Commit Graph

56200 Commits

Author SHA1 Message Date
Andreas Haas
2ca2f37073 [wasm][asan][windows] Reset thread-in-wasm flag in memory_fill_wrapper
ASAN on Windows uses exceptions to manage its shadow memory. However,
this behavior can conflict with WebAssembly trap handler, because
WebAssembly trap handler are executed before the ASAN exception handler.

For some WebAssembly instructions we do not generate assembly code but
call to C functions instead. Since these functions are very simple, we
do not want to reset the thread-in-wasm flag before calling them.
However, when these functions trigger the ASAN exceptions, the
thread-in-wasm flag gets out-of-sync. This happened for the
memory_fill_wrapper function. Originally we thought that it's sufficient
to just mark the function with DISABLE_ASAN. However, this is not enough
because clang compiles the function to use memset, and memset gets
replaced by ASAN with asan_memset.

Therefore I decided now that just for sanitizer builds on Windows, we
reset the thread-in-wasm flag in memory_fill_wrapper. This is not ideal
because it's test-specific code within production code. However, the
alternatives also don't sound convincing.

Alternatives would be:
* Resetting the thread-in-wasm flag whenever we call a c-function
  - This would be unnecessary performance overhead for production code
    just to make a test work.
* Configure ASAN to not change memset.
  - This would weaken ASAN also for other cases.
* Disable ASAN for trap handlers, or trap handlers in ASAN builds.
  - This would reduce test coverage.

R=binji@chromium.org

Bug: chromium:957405
Change-Id: Ibd13c6fe7b898238f636db576552e3e4b278c04a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617671
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61658}
2019-05-20 14:09:15 +00:00
Benedikt Meurer
437d710fc5 [map] Move Map::IsInRetainedMapListBit out of Map::bit_field2.
The invariant is that Map::bit_field2 shouldn't change, and the
IsInRetainedMapListBit apparently changes when the map is held
weakly from optimized code. This causes TurboFan compilations to
change the Map::Hash() result, which in turn causes lookups on
the normalized map cache to miss (and maybe other bad consequences).

With this change we swap Map::IsInRetainedMapListBit (previously in
bit_field2) and Map::HasHiddenPrototypeBit (previously in bit_field3)
to address this problem.

Bug: chromium:963411, v8:9114, v8:9267
Change-Id: I040a27c37305fa602649750bd93bee40c91fca78
Cq-Include-Trybots: luci.chromium.try:linux-rel,win7-rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619747
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61657}
2019-05-20 14:01:46 +00:00
Toon Verwaest
2f8a7538ce Revert "[test] Skip debugger tests failing with JSON parsing"
This reverts commit 0607f8aeb2.

Reason for revert: We should be able to reenable those tests now.

Original change's description:
> [test] Skip debugger tests failing with JSON parsing
> 
> NOTRY=true
> 
> Bug: v8:9257
> Change-Id: I4713fd90c2a8b544def09d7305fe84d789ed60c4
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1613250
> Auto-Submit: Maya Lekova <mslekova@chromium.org>
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61543}

TBR=verwaest@chromium.org,mslekova@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:9257
Change-Id: Ieb28de987b0bfc7b408d3fe9bfe1f0a50c9db0c4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617932
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61656}
2019-05-20 13:58:05 +00:00
Daniel Bratell
8852d85487 [jumbo] Rename one of the ResolveRenames
Recently* a second ResolveRenames appeared in
typed-optimization.cc. In some extreme (non-default) jumbo
builds that file shared translation unit (and thus anonymous
namespace) with load-elimination.cc which also has a
ResolveRenames which is slightly different.

To avoid that name clash and failed compilation, this
renames ResolveRenames -> ResolveRenamesForOpt.

*) It appeared in
 https://chromium-review.googlesource.com/c/v8/v8/+/1609803

Change-Id: Ia175468a8e978e93e95da1d28f74cee8dce253d2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1615465
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Auto-Submit: Daniel Bratell <bratell@opera.com>
Cr-Commit-Position: refs/heads/master@{#61655}
2019-05-20 13:28:00 +00:00
Clemens Hammacher
9a6f52f519 [wasm] Fix error message for async instantiation
This fixes the error message generated for compile errors during
asynchronous instantiation. It shows "WebAssembly.instantiate()" now
instead of "WebAssembly.compile()".

R=mstarzinger@chromium.org

Bug: v8:9266
Change-Id: Ieae478d1c4f6843fbc17e15debb6c49f72059d99
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617940
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61654}
2019-05-20 13:22:50 +00:00
Clemens Hammacher
617b7266bf [wasm] Add message test for compilation failure
This adds three message tests to test the message stack trace we show
for
- synchronous compilation,
- asynchronous compilation, and
- asynchronous instantiation.

Note that the message for the asynchronous cases currently contain the
"WebAssembly.Module()" prefix, which will be fixed in a separate CL.

R=mstarzinger@chromium.org

Bug: v8:9266
Change-Id: I370f4211b5f577ea1b5da026a78b292b50c6a339
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617938
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61653}
2019-05-20 13:05:40 +00:00
Yang Guo
5bfe84a0da Reland "Move deoptimizer files"
This reverts commit a769552055.

Reason for revert: Was not the culprit.

Original change's description:
> Revert "Move deoptimizer files"
> 
> This reverts commit 61523c45a3.
> 
> Reason for revert: https://ci.chromium.org/p/v8/builders/ci/V8%20Win32%20-%20debug/20396
> 
> Original change's description:
> > Move deoptimizer files
> > 
> > Bug: v8:9247
> > Change-Id: I6287907edb8a36225bfa9fe864305ea59c20dd8b
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617667
> > Commit-Queue: Yang Guo <yangguo@chromium.org>
> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> > Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#61648}
> 
> TBR=yangguo@chromium.org,mstarzinger@chromium.org,jarin@chromium.org,bmeurer@chromium.org
> 
> Change-Id: Icf258f7bc409ef0c360cfa82029bfc45a41dc75f
> No-Presubmit: true
> No-Tree-Checks: true
> No-Try: true
> Bug: v8:9247
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619749
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Commit-Queue: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61650}

TBR=yangguo@chromium.org,mstarzinger@chromium.org,jarin@chromium.org,bmeurer@chromium.org

Change-Id: Ic2aa07ccd08b6070222ec7a65b92b7afb9db484c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9247
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619753
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61652}
2019-05-20 13:01:13 +00:00
Clemens Hammacher
441ab8192b Revert "Enable alignment checks when reading object fields"
This reverts commit 5ce68669be.

Reason for revert: Fails on win32 debug: https://ci.chromium.org/p/v8/builders/ci/V8%20Win32%20-%20debug/20394

Original change's description:
> Enable alignment checks when reading object fields
> 
> Drive-by: Fix alignment bugs caused by DCHECKS.
> 
> Bug: v8:9264
> 
> Change-Id: I0836b1d08fea2ce11d8f7929e12f303b6ae06efe
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617676
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61643}

TBR=ulan@chromium.org,jkummerow@chromium.org,sigurds@chromium.org,petermarshall@chromium.org,ishell@chromium.org

Change-Id: I0ac73a880f2b7bd718e23e90c0867192def39dbb
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9264
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619750
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61651}
2019-05-20 12:54:02 +00:00
Yang Guo
a769552055 Revert "Move deoptimizer files"
This reverts commit 61523c45a3.

Reason for revert: https://ci.chromium.org/p/v8/builders/ci/V8%20Win32%20-%20debug/20396

Original change's description:
> Move deoptimizer files
> 
> Bug: v8:9247
> Change-Id: I6287907edb8a36225bfa9fe864305ea59c20dd8b
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617667
> Commit-Queue: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61648}

TBR=yangguo@chromium.org,mstarzinger@chromium.org,jarin@chromium.org,bmeurer@chromium.org

Change-Id: Icf258f7bc409ef0c360cfa82029bfc45a41dc75f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9247
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619749
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61650}
2019-05-20 12:50:42 +00:00
Joey Gouly
456e5687a7 [arm64] Avoid padding poke when unnecessary
This also fixes a bug in 'InitializeCallBuffer', where it wouldn't claim enough
slots for each parameter. This caused the Simd128 instruction selector test to
only claim 3 slots (rather than 4) and then perform an unnecessary padding poke.

v8_Default_embedded_blob_size from the generated file gen/embedded.S
  Before: 4957056
   After: 4954368

This gives a 0.05% size decrease.

Change-Id: Ic9bb998fb8a9111fb90e1c3e537ea0f2a5fa7b33
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617665
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/master@{#61649}
2019-05-20 12:35:48 +00:00
Yang Guo
61523c45a3 Move deoptimizer files
Bug: v8:9247
Change-Id: I6287907edb8a36225bfa9fe864305ea59c20dd8b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617667
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61648}
2019-05-20 11:33:07 +00:00
Santiago Aboy Solanes
6a7fd05df3 [ptr-compr][Turbofan] Reducing the comparison of two decompresses
Added the comparison of two decompresses to the DecompressionElimination
AdvancedReducer. Note that it works in the case that lhs is equal to rhs.

Also added tests for its implementation.

Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:8977, v8:7703
Change-Id: I21676a78b592859692768c3499ea11117d3bb5a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609793
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61647}
2019-05-20 10:12:57 +00:00
Santiago Aboy Solanes
823ad57637 [ptr-compr] Decompress when doing map and equality checks
Fixes the crash stated in the chromium bug.

We weren't decompressing before CheckMap which resulted in a crash.
Implemented the same for CompareMap.

Bug: chromium:963917
Change-Id: I1dcaf6845758c7266bbc7d9ecc9e43cf8d6b639a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617252
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61646}
2019-05-20 10:02:22 +00:00
Santiago Aboy Solanes
9850002401 [ptr-compr][cleanup] Removing AccessBuilder::ForCompressedMap
Now that we introduced the Compressed representation, we can simply use
AccessBuilder::ForMap. AccessBuilder::ForCompressedMap was introduced
as a placeholder previously.

Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:8977, v8:7703
Change-Id: I15b559c27641e6a673862c86be176e259835308e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617664
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61645}
2019-05-20 10:01:17 +00:00
Simon Zünd
9f773b6e8d [cleanup] Remove unused HasComplexElements runtime function
This CL also removes "HasComplexElements" helpers on JSReceiver
and NumberDictionary.

Drive-by: Remove unused SmiLexicographicCompare runtime function.
The C++ funtion is still used, but it is entered using a fast
C call from Array#sort.

Bug: v8:9183
Change-Id: Ibb5d54cca623486806587bc90506af8d97910dc2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617929
Commit-Queue: Simon Zünd <szuend@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Simon Zünd <szuend@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61644}
2019-05-20 09:57:07 +00:00
Sigurd Schneider
5ce68669be Enable alignment checks when reading object fields
Drive-by: Fix alignment bugs caused by DCHECKS.

Bug: v8:9264

Change-Id: I0836b1d08fea2ce11d8f7929e12f303b6ae06efe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617676
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61643}
2019-05-20 09:56:02 +00:00
Yang Guo
bf372a73d8 Reland "Move logging and diagnostics related source files"
TBR=verwaest@chromium.org,rmcilroy@chromium.org
NOTREECHECKS=true
NOPRESUBMIT=true

Bug: v8:9247
Change-Id: I9ddfb6e56ca8e47c4ac186a8df5f442d26420a69
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617661
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61642}
2019-05-20 09:54:57 +00:00
Peter Marshall
d5c4d577c4 [tracing] Convert COMPLETE events to BEGIN/END pairs for perfetto
COMPLETE events are being deprecated and don't work well with perfetto
because we can't give out a handle into the buffer like we used to so
that the caller can update the existing event with the duration.

BEGIN/END pairs should be used instead to add two separate trace events
to the buffer which can be associated with one another by the trace
processor e.g. the trace viewer UI.

Cq-Include-Trybots: luci.v8.try:v8_linux64_perfetto_dbg_ng
Bug: v8:8339
Change-Id: Ib73c19d77ad58456ce23d15f0b658c26f3dc3d53
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1615257
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61641}
2019-05-20 09:13:25 +00:00
Peter Marshall
fac30cc62d [benchmarks] Move Array slice benchmarks to js-perf-test
These were leftover in another directory and can be incorporated into
our standard benchmark runner. We already had some Array slice cases
in js-perf-test so just add some of the important cases from the other
directory to the existing implementation.

Bug: v8:9254
Change-Id: I4cc235b8d3719ecd729f23fe9705ea36d445c340
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617258
Auto-Submit: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61640}
2019-05-20 09:05:52 +00:00
Yang Guo
5cc9f9bc5f Revert "[stack-trace] Include API functions in Error.stack stack trace"
This reverts commit 3dd5661204.

Reason for revert: causes leak tests in blink layout tests to fail: https://ci.chromium.org/p/chromium/builders/ci/WebKit%20Linux%20Trusty%20Leak/34295

Steps to reproduce:
- Build blink_tests with following GN args
is_component_build = false
is_debug = false
strip_absolute_paths_from_debug_symbols = true
- Run
third_party/blink/tools/run_web_tests.py --additional-expectations third_party/blink/web_tests/LeakExpectations --time-out-ms 48000 --enable-leak-detection external/wpt/wasm/webapi/body.any.html

Original change's description:
> [stack-trace] Include API functions in Error.stack stack trace
> 
> This CL extends Error.stack to include frames of functions declared
> with the C++ FunctionTemplate API. For example, "print" in d8.
> 
> Two changes are necessary:
>   - HandleApiCall and friends need to go through an BUILTIN_EXIT frame
>     instead of an EXIT frame. The existing stack-trace machinery will
>     then pick up FunctionTemplate frames without additional changes.
>   - Turbofan doesn't go through HandleApiCall, but instead uses an
>     ASM builtin to enter FunctionTemplate functions. A "marker"
>     frame state is needed to include these frames in the stack trace.
> 
> Note: This CL only includes these frames in Error.stack,
> but not (yet) in the stack-trace API (v8.h).
> 
> Bug: v8:8742,v8:6802
> Change-Id: Ic0631af883cf56e0d0122a2e0c54e36fed324d91
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609835
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61602}

TBR=yangguo@chromium.org,sigurds@chromium.org,jgruber@chromium.org,bmeurer@chromium.org,szuend@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:8742, v8:6802
Change-Id: I4942cd32c6ee5e249dae046eea6b9b2f7120b8ba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617933
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61639}
2019-05-20 09:04:47 +00:00
Yang Guo
8ad6b33537 Move relevant files to src/objects
Code that is being moved primarily deal with layout of a JSObject,
accessing properties and elements, and map transitions.

NOTREECHECKS=true
NOTRY=true

Bug: v8:9247
Change-Id: Ibce5d5926ac4021c8d40c4dd109948775ce1da58
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1613994
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61638}
2019-05-20 08:57:47 +00:00
Ujjwal Sharma
094435b6b6 Reland "[turbofan] Add fast path for single-character String#startsWith()"
This is a reland of e7e512da66

Original change's description:
> [turbofan] Add fast path for single-character String#startsWith()
> 
> This CL adds a fast path to String#startsWith(s) if s is a
> single character string.
> 
> Bug: v8:8400
> Change-Id: Ibd6a9d1e46d98f41c198d2b579208e25003eedb0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1525362
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61504}

Bug: v8:8400
Change-Id: Ic2d60ccb8fdeb51373fcd025a7e970fda0c14d79
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1618342
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61637}
2019-05-20 08:42:57 +00:00
Benedikt Meurer
571cc43c39 [constant-tracking] Restore delete optimization.
We disabled the `delete` optimization, where `delete` on a fast-mode
object goes back in the transition tree, because that optimization
didn't pay attention to constant field tracking.

This change now does the proper fix, which is to invalidate the
constness and properly deoptimize all code that depends on it.

Drive-by-fix: Handlify the DeleteObjectPropertyFast helper.

Bug: chromium:962588, chromium:963999, v8:9233
Change-Id: I5978c32a48d1635b3ce42dc08b00bb2654baa36a
Cq-Include-Trybots: luci.chromium.try:linux-rel,win7-rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617251
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61636}
2019-05-20 08:34:47 +00:00
Simon Zünd
b2d0d24ea9 [cleanup] Remove unused TrySimpleSlice array runtime function
This CL also removes the ElementsAccessor "slice" implementation, as
the runtime function is the last use site.

R=verwaest@chromium.org

Bug: v8:9183
Change-Id: If268e20120e7c7bb4a58d9560482b35896b0992f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617662
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61635}
2019-05-20 08:29:42 +00:00
Georg Neis
d1d61ea8c5 [turbofan] Further tune MapInference in ReduceCallApiFunction
If speculation is disallowed, this change lets us still do the
optimization if (a) the maps were already reliable or
(b) we are able to take stability dependencies.

Bug: v8:8820
Change-Id: I08340fc19ac87b80aa2b7ed77753dd642e89804f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617663
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61634}
2019-05-20 08:25:52 +00:00
Benedikt Meurer
20d90b769b [cleanup] Remove obsolete and broken --log-timer-events
The --log-timer-events doesn't work anymore, since it cannot be enabled
after the snapshot was created ever since the CallApiCallback stub was
turned into a builtin.

Bug: v8:9183
Change-Id: I6e0b92141f1986fc791943ffef42dd4961aea0a1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617931
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61633}
2019-05-20 07:51:48 +00:00
Simon Zünd
90b39673c3 [cleanup] Remove three unused proxy runtime functions
R=jgruber@chromium.org

Bug: v8:9183
Change-Id: I789295e5bbea682b2e46ccf5a55c69dc74f0ed72
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617669
Auto-Submit: Simon Zünd <szuend@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61632}
2019-05-20 07:44:08 +00:00
v8-ci-autoroll-builder
272ff465fe Update V8 DEPS.
Rolling v8/build: 94dc55b..eaddee0

Rolling v8/buildtools: 1f329a6..9ea486b

Rolling v8/buildtools/linux64: git_revision:64b846c96daeb3eaf08e26d8a84d8451c6cb712b..git_revision:81ee1967d3fcbc829bac1c005c3da59739c88df9

Rolling v8/tools/clang: aae7fec..5b1310e

TBR=machenbach@chromium.org,sergiyb@chromium.org,tmrts@chromium.org

Change-Id: If8fa5df7ce2c78a8eb0eb1753b84c96bef1cf262
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619147
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#61631}
2019-05-20 03:36:08 +00:00
v8-ci-autoroll-builder
00f3c73dde Update V8 DEPS.
Rolling v8/build: 0395ad5..94dc55b

Rolling v8/tools/clang: 2d0ea0b..aae7fec

TBR=machenbach@chromium.org,sergiyb@chromium.org,tmrts@chromium.org

Change-Id: Icd2483f721844555c52d1212b8899b8971960020
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1618651
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#61630}
2019-05-19 03:45:46 +00:00
Michael Achenbach
2c355e54d8 Revert "[torque] Convert few class layout to torque and updated torque code formatter."
This reverts commit b9bfd006f6.

Reason for revert: 
The updated formatter violates some existing files that now require
new formatting:
https://ci.chromium.org/p/v8/builders/ci/V8%20Presubmit/4411

Original change's description:
> [torque] Convert few class layout to torque and updated torque code formatter.
> 
> 1. Converted Module, JSModuleNameSpace, JSCollator, JSV8BreakIterator,
>       TemplateList,
>       JSStrictArgumentsObject to torque.
> 2. Updated torque code formatter to now handle multi-line
>             declarations correctly.
> 
> Bug: v8:8952
> Change-Id: I97846b1bc0d2cba5d7a68468fc263423b1b55d19
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1536988
> Reviewed-by: Simon Zünd <szuend@chromium.org>
> Commit-Queue: Suraj Sharma <surshar@microsoft.com>
> Cr-Commit-Position: refs/heads/master@{#61624}

TBR=jgruber@chromium.org,tebbi@chromium.org,surshar@microsoft.com,szuend@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:8952
Change-Id: I98424deb8002ba9b92262c4b7a1f753bd7c4f7c9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617927
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61629}
2019-05-18 21:29:56 +00:00
v8-ci-autoroll-builder
c93858abcd Update V8 DEPS.
Rolling v8/build: 747602a..0395ad5

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/fd64d5d..4d85003

Rolling v8/third_party/depot_tools: 5737f02..cf6269b

TBR=machenbach@chromium.org,sergiyb@chromium.org,tmrts@chromium.org

Change-Id: Ie8a5530c9dd1598fbe11de0e3d834fd23fbaba62
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1618647
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#61628}
2019-05-18 03:37:37 +00:00
Johannes Henkel
889b4ded6e [DevTools] Roll inspector_protocol.
New Revision: 8ec18cf0885bef0b5c2a922c5dc3813cbf63e962

Change-Id: I65e271066599ed1aa1f9f8281be5b76e424d548d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1618159
Reviewed-by: Alexei Filippov <alph@chromium.org>
Commit-Queue: Johannes Henkel <johannes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61627}
2019-05-18 02:08:27 +00:00
Michael Lippautz
781fa664d7 [heap] Refactor MemoryController and HeapController
- Move generic pieces into MemoryController.
- Keep V8's specific factor computations in HeapController.

Bug: chromium:948807
Change-Id: I1c1fc0516a429b19ce6458f75888b3f9d51824ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617678
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61626}
2019-05-17 20:17:37 +00:00
Frank Tang
38f458180d Reland "[Intl] Ship Intl.DateTimeFormat#formatRange"
This is a reland of 3c2103bd8b

The fix of the issue is in https://chromium-review.googlesource.com/c/v8/v8/+/1617674

Original change's description:
> [Intl] Ship Intl.DateTimeFormat#formatRange
>
> Design Doc: https://goo.gl/PGUQ1d
> Chrome Status: https://www.chromestatus.com/feature/5077134515109888
> I2S: https://groups.google.com/a/chromium.org/d/msg/blink-dev/Nh-jMn8L8fQ/GQN6wQQVBQAJ
> I2I: https://groups.google.com/a/chromium.org/d/msg/blink-dev/WTAjjcXaraA/ZypbHTlEAQAJ
>
> Bug: v8:7729
> Change-Id: Ib3277c6a01546fd56418615087df497058edb8ae
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1604068
> Commit-Queue: Frank Tang <ftang@chromium.org>
> Reviewed-by: Mathias Bynens <mathias@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61580}

Bug: v8:7729
Change-Id: I1b556ca2aeff469c7655f89bd7813d86fcda8adf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617801
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61625}
2019-05-17 20:01:07 +00:00
Suraj Sharma
b9bfd006f6 [torque] Convert few class layout to torque and updated torque code formatter.
1. Converted Module, JSModuleNameSpace, JSCollator, JSV8BreakIterator,
      TemplateList,
      JSStrictArgumentsObject to torque.
2. Updated torque code formatter to now handle multi-line
            declarations correctly.

Bug: v8:8952
Change-Id: I97846b1bc0d2cba5d7a68468fc263423b1b55d19
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1536988
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Suraj Sharma <surshar@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#61624}
2019-05-17 19:04:18 +00:00
Sergiy Belozorov
be80401ea8 [tools] Whitespace CL
TBR=sergiyb@chromium.org

No-Try: true
Bug: chromium:920557
Change-Id: If62b32188cadf1d0fa7b0809400462534c37acc2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617925
Reviewed-by: Sergiy Belozorov <sergiyb@chromium.org>
Commit-Queue: Sergiy Belozorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61623}
2019-05-17 18:47:58 +00:00
Sergiy Belozorov
100aade826 [tools] Whitespace CL
TBR=sergiyb@chromium.org

No-Try: true
Bug: chromium:920557
Change-Id: I3d313959b9afa6116a0db3697ac1bd4382c0a82b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617924
Reviewed-by: Sergiy Belozorov <sergiyb@chromium.org>
Commit-Queue: Sergiy Belozorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61622}
2019-05-17 17:57:47 +00:00
Jakob Kummerow
ffb8ae4f77 [tests] Fix two tests to be --gc-interval robust
deopt-unlinked.js: bytecode flushing destroys the information that
%GetDeoptCount relies on, so turn that off for this test.

cleanupsome-after-unregister.js: the function-local object {o} is
assumed to be alive throughout the function, so make sure its live
range (from the optimizing compiler's view) extends that far.

Drive-by cleanup: drop some unnecessary casting boilerplate from
Genesis::InitializeGlobal_harmony_intl_date_format_range().

Change-Id: I28617f842fe046dd0875a9a082cfc55a3a076bcf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617674
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61621}
2019-05-17 16:59:37 +00:00
Johannes Henkel
99feae230e [DevTools] Roll inspector protocol for V8
New revision: 0aafd2876f7485db7b07c513c0457b7cbbbe3304

0aafd2876f

Change-Id: I6e9babc8401a5af3085cce81b963f288d0392c07
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1613478
Reviewed-by: Alexei Filippov <alph@chromium.org>
Commit-Queue: Johannes Henkel <johannes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61620}
2019-05-17 16:38:07 +00:00
Mythri A
2ebff71935 [test] Skip es6/classes in stress mode on PPC
es6/classes is slow to run in stress mode and times out on PPC.
As a long term fix we should split this into multiple tests so
each individual test runs faster.

Bug: v8:9246
Change-Id: I95eed06d85f73cc66229dfbd83ac7521dcbbb54f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1615252
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Sergiy Belozorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61619}
2019-05-17 15:50:31 +00:00
Mike Stanton
c9b48e96ec [Torque] Array.prototype.shift correctness fix
Fastpath failed to store the hole on the array left side.

Bug: chromium:940274
Change-Id: I1eca7b241030474cf5aed6c68f155a1d22ae553e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617255
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61618}
2019-05-17 14:38:30 +00:00
Clemens Hammacher
dbe16b171c [wasm][gc] Track time per code GC
This adds a counter for the time it takes per single code GC. It is
sampled in all isolates whenever a GC finishes, and during regular
JavaScript GC to also get samples for GCs that never finish (which we
would need to fix).

R=mstarzinger@chromium.org, mpearson@chromium.org

Bug: v8:8217
Change-Id: I722d01b6bd7832c3af636362acfddeab7e8a485e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1615250
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61617}
2019-05-17 14:33:09 +00:00
Simon Zünd
ee46c6314d [cleanup] Remove unused EstimateNumberOfElements runtime function
R=jgruber@chromium.org

Bug: v8:9183
Change-Id: I773af2e44bbfb780a3cf375e6412274fe917d397
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617250
Commit-Queue: Simon Zünd <szuend@chromium.org>
Auto-Submit: Simon Zünd <szuend@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61616}
2019-05-17 14:18:49 +00:00
Simon Zünd
32cfe26037 [cleanup] Remove two unused small internal runtime functions
R=petermarshall@chromium.org

Bug: v8:9183
Change-Id: I392c7b7f90bf3025c726456237afdbf20f9ed3cd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617666
Auto-Submit: Simon Zünd <szuend@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61615}
2019-05-17 14:05:30 +00:00
Michael Starzinger
8a95dd3b55 [wasm] Add preliminary {WebAssembly.Function} constructor.
This adds a constructor function to be used as the base class for all
exported functions. With type reflection enabled exported functions are
instances of this new constructor. Using the constructor directly as
well as the 'type' property is still missing.

R=jkummerow@chromium.org
TEST=mjsunit/wasm/type-reflection
BUG=v8:7742

Change-Id: Id58359cf7866d24be0745abf36a839d3d86e5922
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617253
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61614}
2019-05-17 13:51:39 +00:00
Sergiy Belozorov
fdbb24a2d1 [tools] Add arm64 builder MB configs
This is needed to build binaries for arm64 perf testers.

R=machenbach@chromium.org, tmrts@chromium.org

Bug: chromium:920557
Change-Id: I77cea8389b62835a67f221ae26d6682a110ba609
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1605947
Commit-Queue: Sergiy Belozorov <sergiyb@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61613}
2019-05-17 13:39:29 +00:00
Michael Starzinger
f8771daceb [cleanup] Remove dead {native_function_map} context slot.
R=jkummerow@chromium.org

Change-Id: I961f77eb5e99a3d709aa5e948602a925f57ae090
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617246
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61612}
2019-05-17 13:24:40 +00:00
Clemens Hammacher
429ee454e2 [wasm][gc] Track number of GCs triggered per module
We currently have the problem that we trigger too many code GCs since
{new_potentially_dead_code_size_} is never reset to zero.
This CL adds a counter which tells us how many GCs we ran per native
module. This counter is sampled on each code GC. It will give us a
good understanding of the amount of GC work we are executing in the
wild. The number should stay in the single-digits generally.

R=mstarzinger@chromium.org, mpearson@chromium.org

Bug: v8:8217
Change-Id: I978a98dff76e0f466ff51e067626886b58d52ded
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1615246
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61611}
2019-05-17 13:21:19 +00:00
Simon Zünd
72200ddef4 [cleanup] Remove unused GetArrayKeys runtime function
R=yangguo@chromium.org

Bug: v8:9183
Change-Id: I0f06c9a32983f7131a36ace1fd6873e88e375fe3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617259
Commit-Queue: Yang Guo <yangguo@chromium.org>
Auto-Submit: Simon Zünd <szuend@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61610}
2019-05-17 13:11:19 +00:00
Yang Guo
06bf8261cf Reland "Move API-related files"
TBR=rmcilroy@chromium.org,mstarzinger@chromium.org,verwaest@chromium.org

Bug: v8:9247
Change-Id: I7ffc2bd4a5fdf7c20cc3283bb5545cbf9ffd4e53
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617254
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61609}
2019-05-17 12:52:27 +00:00