Commit Graph

23658 Commits

Author SHA1 Message Date
Ingvar Stepanyan
e5ef9eb502 [wasm] Align raw Wasm URLs with disassembled ones
If script is not disassembled, still use the same script URL format for
consistency.

In particular, use an absolute `wasm://wasm/` prefix, like disassembled fake
scripts do, instead of just a script name which appears to be a
relative URL to devtools.

Change-Id: Ib7632f9f3587ca4961eb4f0b884482b3a1a6e1f0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1833685
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Ingvar Stepanyan <rreverser@google.com>
Cr-Commit-Position: refs/heads/master@{#64086}
2019-10-02 15:47:06 +00:00
Mythri A
eea2006b3b [ic] Remove premonomorphic state
Premonomorphic state was only used for store globals to handle contextual
store on a global object [1]. We now handle these differently and we
move to fast handlers even without going through premonomorphic state
after this cl: https://chromium-review.googlesource.com/c/v8/v8/+/1807356.
Also, with lazy feedback this would be a relatively uncommon case anyway.
So, we no longer need premonomorphic state. This cl removes this state
entirely.


[1]: https://bugs.chromium.org/p/v8/issues/detail?id=8712


Bug: v8:8394
Change-Id: I71fb918b82b0c321a9705e32c8fc44e9ec223b38
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1833690
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64085}
2019-10-02 15:21:15 +00:00
Jakob Kummerow
1697b20f37 [inspector-test] Don't leak the ArrayBuffer::Allocator
The creator of the allocator retains ownership and is responsible
for its eventual destruction.

Change-Id: Iaf1b24bee7153b3b1a75df99974adff42c6a197f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1835545
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64084}
2019-10-02 14:26:55 +00:00
Michael Lippautz
38c901614e GCExtension: Properly support exceptions
Fix corner case where we would try to read a property when having a
pending or scheduled exception.

Re-add tests.

Bug: chromium:1006640
Change-Id: I2fc84ee0f6145db2d200a8b9abf57fdc4b12a5a3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1835531
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64083}
2019-10-02 12:14:02 +00:00
Mythri A
483a5e94a7 Reland "Mark functions for optimization only on bytecode budget interrupts"
This is a reland of 9efe315ee2 after marking
box2d slow.

Original change's description:
> Mark functions for optimization only on bytecode budget interrupts
>
> We used to mark functions for optimization on any interrupt. This sometimes
> causes functions to OSR when not needed. The implementation was such because
> we didn't have a different runtime function to distinguish bytecode budget
> interrupts from other interrupts. For lazy feedback allocation we added a
> new runtime function for bytecode budget interrupts so it makes it easier
> to actually mark functions only when needed.
>
> This also includes a fix to reduce the stack limits for interrupts when
> entering a scope that allows interrupts from a postponed interrupt scope.
>
> Bug: chromium:993061
> Change-Id: Iaf7b4dccb7a503e5b6bfcbb993bc7482aa593955
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1829218
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Commit-Queue: Mythri Alle <mythria@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64048}

Bug: chromium:993061
Change-Id: I24dae03357d6c368e4173db3f071e8ab09e9d6dc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1832173
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64082}
2019-10-02 11:50:12 +00:00
Jakob Gruber
28a9dc2b81 Remove JS natives support, step 1
The natives blob is deprecated and will be removed in the next
release.

This commit does two things, 1. it disables the v8_extra_library_files
gn argument which will make building natives_blob.bin through gn
impossible; 2. it marks API functions associated with the natives blob
as V8_DEPRECATE_SOON.

Embedders should remove any uses of SetNativesDataBlob and replace all
calls to

 InitializeExternalStartupData(const char*, const char*)

with the new function

 InitializeExternalStartupDataFromFile(const char*)

Step 2 is to mark API functions as V8_DEPRECATED.
Step 3, in the next V8 release, is to remove these functions and all
other natives support in V8.

Bug: v8:7624
Change-Id: I745e96c60204a9b94d9240be65dd59bb9bdd0699
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1824944
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64080}
2019-10-02 10:21:12 +00:00
Michael Lippautz
a12bfa9e04 GCExtension: Bail out on proxy parameter
Bug: chromium:1006640
Change-Id: I0f38ed9c44b6a2a6cfd52fdd9e177768f57beb11
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1833692
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64077}
2019-10-02 07:41:38 +00:00
Ng Zhi An
472aff977c [wasm-simd] Implement f64x2 sqrt for ia32
Bug: v8:9728
Change-Id: Ic15d793e6408af1ea2e1f7f71b9130300d359a95
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1808417
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64073}
2019-10-01 20:17:34 +00:00
Frank Tang
246d985cb7 [Intl] No throwing RangeError when "calendar" and "numberingSystem" are well-formed
* Throws RangeError only when the calendar and numberingSystem is
  ill-formed.
* Set the calendar and numberingSystem to the locale only if
the values are valid.
* Fix the order of GetOption of "localeMatcher".
* Add more unit tests.
See https://github.com/tc39/ecma402/pull/175 for details.

Bug: v8:9786, v8:9787, v8:9788
Change-Id: Ic0f918ad7d9afb0b7c8df39caa0f44ef07ca10c0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1830345
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64070}
2019-10-01 18:04:12 +00:00
Jakob Gruber
282a74c7f0 Reland "[regexp] Bytecode peephole optimization"
This is a reland of 6612943010

Fixed: Unaligned reads, unspecified evaluation order.

Original change's description:
> [regexp] Bytecode peephole optimization
>
> Bytecodes used by the regular expression interpreter often occur in
> specific sequences. The number of dispatches in the interpreter can be
> reduced if those sequences are combined into a single bytecode.
>
> This CL adds a peephole optimization pass for regexp bytecodes.
> This pass checks the generated bytecode for pre-defined sequences that
> can be merged into a single bytecode.
>
> With the currently implemented bytecode sequences a speedup of 1.12x on
> regex-dna and octane-regexp is achieved.
>
> Bug: v8:9330
> Change-Id: I827f93273a5848e5963c7e3329daeb898995d151
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1813743
> Commit-Queue: Patrick Thier <pthier@google.com>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63992}

Cq-Include-Trybots: luci.v8.try:v8_linux64_ubsan_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux_gcc_rel
Bug: v8:9330,chromium:1008502,chromium:1008631
Change-Id: Ib9fc395b6809aa1debdb54d9fba5b7f09a235e5b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1828917
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64064}
2019-10-01 12:50:24 +00:00
Ana Peško
14ffd21dd9 Reland "[regexp] Eagerly tier-up for very long strings"
This is a reland of cfb60d430b

Original change's description:
> [regexp] Eagerly tier-up for very long strings
> 
> For very long subject strings, the regexp interpreter is currently much slower
> than the native machine code execution. This CL implements eager tier-up to the
> compiler to avoid the performance penalty for subject strings of length greater
> than 1000.
> 
> Change-Id: I244ccbd60255e0f3bedc493b1cc3d25cdd42133e
> Bug: v8:9566
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1829273
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Commit-Queue: Ana Pesko <anapesko@google.com>
> Cr-Commit-Position: refs/heads/master@{#64046}

Bug: v8:9566
Change-Id: I81a10728c64ce3b35258c31eb8178e458d3de205
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1832167
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Ana Pesko <anapesko@google.com>
Cr-Commit-Position: refs/heads/master@{#64063}
2019-10-01 12:49:19 +00:00
Leszek Swirski
e3e7f1edee [cleanup] Another round of semi-automatic TNodification
Change-Id: I822f3961b2ec5ef8fb7ca4765cb7c9fd38514223
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1832171
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64060}
2019-10-01 10:55:20 +00:00
Andreas Haas
5b6624b184 [wasm][tests] Add prefix to TrapHandlerTest unittests
Apparently this is necessary.

R=ulan@chromium.org

Bug: v8:9396
Change-Id: Ia7c439308fb7edbb901f595aeb9fbf9389858daa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1832161
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64056}
2019-10-01 09:01:09 +00:00
Suraj Sharma
1e3c3876f8 Modify the DCHECK in when computing KeyedAccessStoreMode.
Since slow handler was previously not a Smi. The DCHECK assumed any
Smi Handler on this path should be a proxy handler. Now it Checks for
both, and should continue if the current handler is a slow handler.

Bug: chromium:1008632
Change-Id: I079960894d7320d8d658d0990e8c32db51703206
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1828480
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Suraj Sharma <surshar@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#64052}
2019-09-30 18:59:48 +00:00
Z Nguyen-Huu
c721203615 Add missing null condition in Proxy GetPrototypeof
Bug: v8:9781
Change-Id: I1f82a828f103cc2aa3f9553214f6b4867ffc3b17
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1829897
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64049}
2019-09-30 17:56:34 +00:00
Ana Pesko
3b9f815557 Revert "[regexp] Eagerly tier-up for very long strings"
This reverts commit cfb60d430b.

Reason for revert: Several bots timing out, e.g.
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20gc%20stress/24717

Original change's description:
> [regexp] Eagerly tier-up for very long strings
>
> For very long subject strings, the regexp interpreter is currently much slower
> than the native machine code execution. This CL implements eager tier-up to the
> compiler to avoid the performance penalty for subject strings of length greater
> than 1000.
>
> Change-Id: I244ccbd60255e0f3bedc493b1cc3d25cdd42133e
> Bug: v8:9566
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1829273
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Commit-Queue: Ana Pesko <anapesko@google.com>
> Cr-Commit-Position: refs/heads/master@{#64046}

TBR=yangguo@chromium.org,petermarshall@chromium.org,anapesko@google.com

TBR=yangguo@chromium.org

Change-Id: Id8dd362617988c8c5efa87ae157ee91c96cb1fdf
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9566
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1832163
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Ana Pesko <anapesko@google.com>
Cr-Commit-Position: refs/heads/master@{#64047}
2019-09-30 16:33:37 +00:00
Ana Peško
cfb60d430b [regexp] Eagerly tier-up for very long strings
For very long subject strings, the regexp interpreter is currently much slower
than the native machine code execution. This CL implements eager tier-up to the
compiler to avoid the performance penalty for subject strings of length greater
than 1000.

Change-Id: I244ccbd60255e0f3bedc493b1cc3d25cdd42133e
Bug: v8:9566
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1829273
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Ana Pesko <anapesko@google.com>
Cr-Commit-Position: refs/heads/master@{#64046}
2019-09-30 14:47:51 +00:00
Dominik Inführ
24d9e63e81 Revert "[heap] Insert directly into RememberedSet and remove StoreBuffer"
This reverts commit 70e07cdb6e.

Reason for revert: Clusterfuzz found issue in chromium:1009019

Original change's description:
> [heap] Insert directly into RememberedSet and remove StoreBuffer
>
> This CL removes the StoreBuffer and inserts slots into the
> RememberedSet directly from within the RecordWrite builtin. Only calls
> into C code when either the SlotSet-array or the bucket is not
> allocated. This avoids filling the store buffer up with duplicates or
> due to a write-heavy workload and then blocking the main thread on
> store buffer processing.
>
> Change-Id: I05b0b0938d822cdf0e8ef086ad4527d3229c05b2
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1815241
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64002}

TBR=ulan@chromium.org,jkummerow@chromium.org,dinfuehr@chromium.org

Change-Id: I6f4cc1641965c83b05f3b3830b0f526b362beb49
Bug: chromium:1009019, chromium:1009196
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1829259
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64043}
2019-09-30 14:20:31 +00:00
Dan Elphick
8de672cbe8 [parser] Prevent feedback slot merging for dynamic globals
This is a short-term fix to prevent any merging of feedback slots for
dynamic globals, while we work on a longer term solution to make it
consistent between eager and lazy compilation.

Bug: chromium:1008414, v8:8510
Change-Id: I4a5977046f53454d6f8a6ea2f41046abdf73418f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1829270
Commit-Queue: Dan Elphick <delphick@chromium.org>
Auto-Submit: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64041}
2019-09-30 11:57:09 +00:00
Georg Neis
8309c3e6a5 [turbofan] Fix reduction of global proxy access
This fixes a bug in the optimization concerning detached
or re-attached global proxies.

Bug: v8:7790
Change-Id: Ifd30b88361914430bb373d4b64a76e33ccde37e5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1809361
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64035}
2019-09-30 09:48:16 +00:00
Frank Tang
a0133350bf [Intl] Fix /ſ/i.test('ſ'.toUpperCase()) be false.
Address special case condiction for U+017F.

Bug: v8:9356
Change-Id: Id24e5e2c999b198bf0f696aea8c98f223508c051
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1827683
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64028}
2019-09-27 18:13:00 +00:00
Frank Tang
7dedd92998 [Intl] Fix /k/i.test('\u212A')
Add logic stated in

Bug: v8:9731
Change-Id: I0b3468bbad11a178f36d682febd0e44214646de8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1828279
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64027}
2019-09-27 17:37:50 +00:00
Mythri A
fcff24370b Reland "[compiler] Cache OSR optimized code"
This is a reland of cfb100282e
with a fix for failures in lite mode.

Original change's description:
> [compiler] Cache OSR optimized code
>
> With lazy feedback allocation, for functions that get OSRed we may
> not have feedback for the initial part of the functions since feedback
> vectors might be allocated after the function started executing. Hence
> we would not be able to optimize the function on the next call. This
> means we may have to OSR twice before we actually optimize function.
> This cl introduces OSR cache, so we could reuse the optimized code. One
> side effect of this cl is that the OSRed code won't be function context
> specialized anymore.
>
> Bug: chromium:987523
> Change-Id: Ic1e2abca85ccfa0a66a0fa83f7247392cc1e7cb2
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1796329
> Commit-Queue: Mythri Alle <mythria@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64014}

Bug: chromium:987523
Change-Id: I9c782242b07b24d15247533ab4ee044334b429ff
TBR: rmcilroy@chromium.org
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1826898
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64023}
2019-09-27 13:25:47 +00:00
Santiago Aboy Solanes
ea6844a665 [codegen][x64] Add an in place version of Smi(Un)Tag
The current version of SmiTag and SmiUntag was checking if the
registers were the same, copying them if not and then untagging.
We can avoid a branch and a check by having two versions of
SmiTag and SmiUntag.

Change-Id: Id89213e073cefc9f8e46fcf0e79d0c1d349342ae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1826730
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64021}
2019-09-27 13:03:28 +00:00
Benedikt Meurer
7d0f593e8f [inspector] Add "disableBreaks" parameter to "Runtime.evaluate".
This new optional parameter controls whether "Runtime.evaluate" ignores
break points and previous "Debugger.pause" calls while evaluating the
expression. This will be used for live expressions, which should never
interfere with debugging.

Bug: chromium:1001216
Change-Id: Ie37f6616a4a1cae40399b79255ab92fb254d91b5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1826664
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64018}
2019-09-27 12:16:01 +00:00
Michael Achenbach
f8a08223d6 Revert "[compiler] Cache OSR optimized code"
This reverts commit cfb100282e.

Reason for revert:
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm%20-%20sim%20-%20lite/6483

Original change's description:
> [compiler] Cache OSR optimized code
> 
> With lazy feedback allocation, for functions that get OSRed we may
> not have feedback for the initial part of the functions since feedback
> vectors might be allocated after the function started executing. Hence
> we would not be able to optimize the function on the next call. This
> means we may have to OSR twice before we actually optimize function.
> This cl introduces OSR cache, so we could reuse the optimized code. One
> side effect of this cl is that the OSRed code won't be function context
> specialized anymore.
> 
> Bug: chromium:987523
> Change-Id: Ic1e2abca85ccfa0a66a0fa83f7247392cc1e7cb2
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1796329
> Commit-Queue: Mythri Alle <mythria@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64014}

TBR=rmcilroy@chromium.org,neis@chromium.org,mythria@chromium.org

Change-Id: Ib3692e7570bed5d3e88ca8a0247b185d70497a04
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:987523
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1826668
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64015}
2019-09-27 12:09:13 +00:00
Mythri A
cfb100282e [compiler] Cache OSR optimized code
With lazy feedback allocation, for functions that get OSRed we may
not have feedback for the initial part of the functions since feedback
vectors might be allocated after the function started executing. Hence
we would not be able to optimize the function on the next call. This
means we may have to OSR twice before we actually optimize function.
This cl introduces OSR cache, so we could reuse the optimized code. One
side effect of this cl is that the OSRed code won't be function context
specialized anymore.

Bug: chromium:987523
Change-Id: Ic1e2abca85ccfa0a66a0fa83f7247392cc1e7cb2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1796329
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64014}
2019-09-27 09:30:52 +00:00
Ng Zhi An
36f2ec1fd8 [wasm-simd] Implement f32x4.sqrt for arm
Bug: v8:8460
Change-Id: I02f5ac42ab101dd8e12e14f253a625212db13a21
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1808045
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64011}
2019-09-26 21:25:56 +00:00
Ng Zhi An
160023c241 [wasm-simd] Implement f64x2 abs neg for ia32
Bug: v8:9728
Change-Id: Icb8c1cfce481ba8a9c4b3447cd2de43920d6f528
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1807552
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64010}
2019-09-26 20:28:47 +00:00
Georg Neis
2d09117798 [turbofan] Improve broker tracing wrt. function inlining
Make it clearer when the broker is missing information about
a potential inlinee.

Bug: v8:7790
Change-Id: I73d6066e75049e15a3fd821ac685476812482142
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1825241
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64007}
2019-09-26 19:11:47 +00:00
Joshua Litt
318d66d95f [protectors] Migrate final two protectors to their own file
Bug: v8:9463
Change-Id: I62290f29086c370b1f4f773de9a4d8f926edf313
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1818732
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Joshua Litt <joshualitt@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64005}
2019-09-26 17:18:35 +00:00
Frank Tang
43f44e5311 [Intl] Remove abandoned support of 'quarter'
ECMA402 decided to abandon https://github.com/tc39/ecma402/pull/345
so we should remove the code here.

Bug: v8:9282
Change-Id: I05cbad429ae01bf3debebfed07160b5f53f98a21
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1825827
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64004}
2019-09-26 17:13:56 +00:00
Ross McIlroy
bd61b5b03b Reland "[TurboProp] Add MidTierMachineLoweringPhase to avoid Late/MemoryOptimizationPhases"
This is a reland of c70de45c6a

Original change's description:
> [TurboProp] Add MidTierMachineLoweringPhase to avoid Late/MemoryOptimizationPhases
>
> Adds a MidTierMachineLoweringPhase which does select and memory lowering to machine
> nodes. This allows TurboProp to avoid the LateOptimizationPhase and
> MemoryOptimizationPhase phases while still lowering all simplified nodes to
> machine nodes before instruction selection.
>
> BUG=v8:9684
>
> Change-Id: I60533db93152ff044a2fa8c1c31adedeb3747856
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1815130
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63981}

TBR=neis@chromium.org

Bug: v8:9684
Change-Id: I9cf3d087b81bb81a09a725168da9dc19238da91f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1826726
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64003}
2019-09-26 16:39:15 +00:00
Dominik Inführ
70e07cdb6e [heap] Insert directly into RememberedSet and remove StoreBuffer
This CL removes the StoreBuffer and inserts slots into the
RememberedSet directly from within the RecordWrite builtin. Only calls
into C code when either the SlotSet-array or the bucket is not
allocated. This avoids filling the store buffer up with duplicates or
due to a write-heavy workload and then blocking the main thread on
store buffer processing.

Change-Id: I05b0b0938d822cdf0e8ef086ad4527d3229c05b2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1815241
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64002}
2019-09-26 16:22:32 +00:00
Igor Sheludko
26824a285c [ptr-compr][x64] Preparing for using smi-corrupting decompression
This CL fixes comparison operations that take into account full-word
value instead of the lower 32 bits.

Bug: v8:9706
Change-Id: I04d2708f331a65e1c73302e8c36653f9cb40706e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1824946
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64001}
2019-09-26 16:21:27 +00:00
Clemens Backes [né Hammacher]
05eda1acc2 Revert "[regexp] Bytecode peephole optimization"
This reverts commit 6612943010.

Reason for revert: Fails on gcc: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20gcc/3394

Original change's description:
> [regexp] Bytecode peephole optimization
> 
> Bytecodes used by the regular expression interpreter often occur in
> specific sequences. The number of dispatches in the interpreter can be
> reduced if those sequences are combined into a single bytecode.
> 
> This CL adds a peephole optimization pass for regexp bytecodes.
> This pass checks the generated bytecode for pre-defined sequences that
> can be merged into a single bytecode.
> 
> With the currently implemented bytecode sequences a speedup of 1.12x on
> regex-dna and octane-regexp is achieved.
> 
> Bug: v8:9330
> Change-Id: I827f93273a5848e5963c7e3329daeb898995d151
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1813743
> Commit-Queue: Patrick Thier <pthier@google.com>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63992}

TBR=jgruber@chromium.org,petermarshall@chromium.org,pthier@google.com

Change-Id: Ie526fe3691f6abdd16b51979000fdafb7afce8ef
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9330
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1826727
Reviewed-by: Clemens Backes [né Hammacher] <clemensb@chromium.org>
Commit-Queue: Clemens Backes [né Hammacher] <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63998}
2019-09-26 15:57:02 +00:00
Thibaud Michaud
99b75c112a [wasm] Support any iterable in multi-return wrappers
The current implementation only supports arrays and proxies as
multi-return values in Wasm to JS calls. This adds support for any
iterable including generators, as specified by the multi-value proposal
(https://github.com/WebAssembly/multi-value/).

R=mstarzinger@chromium.org

Bug: v8:9492
Change-Id: I2c9be1f7e03824b1aabba525244e5b7f76a98f99
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1824938
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63996}
2019-09-26 15:11:09 +00:00
Igor Sheludko
fd4cc2b254 [ptr-compr][csa] Preparing for smi-corrupting decompression
This CL fixes comparison operations that take into account full-word
value instead of the lower 32 bits and tweaks some CSA helper functions
for smi-corrupting decompression.

Bug: v8:9706
Change-Id: I50e38a9f34b911ec0b8dd4e21298417bf23160aa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1824943
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63995}
2019-09-26 15:08:51 +00:00
Patrick Thier
6612943010 [regexp] Bytecode peephole optimization
Bytecodes used by the regular expression interpreter often occur in
specific sequences. The number of dispatches in the interpreter can be
reduced if those sequences are combined into a single bytecode.

This CL adds a peephole optimization pass for regexp bytecodes.
This pass checks the generated bytecode for pre-defined sequences that
can be merged into a single bytecode.

With the currently implemented bytecode sequences a speedup of 1.12x on
regex-dna and octane-regexp is achieved.

Bug: v8:9330
Change-Id: I827f93273a5848e5963c7e3329daeb898995d151
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1813743
Commit-Queue: Patrick Thier <pthier@google.com>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63992}
2019-09-26 14:57:37 +00:00
Sathya Gunasekaran
ca1c77ab18 Revert "[TurboProp] Add MidTierMachineLoweringPhase to avoid Late/MemoryOptimizationPhases"
This reverts commit c70de45c6a.

Reason for revert: speculative revert

Original change's description:
> [TurboProp] Add MidTierMachineLoweringPhase to avoid Late/MemoryOptimizationPhases
> 
> Adds a MidTierMachineLoweringPhase which does select and memory lowering to machine
> nodes. This allows TurboProp to avoid the LateOptimizationPhase and
> MemoryOptimizationPhase phases while still lowering all simplified nodes to
> machine nodes before instruction selection.
> 
> BUG=v8:9684
> 
> Change-Id: I60533db93152ff044a2fa8c1c31adedeb3747856
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1815130
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63981}

TBR=rmcilroy@chromium.org,neis@chromium.org

Change-Id: I99cddb2c435ad6347bdc9b61b95d48dca94294c7
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9684
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1826720
Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
Commit-Queue: Sathya Gunasekaran  <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63984}
2019-09-26 11:32:58 +00:00
Clemens Backes
7777aa4276 Change all TODOs from clemensh to clemensb
R=adamk@chromium.org

No-Try: true
Change-Id: I71824f52802c125dbee51216054575f44d08d534
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1825243
Commit-Queue: Clemens Backes [né Hammacher] <clemensb@chromium.org>
Auto-Submit: Clemens Backes [né Hammacher] <clemensb@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63983}
2019-09-26 10:25:27 +00:00
Ross McIlroy
c70de45c6a [TurboProp] Add MidTierMachineLoweringPhase to avoid Late/MemoryOptimizationPhases
Adds a MidTierMachineLoweringPhase which does select and memory lowering to machine
nodes. This allows TurboProp to avoid the LateOptimizationPhase and
MemoryOptimizationPhase phases while still lowering all simplified nodes to
machine nodes before instruction selection.

BUG=v8:9684

Change-Id: I60533db93152ff044a2fa8c1c31adedeb3747856
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1815130
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63981}
2019-09-26 09:58:47 +00:00
Clemens Backes
0f2ed107ef Rename clemensh to clemensb in OWNERS
R=adamk@chromium.org

No-Try: true
Change-Id: Idedb3d80382c876f09c545cf0f1cc7387b9ad805
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1825242
Auto-Submit: Clemens Backes [né Hammacher] <clemensb@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63979}
2019-09-26 08:44:44 +00:00
Ng Zhi An
628cc44a29 [wasm-simd] Implement f64x2 f32x4 qfma and qfms for arm64
FMA operations is always supported on arm64, so in the test, we expect
fused results on arm64 whenever we run on TurboFan.

Bug: v8:9415
Change-Id: Ia2016533b9b76ee14b8c8da1c0d4ff7753276714
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1819723
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63973}
2019-09-25 20:13:28 +00:00
Frank Tang
aad8c7f81b [Intl] Implement ECMA402 PR 349 and 351
It is controlled by flag harmony_intl_other_calendars.
But this is also pretty intern-dependent with
harmony_intl_add_calendar_numbering_system and should be launched
all together to be meaningful.

https://github.com/tc39/ecma402/pull/349/
#349 Normative: Allow calendar to determine choice of pattern

https://github.com/tc39/ecma402/pull/351
#351 Normative: Permit relatedYear and yearName in output



Bug: v8:9155
Change-Id: I67cd6bba6276bbb995186a9fe6202429d724ba61
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1588401
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63972}
2019-09-25 19:53:48 +00:00
Dominik Inführ
2b8dab42e5 [heap] Insert into old-to-new slots non-atomically
Since https://crrev.com/c/1771783 the mutator owns the old-to-new
remembered set, while the sweeper modifies the sweeping-slot-set.
This allows us to update the old-to-new remembered set non-atomically.

In this CL the mutator now inserts non-atomically into the remembered
set. The AccessMode is now explicit for Insert-operations as well.

Bug: v8:9454
Change-Id: I94730345f7dd34fe309839969330687c94b3080b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1803652
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63971}
2019-09-25 16:53:17 +00:00
Ingvar Stepanyan
c7848612d8 Add support for reporting raw Wasm scripts
This addition will allow to experiment with parsing DWARF information from
WebAssembly on the frontend side for improved debugging.

The frontend must explicitly opt-in to this experiment by setting
`supportsWasmDwarf: true` in `Debugger.enable` params.

When this option is present, and Wasm appears to contain DWARF information
(heuristic: `.debug_info` custom section is present), V8 will not try to
disassemble and report each WebAssembly function as a separate fake script, but
instead will report Wasm module as a whole.

Note that V8 already does this when Wasm is associated with a source map.

Additionally, this CL adds a dedicated `Debugger.getWasmBytecode` command that
accepts scriptId and returns raw wire bytes of the chosen WebAssembly module.

Change-Id: I7a6e80daf8d91ffaaba04fa15688f2ba9552870f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1809375
Commit-Queue: Ingvar Stepanyan <rreverser@google.com>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63969}
2019-09-25 14:05:26 +00:00
Thibaud Michaud
63e9a7d9bf [wasm] Add multi-return support for Wasm to JS calls
Allows JS functions returning array-like objects to be imported as
multi-return functions in WebAssembly modules. Importing a generator
does not work as required by the specification yet.

R=mstarzinger@chromium.org

Bug: v8:9492
Change-Id: Iaf61a0f718eb50676913aa1486fb39cebecfc090
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1815246
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63965}
2019-09-25 11:14:58 +00:00
Dan Elphick
db90b8d644 [roheap] Add Isolate parameter to Code::Disassemble
In preparation for Code objects that aren't executable and can be in
RO_SPACE, pass an Isolate into Code::Disassemble.

Bug: v8:7464
Change-Id: I99f5faf23dd4709a48925e1ae44d1ce595ea6f5f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1822043
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63962}
2019-09-25 10:46:45 +00:00
Clemens Hammacher
e1b0086a6a [wasm] Increase maximum code space on arm64
With the far jump table, we need to distinguish the maximum size of a
single code space from the maximum total code size per module. On
arm64, they differ, because we now support 1GB of code space, but each
code space is still limited to 128MB.

Bug: v8:9477

R=mstarzinger@chromium.org

Change-Id: I7b9aaec56a1d9d1f70573b6b895216d5b3f38346
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1815253
Commit-Queue: Clemens Backes [né Hammacher] <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63961}
2019-09-25 10:44:35 +00:00
Dan Elphick
0f15403a04 [cleanup] Move string functions out of CSA
Moves the following functions from CodeStubAssembler to
BuiltinsStringAssembler:

SubString
CopyStringCharacters
AllocAndCopyStringCharacters

Bug: v8:9396
Change-Id: Ieb534b7fa7e72db9b05cdc2a34bd88b7a52ee985
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1822040
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Auto-Submit: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63959}
2019-09-25 07:59:34 +00:00
Ng Zhi An
8a5386f240 [wasm-simd] Implement f64x2 splat extract_lane replace_lane for ia32
Bug: v8:9728
Change-Id: I8d993368fc23ab9e8cc08e31f4405678ec4ce824
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1803790
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63955}
2019-09-24 23:24:08 +00:00
Dan Elphick
f674045458 [parser] Fix destructured parameters in arrowheads
Always unmark arrowhead parameters as assigned directly after their
initialization as the parser doesn't know when it first sees the
"assignment" that it may be in an arrowhead.

Bug: chromium:1003403, v8:8510
Change-Id: Iad5a4136d5ec06331fc43b81a809fd72cee2dd65
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1815131
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63947}
2019-09-24 14:11:52 +00:00
Joshua Litt
0ceee9ad28 [top-level-await] Add support for parsing top level await
Adds support for parsing top level await to V8, as well as
many tests.

This is the final cl in the series to add support for top level
await to v8.

Spec is here:
https://tc39.es/proposal-top-level-await/#sec-execute-async-module

Bug: v8:9344
Change-Id: Ie8f17ad8c7c60d1f6996d134ae154416cc1f31e3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1703878
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Joshua Litt <joshualitt@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63946}
2019-09-24 14:01:32 +00:00
Jakob Gruber
256a81671b [regexp] Adhere to the stack limit in the interpreter
This introduces a limit for the interpreter's BacktrackStack to match
the limit used by generated code (RegExpStack::kMaximumStackSize).

Bug: chromium:1006670
Change-Id: I0b7613698e61257aecca89535ad9109c7e454692
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1821458
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63945}
2019-09-24 13:33:09 +00:00
Michael Starzinger
cf3421008a [wasm] Limit number of labels for {br_table} instruction.
This reduces the number of label indices accepted by {br_table} from the
full function body size to specifically 65520 labels. Note that TurboFan
already had a similar limitation on switches, but caused a crash during
compilation up until now. This change just makes the limit explicit and
avoids the crash during compilation.

R=clemensh@chromium.org
TEST=mjsunit/regress/wasm/regress-9759
BUG=v8:9759

Change-Id: I3a9a4406b19a7f98fc36707b3b946be846170a15
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1821457
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Backes [né Hammacher] <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63944}
2019-09-24 12:54:49 +00:00
Clemens Hammacher
ae764cc31b [wasm] Fix TODO and remove bad tests
In the {Fixed} variant, the {WasmCodeManagerTest} always reserves
1GB of memory. This makes the test run OOM on many 32-bit platforms.
Instead of skipping it selectively, this CL just removes the whole
test. It caused a lot of trouble in the past, and needs two test-only
methods in the WasmCodeManager. Also, the {Fixed} variant will not be
needed any more with the wasm far jump table, since modules can always
grow then.

Drive-by: Clean up the unittests status file a bit.

R=mstarzinger@chromium.org

Bug: v8:9477
Change-Id: I5b6f8ed9f800863575c69d49d5df82f21fd23030
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1815251
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Backes [né Hammacher] <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63942}
2019-09-24 10:41:26 +00:00
Ulan Degenbaev
f7adf5f569 Avoid deduplication overhead for backing stores managed by embedder
If a BackingStore is marked as !free_on_destruct, then we don't have to
guarantee that there is only one such BackingStore pointing to the
underlying buffer. So we can skip costly registration in process-global
table of backing stores.

Bug: v8:9380,chromium:1002693
Change-Id: Iad1ec5c4811d6c52a9a9d78dd700acf69170db60
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1815136
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63941}
2019-09-24 10:39:25 +00:00
Igor Sheludko
d68bf369cb Reland "[ptr-compr] Switch to 31 bit Smis on 64-bit architectures"
This is a reland of 12a9ee3a5b

Fixed arm64 disasm test.

Original change's description:
> [ptr-compr] Switch to 31 bit Smis on 64-bit architectures
>
> 32 bit Smis are incompatible with pointer compression so we land disable
> them before enabling pointer compression in order to separate memory and
> performance regressions caused by 31 bit Smis from pointer compression
> change.
>
> Bug: v8:9767
> Change-Id: I3d4a675df4208f808b1ba6e7816be545eae0dc24
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1815249
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63934}

Bug: v8:9767
Change-Id: Ife46a4240141dd89d841eac152032ad6ca471810
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1820939
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63940}
2019-09-24 10:34:25 +00:00
Ulan Degenbaev
c199f828a8 Fix initalization of embedder fields for ArrayBuffers
This moves the initialization to JSArrayBuffer::SetupEmpty, which is the
proper bottleneck for all paths constructing array buffers.

Bug: chromium:1006600,v8:9380
Change-Id: I1887cb867627d69ade20654e5bc372b1ba1ac4e3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1815132
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63939}
2019-09-24 09:39:27 +00:00
Ulan Degenbaev
39ecc997eb Fix construction of empty backing stores for SharedArrayBuffers
Bug: chromium:1006629,v8:9380
Change-Id: I8e45759fe3ad1b0ef8f1ebdb33919c84e1e8a044
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1815244
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63928}
2019-09-23 13:42:29 +00:00
Michael Starzinger
d1e9b884ae [asm.js] Fix parsing of float coercion arguments.
This fixes how arguments of a call to {fround} are being parsed. It now
accepts a single "AssignmentExpression" only instead of an "Expression"
which could potentially be a whole comma-separated list of expressions.

R=clemensh@chromium.org
TEST=mjsunit/regress/regress-crbug-1006592
BUG=chromium:1006592

Change-Id: Ifaf0c2b048e4ec18429cc6039c0e7dcdecc1d0bb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1815255
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63926}
2019-09-23 12:26:26 +00:00
Michael Starzinger
ca02d58b34 [wasm] Load call builtin in JS-to-JS wrappers.
This loads the call builtin from the Isolate root instead of embedding
it into the instruction stream. This can be more efficient, but more
importantly it fixes an issue with tracing and eventually allows for
background compilation of these wrappers.

R=clemensh@chromium.org
TEST=mjsunit/regress/wasm/regress-crbug-1006631
BUG=chromium:1006631

Change-Id: Ife1bc513340d233a3c01789c7b56126fe3b87f6f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1815245
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63924}
2019-09-23 10:43:51 +00:00
Clemens Hammacher
6b6c2317fe Revert "[wasm] Fix TODO and skip test on win32"
This reverts commit ad83fa921b.

Reason for revert: Crashes odroid: https://ci.chromium.org/p/v8/builders/ci/V8%20Arm%20-%20debug/11234

Original change's description:
> [wasm] Fix TODO and skip test on win32
> 
> In the {Fixed} variant, the {GrowingVsFixedModule} test first reserves
> 1GB of memory, then allocates another 1GB to add it to the module as
> code. This uses too much memory on win32, making the test fail.
> Before this CL, the {NativeModule} only reserved 128kB upfront (in
> contrast to the actual expectation of the test).
> 
> Since all other aspects of this test are already covered by other
> tests, we just skip this test on win32.
> This allows us to resolve the TODO.
> 
> Drive-by: Clean up the unittests status file a bit.
> 
> R=​mstarzinger@chromium.org
> 
> Bug: v8:9477
> Change-Id: I575dd1a3f486e1805e0256e8ee6071246f2c24c4
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1816505
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63921}

TBR=mstarzinger@chromium.org,clemensh@chromium.org

Change-Id: Ia9d9b9e311ff8b7524938aeb02543bf2c01bdd27
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9477
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1815250
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63923}
2019-09-23 10:29:43 +00:00
Clemens Hammacher
ad83fa921b [wasm] Fix TODO and skip test on win32
In the {Fixed} variant, the {GrowingVsFixedModule} test first reserves
1GB of memory, then allocates another 1GB to add it to the module as
code. This uses too much memory on win32, making the test fail.
Before this CL, the {NativeModule} only reserved 128kB upfront (in
contrast to the actual expectation of the test).

Since all other aspects of this test are already covered by other
tests, we just skip this test on win32.
This allows us to resolve the TODO.

Drive-by: Clean up the unittests status file a bit.

R=mstarzinger@chromium.org

Bug: v8:9477
Change-Id: I575dd1a3f486e1805e0256e8ee6071246f2c24c4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1816505
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63921}
2019-09-23 09:28:10 +00:00
Dan Elphick
4921821b2f [parser] Prevent lazy parsing of arrow functions
Change Parser::AllowsLazyParsingWithoutUnresolvedVariables to return
false if it may be parsing an arrow function.

Bug: v8:9758, v8:8510
Change-Id: Ic5d213d4358ff954a169c03e449197c3f050880c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1816510
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63920}
2019-09-23 08:59:18 +00:00
Ng Zhi An
bcb31fe4df [wasm-simd] Fix simd 128 load and store memarg reading in interpreter
Add a new test SimdLoadStoreLoadMemargOffset to test this, without this fix
this test would have failed.

Bug: v8:9753
Change-Id: I119adda8e3c6c7adb0ad4023298bbce9c0c64a01
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1811457
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63914}
2019-09-20 18:04:29 +00:00
Joshua Litt
10883f561a [hole-check-elimination] Simplest possible hole check elimination
doc: https://docs.google.com/document/d/1Y9uF3hS2aUrwKU56vGxlvEs_IiGgmWSzau8097Y-XBM/edit

Bug: v8:7427
Change-Id: Iedd36c146cefff7e6687fdad48d263889c5c8347
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1778902
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63913}
2019-09-20 17:27:49 +00:00
Suraj Sharma
99188fc477 [ic] Add support for StoreSlow() in Global Dispatcher
Global Objects now use the Smi handler StoreSlow() to perform
StoreGlobalIC_Slow.

Bug: chromium:1004037
Change-Id: I365ab918383525278590ca4369a4b1b0d9636d29
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1812657
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Suraj Sharma <surshar@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#63912}
2019-09-20 17:05:09 +00:00
Joshua Litt
f25edf22e7 [d8] Terminate execution instead of omitting quit in d8 asan
Bug: v8:4653
Change-Id: I2b2e0e12dc7c3734dd554aa6dd5ed71c90a77758
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1806796
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Joshua Litt <joshualitt@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63911}
2019-09-20 16:38:19 +00:00
Irina Yatsenko
934dd8d7f8 [tools] Add !rs command to print remembered sets.
Produces output similar to:

Remembered set in chunk 0x29d0cd40000
  <empty>
Remembered set in chunk 0x891f200000
  <empty>
Remembered set in chunk 0x2fb14780000
  bucket 0x1ff381b09d0:
    0x2fb14780128 -> 0x6d7e080119
    0x2fb14780130 -> 0x6d7e080129
    0x2fb14780138 -> 0x6d7e080139
    0x2fb14780140 -> 0x6d7e080149
    0x2fb14780148 -> 0x6d7e080159
    0x2fb14780150 -> 0x6d7e080169
    0x2fb14780158 -> 0x6d7e080179
    0x2fb14780160 -> 0x6d7e080189
    0x2fb14780168 -> 0x6d7e080199
    0x2fb14780170 -> 0x6d7e0801a9
  10 remembered pointers in chunk 0x2fb14780000
Remembered set in chunk 0x5360700000
  <empty>

0: 000> !rs
Change-Id: I783322a2648ccba8a27aae72a459c742357e8e11
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1801253
Commit-Queue: Irina Yatsenko <irinayat@microsoft.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63910}
2019-09-20 16:33:09 +00:00
Joshua Litt
39cc400dea [top-level-await] Add support for top level await to d8
This cl adds support for top level await to d8, but still
does not allow top level await through parsing.
Unfortunately, due to that restriction this cl has no automated
tests, but I added a 'top-level-await' variant and manually
confirmed it passes locally.

Bug: v8:9344
Change-Id: I3528442768107f5ad1ed1e9e947cfceae91c0cc6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1808483
Commit-Queue: Joshua Litt <joshualitt@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63909}
2019-09-20 16:04:49 +00:00
Seth Brenith
1d3c4975be [tools] Use instance types of known Maps in v8_debug_helper
If we can read an object's Map pointer but not any data from the Map
itself, we may still be able to accurately describe the object's type if
the Map pointer matches one of the known Maps from the snapshot.
GetObjectProperties uses that data in one of two ways:
- If it is sure that the Map pointer matches a known Map, then it uses
  the type from that Map and continues as if it read the type normally.
- If the Map pointer is at the right offset within a heap page to match
  a known Map, but the caller didn't provide the addresses of the first
  pages in Map space or read-only space, then the type of that Map is
  just a guess and gets returned in a separate array. This gives the
  caller the opportunity to present guessed types to the user, and
  perhaps call again using the guessed type as the type hint.

Bug: v8:9376
Change-Id: I187f67b77e76699863a14534a9d635b79f654124
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1787986
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63908}
2019-09-20 16:00:59 +00:00
Clemens Hammacher
8ede52bacd [wasm] Skip deadlocking tests on predictable platform
The predictable platform can make tasks deadlock if the spawning task
is holding a lock that the spawn task also wants to take. This is
because the spawned task is just executed immediately within the
"context" of the spawning task.

The wasm async compile tests deadlock because the
{BackgroundCompileTask}s hold the shared {BackgroundCompileToken}
(reader lock) while spawning new tasks via {OnBackgroundTaskStopped} ->
{RestartBackgroundTasks}. The new tasks might want to cancel
compilation via {BackgroundCompileToken::Cancel}, which takes the
writer lock and hence deadlocks.
This can not happen on any other platform, since tasks are not nested
that way.

R=ahaas@chromium.org

Bug: v8:9760
No-Try: true
Change-Id: I9fc34d5de386aa5c6fdd64a1570fddcff872ec95
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1816502
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63904}
2019-09-20 10:23:14 +00:00
Clemens Hammacher
87287908b3 [wasm] Add test for creating 10k modules in one process
With --wasm-far-jump-table, it will be possible to create 10k (and
more) modules in one process. So far, we hit the virtual address space
limit around 1k modules, because each module makes a reservation of
{kMaxWasmCodeMemory} upfront. After this change, each module will only
reserve the estimated needed code size (if --wasm-far-jump-table is
set).

The test is carefully optimized to not execute too much code in the
loop, so it can still run in simulators in reasonable time. Note that
the time for actually compiling the module is spent in C++, which is
fast in simulator builds.

R=mstarzinger@chromium.org

Bug: v8:9477, v8:9651
Change-Id: If74a825d272a65b82ca5433cb648b6a2271872e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1811038
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63903}
2019-09-20 09:34:34 +00:00
Frank Tang
8d1b4774bf [Intl] Sync ListFormat to latest spec.
1. Add StringListFromIterable based on
https://tc39.es/proposal-intl-list-format/#sec-createstringlistfromiterable
2. Adjust other parts to sync with the new version.

Bug: v8:9747
Change-Id: I14202f2963463e6a3e9816209f087bfe8e73cb91
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1809902
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63899}
2019-09-19 20:02:53 +00:00
Igor Sheludko
ecafe04b37 [ic] Fix accessor to data reconfiguration case
... in object literals.

Bug: chromium:997056
Change-Id: Ifc210ff53b751c6ef26f16b73c9ac52426a845fd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1813021
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63894}
2019-09-19 14:35:46 +00:00
Ross McIlroy
513c75116d [CSA] Ensure we only call ToName once in KeyedLoadICGeneric.
BUG=v8:6949,v8:9396,chromium:1005400

Change-Id: I18f50fc385dd83c8f1c551d1a3dc32714122eb00
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1813022
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63888}
2019-09-19 12:39:46 +00:00
Ulan Degenbaev
55c48820f8 [api] Add [Shared]ArrayBuffer::GetBackingStore()
This adds an additional V8 API to get the backing store of an array
buffer. Unlike the existing API, the backing store comes wrapped
in a std::shared_ptr, making lifetime management with the embedder
explicit. This obviates the need for the old GetContents() and
Externalize() APIs, which will be deprecated in a future CL.

Contributed by titzer@chromium.org


Bug: v8:9380
Change-Id: I8a87f5dc141dab684693fe536b636e33f6e45173
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1807354
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63883}
2019-09-19 10:03:02 +00:00
Santiago Aboy Solanes
cd8100b61e [CSA][cleanup] TNodify builtins promise gen (pt. 2)
The promise file is too big so I am splitting it in several CLs.

TNodified:
 * AllocatePromiseReaction
 * AllocatePromiseReactionJobTask
 * AllocatePromiseResolveThenableJobTask
 * CreatePromiseResolvingFunctions
 * CreatePromiseResolvingFunctionsContext
 * CreatePromiseContext

This CL introduces some CASTs that will be deleted once the file is
TNodified in full.

Bug: v8:6949
Change-Id: Ia3006faa5e9fd0e6fa3c58511772857910326532
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1809360
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63882}
2019-09-19 10:01:57 +00:00
Irina Yatsenko
a0d01b658f [heap] GC should not retain filler objects tracked by deferred handles
Added tests for the scenario when the fillers would be evacuated within the
new space and when they would be promoted into the old space.

The fix is to treat the deferred handles the same as the local ones:
call FixStaleLeftTrimmedHandlesVisitor for them.

Bug: v8:9739
Change-Id: Idac233716295f53793657164561bb81f8f729065
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1809815
Commit-Queue: Irina Yatsenko <irinayat@microsoft.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63880}
2019-09-18 22:17:18 +00:00
Ng Zhi An
2cf821cc01 [wasm-simd] Implement QFMA and QFMS on x64
Quasi Fused Multiply-Add and Quasi Fused Multiply-Subtract performs, on floats, a + b * c and a - b * c respectively.
When there is only a single rounding, it is a fused operation. Quasi in this case means that the result can either be fused or not fused (two roundings), depending on hardware support.

It is tricky to write the test because we need to calculate the expected value, and there is no easy way to express fused or unfused operation in C++, i.e.
we cannot confirm that float expected = a + b * c will perform a fused or unfused operation (unless we use intrinsics).
Thus in the test we have a list of simple checks, plus interesting values that we know will produce different results depending on whether it was fused or not.

The difference between 32x4 and 64x2 qfma/qfms is the type, and also the values of b and c that will cause an overflow, and thus the intermediate rounding will affect the final result.
The same array can be copy pasted for both types, but with a bit of templating we can avoid that duplication.

Change-Id: I0973a3d28468d25f310b593c72f21bff54d809a7
Bug: v8:9415
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1779325
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63878}
2019-09-18 20:25:07 +00:00
Ng Zhi An
72b8a49f7d Add disasm for vshl (register) on arm
Change-Id: Ib07ad54ef20877597dcf50a995a8f8a8e8dcb1c3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1809816
Reviewed-by: Martyn Capewell <martyn.capewell@arm.com>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63877}
2019-09-18 19:21:06 +00:00
Benedikt Meurer
42c98392a8 [debug] Don't disable the RegExp compilation cache when debugger is active.
Disabling the RegExp compilation cache comes with performance implications,
and it doesn't seem to be necessary for debugging.

Bug: chromium:992277
Change-Id: I24841f4814bcacb18a3968c37490f201c0c1ccac
Cq-Include-Trybots: luci.chromium.try:linux-rel,win7-rel
Cq-Include-Trybots: luci.v8.try:v8_linux_gc_stress_dbg,v8_linux64_gc_stress_custom_snapshot_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1805637
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63876}
2019-09-18 19:14:36 +00:00
Ingvar Stepanyan
31f44eeab0 Fix Wasm reporting to multiple inspectors
Separate creating Wasm translations from reporting them to an agent.
This is done in order to support multiple connected sessions.

Previously connecting more than one agent would fail assertion in debug
mode and overwrite translation objects over and over
(and potentially do something worse) in release mode.

Bug: v8:9725
Change-Id: I13fde5ebf6e64e7268eb6870f9c21ac9a5bed81e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1807273
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Ingvar Stepanyan <rreverser@google.com>
Cr-Commit-Position: refs/heads/master@{#63867}
2019-09-18 12:48:13 +00:00
Ross McIlroy
b946521f18 [CSA][cleanup] Use Name instead of String type for var_name in KeyedLoadICGeneric.
BUG=v8:6949,v8:9396,chromium:1004912

Change-Id: Ifa8207283aadad258281bffda6d49da574402a24
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1809370
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63865}
2019-09-18 11:22:28 +00:00
Michael Starzinger
d7903dd3de [wasm] Move {WasmModuleObject::DisassembleFunction}.
This introduces {DisassembleWasmFunction} to replace the above method,
since disassembling a function is independent of the concrete module
object and hence can be done for shared decoded modules.

R=clemensh@chromium.org
BUG=v8:6847

Change-Id: I5abea2a1381a9b8d3717a55d0b2b937dfbbafefd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1809359
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63860}
2019-09-18 09:29:34 +00:00
Deepti Gandluri
766827d25f [wasm] Enable shared GrowMemory by default
ArrayBuffer tracking has landed, turning on GrowMemory for Shared
WebAssembly.memory on by default. Enable all variants of tests based
on the new implementation.

Bug: v8:8564, v8:9221, v8:8832
Change-Id: I0ff8688636303896450b788b2ff5a7268d386050
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1808106
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63855}
2019-09-17 23:41:43 +00:00
Frank Tang
9849000141 [Intl] Fix m(ax|in)imumFractionDigits for currency
Fix m(ax|in)imumFractionDigits of Intl.NumberFormat
resolvedOptions are set to 0. For example, currency
instance for CPY or KRW.

Bug: chromium:1003748
Change-Id: Ia1963d8d070b066bd5afa61f8c4716a21450af05
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1807742
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63850}
2019-09-17 16:34:00 +00:00
Santiago Aboy Solanes
4dfbe61ab9 [CSA][cleanup] TNodify builtins promise gen (pt. 1)
The promise file is too big so I am splitting it in several CLs.
This is the first one.

TNodified:
 * AllocateAndInitJSPromise (three versions)
 * PerformPromiseThen
 * AllocateJSPromise

Bug: v8:6949
Change-Id: I57ae8de3f929c00a9127ea4be51ffe7703b44959
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1807370
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63849}
2019-09-17 16:30:50 +00:00
Ross McIlroy
11b819c679 [CSA][cleanup] TNodify TryToName, TryToIntPtr and TryInternalizeString.
BUG=v8:6949,v8:9396

Change-Id: Icd65e16f6b5b41ad56d1b8767a73e8ca15d05b74
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1807365
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63845}
2019-09-17 14:56:34 +00:00
Georg Neis
1f3b2d4ec2 [api] Support CreationContext() on module namespace objects
Bug: v8:9713
Change-Id: I80b8f72ce4617b314f6c4991297a6464f67cbbec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1807364
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63844}
2019-09-17 14:55:29 +00:00
Mu Tao
1da56e6881 [mips][heap] Remove dynamic allocation flag on NewNumber functions
Port 1dd791fca2

Original Commit Message:

    Uses templates to dispath the allocation flag statically.

Change-Id: I1d6a0f2c6ca04ac0f03afe392584e9f1e8dcfb9a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1806680
Auto-Submit: Mu Tao <pamilty@gmail.com>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63842}
2019-09-17 14:07:59 +00:00
Andreas Haas
d8b0c1e3e7 [wasm][bulk] Update the element segment decoding to the new spec changes
The element segment encoding in the bulk memory proposal changed
recently. With this CL the V8 implementation gets up to date again.

R=thibaudm@chromium.org

Bug: v8:9658
Change-Id: I4f45d04369400356a6f3aaed9570c7870f5f97bd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1778022
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63836}
2019-09-17 13:25:42 +00:00
Jakob Kummerow
982412d96f [tests] Speed up mjsunit/packed-elements by 1500x
Adding a %SimulateNewspaceFull runtime function speeds up this test
from 7m21s to 0.3s (on arm.optdebug with --jitless).
Bonus content:
- speed up mjsunit/md5 by 23x (5m25s -> 7.5s)
- speed up mjsunit/string-replace-gc by 8x (1m37s -> 12s)

Bug: v8:9700, v8:9396
Change-Id: Id00d0b83b51192edf1d5493b49b79b5d76e78087
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1807355
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63829}
2019-09-17 12:05:11 +00:00
Georg Neis
c98aa0e275 Clean up deferred handle scopes
- There was no use of DisallowDeferredHandleDereference, so remove the
  corresponding assertion scope and related code.
- Make DeferredHandleScope::Detach return a unique_ptr rather than a
  raw pointer for clarity.
- Store DeferredHandles in compilation info as unique_ptr rather than
  shared_ptr, as it's never shared.
- Remove some unused methods.

Change-Id: I8327399fd291eba782820dd7a62c3bbdffedac4d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1805645
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63828}
2019-09-17 11:45:55 +00:00
Andreas Haas
9d7b45620d [wasm] Check for invalid function index in init expr
R=clemensh@chromium.org

Bug: chromium:1003241
Change-Id: I2c37404746bd4807040c787490fc7851ea6988d6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1807359
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63825}
2019-09-17 10:37:33 +00:00
Frank Tang
33092580ef [Intl] Better annotation of bug number
Bug: v8:9742
Change-Id: Ifd162c4c8c52efff7da98281c9dfed53a473026c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1808405
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63818}
2019-09-17 06:25:20 +00:00
Frank Tang
dbc824d85b [Intl] Fix resolvedOptions of PluralRule
Bug: v8:9727
Change-Id: I634902e89c0c79fb95994e0a3a971cbc7889c09c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1803788
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63816}
2019-09-16 22:00:11 +00:00
Frank Tang
133219ad5c [Intl] Throws exception on grandfather and private locale
Bug: v8:9613
Change-Id: Ie91a5bd39c82b6baf33fd84dee8420d2c4a5f504
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1803783
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63815}
2019-09-16 20:59:11 +00:00
Ng Zhi An
428c2a383d [wasm-simd] Implement f32x4.sqrt for ia32
Bug: v8:8460
Change-Id: I8e72aa194cfc9797f0451d54638b6ba152d32971
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1797269
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63814}
2019-09-16 20:26:01 +00:00
Georg Neis
97c89ebbe2 [turbofan] Fix and simplify optimization of access on global proxy
We used to have two special cases for named accesses on the global
proxy, one based on seeing the global proxy constant in the graph and
on based on seeing the global proxy map either in the feedback or in
the graph. A change I made a while ago accidentally disabled the second
one. This CL restores that.

Moreover, given how things are set up now (this might have been
different before), the first optimization is subsumed by the second
one, so this CL also removes the first one.

Finally, this CL records an accumulator hint in the case of a load,
which improves precision of the serializer for concurrent inlining.

Tbr: tebbi@chromium.org
Bug: v8:7790
Change-Id: I255afc6c79e5c5c900b3ccfcd8459d836d21e42b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1801954
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63806}
2019-09-16 15:43:08 +00:00
Joshua Litt
798cb9045c Reland "[top-level-await] Implement top-level-await in V8"
The first land did not correctly handle exceptions for already evaluated
modules.

Original description:
Implements AsyncModules in SourceTextModule. However, there is no
support in the parser or D8 for actually creating / resolving
AsyncModules. Also adds a flag '--top-level-await,' but the only
external facing change with the flag enabled is that Module::Evaluate
returns a promise.

Bug: v8:9344
Change-Id: I24725816ee4a6c3616c3c8b08a75a60ca9f27727
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1797658
Commit-Queue: Joshua Litt <joshualitt@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63803}
2019-09-16 15:29:17 +00:00
Clemens Hammacher
b53ff5f4e3 Add test mode to ignore allocation hints
This randomizes new memory allocations and reservations. It's currently
used to test far jump tables in wasm better, but might be helpful
generally for testing arbitrary virtual memory layouts.

R=mstarzinger@chromium.org

Bug: v8:9477
Change-Id: Ie60b7c6dd3c4cd0f3b9eb8e2172912e0851c357d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1803340
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63802}
2019-09-16 15:18:27 +00:00
Jakob Kummerow
9f7ae50aa8 [ubsan] Make ARM and ARM64 UBSan-clean
Bug: v8:3770,v8:9666
Change-Id: I7b7652887d6b60fbb80e1100834bc7c9df0544d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1792909
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Martyn Capewell <martyn.capewell@arm.com>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63801}
2019-09-16 15:03:45 +00:00
Artem Serov
66f2519628 Reland "[turbofan,arm64] Add float loads poisoning."
This is a reland of 2869d9de0d

Original change's description:
> [turbofan,arm64] Add float loads poisoning.
>
> Also extend load poisoning testing for arm and arm64.
>
> This is a port of I1ef202296744a39054366f2bc424d6952c3bbe9d,
> originally introduced for arm.
>
> Change-Id: I7d317bba6be633dd1e563daa7231d3c5e930f8e4
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1691032
> Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63519}

Change-Id: I8155456f6ad571897f6274a86e58fec6cd66ee7d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1800583
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/master@{#63800}
2019-09-16 14:57:08 +00:00
Clemens Hammacher
633d8307cf [wasm] Add test for multiple code spaces
This CL adds a flag to reduce the initial code space reservation size
(--wasm-max-initial-code-space-reservation), and adds a test which creates at
least four separate code spaces and calls between them.

R=mstarzinger@chromium.org

Bug: v8:9477
Change-Id: I1b4c430266962eb94dbe4b381f46b03c2ec07fc2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1782999
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63797}
2019-09-16 13:57:46 +00:00
Joshua Litt
20bf2b7b22 [scanner] Allow escaped keywords to be property names
Bug: v8:9647
Change-Id: Ib6449fadc42130a019788ba3a22e93bfd0de789b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1803514
Commit-Queue: Joshua Litt <joshualitt@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63796}
2019-09-16 13:56:41 +00:00
Dan Elphick
bec49d81df [csa] Fix parameter casting on empty arrays
Changes the Array(Includes|IndexOf)(Holey|Packed)Doubles builtins to
first check the input array is not empty before attempting to cast it to
a FixedDoubleArray as an empty array of doubles can be backed by a
FixedArray.

Bug: chromium:1004061
Change-Id: I12f302afa9596fb8a5581849662cd67fcc06f92b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1806676
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63794}
2019-09-16 13:49:21 +00:00
Victor Gomes
e35175a764 Reland "[Heap] Create a fast path for young allocations."
Disable a flaky test.

This is a reland of cbf028e8b8

Bug: v8:9714
Change-Id: Ifc136ad80bd7f2a0ae67a15e688a3d08ceed3c44
Cq-Include-Trybots: luci.v8.try:v8_linux_gc_stress_dbg
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1806915
Auto-Submit: Victor Gomes <victorgomes@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@google.com>
Cr-Commit-Position: refs/heads/master@{#63793}
2019-09-16 13:25:51 +00:00
Maya Lekova
2f9d2fc1ce [turbofan] Add a missing object to the broker
Bug: chromium:1003730
Change-Id: Id8ca302b0b17ce08821507bb686bf241416eee67
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1806913
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63789}
2019-09-16 12:39:26 +00:00
Ross McIlroy
61085f2cb3 [CSA] Update TryLookupProperty to JSReceiver type.
The current JSObject type is too specific as it can also be passed proxy
objects.

BUG=chromium:1003919,v8:6949

Change-Id: I2766868543827fc5ee6f99f3b120c7ffe9cfed39
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1803651
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63787}
2019-09-16 12:20:31 +00:00
Jakob Kummerow
b823bf1ba6 [test][cleanup] Revive --time, speed up some tests
This reimplements the "--time" option of run-tests.py to print the
20 slowest tests, on top of json_test_results infrastructure just
like the bots do it.
Additionally this CL speeds up a bunch of slow tests.

Bug: v8:9396
Change-Id: I40797d2c8c3bfdd310b72f15cd1a035844b7c6f3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1803635
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63786}
2019-09-16 11:24:11 +00:00
Victor Gomes
1dd791fca2 [Heap]: Remove dynamic allocation flag on NewNumber functions.
Uses templates to dispath the allocation flag statically.

Bug: v8:9714
Change-Id: I1998ae47be2f7d872d34b3bc2390d01cbfad6afa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1801848
Auto-Submit: Victor Gomes <victorgomes@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63783}
2019-09-16 10:57:38 +00:00
Shu-yu Guo
397caa92c6 [Intl] Install intrinsic default prototypes for Intl constructors
Install intrinsic default prototypes for Intl.ListFormat,
Intl.PluralRules, Intl.RelativeTimeFormat, and Intl.Segmenter.
Observable when attempting to construct cross-realm via a
new.target with a non-Object .prototype property.

Bug: v8:9712
Change-Id: I77ae75e5ea1ee8e9a01cf5788b664a5945aa1f7e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1801252
Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63774}
2019-09-13 20:35:50 +00:00
Ng Zhi An
9b4e683bd6 [wasm-simd] Implement f32x4.sqrt f64x2.sqrt for arm64
Bug: v8:8460
Change-Id: I2a96d5bad3dbcfe6a437931d7e9756646610f74b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1796319
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63771}
2019-09-13 18:17:48 +00:00
Frank Tang
fad60ef290 [Intl] Fix Hungarian number format grouping
By rolling icu to faee8bc which contains the upstream CLDR fix.

Bug: v8:992694
Change-Id: I073d15396fa0e7c5054aa4e0806e5842228955f0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1799424
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63768}
2019-09-13 17:14:41 +00:00
Clemens Hammacher
75790c9823 [iwyu] Add missing includes of <memory> for std::unique_ptr
After https://crrev.com/c/1800575 and https://crrev.com/c/1803343,
which tried to fix this on occuring compile errors, this CL
systematically adds the <memory> include to each header that uses
{std::unique_ptr}.

R=sigurds@chromium.org
TBR=mlippautz@chromium.org,alph@chromium.org,rmcilroy@chromium.org,verwaest@chromium.org

Bug: v8:9396
Change-Id: If7f9c3140842f9543135dddd7344c0f357999da0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1803349
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63767}
2019-09-13 17:13:36 +00:00
Frank Tang
9d2591a695 Correct the name of the regression test
Bug: v8:9464
Change-Id: Ibdc6f9797661e357e01c2f02565eeca12abbf8ae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1801251
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63764}
2019-09-13 16:14:50 +00:00
Clemens Hammacher
0a8ddb134c [wasm] Implement patching of far jump table
If the jump is too large for a near jump, we patch the far jump table
instead, and patch the (near) jump table to jump to the far jump table
slot.

R=mstarzinger@chromium.org

Bug: v8:9477
Change-Id: Ic9a929b405492c1cfe744738e0807ad4357c53ff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1799543
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63754}
2019-09-13 13:01:44 +00:00
Joey Gouly
01b5a7ed67 [arm64] Fold comparisons into branches for Word64
Make TryEmitCbzOrTbz a template, so it can be used for Word64 as well as Word32.

0.09% reduction of embedded builtins size with a arm64 ptr-compr build.

Some of the unittests weren't ported to Word64 as they don't pass, this is due to
VisitWordCompare missing a loop to remove Word64Equal comparisons against 0. This
can be added in a different CL if needed.

Change-Id: I927129d934083b71abe5b77991c39286470a228d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1792908
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63751}
2019-09-13 12:55:24 +00:00
Clemens Hammacher
f0463fe99f [wasm] Make {JumpTableAssembler} independent of wasm internals
The {JumpTableAssembler} should not include {wasm-code-manager.h}. It
only depends on assembler headers in {src/codegen}.
This removes the {flush_i_cache} parameter which is always set anyway,
removes the last include from {src/wasm} and updates the DEPS file to
forbid such includes for the future.

R=mstarzinger@chromium.org

Bug: v8:9396, v8:9477
Change-Id: Id57b35c93155c3eac7c4c9b6a41d3a1c98c0dddc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1801846
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63749}
2019-09-13 12:53:16 +00:00
Clemens Hammacher
dbc36e95c5 Revert "Reland "[Heap] Create a fast path for young allocations.""
This reverts commit 7b7df7db4d.

Reason for revert: Still breaks gc-stress bots: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20gc%20stress/24466

Original change's description:
> Reland "[Heap] Create a fast path for young allocations."
> 
> Disable a flaky test.
> 
> This is a reland of cbf028e8b8
> 
> Original change's description:
> > [Heap] Create a fast path for young allocations.
> >
> > Bug: v8:9714
> > Change-Id: I3be6ea615142c8282bb67370626c7596cedf826c
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1800304
> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > Commit-Queue: Victor Gomes <victorgomes@google.com>
> > Auto-Submit: Victor Gomes <victorgomes@google.com>
> > Cr-Commit-Position: refs/heads/master@{#63729}
> 
> Bug: v8:9714
> Change-Id: Ifbd8617be1b8c58cb1552fe88c52eafd9d6e9c7d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1801840
> Commit-Queue: Victor Gomes <victorgomes@google.com>
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Auto-Submit: Victor Gomes <victorgomes@google.com>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63744}

TBR=ulan@chromium.org,verwaest@chromium.org,victorgomes@google.com

Change-Id: Ie041a7ff25adb9edc7c44ebb259912e66dfb9da1
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9714
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1801852
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63747}
2019-09-13 12:33:41 +00:00
Victor Gomes
7b7df7db4d Reland "[Heap] Create a fast path for young allocations."
Disable a flaky test.

This is a reland of cbf028e8b8

Original change's description:
> [Heap] Create a fast path for young allocations.
>
> Bug: v8:9714
> Change-Id: I3be6ea615142c8282bb67370626c7596cedf826c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1800304
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Victor Gomes <victorgomes@google.com>
> Auto-Submit: Victor Gomes <victorgomes@google.com>
> Cr-Commit-Position: refs/heads/master@{#63729}

Bug: v8:9714
Change-Id: Ifbd8617be1b8c58cb1552fe88c52eafd9d6e9c7d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1801840
Commit-Queue: Victor Gomes <victorgomes@google.com>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63744}
2019-09-13 11:26:45 +00:00
Tobias Tebbi
3f8fc137c3 Revert "[turbofan] temporarily disable const-based load elimination"
This reverts commit 9ce6792630.

Reason for revert: This was never intended to stay.

Original change's description:
> [turbofan] temporarily disable const-based load elimination
> 
> This is a safe to merge hot-fix to tackle https://crbug.com/983764.
> To be reverted after merging to M77.
> 
> Bug: chromium:983764
> Change-Id: I3cd27481f224b352ef6bcf9dde21a8f77616acff
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1786285
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63570}

TBR=tebbi@chromium.org,mslekova@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: chromium:983764
Change-Id: I9c07eab384818aaeecab0224cec0f6b5310e9e09
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1801839
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63743}
2019-09-13 11:25:40 +00:00
Igor Sheludko
29817ae091 [csa] Remove ParameterMode from CSA::CodeStubArguments
Bug: v8:9708
Change-Id: I91e429e478ad70dc2212f9f78830d10941fa47e6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1800581
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63740}
2019-09-13 09:03:13 +00:00
Dmitry Gozman
fe3d51e1b2 [inspector] Simplify async stepping
Currently, debugger pauses on async call schedule and then waits for Debugger.pauseOnAsyncCall
with parentStackTraceId to actually schedule the pause.

This CL combines these two steps:
- For local async tasks, it just stores m_taskWithScheduledBreak at the time of schedule,
  to be able to pause once this task is run.
- For external async tasks, it plumbs "should_pause" boolean in V8StackTraceId from
  the point of schedule to the point of execution, and schedules a pause once
  externalAsyncTaskStarted is called with "should_pause" set to true.

This approach greatly simplifies the implementation, and reduced frontend to a single
"breakOnAsyncCall: true" parameter in Debugger.stepInto.

Drive-by: introduce hasScheduledBreakOnNextFunctionCall() to make
SetBreakOnNextFunctionCall management more robust.

Note: artificial pauses at async call schedule time are gone from test expectations -
we now only pause when user actually wants to pause, which makes protocol much simpler.

See also design doc linked in the bug.

BUG=chromium:1000475

Change-Id: I2d16f79c599fe196b2aaeca8223c63437a2954a9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1783724
Commit-Queue: Dmitry Gozman <dgozman@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63737}
2019-09-13 02:33:22 +00:00
Frank Tang
25c11657fc [Intl] Clean up by removing the following flags
harmony_intl_bigint shipped in m76
  harmony_intl_date_format_range shipped in m76
  harmony_intl_datetime_style shipped in m76
  harmony_intl_numberformat_unified shipped in m77

Bug: v8:9272, v8:9273, v8:9274
Change-Id: Icc640e011021e691373bc61725013578b7185e50
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1799263
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63736}
2019-09-12 22:25:41 +00:00
Frank Tang
6cf125a90c [Intl] Fix error message to report the right method.
Bug: v8:9464
Change-Id: I3252de850bbaa5fdb15f5fc2103f1ebb7be3e1ea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1799396
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63734}
2019-09-12 19:32:31 +00:00
Irina Yatsenko
286d339469 Three basic cctests for tracking of old to new pointers
Change-Id: I162b3cac024fba180ff191c8497da9a958c38167
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1797657
Commit-Queue: Irina Yatsenko <irinayat@microsoft.com>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63731}
2019-09-12 18:16:00 +00:00
Ng Zhi An
167ca2e252 [wasm-simd] Fix shifts value to be modulo lane width
Drive by fix of type of expected value in a test

Bug: v8:9626
Change-Id: I1bb44082b873383ea75e7089828bc68c9d4e0df0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1757503
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63727}
2019-09-12 17:37:10 +00:00
Ng Zhi An
c255e5fbc3 Remove redundant buffer read/write checks
The point of this test is to check for OOB access traps, the read/write
of the entire backing buffer is not useful to this test, and causes the
test to be really slow, especially on arm simulator. This change cuts
the runtime of the test from ~7.5min to ~1.5min.

Bug: v8:7783
Bug: v8:9396
Change-Id: Id57648e920b7631d8c481d2a43ded1c16cd2d1d3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1793905
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63726}
2019-09-12 17:29:20 +00:00
Santiago Aboy Solanes
a31d04d7cb [CSA][cleanup] Finish TNodifying EmitXXX methods in builtins constructor gen
TNodified:
 * EmitCreateShallowArrayLiteral
 * EmitCreateShallowObjectLiteral

Also propagated the TNodification of AllocationSite. Previously it was
used a lot with nullptr, and that changed to {}.

Bug: v8:6949, v8:9396
Change-Id: I8ed04d2d346f5960bba23a233c3dd244ad7f122a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1795346
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63725}
2019-09-12 16:55:43 +00:00
Tobias Tebbi
afd83c074f [csa] move TNode to separate header
This enables using TNode types without including code-assembler.h,
which is useful when generating CallInterfaceDescriptors.

As a drive-by, this moves TNode from v8::internal::compiler to
v8::internal. It's only used outside of the compiler anyway.

Change-Id: I3d938c22366a3570315041683094f77b0d1096a2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1798425
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63721}
2019-09-12 14:48:03 +00:00
Sigurd Schneider
deac757bc7 [debugger] Fix code coverage for break/return inside switch-case
Case statements have a list of statements associated with them, but are
not blocks, and were hence not fixed-up correctly for code coverage.
This CL also applies the fix-up to the "body" of case statements,
in this way removing ranges reported as uncovered between the final
break/return in a case and the next case (or end of function).

Drive-by: Add optional pretty printing to code coverage test results.

Change-Id: I5f4002d4e17b7253ed516d99f7c389ab2264be10
Bug: v8:9705
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1798426
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63719}
2019-09-12 13:53:13 +00:00
Peter Marshall
6ad781ccd5 [cleanup] Change error message for neutered -> detached
Bug: chromium:913887
Change-Id: If533bb85675456b674f79486b06a44e447f40aee
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1739371
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63715}
2019-09-12 12:53:43 +00:00
Santiago Aboy Solanes
23d7e79829 [CSA][cleanup] TNodify builtins constructor gen
TNodify:
 * EmitFastNewFunctionContext
 * EmitCreateRegExpLiteral
 * EmitCreateEmptyArrayLiteral
 * EmitCreateEmptyObjectLiteral

Bug: v8:6949, v8:9396
Change-Id: I2a06e0a43feca42cf89d154b8fa9e84573676b4a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1793142
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63713}
2019-09-12 10:55:18 +00:00
Santiago Aboy Solanes
b0e70c571a [cleanup] wasm/asm-wasm-u32 not SLOW anymore
Since https://chromium-review.googlesource.com/c/v8/v8/+/1791632 sped it
up, there is no need to mark it as SLOW.

Bug: v8:7783
Change-Id: I24d1b2f1e56dff4c820d397288ab3ad7662ae06b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1800564
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63712}
2019-09-12 10:22:47 +00:00
Michael Starzinger
7da8f2c959 [wasm] Fix WebAssembly.Table#get for constructed functions.
This fixes the case where a table entry contains a function constructed
via {WebAssembly.Function} and is then read out via a runtime function
from the table.

R=ahaas@chromium.org
TEST=mjsunit/regress/wasm/regress-crbug-1002388
BUG=chromium:1002388

Change-Id: Ic0a9a544baaf37e68cd22eb91f2ef0bdf5fa5842
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1795352
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63709}
2019-09-12 09:40:55 +00:00
Jakob Gruber
ba72dc0803 Revert "[compiler] Optionally apply an offset to stack checks"
This reverts commit 4a16305b65.

Reason for revert: Need to revalidate assumptions behind the CHECK.

Original change's description:
> [compiler] Optionally apply an offset to stack checks
> 
> The motivation behind this change is that the frame size of an optimized
> function and its unoptimized version may differ, and deoptimization
> may thus trigger a stack overflow. The solution implemented in this CL
> is to optionally apply an offset to the stack check s.t. the check
> becomes 'sp - offset > limit'. The offset is applied to stack checks at
> function-entry, and is set to the difference between the optimized and
> unoptimized frame size.
> 
> A caveat: OSR may not be fully handled by this fix since we've already
> passed the function-entry stack check. A possible solution would be to
> *not* skip creation of function-entry stack checks for inlinees.
> 
> This CL: 1. annotates stack check nodes with the stack check kind, where
> kind is one of {function-entry,iteration-body,unknown}. 2. potentially
> allocates a temporary register to store the result of the 'sp - offset'
> in instruction selection (and switches input registers to 'unique'
> mode). 3. Applies the offset in code generation.
> 
> Drive-by: Add src/compiler/globals.h for compiler-specific globals.
> 
> Bug: v8:9534,chromium:1000887
> Change-Id: I257191c4a4978ccb60cfa5805ef421f30f0e9826
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1762521
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63701}

TBR=neis@chromium.org,sigurds@chromium.org,jgruber@chromium.org

Change-Id: Iebf46d5256b6dee13451741781ef85a5fe9b1628
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9534, chromium:1000887
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1800565
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63706}
2019-09-12 09:23:47 +00:00
Georg Neis
2304c194f0 [compiler] Replace remaining mutable reference arguments
Bug: v8:9429
Change-Id: Id775a765d9700e1d2c46b4598f5e4c8350e28f14
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1796340
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63705}
2019-09-12 08:56:15 +00:00
Swapnil Gaikwad
91e3243d60 Extend GetIterator bytecode to perform JSReceiver check on object[Symbol.iterator]()
Current GetIterator bytecode loads and calls @@iterator property on a
given object. This change extends the bytecode functionality to check
whether the value returned after calling @@iterator property is a valid
JSReceiver. The bytecode throws SymbolIteratorInvalid exception if the
returned value is not a valid JSReceiver. This change absorbs the
functionality of additional two bytecodes - JumpIfJSReceiver and
CallRuntime, that are part of the iterator protocol in the GetIterator
bytecode.

Bug: v8:9489
Change-Id: I9e84cfe85eeb9a1b8a97ca0595375ac26ba1bbfd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1792905
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Swapnil Gaikwad <swapnilgaikwad@google.com>
Cr-Commit-Position: refs/heads/master@{#63704}
2019-09-12 08:51:35 +00:00
Shu-yu Guo
b378a2e9c3 Roll test262
59a1a01..ef7fd2bc

Bug: v8:7834, v8:9712
Change-Id: Iebc11aa3be2fa692bfae7069f45e89d795132cfa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1799398
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63702}
2019-09-12 06:55:05 +00:00
Jakob Gruber
4a16305b65 [compiler] Optionally apply an offset to stack checks
The motivation behind this change is that the frame size of an optimized
function and its unoptimized version may differ, and deoptimization
may thus trigger a stack overflow. The solution implemented in this CL
is to optionally apply an offset to the stack check s.t. the check
becomes 'sp - offset > limit'. The offset is applied to stack checks at
function-entry, and is set to the difference between the optimized and
unoptimized frame size.

A caveat: OSR may not be fully handled by this fix since we've already
passed the function-entry stack check. A possible solution would be to
*not* skip creation of function-entry stack checks for inlinees.

This CL: 1. annotates stack check nodes with the stack check kind, where
kind is one of {function-entry,iteration-body,unknown}. 2. potentially
allocates a temporary register to store the result of the 'sp - offset'
in instruction selection (and switches input registers to 'unique'
mode). 3. Applies the offset in code generation.

Drive-by: Add src/compiler/globals.h for compiler-specific globals.

Bug: v8:9534,chromium:1000887
Change-Id: I257191c4a4978ccb60cfa5805ef421f30f0e9826
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1762521
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63701}
2019-09-12 06:48:25 +00:00
Clemens Hammacher
3d2159462c [wasm] Allocate one far jump table per code space
This moves the code to allocate the far jump table from
{SetRuntimeStubs} to {AddCodeSpace} to allocate one such table per code
space.
Also, the {runtime_stub_table_} and {runtime_stub_entries_} fields do
not make sense any more now and are replaced by calls to
{GetNearRuntimeStubEntry} and {GetRuntimeStubId}.

R=mstarzinger@chromium.org

Bug: v8:9477
Change-Id: Ie1f5c9d4eb282270337a684c34f097d8077fdfbb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1795348
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63700}
2019-09-12 06:27:26 +00:00
Ng Zhi An
8d4fbc33f4 Reduce the number of ints tested
This reduces the runtime from ~20m to ~2m (very unscientific measure
based on running the entire asm-wasm-i32 test with and without this
change).

I removed most of the constants that looked uninteresting, e.g. testing
for 10, 20, 30, isn't that interesting. The edge cases are left
untouched, min/max signed positive/negative ints and +/- 1 from both.

Bug: v8:7783
Bug: v8:9396
Change-Id: Ice363fc3f786dd55ff118ffa42f9ecea07880338
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1791632
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63695}
2019-09-11 20:27:24 +00:00
Ulan Degenbaev
e9730043cf [api, heap] Add v8::Isolate::MeasureMemory API
This adds a new API function and provides a simple implementation
of performance.measureMemory() in d8. The implementation currently
immediately resolves the result promise with the current heap size.

Bug: chromium:973627

Change-Id: Ia8e1963a49b7df628b5487a2c0d601473f0cb039
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1796502
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63694}
2019-09-11 18:18:10 +00:00
Ng Zhi An
134e110211 [wasm-simd] Implement f32x4.sqrt f64x2.sqrt for x64
Implementations for other architectures will follow in subsequent
changes.

Bug: v8:8460
Change-Id: I279388ab76b1d88d65cbe179088be5573c17fc58
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1796317
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63693}
2019-09-11 17:26:32 +00:00
Joshua Litt
93a29bdce0 Revert "[top-level-await] Implement top-level-await in V8"
This reverts commit 591d1c9de4.

Reason for revert: breaks blink

Original change's description:
> [top-level-await] Implement top-level-await in V8
> 
> Implements AsyncModules in SourceTextModule. However, there is no
> support in the parser or D8 for actually creating / resolving
> AsyncModules. Also adds a flag '--top-level-await,' but the only
> external facing change with the flag enabled is that Module::Evaluate
> returns a promise.
> 
> Bug: v8:9344
> Change-Id: Idc722efc1e2aa780d04bdb985bb7920ab969d34e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1728037
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Joshua Litt <joshualitt@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63686}

TBR=ulan@chromium.org,adamk@chromium.org,neis@chromium.org,joshualitt@chromium.org

Change-Id: I6ceeb3a293a948af04bf200ab784ceb03386a3fd
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9344
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1797656
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63692}
2019-09-11 17:00:21 +00:00
Ng Zhi An
b0209cc1ee Use array.every instead of iterating using for loop
This speeds up the check by ~10x.

This was tested by writing a simple test that compares a for-loop and
array.every():

for (var i = 0; i < kMemSize; i++) {
      assertEquals(0, array[i]);
}

assertTrue(array.every((e => e == 0)));

The for-loop takes ~180s, every() takes ~19s.

Numbers above are for arm.debug build (simulator). On x64.debug builds
we can see a similar 10x improvement, from ~6s to ~400ms.

Bug: v8:7783
Bug: v8:9396
Change-Id: I83d46c7ec4a634612032c1d79585339cadb8b641
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1793904
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63691}
2019-09-11 16:59:15 +00:00