on: https://chromium-review.googlesource.com/1023061
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52751}
2018-04-24 08:40:50 +00:00
Marja Hölttä
ba40d7c2b6 [reland] [csa] Add TNode<MaybeObject>.
LoadMaybeWeakField returns a TNode<MaybeObject>, and the only way to extract
values from it is through explicit functions.

Previous version: https://chromium-review.googlesource.com/1014106

BUG=v8:7308

Change-Id: I73bf3a007733ed84937e45336ac142011adc5151
Reviewed-on: https://chromium-review.googlesource.com/1023935
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52750}
2018-04-24 08:22:26 +00:00
Ingvar Stepanyan
1c23f888a1 Cleanup NewFunctionFromSharedFunctionInfo
NewFunctionFromSharedFunctionInfo is not called with `undefined`
anymore, and so can be changed to just accept `Handle<Context>`.

Additionally, reporting script compilation to the debugger can now
be moved into `Compiler::PostInstantiation`.

R=yangguo@chromium.org

Change-Id: I0a9b3fa51f87f41b4fc97a29f79c110c6246f273
Reviewed-on: https://chromium-review.googlesource.com/1024832
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52749}
2018-04-24 08:20:40 +00:00
Benedikt Meurer
7f8e83b56d [builtins] Properly reject immediately throwing thenables.
Bug: chromium:830565
Change-Id: I1adab76e790a81f51f7b03165962992f5afecc99
Reviewed-on: https://chromium-review.googlesource.com/1023400
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52748}
2018-04-24 07:55:00 +00:00
Erik Luo
363996f7ab [inspector] whitelist side-effect-free console API callbacks
This CL whitelists Console Command Line API callbacks on the V8 side.

Bug: chromium:810176
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I7afdd6bd4263cb4cb18bdf02b37ab3e822ae5c96
Reviewed-on: https://chromium-review.googlesource.com/1016094
Commit-Queue: Erik Luo <luoe@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52747}
2018-04-23 22:06:07 +00:00
Vincent Belliard
bca2b694f9 [Liftoff] Add LiftoffStackSlots
On AArch64, we can't push arguments one by one because sp must always be 16 byte aligned.
This patch adds a LiftoffStackSlots class which holds everything which has to be pushed.
This way, on AArch64, we will be able to reserve the needed space and eventually add some padding. Then, all pushes will be converted to stores into this reserved space.

Bug: v8:6600

Change-Id: I17480fb841f16e07356b35326c59e3c7f03ed012
Reviewed-on: https://chromium-review.googlesource.com/1023977
Commit-Queue: Vincent Belliard <vincent.belliard@arm.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52746}
2018-04-23 20:59:17 +00:00
Alexey Kozyatinskiy
f2b5a6da4e [inspector] added Debugger.setBreakpointOnFunctionCall
This function can be used to set breakpoint on any function call,
including native functions without source code, for them new method is
only one way to set breakpoint.

R=dgozman@chromium.org

Bug: chromium:828076
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Iae8f4805b6e860a7ca008041fdfbe75e43a1959c
Reviewed-on: https://chromium-review.googlesource.com/1023128
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52745}
2018-04-23 20:36:47 +00:00
Eric Holk
94139bc6ac [wasm] Register trap handler data for lazily compiled functions
Bug: chromium:834693, chromium:834955
Change-Id: I243521f45c2b7e2457a37d34ab3629670d8fa39b
Reviewed-on: https://chromium-review.googlesource.com/1020361
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52744}
2018-04-23 18:30:24 +00:00
Alexey Kozyatinskiy
d3f6c6479f [runtime] implemented SafeForInterruptsScope
This CL introduced SafeForInterruptsScope. This scope overrides
outer PostponeInterruptsScopes:
- reschedule postponed interrupts if needed,
- allow requesting new interrupts.
As soon as scope removed interrupts are posponed if needed.

This scope will be:
- used to allow inspector to interrupt and terminate
  DebugeEvaluate::Local,
- exposed with new flag on Isolate to implement SafeForTerminationScope
  in blink.

R=yangguo@chromium.org

Bug: chromium:820640
Change-Id: I15befc10c2cee393d1e3be48cecb31ee14dae638
Reviewed-on: https://chromium-review.googlesource.com/1022969
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52743}
2018-04-23 17:53:55 +00:00
Sigurd Schneider
30be479711 Reland "[builtins] Separate species protectors for Array, TypedArray, Promise"
This is a reland of 5728b3fbc5

Original change's description:
> [builtins] Separate species protectors for Array, TypedArray, Promise
> 
> Previously, there was one species protector for Array, TypedArray and
> Promise. This CL splits the protector in three separate ones. This means
> that invalidating one of them does not have negative performance
> implications for the other ones.
> 
> Bug: chromium:835347, v8:7340
> Change-Id: Id84aa0071f17096192965264eb60ddadd1e8e73f
> Reviewed-on: https://chromium-review.googlesource.com/1023408
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52733}

Bug: chromium:835347, v8:7340
Change-Id: I0c0188a0723e206ddb362834bcf872b23cd7666d
Reviewed-on: https://chromium-review.googlesource.com/1023811
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52742}
2018-04-23 17:52:50 +00:00
Alexey Kozyatinskiy
f1e3051ef6 [inspector] consider object with embedder fields as non-temporary
Embedder may implement any non trivial logic using embedder fields,
e.g. creates wrappers lazily and store native pointer to native object
inside embedder fields.

R=yangguo@chromium.org

Bug: v8:7588
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Id14eb6e686f8945cb350cfe77e8a4b3c52c5ec5b
Reviewed-on: https://chromium-review.googlesource.com/1013404
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52741}
2018-04-23 17:40:40 +00:00
Aleksey Kozyatinskiy
dcf0456ca6 Revert "Roll third_party/inspector_protocol to 59ca26e"
This reverts commit bd7f5cf0ab.

Reason for revert: does not work well.

Original change's description:
> Roll third_party/inspector_protocol to 59ca26e
> 
> This roll includes:
>   - [inspector_protocol] first class citizien .pdl support
>   - [inspector_protocol] node uses script names inside own repository
> 
> + removed .json file
> 
> R=​pfeldman@chromium.org,yangguo@chromium.org
> 
> Bug: none
> Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
> Change-Id: Idd87e80a3ce42198858ade4bcf6e6fec4b2f0731
> Reviewed-on: https://chromium-review.googlesource.com/804635
> Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Reviewed-by: Pavel Feldman <pfeldman@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52734}

TBR=pfeldman@chromium.org,yangguo@chromium.org,kozyatinskiy@chromium.org

Change-Id: I64cfa2740c03a2c15db1eb483212adec8f5f6a76
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: none
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Reviewed-on: https://chromium-review.googlesource.com/1024350
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52740}
2018-04-23 17:38:31 +00:00
Sigurd Schneider
519efef583 [deoptimizer] Manage input index in TranslatedFrame::iterator
This manages input_index directly in TranslatedFrame::iterator.
I think the overhead is low enough, expecially since all uses
of the iterator, except one, compute input_index anyway.

Bug: v8:7679
Change-Id: I7e5fc08ff23a49415265afd617248c55f4d95e19
Reviewed-on: https://chromium-review.googlesource.com/1021711
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52739}
2018-04-23 17:03:36 +00:00
Clemens Hammacher
340d2c0f61 [Liftoff] Implement i32.div_u and i32.div_s
This adds support for i32.div_u and i32.div_s, implemented on ia32 and
x64.

R=ahaas@chromium.org

Bug: v8:6600
Change-Id: I920fb0613ecba0021dab0936690415be88d666e9
Reviewed-on: https://chromium-review.googlesource.com/1021890
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52737}
2018-04-23 15:52:26 +00:00
Sigurd Schneider
75e282342c Revert "[builtins] Separate species protectors for Array, TypedArray, Promise"
This reverts commit 5728b3fbc5.

Reason for revert: Breaks noi18n build

Original change's description:
> [builtins] Separate species protectors for Array, TypedArray, Promise
> 
> Previously, there was one species protector for Array, TypedArray and
> Promise. This CL splits the protector in three separate ones. This means
> that invalidating one of them does not have negative performance
> implications for the other ones.
> 
> Bug: chromium:835347, v8:7340
> Change-Id: Id84aa0071f17096192965264eb60ddadd1e8e73f
> Reviewed-on: https://chromium-review.googlesource.com/1023408
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52733}

TBR=sigurds@chromium.org,bmeurer@chromium.org

Change-Id: Ied8b436e7991c759eb3b98702c142aa127a7e63c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:835347, v8:7340
Reviewed-on: https://chromium-review.googlesource.com/1024151
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52736}
2018-04-23 15:48:07 +00:00
Marja Hölttä
be88e1c6a7 Revert "[csa] Add TNode<MaybeObject>."
This reverts commit c823ca959e.

Reason for revert: test failures

Original change's description:
> [csa] Add TNode<MaybeObject>.
> 
> LoadMaybeWeakField returns a TNode<MaybeObject>, and the only way to extract
> values from it is through explicit functions.
> 
> BUG=v8:7308
> 
> Change-Id: I98da6b715527bb9976b4c78ed9caaa39fbcb3ed5
> Reviewed-on: https://chromium-review.googlesource.com/1014106
> Commit-Queue: Marja Hölttä <marja@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52732}

TBR=marja@chromium.org,petermarshall@chromium.org,tebbi@chromium.org

Change-Id: Ie7ff36d39db1fedf668c21ed56532e364e93eca1
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7308
Reviewed-on: https://chromium-review.googlesource.com/1024150
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52735}
2018-04-23 15:46:07 +00:00
Alexey Kozyatinskiy
bd7f5cf0ab Roll third_party/inspector_protocol to 59ca26e
This roll includes:
  - [inspector_protocol] first class citizien .pdl support
  - [inspector_protocol] node uses script names inside own repository

+ removed .json file

R=pfeldman@chromium.org,yangguo@chromium.org

Bug: none
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Idd87e80a3ce42198858ade4bcf6e6fec4b2f0731
Reviewed-on: https://chromium-review.googlesource.com/804635
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Pavel Feldman <pfeldman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52734}
2018-04-23 15:29:16 +00:00
Sigurd Schneider
5728b3fbc5 [builtins] Separate species protectors for Array, TypedArray, Promise
Previously, there was one species protector for Array, TypedArray and
Promise. This CL splits the protector in three separate ones. This means
that invalidating one of them does not have negative performance
implications for the other ones.

Bug: chromium:835347, v8:7340
Change-Id: Id84aa0071f17096192965264eb60ddadd1e8e73f
Reviewed-on: https://chromium-review.googlesource.com/1023408
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52733}
2018-04-23 14:54:46 +00:00
Marja Hölttä
c823ca959e [csa] Add TNode<MaybeObject>.
LoadMaybeWeakField returns a TNode<MaybeObject>, and the only way to extract
values from it is through explicit functions.

BUG=v8:7308

Change-Id: I98da6b715527bb9976b4c78ed9caaa39fbcb3ed5
Reviewed-on: https://chromium-review.googlesource.com/1014106
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52732}
2018-04-23 14:52:26 +00:00
Andreas Haas
5c9b30ae38 [api] Split isolate allocation and initialization
At the moment, the isolate is allocated and initialized in a single
step. This has the downside that the platform cannot register the
isolate before the isolate gets initialized, and therefore the platform
is not available for the isolate during initialization. With this CL we
register the uninitialized isolate on the platform and initialize the
isolate after that.

This change is needed to allow the creation of task runners already
during the initialization of the isolate.

The related chromium CL: https://crrev.com/c/1015020

R=yangguo@chromium.org

Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I52e89388a757f2693d1a800e7aa7701aa0080795
Reviewed-on: https://chromium-review.googlesource.com/1014044
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52731}
2018-04-23 14:48:46 +00:00
Sigurd Schneider
62b22fbd12 [deoptimizer] Use FrameWriter in DoComputeConstructStub
This CL applies the previously introduced stack abstraction for
constructing output frames to constructor stub frames.

Bug: v8:7679

Change-Id: I707b3d11c033b29873317f5798e1ee89c13e9907
Reviewed-on: https://chromium-review.googlesource.com/1021410
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52730}
2018-04-23 13:45:38 +00:00
Georg Neis
773a746ef7 Remove a C++ loop header's reliance on implementation-defined behavior.
Change-Id: I9684997c59664792fa69e5147fbf82e7931dbba1
Reviewed-on: https://chromium-review.googlesource.com/1023405
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52729}
2018-04-23 13:23:06 +00:00
Ulan Degenbaev
dd0ce92422 Revert "[heap] Removing marking step size ramp-up interval heuristic."
This reverts commit 2998a1761a.

Reason for revert: perf regressions crbug.com/835472

Original change's description:
> [heap] Removing marking step size ramp-up interval heuristic.
> 
> The heuristic is no longer needed now that we have concurrent marking.
> 
> Bug: chromium:834371
> Change-Id: I8ca3eaacdab618f690d8007aff66713260ace19f
> Reviewed-on: https://chromium-review.googlesource.com/1017123
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52693}

TBR=ulan@chromium.org,hpayer@chromium.org,mlippautz@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: chromium:834371
Change-Id: I574abd75e77ae9ff443419f01750a3f01072adaf
Reviewed-on: https://chromium-review.googlesource.com/1023890
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52728}
2018-04-23 11:50:46 +00:00
Sigurd Schneider
8c8976480a [deoptimizer] Use FrameWriter in DoComputeArgumentsAdaptorFrame
This CL applies the previously introduced stack abstraction for
constructing output frames to argument adaptor frames.

Bug: v8:7679

Change-Id: I07cb4447a8af510b24a8489d8abd047845a23e62
Reviewed-on: https://chromium-review.googlesource.com/1019148
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52727}
2018-04-23 11:27:36 +00:00
Sigurd Schneider
9557a91ff7 [turbofan] Move isNaN/isFinite to JSCallReducer
This CL also adds the simplified operator NumberIsNaN.

Bug: v8:7340, v8:7250
Change-Id: Ifa44cf59b30ee700f7df61f8d58782a43fd0f3c5
Reviewed-on: https://chromium-review.googlesource.com/1023391
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52726}
2018-04-23 11:08:36 +00:00
Peter Marshall
35985ce6ab [cpu-profiler] Use std::unordered_map for hashmaps.
There doesn't seem to be any reason to use our custom hashmap here,
which has a more complicated interface.

Change-Id: Ib08c2e400a3cb402a5984b925034aac29750c2ec
Reviewed-on: https://chromium-review.googlesource.com/1019445
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52724}
2018-04-23 10:54:26 +00:00
Clemens Hammacher
7d32cf4ee7 [cleanup] Clean up CodeReference class
This CL fixes the new {CodeReference} class to comply to the style
guide. It makes it a proper class, renames private fields to end in an
underscore and simplifies the union declaration.

R=ahaas@chromium.org
CC=herhut@chromium.org

Bug: v8:7570
Change-Id: I329bbc6fca1ba3c0cb34fb4e1179eb4fa9044e76
Reviewed-on: https://chromium-review.googlesource.com/1023414
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52722}
2018-04-23 10:10:45 +00:00
Clemens Hammacher
ba020627e8 [wasm] Enable highlighting of current instruction in "jco"
For on-heap code, there is the nice feature of highlighting the current
pc on the "jco" gdb macro (calling {Code->Print}, {Code->Disassemble}
or {WasmCode::Disassemble}). For wasm code, this feature was missing so
far. This CL adds it.

R=ahaas@chromium.org

Change-Id: I0ee86d3c5cf9f42581f03c2ba4ec16b4c992e016
Reviewed-on: https://chromium-review.googlesource.com/1021517
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52721}
2018-04-23 09:47:57 +00:00
Clemens Hammacher
f7f7cd2e8a [Liftoff] Allow more register reuse
For binary operations and unary operations, we were pinning too many
registers, thereby disallowing to reuse a src register for the result.

R=ahaas@chromium.org

Bug: v8:6600
Change-Id: Id4eea1e35d29c170e191249ef42d11ed1d284490
Reviewed-on: https://chromium-review.googlesource.com/1021818
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52720}
2018-04-23 09:35:25 +00:00
Ivo Markovic
8da9631b76 Force proper code aligment in wasm serializer.
Change-Id: Ia32553de2b2365e7396392c8b6fbdba628d3f038
Reviewed-on: https://chromium-review.googlesource.com/1013929
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52719}
2018-04-23 09:16:06 +00:00
Georg Neis
021e9b089e Remove incorrect receiver checks from some array methods.
Several functions on Array.prototype incorrectly threw a TypeError just
because their receiver was sealed or frozen.

Bug: v8:7677
Change-Id: I4ec38bfbf468f9bd676f1c0b341c8a50cf814f15
Reviewed-on: https://chromium-review.googlesource.com/1021870
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52718}
2018-04-23 08:57:35 +00:00
Sigurd Schneider
1b03393202 [deoptimizer] Use FrameWriter in DoComputeInterpretedFrame
This CL applies the previously introduced stack abstraction for
constructing output frames to interpreted frames.

Bug: v8:7679

Change-Id: I8f62b40f76f3ea43145de37429c84fcaeb12a935
Reviewed-on: https://chromium-review.googlesource.com/1019146
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52717}
2018-04-23 08:43:15 +00:00
Timothy Gu
6989b3f6d7 [intl] Fix default Intl language tag handling
With certain ICU data bundles (such as the Node.js "small-icu"),
%GetDefaultICULocale() may return a more specific language tag (e.g.
"en-US") than what's available (e.g. "en"). In those cases, consider the
more specific language tag supported.

This CL also resolves the following Node.js issue:
   https://github.com/nodejs/node/issues/15223

Bug: v8:7024
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Ifda0776b3418734d5caa8af4e50c17cda95add73
Reviewed-on: https://chromium-review.googlesource.com/668350
Commit-Queue: Daniel Ehrenberg <littledan@chromium.org>
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52716}
2018-04-21 13:16:20 +00:00
Sigurd Schneider
a1f33fa28a [deoptimizer] Refactor frame output writing in deoptimizer
This CL introduces an stack abstraction for writing frame descriptions.
Previously, we managed the output offset by hand, which is verbose and
error prone. This CL introduced FrameWriter, which offers a stack
abstraction with push operations for constructing the output frame
descriptions.

The abstraction is only applied to DoComputeBuiltinContinuation;
following CLs will apply it to the other DoCompute* functions.

Bug: v8:7679

Change-Id: Ia6e34de1ed63ba9245e2a08945b1e0548562ed43
Reviewed-on: https://chromium-review.googlesource.com/1019143
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52714}
2018-04-20 15:13:15 +00:00
Simon Zünd
4c2cd28632 Add method for storing TypedArray elements in CodeStubAssembler.
This CL adds StoreFixedTypedArrayElementFromTagged to the CSA. This
method takes an array element in the form of a Number/BigInt, and
converts and stores it appropriately.
For BigInts, an existing method was refactored slightly to allow its
usage.
The added method is used in the upcoming Torque implementation
of TypedArray.p.sort.

R=jgruber@chromium.org

Bug: v8:7382
Change-Id: I5135de0eff96eb2048aaca73de327a027c1faef8
Reviewed-on: https://chromium-review.googlesource.com/1021083
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52711}
2018-04-20 13:22:03 +00:00
Clemens Hammacher
8f55ec89f6 [Liftoff][cleanup] Replace macro by template
R=ahaas@chromium.org

Bug: v8:7570, v8:6600
Change-Id: I2630a173756a7f2d7831b6d3f820fc4224c76f68
Reviewed-on: https://chromium-review.googlesource.com/1021731
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52709}
2018-04-20 12:04:39 +00:00
jgruber
a367acefc6 Change IdentityMap::Delete signature
The existing signature is problematic for two reasons:

1. The void* -> V cast is invalid if sizeof(V) < sizeof(void*)
2. It's impossible to distinguish between a returned value of 0 and
   nullptr, designating failure.

Bug: v8:6666
Change-Id: I71e8fc9119256c24a15b5bb73438f024f1af4f88
Reviewed-on: https://chromium-review.googlesource.com/1018466
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52708}
2018-04-20 11:27:59 +00:00
jgruber
49f0e6483f [builtins] Hash & verify the embedded blob
Embed a hash of the embedded blob at serialization-time, and verify it
when loading the blob.

Drive-by: Keep the size of the blob trimmed, and only page-align for
dynamic page allocation and freeing during mksnapshot.

Bug: v8:6666
Change-Id: I10b6064f4f2847d4cc400f6f1bd6961194985b8f
Reviewed-on: https://chromium-review.googlesource.com/1019144
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52707}
2018-04-20 11:22:49 +00:00
Andreas Haas
10152d6f43 [wasm][cleanup] Remove include of src/signature.h in wasm-opcodes.h
Bug: v8:7570

Change-Id: Ib3ff7e64390b1f159905a054e7f9e37bd3f8a19c
Reviewed-on: https://chromium-review.googlesource.com/1021530
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52706}
2018-04-20 10:38:11 +00:00
Clemens Hammacher
ce162ef8a2 [Liftoff] Implement float to i64/u64 conversions
This implement float to i64/u64 conversions on ia32 and x64.
These conversions emit a C call on ia32, and are implemented using
native instructions on x64.

R=ahaas@chromium.org

Bug: v8:6600
Change-Id: I5b97a74d336e196598b29d407a3d06405b74ee14
Reviewed-on: https://chromium-review.googlesource.com/1014114
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52705}
2018-04-20 10:30:59 +00:00
Mike Stanton
93df7ff067 [Torque] Support JavaScript builtins with fixed args
To implement builtin continuations called from the deoptimizer,
we need to better support writing builtins declared with javascript
binding in Torque. This CL adds fixed number of argument support.
So you can declare in Torque, something like:

builtin javascript Foo(context: Context, receiver: Object, bar: Object):
  Object {
  ...
}

Formerly, this would give you an error because we only supported
javascript bindings with a varargs array.

Bug: v8:7672
Change-Id: I5b5b25bdbbd5e054049c39dd2f1a4c606472dcd5
Reviewed-on: https://chromium-review.googlesource.com/1018941
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52704}
2018-04-20 09:48:53 +00:00
Clemens Hammacher
8d2d0513c3 [wasm] Simplify C calls
Instead of passing multiple pointers to input and output, or to two
input values, just pass one pointer which holds all inputs and where
the output is written.
This also reduces the size of generated Turbofan graphs, since only one
stack slot is needed and less arguments are passed to the call.
It also fixes undefined behaviour, since we were passing a pointer e.g.
as {uint64_t*}, but accessed it using {ReadUnalignedValue}. Now we pass
an Address, which does not have any alignment constraints.

R=ahaas@chromium.org

Bug: v8:3770, v8:6600
Change-Id: I54ef80b7e27f77587a9062560c0b3e01d6593e6d
Reviewed-on: https://chromium-review.googlesource.com/1019147
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52702}
2018-04-20 08:14:51 +00:00
Alexey Kozyatinskiy
f8cd756119 [debugger] allow some map, set, regexp and array builtins on tmp objects..
.. for side effect free debug evaluate.

R=yangguo@chromium.org

Bug: v8:7588
Change-Id: Iac4d782dbf996d9c11430fc681f38a648d89435b
Reviewed-on: https://chromium-review.googlesource.com/1000527
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52699}
2018-04-20 02:26:44 +00:00
Ulan Degenbaev
10fce9c80a [heap] Do eager unmapping in CollectAllAvailableGarbage.
The memory metric samples memory usage immediately after forcing GC via
LowMemoryNotification. This makes the metric sensitive to the unmapper
tasks timing.

This patch forces eager unmapping in CollectAllAvailableGarbage.

It also forces eager unmapping of non-regular chunks at the beginning
of Mark-Compact to avoid accumulation of non-regular chunks.

Bug: chromium:833291, chromium:826384
Change-Id: Iddf02cd4ab8613385d033899d29525fe6ee47fdd
Reviewed-on: https://chromium-review.googlesource.com/1017102
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52696}
2018-04-19 16:13:04 +00:00
Marja Hölttä
9cb8ad1456 [in-place weak refs prework] Enhance DCHECKs for handler types.
BUG=v8:7308

Change-Id: I5bc2faea374f116d3916b71465c34a84bd14f74f
Reviewed-on: https://chromium-review.googlesource.com/1019501
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52695}
2018-04-19 15:23:52 +00:00
Marja Hölttä
8bf738300b [in-place weak refs] Replace WeakCells in TransitionArray::PrototypeTransitions.
BUG=v8:7308

Change-Id: Ib3926bfa22b8639d84374cf423d26d6362e3f46e
Reviewed-on: https://chromium-review.googlesource.com/1019141
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52694}
2018-04-19 15:12:03 +00:00
Ulan Degenbaev
2998a1761a [heap] Removing marking step size ramp-up interval heuristic.
The heuristic is no longer needed now that we have concurrent marking.

Bug: chromium:834371
Change-Id: I8ca3eaacdab618f690d8007aff66713260ace19f
Reviewed-on: https://chromium-review.googlesource.com/1017123
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52693}
2018-04-19 15:09:32 +00:00
Stephan Herhut
f1d9f4b0f7 Fix setting breakpoints in wasm
The handling of wasm breakpoints was prone to forget previously set
breakpoints when inserting new ones. In particular, adding breakpoints
in reverse order or adding more than 4 breakpoints would fail.

Change-Id: I94f314e86bdf9b53a4170ce1b6b47339b7cb7848
Reviewed-on: https://chromium-review.googlesource.com/1019302
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52691}
2018-04-19 14:44:00 +00:00
Dan Elphick
9ab6621ac7 Reland "Reland "[heap] Move initial objects into RO_SPACE""
This is a reland of 6c68efac14

Updated Heap::CommittedMemory and related functions to iterate over all
spaces rather than including them manually which can lead to a space
being overlooked. Also adds a test to ensure this the case.

Original change's description:
> Revert "Reland "[heap] Move initial objects into RO_SPACE""
>
> This reverts commit 6c68efac14.
>
> Reason for revert: https://bugs.chromium.org/p/v8/issues/detail?id=7668
>
> Original change's description:
> > Reland "[heap] Move initial objects into RO_SPACE"
> >
> > This is a reland of f8ae62fe14
> >
> > Original change's description:
> > > [heap] Move initial objects into RO_SPACE
> > >
> > > This moves:
> > > * the main oddballs (null, undefined, hole, true, false) as well as
> > > their supporting maps (also adds hole as an internalized string to make
> > > this work).
> > > * most of the internalized strings
> > > * the struct maps
> > > * empty array
> > > * empty enum cache
> > > * the contents of the initial string table
> > > * the weak_cell_cache for any map in RO_SPACE (and eagerly creates the
> > > value avoid writing to it during run-time)
> > >
> > > The StartupSerializer stats change as follows:
> > >
> > >      RO_SPACE  NEW_SPACE  OLD_SPACE  CODE_SPACE  MAP_SPACE  LO_SPACE
> > > old         0          0     270264       32608      12144         0
> > > new     21776          0     253168       32608       8184         0
> > > Overall memory usage has increased by 720 bytes due to the eager
> > > initialization of the Map weak cell caches.
> > >
> > > Also extends --serialization-statistics to print out separate instance
> > > type stats for objects in RO_SPACE as shown here:
> > >
> > >   Read Only Instance types (count and bytes):
> > >        404      16736  ONE_BYTE_INTERNALIZED_STRING_TYPE
> > >          2         32  HEAP_NUMBER_TYPE
> > >          5        240  ODDBALL_TYPE
> > >         45       3960  MAP_TYPE
> > >          1         16  BYTE_ARRAY_TYPE
> > >          1         24  TUPLE2_TYPE
> > >          1         16  FIXED_ARRAY_TYPE
> > >          1         32  DESCRIPTOR_ARRAY_TYPE
> > >         45        720  WEAK_CELL_TYPE
> > >
> > > Bug: v8:7464
> > > Change-Id: I12981c39c82a7057f68bbbe03f89fb57b0b4c6a6
> > > Reviewed-on: https://chromium-review.googlesource.com/973722
> > > Commit-Queue: Dan Elphick <delphick@chromium.org>
> > > Reviewed-by: Hannes Payer <hpayer@chromium.org>
> > > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> > > Reviewed-by: Yang Guo <yangguo@chromium.org>
> > > Cr-Commit-Position: refs/heads/master@{#52435}
> >
> > Bug: v8:7464
> > Change-Id: I50427edfeb53ca80ec4cf46566368fb2213ccf7b
> > Reviewed-on: https://chromium-review.googlesource.com/999654
> > Commit-Queue: Dan Elphick <delphick@chromium.org>
> > Reviewed-by: Yang Guo <yangguo@chromium.org>
> > Reviewed-by: Hannes Payer <hpayer@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#52638}
>
> TBR=rmcilroy@chromium.org,yangguo@chromium.org,hpayer@chromium.org,mlippautz@chromium.org,delphick@chromium.org
>
> # Not skipping CQ checks because original CL landed > 1 day ago.
>
> Bug: v8:7464,v8:7668
> Change-Id: I10aa03623b51e997f95a3715ea9f0bf5d29d2cdb
> Reviewed-on: https://chromium-review.googlesource.com/1016600
> Commit-Queue: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52667}

Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: If4b7490c8c4d31612de8ec132de334955a319b11
Bug: v8:7464, v8:7668
Reviewed-on: https://chromium-review.googlesource.com/1019020
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52689}
2018-04-19 13:54:32 +00:00
Daniel Clifford
b730f5eb76 Visit label blocks in try statements during declaration
This problem was discovered by mvstanton@'s forEach Torque patch. In the absense
of test coverage for Torque, his patch will serve as the regression test case
for this bug when it lands.

Change-Id: Ic77446a8e46168928da221e6eb18753dd6478c87
Reviewed-on: https://chromium-review.googlesource.com/1018763
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52688}
2018-04-19 13:29:30 +00:00
jing.bao
87d8895494 [ia32][wasm] Add AnyTrue and AllTrue.
Complete ptest and add vptest
Add Pcmpeqb, Pcmpeqw, Ptest macro

Change-Id: I060aa5228d50f2dca7ed3e24324a08c04ec1a028
Reviewed-on: https://chromium-review.googlesource.com/1013236
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Jing Bao <jing.bao@intel.com>
Cr-Commit-Position: refs/heads/master@{#52687}
2018-04-19 13:24:01 +00:00
Simon Zünd
a0d4005c99 [torque] Add DashifyString function for module names.
Module names in torque are allowed to have underscores but not dashes.
To stay consistent with C++ file naming conventions, the underscores
in module names are replaced by dashes for file names.

Example:

module typed_array {} would now generate:
builtins-typed-array-from-dsl-gen.(cc|h)

instead of:
builtins-typed_array-from-dsl-gen.(cc|h)

R=danno@chromium.org

Change-Id: Iff42d7b9b5f65c378ee30f9d884ab6a3a3cd42a7
Reviewed-on: https://chromium-review.googlesource.com/1016460
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52686}
2018-04-19 12:42:40 +00:00
Clemens Hammacher
0da7ec58c9 [wasm] Tear apart the WasmCompilationUnit
This refactoring is a big step towards separating Turbofan-related code
from backend independent code. This will allow us to include way less
headers from "src/compiler" at various places.

The {WasmCompilationUnit} contained information for Turbofan
compilation, and for Liftoff compilation. This CL tears this apart, such
that {WasmCompilationUnit} holds backend-independent information, plus
a pointer to either {LiftoffCompilationUnit} or
{TurbofanWasmCompilationUnit}. These pointers are opaque, so that
{function-compiler.h}, defining {WasmCompilationUnit}, does not need to
include any Turbofan specific or Liftoff specific headers.

R=ahaas@chromium.org, titzer@chromium.org, mstarzinger@chromium.org

Bug: v8:7570, v8:6600
Change-Id: I024c9a23508ee1b4b3cbe1d068c8e785d732daca
Reviewed-on: https://chromium-review.googlesource.com/1016640
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52684}
2018-04-19 11:05:25 +00:00
sreten.kovacevic
a0c59cbfd3 [mipsr6] Implement functions for FPU conditional move
Since movf and movt instructions were removed in r6, sel_s and
sel_d instructions need to be used instead with some preparations.

Change-Id: Ia6a2fda7d3d79ada1ae1ec4649793efd2466f79b
Reviewed-on: https://chromium-review.googlesource.com/1016910
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Commit-Queue: Sreten Kovacevic <sreten.kovacevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#52683}
2018-04-19 11:04:20 +00:00
Marja Hölttä
9da5e9ab5b Revert "[heap] Verify FeedbackVector contents during heap verification."
This reverts commit 9d0154d6ed.

Reason for revert: gc stress breakage, prob this commit is broken.

Original change's description:
> [heap] Verify FeedbackVector contents during heap verification.
> 
> Pre-work for in-place weak refs.
> 
> BUG=v8:7308
> 
> Change-Id: I5c7086bded14879f62ab366d0aba59302f0078d3
> Reviewed-on: https://chromium-review.googlesource.com/1010069
> Commit-Queue: Marja Hölttä <marja@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Michael Stanton <mvstanton@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52681}

TBR=marja@chromium.org,yangguo@chromium.org,mvstanton@chromium.org,ishell@chromium.org

Change-Id: I7d95e375e06db186f0e9823cb080ce15d1e1062d
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7308
Reviewed-on: https://chromium-review.googlesource.com/1019180
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52682}
2018-04-19 10:59:02 +00:00
Marja Hölttä
9d0154d6ed [heap] Verify FeedbackVector contents during heap verification.
Pre-work for in-place weak refs.

BUG=v8:7308

Change-Id: I5c7086bded14879f62ab366d0aba59302f0078d3
Reviewed-on: https://chromium-review.googlesource.com/1010069
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52681}
2018-04-19 10:19:57 +00:00
Sigurd Schneider
30599649f5 [turbofan] Move Object.create inlining to JSCallReducer
This also adds a javascript operator JSCreateObject and an
associated TFS stub that handles Object.create in cases
where only a prototype, but no additional properties are
provided.

Bug: v8:7250
Change-Id: Ib1fd529a10a553c3718222356319bd6ccffbdf30
Reviewed-on: https://chromium-review.googlesource.com/1013576
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52680}
2018-04-19 08:48:16 +00:00
Michael Achenbach
0cb1ee7f9f Revert "[compiler] Temporarily turn some DCHECKs into CHECKs."
This reverts commit f52b4b3b81.

Reason for revert: Makes benchmarks time out:
https://crbug.com/834655

Original change's description:
> [compiler] Temporarily turn some DCHECKs into CHECKs.
> 
> This turns most DCHECKs in the register allocator code into CHECKs,
> which hopefully will tell us more about the crashes in crbug 831822.
> 
> This CL will eventually be reverted again.
> 
> Bug: chromium:831822
> Change-Id: I123ed507949ecab50bb0aaaf9e91978c9c2d8d65
> Reviewed-on: https://chromium-review.googlesource.com/1016762
> Commit-Queue: Georg Neis <neis@chromium.org>
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52673}

TBR=neis@chromium.org,sigurds@chromium.org

Change-Id: Ic2b37a3ce04516c5871b801015153ce84e622e90
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:831822
Reviewed-on: https://chromium-review.googlesource.com/1018860
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52679}
2018-04-19 08:00:27 +00:00
Alexei Filippov
e0acb1d855 Reland "[profiler] Ensure there's a single ProfilerListener per isolate."
This is a reland of 9a19ce25dd

Original change's description:
> [profiler] Ensure there's a single ProfilerListener per isolate.
> 
> BUG=v8:7662
> 
> Change-Id: I8128ac96bcd2dc01b318c55843c4416bdd17c7ae
> Reviewed-on: https://chromium-review.googlesource.com/1013318
> Commit-Queue: Alexei Filippov <alph@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52653}

Bug: v8:7662
Change-Id: I28c5e693290057ad2bc90161c82419fb109ef1ae
Reviewed-on: https://chromium-review.googlesource.com/1015747
Reviewed-by: Alexei Filippov <alph@chromium.org>
Commit-Queue: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52678}
2018-04-18 21:37:12 +00:00
Leszek Swirski
0ce539033e [factory] Always tenure external strings
Since external strings are used for things like source strings, we
should tenure them from creation.

Change-Id: I226ab9036836d76d8c17ed168ad97d7f0f824278
Reviewed-on: https://chromium-review.googlesource.com/1006961
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52677}
2018-04-18 19:01:32 +00:00
Clemens Hammacher
2eaee5fd41 [x64] Refactor and fix uint to float conversions
The Cvtqui2ss and Cvtqui2sd methods did overwrite the {src} register and
the given {tmp} register.
This CL fixes this to avoid the overwrite of the {src} register, and to
use the kScratchRegister instead of an explicitly passed tmp register.
It also adds u32 -> f32/f64 conversions.
All these methods can take either a register or an operand as src. This
sometimes saves a mov operation.

R=neis@chromium.org, ahaas@chromium.org

Change-Id: I912a2a3b9d9c356f04ce51869a01c6fd11c76dd3
Reviewed-on: https://chromium-review.googlesource.com/1017121
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52676}
2018-04-18 17:30:50 +00:00
Erik Chen
9a9fdbff04 Fix accounting for reused memory for v8 on macOS.
Calls to madvise(MADV_FREE_REUSABLE) [when discarding/decommitting memory]
should be paired with calls to madvise(MADV_FREE_REUSE) [when reusing/committing
memory]. The latter is purely for accounting purposes.

Bug: chromium:823915
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ib1758fd72c5ad4dfe731f5d9a6dbaf75b1e0e14b
Reviewed-on: https://chromium-review.googlesource.com/988193
Commit-Queue: Erik Chen <erikchen@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52674}
2018-04-18 15:02:47 +00:00
Georg Neis
f52b4b3b81 [compiler] Temporarily turn some DCHECKs into CHECKs.
This turns most DCHECKs in the register allocator code into CHECKs,
which hopefully will tell us more about the crashes in crbug 831822.

This CL will eventually be reverted again.

Bug: chromium:831822
Change-Id: I123ed507949ecab50bb0aaaf9e91978c9c2d8d65
Reviewed-on: https://chromium-review.googlesource.com/1016762
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52673}
2018-04-18 14:28:37 +00:00
Marja Hölttä
7560b33eba [in-place weak refs] Replace WeakCells in TransitionArray.
BUG=v8:7308

Change-Id: I1976cd7e542a0304f6e14744e634c62dd06a83f5
Reviewed-on: https://chromium-review.googlesource.com/1014090
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52672}
2018-04-18 14:08:47 +00:00
Peter Marshall
ddb2856f39 [cpu-profiler] Fix incorrect line number calculation.
Previously when we put offsets into the SourcePositionTable, we added
the header size of the code object as well. When we pull the positions
out of the table (see ProfileGenerator::RecordTickSample) we already
account for the header size. This means the offsets in the table should
just be the offset of the PC within the actual code, not the offset
within the code object, which is what we currently store.

Currently this bug is probably not very noticeable, as it causes the
reported line numbers to be slightly too low, but still within the same
function. For a sampling profiler, we don't have any way to confirm
which lines were actually sampled, so we don't notice that the results
are wrong. The only way to see this bug is that there are some lines
within a function (towards the end of the function) that we will never
see ticks inside of, because the offset in the position table is not
reachable with valid PC offsets.

This CL removes the header size offset from values put into the source
position table stored by the profiler.

Bug: v8:7018
Change-Id: I00b17cec5f9c81d993d4e64c3c021052745a791e
Reviewed-on: https://chromium-review.googlesource.com/1016560
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52671}
2018-04-18 14:06:27 +00:00
Ivica Bogosavljevic
e1bf0d47b1 MIPSR6: Reenable branch delay slot in fp branch instructions
Release 6 FP branch instruction contain branch delay slots
so we can reenable them.

Change-Id: I793b6acbcfd73f92c7e94ba99608616cc8d68199
Reviewed-on: https://chromium-review.googlesource.com/1016282
Reviewed-by: Sreten Kovacevic <sreten.kovacevic@mips.com>
Commit-Queue: Sreten Kovacevic <sreten.kovacevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#52669}
2018-04-18 12:50:25 +00:00
Peter Marshall
c2280f9aa2 Revert "Reland "[heap] Move initial objects into RO_SPACE""
This reverts commit 6c68efac14.

Reason for revert: https://bugs.chromium.org/p/v8/issues/detail?id=7668

Original change's description:
> Reland "[heap] Move initial objects into RO_SPACE"
>
> This is a reland of f8ae62fe14
>
> Original change's description:
> > [heap] Move initial objects into RO_SPACE
> >
> > This moves:
> > * the main oddballs (null, undefined, hole, true, false) as well as
> > their supporting maps (also adds hole as an internalized string to make
> > this work).
> > * most of the internalized strings
> > * the struct maps
> > * empty array
> > * empty enum cache
> > * the contents of the initial string table
> > * the weak_cell_cache for any map in RO_SPACE (and eagerly creates the
> > value avoid writing to it during run-time)
> >
> > The StartupSerializer stats change as follows:
> >
> >      RO_SPACE  NEW_SPACE  OLD_SPACE  CODE_SPACE  MAP_SPACE  LO_SPACE
> > old         0          0     270264       32608      12144         0
> > new     21776          0     253168       32608       8184         0
> > Overall memory usage has increased by 720 bytes due to the eager
> > initialization of the Map weak cell caches.
> >
> > Also extends --serialization-statistics to print out separate instance
> > type stats for objects in RO_SPACE as shown here:
> >
> >   Read Only Instance types (count and bytes):
> >        404      16736  ONE_BYTE_INTERNALIZED_STRING_TYPE
> >          2         32  HEAP_NUMBER_TYPE
> >          5        240  ODDBALL_TYPE
> >         45       3960  MAP_TYPE
> >          1         16  BYTE_ARRAY_TYPE
> >          1         24  TUPLE2_TYPE
> >          1         16  FIXED_ARRAY_TYPE
> >          1         32  DESCRIPTOR_ARRAY_TYPE
> >         45        720  WEAK_CELL_TYPE
> >
> > Bug: v8:7464
> > Change-Id: I12981c39c82a7057f68bbbe03f89fb57b0b4c6a6
> > Reviewed-on: https://chromium-review.googlesource.com/973722
> > Commit-Queue: Dan Elphick <delphick@chromium.org>
> > Reviewed-by: Hannes Payer <hpayer@chromium.org>
> > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> > Reviewed-by: Yang Guo <yangguo@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#52435}
>
> Bug: v8:7464
> Change-Id: I50427edfeb53ca80ec4cf46566368fb2213ccf7b
> Reviewed-on: https://chromium-review.googlesource.com/999654
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52638}

TBR=rmcilroy@chromium.org,yangguo@chromium.org,hpayer@chromium.org,mlippautz@chromium.org,delphick@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:7464,v8:7668
Change-Id: I10aa03623b51e997f95a3715ea9f0bf5d29d2cdb
Reviewed-on: https://chromium-review.googlesource.com/1016600
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52667}
2018-04-18 11:48:55 +00:00
Simon Zünd
f1a356c089 [torque] Fix typo in Torque grammar. Add escaped double quote to string literals.
The escaped double quote is needed for calling CSA macros that expect
const char* (so the double quotes are preserved).

Example:

type MethodName;
const kProtoSort: MethodName = '\"%TypedArray%.prototype.sort\"';
extern macro ValidateTypedArray(Context, Object, MethodName): JSTypedArray;

R=danno@chromium.org

Bug: v8:7382
Change-Id: Ida554f7d2638fda2c9e1ace9975c3744b5d84050
Reviewed-on: https://chromium-review.googlesource.com/1016400
Reviewed-by: Daniel Clifford <danno@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#52666}
2018-04-18 11:09:05 +00:00
Stephan Herhut
9a200cd2b4 Reland "Introduce CodeReference"
This is a reland of 4d7ad46db4

Original change's description:
> Introduce CodeReference
>
> Add a struct CodeReference that can be stack allocated to pass a
> reference to either an on-heap code object or off-heap WasmCode object
> in a gc safe manner. The struct also provides a common interface such
> that code can be written independently of the kind of code object it
> references.
>
> Change-Id: I5a6f74462e6e141d167c7fd9bac8c21941fd83b1
> Reviewed-on: https://chromium-review.googlesource.com/977905
> Commit-Queue: Stephan Herhut <herhut@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52580}

Change-Id: I40861474fe4a3efd72e6c59e2e7b847ab6772735
Reviewed-on: https://chromium-review.googlesource.com/1013939
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52665}
2018-04-18 10:20:25 +00:00
Sigurd Schneider
50212e4d87 [turbofan] Add framestate to JSPerformPromiseThen operator
The framestate is necessary, because the PerformPromiseThen builtin
calls into the runtime function PromiseRevokeReject, which ultimately
calls back into the embedder. Node may execute JavaScript in the callback,
and the missing framestate can then make our stack frame walker unhappy.

Bug: v8:7659
Change-Id: I47391fd2b9b3c10ef26204a41e58f8082243c702
Reviewed-on: https://chromium-review.googlesource.com/1015361
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52663}
2018-04-18 09:00:35 +00:00
Clemens Hammacher
b4a43097cd [Liftoff] Implement f32/f64 to i32/u32 conversions
This implement float to i32/u32 conversions on ia32 and x64.

R=ahaas@chromium.org

Bug: v8:6600
Change-Id: I4eb6a74d86fafce3245bf3f37d32ac6ca156550a
Reviewed-on: https://chromium-review.googlesource.com/1014123
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52662}
2018-04-18 08:27:15 +00:00
Simon Zünd
0ec7e5059d Renamed builtins-typedarray* files.
This change is in preparation for implementing TypedArray builtins
in torque. Torque makes assumptions about naming conventions regarding
file and class names, which are currently inconsistent for TypedArrays.
The class is called TypedArrayBuiltinsAssembler while the current file
name suggests Typedarray... .

R=jgruber@chromium.org

Bug: v8:7382
Change-Id: I3051dacb2bfbb7041482c8aa0a1104776ab4972c
Reviewed-on: https://chromium-review.googlesource.com/1016300
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#52661}
2018-04-18 07:51:05 +00:00
Mike Stanton
61bb129f37 [CSA builtins] Fast case array iteration does unnecessary prototype walks
In ArrayBuiltinsAssembler::VisitAllFastElementsOneKind(), we enumerate
an arrays elements, carefully checking for the "hole" when required.
This code is only called for arrays whose prototype is the initial array
prototype. And the path is only available when the initial array
prototype is free of elements. Since that's the case, we only need to
verify that the initial array prototype remains free of elements during
an iteration with javascript callbacks. We don't need a body of code
that can walk the prototype chain looking for elements visible through
the "hole" value. In practice, this code was never run.

Change-Id: Iba5e275c559d495aa1cf6a4f29d66e2ce475c981
Reviewed-on: https://chromium-review.googlesource.com/1015023
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52660}
2018-04-18 07:49:25 +00:00
Marja Hölttä
e784719b4f [cleanup] Remove dead TransitionAccessor::Encoding::kHandler + related code.
This is also pre-work for in-place weak refs.

BUG=v8:7308, v8:5988

Change-Id: Ie78b0c59695c1e6af9780fffb363c931e2ee34e2
Reviewed-on: https://chromium-review.googlesource.com/1013583
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52658}
2018-04-18 07:21:25 +00:00
Christian O. Andersson
894b95fe38 [ignition] Optimizing Smi only comparisons
There are various situations where we explicitly compare a SMI against
another SMI (e.g., BuildIndexedJump). This is also a common pattern for
generated code (e.g., comparing a loop variable with an integer). Instead
of using the generic equality/strict-equality stub for this, which is
expensive, this CL offers a simple comparison stub, repurposing the
TestEqualStrictNoFeedback bytecode to TestReferenceEqual

Bug: v8:5310
Change-Id: Ib2b47cd24d5386cf0d20d3bd794776dc6e3a02a5
Reviewed-on: https://chromium-review.googlesource.com/1007542
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Christian O. Andersson <cricke@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52655}
2018-04-18 04:54:54 +00:00
Michael Achenbach
f459a424df Revert "[profiler] Ensure there's a single ProfilerListener per isolate."
This reverts commit 9a19ce25dd.

Reason for revert:
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20TSAN/builds/20359

Original change's description:
> [profiler] Ensure there's a single ProfilerListener per isolate.
> 
> BUG=v8:7662
> 
> Change-Id: I8128ac96bcd2dc01b318c55843c4416bdd17c7ae
> Reviewed-on: https://chromium-review.googlesource.com/1013318
> Commit-Queue: Alexei Filippov <alph@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52653}

TBR=alph@chromium.org,yangguo@chromium.org

Change-Id: I3c3b6eb8d6f9911fa318f24a2e6e74180b83398e
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7662
Reviewed-on: https://chromium-review.googlesource.com/1015561
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52654}
2018-04-17 20:13:41 +00:00
Alexei Filippov
9a19ce25dd [profiler] Ensure there's a single ProfilerListener per isolate.
BUG=v8:7662

Change-Id: I8128ac96bcd2dc01b318c55843c4416bdd17c7ae
Reviewed-on: https://chromium-review.googlesource.com/1013318
Commit-Queue: Alexei Filippov <alph@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52653}
2018-04-17 18:44:07 +00:00
Ingvar Stepanyan
1dcd1c9f35 Report late-bound scripts to the debugger
Previously, if an unbound script was created in a non-inspected context,
but later bound to an inspected one, it never appeared in the
debugger sources.

After this change `OnAfterCompile` will be invoked not on the original
script compilation, but when it's actually bound to a context for
execution, which means `Debugger.scriptParsed` will be now sent to the
inspector even for such precompiled scripts.

R=jgruber@chromium.org, kozyatinskiy@chromium.org, yangguo@chromium.org

Bug: v8:7654
Change-Id: Ice13312e425903fb2baf14edab5c566d649a6438
Reviewed-on: https://chromium-review.googlesource.com/1013581
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52652}
2018-04-17 18:27:36 +00:00
Junliang Yan
3539c22d63 [turbofan] fix LowerStringFromSingleCodePoint on big-endian
R=jarin@chromium.org, mstarzinger@chromium.org
Bug=v8:7651

Change-Id: I4007c6de83806c2aad8fc105331986bfcf709033
Reviewed-on: https://chromium-review.googlesource.com/1012460
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52651}
2018-04-17 17:24:54 +00:00
Jakob Kummerow
622f9fe202 Fix interpreted regexp build after r52601
One more place behind a non-default build flag that needs updating
after the recent Address typedef change.

Change-Id: Ica5022966e7773c621624d1cd5c20296c52c0b39
Reviewed-on: https://chromium-review.googlesource.com/1014320
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52650}
2018-04-17 17:20:34 +00:00
Andreas Haas
a0d944ae66 [Refactoring] Remove {external_reference_redirector} from the isolate
In a recent CL (https://crrev.com/c/1012039) I removed the only valid
use case of {external_reference_redirector}. In this CL I remove the
remaining uses, which are more or less checks if there is a simulator
or not.


R=​mstarzinger@chromium.org

Change-Id: I96203b7b112d57bb3feb9d6863b036747b1963f0
Reviewed-on: https://chromium-review.googlesource.com/1014126
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52649}
2018-04-17 16:28:54 +00:00
Andreas Haas
013cf15dbf [Refactoring] Make external references more independent of the isolate
With this CL we do the redirection of ExternalReferences for simulators
independent of the isolate but instead use the redirector provided by
the simulator directly. Thereby we make the code independent of the
isolate.

I plan to remove the redirector from the isolate in a separate CL.

R=mstarzinger@chromium.org

Change-Id: I2ae0b2184da214cf7606fabeabc9bec35bf0616e
Reviewed-on: https://chromium-review.googlesource.com/1012039
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52648}
2018-04-17 16:16:52 +00:00
sreten.kovacevic
0cd4b3d69d [mips] Fix Float32Neg and Float64Neg tests on target
These tests fail since instructions were implemented in Liftoff.
Problem was with NaN cases, where additional job has to be done on
MIPS r2, r1 and Longsoon.

Change-Id: Id02462aa08e79b03d66b5083b81f19dc1c88cc3e
Reviewed-on: https://chromium-review.googlesource.com/1015001
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#52647}
2018-04-17 14:35:49 +00:00
Sathya Gunasekaran
eb4ebf98c9 [class] Initialize class fields after binding this
Class fields needs to be initialized after `this` is bound, as per the
new spec change:
https://github.com/tc39/proposal-class-fields/pull/92

This CL moves the initialization of `this` from parser desugaring to
the bytecode generator.

Bug: v8:7647
Change-Id: I20f749403e5a4d2f06a39726cf39012ceb541987
Reviewed-on: https://chromium-review.googlesource.com/1014383
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52646}
2018-04-17 13:40:39 +00:00
Georg Neis
a0a4c71e3f Remove bootstrapper's kMaxSafeInt in favour of global's kMaxSafeInteger.
R=bmeurer@chromium.org

Change-Id: I06b889333fe6481d4704138031ce6de0fcf70a4c
Reviewed-on: https://chromium-review.googlesource.com/1013715
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52645}
2018-04-17 13:35:48 +00:00
Georg Neis
92cde630df Check length in Array.prototype.concat.
Throw a TypeError if the length of a concat-spreadable object makes the
total length too large, as specified.

Bug: v8:7652
Change-Id: Ie3f694d64c949703edd733c0310cfb3f64b78a15
Reviewed-on: https://chromium-review.googlesource.com/1013714
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52644}
2018-04-17 13:04:18 +00:00
Yang Guo
c3da929020 Simplify Utf8Length calculation.
Flattening the string upfront has performance benefits and we can
also simplify the implementation quite a bit.

Bug: v8:6780
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ic75bdfdf900d30e51e95cdf1cb8d09aab06332c6
Reviewed-on: https://chromium-review.googlesource.com/1014102
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52643}
2018-04-17 11:41:25 +00:00
sreten.kovacevic
fbf9b5e4ff [mips] Cleanup: Refactor AddPair and SubPair, implement MulPair
Refactor AddPair and SubPair Macro-assembler instructions to
prevent register overwriting, refactor all the places where
these instructions are used. Also, implement MulPair instruction.

Change-Id: I3f8f9d5fe6fa5bf25df3446614ac311cf886b6ac
Reviewed-on: https://chromium-review.googlesource.com/1013571
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Commit-Queue: Sreten Kovacevic <sreten.kovacevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#52642}
2018-04-17 10:07:15 +00:00
Sigurd Schneider
b70dd880f2 Reland "[turbofan] Enable Promise constructor inlining by default"
This is a reland of 370d95dc36

Original change's description:
> [turbofan] Enable Promise constructor inlining by default
> 
> Bug: v8:7584
> Change-Id: I7443c28c74676ee1f27550674c8f712594e21cc7
> Reviewed-on: https://chromium-review.googlesource.com/992314
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52341}

Bug: v8:7584
Change-Id: Ie33b89bf8bb7abde426d477a8b39914e6d90e5b6
Reviewed-on: https://chromium-review.googlesource.com/1009862
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52641}
2018-04-17 09:35:44 +00:00
Dan Elphick
6c68efac14 Reland "[heap] Move initial objects into RO_SPACE"
This is a reland of f8ae62fe14

Original change's description:
> [heap] Move initial objects into RO_SPACE
> 
> This moves:
> * the main oddballs (null, undefined, hole, true, false) as well as
> their supporting maps (also adds hole as an internalized string to make
> this work).
> * most of the internalized strings
> * the struct maps
> * empty array
> * empty enum cache
> * the contents of the initial string table
> * the weak_cell_cache for any map in RO_SPACE (and eagerly creates the
> value avoid writing to it during run-time)
> 
> The StartupSerializer stats change as follows:
> 
>      RO_SPACE  NEW_SPACE  OLD_SPACE  CODE_SPACE  MAP_SPACE  LO_SPACE
> old         0          0     270264       32608      12144         0
> new     21776          0     253168       32608       8184         0
> Overall memory usage has increased by 720 bytes due to the eager
> initialization of the Map weak cell caches.
> 
> Also extends --serialization-statistics to print out separate instance
> type stats for objects in RO_SPACE as shown here:
> 
>   Read Only Instance types (count and bytes):
>        404      16736  ONE_BYTE_INTERNALIZED_STRING_TYPE
>          2         32  HEAP_NUMBER_TYPE
>          5        240  ODDBALL_TYPE
>         45       3960  MAP_TYPE
>          1         16  BYTE_ARRAY_TYPE
>          1         24  TUPLE2_TYPE
>          1         16  FIXED_ARRAY_TYPE
>          1         32  DESCRIPTOR_ARRAY_TYPE
>         45        720  WEAK_CELL_TYPE
> 
> Bug: v8:7464
> Change-Id: I12981c39c82a7057f68bbbe03f89fb57b0b4c6a6
> Reviewed-on: https://chromium-review.googlesource.com/973722
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52435}

Bug: v8:7464
Change-Id: I50427edfeb53ca80ec4cf46566368fb2213ccf7b
Reviewed-on: https://chromium-review.googlesource.com/999654
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52638}
2018-04-17 08:28:53 +00:00
Dan Elphick
7d291c7286 [heap] Add a read-only permission
Add a new permission kRead to PageAllocator::Permission and
OS::MemoryPermission and implement it in platform-*.

Not used yet, because it needs corresponding changes in chromium.

Bug: v8:7464
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I9f84251eff593536cbcc1cde04641d696c79d65c
Reviewed-on: https://chromium-review.googlesource.com/1006756
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52636}
2018-04-17 08:26:43 +00:00
Clemens Hammacher
2baad44f01 [x64] Move float-to-uint64 conversions to TurboAssembler
Consolidate nearly identical implementations and move them to
TurboAssembler, such that they can be reused for Liftoff.

R=neis@chromium.org

Bug: v8:6600
Change-Id: I197445404df033ac1a05f4aa88501263ae4b75f3
Reviewed-on: https://chromium-review.googlesource.com/1013561
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52634}
2018-04-17 07:36:22 +00:00
Clemens Hammacher
e3e0f1173f Statically initialize ExternalReference constants
Make values which are referenced via ExternalReference constexpr, and
initialize them statically. This avoids dynamic initialization and
protects them against being overwritten from generated code.

R=neis@chromium.org

Bug: v8:7570
Change-Id: I1c6c10fbffea12dc1f5bf726313bf8388e6530a1
Reviewed-on: https://chromium-review.googlesource.com/1013518
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52633}
2018-04-17 06:56:42 +00:00
Jakob Kummerow
f7d6b19f6c [ubsan] Fix many static_cast<int32_t> with undefined behavior
Casting from a floating-point type to an integer type is undefined behavior
if the integral part of the float cannot be represented in the range of the
int.

Bug: v8:3770, chromium:831145
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I2e85ea8b0f09bbeeb3e0dcc1135fc747fa312f6d
Reviewed-on: https://chromium-review.googlesource.com/1011651
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52631}
2018-04-17 02:02:18 +00:00
Camillo Bruni
7bb79b96bd [keys] Don't keep chain of OrderedHashSets in KeyAccumulator
Bug: chromium:831984
Change-Id: Ie13b22bc2491acc255557ba0325d8d53c22d6acb
Reviewed-on: https://chromium-review.googlesource.com/1012874
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52630}
2018-04-16 21:07:06 +00:00
Ben L. Titzer
c536ea2dba [wasm] Remove temporary table immutability workaround
Now that tables and stack frames properly root instances, there is no
longer any need to disallow mutations that could unroot instances
while their code is on the stack.

Bug: v8:7232
Change-Id: I907b9522ac12ad7a67fb4124774713b6b3b40bb7
Reviewed-on: https://chromium-review.googlesource.com/1007004
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52629}
2018-04-16 18:39:33 +00:00
Michael Starzinger
73aa563316 [wasm] Remove support to serialize code stubs.
This removes the support to serialize copies of {CodeStub} codes during
native module serialization. It is still possible to serialize builtins
and all code objects copied from the GC heap are builtins by now.

R=ahaas@chromium.org

Change-Id: If009a82a9d7c7080f70f344040ebb91f20b8cc1a
Reviewed-on: https://chromium-review.googlesource.com/1012081
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52628}
2018-04-16 17:23:23 +00:00
Eric Holk
581fd6679b [wasm] enable --wasm-trap-handler by default
This will give us much better testing coverage for trap-based bounds
checks.

Note that this will not enable the trap handler by default in Chrome.
Instead, Chrome will need to explicitly enable the feature using
V8::EnableWebAssemblyTrapHandler.

Bug: v8:5277
Change-Id: I7d81f40c6f831c6fe7926375c677908952b78fa2
Reviewed-on: https://chromium-review.googlesource.com/964711
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52627}
2018-04-16 16:51:53 +00:00
Michael Starzinger
120dfa48cf [wasm] Explicitly spill WasmInstanceObject in prologue.
This adds another fixed spill slot to the {WasmCompiledFrame} layout,
holding a reference to the current {WasmInstanceObject}. This slot
allows the stack walker to retrieve instances for WebAssembly frames
without having each code object be coupled to an instance. Hence it
enables sharing code across instances in the future.

R=titzer@chromium.org
BUG=v8:7424

Change-Id: I7fa095c6255754caf564edce4ee7e84dea666783
Reviewed-on: https://chromium-review.googlesource.com/1005516
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52626}
2018-04-16 16:38:03 +00:00
Clemens Hammacher
3baf75f734 [ia32] Avoid overwrite of src register
The Cvtui2ss method did overwrite the {src} register, and the given
{tmp} register. Because of this, the Turbofan code generator passed two
temporary registers.
This CL fixes this to avoid the overwrite of the {src} register (which
is now an Operand).

R=neis@chromium.org

Change-Id: I33e523ac3d7bb377899739e95058b87adefa6b65
Reviewed-on: https://chromium-review.googlesource.com/1014082
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52625}
2018-04-16 16:31:38 +00:00
Georg Neis
00a3bfacb9 Check new length in array splice and unshift.
If the new length is too large, we must throw a TypeError.

Bug: v8:7652
Change-Id: I47268c04405f7a5f5bbc971cd434f2d786af9ca1
Reviewed-on: https://chromium-review.googlesource.com/1013563
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52624}
2018-04-16 16:26:33 +00:00
Ivo Markovic
2279dda63c Mips[64] Use kScratchReg instead of at register
At is used in Macro Assembler, so we need other registers to hold temporary values.

Change-Id: Iffeddba7b3319666a605eea62ecc3cd01b065ad7
Reviewed-on: https://chromium-review.googlesource.com/1013978
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Commit-Queue: Sreten Kovacevic <sreten.kovacevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#52623}
2018-04-16 16:19:06 +00:00
Vincent Belliard
abfcc1124c [arm64][Liftoff] Start Liftoff implementation.
First version which can compile a very basic code.

Change-Id: I3b98412a5ca39a28f8fe5b60516b82c6981dd187
Reviewed-on: https://chromium-review.googlesource.com/993232
Commit-Queue: Vincent Belliard <vincent.belliard@arm.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52622}
2018-04-16 16:16:47 +00:00
Clemens Hammacher
386344e039 [ia32] Rename and move type conversions
Name type conversions from int to float and vice versa consistently,
and move them to the TurboAssembler, such that we can reuse them for
Liftoff.

R=jarin@chromium.org

Bug: v8:6600
Change-Id: Idced658a228eeb611dd4785aa277bd758c201eea
Reviewed-on: https://chromium-review.googlesource.com/1014037
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52620}
2018-04-16 13:32:23 +00:00
Daniel Clifford
a3353da846 Torque: Implement a DSL for CSA
An overview of motivation behind Torque and some of its principles
can be found here: https://bit.ly/2qAI5Ep

Note that there is quite a bit of work left to do in order to get
Torque production-ready for any non-trivial amount of code, but
landing the prototype as-is will allow for much faster iteration.

Bugs will be filed for all of the big-ticket items that are not
landing blockers but called out in this patch as important to fix.

Cq-Include-Trybots: luci.v8.try:v8_linux_nosnap_rel;luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Ib07af70966d5133dc57344928885478b9c6b8b73
Reviewed-on: https://chromium-review.googlesource.com/845682
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52618}
2018-04-16 12:23:55 +00:00
sreten.kovacevic
c1401045e3 [Liftoff][mips] Implement i64 binops
Implement i64 binops (`add`, `sub`, `mul`, `and`, `or` and `xor` on MIPS64
and `add`, `mul` and `sub` on MIPS).

Bug: v8:6600
Change-Id: I96640a6b4420789f075b1d919789a72163c954d2
Reviewed-on: https://chromium-review.googlesource.com/1010203
Commit-Queue: Sreten Kovacevic <sreten.kovacevic@mips.com>
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#52617}
2018-04-16 12:19:24 +00:00
Georg Neis
a5f782745e Fix compilation with V8_TRACE_IGNITION enabled.
The recent changes related to the Address type broke this.

R=bmeurer@chromium.org

Change-Id: I404930435e9f48750a735beed7d79108b9cc96ee
Reviewed-on: https://chromium-review.googlesource.com/1014081
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52616}
2018-04-16 11:57:09 +00:00
Dan Elphick
5ed349d66d [ubsan] Make Isolate inherit from Factory
Previously Isolate and Factory relied on the undefined behavior of
reinterpret_cast to switch between the two unrelated classes (which worked
because Factory had no data members).

With Isolate inheriting from Factory, it's now possible to switch between the
two classes using c-style casts. These are allowed under the C++ standard.

The inheritance is private which allows the continuing separation of the
Factory and Isolate namespaces.

This is a defensive clean-up, since ubsan does not yet detect the previous
undefined behavior.

Bug: v8:3770
Change-Id: I0ccf09f1d34f747550812ce698ab7e182812409e
Reviewed-on: https://chromium-review.googlesource.com/1010122
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52615}
2018-04-16 10:37:15 +00:00
Yang Guo
a440efb27f [api] do not require source string for producing code cache.
The embedder should not need to keep track of the source string.

R=jgruber@chromium.org

Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ie27df755a22fbcae7b6e87a435419d2d8f545558
Reviewed-on: https://chromium-review.googlesource.com/1013482
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52614}
2018-04-16 09:10:44 +00:00
Marja Hölttä
d3a2819ee9 [in-place weak refs] Add WeakArrayList & replace Heap::retained_maps with it.
BUG=v8:7308

Change-Id: I5e9f371b1db5515b723d9a2864bf2038706e2015
Reviewed-on: https://chromium-review.googlesource.com/960032
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52613}
2018-04-16 08:36:34 +00:00
Jakob Kummerow
207bb03714 [bigint] Allow BigInt(n) for n > MAX_SAFE_INTEGER
Spec change: https://github.com/tc39/proposal-bigint/pull/138

Bug: v8:6791
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I7367273ed1e98971be3b277f6486333a96412185
Reviewed-on: https://chromium-review.googlesource.com/1004120
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52611}
2018-04-16 05:37:04 +00:00
Igor Sheludko
9367f80f17 [builtins] Implement fast path of Object.assign using CSA.
Bug: v8:5988
Change-Id: I2e90ed8df6b966e04299774e50aeb2913a8c1922
Reviewed-on: https://chromium-review.googlesource.com/999603
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52610}
2018-04-16 02:06:46 +00:00
Jakob Kummerow
8cc5a7239a [bigint] Update "bigint < string" semantics
Per the spec change at [1], Abstract Relational Comparison between a
BigInt and a String converts the String to BigInt via StringToBigInt
before performing the comparison. Before this change, the String was
converted to a Number, and a BigInt/Number comparison was performed.

[1] https://github.com/tc39/proposal-bigint/pull/139

Bug: v8:6791
Change-Id: I40b4f4ddc78977adb0d44180eb58e0f9a8a70cb6
Reviewed-on: https://chromium-review.googlesource.com/1004117
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52609}
2018-04-15 00:53:36 +00:00
Ben L. Titzer
88b08f12f5 [wasm] Use the proper constant for exports limit
R=gdeepti@chromium.org

Change-Id: I3d0a21c6db671718b9f41fb8392f6900b2fecf27
Reviewed-on: https://chromium-review.googlesource.com/1013197
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52608}
2018-04-14 22:13:45 +00:00
Junliang Yan
9adf8fa8d6 PPC/s390: [ubsan] Change Address typedef to uintptr_t
Port 2459046c1d

Original Commit Message:

    The "Address" type is V8's general-purpose type for manipulating memory
    addresses. Per the C++ spec, pointer arithmetic and pointer comparisons
    are undefined behavior except within the same array; since we generally
    don't operate within a C++ array, our general-purpose type shouldn't be
    a pointer type.

R=jkummerow@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: Ic30ef19019e5b39b01f90587011c6a1b06c4b7a1
Reviewed-on: https://chromium-review.googlesource.com/1012461
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#52607}
2018-04-14 20:39:55 +00:00
Junliang Yan
5e8bc1c316 PPC/s390: [stubs] Convert DoubleToIStub and MathPowStub to builtins
Port a3b6067525

Original Commit Message:

    This is mostly a simple copy & paste of the stub implementation from
    code-stubs-arch.cc to builtins-arch.cc.

    The conversion allows removal of a special case for the DoubleToIStub
    within the compiler & wasm pipelines, and also makes the following
    builtins isolate-independent (in conjunction with
    https://crrev.com/c/1006581):

    TFC BitwiseAnd
    TFC BitwiseOr
    TFC BitwiseXor
    TFC Exponentiate
    TFC ShiftLeft
    TFC ShiftRight
    TFC ShiftRightLogical
    TFJ AtomicsAdd
    TFJ AtomicsAnd
    TFJ AtomicsCompareExchange
    TFJ AtomicsExchange
    TFJ AtomicsLoad
    TFJ AtomicsOr
    TFJ AtomicsStore
    TFJ AtomicsSub
    TFJ AtomicsXor
    TFJ MathClz32
    TFJ MathImul
    TFJ MathPow
    TFJ NumberParseInt
    TFJ StringFromCharCode
    TFJ TypedArrayFrom
    TFJ TypedArrayOf
    TFJ TypedArrayPrototypeMap

R=jgruber@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: Iee9fc5671646772625556717db052b78089c5c66
Reviewed-on: https://chromium-review.googlesource.com/1013247
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#52606}
2018-04-14 19:39:45 +00:00
Junliang Yan
3110259efb PPC/s390: [stubs] Remove return register argument from DoubleToIStub
Port 87557649e4

Original Commit Message:

    This changes DoubleToIStub to return its result on the stack instead
    of a specific return register.

    In a follow-up, the DoubleToIStub could be converted into a builtin.

R=jgruber@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: I952fec4fbe004e2734a84ba853f4f5a33c8dd8ce
Reviewed-on: https://chromium-review.googlesource.com/1013418
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#52605}
2018-04-14 16:40:15 +00:00
Alexey Kozyatinskiy
edf15167b9 Reland "[inspector] added timeout argument for Runtime.evaluate"
This is a reland of deb875f7ea

Original change's description:
> [inspector] added timeout argument for Runtime.evaluate
> 
> R=yangguo@chromium.org,dgozman@chromium.org
> 
> Bug: none
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
> Change-Id: I31667b3d5f39db9d899d58acd5205a9c34e570db
> Reviewed-on: https://chromium-review.googlesource.com/1005985
> Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52594}

Bug: none
Change-Id: Ib8aff5d9f83e41fc6c2019712708fda074bd1ad9
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Reviewed-on: https://chromium-review.googlesource.com/1012724
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52603}
2018-04-14 07:27:32 +00:00
Alexey Kozyatinskiy
bbf28ecb18 fixed build after intptr_t -> uintptr_t migration
Bug: none
Change-Id: I156bfe9846d0890ffdf482bcc8c84da53fe1af61
TBR: jkummerow@chromium.org
NOTREECHECKS: true
NOTRY: true
Reviewed-on: https://chromium-review.googlesource.com/1013392
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52602}
2018-04-14 07:12:22 +00:00
Jakob Kummerow
2459046c1d [ubsan] Change Address typedef to uintptr_t
The "Address" type is V8's general-purpose type for manipulating memory
addresses. Per the C++ spec, pointer arithmetic and pointer comparisons
are undefined behavior except within the same array; since we generally
don't operate within a C++ array, our general-purpose type shouldn't be
a pointer type.

Bug: v8:3770
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ib96016c24a0f18bcdba916dabd83e3f24a1b5779
Reviewed-on: https://chromium-review.googlesource.com/988657
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52601}
2018-04-14 01:25:28 +00:00
Deepti Gandluri
1bb5d012bb [arm64] Cleanup visitors for Atomic operations
Change-Id: I4e32786d7c100161daf3d245d887dfe19b164394
Reviewed-on: https://chromium-review.googlesource.com/1013046
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52600}
2018-04-13 21:54:38 +00:00
Deepti Gandluri
10233179d8 [wasm] Add Remaining I64Atomic operations for ARM64
- Add Implementation for I64Atomic{Load, Store, Exchange,
CompareExchange} for supported MemTypes/Representations
 - Refactoring to simplify instruction selection
 - Enable tests for ARM64

Bug: v8:6532
Change-Id: I4c4a65fd3bbdc6955eda29d7e08d6eef29c55628
Reviewed-on: https://chromium-review.googlesource.com/1003225
Reviewed-by: Martyn Capewell <martyn.capewell@arm.com>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52598}
2018-04-13 18:27:41 +00:00
Gus Caplan
39d546a240 [api] introduce v8::Value::IsModuleNamespaceObject
This allows an embedder to check if a Value is a module namespace object.

Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Idffceff451dd5f5c6a53d4cb3ce02c1c2c5b653c
Reviewed-on: https://chromium-review.googlesource.com/1011762
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52597}
2018-04-13 18:26:36 +00:00
Georg Neis
42049b43c9 [interpreter] Move desugaring of spread super call to bytecode generator
This patch moves the desugaring from the parser to the bytecode
generator for super calls that have a spread at a non last position.

This allows us to have the post super() call behavior, such as
initializing instance fields in one place in VisitCallSuper.

Bug: v8:7642
Change-Id: I00a693beb7078a63282359c1121b66bb62c157c8
Reviewed-on: https://chromium-review.googlesource.com/1009907
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52596}
2018-04-13 18:25:31 +00:00
Deepti Gandluri
2af0c316c2 Revert "[inspector] added timeout argument for Runtime.evaluate"
This reverts commit deb875f7ea.

Reason for revert: ASAN failure closes tree. 
https://ci.chromium.org/buildbot/client.v8/V8%20Mac64%20ASAN/17377 


Original change's description:
> [inspector] added timeout argument for Runtime.evaluate
> 
> R=​yangguo@chromium.org,dgozman@chromium.org
> 
> Bug: none
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
> Change-Id: I31667b3d5f39db9d899d58acd5205a9c34e570db
> Reviewed-on: https://chromium-review.googlesource.com/1005985
> Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52594}

TBR=dgozman@chromium.org,yangguo@chromium.org,kozyatinskiy@chromium.org

Change-Id: I61f996143d8c6436cbf9d3905d103047578aff0c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: none
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Reviewed-on: https://chromium-review.googlesource.com/1012562
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52595}
2018-04-13 17:54:31 +00:00
Alexey Kozyatinskiy
deb875f7ea [inspector] added timeout argument for Runtime.evaluate
R=yangguo@chromium.org,dgozman@chromium.org

Bug: none
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I31667b3d5f39db9d899d58acd5205a9c34e570db
Reviewed-on: https://chromium-review.googlesource.com/1005985
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52594}
2018-04-13 16:19:40 +00:00
Ivica Bogosavljevic
fcb8061e98 MIPS[64]: Fix register overwrite in ShiftPair instructions
This patch fixes register overwrite in ShrPair, ShlPair and SarPair
instructions. Additionally, we rename kLithiumScratch register
register since lithium is not present anymore.

Change-Id: I65861c4f27d2161bcf49cf02ca8987eb82c997ea
Reviewed-on: https://chromium-review.googlesource.com/1012110
Reviewed-by: Sreten Kovacevic <sreten.kovacevic@mips.com>
Commit-Queue: Sreten Kovacevic <sreten.kovacevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#52593}
2018-04-13 15:32:51 +00:00
Georg Neis
a86fa96813 [interpreter] Refactor VisitArrayLiteral.
This factors out the element insertion code, so that it can be reused
elsewhere in a follow-up CL.

Change-Id: Ic085c8359b3024f381803ce64b49e976018277f9
Reviewed-on: https://chromium-review.googlesource.com/1010068
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52592}
2018-04-13 13:50:02 +00:00
jgruber
a3b6067525 [stubs] Convert DoubleToIStub and MathPowStub to builtins
This is mostly a simple copy & paste of the stub implementation from
code-stubs-arch.cc to builtins-arch.cc.

The conversion allows removal of a special case for the DoubleToIStub
within the compiler & wasm pipelines, and also makes the following
builtins isolate-independent (in conjunction with
https://crrev.com/c/1006581):

TFC BitwiseAnd
TFC BitwiseOr
TFC BitwiseXor
TFC Exponentiate
TFC ShiftLeft
TFC ShiftRight
TFC ShiftRightLogical
TFJ AtomicsAdd
TFJ AtomicsAnd
TFJ AtomicsCompareExchange
TFJ AtomicsExchange
TFJ AtomicsLoad
TFJ AtomicsOr
TFJ AtomicsStore
TFJ AtomicsSub
TFJ AtomicsXor
TFJ MathClz32
TFJ MathImul
TFJ MathPow
TFJ NumberParseInt
TFJ StringFromCharCode
TFJ TypedArrayFrom
TFJ TypedArrayOf
TFJ TypedArrayPrototypeMap

Drive-by: dead code removal & TODOs in code-stubs.h.

Bug: v8:6666
Change-Id: I763cba2242bcadc2d130b0aaa16a9787212b466a
Reviewed-on: https://chromium-review.googlesource.com/1012024
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52591}
2018-04-13 12:12:09 +00:00
jgruber
7c36eff8d5 Add Int32 matching to CodeAssembler::ToInt32Constant
Prior to this, ToInt32Constant only matched Int64Constant nodes within
the int32_t range, but did not match actual Int32Constant nodes.

Change-Id: I4e67ea57f53f3b1d4b1f2b27f11ebdeffb2bf357
Reviewed-on: https://chromium-review.googlesource.com/1012022
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52590}
2018-04-13 11:21:44 +00:00
jgruber
87557649e4 [stubs] Remove return register argument from DoubleToIStub
This changes DoubleToIStub to return its result on the stack instead
of a specific return register.

In a follow-up, the DoubleToIStub could be converted into a builtin.

Bug: v8:6666
Change-Id: I7852e1586c8f7b56bc5d2545a7bf6238dd2ad650
Reviewed-on: https://chromium-review.googlesource.com/1009702
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52587}
2018-04-13 07:09:59 +00:00
jing.bao
820755e804 [wasm] implement simd lowering for AllTrue/AnyTrue
Change-Id: I7749eae88e4a23d8fe2422e28b8dbcbbfb11f758
Reviewed-on: https://chromium-review.googlesource.com/991733
Reviewed-by: Aseem Garg <aseemgarg@chromium.org>
Commit-Queue: Jing Bao <jing.bao@intel.com>
Cr-Commit-Position: refs/heads/master@{#52585}
2018-04-13 02:11:38 +00:00
Junliang Yan
ebe3e445cf PPC/s390: fix endianess issue in Generate_InterpreterEntryTrampoline
R=joransiu@ca.ibm.com

Change-Id: I97c8e5034cf3541707bf5f5d22359cdcf66f87e1
Reviewed-on: https://chromium-review.googlesource.com/1011585
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#52584}
2018-04-13 00:37:48 +00:00
Junliang Yan
fa549bc5c1 PPC/s390: Fix endianess issue on Generate_ConstructFunction
R=joransiu@ca.ibm.com

Change-Id: Ic44ce01e4d9487c7319125df46914a528938071d
Reviewed-on: https://chromium-review.googlesource.com/1010920
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#52583}
2018-04-12 20:32:49 +00:00
Sigurd Schneider
d71c34dcee Revert "Introduce CodeReference"
This reverts commit 4d7ad46db4.

Reason for revert: Makes i18n bot red
https://logs.chromium.org/v/?s=chromium%2Fbb%2Fclient.v8%2FV8_Linux_-_noi18n_-_debug%2F20162%2F%2B%2Frecipes%2Fsteps%2FCheck%2F0%2Flogs%2FAssemblerIa32JumpTabl..%2F0

Original change's description:
> Introduce CodeReference
> 
> Add a struct CodeReference that can be stack allocated to pass a
> reference to either an on-heap code object or off-heap WasmCode object
> in a gc safe manner. The struct also provides a common interface such
> that code can be written independently of the kind of code object it
> references.
> 
> Change-Id: I5a6f74462e6e141d167c7fd9bac8c21941fd83b1
> Reviewed-on: https://chromium-review.googlesource.com/977905
> Commit-Queue: Stephan Herhut <herhut@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52580}

TBR=mstarzinger@chromium.org,herhut@chromium.org

Change-Id: I9c49da9ee97e7423284e58bec3fdc1d212ff1af0
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/1010544
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52582}
2018-04-12 16:56:16 +00:00
peterwmwong
ae4529f9e1 [builtins] Add fast paths to String.p.matchAll
Add fast paths when RegExp and RegExp result are fast wherever possible.

As shown below, this CL improves the performance of calling S.p.matchAll and
iterating over matches.

Before:

StringMatchAllBuiltinRegExpIteratorCreation-Strings(Score): 5002
StringMatchAllBuiltinStringIteratorCreation-Strings(Score): 13798
StringMatchAllBuiltinString-Strings(Score): 197
StringMatchAllManualString-Strings(Score): 454
StringMatchAllBuiltinRegExp-Strings(Score): 193
StringMatchAllManualRegExp-Strings(Score): 453
StringMatchAllBuiltinZeroWidth-Strings(Score): 97.2
StringMatchAllBuiltinZeroWidthUnicode-Strings(Score): 95.9

After:

StringMatchAllBuiltinRegExpIteratorCreation-Strings(Score): 15437
StringMatchAllBuiltinStringIteratorCreation-Strings(Score): 16708
StringMatchAllBuiltinString-Strings(Score): 392
StringMatchAllManualString-Strings(Score): 452
StringMatchAllBuiltinRegExp-Strings(Score): 394
StringMatchAllManualRegExp-Strings(Score): 484
StringMatchAllBuiltinZeroWidth-Strings(Score): 409
StringMatchAllBuiltinZeroWidthUnicode-Strings(Score): 413

Bug: v8:6890
Change-Id: I6fcc1003a471314cf412aac456d42286b2926810
Reviewed-on: https://chromium-review.googlesource.com/1005400
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52581}
2018-04-12 16:13:44 +00:00
Stephan Herhut
4d7ad46db4 Introduce CodeReference
Add a struct CodeReference that can be stack allocated to pass a
reference to either an on-heap code object or off-heap WasmCode object
in a gc safe manner. The struct also provides a common interface such
that code can be written independently of the kind of code object it
references.

Change-Id: I5a6f74462e6e141d167c7fd9bac8c21941fd83b1
Reviewed-on: https://chromium-review.googlesource.com/977905
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52580}
2018-04-12 15:50:19 +00:00
Clemens Hammacher
7176708dc5 [wasm] Remove CodeGenerationSchedule
It was supposed to add some randomness to the order of generated code
objects, but it is totally unclear whether this is working, needed or
helpful. This this adds considerable complexity, remove it for now.

R=ahaas@chromium.org
CC=titzer@chromium.org

Change-Id: Ie2b8613bbdeedb48b2e72f5843bacd2c4873edf5
Reviewed-on: https://chromium-review.googlesource.com/1010082
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52579}
2018-04-12 15:49:14 +00:00
peterwmwong
7bdbe77a3f [builtins] Fix missing ToString in RegExp.p.match
It is not safe to assume the first match is a string just
because the RegExp result is fast.

Bug: chromium:831943
Change-Id: Idd40f8b75312f0be54f45f626dc017339033abc6
Reviewed-on: https://chromium-review.googlesource.com/1009325
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Cr-Commit-Position: refs/heads/master@{#52578}
2018-04-12 14:54:54 +00:00
Clemens Hammacher
f156887d59 [Liftoff] Implement i64.mul
This adds support for i64.mul. On x64, the implementation is straight
forward, on ia32, we need three multiplies and two additions.

R=ahaas@chromium.org

Bug: v8:6600
Change-Id: I083872c1a6885458396ae5ff29e29d057e458561
Reviewed-on: https://chromium-review.googlesource.com/1009943
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52576}
2018-04-12 14:20:24 +00:00
Ivica Bogosavljevic
e184dcae96 MIPS[64]: Implement Round, Ceil, Floor and Trunc in LiftOff
Change-Id: I13c58a462ec844b6df0e55bbbbf9134a476363c4
Reviewed-on: https://chromium-review.googlesource.com/1009908
Reviewed-by: Sreten Kovacevic <sreten.kovacevic@mips.com>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#52575}
2018-04-12 14:16:34 +00:00
sreten.kovacevic
44007be068 [Liftoff][mips] Implement f32 and f64 set_cond instructions
Also, implement supporting function for translating Condition to
MIPS FPUCondition.

Bug: v8:6600
Change-Id: I5a3497a8445e2fc5a18abd56a83cd1451c2c48ec
Reviewed-on: https://chromium-review.googlesource.com/1010163
Commit-Queue: Sreten Kovacevic <sreten.kovacevic@mips.com>
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#52573}
2018-04-12 12:43:13 +00:00
Igor Sheludko
2b7e063f2a [csa][runtime] Introduce IsCustomElementsReceiverInstanceType() predicate and friends.
Bug: v8:7570
Change-Id: I3349062f82df89a5a1a484b22fea5c5763d264f7
Reviewed-on: https://chromium-review.googlesource.com/1007662
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52572}
2018-04-12 12:14:55 +00:00
Peter Marshall
4feb5ce7fd [cpu-profiler] Fix bugs and add tests for JITLineInfoTable
Looking up line numbers with the JITLineInfoTable would sometimes give
wrong answers. Fix these bugs and add a cctest for this data structure.

Also do some cleanup while we're here like inlining the (empty)
constructor and destructor and removing the empty() method which is
only used unnecessarily anyway, to make the contract of
GetSourceLineNumber a bit clearer.

Also rename the data structure to SourcePositionTable, because it
doesn't just provide info for JIT code, but also bytecode, and 'Info'
is pretty ambiguous.

Bug: v8:7018
Change-Id: I126581c844d85df6b2b3f80f2f5acbce01c16ba1
Reviewed-on: https://chromium-review.googlesource.com/1006795
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52571}
2018-04-12 11:48:05 +00:00
Clemens Hammacher
d30af614a9 [wasm] Use correct types for instance fields
Memory size, mask and function table size are 32-bit values in wasm.
There is no relation to pointer size. Hence, replace uintptr_t by
uint32_t.
These fields are already being loaded as uint32_t in wasm-compiler.cc,
causing problems on big endian systems.

R=mstarzinger@chromium.org

Change-Id: Ie03b552934262d5fa8de9998abdd7409e60af690
Reviewed-on: https://chromium-review.googlesource.com/1005154
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52568}
2018-04-12 10:06:36 +00:00
Toon Verwaest
225bc87e2e Revert '[runtime] Temporarily disable double fields unboxing.'
Bug: chromium:831981
Change-Id: Ie0e4bb6ca585f76829e0100202e01d02c521ac51
Reviewed-on: https://chromium-review.googlesource.com/1009902
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52566}
2018-04-12 09:38:46 +00:00
sreten.kovacevic
72a126b947 [Liftoff][mips] Add big endian support
Add big endian support for MIPS in Liftoff.

Bug: v8:6600
Change-Id: Ibd90e7b6a8f0f826bd70ef489135cabcadeed7b0
Reviewed-on: https://chromium-review.googlesource.com/995457
Commit-Queue: Sreten Kovacevic <sreten.kovacevic@mips.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#52565}
2018-04-12 09:19:44 +00:00
Clemens Hammacher
a05c7d51b1 [wasm] Fix data race on failed_ field
R=ahaas@chromium.org

Bug: chromium:831989, chromium:824681
Change-Id: I0a8b2cc9f80af5f954bd358c30a3c6d84b6adeae
Reviewed-on: https://chromium-review.googlesource.com/1009603
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52561}
2018-04-12 08:40:48 +00:00
Peter Marshall
c68f863d73 [typedarray] Fix ArrayBuffer creation for cross realm species
Fixes some failing test262 tests for a corner-case in the spec
where we need to use the buffer constructor from a different realm.

Bug: v8:7512
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I3f1334f6181eaaddf0326156139ac20a970c235b
Reviewed-on: https://chromium-review.googlesource.com/966223
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52560}
2018-04-12 08:33:43 +00:00
Sigurd Schneider
92af24008b [runtime] Fix function map index for Promise reject/resolve
Bug: chromium:829253
Change-Id: Ie9102adcecfe4f019ccf8b5e82e55509a416bfc3
Reviewed-on: https://chromium-review.googlesource.com/1007195
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52559}
2018-04-12 08:28:20 +00:00
Jungshik Shin
98c0cd9f8f Use the base locale when getting the best match pattern
This is to fix an assertion failure in formatToParts when
Chinese calendar is specified with 'u-ca-chinese'.

See https://github.com/tc39/ecma402/issues/225 . This CL
is a temporary work-around to get v8 match the spec in terms
of the external behavior, but it's not taking the steps in
the spec, yet.

Moreover, the spec may have to be revised as to how to pick the best
match pattern when the default calendar for a locale is different from
the calendar specified via 'u-ca'. How to handle 'related year' part
also needs to be specified.

Bug: chromium:826549
Test: intl/date-format/format-with-extensions
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I1f9a2467e86e71e024bc9babe18f16e49746008e
Reviewed-on: https://chromium-review.googlesource.com/1006915
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jungshik Shin <jshin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52556}
2018-04-12 06:14:47 +00:00
Kim-Anh Tran
2b24df9929 [wasm] Fix Liftoff-prologue for tiering to correctly restore state
When using registers during the Liftoff-prologue, we need to make sure
that all reserved registers are correctly pushed to and restored
from stack.

Change-Id: Iac444448cfd99fca70a811cb941d0cf5979d638b
Reviewed-on: https://chromium-review.googlesource.com/1005754
Commit-Queue: Kim-Anh Tran <kimanh@google.com>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52555}
2018-04-12 06:01:17 +00:00
Junliang Yan
34f86aee33 PPC/s390: [debug] allow calls to some builtins on temporary objects
Port 077205be55

Original Commit Message:

    This CL allows SetPrototypeAdd and ArrayIteratorPrototypeNext
    to be called on temporary objects during side effect free evaluation.

R=kozyatinskiy@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: I4f6d4e885c19a032723ea8fe39976780900ba922
Reviewed-on: https://chromium-review.googlesource.com/1008634
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#52554}
2018-04-12 03:50:26 +00:00
Alexei Filippov
1def6cd4a3 [cpu-profiler] Automatically create TracingCpuProfiler
Previously embedder had to create an instance of TracingCpuProfiler explicitly.
The patch makes the profiler created automatically for every isolate.
The profiler has no overhead unless tracing with v8.cpu_profiler category is enabled.

Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I9369c2c56bcddc72093eda33dc2bc185c9253b4a
Reviewed-on: https://chromium-review.googlesource.com/1006049
Commit-Queue: Alexei Filippov <alph@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52552}
2018-04-11 21:31:07 +00:00
Junliang Yan
c7393ac81c PPC/s390: interpreter: make interpreted frames distinguishable in the native stack
Port ada64b58bf

Original Commit Message:

    Before Turbofan/Ignition it was possible to use external profilers to
    sample running V8/Node.js processes and generate reports/FlameGraphs
    from that. It's still possible to do so, but non-optimized JavaScript
    functions appear in the stack as InterpreterEntryTrampoline. This commit
    adds a runtime flag which makes interpreted frames visible on the
    process' native stack as distinguishable functions, making the sampled
    data gathered by external profilers such as Linux perf and DTrace more
    useful.

R=matheus@sthima.com.br, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: I0416b53c53248a5624061d0155712a3e2396c725
Reviewed-on: https://chromium-review.googlesource.com/1008045
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#52551}
2018-04-11 20:59:32 +00:00
Sigurd Schneider
638c950743 [turbofan] Fix context size in promise constructor
The promise constructor fast-path did allocate contexts that were
too large, resulting in GC overhead compared to the slow-path which
contributes to a performance regression we are currently dealing with.

Bug: chromium:829253
Change-Id: I82883358933df9ce5241bad53b85867455046cc1
Reviewed-on: https://chromium-review.googlesource.com/1007054
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52550}
2018-04-11 13:58:57 +00:00
Igor Sheludko
845aa75f6a [builtins] Remove unused LoadField builtin.
Bug: v8:7570
Change-Id: I8b15d6e9f4991d0a6884277a5d67090f24270fcc
Reviewed-on: https://chromium-review.googlesource.com/1005261
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52549}
2018-04-11 13:57:16 +00:00
Alexey Kozyatinskiy
077205be55 [debug] allow calls to some builtins on temporary objects
This CL allows SetPrototypeAdd and ArrayIteratorPrototypeNext
to be called on temporary objects during side effect free evaluation.

Bug: v8:7588
Change-Id: Id77848e48d98c243de91bc6c0fae5a0877e693d4
Reviewed-on: https://chromium-review.googlesource.com/998439
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52548}
2018-04-11 13:41:56 +00:00
Andreas Haas
e921be5c4f [wasm] Avoid checking for scheduled_exceptions in the wasm deserialization
ValueDeserializer::ReadWasmModule does not call API functions, therefore
there can be no scheduled_exceptions, and therefore we do not have to
translate scheduled_exceptions to pending_exceptions. On the contrary,
there can be pending_exceptions, which causes the call to
RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION to crash.

This CL fixes a crash in a layout test which was caused by another
CL (https://crrev.com/c/975547).

R=mstarzinger@chromium.org
CC=​binji@chromium.org

Change-Id: I3078a2a9a532b079b5a4ea604c2f3f777fa2e287
Reviewed-on: https://chromium-review.googlesource.com/1006794
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52547}
2018-04-11 13:32:26 +00:00
Hannes Payer
3e7b7ed24a [heap] Remove MemoryChunks from CodePageCollectionMemoryModificationScope set if they get freed.
Bug:chromium:831501
Change-Id: I82daa3dc1a6cc08cb63e42f4a54b69d28303ce0f

NOTREECHECKS=true

Change-Id: I82daa3dc1a6cc08cb63e42f4a54b69d28303ce0f
Reviewed-on: https://chromium-review.googlesource.com/1006755
Commit-Queue: Michael Hablich <hablich@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52546}
2018-04-11 11:54:17 +00:00
jgruber
8d3d738c41 [stubs] Remove unused MathPowStub parameters
All call sites passed nullptr as the isolate argument and DOUBLE as the
exponent type. Remove these unused arguments and related dead code.

Bug: v8:6666
Change-Id: Ie94d9b489f494b2a5c80f5cc3dc81013ed4f4414
Reviewed-on: https://chromium-review.googlesource.com/1006754
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52545}
2018-04-11 11:07:46 +00:00
Michael Starzinger
358f4454bb [liftoff] Fix stack layout on 32-bit architectures.
This improves the stack layout of {WasmCompiledFrame} frames built by
Liftoff so that the first spill slot immediately follows the frame
marker. We will rely on this in the future when we expect the first
spill slot to always hold a {WasmInstanceObject} reference.

R=clemensh@chromium.org

Change-Id: I2babe8a813af23f3b5bc139a2b0b334072625f7b
Reviewed-on: https://chromium-review.googlesource.com/1006615
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52543}
2018-04-11 09:53:23 +00:00
Clemens Hammacher
be1a231625 [wasm][interpreter] Check signature before getting code
On indirect function calls, if the corresponding table entry is empty,
we cannot call {GetCodeFromStartAddress}. In that case, the signature
check will fail anyway, so perform the signature check first, and only
get the code object if the check succeeds.

R=mstarzinger@chromium.org

Bug: chromium:831463
Change-Id: Iead949e4c12502b1a2a3949db2dabab4a184a1e7
Reviewed-on: https://chromium-review.googlesource.com/1005005
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52542}
2018-04-11 09:52:19 +00:00
Matheus Marchini
ada64b58bf interpreter: make interpreted frames distinguishable in the native stack
Before Turbofan/Ignition it was possible to use external profilers to
sample running V8/Node.js processes and generate reports/FlameGraphs
from that. It's still possible to do so, but non-optimized JavaScript
functions appear in the stack as InterpreterEntryTrampoline. This commit
adds a runtime flag which makes interpreted frames visible on the
process' native stack as distinguishable functions, making the sampled
data gathered by external profilers such as Linux perf and DTrace more
useful.

R=bmeurer@google.com, franzih@google.com, jarin@google.com, yangguo@google.com

Bug: v8:7155
Change-Id: I3dc8876aa3cd9f1b9766624842a7cc354ccca415
Reviewed-on: https://chromium-review.googlesource.com/959081
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52533}
2018-04-10 19:33:55 +00:00
Alexei Filippov
4b0644f501 [profiler] Ensure the SafeStackFrameIterator progresses.
If it does not, the stack may be in an unconsistent state. Bailout if so.

BUG=chromium:828881

Change-Id: Ia66077d3846bf9a1d556a37fd8e0ca856f9d2464
Reviewed-on: https://chromium-review.googlesource.com/1002535
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52532}
2018-04-10 18:48:15 +00:00
Clemens Hammacher
fb226a117a [wasm] Avoid transition from unhandlified to handlified
The ImportedFunctionEntry and IndirectFunctionTableEntry stored handles
internally, but were created from raw pointers. This is not allowed.
The two options to fix this are to either handlify the whole interface,
or do the opposite and use raw pointers everywhere. Since no current
user depends on a handlified interface, and both objects are being used
in performance critical code, this CL unhandlifies the interface and
adds a DisallowHeapAllocation scope to enforce that no GC happens while
any ImportedFunctionEntry or IndirectFunctionTableEntry is alive.

R=mstarzinger@chromium.org
CC=titzer@chromium.org

Change-Id: I098c2abcdd28c4b117272ac3ea0358ff2e56b36c
Reviewed-on: https://chromium-review.googlesource.com/1005075
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52531}
2018-04-10 18:42:55 +00:00
Erik Luo
4e2376b1cb [debug] whitelist Function, BigInt methods as side-effect-free
This whitelists Function-related builtins used by Blink callbacks at
the DOM wrapping stage, and other BigInt methods.

Bug: chromium:810176
Change-Id: If036114cd7f133f2c30247dff836698c2eb16a51
Reviewed-on: https://chromium-review.googlesource.com/1004000
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Erik Luo <luoe@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52530}
2018-04-10 17:15:25 +00:00
Junliang Yan
20a427f6a5 PPC/s390: fix compilation error
R=joransiu@ca.ibm.com

Change-Id: I995c7ea23899a00a92b350cbd1878c41d56760c2
Reviewed-on: https://chromium-review.googlesource.com/1005279
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#52529}
2018-04-10 17:11:15 +00:00
Michael Starzinger
f590c153e2 [frames] Turn all frame constants into {constexpr}.
This is in preparation of using some of these constants to compute
values for the Liftoff assembler that are themselves constexpr.

R=clemensh@chromium.org

Change-Id: I573ef4ca164e0107968e482996963fde9a3960b0
Reviewed-on: https://chromium-review.googlesource.com/1005056
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52527}
2018-04-10 16:11:13 +00:00
Ben L. Titzer
ff64dfa092 [wasm] Improve patching behavior for lazy compilation
This CL fixes the pathological O(n^2) patching behavior that
was introduced when simplifying the wasm instance/context data
structures. It introduces a per-instance reverse mapping of
function indexes to where they appear in import and indirect
function tables. The mapping is created lazily and rebuild in
response to too many failed lookups, which makes it robust
to table mutations in the future.

This CL also fixes a bug where the anonymous lazy compile stub
was not being used for direct calls, confusing the indirect
call patching mechanism.

R=clemensh@chromium.org,mstarzinger@chromium.org

Bug: v8:7424, chromium:830558
Change-Id: Ice0212593b31eb64687a3d52bd238020682a857f
Reviewed-on: https://chromium-review.googlesource.com/1004294
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52526}
2018-04-10 14:32:32 +00:00
Clemens Hammacher
3c2a693324 [cleanup] Remove redundant ROUND_UP macro
Replace all uses by the existing RoundUp function.

R=ulan@chromium.org

Bug: v8:7570
Change-Id: I7ff5e76ebea7b429ff4e4f3a8157ee831e7891ae
Reviewed-on: https://chromium-review.googlesource.com/1004898
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52525}
2018-04-10 14:15:00 +00:00
Igor Sheludko
b590d6a40c [runtime] Temporarily disable double fields unboxing.
... to see if it improves things in real-world area.

Change-Id: Icf6a1ff47f35eb3f7e25b549d736f7404148f6ab
Reviewed-on: https://chromium-review.googlesource.com/1004587
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52523}
2018-04-10 13:50:37 +00:00
Sigurd Schneider
543f2de418 [frames] Add context slot for builtin continuations
This CL adds a context slot to builtin continuation frames which
stores the context, even for stub continuations. This context slot
is used in NotifyDeoptimized to provide the JavaScript context.

Bug: v8:7639
Change-Id: Ibdfe24141a759cda6d319db0933bea57919dc171
Reviewed-on: https://chromium-review.googlesource.com/1002776
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52522}
2018-04-10 13:32:17 +00:00
Daniel Clifford
4eebf032e0 Add missing CSA routines in preparation for Torque
Change-Id: I170f47ee1c1e7e1a1296d5e5fc7fd1e2ab28a2f7
Reviewed-on: https://chromium-review.googlesource.com/1005076
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52521}
2018-04-10 13:08:23 +00:00
Marja Hölttä
3d222e13be [in-place weak refs] Fix weak slots in new space.
New space objects which die after scavenging might contain weak references.
IncrementalMarking::UpdateWeakReferencesAfterScavenge must drop the
corresponding slot.

This bug didn't surface before, since all weak slots are in the old space (but
this will change soon).

BUG=v8:7308

Change-Id: Ib1e507d4207e35547240dc0867ec7787b3f3103e
Reviewed-on: https://chromium-review.googlesource.com/1005000
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52519}
2018-04-10 11:50:33 +00:00
Jaroslav Sevcik
963062fb73 [turbofan] Re-enable stack pointer poisoning.
This re-enables stack pointer poisoning with untrusted code mitigations.

Bug: chromium:798964
Change-Id: I68b60641efefccbf0c4fd81c54809777feabc4be
Reviewed-on: https://chromium-review.googlesource.com/1002563
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52518}
2018-04-10 11:42:43 +00:00
Jakob Gruber
affbe85e92 Revert "[runtime] Do some more StringTable shrinking"
This reverts commit 6823c0a496.

Reason for revert: https://crbug.com/830499

Original change's description:
> [runtime] Do some more StringTable shrinking
> 
> This CL further lowers the kMaxEmptyFactor constant to more aggressively shrink
> the StringTable when it's empty.
> 
> Bug: v8:5443, chromium:818642
> Change-Id: I1c263a0afd7e6bed8a8bb857db032bf126c3ef4b
> Reviewed-on: https://chromium-review.googlesource.com/995473
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52401}

TBR=mlippautz@chromium.org,cbruni@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:5443, chromium:818642
Change-Id: Ibd009fe1e9fcd0b36f168ad425e1eb5e663a1ca8
Reviewed-on: https://chromium-review.googlesource.com/1004456
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52515}
2018-04-10 10:18:21 +00:00
Jakob Gruber
1e928e9069 Revert "Add boolean runtime checks for different element kinds."
This reverts commit 29308cf0e5.

Reason for revert: Use existing runtime functions instead

Original change's description:
> Add boolean runtime checks for different element kinds.
> 
> This will be used for Array.p.sort benchmarks to ensure that the
> arrays will have the correct element kind.
> 
> R=​cbruni@chromium.org, jgruber@chromium.org
> 
> Bug: v8:7382
> Change-Id: I4fe58d97d7f18fd193d4432964cf6b4f5335e0e7
> Reviewed-on: https://chromium-review.googlesource.com/1004754
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52511}

TBR=cbruni@chromium.org,jgruber@chromium.org,szuend@google.com

Change-Id: I45742879d3637470752335772f294d7e8ff3ce35
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7382
Reviewed-on: https://chromium-review.googlesource.com/1004589
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52513}
2018-04-10 09:54:12 +00:00