Commit Graph

53770 Commits

Author SHA1 Message Date
Michael Starzinger
5b8c7f84bf [wasm] Support exceptions between interpreter frames.
This adds support for handling exceptions between different frames of
one single interpreter activation. Frames are dropped until a local
handler is found. If none is found in the current activation then we
delegate to the existing stack unwinding mechanism to deal with multiple
activations interspersed with non-interpreter stack frames on the actual
machine stack.

R=clemensh@chromium.org
TEST=cctest/test-run-wasm-exceptions
BUG=v8:8091

Change-Id: Ia4abb27ff037bf0d3e3b05721bd3c971ef820e3c
Reviewed-on: https://chromium-review.googlesource.com/c/1445989
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59228}
2019-01-31 09:32:21 +00:00
Tobias Tebbi
142225ac9e [torque] improve VSCode syntax highlighting
Change-Id: Iec5d7b2c73b45012d3bc457f0928c7f39afc8815
Reviewed-on: https://chromium-review.googlesource.com/c/1446454
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59227}
2019-01-31 09:20:45 +00:00
Jaroslav Sevcik
d342526259 Make the property reconfiguration tests more realistic
In particular, test all integrity level transitions properly.

The motivation for this fix was to get rid of the test that introduce {frozen_symbol}
transition while leaving properties configurable and writable. This CL tests each
integrity transition separately, and sets the attributes accordingly.

Bug: v8:8538
Change-Id: I741d87bba1472aec68bf92084e65edc16c1e08d8
Reviewed-on: https://chromium-review.googlesource.com/c/1446097
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59226}
2019-01-31 09:06:39 +00:00
Clemens Hammacher
5f6de71a37 [wasm] Call callbacks from background
The CompilationState should not be bound to a specific isolate. Hence
it cannot start foreground task. Instead, the callbacks themselves
should do this if they are specific to one Isolate.

R=mstarzinger@chromium.org

Bug: v8:8689, v8:8050
Change-Id: Ic86bba1dd645401b2b284a9f26eec87718b011e1
Reviewed-on: https://chromium-review.googlesource.com/c/1445977
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59225}
2019-01-31 09:03:52 +00:00
v8-ci-autoroll-builder
7a2394686f Update V8 DEPS.
Rolling v8/build: 5d6f467..f27d150

Rolling v8/buildtools: 2f02e1f..6fbda1b

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/1a9772f..bc2b64b

Rolling v8/third_party/depot_tools: b695155..1131ccb

Rolling v8/tools/clang: 361dfd1..3a06ff3

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: I8be0096df86593d061f48d3d2609c1a9a9a6dc19
Reviewed-on: https://chromium-review.googlesource.com/c/1446150
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59224}
2019-01-31 09:02:47 +00:00
Tamer Tas
3f83accb09 [testrunner] load tests concurrently into test execution processor
loading every test up-front into the processing queue costs about 224MB for a
x64 testsuite run.

This CL eliminates that overhead by utilizing generators and threading.

LoadingProc now loads test after receiving the results of the loaded tests.

R=machenbach@chromium.org
CC=​yangguo@chromium.org,sergiyb@chromium.org

Bug: v8:8174,v8:8731
Change-Id: Ifee79c3e213da568f092de0f1623016174e9410c
Reviewed-on: https://chromium-review.googlesource.com/c/1439240
Commit-Queue: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Sergiy Belozorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59223}
2019-01-31 08:19:06 +00:00
Jakob Kummerow
4007378d86 [ubsan] Turn on full -fsanitize=undefined
The build config inherited from Chromium only enables a subset
of the checks that UBSan supports. We want them all, so this
patch overrides what "is_ubsan" means for V8.

Bug: v8:3770
Change-Id: I1d0a7d994279272f13ff1d4ac9ed235fcbfc0951
Reviewed-on: https://chromium-review.googlesource.com/c/1443502
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59222}
2019-01-31 03:35:56 +00:00
Sergiy Belozorov
6e03d7ee42 Reland "[tools] Push files using high-level device.PushChangedFiles method"
This is a reland of d045f66682

Original change's description:
> [tools] Push files using high-level device.PushChangedFiles method
>
> R=machenbach@chromium.org
>
> No-Try: true
> Bug: chromium:893593
> Change-Id: I11cce7694eb7755ccee42c9a342fc1aa22663d85
> Reviewed-on: https://chromium-review.googlesource.com/c/1382468
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Commit-Queue: Sergiy Belozorov <sergiyb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58407}

Bug: chromium:893593
Change-Id: I88a7143b3f31d87d266b89221f81efe831ea3823
Reviewed-on: https://chromium-review.googlesource.com/c/1443055
Commit-Queue: Andrii Shyshkalov <tandrii@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59221}
2019-01-31 02:40:51 +00:00
Sven Sauleau
5bdb13297f [wasm] merge js constants file in module-builder
We noticed that almost every call site were loading both files,
the split isn't necessary anymore.

In some message tests, removed the absolute line number to allow future
changes.

Bug: v8:8726
Change-Id: I8527f0a1ecfa685aa01a5e2f5f47ddf1cb13a545
Reviewed-on: https://chromium-review.googlesource.com/c/1446452
Commit-Queue: Sven Sauleau <ssauleau@igalia.com>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59220}
2019-01-30 22:10:34 +00:00
Jakob Gruber
9592b043ee [builtins] Remove canonicalization during serialization
Now that we generate the embedded blob and off-heap trampolines
directly after builtin generation, the heap should not contain any
remaining references to full on-heap builtin Code objects.

The one exception is the interpreter entry trampoline copy for
profiling. This mechanism was actually broken by canonicalization; we
intended to store a full copy of the IET on the root list, but
serialization replaced it with the canonicalized builtin. This CL
fixes that as a side-effect.

Bug: v8:8716
Change-Id: Ib37c4004560d67de46b1f8ebe75156361134f57d
Reviewed-on: https://chromium-review.googlesource.com/c/1421037
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59219}
2019-01-30 18:55:19 +00:00
Junliang Yan
ba75052e8b PPC/s390: Explicitly store the code layout in CodeDesc
Port ad3546ab74

Original Commit Message:

    This is an initial step towards clarifying the layout of the
    instruction area. As follow-ups, we should remove additional
    safepoint and handler table offset parameters, and perhaps alter
    Code::safepoint_table_offset (handler_table) semantics to always
    contain a real offset and avoid the magic 0 signifying nonexistent
    tables.

R=jgruber@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: I6c2d3244710f8f3f33bcceb3988e19547f55fba0
Reviewed-on: https://chromium-review.googlesource.com/c/1446138
Reviewed-by: Milad Farazmand <miladfar@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#59218}
2019-01-30 16:59:01 +00:00
Igor Sheludko
0243ba8027 [cleanup][x32] Remove x32 leftovers from x64 assembler, pt.1
addp, andp, cmpp, decp, incp, leap, negp, orp, subp, testp, xorp,
shrp, sarp, shlp are replaced with respective quad-word instructions.

Some wrongly-used xxxp instructions in regexp code are replaced with xxxl.

Bug: v8:8621, v8:8562
Change-Id: If5fe3229a35805b8ef84d3e1ffa05cf9ed91ceef
Reviewed-on: https://chromium-review.googlesource.com/c/1446451
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59217}
2019-01-30 16:49:46 +00:00
Clemens Hammacher
d928d25c44 [wasm] Do not pass the error to callbacks
Instead of passing the error explicitly, make the callbacks get the
error from the CompilationState. This prepares a change to call the
callbacks asynchronously, because from the background we cannot
construct the final error message (because this requires access to the
wire bytes). Thus the callbacks will have to get the actual compile
error from the CompilationState from a foreground task if they need it.

R=mstarzinger@chromium.org

Bug: v8:8689
Change-Id: I22accabf895bf21fa7492e2f5cb8bac93237c765
Reviewed-on: https://chromium-review.googlesource.com/c/1445975
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59216}
2019-01-30 16:48:41 +00:00
Takuto Ikuta
be8c9e730d Split torque generated files for faster build
By using different namespace, generated code split into different files.

By this CL, build time of torque_generated_initializers is improved from 80 seconds to 40 seconds on Z840 Linux measured by following command:

# Remove generated code to re-compile all generated files.
~/v8/v8$ rm -rf out/x64.release/gen/
# GOMA_STORE_ONLY=true disables goma's backend cache.
~/v8/v8$ time GOMA_STORE_ONLY=true autoninja -C out/x64.release/ torque_generated_initializers

Bug: v8:8732
Change-Id: I64545f9994aea7e4209ac3852aadf4e2e9f4bc93
Reviewed-on: https://chromium-review.googlesource.com/c/1446331
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Takuto Ikuta <tikuta@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59215}
2019-01-30 16:10:21 +00:00
Benedikt Meurer
4b9eb7f711 [runtime] Better instance pre-sizing with transpiled classes.
For instances created via constructors and `new` we try to pre-size
the instances such that ideally all the data properties can be
allocated as in-object properties (and we don't need to allocate the
out-of-object PropertyArray backing store). This is accomplished with
the helper of the Parser, which counts the property assignments to
`this` in the constructor, and we use that as the starting point for
pre-sizing logic (a mechanism called *slack tracking* is used to
dynamically shrink the objects based on the real memory usage, and
eventually compute the final starting size for instances of the
individual constructors).

This works well even with class hierarchies, since for a derived class
constructor we just include the current constructor plus all the base
constructors. I.e. with

```js
class A {
  constructor() {
    this.x00 = null;
    this.x01 = null;
    this.x02 = null;
    this.x03 = null;
    this.x04 = null;
    this.x05 = null;
    this.x06 = null;
    this.x07 = null;
    this.x08 = null;
    this.x09 = null;
    this.x10 = null;
    this.x11 = null;
    this.x12 = null;
    this.x13 = null;
    this.x14 = null;
    this.x15 = null;
    this.x16 = null;
    this.x17 = null;
    this.x18 = null;
    this.x19 = null;
  }
}

class B extends A {
  constructor() {
    super();
  }
}
```

we will eventually learn that instances of `B` need 20 in-object
properties. However this breaks with transpiled code (i.e. as
generated via TypeScript or Babel), even when the constructors are
properly chained.

```js
function A() {
  this.x00 = null;
  this.x01 = null;
  this.x02 = null;
  this.x03 = null;
  this.x04 = null;
  this.x05 = null;
  this.x06 = null;
  this.x07 = null;
  this.x08 = null;
  this.x09 = null;
  this.x10 = null;
  this.x11 = null;
  this.x12 = null;
  this.x13 = null;
  this.x14 = null;
  this.x15 = null;
  this.x16 = null;
  this.x17 = null;
  this.x18 = null;
  this.x19 = null;
}

function B() {
  A.call(this);
}
Object.setPrototypeOf(B, A);
```

Here we will always have 10 in-object properties for instances of
`B` (due to the generic over-allocation logic), and the other 10
properties have to be allocated in the out-of-object PropertyArray.

This is unfortunate and actually not necessary. Instead we could just
do the same [[Prototype]] walk on the constructor for regular function
constructors that we perform for derived (native) class constructors.
This CL changes that, such that we give the same treatment to transpiled
class that we have for native classes.

R=verwaest@chromium.org

Bug: v8:8764, v8:8765
Doc: https://bit.ly/v8-instance-presizing-with-transpiled-classes
Change-Id: Iac54391e41c9a39101751a678b3a647269fb009d
Reviewed-on: https://chromium-review.googlesource.com/c/1442643
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59214}
2019-01-30 15:20:24 +00:00
Sven Sauleau
3c3233e6f8 [wasm] js module-builder and constants improvements
Changes made to the Wasm module builder:
- Create emit_u64v for emitting a LEB128 that conceptually represent
an 64-bits integer.
- Differentiate toBuffer and toUint8Array for returning respectively
ArrayBuffer and a Uint8Array.
- Moved wasmF32Const and wasmF64Const functions because we can take
advantage of the existing cached conversion buffers. Also, declaring
them in the constants file will collide with the module-builder since
they are loaded in the same scope.
- The byte_view buffer (used by some conversions to bytes) switched from
Int8Array to Uint8Array.

Changes made to the Wasm contants:
- Add a new kSharedHasMaximumFlag flag for shared memory with a maximum
value.

Bug: v8:8726
Change-Id: If16c59896cfa1d42008da413e2e144b73a0fa5ce
Reviewed-on: https://chromium-review.googlesource.com/c/1443062
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Sven Sauleau <ssauleau@igalia.com>
Cr-Commit-Position: refs/heads/master@{#59213}
2019-01-30 15:18:44 +00:00
Michael Starzinger
866d43e6c6 [wasm] Fix interpreter exception stack height change.
This fixes how the interpreter modifies the operand stack in the case
calls with non-zero parameter or return count throw an exception. The
interpreter raises the exception before arguments are popped and before
results are pushed onto the stack. This makes the control transfer
analysis fit this model. It also makes the tests trigger this aspect.

R=clemensh@chromium.org
TEST=cctest/test-run-wasm-exceptions
BUG=v8:8091

Change-Id: I001fc4bc0030393d3c97be3fa9425bc540575071
Reviewed-on: https://chromium-review.googlesource.com/c/1445972
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59212}
2019-01-30 15:08:53 +00:00
Benedikt Meurer
ca2ef5fb66 [cleanup] Reuse length in AccessorAssembler::HandlePolymorphicCase().
When the length is already available from an unrolled iteration (which
seems to be the common case), we can just reuse that below for the
actual loop. Also it's probably cheaper to always use IntPtr instead of
Smi for the length, since that way we don't need expensive SmiConstant
for the abort conditions in the unrolled iterations.

Change-Id: I322c5d864d58bc56c181473ca8b796a7ab27a51f
Reviewed-on: https://chromium-review.googlesource.com/c/1445984
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59211}
2019-01-30 15:05:53 +00:00
Maya Lekova
b996f0a585 [test] Add tests that all Calls are handled by the serializer
R=neis@chromium.org

Bug: v8:7790
Change-Id: I41d212129fbdafbf7bc0fdf238f734c6f45ae5df
Reviewed-on: https://chromium-review.googlesource.com/c/1445811
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59210}
2019-01-30 14:33:44 +00:00
Mathias Bynens
b645a259bd [parser] Allow try {} catch (e) { for (var e of x) {} }
This patch changes the parser to allow for-of initializer
var-redeclaration of non-destructured catch parameters.

Previously, the spec allowed var-redeclaration of a
non-destructured catch parameter…

    try {} catch (e) { var e; }

…except in the particular case where the var declaration is
a for-of initializer:

    try {} catch (e) { for (var e of whatever) {} }

https://github.com/tc39/ecma262/pull/1393 removes this strange
exceptional case. This patch implements that change.

BUG=v8:8759

Change-Id: Ia4e33ac1eab89085f8a5fdb547f479cfa38bbee5
Reviewed-on: https://chromium-review.googlesource.com/c/1444954
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59209}
2019-01-30 14:20:58 +00:00
Marja Hölttä
09d42cc632 [js weak refs] Fix jumbo build
The test defined a function called "Register" which clashes with other functions
with the same name.

NOTRY=true
TBR=sigurds@chromium.org
BUG=v8:8179

Change-Id: I7ddfc481cd1de750272de7b43e2e7f9fe26626a9
Reviewed-on: https://chromium-review.googlesource.com/c/1445982
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59208}
2019-01-30 14:12:23 +00:00
Ulan Degenbaev
18ad43c749 [heap] Move the chunk map to CodeLargeObjectSpace.
Only Heap::GcSafeFindCodeForInnerPointer requires the chunk map.
Other large object spaces use more the efficient
MemoryChunk::FromAnyPointerAddress.

Additionally, this patch renames Register/Unregister to AddPage/RemovePage
to be consistent with other spaces and makes them virtual.

Bug: chromium:852420
Change-Id: I8d637bb59e15bd61fe452fda7f4a55049d32030c
Reviewed-on: https://chromium-review.googlesource.com/c/1439417
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59207}
2019-01-30 14:11:18 +00:00
Stephan Herhut
99936546d8 [regalloc] Fix predicate that was mal-refactored
When cleaning up the code for the register allocator, I negated a
helper function for readability but forgot to also negate its
implementation. For obvious reasons, that was not a good idea.

Change-Id: I0e5f4fbf5c83cce8b4891e0a84ef099df15d1ab0
Reviewed-on: https://chromium-review.googlesource.com/c/1445973
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59206}
2019-01-30 14:10:03 +00:00
Jakob Gruber
10e4601907 Move CodeDesc to dedicated file
Bug: v8:8758
Change-Id: Ifd0c66f27ab5fb33032b243d3a33c0b797b9af17
Reviewed-on: https://chromium-review.googlesource.com/c/1442644
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59205}
2019-01-30 14:08:59 +00:00
Marja Hölttä
ea526196f4 [js weak refs] Update to new API
This replaces WeakFactory with FinalizationGroup.

New API is here: https://weakrefs.netlify.com/

BUG=v8:8179

Change-Id: I8c1c4a70deb42581d17117423dd29d93bdd35cb0
Reviewed-on: https://chromium-review.googlesource.com/c/1435938
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59204}
2019-01-30 13:47:18 +00:00
Ross McIlroy
eecc83df33 [Heap] Use Aquire/Release semantics for SFI::function_data
BUG=v8:8751,v8:8752

Change-Id: Ib99d5b9c399d5f2ab616399fdd3c7f190e2d0399
Reviewed-on: https://chromium-review.googlesource.com/c/1445971
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59203}
2019-01-30 13:18:47 +00:00
Jakob Gruber
ad3546ab74 Explicitly store the code layout in CodeDesc
This is an initial step towards clarifying the layout of the
instruction area. As follow-ups, we should remove additional
safepoint and handler table offset parameters, and perhaps alter
Code::safepoint_table_offset (handler_table) semantics to always
contain a real offset and avoid the magic 0 signifying nonexistent
tables.

Bug: v8:8758
Change-Id: I9f54629ff3ddad69904b0e1ce2a58e047397aa15
Reviewed-on: https://chromium-review.googlesource.com/c/1434036
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59202}
2019-01-30 13:17:38 +00:00
Tamer Tas
d852ae6f2b [testrunner] remove recursive result calls in chain processors
Procs return the result by increasing recursion through result_for.

This CL eliminates that mechanism from the Processor interface and uses boolen
return values for sending tests to signal success or the failure to load the
test into the execution queue.

R=machenbach@chromium.org
CC=​​yangguo@chromium.org,sergiyb@chromium.org

Bug: v8:8174,v8:8731
Change-Id: I073a86ca84bcf88da11132b90013d4c8455bc61e
Reviewed-on: https://chromium-review.googlesource.com/c/1439239
Commit-Queue: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Sergiy Belozorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59201}
2019-01-30 13:04:07 +00:00
Igor Sheludko
88f17ba666 [ptr-compr][arm64] Implement decompression snippets for Arm64
Currently, in debug mode the snippets check that the result of decompression
equals to the full value stored in the field.

Bug: v8:7703
Change-Id: I43d20f15510de57582ee00ca23d676dfd4d06636
Reviewed-on: https://chromium-review.googlesource.com/c/1440049
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59200}
2019-01-30 12:40:04 +00:00
Michael Starzinger
9d61228b6c [wasm] Handle external exception in the interpreter.
This implements preliminary handling of exceptions thrown by external
functions that have been imported into the module. Note that handling
internal function is still missing, but tests have been added.

R=clemensh@chromium.org
TEST=cctest/test-run-wasm-exceptions
BUG=v8:8091

Change-Id: I9d07739d8b4715a5643114fd7a868cdd8d72efd0
Reviewed-on: https://chromium-review.googlesource.com/c/1445751
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59199}
2019-01-30 12:18:43 +00:00
Toon Verwaest
3ef9af8409 [parser] Don't hoist sloppy block functions on error
Bug: chromium:926819
Change-Id: I44832f8707c413d40e5632ed39b97624059f1fba
Reviewed-on: https://chromium-review.googlesource.com/c/1445891
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59198}
2019-01-30 11:54:28 +00:00
Camillo Bruni
518a39ddcf [cleanup] Use FixedArray::set(int, Smi) directly where possible
We can directly skip the write barrier in the case we set only a Smi.

Change-Id: Ic2f4f13f9edb851a18878bec14981a2ad7687433
Reviewed-on: https://chromium-review.googlesource.com/c/1444957
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59197}
2019-01-30 10:58:49 +00:00
Andreas Haas
c3e93c10cb [gn] Make the trap handler API header available on all platforms
We extracted the platform-specific API header into separate, platform-
specific header files to avoid OS-specific includes in include/v8.h.
As the platform-specific headers are only needed on their specific
platform, we did not make them available on other platforms in BUILD.gn.
Unfortunately, this is not possible, because the `include` validation in
`gn gen --check` checks the availability of header files without
considering `#ifdef` in the source files. Therefore the check fails on
Windows when the POSIX-specific header file is not available.

With this CL platform-specific headers will be generally available. This
is no problem because they can only be included on their specific
platform anyways.

R=adamk@chromium.org

Bug: chromium:921971
Change-Id: Iee7cc22063ce31a536f937d73799b7217ac1a94e
Reviewed-on: https://chromium-review.googlesource.com/c/1443057
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59196}
2019-01-30 10:53:09 +00:00
Stephan Herhut
66771f42a0 [regalloc] Land control flow aware allocation
This change lands a change to the register allocator. Other than
classical linear scan, we now take control flow events into account
when deciding spill descisions.

The basic idea is to restore the state of a predecessor on entry
of a successor. In the case of multiple predecessors, we use
heuristics to compute the new state based on the predecessors.

The main addition to the machinery is to support unspilling
live ranges and to undo live range splitting in certain cases.

Currently, disabled behind a flag.

Change-Id: I37a70c948be826a90d8b806a52856ad81f475573
Reviewed-on: https://chromium-review.googlesource.com/c/1426129
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59195}
2019-01-30 10:36:30 +00:00
Michael Lippautz
06193b0b79 [api] Move forward deprecations around Persistent handles
In future, weak handles will be considered as independent and MarkActive() will
not be supported anymore. Users should switch to TracedGlobal, when relying on
special cases for using handles with v8::EmbedderHeapTracer.

Bug: chromium:923361, v8:8562
Change-Id: Ic6e01a1ab59a25c5fb0aa2ebfb8ddb02e454d72d
Reviewed-on: https://chromium-review.googlesource.com/c/1443064
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59194}
2019-01-30 10:13:24 +00:00
Maya Lekova
a1cde8fb34 [test] Add more tests for the serializer for background compilation
Add tests for proper serialization of inlinee targets.

Bug: v8:7790
Change-Id: I6bf86de1352f91fddf5f6eba9e889e7d5ac9767c
Reviewed-on: https://chromium-review.googlesource.com/c/1443058
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59193}
2019-01-30 09:45:44 +00:00
Sigurd Schneider
cb5c1edc3b [cleanup] Remove unnecessary helper from several Frames
This removes the unnecessary helper GetNumberOfIncomingArguments
from several frames. Clients should use ComputeParametersCount
instead.

Change-Id: I54c261fd6ff0a8a5dc6d1832a0b397429a7ba726
Bug: v8:8757
Reviewed-on: https://chromium-review.googlesource.com/c/1442642
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59192}
2019-01-30 08:44:13 +00:00
Frank Tang
6a6c1bfcc6 [Intl] Skip regress-7770 on Android
Bug: v8:8756
Change-Id: Ie0f74f1029bd566924ef6e33a6b0c293489f8234
Reviewed-on: https://chromium-review.googlesource.com/c/1445136
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59191}
2019-01-30 06:22:10 +00:00
Leszek Swirski
3528d6f251 [parser] Remove dead AST walk and helper function
Change-Id: I0895d9b9131a0c06edd3d1359c080b8b6830d236
Reviewed-on: https://chromium-review.googlesource.com/c/1443060
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59190}
2019-01-30 05:44:58 +00:00
v8-ci-autoroll-builder
4beeb0294d Update V8 DEPS.
Rolling v8/build: 7a588f4..5d6f467

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/eae881c..1a9772f

Rolling v8/third_party/depot_tools: 9f5b861..b695155

Rolling v8/third_party/fuchsia-sdk: 0544fee..8e8db13

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: Ic1bcffed12aca1a09f1d4c46aa2eb867da7f0e7a
Reviewed-on: https://chromium-review.googlesource.com/c/1445212
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#59189}
2019-01-30 03:34:49 +00:00
Sergiy Belozorov
47a7509e74 [tools] Whitespace CL
TBR=sergiyb@chromium.org

Bug: chromium:922125
Change-Id: Ieaaf3ec8870d74034a7cd7d1d939b3002f2a89c8
Reviewed-on: https://chromium-review.googlesource.com/c/1425202
Commit-Queue: Sergiy Belozorov <sergiyb@chromium.org>
Reviewed-by: Sergiy Belozorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59188}
2019-01-30 00:53:57 +00:00
Jakob Kummerow
e9dcd9f793 [asan] Pacify ASan reports for TickSample::Init
The code reads whatever the stack pointer points at, and only
later decides whether to use that value for anything.

Change-Id: I9930cb046c4fcb3ba0c931058a9c3dd75df482f0
Reviewed-on: https://chromium-review.googlesource.com/c/1443503
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59187}
2019-01-30 00:52:50 +00:00
Jakob Kummerow
a8268e6b3c Fix possibly-unaligned read in TickSample::Init
This is a speculative fix for issue 8744. I couldn't get it to
repro locally, but the stracktrace from the failing bot run points
at TickSample::Init, and according to code comments in that function
the value of {regs.sp} can be "arbitrary", so we must read from
that address using a method that's robust towards unalignment.

Bug: v8:8744
Change-Id: I7a45cc257e0eb557715ec67d9e66e54a6f2c1867
Reviewed-on: https://chromium-review.googlesource.com/c/1440463
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59186}
2019-01-29 22:12:58 +00:00
tzik
f5ba52e234 Fix no-inline compiler flag on Windows
-fno-inline is unavailable on clang-cl nor cl.exe, and causes a build
failure on Windows bot.
This CL updates that flag to "/Ob0", which is msvc-equivalent of
-fno-inline.

Change-Id: Id9ffed03a855ac0b773ee28625472de664c3cb30
Reviewed-on: https://chromium-review.googlesource.com/c/1442013
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59185}
2019-01-29 21:13:12 +00:00
Deepti Gandluri
4089299494 Add a contents based constructor to the SharedArrayBuffer API
The motivation of this change was originally to preserve is_growable
flag over PostMessage in d8. Adding a more general constructor that
uses SharedArrayBuffer::Contents.

Change-Id: Ib8f6c36d659e91f6cfb6487f56de34fa7e8841a9
Bug: v8:8564
Reviewed-on: https://chromium-review.googlesource.com/c/1383093
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59184}
2019-01-29 20:47:30 +00:00
Michael Lippautz
76c9368593 [api, global-handles] Add TracedGlobal
TracedGlobal integrates with the use case of EmbedderHeapTracer and replaces
regular weak Global or Persistent nodes for such cases. This allows to simplify
the case for regular weak handles in a sense that they follow regular weak
semantics (if the underlying object is otherwise unreachable the weak handle
will be reset).

TracedGlobal requires slightly different semantics in the sense that it can be
required to keep them alive on Scavenge garbage collections because there's a
transitive path that is only known when using the EmbedderHeapTracer.
TracedGlobal accomodates that use case.

TracedGlobal follows move semantics and can thus be used in regular std
containers without wrapping data structure.

The internal state uses 20% less memory and allows for only iterating those
nodes when necessary. The design trades the virtual call when iterating
interesting persistents in the GC prologue with calling out through the
EmbedderHeapTracer for each node which is also a virtual call. There is one less
iteration over the set of handles required though and the design is robust
against recursive GCs that mutate the embedder state during the prologue
callback.

Bug: chromium:923361
Change-Id: Idbacfbe4723cd12af9de21058a4792e51dc4df74
Reviewed-on: https://chromium-review.googlesource.com/c/1425523
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59183}
2019-01-29 20:15:39 +00:00
Sven Sauleau
d8baf21530 [wasm] fix js-api module/customSection
Enables WebAssembly's js-api module/customSection. The specification has
been updated; see https://github.com/WebAssembly/spec/issues/915. V8 was
already using DOMString.

Bug: v8:8633
Change-Id: I4c3e93c21594dbba84b3697e7e85069c3ff8b441
Cq-Include-Trybots: luci.chromium.try:linux-blink-rel
Reviewed-on: https://chromium-review.googlesource.com/c/1415554
Commit-Queue: Sven Sauleau <ssauleau@igalia.com>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59182}
2019-01-29 20:05:10 +00:00
Andreas Haas
bf50521661 [wasm][traphandler] Mark code object validation check as slow
In the trap handler we validate the list of registered code objects
every time we register or de-register a new code object. The complexity
of this validation is O(num-code-objects * num-instructions). For big
WebAssembly modules with several hundred thousand code objects, this
validation causes significant overhead (we saw up to 10x) and makes
debugging very tedious. With this CL I mark the validation as slow.
Thereby it is still enabled in most tests on our bots, but it is
possible to disable validation when debugging large web applications.

The referenced bug issue was created by developers who had problems
with debugging because of this issue.

R=mark@chromium.org

Bug: v8:8536
Change-Id: If7ecb554eebcb04eb43a1f791b96c7a42a47e60f
Reviewed-on: https://chromium-review.googlesource.com/c/1442634
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59181}
2019-01-29 17:56:11 +00:00
Z Duong Nguyen-Huu
0cabc54666 Throw TypeError if a proxy's [[OwnPropertyKeys]] returns dupes
Adding implementation for step 9 which is missing for spec:
https://tc39.github.io/ecma262/#sec-proxy-object-internal-methods-and-internal-slots-ownpropertykeys
Update bytecode_expectations as well.

Bug v8:6776

Change-Id: Id191f9604e2dc08e71cbcff8ebd5707c233af193
Reviewed-on: https://chromium-review.googlesource.com/c/1419779
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#59180}
2019-01-29 17:55:06 +00:00
Clemens Hammacher
026ce2c105 Revert "[builtins] Verify Isolate compatibility with the embedded blob"
This reverts commit b022e825bd.

Reason for revert: Fails nosnap: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20nosnap%20-%20debug/22761

Original change's description:
> [builtins] Verify Isolate compatibility with the embedded blob
> 
> Embedded builtins (= the embedded blob) have a few dependencies on the
> snapshot state. For instance, they require that metadata stored on
> builtin Code objects as well as the builtins constant table remain
> unchanged from mksnapshot-time. Embedders may violate these
> assumptions by accident, e.g. by loading a snapshot generated with
> different build flags, leading to seemingly unrelated failures later
> on.
> 
> This CL introduces an Isolate hash stored in the embedded blob which
> hashes relevant parts of builtin Code objects and the builtins
> constant table. It's verified in Isolate::Init in debug builds.
> 
> Bug: v8:8723
> Change-Id: Ifc9bdbe6f56ea67d8984f162afa73a3572cfbba8
> Reviewed-on: https://chromium-review.googlesource.com/c/1442641
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59177}

TBR=sigurds@chromium.org,jgruber@chromium.org

Change-Id: I027ae2585bd06290ea3245b1fc23efba544eb470
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8723
Reviewed-on: https://chromium-review.googlesource.com/c/1443059
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59179}
2019-01-29 17:03:15 +00:00