Commit Graph

50606 Commits

Author SHA1 Message Date
Benedikt Meurer
1f3956389a [turbofan] Add missing test coverage for ObjectIsSafeInteger.
The previous tests didn't cover the case Number.isSafeInteger(x)
where TurboFan was unable to tell that `x` is always a Number and
thus had to use the ObjectIsSafeInteger operator instead.

Bug: v8:8015
Change-Id: I9bdbfa602fe0bf8c5fb2bc6c160ace7ab0bc0aaa
Reviewed-on: https://chromium-review.googlesource.com/1238234
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56114}
2018-09-21 08:40:26 +00:00
Benedikt Meurer
8c1a7c5ec5 [turbofan] Decide lowering for NumberDivide based on feedback.
Again in the spirit of https://chromium-review.googlesource.com/1226033
we can simplify the handling of NumberDivide and decide the lowering
based on the feedback type.

Drive-by-fix: Add test coverage for the relevant corner cases of the
NumberDivide handling in SimplifiedLowering.

Bug: v8:8015
Change-Id: I0edaca0fddb31d64d2c269268e87a32a687a0b26
Reviewed-on: https://chromium-review.googlesource.com/1236262
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56113}
2018-09-21 08:36:55 +00:00
Benedikt Meurer
b57a87749f [cleanup] Add missing test coverage for ObjectIsArrayBuffer operator.
The ObjectIsArrayBuffer simplified operator, which is used to implement
the ArrayBuffer.isView() builtin, didn't have any test coverage.

Bug: v8:8015
Change-Id: Ia15e35bc4ae61627137f7a89976560a8d3db771f
Reviewed-on: https://chromium-review.googlesource.com/1238215
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56112}
2018-09-21 08:30:35 +00:00
Sigurd Schneider
58275c32af [ia32,root] Ensure Construct* builtins preserve kRootRegister (ebx)
This CL changes Construct, ConstructVarargs, ConstructForwardVarargs and
ConstructFunctionForwardVarargs to preserve the kRootRegister (ebx).

Bug: v8:6666
Change-Id: Ia2c328e419506c029cda76fc210bbd45d9eb5952
Reviewed-on: https://chromium-review.googlesource.com/1233654
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56111}
2018-09-21 08:25:19 +00:00
Jakob Gruber
9ea182dd58 [interpreter] Support laziness in combination with embedded handlers
Even in the embedded bytecode handler configuration, there's currently
no guarantee that all handlers are eager. Specifically, on ia32
handlers are currently not embedded and thus lazy.

We need to keep lazy deserialization logic around until that is no
longer the case.

Bug: v8:6624
Change-Id: Ie4ec5f0fcd9890ed96a5df3bf3654e85379f92ae
Reviewed-on: https://chromium-review.googlesource.com/1236261
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56110}
2018-09-21 08:19:01 +00:00
Florian Sattler
1292e8c8a6 [cleanup] Fix objects classes, removing unnecessary copies.
Fixing clang-tidy warning.

Bug: v8:8015
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I722e15193b3b269e94dc8e5aba80f6f73c95cda8
Reviewed-on: https://chromium-review.googlesource.com/1228036
Commit-Queue: Florian Sattler <sattlerf@google.com>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56109}
2018-09-21 07:51:29 +00:00
v8-ci-autoroll-builder
9850ffad71 Update V8 DEPS.
Rolling v8/build: 64006c6..641370b

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/582a06e..6f7c60d

Rolling v8/third_party/depot_tools: f837545..92df4e6

Rolling v8/tools/clang: 35ffce8..9ad74fa

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: Ifd02fa9d9b285854849b89aabea890e4c0124303
Reviewed-on: https://chromium-review.googlesource.com/1237853
Commit-Queue: V8 Autoroller <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Reviewed-by: V8 Autoroller <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#56108}
2018-09-21 03:44:10 +00:00
Sam Clegg
2968553785 Export mjsunit.formatFailureText which is needed by test-async.js
Without this the call to `formatFailureText` in `test-async.js`
fails but goes unnoticed since the promise change is rejects
which is not handled.  And d8 silently ignores the the unhandled
rejections.

Once `formatFailureText` was added it reveals a but where several
tests were expecting `.equal` to be a deepEquals.  Specifically:

test/mjsunit/es6/promise-all.js
test/mjsunit/harmony/async-generators-resume-return.js
test/mjsunit/harmony/async-generators-return.js
test/mjsunit/harmony/async-generators-yield.js

Making equals call `deepEquals` fixed that issue.

Change-Id: I350c7d916147eaa7cf873bdaf273aebbaaa833c5
Reviewed-on: https://chromium-review.googlesource.com/1236852
Commit-Queue: Sam Clegg <sbc@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56107}
2018-09-21 01:37:14 +00:00
Jakob Kummerow
9ed4b96578 Fix building with GCC 7.x and 8.x
GCC 7.x doesn't like it (-Werror=subobject-linkage) when a class
either derives from a class or has a member field of a type that
was declared in an anonymous namespace.
It is also opposed (-Werror=attributes) to visibility attributes
being defined at explicit template instantiations.
GCC 8.x further has reservations (-Werror=class-memaccess) about
letting memset/memcpy modify areas within non-POD objects.

Change-Id: Ic5107bb5ee3af6233e3741e3ef78d03a0a84005a
Reviewed-on: https://chromium-review.googlesource.com/1208306
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56106}
2018-09-21 01:12:25 +00:00
Sathya Gunasekaran
81c9e3936b [Atomics] Add use counter for Atomics.{wake, notify}
Previously, Atomics.notify was just an alias to Atomics.wake, which
doesn't quite let us add a use counter for these individual builtins.

This patch refactors the existing Atomics.wake into a separate
function that is called from two separate builtins.

Bug: v8:7883
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: If54c8f769b7949d88d327cfb2f70db394f32a0b7
Reviewed-on: https://chromium-review.googlesource.com/1234581
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56105}
2018-09-20 21:31:33 +00:00
Junliang Yan
3587468435 s390: fix build break by removing unused function
R=joransiu@ca.ibm.com

Change-Id: Ibebb8bdb064628443c7bb4093382c3e7e8c04472
Reviewed-on: https://chromium-review.googlesource.com/1236601
Reviewed-by: Muntasir Mallick <mmallick@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#56104}
2018-09-20 19:22:47 +00:00
Junliang Yan
c5845efe82 PPC/s390: handle kExternalRef case
R=joransiu@ca.ibm.com

Change-Id: Iace9b8bf40d416b2c7c56c383d00b4f0a6501de1
Reviewed-on: https://chromium-review.googlesource.com/1236973
Reviewed-by: Muntasir Mallick <mmallick@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#56103}
2018-09-20 19:21:42 +00:00
Michael Lippautz
261cd2f539 [api] Add getter for EmbedderHeapTracer
Bug: chromium:843903
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I93fffd197d1742d0b00e69e0967a9efb47921208
Reviewed-on: https://chromium-review.googlesource.com/1236253
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56102}
2018-09-20 19:20:35 +00:00
Hai Dang
bb10b70b91 Generalize ExtractFixedArray's branch for Smis or Objects.
This CL extracts the branch into a new function. Previously, the branch
is only used to copy a FixedArray to a new FixedArray. The new function
generalizes this to allow copying from a FixedDoubleArray to a
FixedArray also. This function will be useful in a follow-up CL to copy
a FixedDoubleArray with holes into a FixedArray where holes are replaced
by undefined.

Bug: chromium:881273, v8:7980

Change-Id: I8a0e5f933fc152a12d67810f4cbcfdce094d44af
Reviewed-on: https://chromium-review.googlesource.com/1230913
Commit-Queue: Hai Dang <dhai@google.com>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56101}
2018-09-20 16:49:29 +00:00
Toon Verwaest
dbfd625047 [parser] Replace bool is_async/is_generator with ParseFunctionFlags
Change-Id: Idb0aa9a7ad246def358beae0b2b464496223d749
Reviewed-on: https://chromium-review.googlesource.com/1236575
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56100}
2018-09-20 16:28:21 +00:00
Ross McIlroy
07a35d28f2 Merge UnoptimizedCompileJobTest::CompileFailureToFinalize and UnoptimizedCompileJobTest::CompileFailureToAnalyse
They both do the same thing, and UnoptimizedCompileJobTest.CompileFailureToFinalize was
failing on arm due to stack size parameters.

BUG=v8:8041

No-Presubmit: true
No-Tree-Checks: true
No-Try: true

Change-Id: I2506aed026420c2634d5cd41b0dc268debb512eb
Reviewed-on: https://chromium-review.googlesource.com/1236814
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56099}
2018-09-20 16:28:05 +00:00
Toon Verwaest
6a59849217 [parser] Cleanup and streamline ParsePropertyName
Change-Id: I985ba650bb6623bcd399926ac2254dd7f5d3bee6
Reviewed-on: https://chromium-review.googlesource.com/1235925
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56098}
2018-09-20 15:38:22 +00:00
Sreten Kovacevic
3ac4ac581c [mips] Port [turbofan] Implement constant folding of string concatenations
Port fef047a4a5

Original commit message:
`This CL implements the following design doc:
https://docs.google.com/document/d/1h5kdfemMQMpUd15PSKW1lqikJW5hsGwrmOvoqhGFRts/edit?ts=5b978756#heading=h.urs7r34mx9p `

Change-Id: Ib34a2e18c56bc7ccf3cbfa0f1baa07dcc8ed0cd4
Reviewed-on: https://chromium-review.googlesource.com/1235974
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Sreten Kovacevic <skovacevic@wavecomp.com>
Cr-Commit-Position: refs/heads/master@{#56097}
2018-09-20 15:15:12 +00:00
Sigurd Schneider
adcc88fc32 [ia32] Refactor stack overflow check in CallOrConstructVarargs
R=jgruber@chromium.org

Bug: v8:6666, v8:8015
Change-Id: I37c4fc6771247c448ec3194790fe9fad3c9bdebf
Reviewed-on: https://chromium-review.googlesource.com/1236054
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56096}
2018-09-20 15:12:03 +00:00
Alexey Kozyatinskiy
d9fbfeb894 inspector: return [[StableObjectId]] as internal property
This property might be useful for fast '===' check.

R=dgozman@chromium.org,yangguo@chromium.org

Bug: none
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Iabc3555ce1ec2c14cf0ccd40b7d964ae144e7352
Reviewed-on: https://chromium-review.googlesource.com/1226411
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56095}
2018-09-20 15:03:52 +00:00
Benedikt Meurer
48854a23d9 [turbofan] Unify NumberModulus handling in SimplifiedLowering.
In the spirit of https://chromium-review.googlesource.com/1226033 we can
also unify the handling of NumberModulus based on feedback types.

Drive-by-fix: Add appropriate tests for the corner cases of the
NumberModules with (surrounding) feedback integration.

Bug: v8:8015
Change-Id: I5e3207d2f6e72f9ea1d7658014b7272075088d63
Reviewed-on: https://chromium-review.googlesource.com/1236260
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56094}
2018-09-20 15:00:43 +00:00
Benedikt Meurer
96605878ac [turbofan] Add test cover for SpeculativeNumberModulus corner cases.
The coverage bot figured out that there's missing test coverage
for the SpeculativeNumberModulus corner cases inside of the
SimplifiedLowering logic.

Bug: v8:8015
Change-Id: Id32aa545dc43adae5e67c66574ccea5f2b3db846
Reviewed-on: https://chromium-review.googlesource.com/1236259
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56093}
2018-09-20 14:50:35 +00:00
Michael Lippautz
4d9f09b513 [heap] Add support for non-API wrapper types
Adds support for tracing wrappers of the following types:
- JSArrayBuffer
- JSDataView
- JSTypedArray

Unlike API objects, these objects are equipped with embedder fields at compile
time and can thus be attached to Blink objects at any time.

Bug: chromium:885125, chromium:843903
Change-Id: If2dab4831f42a4edc0748b7071d451fe1953f076
Reviewed-on: https://chromium-review.googlesource.com/1234418
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56092}
2018-09-20 14:39:22 +00:00
Yang Guo
95a979e02d Call into C++ to compute seeded integer hash
R=bmeurer@chromium.org

Bug: chromium:680662
Change-Id: I8dace89d576dfcc5833fd539ce698a9ade1cb5a0
Reviewed-on: https://chromium-review.googlesource.com/1235928
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56091}
2018-09-20 14:34:48 +00:00
Benedikt Meurer
2c40c5250b [turbofan] Test coverage for SpeculativeNumberAdd/Subtract in SimplifiedLowering.
This adds missing test coverage for corner cases of SpeculativeNumberAdd
and SpeculativeNumberSubtract inside of SimplifiedLowering. This was
discovered to be untested by the coverage bot.

Bug: v8:8015
Change-Id: I7355b1b840a76bc12bd911adb6c2d88f05d816c5
Reviewed-on: https://chromium-review.googlesource.com/1236256
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56090}
2018-09-20 14:23:34 +00:00
Georg Neis
75b851dbc6 [turbofan] Improve heap broker tracing.
Bug: v8:7790
Change-Id: Ie8b4c84188a123ddec99c65146ddd7c70e1f1b05
Reviewed-on: https://chromium-review.googlesource.com/1236073
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56089}
2018-09-20 14:17:31 +00:00
Ross McIlroy
80195fc58d [Compile] Refactor CompilerDispatcher for inner function compilation jobs
Refactors the CompilerDispatcher to be able to enqueue eager inner functions
for off-thread compilation during top-level compilation of a script.

Unoptimized compile jobs are simplified to only have two phases - compile
and finalization. Only finalization requires heap access (and therefore
needs to be run on the main thread). The change also introduces a requirement
to register a SFI with a given compile job after that job is posted, this
is due to the fact that an SFI won't necessarily exist at the point the job
is posted, but is created later when top-level compile is being finalized.
Logic in the compile dispatcher is update to deal with the fact that a job
may not be able to progress if it doesn't yet have an associated SFI
registered with it.

BUG=v8:8041

Change-Id: I66cccd626136738304a7cab0e501fc65cf342514
Reviewed-on: https://chromium-review.googlesource.com/1215782
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56088}
2018-09-20 14:06:39 +00:00
Benedikt Meurer
a50baa246e [turbofan] Reduce DataView access code duplication.
Part of https://chromium-review.googlesource.com/1231994 that landed
earlier, but was reverted due to breakage. Landing this cleanup
separately instead.

Drive-by-fix: Also add test coverage for the cases that weren't covered
properly (according to the test coverage bot).

Bug: chromium:225811, v8:8015
Change-Id: I9c13ed5fcf0ba9e6b190489e15df86970eafdc13
Reviewed-on: https://chromium-review.googlesource.com/1236213
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56087}
2018-09-20 14:05:25 +00:00
Jakob Gruber
7add73d471 [ia32,root] Port InternalArrayConstructor{,Impl}
Drive-by: Clarify code that initializes the allocation site argument
of ArrayNArgumentsConstructor to undefined. Until now, this was done
in InternalArrayConstructor prior to calling the Impl builtin. But the
allocation site is not part of the Impl interface descriptor and
worked only by chance since we did not clobber the register. Also, the
argument is only needed for the path that calls
ArrayNArgumentsConstructor and can be omitted elsewhere. This CL pulls
initialization to just before the final call.

Bug: v8:6666
Change-Id: I24471ca0291a83dfad7af4cc11d699c8923117ec
Reviewed-on: https://chromium-review.googlesource.com/1235917
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56086}
2018-09-20 13:27:50 +00:00
Simon Zünd
29fa45ce53 [ia32, root] Preserve 'ebx' in ReflectApply
R=jgruber@chromium.org

Bug: v8:6666
Change-Id: Icdf9ab0770cc4d6dd1c7c3a3911ffcc7a493d127
Reviewed-on: https://chromium-review.googlesource.com/1233915
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56085}
2018-09-20 13:15:45 +00:00
Clemens Hammacher
e4949df359 [wasm] Reduce memory reservation limit
The n5x bot fails to *allocate* more memory just before we reach the
soft limit of 512 GiB for *reserved* memory. Thus reduce it a bit. This
still leaves enough room for ~38 wasm memories with full guard regions.

R=ahaas@chromium.org

Bug: v8:8196
Change-Id: I6049e2baa3fc8b99c9269f8cb7c013a6e77ebf9b
Reviewed-on: https://chromium-review.googlesource.com/1235924
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56084}
2018-09-20 13:06:55 +00:00
Mathias Bynens
1b7abc42be [regexp] Expand test coverage for sequence properties
Port the remaining tests from:
https://chromium-review.googlesource.com/c/v8/v8/+/1227974/1/test/mjsunit/harmony/regexp-property-emoji-flag-sequence-generated.js#9

Bug: v8:7467
Change-Id: Ib187c93cb38befbbba31bdf93a0f5d8f1bee3d13
Reviewed-on: https://chromium-review.googlesource.com/1230098
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56083}
2018-09-20 13:00:35 +00:00
Sigurd Schneider
3424fb9b05 [ia32,root] Preserve kRootRegister (ebx) in InterpreterPush variants
This CL ensures that the following builtins preserve
the kRootRegister (ebx):

InterpreterPushUndefinedAndArgsThenCall
InterpreterPushArgsThenCallWithFinalSpread
InterpreterPushArgsThenConstruct
InterpreterPushArgsThenConstructArrayFunction
InterpreterPushZeroAndArgsAndReturnAddress
InterpreterPushArgsThenConstructWithFinalSpread

Bug: v8:6666
Change-Id: I026654b981276c7d435c18c9eedef3f5d33b6533
Reviewed-on: https://chromium-review.googlesource.com/1233754
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56082}
2018-09-20 12:59:30 +00:00
Jakob Gruber
64b4f6e1b5 [ia32,root] Port four more trivial builtins
FrameDropperTrampoline
HandleDebuggerStatement
InstantiateAsmJs
NotifyDeoptimized

Bug: v8:6666
Change-Id: I4189e5dcf82eddd1dbce43b10b04c8e6a980123c
Reviewed-on: https://chromium-review.googlesource.com/1235922
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56081}
2018-09-20 12:58:24 +00:00
Jaroslav Sevcik
194e6c4ff9 [turbofan] Avoid redundant hash lookups in the broker.
This saves about 10% time in the initial copy of standard objects
in the TypeScript benchmark.

Bug: v8:7790
Change-Id: I2e725d43972db9598285f84fbba3c167cf8716b7
Reviewed-on: https://chromium-review.googlesource.com/1235657
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56080}
2018-09-20 12:57:20 +00:00
Jakob Gruber
805508fe74 [ia32,root] Port InterpreterEnterBytecode variants
Bug: v8:6666
Change-Id: Ib189d5bb2d6c9942e7223f0783f1c1fe1fc9aaa4
Reviewed-on: https://chromium-review.googlesource.com/1236093
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56079}
2018-09-20 12:56:15 +00:00
Jakob Gruber
586e87781a [ia32,root] Port WasmCompileLazy, ResumeGeneratorTrampoline
Bug: v8:6666
Change-Id: I427bb8e54a79eb3d7ee226da2f4d90ab4886e353
Reviewed-on: https://chromium-review.googlesource.com/1233656
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56078}
2018-09-20 12:55:10 +00:00
Benedikt Meurer
65276678d0 [turbofan] Add (missing) test coverage for Math.imul().
According to the coverage bot, there's some lack of test coverage for
corner cases of Math.imul(). Add the missing test coverage and also
add some coverage for the generally interesting cases.

Bug: v8:8015
Change-Id: I2a917283b4777510fb5db421a039ff0de9b2a25f
Reviewed-on: https://chromium-review.googlesource.com/1235577
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56077}
2018-09-20 12:54:05 +00:00
Benedikt Meurer
44c24bf827 [cleanup] Remove a lot of dead intrinsics/runtime functions.
The following runtime functions (and their intrinsic counter parts) are
completely unused/obsolete by now

  - %ToInteger
  - %GeneratorGetInputOrDebugPos

and in addition the intrinsics for %_ToNumber and %_IsJSProxy are also
dead (according to code coverage and manual verification), so drop them
as well (their runtime function counterparts are still somewhat used).

Bug: v8:8015
Change-Id: I60d53762dd9717fb43de38cb490b46676c467212
Reviewed-on: https://chromium-review.googlesource.com/1235923
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56076}
2018-09-20 12:48:57 +00:00
Sigurd Schneider
b453a10d03 [ia32,root] Preserve kRootRegister (ebx) in CallBoundFunction
Bug: v8:6666
Change-Id: I5c75eda044312bba6be1ce6bf71afbfe94534afc
Reviewed-on: https://chromium-review.googlesource.com/1233674
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56075}
2018-09-20 12:45:12 +00:00
Maya Lekova
03936bcf78 [turbofan] Reserve larger initial size for JSHeapBroker refs map
This change introduces an initial size of 1000 for the refs map
(obtained by observing the typical size for compiling an empty function),
which reduces the time taken by "serialize standard objects" on TypeScript
benchmark from ~100ms to ~75ms (25% improvement).

Bug: v8:7790
Change-Id: I5e2d9036ad14ee0eafcd161ca913e770c468ef86
Reviewed-on: https://chromium-review.googlesource.com/1235918
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56074}
2018-09-20 12:21:34 +00:00
Benedikt Meurer
ed9551eba4 [cleanup] Remove dead %IsDebugActive() runtime function/intrinsic.
This is not used at all anymore and can thus be removed.

Bug: v8:8015
Change-Id: Ifebe576dd84cbdbd77bf9ca54d479050e3174d2b
Reviewed-on: https://chromium-review.googlesource.com/1235920
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56073}
2018-09-20 12:14:59 +00:00
Benedikt Meurer
3a9466a89c [turbofan] Unify RedundancyElimination for speculative number operations.
Remove the NumberConstant right hand side limitation for the speculative
number operation optimization, and extend the logic to also deal with
SpeculativeToNumber, which is common when dealing with postfix increment
and array operations.

Also add appropriate tests for all the relevant cases, specifically we
mjsunit tests to increase the general coverage for the various cases
here (in addition to dedicated unittests).

Bug: v8:8015
Change-Id: I8c92f98490c63b07eb19686efd404322979e57c4
Reviewed-on: https://chromium-review.googlesource.com/1235919
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56072}
2018-09-20 12:08:55 +00:00
Sigurd Schneider
defd47b7b0 [ia32,root] Preserve kRootRegister in Call_Receiver variants
This CL ensures the kRootRegister (ebx) is preserved in

Call_ReceiverIsNullOrUndefined
Call_ReceiverIsNotNullOrUndefined
Call_ReceiverIsAny

Bug: v8:6666
Change-Id: Ifef8ba544110c45810a8f895869acdd5b61d1d5d
Reviewed-on: https://chromium-review.googlesource.com/1233597
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56071}
2018-09-20 12:05:50 +00:00
Michael Achenbach
a1052fd0cd [test] Add missing resource for test on Android
This is for fixing:
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Android%20Arm64%20-%20N5X/871

TBR=sbc@chromium.org
NOTRY=true

Bug: v8:8020
Change-Id: I48180f3e24fbabfbc673890252a1067ef63d82a2
Reviewed-on: https://chromium-review.googlesource.com/1235578
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56070}
2018-09-20 11:58:46 +00:00
Sigurd Schneider
f05cffdf74 [ia32,root] Preserve kRootRegister (ebx) in JSConstructStubGeneric
Bug: v8:6666
Change-Id: Ifffca8d91c482026e9e7eee09bb5d6ce3e87e212
Reviewed-on: https://chromium-review.googlesource.com/1233598
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56069}
2018-09-20 11:57:17 +00:00
Yang Guo
3833fef573 Refactor integer hashing function names
We now clearly differentiate between:
- unseeded hash for 32-bit integers
- unseeded hash for 64-bit integers
- seeded hash for 32-bit integers
- seeded hash for strings


R=bmeurer@chromium.org

Bug: chromium:680662
Change-Id: I7459958c4158ee3501c962943dff8f33258bb5ce
Reviewed-on: https://chromium-review.googlesource.com/1235973
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56068}
2018-09-20 11:43:13 +00:00
Igor Sheludko
2fde54330a [cleanup] Move enum Heap::RootListIndex to enum class RootIndex
and introduce RootsTable - a V8 heap roots storage.

So, the renaming part looks like this:
  Heap::RootListIndex -> RootIndex
  Heap::kBlahBlahRootIndex -> RootIndex::kBlahBlah

Bug: v8:8015, v8:8182
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I38e1f3e3f6813ef35e37b0bed35e9ae14a62134f
Reviewed-on: https://chromium-review.googlesource.com/1234613
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56067}
2018-09-20 11:16:05 +00:00
Maya Lekova
6989ec70a9 [turbofan] Move JSHeapBroker and CompilationDependencies to another zone
To make code consistent with fef047a4a5
JSHeapBroker and CompilationDependencies are now being allocated and are using
OptimizedCompilationInfo's zone, which is shared between compiler stages.

Bug: v8:7790
Change-Id: If622ce8b39587ff1c87700ab70e9bd4bc1acc68f
Reviewed-on: https://chromium-review.googlesource.com/1233616
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56066}
2018-09-20 11:15:00 +00:00
Florian Sattler
a8340d5eac [cleanup] Refactor second batch of general classes to use default members.
Fixing clang-tidy warning.

Bug: v8:8015
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ibc5124e06f5774e7695029e2d21084a7efb965e6
Reviewed-on: https://chromium-review.googlesource.com/1224412
Commit-Queue: Florian Sattler <sattlerf@google.com>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56065}
2018-09-20 10:34:28 +00:00