Commit Graph

42593 Commits

Author SHA1 Message Date
Igor Sheludko
2c22b8ecb7 [csa] Fix typo in machine graph verifier.
Bug: chromium:346399
Change-Id: I4d93dbef6deb0fee477f88e20c40106868e99dee
Reviewed-on: https://chromium-review.googlesource.com/674940
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48101}
2017-09-21 08:45:09 +00:00
Ulan Degenbaev
8c4a8250de [heap] Enable concurrent marking for x86 and x64.
Bug: chromium:694255
Change-Id: I28c8c6e5ba6c84123f3951e822c132860cb22c1d
Reviewed-on: https://chromium-review.googlesource.com/641451
Commit-Queue: Kentaro Hara <haraken@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Hannes Payer (slow) <hpayer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48100}
2017-09-21 07:01:00 +00:00
Jakob Kummerow
533e2f0b57 [bigint] Implement BigInt::Multiply
Bug: v8:6791
Change-Id: If128758e92e566603fa1e3213f42e1dd7a246793
Reviewed-on: https://chromium-review.googlesource.com/674134
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48099}
2017-09-21 06:24:00 +00:00
Ulan Degenbaev
f16b561bee Revert "Reland "[profiler] proper observation of old space inline allocations""
This reverts commit ec952aaa68.

Reason for revert: https://bugs.chromium.org/p/chromium/issues/detail?id=767144

Original change's description:
> Reland "[profiler] proper observation of old space inline allocations"
> 
> This is a reland of 672a41c3ca
> Original change's description:
> > [profiler] proper observation of old space inline allocations
> > 
> > Bug: chromium:633920
> > Change-Id: I9a2f4a89f6b9c0f63cb3b166b06a88a12f0a203c
> > Reviewed-on: https://chromium-review.googlesource.com/631696
> > Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#48043}
> 
> Bug: chromium:633920
> Change-Id: I6fe743d31b8ff26f3858488d4c014c62d3c85add
> Reviewed-on: https://chromium-review.googlesource.com/671127
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
> Cr-Commit-Position: refs/heads/master@{#48085}

TBR=ulan@chromium.org,mlippautz@chromium.org,ofrobots@google.com

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: chromium:633920
Change-Id: I576cdab4a03f9fe057ebe1bf7da9dfe3c7bf62cd
Reviewed-on: https://chromium-review.googlesource.com/676683
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48098}
2017-09-21 04:19:29 +00:00
Deepti Gandluri
327df0b8c2 [wasm] Fix memory initialization on instantiate
Memory instantiate on initialize should always patch memory
references. If memory references are not patched for no initial
memory, on subsequent calls to grow_memory in wasm functions for
instances that share a module, the references will be patched
without resetting cloned compiled values to their correct initial
values.

BUG=chromium:763439

Change-Id: I666439332379b02aa344e99d61ef3dc88ab86cc8
Reviewed-on: https://chromium-review.googlesource.com/674707
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48097}
2017-09-20 22:52:31 +00:00
Bill Budge
c701bd2ebf [Turbofan] Fix x64 128 bit swaps when AVX is not supported.
- Changes x64 AssembleSwap to push/pop to swap 128 bit slot swaps.
- Reorders instructions to simplify 32/64 bit FP slot swaps.
- Refactor ia32 version of this, eliminating OffsetOperand in favor of
  existing ToOperand.

Bug: v8:6020
Change-Id: Ie0ae4c581c9aeb88ee786797851c3c77d5210a3d
Reviewed-on: https://chromium-review.googlesource.com/669748
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48096}
2017-09-20 21:25:31 +00:00
Jakob Kummerow
21bbdec52f [turbofan] Handlify JSModuleNamespace AccessInfo computation
For consistency with surrounding handlified code. No change in
functionality intended.

Change-Id: I8501514ce9caf94fc7e6fb45162fcfd3d730efcd
Reviewed-on: https://chromium-review.googlesource.com/671671
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48095}
2017-09-20 18:58:51 +00:00
Jakob Kummerow
b361ed5135 [bigint] Expose BigInt on the global object
Along with BigInt.prototype. Their functions only have skeleton
implementations. The purpose of this change is to make it easier
to gradually increase test coverage (e.g. for toString(radix)).

Of course this is still behind the --harmony-bigint flag.

Bug: v8:6791
Change-Id: Ic307fd9165c56ac782fba18d648ce893daaa718f
Reviewed-on: https://chromium-review.googlesource.com/671209
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48094}
2017-09-20 17:52:01 +00:00
Ilija Pavlovic
ce76dd60c8 Skip WASM atomic tests on big-endian machines.
There is no support to emulate atomic WASM operations on big-endian
platforms, since this would require bit swapping as a part of atomic
operations. Therefore, cctest/test-run-wasm-atomics/* will be skipped.

TEST=cctest/test-run-wasm-atomics/*
BUG=

Change-Id: I1a8b085f816f615011788092e6fc8a8390678382
Reviewed-on: https://chromium-review.googlesource.com/671010
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@imgtec.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@imgtec.com>
Cr-Commit-Position: refs/heads/master@{#48093}
2017-09-20 12:28:37 +00:00
Nico Weber
255bf2d65a v8: Fix most -Wunreachable-code warnings.
Do this by deleting code after calls to V8_Fatal() (either through
UNREACHABLE() or FATAL()). Comments suggest that the returns there
were needed to make a compiler happy, but all compilers seem to be
happy with this change too. My guess is that either
https://codereview.chromium.org/1393023003 which marked V8_Fatal()
as noreturn, or https://chromium-review.googlesource.com/#/c/544845/
which switched to the C++11 spelling of noreturn, fixed the warnings
that the explicit code after V8_Fatal() was supposed to silence.

There's one more warning in src/compiler/machine-graph-verifier.cc,
but fixing that changes behavior.  I asked about that one in
https://codereview.chromium.org/2573573004/#msg27 instead.

Bug: chromium:346399
Change-Id: Ie9519d5432bdeaaf382e8390d8254d3b79e622e4
Reviewed-on: https://chromium-review.googlesource.com/669803
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Nico Weber <thakis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48092}
2017-09-20 11:25:51 +00:00
Clemens Hammacher
5c2ffc9c3c [wasm] Execute more tests in both interpreter and compiled
This fixes a few leftovers where we use WASM_EXEC_TEST, but then
unconditionally execute the compiled code, and also changes more tests
to use WASM_EXEC_TEST, hence run in both the interpreter and compiled
code.
Once we have land the baseline compiler, those tests will also execute
in baseline compilation mode.

R=ahaas@chromium.org

Bug: v8:6600
Change-Id: I79598df21a7538934306e01ca6593f05afe19ed3
Reviewed-on: https://chromium-review.googlesource.com/672528
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48091}
2017-09-20 09:37:21 +00:00
Ivo Markovic
fce4faafd7 MIPS[64]: Fix register validation on R6
Bug: 
Change-Id: I62414a59246af359634b1309b03216c0a5c8764b
Reviewed-on: https://chromium-review.googlesource.com/663728
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@imgtec.com>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@imgtec.com>
Cr-Commit-Position: refs/heads/master@{#48090}
2017-09-20 09:11:41 +00:00
Michael Lippautz
b2ef3777d7 [heap] Remove ProcessMarkingWorklist
Bug: chromium:758570
Change-Id: Ia2bd72c1756fbc4062c62d975e25bb0ca209a6ad
Reviewed-on: https://chromium-review.googlesource.com/674465
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48089}
2017-09-20 05:59:06 +00:00
Michael Hablich
7447fd53b5 Revert "Reland "[Memory] Move VirtualMemory out of base:: platform.""
This reverts commit f2cd10db14.

Reason for revert: Blocks the roll https://chromium-review.googlesource.com/c/chromium/src/+/674623

Original change's description:
> Reland "[Memory] Move VirtualMemory out of base:: platform."
> 
> This is a reland of 4dd293d922
> Original change's description:
> > [Memory] Move VirtualMemory out of base:: platform.
> > 
> > - Moves base::VirtualMemory to v8::internal::VirtualMemory.
> > - Makes VirtualMemory platform-independent by moving internals to new
> >   OS:: static methods, for each platform.
> > 
> > This will make it easier to delegate memory management in VirtualMemory
> > to V8::Platform, so that embedders like Blink can override it. We can't
> > depend on V8::Platform in base/platform.
> > 
> > Bug: chromium:756050
> > Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> > Change-Id: Iadfe230b6850bd917727a373f277afded9883adf
> > Reviewed-on: https://chromium-review.googlesource.com/653214
> > Commit-Queue: Bill Budge <bbudge@chromium.org>
> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#48048}
> 
> Bug: chromium:756050
> Change-Id: Ib492c7c69f1833be127a571808301e96b84b8aa2
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Reviewed-on: https://chromium-review.googlesource.com/671125
> Commit-Queue: Bill Budge <bbudge@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48084}

TBR=bbudge@chromium.org,ulan@chromium.org,hpayer@chromium.org,mlippautz@chromium.org,scottmg@chromium.org

Change-Id: I04176d77ca9ad8315b0e1bb2b21f40f2c8ab9536
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:756050
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/674843
Reviewed-by: Michael Hablich <hablich@chromium.org>
Commit-Queue: Michael Hablich <hablich@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48088}
2017-09-20 05:36:29 +00:00
Michael Lippautz
0257c539bb [heap] Remove clear on tearing down marking work list when not marking
The work list should be empty in the case we are not tearing down
during incremental marking. Explicitly clear during incremental marking
and rely on DCHECKs for the other case.

Bug: chromium:758570
Change-Id: Iecc8935f0cbfda67f0e7afde42930050e7c94d2d
Reviewed-on: https://chromium-review.googlesource.com/674504
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48087}
2017-09-20 05:28:55 +00:00
jing.bao
e80cbe03f8 Delay rhs_instance_type load until needed in StrictEqual
When var_type_feedback is nullptr and {lhs} is not a String,
rhs_instance_type is not needed.

Bug: 
Change-Id: Ia39aa39ec7ad0063d2fb9b01fd326d7993ab4d26
Reviewed-on: https://chromium-review.googlesource.com/659340
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48086}
2017-09-20 01:34:15 +00:00
Ali Ijaz Sheikh
ec952aaa68 Reland "[profiler] proper observation of old space inline allocations"
This is a reland of 672a41c3ca
Original change's description:
> [profiler] proper observation of old space inline allocations
> 
> Bug: chromium:633920
> Change-Id: I9a2f4a89f6b9c0f63cb3b166b06a88a12f0a203c
> Reviewed-on: https://chromium-review.googlesource.com/631696
> Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48043}

Bug: chromium:633920
Change-Id: I6fe743d31b8ff26f3858488d4c014c62d3c85add
Reviewed-on: https://chromium-review.googlesource.com/671127
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
Cr-Commit-Position: refs/heads/master@{#48085}
2017-09-20 01:28:55 +00:00
Bill Budge
f2cd10db14 Reland "[Memory] Move VirtualMemory out of base:: platform."
This is a reland of 4dd293d922
Original change's description:
> [Memory] Move VirtualMemory out of base:: platform.
> 
> - Moves base::VirtualMemory to v8::internal::VirtualMemory.
> - Makes VirtualMemory platform-independent by moving internals to new
>   OS:: static methods, for each platform.
> 
> This will make it easier to delegate memory management in VirtualMemory
> to V8::Platform, so that embedders like Blink can override it. We can't
> depend on V8::Platform in base/platform.
> 
> Bug: chromium:756050
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: Iadfe230b6850bd917727a373f277afded9883adf
> Reviewed-on: https://chromium-review.googlesource.com/653214
> Commit-Queue: Bill Budge <bbudge@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48048}

Bug: chromium:756050
Change-Id: Ib492c7c69f1833be127a571808301e96b84b8aa2
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/671125
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48084}
2017-09-19 18:48:07 +00:00
Jaroslav Sevcik
47b63806fc Revert "[Turbofan] Array.prototype.filter inlining."
This reverts commit 37aa13fe3b.

Reason for revert: Suspected to break 63.0.3219 Canary

Original change's description:
> [Turbofan] Array.prototype.filter inlining.
> 
> Support inlining of Array.prototype.filter in TurboFan.
> 
> Bug: v8:1956
> Change-Id: Iba4d683aaa86c6104e8a1cf4d0f549a0c516576a
> Reviewed-on: https://chromium-review.googlesource.com/657021
> Commit-Queue: Michael Stanton <mvstanton@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48040}

TBR=mvstanton@chromium.org,mstarzinger@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:1956
Change-Id: I125a8caf128890d788e040adfe2fc76bd8d1fbea
Reviewed-on: https://chromium-review.googlesource.com/672783
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48083}
2017-09-19 14:33:39 +00:00
Jaroslav Sevcik
77836fec59 [profiler] Do not log timer events when --prof is specified.
Now hopefully getting it right, but still leaving in the confusing
flag implications.

Bug: v8:6520,chromium:766162
Change-Id: Idc6dca012bf0c9777b4a75cf424410ce5914c885
Reviewed-on: https://chromium-review.googlesource.com/671022
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48082}
2017-09-19 14:00:08 +00:00
Mythri
807d0abe4f Change runtime_profiler to use bytecode array length
Runtime profiler uses bytecode array size for the tiering up decisions.
Bytecode array size includes the header size as well. Inlining
heuristics use bytecode array length instead. Bytecode array length
is just the size of bytecode not inlcuding any headers. This change
is to keep both of them in sync to avoid confusion. Also, the header
contains several pointers and hence the size changes depending on the
size of kPointerSize.

Bug: 
Change-Id: I22a9cf5e0bb9d6853c6a8be8d69c9ff459418a0d
Reviewed-on: https://chromium-review.googlesource.com/670724
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48081}
2017-09-19 13:13:58 +00:00
Clemens Hammacher
2d75dd9bbb [cleanup] [wasm] Fix (D)CHECK macros
Use the (D)CHECK_{EQ,NE,GT,...} macros instead of (D)CHECK with an
embedded comparison. This gives better error messages and also does the
right comparison for signed/unsigned mismatches.

This will allow us to reenable the readability/check cpplint check.

R=ahaas@chromium.org

Bug: v8:6837
Change-Id: Ic8966dfeacf02b2684eeef23fde99ec2be4ed81e
Reviewed-on: https://chromium-review.googlesource.com/671364
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48080}
2017-09-19 11:40:37 +00:00
Clemens Hammacher
447af335e0 [cleanup] Fix (D)CHECK macros in src/regexp
Use the (D)CHECK_{EQ,NE,GT,...} macros instead of (D)CHECK with an
embedded comparison. This gives better error messages and also does the
right comparison for signed/unsigned mismatches.

This will allow us to reenable the readability/check cpplint check.

R=jgruber@chromium.org

Bug: v8:6837
Change-Id: I9c489ac0e1b15fd4789c37fd32c9d3c76121a288
Reviewed-on: https://chromium-review.googlesource.com/671343
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48079}
2017-09-19 11:30:48 +00:00
Michael Lippautz
4e5db9a6c8 [heap] Remove marking deque overflow handling
Removes
- SequentialMarkingDeque
- The ability to handle marking deque overflow
- BlackToGrey transitions

We switched to a different marking work list on M61 that fails
in OOM upon failing to allocate Segments used in the work list.

Bug: chromium:758570
Change-Id: I66e2ab912271bf84b085dccc9b4bdd96076b64fb
Reviewed-on: https://chromium-review.googlesource.com/632676
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48078}
2017-09-19 05:20:20 +00:00
Jakob Gruber
59e4b75187 [snapshot] Refactor Serializer
This CL refactors allocation & reservation logic into a new
DefaultSerializerAllocator class.  In upcoming work, this will be
further extended by a custom allocator for builtin serialization.

Additionally, this cleans up a bunch of cosmetics (encapsulation and
other nits).

Bug: v8:6624
Change-Id: Ibcf12a525c8fcb26d9c16b7a12fd598c37a0e10a
Reviewed-on: https://chromium-review.googlesource.com/650357
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48077}
2017-09-19 04:55:41 +00:00
Eric Holk
5b127a9796 [wasm] Track and expose number of recovered Wasm faults
This is primarily to aid in testing the Wasm out of bounds trap handler.  We
keep track of how many faults have been recovered by the Wasm trap handler. This
count is exposed to JavaScript through a testing-only runtime function. This
allows tests to verify whether the trap handler is actually running.

Bug: v8:5277
Change-Id: Ie8037a36d84eb08166c6e40c7225d912683d5786
Reviewed-on: https://chromium-review.googlesource.com/665968
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48076}
2017-09-19 04:10:20 +00:00
Jakob Kummerow
52531a6b96 [bigint] Implement Add, Subtract, UnaryMinus
Bug: v8:6791
Change-Id: I058db23c03451dc5028c3d39af8607d31048295c
Reviewed-on: https://chromium-review.googlesource.com/667809
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48075}
2017-09-19 04:08:01 +00:00
Mircea Trofin
1bc42ab44c [wasm] Sanitize imports
Sanitize imports before we start the instance building process. This
avoids the possibility of exiting to JS while building instances,
and allowing JS to observe an inconsistent state of the wasm world -
e.g. incomplete specialization chains.

We now validate we never exit to JS during that process.

Bug: chromium:766260

Change-Id: I34930c8b70bdac16af464b3f62a2b6a38107acb3
Reviewed-on: https://chromium-review.googlesource.com/671480
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Reviewed-by: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48074}
2017-09-19 02:45:11 +00:00
Eric Holk
e6defddc15 [d8] zero realm_count_ on RealmScope teardown
Promises can sometimes be resolved after the RealmScope has been destroyed, such
as when a Wasm compile job finishes after the script main has finished. If the
Promise.then function refers to Realm.current, we were getting a use-after free
error when it would search for the list of realms. This change also zeros out
realm_count_ in addition to deleting the realms_ so that RealmFind will not
reference freed memory.

Bug: chromium:761710
Change-Id: I2d42997f363b284ccc5f4b225d3f59e0361e68d6
Reviewed-on: https://chromium-review.googlesource.com/671923
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48073}
2017-09-19 00:42:11 +00:00
Adam Klein
3ac1947ea7 [ast] Remove unused feedback slot for the class name variable
Also store the variable directly on ClassLiteral, as the proxy serves
as a useless form of indirection.

Bug: v8:6092
Change-Id: If0182a808cde4e349c1bf5a003a1ecee5bd14b13
Reviewed-on: https://chromium-review.googlesource.com/667800
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48072}
2017-09-18 23:32:44 +00:00
Scott Graham
a900e53f04 fuchsia: Remove scaffolding for 3-sided roll
Chromium has rolled the Fuchsia SDK, so this can be removed now, and
the new zx_, etc. names used exclusively.

Bug: chromium:765754
Change-Id: I8bd60239da7a05e62d3b8d5209e1cfe898d8052a
Reviewed-on: https://chromium-review.googlesource.com/671769
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Scott Graham <scottmg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48071}
2017-09-18 22:37:53 +00:00
Josh Wolfe
af1c9de937 ship --harmony-plural-rules
R=littledan@chromium.org, adamk@chromium.org, caitp@igalia.com
CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_trusty_blink_rel
CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_linux_noi18n_rel_ng

Bug: v8:5601
Change-Id: Ifc5fa3e9de05f64d8a6cb82d67fb272800a208a3
Reviewed-on: https://chromium-review.googlesource.com/669720
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Josh Wolfe <jwolfe@igalia.com>
Cr-Commit-Position: refs/heads/master@{#48070}
2017-09-18 20:28:34 +00:00
Josh Wolfe
f42f51448b [intl] fix off-by-1 in NumberFormat formatToParts parameter parsing
R=adamk@chromium.org, mstarzinger@chromium.org

Bug: v8:5244, chromium:765479
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I684805acc194a93b96d74e3e64834867dce78dee
Reviewed-on: https://chromium-review.googlesource.com/668677
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Commit-Queue: Josh Wolfe <jwolfe@igalia.com>
Cr-Commit-Position: refs/heads/master@{#48069}
2017-09-18 20:07:23 +00:00
Caitlin Potter
88a4cf736e [esnext] ship --harmony-async-iteration
Enable --harmony-async-iteration (Symbol.asyncIterator, async generator
syntax, and for-await-of syntax) by default, as discussed in
https://groups.google.com/forum/#!topic/v8-users/SlLEsgNv4JY

BUG=v8:5855
R=adamk@chromium.org, gsathya@chromium.org

Change-Id: I77a77124a68813431daceca1b0cbaec5af271fee
Reviewed-on: https://chromium-review.googlesource.com/668877
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48068}
2017-09-18 15:15:07 +00:00
Scott Graham
afbdd1dd49 Reland "fuchsia: Set up for 3-sided roll to convert Magenta->Zircon"
This is a reland of aabb893a32
Original change's description:
> fuchsia: Set up for 3-sided roll to convert Magenta->Zircon
> 
> Fuchsia changed their kernel name from Magenta to Zircon and all the
> functions and defines along with it. In order to be able to roll the SDK
> in Chromium, we first need to land with this define added in v8, so that
> can roll in to Chromium, then roll the Fuchsia SDK with this magic
> define set (CHROMIUM_ROLLING_MAGENTA_TO_ZIRCON), then actually update v8
> to reference zx_ instead of mx_ and roll that again.
> 
> Chromium-side for reference: https://chromium-review.googlesource.com/c/chromium/src/+/669139
> 
> Bug: chromium:765754, chromium:707030
> Change-Id: I4ed5027f455d2346f431e7c700e87693348d5b79
> Reviewed-on: https://chromium-review.googlesource.com/668751
> Reviewed-by: Bill Budge <bbudge@chromium.org>
> Commit-Queue: Scott Graham <scottmg@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48047}

TBR=bbudge@chromium.org

Bug: chromium:765754, chromium:707030
Change-Id: Ib6e99ca418af527014622614d07d295b6110f9d5
Reviewed-on: https://chromium-review.googlesource.com/670944
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48067}
2017-09-18 15:00:47 +00:00
Marja Hölttä
68310c9f69 [scanner] UTF-8 handling fix (errors near chunk end).
The bug occurred when we detected an erroneous char late, and put the last
character in a chunk into the "incomplete char" buffer. It was not correctly
retrieved when seeking.

BUG=v8:6836

Change-Id: I8ca946dfdb39244c5ca0bdcebe047047010b3a07
Reviewed-on: https://chromium-review.googlesource.com/670729
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48066}
2017-09-18 14:13:26 +00:00
Mythri
5114f14cc1 [TurboFan] Remove SetForceInline
SetForceInline flag is no longer used. This flag was added for
inlining some of the javascript builtins. They are now ported to
TurboFan builtins. This cl removes SetForceInline runtime function
and the corresponding bits in the SharedFunctionInfo. Also update
inlining heuristics to not look for this bit.

Bug: v8:6682
Change-Id: Ie8df9648332b765a556e24609c38b4e55b810527
Reviewed-on: https://chromium-review.googlesource.com/668436
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48065}
2017-09-18 13:36:16 +00:00
Jaroslav Sevcik
d6ff08223b Revert "[turbofan] Temporarily turn off escape analysis."
This reverts commit 2b15425b0c.

Reason for revert: Re-enabling escape analysis after merging the flag change to 6.1.

Original change's description:
> [turbofan] Temporarily turn off escape analysis.
> 
> Bug: chromium:765433
> Change-Id: Iecc9540f6305bc24a0a5210c149b55403b9ce09d
> Reviewed-on: https://chromium-review.googlesource.com/667106
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48032}

TBR=mstarzinger@chromium.org,jarin@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: chromium:765433
Change-Id: Icac44fd76e2965df1e143700941b628ea7a69166
Reviewed-on: https://chromium-review.googlesource.com/670864
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48064}
2017-09-18 12:16:36 +00:00
Peter Marshall
b6849fc898 [build] Remove unused runtime flag for typed array size threshold.
This is now implemented as a build-time flag.

Change-Id: I10db18725ca6837ae04032725582717233b2c2e5
Reviewed-on: https://chromium-review.googlesource.com/670728
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48063}
2017-09-18 12:03:56 +00:00
Michael Hablich
4fc43530a7 Revert "[Memory] Move VirtualMemory out of base:: platform."
This reverts commit 4dd293d922.

Reason for revert: Blocks roll: https://chromium-review.googlesource.com/c/chromium/src/+/669785

Original change's description:
> [Memory] Move VirtualMemory out of base:: platform.
> 
> - Moves base::VirtualMemory to v8::internal::VirtualMemory.
> - Makes VirtualMemory platform-independent by moving internals to new
>   OS:: static methods, for each platform.
> 
> This will make it easier to delegate memory management in VirtualMemory
> to V8::Platform, so that embedders like Blink can override it. We can't
> depend on V8::Platform in base/platform.
> 
> Bug: chromium:756050
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: Iadfe230b6850bd917727a373f277afded9883adf
> Reviewed-on: https://chromium-review.googlesource.com/653214
> Commit-Queue: Bill Budge <bbudge@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48048}

TBR=bbudge@chromium.org,ulan@chromium.org,hpayer@chromium.org,mlippautz@chromium.org,scottmg@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: chromium:756050
Change-Id: Ice2618ef72950e1b64c31434a239c626aa5e5970
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/670843
Reviewed-by: Michael Hablich <hablich@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Hablich <hablich@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48062}
2017-09-18 10:13:26 +00:00
Ulan Degenbaev
75877ddb7b [heap] Do not unmap large pages before evacuation.
See https://bugs.chromium.org/p/chromium/issues/detail?id=762677#c12 for
the description of the bug.

Bug: chromium:762677
TBR: mlippautz@chromium.org
Change-Id: If5c4c2c15f2403d336edf34d10679521397db75c
Reviewed-on: https://chromium-review.googlesource.com/670823
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48061}
2017-09-18 09:39:16 +00:00
Juliana Franco
596d55adf6 Deoptimization and multithreading.
When using Lockers and Unlockers it is possible to create a
scenario where multiple threads point to the same optimized
code object. When that happens, if one of the threads triggers
deoptimization, then the stack replacement needs to happen in
the stacks of all threads.
With this CL, the deoptimizer visits all threads to do so.
The CL also adds three tests where V8 used to crash due to this
issue.

Bug: v8:6563
Change-Id: I74e9af472d4833aa8d13e579df45133791f6a503
Reviewed-on: https://chromium-review.googlesource.com/670783
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Juliana Patricia Vicente Franco <jupvfranco@google.com>
Cr-Commit-Position: refs/heads/master@{#48060}
2017-09-18 09:23:16 +00:00
Michael Hablich
8c89502008 Revert "fuchsia: Set up for 3-sided roll to convert Magenta->Zircon"
This reverts commit aabb893a32.

Reason for revert: blocks roll https://chromium-review.googlesource.com/c/chromium/src/+/669540; Fix has not landed yet: https://chromium-review.googlesource.com/c/v8/v8/+/670280

Original change's description:
> fuchsia: Set up for 3-sided roll to convert Magenta->Zircon
> 
> Fuchsia changed their kernel name from Magenta to Zircon and all the
> functions and defines along with it. In order to be able to roll the SDK
> in Chromium, we first need to land with this define added in v8, so that
> can roll in to Chromium, then roll the Fuchsia SDK with this magic
> define set (CHROMIUM_ROLLING_MAGENTA_TO_ZIRCON), then actually update v8
> to reference zx_ instead of mx_ and roll that again.
> 
> Chromium-side for reference: https://chromium-review.googlesource.com/c/chromium/src/+/669139
> 
> Bug: chromium:765754, chromium:707030
> Change-Id: I4ed5027f455d2346f431e7c700e87693348d5b79
> Reviewed-on: https://chromium-review.googlesource.com/668751
> Reviewed-by: Bill Budge <bbudge@chromium.org>
> Commit-Queue: Scott Graham <scottmg@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48047}

TBR=bbudge@chromium.org,scottmg@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: chromium:765754, chromium:707030
Change-Id: Ic1563b10a69372a0946ee9eacc8a2d21eb3ee302
Reviewed-on: https://chromium-review.googlesource.com/670619
Reviewed-by: Michael Hablich <hablich@chromium.org>
Commit-Queue: Michael Hablich <hablich@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48059}
2017-09-18 07:58:14 +00:00
Sathya Gunasekaran
9de3fe2ebf [ESnext] Ship Promise.prototype.finally
Bug: v8:5967
Change-Id: I7fe03ea6270434e2c798ee8faec8d7170607ceea
Reviewed-on: https://chromium-review.googlesource.com/670419
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48058}
2017-09-18 07:26:24 +00:00
Daniel Bevenius
70efab1b65 Make CurrentContext return Handle<Context>::null
I noticed that ScopeIterator::CurrentContext returns an empty Handle
whereas functions like ScopeIterator::CurrentScopeInfo call
Handle<Context>::null() instead. This commit suggests changing this for
consistency.

Bug: 
Change-Id: I8735d655a8c0affeb6a18e74efe0d33bf6d5e899
Reviewed-on: https://chromium-review.googlesource.com/668440
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48057}
2017-09-17 18:55:49 +00:00
peterwmwong
8dfdeae0f1 [builtins] Convert String HTML functions (ex. anchor, big, bold) to CSA
- Added TFJ builtins for S.p.{anchor, big, blink, bold, fontcolor,
      fontsize, fixed, italics, link, small, strike, sub, sup}
  - Removed functionality from string.js

Bug: v8:5049
Change-Id: I3a91b52eaceef5c47bb55ed62780d72ef1e802e9
Reviewed-on: https://chromium-review.googlesource.com/666487
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48056}
2017-09-16 07:18:32 +00:00
Mircea Trofin
3d046986f0 Revert "Revert "[wasm] A simple allocator datastructure for off-the heap""
This reverts commit ee5c31f335.

Reason for revert: Fixed compiler failure

Original change's description:
> Revert "[wasm] A simple allocator datastructure for off-the heap"
> 
> This reverts commit 110d9ab005.
> 
> Reason for revert: https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20-%20debug%20builder/builds/26607
> 
> Surprising we're seeing a failure on Linux 64 *after* CQ. Is the compiler there different?
> 
> Original change's description:
> > [wasm] A simple allocator datastructure for off-the heap
> > 
> > We'll use this allocator in a follow-up CL to:
> > - allocate speculative sizes of memory for a module that's being
> > compiled (e.g. 2*size of wasm code).
> > - each module will own such a sub-pool, and then use it to allocate
> > contiguous chunks of memory for code.
> > 
> > The underlying assumptions for the chosen allocation strategy is that:
> > - the allocation granularity for pools is 1 page, so that no one page
> > is owned by more than one wasm module
> > - typical pool sizes (given module sizes) are multiple pages.
> > - modules and module instances are typically few and long lived. Typically,
> > we expect one module and one instance. 
> > 
> > This means we shouldn't expect fragmentations that lead to code being
> > non-allocatable, or prohibitively many ranges.
> > 
> > The data structure just manages ranges of addresses. Virtual memory management
> > will be separate, as part of the responsibility of a "WasmHeap"
> > that will be introduced in the future. So will concurrency control.
> > 
> > Bug: 
> > Change-Id: Id99f46d10c25553b013054d994760f3c2a737c39
> > Reviewed-on: https://chromium-review.googlesource.com/669296
> > Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
> > Reviewed-by: Eric Holk <eholk@chromium.org>
> > Reviewed-by: Brad Nelson <bradnelson@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#48053}
> 
> TBR=bradnelson@chromium.org,mtrofin@chromium.org,eholk@chromium.org
> 
> Change-Id: Id82fa341b77624e4971f24c4757a9a666a65930c
> No-Presubmit: true
> No-Tree-Checks: true
> No-Try: true
> Reviewed-on: https://chromium-review.googlesource.com/670141
> Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
> Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48054}

TBR=bradnelson@chromium.org,mtrofin@chromium.org,eholk@chromium.org

Change-Id: Ib6a7a3e6098d2689e60cdca85ec77e57e5295e48
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/670142
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48055}
2017-09-16 05:23:35 +00:00
Mircea Trofin
ee5c31f335 Revert "[wasm] A simple allocator datastructure for off-the heap"
This reverts commit 110d9ab005.

Reason for revert: https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20-%20debug%20builder/builds/26607

Surprising we're seeing a failure on Linux 64 *after* CQ. Is the compiler there different?

Original change's description:
> [wasm] A simple allocator datastructure for off-the heap
> 
> We'll use this allocator in a follow-up CL to:
> - allocate speculative sizes of memory for a module that's being
> compiled (e.g. 2*size of wasm code).
> - each module will own such a sub-pool, and then use it to allocate
> contiguous chunks of memory for code.
> 
> The underlying assumptions for the chosen allocation strategy is that:
> - the allocation granularity for pools is 1 page, so that no one page
> is owned by more than one wasm module
> - typical pool sizes (given module sizes) are multiple pages.
> - modules and module instances are typically few and long lived. Typically,
> we expect one module and one instance. 
> 
> This means we shouldn't expect fragmentations that lead to code being
> non-allocatable, or prohibitively many ranges.
> 
> The data structure just manages ranges of addresses. Virtual memory management
> will be separate, as part of the responsibility of a "WasmHeap"
> that will be introduced in the future. So will concurrency control.
> 
> Bug: 
> Change-Id: Id99f46d10c25553b013054d994760f3c2a737c39
> Reviewed-on: https://chromium-review.googlesource.com/669296
> Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
> Reviewed-by: Eric Holk <eholk@chromium.org>
> Reviewed-by: Brad Nelson <bradnelson@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48053}

TBR=bradnelson@chromium.org,mtrofin@chromium.org,eholk@chromium.org

Change-Id: Id82fa341b77624e4971f24c4757a9a666a65930c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/670141
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48054}
2017-09-16 05:11:24 +00:00
Mircea Trofin
110d9ab005 [wasm] A simple allocator datastructure for off-the heap
We'll use this allocator in a follow-up CL to:
- allocate speculative sizes of memory for a module that's being
compiled (e.g. 2*size of wasm code).
- each module will own such a sub-pool, and then use it to allocate
contiguous chunks of memory for code.

The underlying assumptions for the chosen allocation strategy is that:
- the allocation granularity for pools is 1 page, so that no one page
is owned by more than one wasm module
- typical pool sizes (given module sizes) are multiple pages.
- modules and module instances are typically few and long lived. Typically,
we expect one module and one instance. 

This means we shouldn't expect fragmentations that lead to code being
non-allocatable, or prohibitively many ranges.

The data structure just manages ranges of addresses. Virtual memory management
will be separate, as part of the responsibility of a "WasmHeap"
that will be introduced in the future. So will concurrency control.

Bug: 
Change-Id: Id99f46d10c25553b013054d994760f3c2a737c39
Reviewed-on: https://chromium-review.googlesource.com/669296
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Reviewed-by: Eric Holk <eholk@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48053}
2017-09-16 04:53:11 +00:00
Ali Ijaz Sheikh
258f270f15 Revert "[profiler] proper observation of old space inline allocations"
This reverts commit 672a41c3ca.

Reason for revert: Linux64 TSAN bot failures

Original change's description:
> [profiler] proper observation of old space inline allocations
> 
> Bug: chromium:633920
> Change-Id: I9a2f4a89f6b9c0f63cb3b166b06a88a12f0a203c
> Reviewed-on: https://chromium-review.googlesource.com/631696
> Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48043}

TBR=ulan@chromium.org,mlippautz@chromium.org,ofrobots@google.com

Change-Id: Ib71baf69b29b067fa0ba76027170054b8faa78d3
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:633920
Reviewed-on: https://chromium-review.googlesource.com/669559
Reviewed-by: Ali Ijaz Sheikh <ofrobots@google.com>
Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
Cr-Commit-Position: refs/heads/master@{#48052}
2017-09-15 20:38:18 +00:00