Commit Graph

56879 Commits

Author SHA1 Message Date
Clemens Hammacher
3b329c5b17 [x64] Use AVX instructions consistently if available
For float to int conversions and vice versa the MacroAssembler on x64
was using a mix of AVX and non-AVX instructions.
This CL fixes that to consistently use AVX if available.

R=jkummerow@chromium.org

Change-Id: I3aecda9b99881254b24949ced5bed870fdc2a754
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1678361
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62387}
2019-06-26 14:19:20 +00:00
Thibaud Michaud
a8fccd95ec [codegen] Swap using xchgq rather than three movq on x64
R=sigurds@chromium.org

Change-Id: Icd6e66b9bb23ca0dbf9fc5fe5c737a0bc3056a89
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1678359
Auto-Submit: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62386}
2019-06-26 14:11:30 +00:00
Yang Guo
8de427fae8 [debugger] Expose reference to the function in debug-evaluate
R=verwaest@chromium.org

Bug: chromium:878723
Change-Id: Ic07f75f15230018b6d19cd1ee21f4be6dcad6360
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1667408
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62385}
2019-06-26 13:49:45 +00:00
Junliang Yan
7d0b12101a PPC: fix offset overflow on misaligned load
Offset adjustment on misaligned loads causes offset to be
overflow. This fixes it by using ldx if the new offset overflows.

Change-Id: Ib0fd339c127b70d5cbc9096b54480eb4355e753c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1678396
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Auto-Submit: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#62384}
2019-06-26 13:19:05 +00:00
Thibaud Michaud
c1ea574e16 [codegen] Use xchg instead of push/pop for swap
R=sigurds@chromium.org

Change-Id: Id22a44fa15827d5c076496d872fe3be7da360b5e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1678356
Auto-Submit: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62383}
2019-06-26 13:11:25 +00:00
Mike Stanton
bc427c404f [Turbofan] Promise brokerization improvement
We only need to save the native context scope info object to
properly brokerize promise call reductions, rather than
adding the field to each ContextRef.

Bug: v8:7790
Change-Id: Id13dc8505972123cf77a50573c816c9a913686e3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1678416
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62382}
2019-06-26 13:07:55 +00:00
Nico Hartmann
9f061823bf Reland "[TurboFan] Fast path for JSAdd with BigInt feedback"
This is a reland of 5ff38bae08

Original change's description:
> [TurboFan] Fast path for JSAdd with BigInt feedback
> 
> This CL introduces the necessary infrastructure to generate speculative
> BigInt operations in case of BigInt feedback. In particular, the JSAdd
> operator is lowered to a speculative call to the  BigIntAdd builtin,
> with a deopt bailout in case of exceptions or violated assumptions.
> 
> Bug: v8:9213
> Change-Id: I05796336eef9a4389fc31d59cad2d69f75512647
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1657916
> Commit-Queue: Nico Hartmann <nicohartmann@google.com>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62362}

Bug: v8:9213
Change-Id: Ic0caf7aab2103b8f5e22a504427e8604cc894d75
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1677209
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@google.com>
Cr-Commit-Position: refs/heads/master@{#62381}
2019-06-26 12:41:57 +00:00
Igor Sheludko
933bb6e579 [ptr-compr] Use TaggedField<> in READ/WRITE macros
... instead of [Maybe]ObjectSlot.

Bug: v8:9353
Change-Id: I9747da70895e459882a83d06cc20a13b8519e500
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1678196
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62380}
2019-06-26 12:30:05 +00:00
Junliang Yan
e62c82826d [inspector] fix typo in fromUTF16LE and cleanup test
Bug: v8:9355
Change-Id: I42a683f9480435499e603083e844a47150ae57c8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1676244
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#62379}
2019-06-26 11:50:31 +00:00
Igor Sheludko
b20ecdbd67 [ptr-compr][cleanup] Cleanup TaggedField<>::store() implementation
When concurrent marking is on then normal stores to tagged fields must
be relaxed stores.

Bug: v8:9396
Change-Id: Id1189a6c7df5ae8e9e5dc4dad653d35bdd109c5e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1677207
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62378}
2019-06-26 11:21:51 +00:00
Leszek Swirski
9c1363e5ad [map] Update map in PrepareForDataProperty
Deprecated maps might not be updated before being passed to
PrepareForDataProperty. If the target map is a dictionary map,
then adding the data property can fail.

As a drive-by, remove the dead ForTransitionHandler code, which
was another (potentially unsafe) caller of PrepareForDataProperty

Bug: chromium:977012
Change-Id: I894bbc9bca2001555474a3570eb03fe6b0f69ddd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1674029
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62377}
2019-06-26 10:17:41 +00:00
Jakob Gruber
ff5a3e3d86 [scanner] Use JSRegExp::Flags instead of v8::RegExp::Flags
There's no reason to use the API RegExp type instead of the internal
JSRegExp type. In fact, the parsed flags end up in
Runtime_CreateRegExpLiteral, which assumes them to be of type
JSRegExp::Flags.

Drive-by: Additional asserts and helper functions in JSRegExp.

Bug: v8:9359
Change-Id: I5c12aba7d4e39a4891fb23d8b47c55fc480a28d9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1667004
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62376}
2019-06-26 10:15:11 +00:00
Igor Sheludko
2a440bb295 [ptr-compr] Use [DECL|DEF]_GETTERS macros (part 1)
... for defining isolate-full getters.

Bug: v8:9353
Change-Id: I91aa11bfe41ab61b2fa72c21018fc38753a846bd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1676286
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62375}
2019-06-26 09:54:21 +00:00
Mathias Bynens
eb0dd1da71 Remove always-true --harmony-global runtime flag
It shipped in Chrome 71.

Bug: v8:5537
Change-Id: Ia78c58dc0af941ec87c05c933419f7e93d2b26f8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1675951
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Auto-Submit: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62374}
2019-06-26 09:47:14 +00:00
Igor Sheludko
0edbb7a372 [ptr-compr][cleanup] Add DECL_GETTER and DEF_GETTER macros
... instead of ISOLATELESS_GETTER for declaring and defining getters
and predicates that have to deal with decompression of tagged fields.

The new macro eases introduction of isolate-full getters.

Bug: v8:9353
Change-Id: Ic63baea819a9320c5677f5bd7dda123d7334d80f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1676285
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62373}
2019-06-26 09:35:52 +00:00
Igor Sheludko
90975cd4bc [ptr-compr][x64] Tweak isolate root bias value and decompression code
... in order to improve quality of C++ assembly.

This CL also switches C++ code to use branchful decompression.

Bug: v8:9353
Change-Id: Id6a5cc5db2ad729b4394cd541a7ec8035c0d4571
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1677204
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62372}
2019-06-26 09:24:06 +00:00
Sathya Gunasekaran
45561dc465 Move message-template to src/common
Change-Id: I8e6f10d6a5cba981134b44fda1a8ae3a4ea0fc97
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1675959
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62371}
2019-06-26 09:19:16 +00:00
Mike Stanton
386ff6e5d6 [TurboFan] Serializing context information
In TurboFan, context specialization is an optimization that tries to
either replace the load of a value from the context with a constant,
or if that can't be achieved, at least reduce the hops up the
context chain by starting a walk to the required depth from the
first constant context that it can reach.

Currently, this optimization is performed by looking into the
heap during a reducer pass. With fully concurrent TurboFan, we
need to instead gather information about contexts we may want
to perform this optimization on during serialization.

This CL adds functionality to the serializer to recognize and
model operations that affect the context register. We add to the
hinting structure already used by the serializer. There is
a new type of hint: a VirtualContext. This is a tuple consisting
of a handle to a Context, and a distance field that indicates how
far away in a to-be-realized chain this VirtualContext sits from
the context in the handle. For example:

bytecode stream:
...
CreateBlockContext
...

After a block context is created, the accumulator now contains
a VirtualContext Hint with a distance of 1 from any context hints
that we are keeping track of in the current context register.

More details in the design doc here:
https://docs.google.com/document/d/1Y0LKKCEenLWyAZTetoAIpKTZRCxaNdkYV8X1GaCax2A/edit?usp=sharing

Change-Id: I63732ebd106cc138fb1e9789d0676ece63e15d27
Bug: v8:7790
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1605941
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62370}
2019-06-26 08:25:53 +00:00
Sigurd Schneider
5de719d43a [BUILD] Check for inconsistent build configuration
This makes sure that BUILDING_V8_SHARED and USING_V8_SHARED are not
both set at once.

Change-Id: Iba3a4fac37518b6ec3658da4575453a7967ece0f
Bug: v8:8855
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627978
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62369}
2019-06-26 08:00:23 +00:00
Jakob Gruber
4c156936e8 [regexp] Allow JSRegExpResult allocations in large object space
Large regexp results may exceed kMaxRegularHeapObjectSize and must
thus be allocated in large object space.

Drive-by: Rename '%InNewSpace' to '%InYoungGeneration'.

Bug: chromium:976627
Change-Id: I38b5aecb95a95cf2fdbb24d19550cec34361a09d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1674027
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62368}
2019-06-26 07:50:33 +00:00
Clemens Hammacher
d105428754 [wasm] Add counters for asynchronous compile time
We currently only sample synchronous compilation via
"V8.WasmCompileModuleMicroSeconds.wasm". This adds a similar counter
for asynchronous and streaming compilation. Both use the
{AsyncCompileJob}, which now records the start time of compilation and
records a sample when baseline compilation finished.
The sample will only be taken if a high-resolution clock is available.

R=ahaas@chromium.org
CC=jwd@chromium.org

Bug: chromium:978425
Change-Id: I4b083a8ebba685a1cc8fa87bfe30e9a0943e3394
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1675963
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62367}
2019-06-25 20:35:08 +00:00
Clemens Hammacher
89661dbe25 [wasm] Record wire byte size on streaming compilation
Samples for the wire bytes size histogram were only recorded in
synchronous and asynchronous (non-streaming) compilation. This CL adds
another sample for streaming compilation.

R=ahaas@chromium.org

Change-Id: I11e2606796a83d6bebb35bd1d554aea43907bfba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1676284
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62366}
2019-06-25 20:34:05 +00:00
Fabrice de Gans-Riberi
6bcd854f1f [fuchsia] Update zx_clock_get_new -> zx_clock_get
The call was renamed in	Fuchsia, the transitional *_new	variant	is
going to be removed soon.

Bug: chromium:977753
Change-Id: I3734cc36a15635dce4dc00d07917879761dec0f5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1676610
Commit-Queue: Fabrice de Gans-Riberi <fdegans@chromium.org>
Commit-Queue: Wez <wez@chromium.org>
Auto-Submit: Fabrice de Gans-Riberi <fdegans@chromium.org>
Reviewed-by: Wez <wez@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62365}
2019-06-25 19:02:24 +00:00
Francis McCabe
458a2b1761 Revert "[TurboFan] Fast path for JSAdd with BigInt feedback"
This reverts commit 5ff38bae08.

Reason for revert: flaky test that is not normally flaky failed.

See: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20nosnap%20-%20debug/24531

Original change's description:
> [TurboFan] Fast path for JSAdd with BigInt feedback
> 
> This CL introduces the necessary infrastructure to generate speculative
> BigInt operations in case of BigInt feedback. In particular, the JSAdd
> operator is lowered to a speculative call to the  BigIntAdd builtin,
> with a deopt bailout in case of exceptions or violated assumptions.
> 
> Bug: v8:9213
> Change-Id: I05796336eef9a4389fc31d59cad2d69f75512647
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1657916
> Commit-Queue: Nico Hartmann <nicohartmann@google.com>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62362}

TBR=jarin@chromium.org,neis@chromium.org,sigurds@chromium.org,nicohartmann@google.com

Change-Id: I5ae63a0183283894b6d1130792ab37a95b014550
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9213
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1676607
Reviewed-by: Francis McCabe <fgm@chromium.org>
Commit-Queue: Francis McCabe <fgm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62364}
2019-06-25 17:56:25 +00:00
Z Nguyen-Huu
139f83110c add micro-benchmark for proxy trap setPrototypeOf
Bug: v8:6664
Change-Id: If5a8a85a7537fa429fb58d1e0654ffe5f6a5897f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1669788
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62363}
2019-06-25 16:18:52 +00:00
Nico Hartmann
5ff38bae08 [TurboFan] Fast path for JSAdd with BigInt feedback
This CL introduces the necessary infrastructure to generate speculative
BigInt operations in case of BigInt feedback. In particular, the JSAdd
operator is lowered to a speculative call to the  BigIntAdd builtin,
with a deopt bailout in case of exceptions or violated assumptions.

Bug: v8:9213
Change-Id: I05796336eef9a4389fc31d59cad2d69f75512647
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1657916
Commit-Queue: Nico Hartmann <nicohartmann@google.com>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62362}
2019-06-25 15:42:02 +00:00
Andreas Haas
fdd12a489c [wasm][cleanup] Rename kWasmVar to kWasmBottom
In the context of the reference types proposal, the imaginary sub type
of all types was called "bot". With this CL we use this name now also
in V8.

R=clemensh@chromium.org

Bug: v8:9396
Change-Id: I65a2a177ae2af97e66549e7a5b1457595b04a1d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1675950
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62361}
2019-06-25 14:49:03 +00:00
Georg Neis
b3f99025e8 Remove some dead code related to BailoutId
Change-Id: I386882ba9a95a7eeaa7995423a9d981850680d95
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1675957
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62360}
2019-06-25 14:21:00 +00:00
Michael Achenbach
1ca89b8c71 [foozzie] Enable passing extra flags on command line
Currently, probabilities for extra flags are calculated in the correctness
fuzzer harness, which makes the RNG fragile when bisecting backwards, when
the script's config changes during bisection.

This adds the possibility to pass extra flags on command line to the
script. After a grace period, we will migrate the flag calculation to
clusterfuzz.

NOTRY=true

Bug: chromium:813833
Change-Id: I515181847474515089b847f8aaffc7c6560d9390
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1675945
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62359}
2019-06-25 13:27:11 +00:00
Sathya Gunasekaran
e101b9c03c [parser] Improve error when using import decl in a script
Perform a best-effort check for module context and provide an
appropriate error.

As seen from the import-blah-script.js test, we could have invalid
import expressions in a script context that could result in an error
saying "Cannot use import statement outside a module" which isn't
the ideal error because the error is an incorrect import
expression.

But, when the developer changes to a module context, the
correct error is thrown.

To fix this, we'd have to refactor and call ParseImportDeclaration,
and then throw an appropriate error, which seems like a lot of
overhead for not enough gain.

Bug: v8:9392, v8:6513
Change-Id: I520ebb490fff4d95743a7c751d4095db9a35d41b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1675948
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62358}
2019-06-25 12:33:11 +00:00
Seth Brenith
f89d4e120c Don't write formatted tq files if nothing changed
This will prevent unnecessary recompilation effort on the subsequent
build, and avoids a common issue on Windows where format-torque replaces
all of the line endings in a .tq file without changing any actual
content.

Bug: v8:8805
Change-Id: Id695351c242739d92aef47cd09e651bfbe3c8f9a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1673456
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Tamer Tas <tmrts@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62357}
2019-06-25 12:16:21 +00:00
Tamer Tas
6b52a54b9a [testrunner] generalize test loader to accept multiple extensions
testrunner assumes that each test suite has a single extension for base tests.
".mjs" extension can be used for ECMAScript modules in addition to the standard
extension ".js" we use for the base tests.

This CL generalizes the {TestLoader} to accept multiple extensions for
a single test suite.

R=mathias@chromium.org
TBR=machenbach@chromium.org
CC=​gsathya@chromium.org

Bug: v8:9395
Change-Id: Ibc155f4963472fe9f989458cd839f3642ffbddea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1675961
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Auto-Submit: Tamer Tas <tmrts@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62356}
2019-06-25 12:12:11 +00:00
Tobias Tebbi
9d4772db3e [torque] add notice to Torque exception usage
Change-Id: Ie5dbbf7cd17571c6ad1b0e83613bce605d0b9257
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1675956
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62355}
2019-06-25 12:01:31 +00:00
Andreas Haas
c476508b1a [wasm][anyref] Implement correct type checking for br_table
This CL refactors the type-checking for br_table instructions.
Originally, we iterated over all targets of br_table and checked
if the values on the stack match the types expected by the
target's signature. However, this caused problems with type
checking unreachable br_table instructions where some stack
values are unavailable. According to the anyref proposal, the
expected type of br_table is the greatest lower bound of
all its targets. With the existing implementation, the expected
types were the types of the first target.

With this CL, we first calculate the expected types of br_table,
and only then inspect the stack if matching values are available.

R=titzer@chromium.org

Bug: v8:7581
Change-Id: I12208323bda88c363e28ffb0e002d59ef9a6b9d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1649791
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62354}
2019-06-25 12:00:21 +00:00
Tobias Tebbi
a10a1a65a2 Reland "[csa] add hint to CAST error message to break in mksnapshot"
This is a reland of 93b6c866f3
The bug that caused the test failures has been fixed in
https://chromium-review.googlesource.com/c/v8/v8/+/1667417

Original change's description:
> [csa] add hint to CAST error message to break in mksnapshot
>
> Change-Id: I51a22de5d6367c38056ea91eface4f69f6651993
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664069
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Michael Stanton <mvstanton@chromium.org>
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62274}

TBR=mvstanton@chromium.org, ulan@chromium.org

Change-Id: I7bb0b4237b6eada82456bc9cf2f293d5986f0d65
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1675954
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62353}
2019-06-25 11:11:01 +00:00
Tobias Tebbi
6254e98d5d [turbofan] fix bug in CommonOperatorReducer::ReduceReturn
In this bug, we might replace a phi node with the Dead node even though
it still has uses. DeadCodeElimination picks this up and inserts a
runtime crash into the code.

Bug: chromium:974474
Change-Id: Iea685913c8666806972719bbfb0891e516207d4f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1669693
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62352}
2019-06-25 11:00:01 +00:00
Igor Sheludko
c07a2d618d Revert "Temporarily disable frozen/sealed elements kinds"
This reverts commit 77476cb278.

Reason for revert: This is no longer necessary. Let's continue getting test coverage for new elements kinds.

Original change's description:
> Temporarily disable frozen/sealed elements kinds
> 
> ... to prepare for merging this back to stable chanel.
> 
> Bug: chromium:972921
> Change-Id: I04ced1c81b5f8730014ecee8935799fccc377a49
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1667006
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62283}

TBR=ishell@chromium.org,verwaest@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: chromium:972921
Change-Id: I3686bd0f45d354f4826711671a10f1ef7b915e20
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1675953
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62351}
2019-06-25 10:54:31 +00:00
Tobias Tebbi
99a85fa5d6 [objects] initialize SmallOrderedHashTable padding
This fixes the test SmallOrderedHashMapAllocate in
test-code-stub-assembler.cc, which uses memcmp to check
SmallOrderedHashMap objects for equality:
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20nosnap%20-%20debug/24470


Change-Id: I1c1ad2e8923322c856191fac30f109a4e671b98e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1667417
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62350}
2019-06-25 10:27:49 +00:00
Maciej Goszczycki
aaef2562b5 [inspector][roheap] Make inspector-test.cc compatible with shared ro-heap
Shared read-only heap means that all isolates within a process must
share the same snapshot. Pass the back-end snapshot to the front-end
runner to fix that.

Bug: v8:7464
Change-Id: I0ec591a919d4d462ef38e372907592df3c759521
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1669691
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62349}
2019-06-25 10:23:49 +00:00
Igor Sheludko
d2061e53b4 [ptr-compr] Add Xxx::yyy(Isolate*) accessors
... in addition to existing Xxx::yyy().

The idea is to use these getters in hot C++ code since passing isolate
explicitly makes it trivial to compute isolate root value and reduces
the C++ code size.

For full-pointer mode the unused isolate argument will be optimized
away by the compiler, so full-pointer mode should not be affected
in any sense.

Bug: v8:9353
Change-Id: If6c43e3d5b3cbfc0db8b9eccee49dd8c4d168822
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1674035
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62348}
2019-06-25 10:15:19 +00:00
Mythri A
18fcd0b4ee [clusterfuzz] Teach clusterfuzz to use --no-lazy-feedback-allocation
To correctly fuzz the behaviour of optimized code and ICs we need to
allocate feedback vectors. So for the configurations testing these we
should turn off lazy feedback allocation.

It is also good to fuzz without lazy feedback allocation on other
configurations to flush out any other issues. So we also fuzz this with
0.35 chance. We also fuzz aggressive lazy feedback allocation (allocate
feedback vectors on first branch / return) with 0.05 chance to test
corner cases related to lazy feedback allocation.

Bug: v8:9342
Change-Id: Id0761d1396bfc0866988abb8fb20168b86a5da20
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1672939
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62347}
2019-06-25 09:20:19 +00:00
v8-ci-autoroll-builder
d5ae4459ff Update V8 DEPS.
Rolling v8/build: 074e5c6..fa4e56c

Rolling v8/buildtools: 8c2657f..80b545b

Rolling v8/buildtools/linux64: git_revision:8c7f49102234f4f4b9349dcb258554675475e596..git_revision:972ed755f8e6d31cae9ba15fcd08136ae1a7886f

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/566ad95..304e510

Rolling v8/third_party/depot_tools: dd2737e..2cfafaf

TBR=machenbach@chromium.org,sergiyb@chromium.org,tmrts@chromium.org

Change-Id: I409526520c064ae4f8a70b6159414c256a352fb8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1674830
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#62346}
2019-06-25 05:58:07 +00:00
Santiago Aboy Solanes
21eb4b9d52 [cleanup][ptr-compr][turbofan] DecompressionElimination test cleanup
This is a CL that aims to do a general cleanup of DecompressionElimination
to make it easier for devs to look at it, and to create new test cases.

Combined direct decompression & compression tests since they can be
summarized with a for loop in just one test that tries out
all the combinations.

Also created 'global' accesses to stop repeating them in every test.
Same for compression and decompression ops.

Added EXPECT in test cases that had none.

Added dots after comments.

Variables now use underscore instead of camelCase.

Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:8977, v8:7703, v8:9183
Change-Id: I38a5c6549e0b4ff89c3271ead23b626e8b6b4843
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1628788
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Auto-Submit: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62345}
2019-06-24 21:35:06 +00:00
Dan Elphick
9ae5a9a1d6 [api] Remove deprecated Object::Get/Set methods
Bug: v8:9183
Change-Id: I40c1cd1f55efc353af19cdee48e85ddc8085586c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664059
Auto-Submit: Dan Elphick <delphick@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62344}
2019-06-24 17:36:01 +00:00
Michael Lippautz
fdf3f14d52 [heap] Fix uninitialized value in GCTracer
Tbr: ulan@chromium.org
Bug: chromium:948807, chromium:978050
Change-Id: I73d4ca4ca43b9c9bfa57502676bab9f60b052229
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1674036
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62343}
2019-06-24 16:34:51 +00:00
Junliang Yan
9faa6943d0 [inspector] Add fromUTF16LE function to string-16
Bug: v8:9355
Change-Id: I317bb52952ad5b347d627d4f6096f251bca1a815
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1652558
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62342}
2019-06-24 16:26:01 +00:00
Maya Lekova
36eedb6315 [turbofan] Serialize API calls for property access
Bug: v8:7790
Change-Id: I5c98af1745ed765ec060b2fd70006a3bd57d523a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1645317
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62341}
2019-06-24 16:07:51 +00:00
Peter Marshall
8daf1e6df6 [tracing] Fix perfetto build caused by invalid sources
There is a generated file config.descriptor which is an output file
for a particular target. When we try to add this to sources, it breaks
as GN no longer silently accepts files with invalid types as sources.

This breakage was due to recently-rolled changes to fix crbug.com/gn/77

Similar fixes have been used here: crbug.com/964411

Change-Id: Ica9272647c6d1ed31780a6319cf098a083a3cc57
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1674032
Auto-Submit: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62340}
2019-06-24 15:03:31 +00:00
Mathias Bynens
8bd292132b Remove always-true --harmony-object-from-entries runtime flag
It shipped in Chrome 73.

Bug: v8:8021
Change-Id: I72a4e7fd3cd9ae8f960471a97100054d761d926b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593461
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Auto-Submit: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62339}
2019-06-24 15:01:01 +00:00
Jaroslav Sevcik
191f7ed9d1 [turbofan,x64] Replace Int32Sub(x,0) with EmitIdentity
Address a TODO: Use EmitIdentity instead of kArchNop.

Bug: v8:7947
Change-Id: Idd7de1bcffaf56f7eaf5d65be4dae3257d085ea8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1674031
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62338}
2019-06-24 13:58:22 +00:00