Commit Graph

41678 Commits

Author SHA1 Message Date
Ulan Degenbaev
35f9b26601 [heap] De-duplicate insertions to the old-to-new remembered set.
Bug: v8:6663
Change-Id: I8bf7169c21141a34e3bcb0bb2193ceb1746b33b2
Reviewed-on: https://chromium-review.googlesource.com/600908
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47186}
2017-08-07 09:09:32 +00:00
Michaël Zasso
cfb019f528 [cleanup] Remove unused runtime function
The ThrowIllegalInvocation runtime function is not used anywhere.

Bug: 
Change-Id: I1bb5386e917f0a4ff787a071cef5e13a3f85ee30
Reviewed-on: https://chromium-review.googlesource.com/600230
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47185}
2017-08-07 09:05:32 +00:00
Ulan Degenbaev
a90f361fdc [heap] Speed up Worklist::IsGlobalPoolEmpty check.
This patch makes the check lock-free. When concurrent marking is on,
the main thread checks two marking worklist: bailout and shared.

Often the bailout worklist empty, so the emptiness check is in hot path.

Bug: chromium:694255
TBR: mlippautz@chromium.org
Change-Id: I5c92ea3fb6c5300d653fbd27b536241851231f24
Reviewed-on: https://chromium-review.googlesource.com/602351
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47184}
2017-08-07 09:00:53 +00:00
jgruber
668d892775 [string] Fast-path in indexOf for subject == search
If the subject string is a string, it's pointer-equal to the search
string, and position <= 0, then we can simply return 0 and skip
all other logic in String.p.indexOf.

Further context at:
https://twitter.com/hashseed/status/893539117367271425

Bug: 
Change-Id: I93ce724f0ade6332599ba395fe8c662a28f05ade
Reviewed-on: https://chromium-review.googlesource.com/602214
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47183}
2017-08-07 08:52:50 +00:00
Ulan Degenbaev
82202251b4 [heap] Improve concurrent marking pausing protocol.
This patch allows the concurrent marker to process more objects before
checking for the interrupt request from the main thread.

Bug: chromium:694255
TBR: mlippautz@chromium.org
Change-Id: I876d3156ca9843196f2fdddbd8bd28d1a3f472b1
Reviewed-on: https://chromium-review.googlesource.com/602131
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47182}
2017-08-07 08:49:00 +00:00
Ben L. Titzer
dc34289bae Simplifications to frames.h and frames.cc.
Move unnecessarily public methods from frames.h into .cc file.
Remove dead StackFrame::SetCallerFp().

R=mstarzinger@chromium.org

Bug: 
Change-Id: I7b66a430cfb01bb38046c9e92f504134ba8316a3
Reviewed-on: https://chromium-review.googlesource.com/602271
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47181}
2017-08-07 08:38:20 +00:00
v8-autoroll
d3d074e12a Update V8 DEPS.
Rolling v8/tools/clang: ec00334..7770b47

TBR=machenbach@chromium.org,hablich@chromium.org

Change-Id: Ib4ad4ffc4ecd2c8a2bd89292c16cadab4653091e
Reviewed-on: https://chromium-review.googlesource.com/603155
Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47180}
2017-08-07 03:43:14 +00:00
v8-autoroll
b2cca604ec Update V8 DEPS.
Rolling v8/third_party/catapult: 0fb50e3..33a9271

TBR=machenbach@chromium.org,hablich@chromium.org

Change-Id: I267dd8e245167659ccb9bc609edf2effbe7ca50a
Reviewed-on: https://chromium-review.googlesource.com/602643
Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47179}
2017-08-06 03:43:37 +00:00
v8-autoroll
90e8624ea0 Update V8 DEPS.
Rolling v8/build: 4736539..181c098

Rolling v8/buildtools: 275b8c4..f4bcb07

Rolling v8/third_party/catapult: a62e07f..0fb50e3

TBR=machenbach@chromium.org,hablich@chromium.org

Change-Id: I8f16db339cb3b16a15895cef4dbd2017d86d07d6
Reviewed-on: https://chromium-review.googlesource.com/602971
Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47178}
2017-08-05 03:49:15 +00:00
Aseem Garg
649b1e70e7 [wasm] Reland "[wasm] redirect wasm calls to js functions through a GCed table"
This reverts commit 25f03308a7.

Reason for revert: Fix the cause of bot failure and reland

Original change's description:
> Revert "[wasm] redirect wasm calls to js functions through a GCed table"
> 
> This reverts commit eb65f35e96.
> 
> Reason for revert: Broke jetstream benchmark on android.
> 
> BUG=chromium:750828
> 
> Original change's description:
> > [wasm] redirect wasm calls to js functions through a GCed table
> > 
> > With this patch, rather than embedding the JSReceiver address directly
> > in the WasmToJS wrappers, we put that in a fixed array with global handle
> > scope and instead embed the location of the handle and the index in the
> > wrapper. This ensures that the wrapper doesn't need to be patched if the
> > GC kicks in. This is needed to get the WASM code off the GCed heap.
> > 
> > R=​mtrofin@chromium.org
> > 
> > Bug: 
> > Change-Id: Ie5a77a78cdecec51b04f702c63b8e4285e6a2d8d
> > Reviewed-on: https://chromium-review.googlesource.com/581682
> > Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
> > Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#46884}
> 
> TBR=mtrofin@chromium.org,aseemgarg@google.com,aseemgarg@chromium.org,clemensh@chromium.org
> 
> # Not skipping CQ checks because original CL landed > 1 day ago.
> 
> Change-Id: I26f49ee0a1fe73cc5d8852ded87b56638be39ebf
> Reviewed-on: https://chromium-review.googlesource.com/596268
> Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47059}

R=mtrofin@chromium.org,aseemgarg@google.com,aseemgarg@chromium.org,clemensh@chromium.org,sullivan@chromium.org

Change-Id: I29ef35f6e612a706d9f571da3e7beb1da8b5052b
Bug: chromium:750828
Reviewed-on: https://chromium-review.googlesource.com/597010
Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47177}
2017-08-05 01:57:25 +00:00
Eric Holk
57af86a16e [wasm] Add counter for time spent executing Wasm
Bug: v8:6514
Change-Id: Ifda1b80a80fc0b077e982005d9493e0fe7ced471
Reviewed-on: https://chromium-review.googlesource.com/599021
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47176}
2017-08-05 00:43:45 +00:00
Adam Klein
51fa1d9168 Mark mjsunit/wasm/atomics as slow on arm64
It started timing out on trybots after commit
575ec86335.

Tbr: gdeepti@chromium.org
Change-Id: Iab025ccbce15a6c9f978b737f064695d11704c93
Reviewed-on: https://chromium-review.googlesource.com/602990
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47175}
2017-08-04 23:59:06 +00:00
Bill Budge
93d84f28d6 Revert "[Memory] Experiment to try using regular version of 'new T[]'."
This reverts commit bec2b4d267.

Reason for revert: NewArrayOOM fails.

Original change's description:
> [Memory] Experiment to try using regular version of 'new T[]'.
> 
> - Use normal new, vs. nothrow new.
> - Modify NewArray to have only 1 invocation of new.
> 
> Bug: chromium:752056
> Change-Id: I1a2fb3626264b1bf647af9227d55e9b54e44e8b6
> Reviewed-on: https://chromium-review.googlesource.com/600895
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Bill Budge <bbudge@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47173}

TBR=bbudge@chromium.org,mlippautz@chromium.org

Change-Id: I881f3b75209714d11d93fae6268171ffa9cc47a1
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:752056
Reviewed-on: https://chromium-review.googlesource.com/602847
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47174}
2017-08-04 20:29:09 +00:00
Bill Budge
bec2b4d267 [Memory] Experiment to try using regular version of 'new T[]'.
- Use normal new, vs. nothrow new.
- Modify NewArray to have only 1 invocation of new.

Bug: chromium:752056
Change-Id: I1a2fb3626264b1bf647af9227d55e9b54e44e8b6
Reviewed-on: https://chromium-review.googlesource.com/600895
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47173}
2017-08-04 19:08:22 +00:00
Deepti Gandluri
575ec86335 [wasm] Implement atomic logical BinOps
- Implemented ops: I32AtomicAnd, I32AtomicAnd8U, I32AtomicAnd16U, I32AtomicOr,
 I32AtomicOr8U, I32AtomicOr16U, I32AtomicXor, I32AtomicXor8U, I32AtomicXor16U
 - Refactor wasm-compiler AtomicOp to use macros
 - Tests

Bug:V8:6532

R=binji@chromium.org, bbudge@chromium.org, bradnelson@chromium.org

Change-Id: I7e4dc8ad8cf3e211c3aef721a02778f2a4621322
Reviewed-on: https://chromium-review.googlesource.com/600539
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47172}
2017-08-04 19:04:12 +00:00
Adam Klein
946f78a0ad [parsing] Add a UseCounter for labeled expression statements
This was suggested by bmeurer after running into the confusing
example of:

  x => {x:x}

which might appear to be an arrow function that returns an object
literal containing its argument, but instead is an arrow function
that does nothing.

While it's unclear whether the language would change to make this
probable programmer error an actual syntax error, we can at least
gather some data on the question of whether we see any such code
in the wild.

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I08202039ecf7a7a4c71ad95ecd839436b4ec2af8
Reviewed-on: https://chromium-review.googlesource.com/600888
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47171}
2017-08-04 18:51:54 +00:00
Marja Hölttä
e7a46253f2 [parser] Skipping inner funcs: implement a bailout.
In some cases, PreParser cannot replicate the Scope structure created by
Parser. It happens esp. with arrow function parameters, since the relevant
information is already lost by the time we figure out it's an arrow function.

In these cases, PreParser should bail out of trying to create data for skipping
inner functions.

Implementation notes:

- The arrow function case is more fundamental; the non-arrow case could be
  hacked together somehow if we implemented tracking is_simple for each param
  separately; but now that it's possible to bail out consistently from both
  cases, I don't think the is_simple complication is worth it.

- The added mjsunit test cases are based on the test262 test cases which exposed
  the problem.

- cctest/preparser/PreParserScopeAnalysis was exercising similar cases, but the
  problem didn't show up because the function parameters didn't contain
  skippable functions. Those test cases have been repurposed for testing the
  bailout.

- Extra precaution: the bailout tests are in a separate file, to guard from the
  bug that a bailout case results in bailing out of *all* data creation, which
  would make all skipping tests in the same file useless.

BUG=v8:5516

Change-Id: I4324749a5ec602fa5d7dc27647ade0284a6842fe
Reviewed-on: https://chromium-review.googlesource.com/599849
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47170}
2017-08-04 18:22:32 +00:00
Adam Klein
28f25699ab [parser] Various cleanup for async function parsing
This patch removes a few unnecessary bits of async function
parsing (the PrepareAsyncFunctionBody() helper method, the
FunctionBodyType enum) by doing separate handling of
block and single-expression async arrow functions.

Change-Id: I64f837635a23eaf06d42887ca7f9ac59c768f0f2
Reviewed-on: https://chromium-review.googlesource.com/601247
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47169}
2017-08-04 17:46:13 +00:00
Karl Schimpf
fe0323d4a4 Fix counting number of functions in Wasm Modules
This CL moves the recording of the number of functions in a Wasm
module to the size read in the "functions" section of the module. The
advantage is that all modules read this section once, making it a good
target for collecting the data.

The previous code was also broken because in one code path, it did not
distinguish between asm.js and Wasm modules.

Bug: v8:6361
Change-Id: I6c49e91975c1730608e791036d15622d538bce77
Reviewed-on: https://chromium-review.googlesource.com/600837
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Karl Schimpf <kschimpf@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47168}
2017-08-04 14:48:08 +00:00
Ivica Bogosavljevic
46c89e66a6 Fix compilation failure on big-endian
Fix 0caf1d2029

Bug: 
Change-Id: I275417e8236ef0ee2cc6fef188585b0b786d8a05
Reviewed-on: https://chromium-review.googlesource.com/602268
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@imgtec.com>
Cr-Commit-Position: refs/heads/master@{#47167}
2017-08-04 13:44:38 +00:00
Clemens Hammacher
f677b27b20 [wasm] Generate unlowered graph for interpreter entry
And then lower it afterwards. This is more future-proof for
multi-return values.

R=titzer@chromium.org
CC=​rossberg@chromium.org

Bug: v8:6672
Change-Id: I6505b049275360c32530992c1db8765254b405c1
Reviewed-on: https://chromium-review.googlesource.com/602036
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47166}
2017-08-04 12:42:58 +00:00
Jaroslav Sevcik
aaac2f8e66 [Test] Test case for the GC failure with non-patching lazy deopt.
Bug: v8:6563
Change-Id: Id4578b90133ef4a6797233ff0e859ddc3dfbb54f
Reviewed-on: https://chromium-review.googlesource.com/599848
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47165}
2017-08-04 12:34:47 +00:00
jgruber
1081720532 [regexp] Limit ATOM regexps to patterns length <= 2
This is a modified reland of 062bb7d487

There's an inherent trade-off when deciding between ATOM and IRREGEXP
regexps: IRREGEXP is faster at runtime for all but trivial short
patterns, while ATOM regexps have a lower memory overhead.

This CL is intended to help investigate impact on benchmarks and real-world
code - if something tanks, it's easy to revert, otherwise it can be a first
step towards a possible removal of ATOM regexps.

Bug: v8:6633
Change-Id: I8d946a7cbb398d4987b47ecba24c9faa88788d0d
Reviewed-on: https://chromium-review.googlesource.com/599910
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47164}
2017-08-04 12:18:47 +00:00
Juliana Franco
ea0e1e21ec Fixing failure on GC stress.
This bug was introduced by the CL
https://chromium-review.googlesource.com/c/586707

With these changes we make sure that the object being deoptimized 
does not point to code objects that have been already collected. 
The CL https://chromium-review.googlesource.com/c/596027 did not
fix this problem because we were only invalidating embedded objects
reachable from the stack, however it is possible that there are some 
dangling references in objects not on the stack. Thus we consider 
all the optimized code objects that are marked for deoptimization.

Bug: v8:751825
Change-Id: I3a6410c2bf556fa254c54a25e1f49d7356b9e51d
Reviewed-on: https://chromium-review.googlesource.com/601967
Commit-Queue: Juliana Patricia Vicente Franco <jupvfranco@google.com>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47163}
2017-08-04 12:13:58 +00:00
Clemens Hammacher
fd87a3c423 [wasm] Remove redundant parameter
The signature is already set on the {WasmGraphBuilder}, so we don't
need to pass it again to the {Build*} functions.

R=titzer@chromium.org

Change-Id: I21e93f78211e84a9960b3fd5dffc1c94778b85e5
Reviewed-on: https://chromium-review.googlesource.com/602034
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47162}
2017-08-04 11:41:34 +00:00
Tobias Tebbi
943651b789 Revert "Reland "[turbofan] enable new implementation of escape analysis""
This reverts commit 40a9eabc44.

Reason for revert: https://bugs.chromium.org/p/chromium/issues/detail?id=752438

Original change's description:
> Reland "[turbofan] enable new implementation of escape analysis"
> 
> This is a reland of a6c3f14374
> Original change's description:
> > [turbofan] enable new implementation of escape analysis
> > 
> > Bug: 
> > Change-Id: I0218ab67bf391deb8f1b1b78811643eb84745b7c
> > Reviewed-on: https://chromium-review.googlesource.com/595508
> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#47032}
> 
> Change-Id: Ide3d11f4b25eae2bbcaca9fc3cdb983d73ba846c
> Reviewed-on: https://chromium-review.googlesource.com/599827
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47121}

TBR=jarin@chromium.org,tebbi@chromium.org

Change-Id: I3b700fb92265c7e27c009a5371038bc25619d37f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/602067
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47161}
2017-08-04 11:04:17 +00:00
Ross McIlroy
e91b96922e [Compiler] Move construction of CompilationInfo into GenerateUnoptimizedCode
Moves the construction of CompilationInfo for unoptimized code into
GenerateUnoptimizedCode in preparation for making it owned by the
unoptimized compilation jobs (to be done in a followup CL).

This CL also adds a new constructor for creation of unoptimized
CompilationInfos with fields correctly initialized and updates the existing
constructor to he exclusively for optimized compilation. Finally, also moves
the call to RecordFunctionCompilation with LAZY_COMPILE_TAG recording into
FinalizeUnoptimizedCompilationJob where it is called for other unoptimized
compiles.

BUG=v8:5203,v8:6659

Change-Id: Icfd7f56588073f2fc547e002db9fa99843ed2e8b
Reviewed-on: https://chromium-review.googlesource.com/598908
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47160}
2017-08-04 09:58:04 +00:00
Maya Lekova
15ef03cbf3 Reland "[builtins] Port getting property from Proxy to CSA"
This reland is after fix in [heap] Delete wrong DCHECK.
It includes moving ProxyGetProperty to its own stub to reduce
binary size.

This is a reland of 47a97aa53b
Original change's description:
> [builtins] Port getting property from Proxy to CSA
> 
> Bug: v8:6559, v8:6557
> Change-Id: If6c51f5483adb73ddd2495cede5d85e887a3c298
> Reviewed-on: https://chromium-review.googlesource.com/589212
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Maya Lekova <mslekova@google.com>
> Cr-Commit-Position: refs/heads/master@{#47113}

Bug: v8:6559, v8:6557
Change-Id: I76acd97ba1acb62b7e7983db1741441d997050f0
Reviewed-on: https://chromium-review.googlesource.com/600215
Commit-Queue: Maya Lekova <mslekova@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Franziska Hinkelmann <franzih@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47159}
2017-08-04 09:30:45 +00:00
Benedikt Meurer
448a1d4bb5 [ic] Drop Array constructor support from CallIC.
Calling the Array constructor is an edge case, and we don't seem to
benefit from doing the AllocationSite tracking there as well. In fact
it's a lot of complexity and somewhat blocking the more important 
optimization of the subclass constructors.

This is an attempt to nuke the CallIC support for AllocationSites. If
it regresses something important, we'll have to find another way.

Bug: v8:6399
Change-Id: I56f6da29679c516f0a5c3161c2696fc2b8762176
Reviewed-on: https://chromium-review.googlesource.com/600968
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47158}
2017-08-04 09:22:14 +00:00
Clemens Hammacher
ea82e09611 [wasm] Limit output length of user-provided strings
In order to limit the overall length of error message, limit the output
of string provided by the user. This is implemented by a helper class
which takes the maximum length as template argument and has simple
accessors for the start address and the length of the truncated string.

This is the compromise CL after
https://chromium-review.googlesource.com/c/566815 and
https://chromium-review.googlesource.com/c/594288.

R=titzer@chromium.org

Bug: chromium:740023, chromium:749041, v8:6634
Change-Id: I7c154eb18b3a6befd5ecabbd2f435b015ad71542
Reviewed-on: https://chromium-review.googlesource.com/600547
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47157}
2017-08-04 09:20:34 +00:00
Michael Starzinger
b329b24986 [builtins] Fix missing check in Array.prototype.filter.
This fixes a missing fast-path check in the code-stub implementation of
the {Array.prototype.filter} method. Appending to the target JSArray is
only correct if the underlying length did not change.

R=jgruber@chromium.org
TEST=mjsunit/regress/regress-6657
BUG=v8:6657

Change-Id: Ida8d3511485b649b70d9a4b161742d494ebe4dac
Reviewed-on: https://chromium-review.googlesource.com/600467
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47156}
2017-08-04 08:55:15 +00:00
Ulan Degenbaev
56f392292c [heap] Enable compaction for concurrent marking.
Bug: chromium:694255
Change-Id: Id1ae4eb069a4ba79a35f1bb6b2bc2b1c445edb96
Reviewed-on: https://chromium-review.googlesource.com/600969
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47155}
2017-08-04 08:22:53 +00:00
Ben L. Titzer
74fdd401de [iwyu] Fewer uses of frames.h and frames-inl.h
Remove the include of frames.h in isolate.h and the include of
frames-inl.h from various places, e.g. architecture-specific builtin
files.

R=yangguo@chromium.org

Bug: 
Change-Id: If8d13188474702fd0b0c298f8e45ef393184b877
Reviewed-on: https://chromium-review.googlesource.com/600212
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47154}
2017-08-04 08:03:25 +00:00
Ulan Degenbaev
4598d17ac6 [heap] Replace compile time flag with runtime flag for parts of
concurrent marker.

Bug: chromium:694255
Change-Id: I973ba8df7a4afc5f58ede02f3f6d043cf7038784
Reviewed-on: https://chromium-review.googlesource.com/600970
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47153}
2017-08-04 07:58:12 +00:00
Yang Guo
9dc7201c73 Do not leak memory in base::OS::FOpen.
R=petermarshall@chromium.org

Change-Id: Ie62129f39e1085a94737406dc07b07e359294c4e
Reviewed-on: https://chromium-review.googlesource.com/599813
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47152}
2017-08-04 05:21:05 +00:00
v8-autoroll
0b0ee00153 Update V8 DEPS.
Rolling v8/build: 6a89d4e..4736539

Rolling v8/third_party/catapult: c8c5d6b..a62e07f

TBR=machenbach@chromium.org,hablich@chromium.org

Change-Id: I9b54d11ef4f0d14b098f47d6257403d976faa419
Reviewed-on: https://chromium-review.googlesource.com/601551
Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47151}
2017-08-04 03:38:24 +00:00
Jakob Kummerow
05e862f783 Cache StoreIC-Transition handlers
extending existing transition target storage (so both inline storage
on the map, and the "target" slots in TransitionArrays are supported).

Change-Id: Ib360b9755b8ca5f08bc3a25dd27833f348badaf4
Reviewed-on: https://chromium-review.googlesource.com/584192
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47150}
2017-08-04 01:27:42 +00:00
Tobias Tebbi
0caf1d2029 [csa] Add C++ compile time type checks to CSA.
Bug: 
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I2e1b36303f8b9ad4a3dc4e488123e6e4ce8b02ec
Reviewed-on: https://chromium-review.googlesource.com/533033
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47149}
2017-08-04 01:09:24 +00:00
Deepti Gandluri
9735d7f109 [wasm] Fix link error messages to be more indicative of the actual error
R=mtrofin@chromium.org

Change-Id: I665065b7e1161bcef6315a03083437410c574755
Reviewed-on: https://chromium-review.googlesource.com/601174
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47148}
2017-08-03 22:49:32 +00:00
Karl Schimpf
8b865c8db4 Make sure function size UMA stat is collected.
This fixes the collection of function sizes (see comment #1 of
v8:6361).  This was done by adding a wrapper function around
VerifyWasmCode() that updates UMA stats for function size (as well as
decode time when validating).

Bug: v8:6361
Change-Id: Ia2597db22cbed5b0429d9c8514e96cdea5d7323a
Reviewed-on: https://chromium-review.googlesource.com/600530
Commit-Queue: Karl Schimpf <kschimpf@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47147}
2017-08-03 19:57:36 +00:00
Karl Schimpf
c6b8b4b56c Subdivide compile time for asm/wasm functions.
Collect compile time separately for asm.js and Wasm functions.

Note: Dependent on CL https://chromium-review.googlesource.com/c/598542

Bug: v8:6361
Change-Id: I77c43b663cb66261f17bca73db03ab1a4af5e11d
Reviewed-on: https://chromium-review.googlesource.com/598930
Commit-Queue: Karl Schimpf <kschimpf@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47146}
2017-08-03 19:56:31 +00:00
Anisha Rohra
2fd5e70a03 PPC: Split frame-constants.h out of frames.h to reduce transitive includes.
Port 4b0099a477

R=mstarzinger@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, bjaideep@ca.ibm.com
BUG=
LOG=N

Change-Id: I4be5357b265ca970a8d1a0db41ddc73ff47bffdc
Reviewed-on: https://chromium-review.googlesource.com/600512
Reviewed-by: Jaideep Bajwa <bjaideep@ca.ibm.com>
Commit-Queue: Jaideep Bajwa <bjaideep@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#47145}
2017-08-03 19:36:02 +00:00
Ulan Degenbaev
01113cb18b [heap] Remove unused GC idle time histograms.
This patch removes tracking of
- V8.GCIdleTimeAllottedInMS
- V8.GCIdleTimeLimit.Overshot
- V8.GCIdleTimeLimit.Undershot

BUG=chromium:751045

Change-Id: Iccaa0fff609d3caa4cf38ebcc8aca7cdca33c442
Reviewed-on: https://chromium-review.googlesource.com/595588
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47144}
2017-08-03 19:14:41 +00:00
Adam Klein
b097fdf462 Fix runtime-interpreter.cc build after 7d38ee30
Change-Id: Ic9da54513d92736899ce8ad67a5e588011314640
Reviewed-on: https://chromium-review.googlesource.com/600988
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47143}
2017-08-03 19:08:21 +00:00
Ulan Degenbaev
e625f4b66d [heap] Fix InvalidatedSlotsFilter.
On advancing the iterator we need to reset the current object,
so that it can be lazily reloaded later on.

TBR=mlippautz@chromium.org

Bug: chromium:694255
Change-Id: If7ddd8670df9d11837f491503312919b55b451fe
Reviewed-on: https://chromium-review.googlesource.com/600687
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47142}
2017-08-03 18:27:42 +00:00
Ben Smith
adc4704ce9 [d8] Fix PrepareTransfer call w/ non-ArrayBuffer
Make sure to fail PrepareTransfer when the transferables array contains
a non-ArrayBuffer, otherwise the function leaks a scheduled_exception.

Bug: chromium:736565
Change-Id: I64c2e09eb92720519c7bda2dca41749ff5ac9c8d
Reviewed-on: https://chromium-review.googlesource.com/599357
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47141}
2017-08-03 17:56:03 +00:00
Andreas Rossberg
a3bc098e74 [wasm] Turn instance exports into an accessor
R=titzer@chromium.org

Bug: 
Change-Id: I2710aa5605bf2a26b6f86db98338dd54b6b87d2a
Reviewed-on: https://chromium-review.googlesource.com/600235
Commit-Queue: Andreas Rossberg <rossberg@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47140}
2017-08-03 16:49:21 +00:00
Andreas Rossberg
5614747680 [wasm] Fix index range checking in table accessors
R=titzer@chromium.org

Bug: 
Change-Id: Ib1a13b5131ec1b5a155c893de3c5ceb376bd33a3
Reviewed-on: https://chromium-review.googlesource.com/600227
Commit-Queue: Andreas Rossberg <rossberg@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47139}
2017-08-03 16:11:42 +00:00
Clemens Hammacher
292cc3365a [wasm] Make WasmModule* in ModuleEnv non-const
We need to modify that module, e.g. to add signatures to the signature
maps. Hence it cannot be const.

R=titzer@chromium.org
CC=mtrofin@chromium.org

Change-Id: I261af5b4233a0b2ec8031a9cbe0cf9f826316ae0
Reviewed-on: https://chromium-review.googlesource.com/600428
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47138}
2017-08-03 16:09:41 +00:00
Adam Klein
9dd9419c38 Add test coverage for do-expressions in ReparentExpressionScope()
Change-Id: I42f51fd00b1a21a1ff7ef2379fbf81a42266a737
Reviewed-on: https://chromium-review.googlesource.com/599111
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47137}
2017-08-03 16:07:41 +00:00