Commit Graph

59304 Commits

Author SHA1 Message Date
Pierre Langlois
74565bf390 [test] Make full space simulation work with --no-inline-new.
When inlined allocations are disabled, the space->limit() does not point to the
end of the current page. Instead, it points to the current allocation pointer so
is the same as space->top().

See how the limit is computed, if heap()->inline_allocation_disabled(), then the
limit will be the same as the requested allocation area:

```
Address SpaceWithLinearArea::ComputeLimit(Address start, Address end,
                                          size_t min_size) {
  DCHECK_GE(end - start, min_size);

  if (heap()->inline_allocation_disabled()) {
    // Fit the requested area exactly.
    return start + min_size;
  } else if (SupportsInlineAllocation() && AllocationObserversActive()) {
    // ...
  } else {
    // The entire node can be used as the linear allocation area.
    return end;
  }
}
```

If we want to simulate filling up a whole page in the new space, we can instead
look at the ToSpace's page_high() which will be the end of the current page in
which we're allocating.

Bug: v8:9906
Change-Id: I81113d151bc083cd22d17ea1a4fbae7fef9dff6d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1886914
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#64612}
2019-10-29 13:28:46 +00:00
Michael Starzinger
30ec6a8937 [turbofan] Use binary search in handler table lookup.
R=clemensb@chromium.org

Change-Id: I38c851f258b49de75f538a9b893ab24b7a4d0586
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1883894
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64611}
2019-10-29 13:13:00 +00:00
Pierre Langlois
f5fb0e740b [heap] Fix building with v8_enable_verify_heap = false.
Change-Id: I69f7ca5e10575ae936d084b75f2b06a2aa1a7e0f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1886913
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#64610}
2019-10-29 12:50:39 +00:00
Igor Sheludko
e486763bfd [diagnostics] Adapt printing logic for huge TypedArrays
1) don't print off-heap TypedArray elements with --mock-arraybuffer-allocator
2) print integer HeapNumbers in safe integer range with max precision:
   as 9007199254740991.0 instead of 9.0072e+15

Cq-Include-Trybots: luci.v8.try:v8_linux64_ubsan_rel_ng
Bug: v8:4153
Change-Id: Ie79fc08c44374981a840772fde4f414458d31c52
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1883565
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64609}
2019-10-29 12:37:30 +00:00
Georg Neis
a6b87fb74e [turbofan] Simplify some serialization code
Remove serialized_ flags where there's only one thing to be serialized
and its pointer can be used instead.

Bug: v8:7790
Change-Id: I489bb3085cef574f81f417f950898d4348f8b9ab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1886911
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64608}
2019-10-29 11:13:31 +00:00
Clemens Backes
700f9b0ea6 [wasm][debug] Fix location computation from interpreted frames
The {IsWasmFrame} check in {ComputeLocationFromStackTrace} only returned
true for compiled frames, but not for interpreted ones. Thus, for
interpreted frames we would run into the code for JS frames, which
assumes that a {JSFunction} is available.

This CL fixes this issue by renaming {IsWasmFrame} to
{IsWasmCompiledFrame}, and introducing a new {IsWasmFrame} method which
returns true for both compiled and interpreted frames.

R=mstarzinger@chromium.org

Bug: chromium:1018227
Change-Id: If83b4129edaad775a212ccb741f3c62eabc2addb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1883892
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64607}
2019-10-29 10:10:45 +00:00
Michael Achenbach
61971c0b7a [build] Stop using split_static_library
The targets were removed in:
https://crrev.com/c/1865420

Bug: v8:9911
Change-Id: I3fef2af6f8c1975a4b540965c72eaf7f69f4c78e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1883893
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Nico Weber <thakis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64606}
2019-10-29 10:09:40 +00:00
Victor Gomes
6fbe2698e0 [runtime] Add the JSCallRuntime opcode to TryGetScopeInfo
ClusterFuzzer found that a context can be created by
a call to the runtime when checking for context extensions
on the bytecode graph builder.

That happens in large contexts.

Bug: chromium:1019069
Change-Id: I7ab66dceedd56476ab972d7998ef4ca6896dc868
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1886691
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64605}
2019-10-29 09:51:50 +00:00
Liviu Rau
8649e43081 Whitespace change to trigger perf builders
NOTRY=true
NOTREECHECKS=true
NOPRESUBMIT=true

Bug: v8:9898
Change-Id: I571830a54659c674cc37eb5137c3c2a3216d2666
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1883895
Commit-Queue: Liviu Rau <liviurau@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64604}
2019-10-29 09:41:49 +00:00
Nico Hartmann
da49a384df [torque] Capture owning pointers in std::unique_ptr immediately
In some places objects where allocated on the heap and stored
in a std::unique_ptr later. This CL changes this so that a

The std::unique_ptr<T>(new T(...)) construct is replaced with

std: :unique_ptr takes ownership of new objects immediately.
std: :make_unique<T>(...) where possible.
Change-Id: Icdb4c9e7536d2b437df1a5bb6c3ad94c97e1e4cc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1871916
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64603}
2019-10-29 08:44:38 +00:00
Michael Achenbach
bcc0d8f423 [wasm] Skip regression test with OOM failures on Android
NOTRY=true

Change-Id: Ibd4d324736c6989ccbb61d1bc14e0c2fb1c1cb55
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1877195
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64602}
2019-10-29 07:58:38 +00:00
Ng Zhi An
747239fab0 Declare SSSE3 avx helpers with SSSE3 scope
Follow up from https://crrev.com/c/1874378, declare these SSSE3
instructions using a separate macro that declares the right scope.

Bug: v8:9561
Change-Id: Ia4370a4dff9e9d13b08c5e95a45670556d6ff1e2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1875657
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64601}
2019-10-28 20:16:59 +00:00
Ng Zhi An
c5bc87f816 Skip test on predictable builds
This test is racy between postMessage and memory.grow.

Bug: chromium:1010272
Change-Id: I2856b5e1c57aabdf7d51665f2406559819099169
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1878914
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64600}
2019-10-28 19:18:31 +00:00
Victor Gomes
2fffa81d40 [compiler] Check if context has extension slot statically
We know statically if a context has an extension slot or not, but that
was dynamically checked.

The CL lifts the ScopeInfo chain to the compiler and does the check
statically, it only generates the undefined check if the context
has an extension slot.

Bug: v8:9744
Change-Id: I169d05bb11b36501e97af00d30ae44bedcd6be83
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1876051
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64599}
2019-10-28 19:12:02 +00:00
Deepti Gandluri
44788bfad5 Reland "[wasm] Fix incorrect check for growing shared WebAssembly.memory"
This reverts commit a4c5136eae.

Reason for revert: CLs to Skip test on Android, predictable builds
reviewed, and will land following this CL.  

Original change's description:
> Revert "[wasm] Fix incorrect check for growing shared WebAssembly.memory"
> 
> This reverts commit 2599d3cc20.
> 
> Reason for revert: Test fails with OOM on Arm64 - N5X (https://ci.chromium.org/p/v8/builders/ci/V8%20Android%20Arm64%20-%20N5X/6514) and is racy on predictable builds (https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20predictable/27044)
> 
> Original change's description:
> > [wasm] Fix incorrect check for growing shared WebAssembly.memory
> > 
> > Bug: chromium:1010272
> > Change-Id: Ieff61089255ee088fad45f15a0f1a8f93eeec94b
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1869077
> > Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
> > Reviewed-by: Andreas Haas <ahaas@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#64525}
> 
> TBR=mstarzinger@chromium.org,gdeepti@chromium.org,ahaas@chromium.org
> 
> Change-Id: I738a4021a80202c9b822815b922de31f95054fe6
> No-Presubmit: true
> No-Tree-Checks: true
> No-Try: true
> Bug: chromium:1010272
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1879513
> Reviewed-by: Shu-yu Guo <syg@chromium.org>
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64554}

TBR=mstarzinger@chromium.org,gdeepti@chromium.org,ahaas@chromium.org,syg@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: chromium:1010272
Change-Id: Ifbe32854a3d67063e43e2b07a8e649a4850a77d5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1884411
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64598}
2019-10-28 19:07:41 +00:00
Seth Brenith
91e6421ccb [torque] Use generated instance types, part 1
This change begins making use of the fact that Torque now knows about
the relationship between classes and instance types, to replace a few
repetitive lists:

- Instance type checkers (single and range), defined in
  src/objects/instance-type.h
- Verification dispatch in src/diagnostics/objects-debug.cc
- Printer dispatch in src/diagnostics/objects-printer.cc
- Postmortem object type detection in
  tools/debug_helper/get-object-properties.cc

Torque is updated to generate four macro lists for the instance types,
representing all of the classes separated in two dimensions: classes
that correspond to a single instance type versus those that have a
range, and classes that are fully defined in Torque (with fields and
methods inside '{}') versus those that are only declared. The latter
distinction is useful because fully-defined classes are guaranteed to
correspond to real C++ classes, whereas only-declared classes are not.

A few other changes were required to make the lists above work:

- Renamed IsFiller to IsFreeSpaceOrFiller to better reflect what it does
  and avoid conflicts with the new macro-generated IsFiller method. This
  is the part I'm most worried about: I think the new name is an
  improvement for clarity and consistency, but I could imagine someone
  typing IsFiller out of habit and introducing a bug. If we'd prefer to
  keep the name IsFiller, my other idea is to rename FreeSpace to
  VariableSizeFiller and Filler to FixedSizeFiller.
- Made Tuple3 extend from Struct, not Tuple2, because IsTuple2 is
  expected to check for only TUPLE2_TYPE and not include TUPLE3_TYPE.
- Normalized the dispatched behavior for BigIntBase and HeapNumber.
- Added a few new object printers.

Bug: v8:7793
Change-Id: I5462bb105f8a314baa59bd6ab6ab6215df6f313c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1860314
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64597}
2019-10-28 18:30:31 +00:00
Ross McIlroy
65fcf0df77 [TurboProp] Verify schedule after each scheduled lowering pass.
Add support to verify the update schedule after ScheduledEffectControlLinearization
and ScheduledMachineLowering phases. To do so, we need to recompute the immediate
dominator tree of the scheduled blocks.

BUG=v8:9684

Change-Id: I849fb7e3e699ca56c5115d90a53006d517cf3fe5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1881160
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64596}
2019-10-28 16:53:19 +00:00
Sigurd Schneider
be0e2c26a0 [ordered-hash-table] Add missing argument to ::Delete
OrderedHashTableHandler::Delete was missed in the migration CL
crrev.com/c/1106160 because it had no callers. This CL also
migrates said function and adds usages in tests which force
instantiation (and ensure we catch these errors without MSVC).

Bug: v8:9905
Change-Id: Ieb1d1c89754f98e1d88d841d2933f46a6a4820d0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1883891
Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64595}
2019-10-28 16:51:51 +00:00
Ross McIlroy
9df6cdd6e8 [TurboProp] Ensure we CopyForChange a block when adding a cloned node.
Otherwise we might reuse a node that is scheduled later in the unchanged block.

BUG=v8:9684

Change-Id: I655b538384d5ed8782d3d9bbb883037462003693
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1881155
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64594}
2019-10-28 16:40:19 +00:00
Santiago Aboy Solanes
13f5d9c98e [turbofan] Perform SmiCheck in 32 bits
Since we only care about one bit in the lower 32 bits, we can always
perform smi checking while looking at the lower bits.

This improves pointer compression, since we wouldn't need to decompress,
while not affecting the non-pointer compression case.

Change-Id: Ic020fefcc92de0516148f34a3caacc60ff29556b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1876050
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64593}
2019-10-28 15:54:23 +00:00
Michael Achenbach
fa1daf97b3 Whitespace change to trigger bots
Change-Id: I6086363dbdc4fc1e5c138597338bd3b3d4436231
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1883562
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64592}
2019-10-28 14:47:42 +00:00
Toon Verwaest
6d97ac5b65 [parser] Add early return for declaration error in arrow head
Otherwise the expression scope may be in a weird state and DCHECKs for valid
arrow functions in ValidateAndCreateScope willl unnecessarily fire.

Bug: chromium:1018611
Change-Id: I101b8902dce07c29aacba3e7a5e6f86d66505d5b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1879906
Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64591}
2019-10-28 14:09:11 +00:00
Toon Verwaest
376f1b6953 [cleanup] transitions/prototype info cannot be a tuple3
Change-Id: Id2266cb34b975bf7978c19cc4dde14e7befc787e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1883548
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64590}
2019-10-28 14:08:07 +00:00
Igor Sheludko
e9ca78766c [builtins] Handle uintptr overflow in Array.prototype.sort
... and let it gracefully crash with OOM.

Bug: v8:4153, chromium:1018598
Change-Id: I20dd9874cdbdf78665de3a83d0bc1611dc088c68
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1883551
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64589}
2019-10-28 13:26:06 +00:00
Maya Lekova
48fb778e2d [turbofan] Fix memory corruption with VirtualBoundFunctions
Bug: chromium:1018565
Change-Id: I72d41573a9a8c2f1a235ff50e918f89b1dc3f585
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1879904
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64588}
2019-10-28 13:20:16 +00:00
Joshua Litt
d4574d186f Reland "[regexp] Clone match info for match indices."
This reverts commit d7793c0684.

Reason for revert: This cl *will* cause regexp regressions. We are trying to gauge the real world impact.

Original change's description:
> Revert "[regexp] Clone match info for match indices."
>
> This reverts commit dfd9ceb984.
>
> Reason for revert: Regressions https://chromeperf.appspot.com/group_report?rev=64356 https://crbug.com/1015749
>
> Original change's description:
> > [regexp] Clone match info for match indices.
> >
> > The current behavior for generating match indices simply stashes a
> > pointer to the match info and then constructs the indices lazily.
> > However, it turns out the match info object used to create the result
> > object is the regexp_last_match_info living on native context, and thus
> > it can change between the creation of the result object and the generation
> > of indices. This cl clones the match info which will be safer.
> >
> > Bug: v8:9548
> > Change-Id: Ia6f26f88fbc22fd09671bf4c579d39a1510b552d
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864585
> > Commit-Queue: Joshua Litt <joshualitt@chromium.org>
> > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#64356}
>
> TBR=jgruber@chromium.org,joshualitt@chromium.org
>
> # Not skipping CQ checks because original CL landed > 1 day ago.
>
> Bug: v8:9548, chromium:1015749
> Change-Id: I9c30b8fb459cf2aa89d920bf061614441250844d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1870236
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64407}

TBR=jgruber@chromium.org,joshualitt@chromium.org


Bug: v8:9548, chromium:1015749
Change-Id: I151511307e3d8752fdbde4b8247514031b141b08
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1879587
Reviewed-by: Joshua Litt <joshualitt@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Joshua Litt <joshualitt@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64587}
2019-10-28 13:18:16 +00:00
Michael Starzinger
2cc980d8a4 [turbofan] Remove obsolete TODO in EffectControlLinearizer.
R=tebbi@chromium.org

Change-Id: Idd7b1de0a769b3a069e0b539cccb9c3f9820b4bd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1883556
Auto-Submit: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64586}
2019-10-28 13:13:16 +00:00
Pierre Langlois
5877551a84 [arm64] Expose Printf() to the TurboAssembler.
The `Printf()` macro-assembler method can be very useful as a debugging
tool. However, it's only available to the MacroAssembler making it impossible to
use in jitted code or builtins.

Change-Id: I0c1e6b98d5c6b7fc34990e87d0eb4e37f6322627
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1879287
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64585}
2019-10-28 13:08:36 +00:00
Anna Henningsen
2f9a967369 [api] Fix SuppressMicrotaskExecutionScope constructor
The overload taking a `MicrotaskQueue*` was introduced in
cce33f3752 but never actually implemented.

This aligns the constructor signature to actually work, and
aligns it with e.g. `MicrotasksScope`. The previous signature
without an `Isolate*` argument would not work, because there’s
no pointer back from a MicrotaskQueue to the Isolate.

Refs: https://chromium-review.googlesource.com/c/v8/v8/+/1414950
Bug: v8:8124
Change-Id: I5dbaabef54c8de2b48f6172808825a186971524d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1879901
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64584}
2019-10-28 12:28:08 +00:00
Anna Henningsen
e5dbc95cc0 [api] Fix handle leak when getting Context embedder data
The `Context::SlowGetAlignedPointerFromEmbedderData()` method returns
a pointer, so the fact that it allocates handles is not obvious to
the caller.

Since this is the slow path anyway, simply add a handle scope inside
of it.

The tests are also modified to perform the same check for the
`Object` equivalent of this method.

Change-Id: I5f03c9a7b70b3a17315609df021606a53c9feb2d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1879902
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64583}
2019-10-28 12:10:56 +00:00
Santiago Aboy Solanes
1738d99fbd [cleanup] TNodify builtins-async-function-gen.cc
Bug: v8:6949, v8:9810
Change-Id: Ib31657d1a62348826ea3605afe1f0b4af34a383a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1881156
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64582}
2019-10-28 11:12:42 +00:00
Michael Starzinger
cbc5169d69 [wasm] Remove obsolete runtime stubs that just tail-call.
Now that all builtins are embedded, it is no longer needed to have a
fallback variant where WebAssembly runtime stubs tail-call existing
(non-embedded) builtins, just call the (embedded) builtin directly.

R=clemensb@chromium.org
BUG=v8:6666,v8:9810

Change-Id: Id8a2b2089cabc77f841f484986d8212ca2918ef4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1883550
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64581}
2019-10-28 11:01:21 +00:00
Mythri A
14885d5884 [ic] Correctly Handle global loads when global object has proxies
When global object has proxies we should first call hasProperty and
then call GetProperty according to spec. This cl fixes both
LoadGlobal and LoadLookupGlobal to correctly handle these cases.

Also fixes tests that didn't expect hasProperty to be called.

Change-Id: I3a45df7ae24be74dd46cf04cafbf8c2d7018b3af
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1876059
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64580}
2019-10-28 10:51:51 +00:00
Ross McIlroy
88bc3e1dbe [TurboProp] Have BasicBlockUpdater update successor's predecessors on AddThrow.
When rewiring a block to throw, we need to remove the current block from the list
of predecessors for all of our successors, as well as clearing our current successors.

BUG=v8:9684

Change-Id: I0da063b2ef707f07ea27a5f72cabd2ff9a91cc42
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1881154
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64579}
2019-10-28 10:38:52 +00:00
Michael Starzinger
572be6f17c [turbofan][ia32] Remove call to code object via slot.
R=jgruber@chromium.org
BUG=v8:6666,v8:9810

Change-Id: I972983d8e86729843f4a1bbe050e3b37a3c0c61c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1881147
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64578}
2019-10-28 10:24:11 +00:00
Victor Gomes
c2135c7962 [runtime] Remove unused bit in Context and rename HasContextExtension
A bit was added in the context length slot to indicate if
the context had an extension slot. It turns out that
we need this information much earlier and so this flag is now
in the scope info instead.

This CL removes this bit from length, since it was not
used anymore.

I also renamed HasContextExtension to HasContextExtensionSlot
to differentiate from Context::has_extension which returns
true only if the context has an extension slot and the
extension is not the undefined object.

Bug: v8:9744
Change-Id: I7c37105b7afed34e8f480a64596fab285388f21b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1879935
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64577}
2019-10-28 10:14:38 +00:00
Jakob Gruber
28e0e97dfe [builtins] Don't emit debug infos in release builds
Debug infos for embedded builtins (associating a file and line number
with certain code ranges) should only be emitted in debug modes.

This CL disables source position emission in Torque in release builds,
and adds checks that the external filename / source position lists are
empty in release builds.

Bug: v8:9910
Change-Id: Ic69683a2324c3b334150ee2b7da9972fbee56483
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1879903
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64576}
2019-10-28 09:30:28 +00:00
Z Nguyen-Huu
65079f10b9 Handle nonextensible obj in Map::GetInitalElements
This code is triggered by Runtime_ArrayIncludes_Slow. The elements kind
changes from DICTIONARY (with accessor property using
Object.defineProperty) to empty DICTIONARY (by set the length to 0), to
frozen/seal/nonextensible elements. This element kind transition
happened in accessor property by Array.includes.

Bug: v8:9894
Change-Id: I224ceb537ff358a30a6e00414c71d6fe18924bb4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1876994
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64575}
2019-10-28 08:00:48 +00:00
v8-ci-autoroll-builder
6d1c9afc11 Update V8 DEPS.
Rolling v8/build: 66bcca0..2b40e7b

TBR=machenbach@chromium.org,tmrts@chromium.org

Change-Id: Ice498a61cfe92db159bb1252c027110c783e8ff2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1880337
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#64574}
2019-10-28 03:40:50 +00:00
v8-ci-autoroll-builder
61dd16ade0 Update V8 DEPS.
Rolling v8/build: 5ffa0f3..66bcca0

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/4b1db19..7568fa8

TBR=machenbach@chromium.org,tmrts@chromium.org

Change-Id: I75e5585d71fcb5f7345c3f5eb55539299b89118d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1880335
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#64573}
2019-10-27 03:50:35 +00:00
v8-ci-autoroll-builder
fbbcbba7bb Update V8 DEPS.
Rolling v8/build: a193dcc..5ffa0f3

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/a38631c..4b1db19

Rolling v8/third_party/depot_tools: 86244d6..ebba8d7

Rolling v8/third_party/instrumented_libraries: e289777..b627b3e

TBR=machenbach@chromium.org,tmrts@chromium.org

Change-Id: I157db7c4d8458a4a489670bbfa5a245b4650f546
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1880333
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#64572}
2019-10-26 03:45:27 +00:00
Liviu Rau
b34b018bf2 Fix names of the perf bots
Bug: v8:9898
Change-Id: Ie6cd40e2dc8e575dbaf8fa8543a93d5dce3dfd64
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1881158
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64571}
2019-10-25 19:18:42 +00:00
Milad Farazmand
26539972ff PPC/s390: PPC/s390: Reland^2 "[runtime] Move Context::native_context to the map"
Port 36ab93d82a

Original Commit Message:

    Port 3cad6bf5d7

    Original Commit Message:

        This is a reland of c7c47c68f2.

        This makes TSAN happy in addition to:

        Previously I presumed that the context read from a frame in the profiler was
        a valid context. Turns out that on non-intel we're not guaranteed that the
        frame is properly set up. In the case we looked at, the profiler took a
        sample right before writing the frame marker indicating a builtin frame,
        causing the "context" pointer from that frame to be a bytecode array. Since
        we'll read random garbage on the stack as a possible context pointer, I made
        the code reading the native context from it a little more defensive.

        Original change's description:
        > [runtime] Move Context::native_context to the map
        >
        > Remove the native context slot from contexts by making context maps
        > native-context-specific. Now we require 2 loads to go from a context to the
        > native context, but we have 1 field fewer to store when creating contexts.
        >
        > Change-Id: I3c0d7c50c94060c4129db684f46a567de6f30e8d
        > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1859629
        > Commit-Queue: Toon Verwaest <verwaest@chromium.org>
        > Reviewed-by: Igor Sheludko <ishell@chromium.org>
        > Reviewed-by: Peter Marshall <petermarshall@chromium.org>
        > Reviewed-by: Maya Lekova <mslekova@chromium.org>
        > Reviewed-by: Georg Neis <neis@chromium.org>
        > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
        > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
        > Cr-Commit-Position: refs/heads/master@{#64296}

R=miladfar@ca.ibm.com, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: I996a1f5096b34fc556918752224ff51889f0a5ce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1879443
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#64570}
2019-10-25 18:29:13 +00:00
Santiago Aboy Solanes
fcdae18e88 [cleanup] TNodify builtins-collections-gen.cc
Some code was moved from code stub assembler here in
https://chromium-review.googlesource.com/c/v8/v8/+/1822041

Bug: v8:9810, v8:6949
Change-Id: I0e6735a6b6d9cd516bddf9a65ce190193e52c38a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1881151
Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64569}
2019-10-25 17:21:10 +00:00
Santiago Aboy Solanes
795223dea6 [cleanup] TNodify builtins-global-gen.cc
Bug: v8:9810, v8:6949
Change-Id: I0985606cb05c44e03390194012bc6f9e8fc8d629
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1881150
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64568}
2019-10-25 17:13:50 +00:00
Bartek Nowierski
0e21a405bd Lint fixes
Change-Id: Ieb7febc3a9a14f3d98898e66443705c1a1de195a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1880903
Commit-Queue: Bartek Nowierski <bartekn@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64567}
2019-10-25 15:39:35 +00:00
Igor Sheludko
d36eee56b6 [builtins] Don't use ToSmiLength in TypedArray constructors
... and reimplement TryNumberToUintPtr.

Bug: v8:4153
Change-Id: I3b683b6a41ebf49229aee4ceea4910e94d35ccca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1876817
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64566}
2019-10-25 14:00:59 +00:00
Ulan Degenbaev
4a614161d8 [heap] Initialize Heap::total_gc_time_ms_
Change-Id: I5f73a541d22257d4fbb21e619ad2b62068c267f6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1879940
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64565}
2019-10-25 13:19:39 +00:00
Dominik Inführ
ead2bae5aa [heap] Respect max_pages argument in ParallelSweepSpace
Increment pages_freed each time a page was swept. Before pages_freed
was always 0, which meant that the max_pages-argument did not have any
effect.

Change-Id: Id8908bdeb38e262e09b4069893f8f81209568080
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1872399
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64564}
2019-10-25 12:43:49 +00:00
Michael Starzinger
b454e99911 [turbofan][ppc] Fix CallDescriptor::NoFunctionDescriptor.
R=miladfar@ca.ibm.com

Change-Id: I42963b089243c45a3d065fb00e2864500bd33afb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1879934
Reviewed-by: Milad Farazmand <miladfar@ca.ibm.com>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64563}
2019-10-25 11:42:30 +00:00