Commit Graph

42732 Commits

Author SHA1 Message Date
Eric Holk
1f99c66b56 [wasm] always allocate memory when guard regions are needed
When using trap handlers, memory references do not get any checks inserted. This
means there is no check for a null memory as happens when the memory size is
0. Normally this would be correctly caught as an out of bounds access, since the
low memory addresses are not normally mapped. However, if they were mapped for
some reason, we would not catch the out of bounds access.

The fix is to ensure WebAssembly instances always have a guard region even if
the memory is size 0.

Bug: chromium:769637
Change-Id: I2d0f8c107563236c3780eb7746c2f820e319c65f
Reviewed-on: https://chromium-review.googlesource.com/693137
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48240}
2017-09-29 20:24:04 +00:00
Jakob Kummerow
4ff45e5120 [bigint] Fix ToStringBasePowerOfTwo for multi-digit BigInts
It was working fine for bases 2, 4, and 16; but not for 8 and 32.
We have to take carryover from one digit to the next into account
when bits_per_character is not a divisor of kDigitBits.

Bug: v8:6791
Change-Id: Ia2cd13bdddb04b8abf1e4381e66ba4c88826fbf9
Reviewed-on: https://chromium-review.googlesource.com/685813
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48239}
2017-09-29 19:31:54 +00:00
Michael Lippautz
f2414988ee [heap] Scavenger: Move internal declarations into class
Bug: chromium:738865
Change-Id: I070982d8a4fe2595673ca727973ad8b723050c2f
Reviewed-on: https://chromium-review.googlesource.com/692255
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48238}
2017-09-29 17:03:32 +00:00
Toon Verwaest
1067026ff1 Remove ComputeFlags, simply pass in Code::Kind instead of Code::Flags
TBR: ofrobots@google.com, yangguo@chromium.org
Bug: 
Change-Id: I6cb0704acabf9a7f2334de539a6600db8607baef
Reviewed-on: https://chromium-review.googlesource.com/691720
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48237}
2017-09-29 15:37:27 +00:00
Michael Achenbach
879ac56890 [build] Update DEPS to reference new catapult repo location
This ports:
https://chromium-review.googlesource.com/c/chromium/src/+/688742

TBR=agable@chromium.org

Bug: chromium:731091
Change-Id: I99b6bfcc769a5f3c429668c2d36518bcac80f3cf
Reviewed-on: https://chromium-review.googlesource.com/692634
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48236}
2017-09-29 15:08:12 +00:00
Yang Guo
90e764b257 [debug] remove --block-coverage.
Change the default to false. Block coverage will need to be
enabled explicitly via inspector protocol, which is already
being done.

R=franzih@chromium.org

Bug: v8:6738
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I08684ce7b501981bc376a6bc6181fabac9628a63
Reviewed-on: https://chromium-review.googlesource.com/689234
Reviewed-by: Franziska Hinkelmann <franzih@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48235}
2017-09-29 14:27:52 +00:00
Georgia Kouveli
b455ec1130 Revert "[arm64] Add slot copier to masm and use in builtins"
This reverts commit 1cc93be0f1.

Reason for revert: http://crbug.com/769976

Original change's description:
> [arm64] Add slot copier to masm and use in builtins
> 
> Abstract some stack slot copies through a macro assembler function. This
> eliminates some non-paired stack operations.
> 
> Bug: v8:6644
> Change-Id: Icaa3ebb1bec42587ad461bd548a4225c7b4e5d15
> Reviewed-on: https://chromium-review.googlesource.com/685238
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
> Cr-Commit-Position: refs/heads/master@{#48177}

TBR=rmcilroy@chromium.org,martyn.capewell@arm.com,bmeurer@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:6644
Change-Id: I9044df7c2be028748d85b7007008331a2aa8173f
Reviewed-on: https://chromium-review.googlesource.com/691874
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48234}
2017-09-29 14:04:52 +00:00
Yang Guo
a7717bdfb3 [debug] no longer iterate the heap to find optimized code.
And some refactoring to the existing code for LiveEdit.

R=jarin@chromium.org

Change-Id: Ic1d626db9722b39cbcd83bf6878fc24d6094e612
Reviewed-on: https://chromium-review.googlesource.com/687014
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48233}
2017-09-29 13:35:07 +00:00
Tobias Tebbi
3c4bc27f13 Reland "[turbofan] eagerly prune None types and deadness from the graph"
This is a reland of e1cdda2512
Original change's description:
> [turbofan] eagerly prune None types and deadness from the graph
> 
> In addition to using the {Dead} node to prune dead control nodes and nodes that 
> depend on them, we introduce a {DeadValue} node representing an impossible value 
> that can occur at any position in the graph. The extended {DeadCodeElimination}
> prunes {DeadValue} and its uses, inserting a crashing {Unreachable} node into
> the effect chain when possible. The remaining uses of {DeadValue} are handled
> in {EffectControlLinearizer}, where we always have access to the effect chain.
> In addition to explicitly introduced {DeadValue} nodes, we consider any value use
> of a node with type {None} as dead.
> 
> Bug: chromium:741225
> Change-Id: Icc4b636d1d018c452ba1a2fa7cd3e00e522f1655
> Reviewed-on: https://chromium-review.googlesource.com/641250
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48208}

Bug: chromium:741225
Change-Id: I21316913dae02864f7a6d7c9269405a79f054138
Reviewed-on: https://chromium-review.googlesource.com/692034
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48232}
2017-09-29 13:34:02 +00:00
Marja Hölttä
a02580636f [parser] Skipping inner funcs: Make the data on heap smaller.
We were unnecessarily storing everything as uint32_t, even though many items in
the preparsed scope data can be stored as uint8_t. This CL also adds an
(internal) API which abstracts away the actual data storing, so the backing
store can be made even more efficient (e.g., use only 1-3 bytes for some
uint32_t values, if they fit) without affecting other parts of the code.

BUG=v8:5516,chromium:762492

Change-Id: I7cd4d91dc11f87f8aec9c7584044a6f2a59b73ba
Reviewed-on: https://chromium-review.googlesource.com/684182
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48231}
2017-09-29 13:31:13 +00:00
Predrag Rudic
d2e22dbf6d MIPS[64]: Implement MSA 2RF instructions for V8 builtin simulator
Change-Id: Id2eef89f0eba3c59bcdb490e7d986b4b3af0ff9b
Reviewed-on: https://chromium-review.googlesource.com/657677
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@imgtec.com>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@imgtec.com>
Cr-Commit-Position: refs/heads/master@{#48230}
2017-09-29 13:22:42 +00:00
Marja Hölttä
fcb89f5515 [unicode] Add tests for UTF-8 decoders + minor cleanups.
Verify that both UTF-8 decoders (incremental and non-incremental one) match the
expectations.

Also cleanup / harden the UTF-8 handling code, as suggested in
https://chromium-review.googlesource.com/c/v8/v8/+/671020/ .


BUG=chromium:765608

Change-Id: I6344d62ca15b75ac8e333421c94c4aa35ab8190d
Reviewed-on: https://chromium-review.googlesource.com/681217
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48229}
2017-09-29 13:18:52 +00:00
Ilija Pavlovic
8b749bf9ec MIPS: [wasm] Allow traps in tests with many parameters in cctests
Port for: https://chromium-review.googlesource.com/c/v8/v8/+/684017

TEST=cctest/test-run-wasm-64/RunWasmCompiled_Regression_6858
BUG=

Change-Id: Ib9640853ea15d73967683c1315e6b54b5b6cc3be
Reviewed-on: https://chromium-review.googlesource.com/689794
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@imgtec.com>
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@imgtec.com>
Cr-Commit-Position: refs/heads/master@{#48228}
2017-09-29 12:02:21 +00:00
Ulan Degenbaev
7c1b01154a [heap] Enable concurrent marking on all platforms.
Bug: chromium:694255
Change-Id: Ie596e02207f13762dbfa77e4fe65950913302b47
Reviewed-on: https://chromium-review.googlesource.com/690075
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48227}
2017-09-29 11:38:50 +00:00
Michael Achenbach
5005a62fe0 [build] Deprecate windows toolchain support with GYP
Bug: chromium:645094
Change-Id: I04a7f6a4073a6a5c81546863d6f1f371fc74e65d
Reviewed-on: https://chromium-review.googlesource.com/691836
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48226}
2017-09-29 11:18:20 +00:00
Daniel Clifford
24714efa59 Remove unused parameter from AllocateUninitializedJSArray* variants
Change-Id: I9eec3c31cdf1441d3187e5d882ca4b88e7b698e7
Reviewed-on: https://chromium-review.googlesource.com/691726
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48225}
2017-09-29 11:01:30 +00:00
Ulan Degenbaev
69aa6e5736 [heap] Ensure that VisitFixedArray pushes grey or black array
in marking worklist.

Bug: chromium:769173
Change-Id: I4b3ce27d37bec19ec5cc342b4d26a2a45af34b5f
Reviewed-on: https://chromium-review.googlesource.com/691728
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48224}
2017-09-29 10:58:00 +00:00
Clemens Hammacher
cbaa568275 [wasm] Fix function compilation profiling
We had dangling pointers by storing a raw pointer and then discarding
the unique_ptr holding it alive, and we had lots of redundant
information there.
This CL refactors the interface to take a format string and a variable
number of argument.

R=titzer@chromium.org

Change-Id: I8eb6ccd19d307e2477c97a3e5e7f537b5671a891
Reviewed-on: https://chromium-review.googlesource.com/690196
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48223}
2017-09-29 10:30:40 +00:00
Toon Verwaest
04afb10f35 Migrate StringLengthStub to TF builtin
Bug: 
Change-Id: I58ce9a0f42dfa81c8e8affa2377c5cc0d08a35e2
Reviewed-on: https://chromium-review.googlesource.com/691714
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48222}
2017-09-29 10:21:41 +00:00
Michael Achenbach
0a346fc264 Reland "[build] Switch windows default compilation to MSVS 2017"
This is a reland of a0d2ffb661

This also relands:
https://chromium-review.googlesource.com/c/v8/v8/+/684215

Original change's description:
> [build] Switch windows default compilation to MSVS 2017
> 
> Bug: v8:6857
> Change-Id: Icab007681753c6f8143147ea8b2c1b06bf325d92
> Reviewed-on: https://chromium-review.googlesource.com/686900
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48196}

TBR=sergiyb@chromium.org

Bug: v8:6857
Change-Id: I7e8f560dbb4fcf4f937f8494fb01c802201cf236
Reviewed-on: https://chromium-review.googlesource.com/691834
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48221}
2017-09-29 09:36:49 +00:00
Ross McIlroy
22e3211d9f [compiler] Remove script() from CompilationInfo
Removes script() from CompilationInfo since it might not be created when
compiling from a background thread.

BUG=v8:5203

Change-Id: Ic36fd04cf4792336707b2d3715d47c59b6a97faf
Reviewed-on: https://chromium-review.googlesource.com/690299
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48220}
2017-09-29 09:33:59 +00:00
Toon Verwaest
8f06e08a21 Replace Code::HANDLER by Code::BUILTIN or Code::STUB
Bug: 
Change-Id: I644c9f8b9ab3bd4250809ee557ec34ee738f5244
Reviewed-on: https://chromium-review.googlesource.com/691654
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48219}
2017-09-29 08:54:39 +00:00
Benedikt Meurer
b6e1c4e242 [turbofan] Avoid map check for copy-on-write constant-folding.
When loading a known value from a JSArray with a copy-on-write backing
store, we don't need to actually do a map check on the JSArray, but just
check that the backing store didn't change in the meantime.

R=jarin@chromium.org

Bug: v8:6816, v8:6815
Change-Id: I6764f3b8af7d4c17b9f6d2396555b584eae08176
Reviewed-on: https://chromium-review.googlesource.com/691721
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48218}
2017-09-29 08:39:19 +00:00
Michael Achenbach
2218522bb7 Revert "[build] Remove unused toolchain update script"
This reverts commit c6c6cdb96a.

Reason for revert: Missed this:
https://cs.chromium.org/chromium/src/v8/gypfiles/gyp_environment.py?q=gypfiles/gyp_environment&sq=package:chromium&l=13

Original change's description:
> [build] Remove unused toolchain update script
> 
> TBR=sergiyb@chromium.org
> 
> Bug: v8:6857
> Change-Id: I2b02d3352e5b13b73ed74a76405e15c266593873
> Reviewed-on: https://chromium-review.googlesource.com/690079
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48216}

TBR=machenbach@chromium.org,sergiyb@chromium.org

Change-Id: I255161b348ac2732cb350ebf8039050ca864f857
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6857
Reviewed-on: https://chromium-review.googlesource.com/691835
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48217}
2017-09-29 08:24:48 +00:00
Michael Achenbach
c6c6cdb96a [build] Remove unused toolchain update script
TBR=sergiyb@chromium.org

Bug: v8:6857
Change-Id: I2b02d3352e5b13b73ed74a76405e15c266593873
Reviewed-on: https://chromium-review.googlesource.com/690079
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48216}
2017-09-29 08:15:27 +00:00
Toon Verwaest
92b21548f8 Migrate AllocateHeapNumberStub to TF builtin
Bug: 
Change-Id: Ib888e52c7ad98e3b7419a3a5b4eabbe07f37d796
Reviewed-on: https://chromium-review.googlesource.com/691656
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48215}
2017-09-29 07:02:16 +00:00
Toon Verwaest
36f4c0f64b [cleanup] remove unused ExpectedStubMiss
Bug: 
Change-Id: I0cc16f129dc4bd49abd04b8f6fa22102dab61c9b
Reviewed-on: https://chromium-review.googlesource.com/691655
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48214}
2017-09-29 06:35:55 +00:00
Mostyn Bramley-Moore
d6ead37d26 [jumbo] add unittests jumbo support
TBR=jkummerow@chromium.org

Bug: chromium:746958
Change-Id: I7500b6206c4ceb087672de5b61b7e7ad234bb425
Reviewed-on: https://chromium-review.googlesource.com/690397
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48213}
2017-09-28 22:19:40 +00:00
Mostyn Bramley-Moore
e52b4a6284 Update AUTHORS file for Vewd Software
Formerly known as Opera TV.

Change-Id: If141d86e744f3ea9dc9605f6d2b35fc78d291a69
Reviewed-on: https://chromium-review.googlesource.com/683175
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Mostyn Bramley-Moore <mostynb@vewd.com>
Cr-Commit-Position: refs/heads/master@{#48212}
2017-09-28 17:25:36 +00:00
Mircea Trofin
1cb0b9bf6a [wasm] Rename Release to Merge in the DisjointAllocationPool
Merge better captures the upcoming usecase in the wasm native heap,
where allocating/freeing is moving the accounting of memory from
a free list to an allocated list and vice-versa - making 'Release'
an odd API when allocating.

Bug: 
Change-Id: I9010959c91a1e8585eb06303ab06078132a03f60
Reviewed-on: https://chromium-review.googlesource.com/688004
Reviewed-by: Eric Holk <eholk@chromium.org>
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48211}
2017-09-28 17:24:22 +00:00
Clemens Hammacher
324e0a7adb Revert "[turbofan] eagerly prune None types and deadness from the graph"
This reverts commit e1cdda2512.

Reason for revert: Fails 'constructor-inlining' on GC-Stress bot: https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/15270

Original change's description:
> [turbofan] eagerly prune None types and deadness from the graph
> 
> In addition to using the {Dead} node to prune dead control nodes and nodes that 
> depend on them, we introduce a {DeadValue} node representing an impossible value 
> that can occur at any position in the graph. The extended {DeadCodeElimination}
> prunes {DeadValue} and its uses, inserting a crashing {Unreachable} node into
> the effect chain when possible. The remaining uses of {DeadValue} are handled
> in {EffectControlLinearizer}, where we always have access to the effect chain.
> In addition to explicitly introduced {DeadValue} nodes, we consider any value use
> of a node with type {None} as dead.
> 
> Bug: chromium:741225
> Change-Id: Icc4b636d1d018c452ba1a2fa7cd3e00e522f1655
> Reviewed-on: https://chromium-review.googlesource.com/641250
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48208}

TBR=jarin@chromium.org,tebbi@chromium.org

Change-Id: I9c175d47e2ee4b11a36ed90421202f2354610398
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:741225
Reviewed-on: https://chromium-review.googlesource.com/690080
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48210}
2017-09-28 16:58:15 +00:00
Enrico Bacis
6cd7a5a73a [wasm] Introduce the WasmContext
The WasmContext struct introduced in this CL is used to store the
mem_size and mem_start address of the wasm memory. These variables can
be accessed at C++ level at graph build time (e.g., initialized during
instance building). When the GrowMemory runtime is invoked, the context
variables can be changed in the WasmContext at C++ level so that the
generated code will load the correct values.

This requires to insert a relocatable pointer only in the
JSToWasmWrapper (and in the other wasm entry points), the value is then
passed from function to function as an automatically added additional
parameter. The WasmContext is then dropped when creating an Interpreter
Entry or when invoking a JavaScript function. This removes the need of
patching the generated code at runtime (i.e., when the memory grows)
with respect to WASM_MEMORY_REFERENCE and WASM_MEMORY_SIZE_REFERENCE.
However, we still need to patch the code at instance build time to patch
the JSToWasmWrappers; in fact the address of the WasmContext is not
known during compilation, but only when the instance is built.

The WasmContext address is passed as the first parameter. This has the
advantage of not having to move the WasmContext around if the function
does not use many registers. This CL also changes the wasm calling
convention so that the first parameter register is different from the
return value register. The WasmContext is attached to every
WasmMemoryObject, to share the same context with multiple instances
sharing the same memory. Moreover, the nodes representing the
WasmContext variables are cached in the SSA environment, similarly to
other local variables that might change during execution.  The nodes are
created when initializing the SSA environment and refreshed every time a
grow_memory or a function call happens, so that we are sure that they
always represent the correct mem_size and mem_start variables.

This CL also removes the WasmMemorySize runtime (since it's now possible
to directly retrieve mem_size from the context) and simplifies the
GrowMemory runtime (since every instance now has a memory_object).

R=ahaas@chromium.org,clemensh@chromium.org
CC=gdeepti@chromium.org

Change-Id: I3f058e641284f5a1bbbfc35a64c88da6ff08e240
Reviewed-on: https://chromium-review.googlesource.com/671008
Commit-Queue: Enrico Bacis <enricobacis@google.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48209}
2017-09-28 16:14:03 +00:00
Tobias Tebbi
e1cdda2512 [turbofan] eagerly prune None types and deadness from the graph
In addition to using the {Dead} node to prune dead control nodes and nodes that 
depend on them, we introduce a {DeadValue} node representing an impossible value 
that can occur at any position in the graph. The extended {DeadCodeElimination}
prunes {DeadValue} and its uses, inserting a crashing {Unreachable} node into
the effect chain when possible. The remaining uses of {DeadValue} are handled
in {EffectControlLinearizer}, where we always have access to the effect chain.
In addition to explicitly introduced {DeadValue} nodes, we consider any value use
of a node with type {None} as dead.

Bug: chromium:741225
Change-Id: Icc4b636d1d018c452ba1a2fa7cd3e00e522f1655
Reviewed-on: https://chromium-review.googlesource.com/641250
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48208}
2017-09-28 15:42:02 +00:00
Toon Verwaest
6e68a28bfc Replace specific IC Code::Kind with Code::STUB
Bug: 
Change-Id: I41d3f3086f5e90a1a1579c18eca59b5d098f637f
Reviewed-on: https://chromium-review.googlesource.com/690374
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48207}
2017-09-28 15:40:41 +00:00
Yang Guo
64b67ddad5 Prevent unitialized variable.
R=hablich@chromium.org

Bug: chromium:646005
Change-Id: I425111cb393d0119fa18fbe14bc32d5e7560b181
Reviewed-on: https://chromium-review.googlesource.com/667157
Commit-Queue: Michael Hablich <hablich@chromium.org>
Reviewed-by: Michael Hablich <hablich@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48206}
2017-09-28 14:27:21 +00:00
Martyn Capewell
193dcf7693 [arm64] Pair some pushes and delete unused code
Pair some stack ops so that they deal with an even numbers of registers, add
padding around profile entry calls, and delete some unused macro assembler code.

Bug: v8:6644
Change-Id: I5a5529f04738ba2a2fdb1b0d4ee93c567a3c504e
Reviewed-on: https://chromium-review.googlesource.com/686823
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/master@{#48205}
2017-09-28 13:36:17 +00:00
Ben L. Titzer
afb7bdc46a [wasm] Move compilation methods to module-compiler.h
Note that this also makes it possible to move several classes
into the module-compiler.cc file and inline their implementations.

This also allows removing several uses of wasm-module.h from
other places in V8 that include wasm-objects.h.

R=yangguo@chromium.org,clemensh@chromium.org,ahaas@chromium.org

Bug: 
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I303ee2bb49dc53c951d377a1b65699c1e0e91da7
Reviewed-on: https://chromium-review.googlesource.com/687494
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48204}
2017-09-28 13:14:26 +00:00
Marja Hölttä
40856948a6 [parser] Skipping inner funcs: Turn off FLAG_preparser_scope_analysis.
For sorting out regressions.

BUG=v8:5516

Change-Id: I117667346b5de33c1cadd250e4a0d4f2dc807227
Reviewed-on: https://chromium-review.googlesource.com/690077
Reviewed-by: Michael Hablich <hablich@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48203}
2017-09-28 12:41:56 +00:00
Michael Starzinger
4ba6f15ece [objects] Remove obsolete uses of {ReplaceCode} methods.
R=rmcilroy@chromium.org

Change-Id: Id568afef0d6ac68170faa33ad9ab4bba97d40ce9
Reviewed-on: https://chromium-review.googlesource.com/690294
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48202}
2017-09-28 12:37:46 +00:00
Toon Verwaest
b8b25e1c27 [ic] Remove extra-ic-state and Map::code_cache
There are only very few custom compiled IC handlers left that go in there, and for each compiled handler we only have 1 cache hit on top25; maximally saving 60ms over 33s. Additionally we'll migrate the remaining handlers to data-driven handlers anyway. Let's try to remove this code.

Bug: 
Change-Id: Ib874cc498015046a3ff67c83ea8b10b3c4eb7d0f
Reviewed-on: https://chromium-review.googlesource.com/668409
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48201}
2017-09-28 11:24:12 +00:00
Peter Marshall
690d52afa8 [cleanup] Remove List.
ZoneList still used List as a base class, so this CL merges the two
classes together. We also remove unused functions in List and ZoneList.

We keep the inline header but move it to src/zone/zone-list-inl.h. The
includes that use this header are still quite tangled, but we can fix
that later.

Bug: v8:6333
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: Ia809813834b2328ff616623f8a843812a1eb42a7
Reviewed-on: https://chromium-review.googlesource.com/681658
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48200}
2017-09-28 10:47:40 +00:00
Michael Achenbach
7e4fc16330 Revert "[build] Switch windows default compilation to MSVS 2017"
This reverts commit a0d2ffb661.

Reason for revert: Breaks CI

Original change's description:
> [build] Switch windows default compilation to MSVS 2017
> 
> Bug: v8:6857
> Change-Id: Icab007681753c6f8143147ea8b2c1b06bf325d92
> Reviewed-on: https://chromium-review.googlesource.com/686900
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48196}

TBR=machenbach@chromium.org,brucedawson@chromium.org,sergiyb@chromium.org

Change-Id: I5c961c8c28c6213014cf61ad342984193a18498e
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6857
Reviewed-on: https://chromium-review.googlesource.com/690034
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48199}
2017-09-28 10:15:24 +00:00
Michael Starzinger
ac4756360f Reland "[turbofan] Implement lowering of {JSCreateClosure}."
This is a reland of 9d3c4b4b91
Original change's description:
> [turbofan] Implement lowering of {JSCreateClosure}.
> 
> This adds support for inline allocation of {JSFunction} objects as part
> of closures instantiation for {JSCreateClosure} nodes. The lowering is
> limited to instantiation sites which have already seen more than one
> previous instantiation, this avoids the need to increment the respective
> counter.
> 
> R=jarin@chromium.org
> 
> Change-Id: I462c557453fe58bc5f09020a3d5ebdf11c2ea68b
> Reviewed-on: https://chromium-review.googlesource.com/594287
> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48176}

Change-Id: I3ec3880bea89798a34a3878e6122b95db1014151
Reviewed-on: https://chromium-review.googlesource.com/686834
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48198}
2017-09-28 10:10:42 +00:00
Peter Marshall
329f694678 [cleanup] Replace List with std::vector in api.
The members of HandleScopeImplementer are copied with memcpy when
the isolate is transferred to another thread. List contained some
primitives which allowed us to manually free the backing store, which
was needed in order to ensure that threads would not hold on to
old pointers and use them later. With std::vector, we can't do that.

Here we change the HandleScopeImplementer to instead use a custom
structure DetachableVector, which contains a std::vector but allows
manual detaching and freeing of the backing store. This allows us to
maintain the old behavior.

Bug: v8:6333
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I6361d161cdb19878ba19ed51d6ba2fae99e8cdc0
Reviewed-on: https://chromium-review.googlesource.com/660125
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48197}
2017-09-28 09:32:18 +00:00
Michael Achenbach
a0d2ffb661 [build] Switch windows default compilation to MSVS 2017
Bug: v8:6857
Change-Id: Icab007681753c6f8143147ea8b2c1b06bf325d92
Reviewed-on: https://chromium-review.googlesource.com/686900
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48196}
2017-09-28 08:47:38 +00:00
Toon Verwaest
f178361763 [ic] Make transition-code unaware of handler encodings
Bug: 
Change-Id: I6894c097a994527b5e749527966c5de6c42d964b
Reviewed-on: https://chromium-review.googlesource.com/668405
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48195}
2017-09-28 08:15:39 +00:00
Yang Guo
aaebbbaa59 Remove --string-slices and --serialize-eager.
Both flags are obsolete.

R=cbruni@chromium.org

Change-Id: I78f5980f2d0bd569b8e5f6e29539cf87293cab94
Reviewed-on: https://chromium-review.googlesource.com/684296
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48194}
2017-09-28 04:41:18 +00:00
Jakob Kummerow
d6603be47d [bigint] Fixes for issues found in local testing
- The fallback path for "digit_mul" was missing shifts
- RightTrim() could end up reading digit(-1) (i.e. the bit field)
- Add SLOW_DCHECKs to digit()/set_digit() to catch any further
  invalid-index issues

Bug: v8:6791
Change-Id: I901edfce90bb6ac11e74c3c3f577225f12bad177
Reviewed-on: https://chromium-review.googlesource.com/683796
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48193}
2017-09-28 04:35:55 +00:00
Clemens Hammacher
af85c865ba [wasm] Reduce size of ProtectedInstructionData
Since code objects cannot grow larger than 2GB anyway, it's enough to
store the instruction offset and landing pad offset as 32-bit values.
This reduces the size of the ProtectedInstructionData struct by 50%.

R=eholk@chromium.org

Bug: v8:5277
Change-Id: I4d2e0dc76b8a853fb50d51d70d5ec4038ee594ac
Reviewed-on: https://chromium-review.googlesource.com/686757
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48192}
2017-09-27 19:26:23 +00:00
Eric Holk (eholk)
46f6e24a41 [wasm] trap handlers: Factor out landing pad search code
This is the first of a series of refactoring CLs to make way for
Windows trap handling support.

See https://chromium-review.googlesource.com/c/v8/v8/+/626558 as well.

Bug: 
Change-Id: I5fe9ef9c1cec58a81e51fcffbbe4419e0e298ab7
Reviewed-on: https://chromium-review.googlesource.com/644104
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48191}
2017-09-27 19:01:01 +00:00