Commit Graph

8822 Commits

Author SHA1 Message Date
Adam Klein
317cf32131 [ast] Move AstValue implementation into Literal
This eliminates the AstValue class, effectively moving its
implementation into the Literal AstNode. This should cause
no difference in behavior, but it does signal some shifts
in the underlying system. Biggest changes include:

  - Reduction in AST memory usage
  - No duplicate HeapNumbers in Ignition constant pools
  - Non-String values are allocated either at constant pool
    creation time (or at boilerplate creation time for literals),
    rather than at AstValueFactory::Internalize() time.

There are a variety of test-only/debug-only changes due to these
switches as well.

Bug: v8:6984
Change-Id: I5f178040ce2796d4e7370c24d1063419e1c843a1
Reviewed-on: https://chromium-review.googlesource.com/731111
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49013}
2017-10-27 20:21:29 +00:00
Bill Budge
419924a28b [cctest] Merge identical platform tests, and run on all platforms.
- Moves platform-specific platform tests to test-platform.cc.
- Moves all tests into v8::internal namespace.

Bug: chromium:756050
Change-Id: Ic67d6b84dda07a9d5f6a0cc6489bfae90c52c0f2
Reviewed-on: https://chromium-review.googlesource.com/739983
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49012}
2017-10-27 18:58:06 +00:00
Ross McIlroy
488faeb676 [asm.js] Delay reporting warnings until finalization.
To avoid accessing the heap during asm.js compilation, use the pending
error handler to store the pending warnings such that they can be reported
later during finalization.

As part of this change, refactor PendingCompilationErrorHandler to have a
MessageDetails class holding details of either error or warning messages.

BUG=v8:5203

Change-Id: I5b09254f8899b8dc57d94f1986c7183da847eae3
Reviewed-on: https://chromium-review.googlesource.com/735607
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49007}
2017-10-27 16:23:23 +00:00
Michael Achenbach
0a35d6f985 [test] Let flags from test case have precedence
The status-file flags and the flags from the test case's source code
must always overwrite extra flags set by bots.

Bug: v8:6924
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I0e2aabb69da7cfb8ba6c1c79bd3851462071a6ac
Reviewed-on: https://chromium-review.googlesource.com/732656
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49001}
2017-10-27 13:22:39 +00:00
Andreas Rossberg
776d6e9d5c [wasm] Int64 lowering for return values
R=titzer@chromium.org

Change-Id: Ie8c361efb48b56dc65719f09dfc79d505e0f3459
Reviewed-on: https://chromium-review.googlesource.com/735610
Commit-Queue: Andreas Rossberg <rossberg@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49000}
2017-10-27 11:34:14 +00:00
Georg Neis
03035038b9 [bigint] Implement ToBigInt and NumberToBigInt.
... and use them to complete the BigInt function.

Bug: v8:6791
Change-Id: Ia36db86b92d1a0cfcb783516e04d6c0e3750f194
Reviewed-on: https://chromium-review.googlesource.com/737643
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48993}
2017-10-27 06:43:57 +00:00
Camillo Bruni
c3ad1e9067 [log] Use log for --trace-maps
This is an intermediate CL to move the complete --trace-map infrastructure to
a log-based version.

Change-Id: I0673052b1b87fe338e38dc609434a52af6a0652d
Reviewed-on: https://chromium-review.googlesource.com/738835
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48988}
2017-10-27 03:33:49 +00:00
Alexei Filippov
e8636cd75b Reland "[heap-profiler] Do not treat WeakMap values as weak."
This is a reland of c34042cc64
Original change's description:
> [heap-profiler] Do not treat WeakMap values as weak.
> 
> For the WeakHashTable objects only mark keys as weak while leaving values as strong references.
> 
> BUG=chomium:773722
> 
> Change-Id: Iabd5ba293d05fe68a2af6503fcdd711ecc182482
> Reviewed-on: https://chromium-review.googlesource.com/730771
> Commit-Queue: Alexei Filippov <alph@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48985}

TBR=ulan@chromium.org

Bug: chomium:773722
Change-Id: Icede16fde528d147cde5c3f6c72f2029876b099f
Reviewed-on: https://chromium-review.googlesource.com/740722
Reviewed-by: Alexei Filippov <alph@chromium.org>
Commit-Queue: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48987}
2017-10-26 23:04:31 +00:00
Alexei Filippov
f5a3b75f9c Revert "[heap-profiler] Do not treat WeakMap values as weak."
This reverts commit c34042cc64.

Reason for revert: Wrong table type was used

Original change's description:
> [heap-profiler] Do not treat WeakMap values as weak.
> 
> For the WeakHashTable objects only mark keys as weak while leaving values as strong references.
> 
> BUG=chomium:773722
> 
> Change-Id: Iabd5ba293d05fe68a2af6503fcdd711ecc182482
> Reviewed-on: https://chromium-review.googlesource.com/730771
> Commit-Queue: Alexei Filippov <alph@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48985}

TBR=ulan@chromium.org,alph@chromium.org,mlippautz@chromium.org

Change-Id: Ia2ddef5b2422d4cbb8c4710e24ed0885a9a5b284
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chomium:773722
Reviewed-on: https://chromium-review.googlesource.com/740721
Reviewed-by: Alexei Filippov <alph@chromium.org>
Commit-Queue: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48986}
2017-10-26 22:20:44 +00:00
Alexei Filippov
c34042cc64 [heap-profiler] Do not treat WeakMap values as weak.
For the WeakHashTable objects only mark keys as weak while leaving values as strong references.

BUG=chomium:773722

Change-Id: Iabd5ba293d05fe68a2af6503fcdd711ecc182482
Reviewed-on: https://chromium-review.googlesource.com/730771
Commit-Queue: Alexei Filippov <alph@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48985}
2017-10-26 20:58:49 +00:00
Igor Sheludko
b4fdce5ae9 [cleanup] Prepare V8-internal AccessorInfo objects for sharing.
Rename |property_attributes| to |initial_property_attributes| and ensure
that it is used as a storage of values only for AccessorInfos installed in
API Templates (i.e. ObjectTemplate and FunctionTemplate).
When an AccessorInfo is installed directly into an existing JS object
(via JSObject::SetAccessor) or into a DescriptorArray (when certain V8
objects' shapes are configured) it is not necessary to thread attributes
being set through the AccessorInfo instance.

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ibe61026f08c42549756f694129a286635ffe5769
Reviewed-on: https://chromium-review.googlesource.com/730425
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48978}
2017-10-26 15:21:46 +00:00
jgruber
1b2a341e02 [snapshot] Move bytecode handlers to builtins snapshot
This is the first step towards lazy-deserializing bytecode handlers.

Bytecode handler code objects are now serialized into the builtins
snapshot area (which, like many other related concepts, has become
somewhat of a misnomer now that it contains both builtins and
handlers).

Handlers are still eagerly-deserialized upon Isolate creation. This will
change in follow-up CLs.

Bug: v8:6624
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I7b257f76f5e9e90d5f7b183980bae7bc621171fc
Reviewed-on: https://chromium-review.googlesource.com/738030
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48977}
2017-10-26 15:08:36 +00:00
Ulan Degenbaev
d58b36b243 [jumbo] Fix collision between test-alloc.cc and test-spaces.cc.
This fixes jumbo build by renaming Pseudorandom function after
https://chromium-review.googlesource.com/738204

Bug: chromium:777177
Change-Id: I86aa403928ad85ddd7dd779a8a43af9e34161928
Reviewed-on: https://chromium-review.googlesource.com/737637
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48974}
2017-10-26 14:19:26 +00:00
Michael Starzinger
fdf6c2b134 [turbofan] Set {Code::stub_key} within the allocator.
This moves the initialization of the {Code::stub_key} field into the
allocator for {Code} objects, essentially making the field in question
immutable after allocation.

R=verwaest@chromium.org
BUG=v8:6792

Change-Id: I8ba2ffeea792d0d566995c08e3572ae63a7c1e94
Reviewed-on: https://chromium-review.googlesource.com/739141
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48971}
2017-10-26 13:50:06 +00:00
Ulan Degenbaev
7f8f283366 [heap] Fix top_on_previous_step_ check in PagedSpace::AllocateRaw.
Both the top_ pointer and the top_on_previous_step_ pointer can be one
byte beyond the current page. Page::FromAddress call should take that
into account.

Bug: chromium:777177
Change-Id: I9cbb5bc6eab932afc6d0c915fd70a9a7b20ba62c
Reviewed-on: https://chromium-review.googlesource.com/738204
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48962}
2017-10-26 11:10:57 +00:00
Clemens Hammacher
a74ee93311 [wasm] [interpreter] Tighten possible nondeterminism
The current implementation overapproximates the
possible_nondeterminism_ bit by setting it whenever a NaN value is
reinterpreted as integer, or stored to memory. This hides bugs in the
interpreter that are handled as possible nondeterminism even though
they are not.
This CL fixes this by only setting the bit if a binary floating point
operation is executed and one of the inputs is a NaN.

R=ahaas@chromium.org

Bug: v8:6954
Change-Id: Ib937ae7730dbb140c012d07fae23b40ae7ed3d6b
Reviewed-on: https://chromium-review.googlesource.com/735599
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48954}
2017-10-26 08:24:17 +00:00
Karl Schimpf
82ee3bcad0 [wasm] move protected instructions from RelocInfo To FixedArray
The motivation for this is that it greatly reduces the RelocInfo size.
This also results in a small improvement in compile time.

Note: This CL was based on https://codereview.chromium.org/2651833003,
and basically reverts that CL (but handles code changes and some
minor bugs in previous code).

Bug: chromium:772780
Change-Id: I55dd48d3bddd4b3d1c8eec13791b3ee4c485c604
Reviewed-on: https://chromium-review.googlesource.com/730649
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Reviewed-by: Eric Holk <eholk@chromium.org>
Commit-Queue: Karl Schimpf <kschimpf@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48947}
2017-10-25 21:15:49 +00:00
Jakob Kummerow
98df94cdd4 [bigint] Fix abstract equality with junk strings
Abstract equality comparison of a BigInt and a String converts the
latter to BigInt. This conversion can fail; since we do not want to
pass a context to the comparison function, we must signal such failure
without throwing an exception.
This CL uses the existing ShouldThrow enum to configure behavior of
String-to-BigInt conversion, moving it out of Object into globals.h.

Bug: v8:6791, v8:6979
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ibb98675079b8392cf03bbcbbbd5556108500a32d
Reviewed-on: https://chromium-review.googlesource.com/734172
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48946}
2017-10-25 20:56:09 +00:00
Adam Klein
e6d57a9f66 [esnext] Remove --harmony-object-rest-spread flag
This flag has been on by default since Chrome 61.

Bug: v8:5549
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I81c34d1d3a7dbd219acce2cdf0cf4917eb484002
Reviewed-on: https://chromium-review.googlesource.com/738312
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48945}
2017-10-25 19:47:29 +00:00
Jakob Kummerow
9daf3e2039 [cleanup] Limit Token usage to Parser, AST, BytecodeGenerator
and use a newly-introduced "enum class Operation" in all
other places that so far passed Token::Values around.
Also delete some related dead code along the way.

Bug: v8:6921
Change-Id: I062f396d304aa62298cfeff202e3132a4a5597c1
Reviewed-on: https://chromium-review.googlesource.com/736851
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48944}
2017-10-25 18:15:26 +00:00
Adam Klein
56c0acfb11 [parser] Remove always-true flag --harmony-restrictive-generators
It's been on by default since Chrome 61.

Bug: v8:4806
Change-Id: I748d9008d29997667458649d7bf4999e15ff8615
Reviewed-on: https://chromium-review.googlesource.com/737416
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48943}
2017-10-25 18:08:40 +00:00
Clemens Hammacher
e5f064d3b5 [wasm] Enable tests for Liftoff
This extends the WASM_EXEC_TEST to also execute the test in Liftoff
(our new baseline compiler).
Use WASM_COMPILED_EXEC_TEST to execute in both compilers, but not in
the interpreter.

R=titzer@chromium.org

Bug: v8:6600
Change-Id: I0b76a5cff9af1b8c4aaec3cceb154ad29ca1b58e
Reviewed-on: https://chromium-review.googlesource.com/733560
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48932}
2017-10-25 13:14:56 +00:00
Michael Starzinger
3b67d7a0f4 Reland "[objects] Introduce {CodeDataContainer} object type."
This is a reland of eeaffa9f33
Original change's description:
> [objects] Introduce {CodeDataContainer} object type.
> 
> This introduces the {CodeDataContainer} as a container for all mutable
> fields associated with a {Code} object. For now only the kind-specific
> flags are moved, but more fields can/will be moved gradually. The goal
> is to make all fields in the {Code} header be immutable eventually.
> 
> R=jarin@chromium.org
> BUG=v8:6792
> 
> Change-Id: I2eeba893afaba877fb6117e1f18371898c3a175e
> Reviewed-on: https://chromium-review.googlesource.com/732987
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48902}

Bug: v8:6792
Change-Id: I31a127df4bb8ee5fedb4d73755df4deae6e1d352
Reviewed-on: https://chromium-review.googlesource.com/738109
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48928}
2017-10-25 12:43:56 +00:00
Clemens Hammacher
834f5adf5e [wasm] Integrate Liftoff in the compilation pipeline
A WasmCompilationUnit can now either compile the code in liftoff or with
Turbofan. If liftoff compilation fails (because of unsupported
instructions), we fall back to TF.
This new pipeline is only enabled if the --liftoff flag is enabled.

R=titzer@chromium.org

Bug: v8:6600
Change-Id: I63669cfd8b7f0c89b08dcbd4d125d5ed44c7265b
Reviewed-on: https://chromium-review.googlesource.com/733091
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48924}
2017-10-25 12:17:35 +00:00
Ben L. Titzer
81e472631a [wasm] Remove {memory_buffer} from WasmInstanceObject.
R=clemensh@chromium.org

Bug: 
Change-Id: I0c92aa07e10dcd1e9d9fd34dcaf23885076721b0
Reviewed-on: https://chromium-review.googlesource.com/735724
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48922}
2017-10-25 11:57:56 +00:00
Leszek Swirski
52ef2a1c27 [parser] Add an n-ary node for large binop chains
Expressions of the form

    a_0 + a_1 + a_2 + a_3 + ... + a_n

seem to be reasonably common for cases such as building templates.
However, parsing these expressions results in a n-deep expression tree:

           ...
          /
         +
        / \
       +  a_2
      / \
    a_0 a_1

Traversing this tree during compilation can cause a stack overflow when n is
large.

Instead, for left-associate operations such as add, we now build up an
n-ary node in the parse tree, of the form

         n-ary +
       /  |      \
      /   |  ...  \
    a_0  a_1      a_n

The bytecode compiler can now iterate through the child expressions
rather than recursing.

This patch only supports arithmetic operations -- subsequent patches
will enable the same optimization for logical tests and comma
expressions.

Bug: v8:6964
Bug: chromium:724961
Bug: chromium:731861
Bug: chromium:752081
Bug: chromium:771653
Bug: chromium:777302
Change-Id: Ie97e4ce42506fe62a7bc4ffbdaa90a9f698352cb
Reviewed-on: https://chromium-review.googlesource.com/733120
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48920}
2017-10-25 11:28:55 +00:00
Michael Achenbach
9249df1d73 Revert "[objects] Introduce {CodeDataContainer} object type."
This reverts commit eeaffa9f33.

Reason for revert: Breaks msan compile (uninitialized value in snapshot):
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/builds/17824

Original change's description:
> [objects] Introduce {CodeDataContainer} object type.
> 
> This introduces the {CodeDataContainer} as a container for all mutable
> fields associated with a {Code} object. For now only the kind-specific
> flags are moved, but more fields can/will be moved gradually. The goal
> is to make all fields in the {Code} header be immutable eventually.
> 
> R=​jarin@chromium.org
> BUG=v8:6792
> 
> Change-Id: I2eeba893afaba877fb6117e1f18371898c3a175e
> Reviewed-on: https://chromium-review.googlesource.com/732987
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48902}

TBR=mstarzinger@chromium.org,jarin@chromium.org

Change-Id: I74fe833b074752d640cff4aa4680f250e1bd8780
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6792
Reviewed-on: https://chromium-review.googlesource.com/738029
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48904}
2017-10-25 09:24:59 +00:00
Marja Hölttä
d553c94309 [reland] [parser] Skipping inner funcs: Use less memory for variables.
- Make it possible to store quarter-bytes instead of full bytes.

- Don't store is_used; it can be recovered correctly based on the actual full
  parse (when a lazy function is eventually called) and
  has_forced_scope_allocation.

- With the is_used change, the old testing approach (which compared a scope for
  which we didn't do scope allocation to the baseline) no longer made
  sense. Replaced it with a new testing approach, which is also closer to the
  actual usage.

- First version (reverted): https://chromium-review.googlesource.com/725422

BUG=v8:5516

Change-Id: I1468af6670b689a104bd867377caa1d236070820
Reviewed-on: https://chromium-review.googlesource.com/733123
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48903}
2017-10-25 08:49:37 +00:00
Michael Starzinger
eeaffa9f33 [objects] Introduce {CodeDataContainer} object type.
This introduces the {CodeDataContainer} as a container for all mutable
fields associated with a {Code} object. For now only the kind-specific
flags are moved, but more fields can/will be moved gradually. The goal
is to make all fields in the {Code} header be immutable eventually.

R=jarin@chromium.org
BUG=v8:6792

Change-Id: I2eeba893afaba877fb6117e1f18371898c3a175e
Reviewed-on: https://chromium-review.googlesource.com/732987
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48902}
2017-10-25 08:46:29 +00:00
Georg Neis
d8fbe426fe [bigint] Adapt JSON.stringify.
Bug: v8:6791
Change-Id: Id34db2021c02b885be3f300648d5941362381d0b
Reviewed-on: https://chromium-review.googlesource.com/735561
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48896}
2017-10-25 07:13:47 +00:00
Mircea Trofin
7390c2fc1f [wasm] Use the C_WASM_ENTRY code type for cctest GetWrapperCode()
It appears in the cctest context, both the old STUB, and the current 
WASM_FUNCTION "just work"; however, in the upcoming off-the-gc wasm 
world, we codegen call sites differently on x64 - far calls for 
js-to-wasm (this case), and near calls otherwise.

Bug: 
Change-Id: Iebf8acf164f07742fc367b7bbf266913dbc60c46
Reviewed-on: https://chromium-review.googlesource.com/735131
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48889}
2017-10-24 19:55:44 +00:00
Adam Klein
e18ebb6064 [ast] Encapsulate AstValue inside Literal AstNode
This removes all but one caller of Literal::raw_value(), thus
hiding AstValue from the rest of the codebase. This is in
preparation to move much of AstValue's implementation up
into Literal itself, thus avoiding the overhead of the
underling ZoneObjects and allowing us to remove complexity
such as the cache of Smi-valued AstValues.

Bug: v8:6984
Change-Id: I1b90aa64b9d26db36ef486afe73cda4473ef866e
Reviewed-on: https://chromium-review.googlesource.com/731109
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48884}
2017-10-24 14:57:19 +00:00
Georg Neis
dabf6003c9 [bigint] Support <, <=, >, >=.
... mainly by adapting Object::Compare and
CodeStubAssembler::RelationalComparison.

TBR=rmcilroy@chromium.org

Change-Id: I34448d45b4950b9318263c4a667aa9db7d77232d
Bug: v8:6791
Reviewed-on: https://chromium-review.googlesource.com/730730
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48873}
2017-10-24 11:46:38 +00:00
Andreas Rossberg
06061b7ddf [wasm] Support block parameters
This adds support for parameters on block, loop, if, cf the multi-value proposal at:
https://github.com/WebAssembly/multi-value/blob/master/proposals/multi-value/Overview.md

With this CL, we ssucceed on all tests in:
https://github.com/WebAssembly/multi-value/pull/2
except those involving multiple returns from functions.

R=titzer@chromium.org

Change-Id: I14a33e86450148f6aed2b8b8cc6bebb2303625c6
Reviewed-on: https://chromium-review.googlesource.com/712578
Commit-Queue: Andreas Rossberg <rossberg@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48871}
2017-10-24 11:44:26 +00:00
Mike Stanton
598623c6b9 [Turbofan] Improve verification with effect output checks
Ensure that effect outputs from nodes are used if they have
an effect output. This helps us avoid an easy-to-make error
where we fail to update the effect chain with the result of
effectful operations.

Bug: v8:6929
Change-Id: I585dc627b3c330006ec04717ff9b2f5060dbad6a
Reviewed-on: https://chromium-review.googlesource.com/718107
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48861}
2017-10-24 09:00:31 +00:00
Georg Neis
94d9ffe71b [bigint] Adapt Object::NoSideEffectsToString.
R=jkummerow@chromium.org

Bug: v8:6791
Change-Id: Ia46694ef236abd2fa037491a017eb825aa25162a
Reviewed-on: https://chromium-review.googlesource.com/732981
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48856}
2017-10-24 08:27:53 +00:00
Daniel Clifford
6452b26a4b Reimplement Array.prototype.slice in CSA and C++
Previously, V8's slice was implemented in a combination of C++ and a 
Javascript fallback. The disadvantage of this approach was that the
fast-path required a call through the CEntryStub, which introduced
considerable overhead for small arrays with fast elements kinds.

Now the implementation primarily uses the CSA to generate both the
full spec-complaint implementation as well as fast paths for argument
objects and arrays with fast elements kinds. The CSA implementation
uses a C++ implementation fallback in select situations where the the
complexity of a CSA implementation would be too great and the
CEntryStub overhead is not decisive (e.g. slices of dictionary
elements arrays).

Performance results on semi-random arrays with small number of
elements (old vs. new):

smi copy: 48.7 ms vs. 12 ms
smi slice: 43.5 ms 14.8 ms
object copy: 35.5 ms 7.7 ms
object slice: 38.7 ms 8.8 ms
dictionary slice: 2398.3 ms vs. 5.4 ms
fast sloppy arguments slice: 9.6 ms vs. 7.2 ms
slow sloppy arguments slice: 28.9 ms vs. 8.5 ms

As a bonus, the new implementation is fully spec-compliant and fixes
at least one existing bug.

The design document for Array.prototype builtin rework can be found
at https://goo.gl/wFHe2n

Bug: v8:1956,v8:6601,v8:6710,v8:6978
Change-Id: Ia0155bedcf39b4577605ff754f416c2af938efb7
Reviewed-on: https://chromium-review.googlesource.com/574710
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48853}
2017-10-24 06:39:47 +00:00
Camillo Bruni
eff39bbb70 [tools] Move common arguments processing into separate file
Change-Id: Ia7b30b3f9d19ac1a6da978a0bd884e8f6f38841b
Reviewed-on: https://chromium-review.googlesource.com/730570
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48850}
2017-10-24 00:25:04 +00:00
Marja Hölttä
271e3b108d Revert "[parser] Skipping inner funcs: Use less memory for variables."
This reverts commit 97ead4338e.

Reason for revert: makes the PreParserScopeAnalysis test much slower.

Original change's description:
> [parser] Skipping inner funcs: Use less memory for variables.
> 
> - Make it possible to store quarter-bytes instead of full bytes.
> 
> - Don't store is_used; it can be recovered correctly based on the actual full
>   parse (when a lazy function is eventually called) and
>   has_forced_scope_allocation.
> 
> - With the is_used change, the old testing approach (which compared a scope for
>   which we didn't do scope allocation to the baseline) no longer made
>   sense. Replaced it with a new testing approach, which is also closer to the
>   actual usage.
> 
> BUG=v8:5516
> 
> Change-Id: I02bac24e482126689dcdbabe8b3a04977be29b0c
> Reviewed-on: https://chromium-review.googlesource.com/725422
> Commit-Queue: Marja Hölttä <marja@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48828}

TBR=marja@chromium.org,verwaest@chromium.org

Change-Id: I8cb87bcd55462b1cef4444dabb5cbfa2ecb24c7c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:5516
Reviewed-on: https://chromium-review.googlesource.com/732878
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48829}
2017-10-23 12:42:19 +00:00
Marja Hölttä
97ead4338e [parser] Skipping inner funcs: Use less memory for variables.
- Make it possible to store quarter-bytes instead of full bytes.

- Don't store is_used; it can be recovered correctly based on the actual full
  parse (when a lazy function is eventually called) and
  has_forced_scope_allocation.

- With the is_used change, the old testing approach (which compared a scope for
  which we didn't do scope allocation to the baseline) no longer made
  sense. Replaced it with a new testing approach, which is also closer to the
  actual usage.

BUG=v8:5516

Change-Id: I02bac24e482126689dcdbabe8b3a04977be29b0c
Reviewed-on: https://chromium-review.googlesource.com/725422
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48828}
2017-10-23 11:48:45 +00:00
Michael Starzinger
8dfebbc381 [objects] Turn {PromiseCapability} into a {Tuple3}.
R=gsathya@chromium.org
BUG=v8:6792

Change-Id: I68a5f9e7e52dbc9512e6919fce2064d748a3e7c4
Reviewed-on: https://chromium-review.googlesource.com/730726
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48824}
2017-10-23 11:15:07 +00:00
Benedikt Meurer
bcee140617 [turbofan] Introduce InstanceOfIC to collect rhs feedback.
This adds a new InstanceOfIC where the TestInstanceOf bytecode collects
constant feedback about the right-hand side of instanceof operators,
including both JSFunction and JSBoundFunction instances. TurboFan then
uses the feedback to optimize instanceof in places where the right-hand
side is not a known constant (known to TurboFan).

This addresses the odd performance cliff that we see with instanceof in
functions with multiple closures. It was discovered as one of the main
bottlenecks on the uglify-es test in the web-tooling-benchmark. The
uglify-es test (run in separation) is ~18% faster with this change.

On the micro-benchmark in the tracking bug we go from

  instanceofSingleClosure_Const: 69 ms.
  instanceofSingleClosure_Class: 246 ms.
  instanceofMultiClosure: 246 ms.
  instanceofParameter: 246 ms.

to

  instanceofSingleClosure_Const: 70 ms.
  instanceofSingleClosure_Class: 75 ms.
  instanceofMultiClosure: 76 ms.
  instanceofParameter: 73 ms.

boosting performance by roughly 3.6x and thus effectively removing the
performance cliff around instanceof.

Bug: v8:6936, v8:6971
Change-Id: Ib88dbb9eaef9cafa4a0e260fbbde73427a54046e
Reviewed-on: https://chromium-review.googlesource.com/730686
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48820}
2017-10-23 10:15:36 +00:00
Clemens Hammacher
319b7868c9 [wasm] [interpreter] Box floats for certain operations
There are wasm operations which operate on floats or double, but they
need to preserve the exact bit pattern. Thus they cannot be stored and
passed as float or double, since that might flip the signaling NaN bit.
This CL extends WasmValue to store floats and doubles as bit pattern,
and adds accessors to extract them as Float32 or Float64.
The interpreter is changed to execute certain operations (i32.abs,
i32.neg, i64.abs, i64.neg, f32.reinterpret/i32, f64.reinterpret/i64) on
boxed floats.

R=titzer@chromium.org

Bug: v8:6954
Change-Id: I0251d1a67b6caf593194d4eb292a325cdd3f20cf
Reviewed-on: https://chromium-review.googlesource.com/730716
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48819}
2017-10-23 10:14:31 +00:00
Clemens Hammacher
41925b9512 [test] Add missing field definitions
Even static constant fields need to have definitions outside of the
class scope if a reference to them is passed.
This CL fixes link errors which occured on an independent CL
(https://crrev.com/c/730716).

Drive-by: Make the fields constexpr.

R=mstarzinger@chromium.org

Change-Id: Iff5dd1f3d41ddfba0c20531dbecd63c1d4c670e8
Reviewed-on: https://chromium-review.googlesource.com/732114
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48816}
2017-10-23 09:10:15 +00:00
Georg Neis
a9e70a6ffc [modules] Fix lazy parsing of functions in modules.
The information that such functions must be parsed in module mode
didn't get properly propagated.

Also refactor some related code to make it more robust. In particular,
set parsing_module_ at parser construction time only.

Bug: v8:1569, v8:6919
Change-Id: Id136fb15c240373cad07c82025b778d0c0c43148
Reviewed-on: https://chromium-review.googlesource.com/716478
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48811}
2017-10-22 09:03:34 +00:00
Camillo Bruni
d06cb58685 [log] Consistently escape log entries
Implicitly escape all output that is passed to Log::MessageBuilder.
We escape non-printable characters and the log field separator ','
using the \x00 and \u0000 escape sequences.

Example:
Before: event-foo,"space: ","comma: ,","double quotes: """
After:  event-foo,space: ,comma: \x2C,double quotes: "

This might slightly impact human readability of the log files in
extreme cases. However, most strings do not contain any escaped
characters.

Bug: 
Change-Id: Ic78f6d9932367d02f9f3c3f70b41b5c283bdf880
Reviewed-on: https://chromium-review.googlesource.com/728332
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48805}
2017-10-20 23:53:44 +00:00
Camillo Bruni
761b4719d3 Reland "[logging] Use OFStream for log events"
This is a reland of 06ff9e974a
Original change's description:
> [logging] Use OFStream for log events
> 
> This simplifies a few operations and removes the size limitations
> implied by the message buffer used.
> 
> Change-Id: I8b873a0ffa399a037ff5c2501ba4b68158810968
> Reviewed-on: https://chromium-review.googlesource.com/724285
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48766}

Change-Id: Iafda1c88d9180d188d6b8bd7d03d6d27100538d8
Reviewed-on: https://chromium-review.googlesource.com/731107
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48804}
2017-10-20 22:47:01 +00:00
Tobias Tebbi
5917d5c1a8 [csa] extend the static CSA type system to allow for union types
- Introduce the new union type UnionType<T1,T2>, used for Number and 
  Numeric. Similarly, PairType<T1,T2> is used for a Turbofan operation
  with two results. Further details in the design doc:
  https://docs.google.com/document/d/10foP3m7SDWyFfbda96iEJ_XYOLQdd32AeoP8SD1cTcs/edit#heading=h.bghdno28mr7u
- Allow to derive the MachineType from a static type. 
  This allows to select the right MachineType when performing a 
  load/store.
- Disallow casts (UncheckedCast() or CAST()) when the target and 
  origin type have no overlap.
  New cast ReinterpretCast() is an UncheckedCast without this check.
- Caveat of this CL: Checked casts (CAST()) are not possible for 
  UnionType<T1,T2> with the exception of Number (due to the existence
  of Number in OBJECT_TYPE_LIST and the existence of an IsNumber() 
  function in the runtime).

Bug: v8:6949
Change-Id: I21a683d1341f69cebd8a347f545b454b463c52ad
Reviewed-on: https://chromium-review.googlesource.com/723320
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48796}
2017-10-20 15:58:51 +00:00
Toon Verwaest
4cb88e3ab4 Cleanup codegen.h includes
Bug: 
Change-Id: I67cfd5634e86472425c161b461684bd975e58a41
Reviewed-on: https://chromium-review.googlesource.com/730204
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48783}
2017-10-20 11:56:01 +00:00
Michael Starzinger
035b4ccfc9 [runtime] Allocate source position table before Code.
This allocates and populates potential source position table before the
underlying {Code} objects is allocated. It essentially makes the field
holding said table immutable after allocation.

R=verwaest@chromium.org
BUG=v8:6792

Change-Id: If35462688a1b502f28ae84f73b82b5df5005735f
Reviewed-on: https://chromium-review.googlesource.com/727895
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48781}
2017-10-20 10:58:52 +00:00
Clemens Hammacher
bd19ea4a06 Reland "[test] Add nan bit patterns to uint{32,64}_vector"
This is a reland of 6f93d59d92.
One more test had to be disabled (tracked by bug 6954), and
two machops tests needed to be changed to use boxed floats
and doubles.

Original change's description:
> [test] Add nan bit patterns to uint{32,64}_vector
> 
> If you just cast those patterns to float or double and pass them
> around, the quiet/signaling NaN bit might change. We had several bugs
> around this, so add these patterns to the general input vectors.
> 
> This uncovers a bug in the wasm interpreter, which will be fixed in a
> separate CL.
> 
> R=ahaas@chromium.org
> 
> Bug: v8:6947, v8:6954
> Change-Id: I205b8ab784b087b1e4988190fa725df0b90e7ee0
> Reviewed-on: https://chromium-review.googlesource.com/725345
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48731}

Bug: v8:6947, v8:6954
Change-Id: I9a38b5d9324131c3950c537910371a73c93d2c13
Reviewed-on: https://chromium-review.googlesource.com/728439
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48780}
2017-10-20 10:17:52 +00:00
Ross McIlroy
ed592eb03f [Cleanup][Interpreter] Move feedback slot allocation to bytecode generator
Moves the feedback vector slot allocation out of ast-numbering and into
bytecode generation directly. This has a couple of benifits, including reduced
AST size, avoid code duplication and reduced feedback vector sizes in many cases
due to only allocating slots when needed. Also removes AstProperties since
this is no longer needed.

AstNumbering is now only used to allocate suspend ids for generators.

BUG=v8:6921

Change-Id: I103e8593c94ef5b2e56c34ef4f77bd6e7d64796f
Reviewed-on: https://chromium-review.googlesource.com/722959
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48757}
2017-10-19 16:17:14 +00:00
Daniel Clifford
26ae938058 Convert ZoneList to ZoneVector in Module data structures
BUG=v8:6333,v8:6921
R=franzih@chromium.org

Change-Id: I18995282d372069ab576b87cebea4b405aa01c2c
Reviewed-on: https://chromium-review.googlesource.com/719005
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Franziska Hinkelmann <franzih@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48755}
2017-10-19 15:08:14 +00:00
Daniel Clifford
0454a842d1 Ensure inlined Array.protoype.shift() calls return non-COW arrays
Also ensure that CSA's CloneFixedArray and ExtractFixedArray correctly
transition COW to non-COW maps when doing a clone requiring copying.

Bug: chromium:775888
Change-Id: I31c97072761fdd2360d86f840c9fd6ab2d72973a
Reviewed-on: https://chromium-review.googlesource.com/727900
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48754}
2017-10-19 15:05:44 +00:00
Clemens Hammacher
39906c5d83 Reland^2 "[arm] [simulator] Do also execute tests on real hardware"
This is a reland of f77d98f755.
The issue was already fixed when this got reverted.

Original change's description:
> Reland "[arm] [simulator] Do also execute tests on real hardware"
> 
> This is a reland of 8bacd8486b.
> The failing test is disabled if not executing in the simulator.
> 
> Original change's description:
> > [arm] [simulator] Do also execute tests on real hardware
> > 
> > In order to avoid writing tests that *only* pass in the simulator, but
> > not on real hardware, do also execute the simulator tests on real
> > hardware.
> > 
> > R=ahaas@chromium.org, rodolph.perfetta@arm.com
> > 
> > Bug: v8:6947
> > Change-Id: Ibdf1719fff20e17620c0aaa343d7ea28e48f3837
> > Reviewed-on: https://chromium-review.googlesource.com/722961
> > Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> > Reviewed-by: Rodolph Perfetta <rodolph.perfetta@arm.com>
> > Reviewed-by: Andreas Haas <ahaas@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#48706}
> 
> Bug: v8:6947, v8:6963
> Change-Id: I5733794bc5ca223c8e66afcdeb8414b1b4121314
> Reviewed-on: https://chromium-review.googlesource.com/727880
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48734}

Bug: v8:6947, v8:6963
Change-Id: I6124164ff92a2387d714ce974000b6f615b91983
Reviewed-on: https://chromium-review.googlesource.com/727207
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48752}
2017-10-19 14:49:03 +00:00
peterwmwong
84c9f05d5b [builtins] Port String.raw to CPP
- Add StringRaw CPP Builtin
- Remove string.js

Bug: v8:5049
Change-Id: I0d067c5b5aa9231383c2f9f2a9cf80f478fbbaa8
Reviewed-on: https://chromium-review.googlesource.com/727723
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48748}
2017-10-19 13:47:33 +00:00
Toon Verwaest
9b88818cc7 [utils] Move modulo from codegen to utils
This also changes modulo to be more like others, e.g., Pow:
- have an inline Modulo
- have a modulo_double_double that we can use as FUNCTION_ADDR in assembler.cc

Bug: 
Change-Id: Id360e4adcde5712ffc5ac22abd3bbaab6aec09f5
Reviewed-on: https://chromium-review.googlesource.com/728027
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48747}
2017-10-19 13:03:14 +00:00
Michael Achenbach
9de93948df Revert "[test] Add nan bit patterns to uint{32,64}_vector"
This reverts commit 6f93d59d92.

Reason for revert: Breaks full-debug build:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20full%20debug/builds/2239

Original change's description:
> [test] Add nan bit patterns to uint{32,64}_vector
> 
> If you just cast those patterns to float or double and pass them
> around, the quiet/signaling NaN bit might change. We had several bugs
> around this, so add these patterns to the general input vectors.
> 
> This oncovers a bug in the wasm interpreter, which will be fixed in a
> separate CL.
> 
> R=​ahaas@chromium.org
> 
> Bug: v8:6947, v8:6954
> Change-Id: I205b8ab784b087b1e4988190fa725df0b90e7ee0
> Reviewed-on: https://chromium-review.googlesource.com/725345
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48731}

TBR=ahaas@chromium.org,clemensh@chromium.org

Change-Id: I4ceb82eab5d4cbf1f335bf6f358178a17a2fd0ba
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6947, v8:6954
Reviewed-on: https://chromium-review.googlesource.com/728101
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48745}
2017-10-19 12:16:05 +00:00
Michael Achenbach
e291c6913e Revert "Reland "[arm] [simulator] Do also execute tests on real hardware""
This reverts commit f77d98f755.

Reason for revert: Still fails:
https://build.chromium.org/p/client.v8.ports/builders/V8%20Arm/builds/4978

Original change's description:
> Reland "[arm] [simulator] Do also execute tests on real hardware"
> 
> This is a reland of 8bacd8486b.
> The failing test is disabled if not executing in the simulator.
> 
> Original change's description:
> > [arm] [simulator] Do also execute tests on real hardware
> > 
> > In order to avoid writing tests that *only* pass in the simulator, but
> > not on real hardware, do also execute the simulator tests on real
> > hardware.
> > 
> > R=ahaas@chromium.org, rodolph.perfetta@arm.com
> > 
> > Bug: v8:6947
> > Change-Id: Ibdf1719fff20e17620c0aaa343d7ea28e48f3837
> > Reviewed-on: https://chromium-review.googlesource.com/722961
> > Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> > Reviewed-by: Rodolph Perfetta <rodolph.perfetta@arm.com>
> > Reviewed-by: Andreas Haas <ahaas@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#48706}
> 
> Bug: v8:6947, v8:6963
> Change-Id: I5733794bc5ca223c8e66afcdeb8414b1b4121314
> Reviewed-on: https://chromium-review.googlesource.com/727880
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48734}

TBR=rodolph.perfetta@arm.com,ahaas@chromium.org,clemensh@chromium.org

Change-Id: I0ed35fc9e1dd5d30b0871479d17f0678fec17499
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6947, v8:6963
Reviewed-on: https://chromium-review.googlesource.com/727903
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48743}
2017-10-19 12:09:33 +00:00
Clemens Hammacher
3265b40faa [arm] Disable one more tests on native hardware
The test was recently enabled (together with other simulator tests) to
also run on native hardware (in https://crrev.com/c/727880).
Temporarlily disable this one test again until the issue is fixed.

R=ahaas@chromium.org

Bug: v8:6963
Change-Id: Ib6bae773a1d54541c87c37fb8547413ee7deac58
Reviewed-on: https://chromium-review.googlesource.com/728021
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48739}
2017-10-19 11:40:41 +00:00
Michael Starzinger
52d54f7c2a [runtime] Allocate DeoptimizationData before Code objects.
This allocates and populates potential deoptimization data arrays before
the underlying {Code} objects is allocated. It aims at making the field
holding said data immutable after allocation. Note that we still mutate
this field during deoptimization.

R=verwaest@chromium.org
BUG=v8:6792

Change-Id: Id0c2cfb65e782d7292d2df6bff41c54b2b8c3351
Reviewed-on: https://chromium-review.googlesource.com/725704
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48738}
2017-10-19 11:39:01 +00:00
Michael Starzinger
34a575f496 [profiler] Remove dead and obsolete CodeCreateEvent.
R=jgruber@chromium.org

Change-Id: I5748dcf1456a19be66058b1b7025da44bcbd999c
Reviewed-on: https://chromium-review.googlesource.com/725735
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48737}
2017-10-19 11:30:51 +00:00
Clemens Hammacher
f77d98f755 Reland "[arm] [simulator] Do also execute tests on real hardware"
This is a reland of 8bacd8486b.
The failing test is disabled if not executing in the simulator.

Original change's description:
> [arm] [simulator] Do also execute tests on real hardware
> 
> In order to avoid writing tests that *only* pass in the simulator, but
> not on real hardware, do also execute the simulator tests on real
> hardware.
> 
> R=ahaas@chromium.org, rodolph.perfetta@arm.com
> 
> Bug: v8:6947
> Change-Id: Ibdf1719fff20e17620c0aaa343d7ea28e48f3837
> Reviewed-on: https://chromium-review.googlesource.com/722961
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Rodolph Perfetta <rodolph.perfetta@arm.com>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48706}

Bug: v8:6947, v8:6963
Change-Id: I5733794bc5ca223c8e66afcdeb8414b1b4121314
Reviewed-on: https://chromium-review.googlesource.com/727880
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48734}
2017-10-19 09:57:11 +00:00
Clemens Hammacher
6f93d59d92 [test] Add nan bit patterns to uint{32,64}_vector
If you just cast those patterns to float or double and pass them
around, the quiet/signaling NaN bit might change. We had several bugs
around this, so add these patterns to the general input vectors.

This oncovers a bug in the wasm interpreter, which will be fixed in a
separate CL.

R=ahaas@chromium.org

Bug: v8:6947, v8:6954
Change-Id: I205b8ab784b087b1e4988190fa725df0b90e7ee0
Reviewed-on: https://chromium-review.googlesource.com/725345
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48731}
2017-10-19 09:25:01 +00:00
Clemens Hammacher
25b78853e2 Reland "[test] Avoid unnecessary std::vector allocations"
This is a reland of e737b4ce0d.
The issue on windows bots was fixed in https://crrev.com/c/725733.

Original change's description:
> [test] Avoid unnecessary std::vector allocations
> 
> Instead of copying an array of fixed values into an std::vector for
> each usage of the FOR_INPUTS macro, just iterate the constant data
> directly.
> This also makes the <type>_vector() functions return {constexpr Vector}
> instead of {std::vector}.
> 
> R=tebbi@chromium.org
> 
> Change-Id: Ifc3e5509b2fbf5e383c967c2f46acf2b07f7b5b4
> Reviewed-on: https://chromium-review.googlesource.com/725427
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48688}

Change-Id: I9ad5d22803bbbf35c458965497acc603cfa01b20
Reviewed-on: https://chromium-review.googlesource.com/725979
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48726}
2017-10-19 08:47:31 +00:00
Michael Achenbach
f5d09025fd Revert "[arm] [simulator] Do also execute tests on real hardware"
This reverts commit 8bacd8486b.

Reason for revert: Fails on chromebooks:
https://build.chromium.org/p/client.v8.ports/builders/V8%20Arm%20-%20debug/builds/4820

Original change's description:
> [arm] [simulator] Do also execute tests on real hardware
> 
> In order to avoid writing tests that *only* pass in the simulator, but
> not on real hardware, do also execute the simulator tests on real
> hardware.
> 
> R=​ahaas@chromium.org, rodolph.perfetta@arm.com
> 
> Bug: v8:6947
> Change-Id: Ibdf1719fff20e17620c0aaa343d7ea28e48f3837
> Reviewed-on: https://chromium-review.googlesource.com/722961
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Rodolph Perfetta <rodolph.perfetta@arm.com>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48706}

TBR=rodolph.perfetta@arm.com,ahaas@chromium.org,clemensh@chromium.org

Change-Id: I4ec1c6ce4f6e86916a83a748819752ba00179ca2
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6947
Reviewed-on: https://chromium-review.googlesource.com/727760
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48716}
2017-10-19 07:16:28 +00:00
Clemens Hammacher
8bacd8486b [arm] [simulator] Do also execute tests on real hardware
In order to avoid writing tests that *only* pass in the simulator, but
not on real hardware, do also execute the simulator tests on real
hardware.

R=ahaas@chromium.org, rodolph.perfetta@arm.com

Bug: v8:6947
Change-Id: Ibdf1719fff20e17620c0aaa343d7ea28e48f3837
Reviewed-on: https://chromium-review.googlesource.com/722961
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Rodolph Perfetta <rodolph.perfetta@arm.com>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48706}
2017-10-18 19:52:37 +00:00
Bill Budge
5c461ae868 Revert "[Memory] Move GetRandomMmapAddr from base::OS platform to v8::internal."
This reverts commit d607f1e72d.

Reason for revert: Suspected cause of hanging tests:

https://bugs.chromium.org/p/v8/issues/detail?id=6927#c13

Original change's description:
> [Memory] Move GetRandomMmapAddr from base::OS platform to v8::internal.
> 
> - Moves GetRandomMmapAddr from platform to v8::internal allocation
>   primitives, in preparation for delegating this to the embedder.
> - Adds hint parameters to OS functions that used to use this function.
> 
> Bug: chromium:756050
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: Iad72e6eac9c08a3e22c2cd2b2905623b8e514ae0
> Reviewed-on: https://chromium-review.googlesource.com/677777
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Bill Budge <bbudge@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48124}

TBR=bbudge@chromium.org,ulan@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: chromium:756050
Change-Id: I2c515934906e67b47ceea2863bc2992ac1d23ab3
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/726319
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48701}
2017-10-18 18:48:27 +00:00
Toon Verwaest
6cfc2d36c5 [builtins] Remove smi-tagged argc support in CheckStackOverflow
Bug: v8:6921
Change-Id: I370b1c3f8fbf3f5478ac7779205083e05710ea15
Reviewed-on: https://chromium-review.googlesource.com/726081
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48695}
2017-10-18 15:54:05 +00:00
Ulan Degenbaev
27a75926cd Disable stress-incremental-marking flag for tests using a lot of memory.
These tests are currently failing on TSAN bot with OOM when running
with the stress-incremental-marking flag.

Bug: v8:6924
Change-Id: I50b9a7142b2e8759f4bc327516f8c06ce1779777
Reviewed-on: https://chromium-review.googlesource.com/723427
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48693}
2017-10-18 14:20:07 +00:00
Clemens Hammacher
ab639e4ac8 Revert "[test] Avoid unnecessary std::vector allocations"
This reverts commit e737b4ce0d.

Reason for revert: On windows, V8_INFINITY is not constexpr

Original change's description:
> [test] Avoid unnecessary std::vector allocations
> 
> Instead of copying an array of fixed values into an std::vector for
> each usage of the FOR_INPUTS macro, just iterate the constant data
> directly.
> This also makes the <type>_vector() functions return {constexpr Vector}
> instead of {std::vector}.
> 
> R=​tebbi@chromium.org
> 
> Change-Id: Ifc3e5509b2fbf5e383c967c2f46acf2b07f7b5b4
> Reviewed-on: https://chromium-review.googlesource.com/725427
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48688}

TBR=clemensh@chromium.org,tebbi@chromium.org

Change-Id: Iccb52941d4efe71b49b41572c3d922a5d78bdfd2
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/725899
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48691}
2017-10-18 13:55:33 +00:00
Clemens Hammacher
e737b4ce0d [test] Avoid unnecessary std::vector allocations
Instead of copying an array of fixed values into an std::vector for
each usage of the FOR_INPUTS macro, just iterate the constant data
directly.
This also makes the <type>_vector() functions return {constexpr Vector}
instead of {std::vector}.

R=tebbi@chromium.org

Change-Id: Ifc3e5509b2fbf5e383c967c2f46acf2b07f7b5b4
Reviewed-on: https://chromium-review.googlesource.com/725427
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48688}
2017-10-18 13:20:21 +00:00
Ulan Degenbaev
7f35aa6786 Fix flaky test-inobject-slack-tracking cctest.
The test does not take into account that Turbofan can force completion
of in-object slack tracking.

Bug: 
Change-Id: Ic7404e8395858acaf707e65ca4b17e6b7f776594
Reviewed-on: https://chromium-review.googlesource.com/723464
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48687}
2017-10-18 13:06:35 +00:00
Franziska Hinkelmann
37a3a15c3e [api] Intercept DefineProperty after Descriptor query
Analog to other interceptors, intercept the DefineProperty
call only after obtaining the property descriptor.

This behavior allows us to mirror calls on a sandboxed object
as it is needed in Node. See for example
https://github.com/nodejs/node/pull/13265

Bug: 
Change-Id: I73b8f8908d13473939b37fb6727858d0bee6bda3
Reviewed-on: https://chromium-review.googlesource.com/725295
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Franziska Hinkelmann <franzih@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48683}
2017-10-18 12:26:59 +00:00
Michael Starzinger
03b543ab51 [runtime] Allocate HandlerTable before Code objects.
This allocates and populates potential exception handler tables before
the underlying {Code} objects is allocated. It essentially makes the
field holding said table immutable after allocation.

R=verwaest@chromium.org
BUG=v8:6792

Change-Id: I52ca374d40e3a72a4de022aca10faead6422db79
Reviewed-on: https://chromium-review.googlesource.com/723299
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48677}
2017-10-18 11:34:25 +00:00
Clemens Hammacher
b41b493bb5 [arm] [simulator] Fix implementation of vabs and vneg
They did not preserve the bit pattern of nans before. Now they do.
Also, add some tests for these instructions.

R=ahaas@chromium.org, rodolph.perfetta@arm.com

Bug: v8:6947
Change-Id: I189720cd47e1768194567a41371fc9586b414c45
Reviewed-on: https://chromium-review.googlesource.com/722979
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Rodolph Perfetta <rodolph.perfetta@arm.com>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48672}
2017-10-18 10:28:11 +00:00
Pierre Langlois
9f4f3c28ec Simplify DoubleToI stub.
The DoubleToI stub is no longer called outside of TurboFan, and always in the
same way:

  - The parameter is on top of the stack.
  - The stub is always called in a slow path.
  - It truncates.

Therefore, we can simplify it to only support this case and remove dead
code.

On top of this, since the stub is always considered to be on a slow path for all
backends, this patch takes the opportunity to remove the `skip_fastpath`
optimisation. This would generate a stub which does not handle all inputs,
assuming that the backend already handled some of the inputs in a fast
path. Removing this allows the stub to have the same behaviour on all targets.

On Arm, this patch reworks the stub a little. We could use ip instead of saving
and restoring a register on the stack. Also, comments would mention that we
assume the exponent to be greater than 31 when the it can be 30 or higher. As
done for Arm64, let's check this at runtime in debug mode.

On Arm64, we can also implement the stub without pushing and poping off the
stack. It needs 2 general purpose and a double scratch registers which we have
reserved already (ip0, ip1 and d30). This removes the need to check that the
stack pointer is always 16-bytes aligned.

Finally, this also fixes a potential bug on Arm64, in the
`GetAllocatableRegisterThatIsNotOneOf` method which is now removed. We were
picking an allocatable double register when we meant to pick a general one.

Bug: v8:6644
Change-Id: I88d4597f377c9fc05432d5922a0d7129b6d19b47
Reviewed-on: https://chromium-review.googlesource.com/720963
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#48671}
2017-10-18 10:23:21 +00:00
Clemens Hammacher
5f6510825a [cleanup] Fix remaining (D)CHECK macro usages
This CL fixes all occurences that don't require special OWNER reviews,
or can be reviewed by Michi.

After this one, we should be able to reenable the readability/check
cpplint check.

R=mstarzinger@chromium.org

Bug: v8:6837, v8:6921
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng;master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: Ic81d68d5534eaa795b7197fed5c41ed158361d62
Reviewed-on: https://chromium-review.googlesource.com/721120
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48670}
2017-10-18 10:12:31 +00:00
Michael Lippautz
d433928987 Fix CompactionPartiallyAbortedPageWithStoreBufferEntries
The test was reading from undefined stack addresses instead of creating
a string filled with characters that look like a new space pointer.

Bug: v8:6953
Change-Id: I2c0a9034076012746bd70325a4f21c63f4c264fa
Reviewed-on: https://chromium-review.googlesource.com/725322
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48668}
2017-10-18 09:27:11 +00:00
Jaroslav Sevcik
8f752a5c5c [tests] Create canonicalized handle scope for Turbofan.
Change-Id: I76a792638b58f0bdc0a6a04c912d816ebf04718c
Reviewed-on: https://chromium-review.googlesource.com/725320
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48664}
2017-10-18 07:41:43 +00:00
peterwmwong
bee98aecc7 Remove SubString intrinsic and convert SubString code stub to CSA.
Bug: v8:5049
Change-Id: Ia4f5729be64794e9080eb0e644b86cd5d8c88a11
Reviewed-on: https://chromium-review.googlesource.com/722168
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48661}
2017-10-18 05:52:47 +00:00
Pierre Langlois
71dbefee7a [cctest] Compare results of parallel moves with a simulation.
Introduce new `SimulateMoves` and `SimulateSwaps` methods which take an initial
"state" as a FixedArray and perform a given list of moves on it. They give us
what the result of testing the CodeGenerator's AssembleMove and AssembleSwap
should be.

This way, we can now compare the results of running parallel moves with a
reference simulation.

Bug: v8:6848
Change-Id: I228f4310f32d2a82e0744afaff183e2c7ac08cb7
Reviewed-on: https://chromium-review.googlesource.com/723222
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48656}
2017-10-17 19:46:03 +00:00
Daniel Clifford
6148cbfab4 Add FixedArray extraction and cloning utils to CSA
This adds a single bottleneck that properly handles the copying of empty, COW
and FixedDoubleArray arrays under the control of flags. This is in preparation
of adding new CSA-based array builtins on Array.prototype.

Drive by: Fix SmiConstant handling when ENABLE_VERIFY_CSA is not active and 
make the use of constant detection/folding consistent in the CSA depending
on ParameterMode.

Change-Id: If1889ab8cbff1805286b7b4344c29ffbe7191b39
Reviewed-on: https://chromium-review.googlesource.com/715798
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48624}
2017-10-17 08:32:57 +00:00
Peter Marshall
e0e08d52aa [heap] Remove unused code for TypedArrays in RightTrim.
This code is never used, and we don't right trim TypedArrays.

Bug: 
Change-Id: Ic3e32b194fb10ecd067449c755b1982c87c98257
Reviewed-on: https://chromium-review.googlesource.com/721541
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48623}
2017-10-17 07:54:30 +00:00
Michael Achenbach
ef2a870555 Revert "[ia32][wasm] Add I32x4AddHoriz and I16x8AddHoriz"
This reverts commit 2857e78347.

Reason for revert:
https://build.chromium.org/p/client.v8/builders/V8%20Linux/builds/20965

Original change's description:
> [ia32][wasm] Add I32x4AddHoriz and I16x8AddHoriz
> 
> Add phaddd, phaddw and AVX version
> Add vmovdqu and Movdqu macro
> 
> Bug: 
> Change-Id: I4f5c0cf96ab481fc18f0a0d554101a996a16c954
> Reviewed-on: https://chromium-review.googlesource.com/715677
> Commit-Queue: Jing Bao <jing.bao@intel.com>
> Reviewed-by: Bill Budge <bbudge@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48621}

TBR=bbudge@chromium.org,mtrofin@chromium.org,bmeurer@chromium.org,jing.bao@intel.com

Change-Id: Icaf36b46134e77e46180fc1671d0c6569b729a89
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/722679
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48622}
2017-10-17 06:46:56 +00:00
jing.bao
2857e78347 [ia32][wasm] Add I32x4AddHoriz and I16x8AddHoriz
Add phaddd, phaddw and AVX version
Add vmovdqu and Movdqu macro

Bug: 
Change-Id: I4f5c0cf96ab481fc18f0a0d554101a996a16c954
Reviewed-on: https://chromium-review.googlesource.com/715677
Commit-Queue: Jing Bao <jing.bao@intel.com>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48621}
2017-10-17 04:58:04 +00:00
Adam Klein
94a71d7c45 [parser] Skipping inner funcs: accurately record NeedsHomeObject
Inner functions which called eval, and were the kind of functions
that can use `super`, were erroneously not marked as "uses_super_property",
leading to downstream crashes when the runtime tried to load the
[[HomeObject]] from them.

This patch eliminates the public Scope::uses_super_property()
API and ensures that callers always call Scope::NeedsHomeObject()
instead.

This is a minimal fix designed for easy merging; it's likely that
in the long run we should remove most mentions of "uses super property"
and replace them with "needs home object" for clarity.

Bug: v8:5516, chromium:774994
Change-Id: Id269dd33e35bd40f6b59a3d3e19330687afa64f8
Reviewed-on: https://chromium-review.googlesource.com/721879
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48619}
2017-10-17 01:49:36 +00:00
Michael Achenbach
fb71512528 Revert "Reland: [heap] Add missing steps for Add/Remove observers"
This reverts commit d0e3fb4f2e.

Reason for revert: Failures on all GPU bots:
https://build.chromium.org/p/client.v8.fyi/builders/Win%20Release%20%28NVIDIA%29/builds/3171
https://build.chromium.org/p/client.v8.fyi/builders/Linux%20Release%20%28NVIDIA%29/builds/3730

Original change's description:
> Reland: [heap] Add missing steps for Add/Remove observers
> 
> This is a reland of https://chromium-review.googlesource.com/c/v8/v8/+/715118.
> The UI doesn't allow me to reland this automatically due to merge conflicts
> so I ended up doing this manually.
> 
> Change-Id: Ic013b61f459cb1e91e24203fb31ae7c14f3754f8
> Reviewed-on: https://chromium-review.googlesource.com/720136
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
> Cr-Commit-Position: refs/heads/master@{#48606}

TBR=ulan@chromium.org,mlippautz@chromium.org,ofrobots@google.com

Change-Id: I80f63ac0cc54471b3ecaa7b6d85b1805ea599dd4
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/721440
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48614}
2017-10-16 19:38:49 +00:00
Ali Ijaz Sheikh
d0e3fb4f2e Reland: [heap] Add missing steps for Add/Remove observers
This is a reland of https://chromium-review.googlesource.com/c/v8/v8/+/715118.
The UI doesn't allow me to reland this automatically due to merge conflicts
so I ended up doing this manually.

Change-Id: Ic013b61f459cb1e91e24203fb31ae7c14f3754f8
Reviewed-on: https://chromium-review.googlesource.com/720136
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
Cr-Commit-Position: refs/heads/master@{#48606}
2017-10-16 16:40:39 +00:00
Michael Lippautz
d88e3a7a9f [heap] Pause Sweeper tasks on Scavenge
Pause sweeper tasks when entering the Scavenger. In future CLs this
enables removing the page lock for the Scavenger.

CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_linux64_tsan_rel;master.tryserver.v8:v8_linux64_tsan_concurrent_marking_rel_ng;master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel;master.tryserver.chromium.android:android_optional_gpu_tests_rel

Bug: v8:6923, chromium:774108
Change-Id: Idcb7e14b94704dead70c33a49e67047b88bb6c4c
Reviewed-on: https://chromium-review.googlesource.com/718200
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48603}
2017-10-16 15:27:09 +00:00
Ben L. Titzer
829670e16a [wasm] Canonicalize signatures per module at module decode time.
This is needed for proper deserialization of code and has the nice
side effect of fixing the nasty race condition that led us to
introducing a lock on the signature map.

R=mtrofin@chromium.org
CC=clemensh@chromium.org

Bug: 
Change-Id: I6a018344ad8b58b088b20756d3b00ae08232bbb9
Reviewed-on: https://chromium-review.googlesource.com/718937
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48589}
2017-10-16 12:03:21 +00:00
Leszek Swirski
e659f45610 [cleanup] Make LanguageMode an enum class
Bug: v8:6921
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng;master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I3294568a550b829b0ec90147a4cdaefe169bb7cb
Reviewed-on: https://chromium-review.googlesource.com/718206
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48587}
2017-10-16 11:44:01 +00:00
Ben L. Titzer
5820041884 [wasm] Use WasmContext in the WasmInterpreter.
With the introduction of the WasmContext, compiled code is no longer
specialized to the memory start and size (or recently, globals_start).
This CL uses the same WasmContext between the interpreter and compiled
code, removing the need for UpdateMemory() and cached instance info.

R=clemensh@chromium.org

Bug: 
Change-Id: I0bd52352c9b6f3029246e94e239dc29f635e7920
Reviewed-on: https://chromium-review.googlesource.com/712734
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48584}
2017-10-16 10:51:07 +00:00
Michael Achenbach
089dd7d244 [test] Add output for investigating win-asan failures
Also fix asan environment for testing on windows.

TBR=sergiyb@chromium.org

Bug: chromium:726584
Change-Id: Ic9e6afa714f4757ad1b0f2ebfa742e742e1c04b9
Reviewed-on: https://chromium-review.googlesource.com/720811
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48583}
2017-10-16 10:30:27 +00:00
Ben L. Titzer
c02f5e3ab3 [wasm] Store the globals_start in WasmContext.
This CL removes the code specialization for WASM functions that access
globals. Previously, we were embedding the start address of the globals
memory (globals_start) as a constant in the code, which required
patching for every instance. We now put this base in to the WasmContext,
which is available as a parameter to every WasmFunction.

R=ahaas@chromium.org,
CC=mtrofin@chromium.org

Bug: 
Change-Id: I04bb739e898cc5a3b7dd081cc166483022d113fd
Reviewed-on: https://chromium-review.googlesource.com/712595
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48581}
2017-10-16 09:35:47 +00:00
Bill Budge
5033993f40 [arm] Use correct addressing mode in Neon loads/stores.
- Adds CodeGenerator::NeonInputOperand method for arm.
- Specifies addressing mode when selecting Neon load/store.

Bug: 
Change-Id: Iac0bb566c32882e6b9605d2978588af05493a5c7
Reviewed-on: https://chromium-review.googlesource.com/716714
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Martyn Capewell <martyn.capewell@arm.com>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48562}
2017-10-13 21:33:11 +00:00
Mathias Bynens
62f929ff4c Use nullptr instead of NULL where possible
New code should use nullptr instead of NULL.

This patch updates existing use of NULL to nullptr where applicable,
making the code base more consistent.

BUG=v8:6928,v8:6921

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng;master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I4687f5b96fcfd88b41fa970a2b937b4f6538777c
Reviewed-on: https://chromium-review.googlesource.com/718338
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48557}
2017-10-13 17:21:49 +00:00
Marja Hölttä
d953b2ab72 [objects.h splitting] Move Code & related classes.
BUG=v8:5402,v8:6921

Change-Id: I96a8a7cdded6f7c37b6f1da659d63df9e3a5de2b
Reviewed-on: https://chromium-review.googlesource.com/718342
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48552}
2017-10-13 14:22:11 +00:00
Predrag Rudic
31fa640d06 MIPS[64]:Implement MSA 3RF instructions for V8 builtin simulator
Bug: 
Change-Id: Icc4fd48ba1313cb94102ac794b06927d24151671
Reviewed-on: https://chromium-review.googlesource.com/708270
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@imgtec.com>
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@imgtec.com>
Cr-Commit-Position: refs/heads/master@{#48551}
2017-10-13 14:08:01 +00:00
Toon Verwaest
c95edbf27d [codegen] Delete unused StringCharLoadGenerator
Bug: v8:6921
Change-Id: I9e42d0a5e7ce7fdda1d00468a82d35b973200e2c
Reviewed-on: https://chromium-review.googlesource.com/718697
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48545}
2017-10-13 13:28:32 +00:00
Camillo Bruni
08dba83aa4 [d8] Support more console functions
- console.assert now fails properly
- console.trace dumps a low-level stack trace
- console.time/End dumps a timer event to the log file
- console.timeStamp dumps a timer event to the log

Drive-by-fixes:
- simplify test-log.cc
- fix test-log.cc log parser JS helper
- always start the default timer int the logger

Change-Id: I0bb26b9410a4e0d1d5bc8621d8b2243922fe3f29
Reviewed-on: https://chromium-review.googlesource.com/702459
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48531}
2017-10-13 10:44:17 +00:00
ccyongwang
39b2227bbd fix compile error when use PersistentValueMap.
In PersistentValueMap, SetWeak function should supply WeakCallbackType arguments.

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I70a59e90b7ea0a10f695419e57ae9bfb8d5ba852
Reviewed-on: https://chromium-review.googlesource.com/684002
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48529}
2017-10-13 10:23:57 +00:00
Igor Sheludko
36860509fb Reland "[runtime] Make JSFunction::prototype_or_initial_map field optional."
This is a reland of 3d023952f2
Original change's description:
> [runtime] Make JSFunction::prototype_or_initial_map field optional.
> 
> Functions that don't have prototype need to store neither prototype nor
> initial map, so the |prototype_or_initial_map| field is not required for
> such maps.
> 
> Bug: v8:6459
> Change-Id: I4b3066bd6a4fed42c19f217bae82a8bce552bdca
> Reviewed-on: https://chromium-review.googlesource.com/570250
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#46840}

Bug: v8:6459
Change-Id: I54e3516ea70474c6d4f873f7b91e74cb8a7d622a
Reviewed-on: https://chromium-review.googlesource.com/583307
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48523}
2017-10-13 09:09:28 +00:00
Toon Verwaest
bde0733a8d [code-stubs] Remove StringHelper and related helpers
Bug: v8:6921
Change-Id: I651b54a061a1ea401bb345569b96763daef0abe4
Reviewed-on: https://chromium-review.googlesource.com/707238
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48520}
2017-10-13 08:42:48 +00:00
Andreas Haas
78dfed3510 [wasm][cleanup] Rename kResizableMaximumFlag kHasMaximumFlag
This flag describes that the memory defined in a wasm module has a
maximum size. Therefore I think kHasMaximumFlag is more appropriate.

R=titzer@chromium.org

Bug: v8:6921
Change-Id: Ie794d670f74e7f1f9a42822e2f774da85aaaaa4b
Reviewed-on: https://chromium-review.googlesource.com/718198
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48517}
2017-10-13 08:05:11 +00:00
Ali Ijaz Sheikh
1cedda2510 Revert "[heap] Add missing steps for Add/Remove observers"
This reverts commit e770879eee.

Reason for revert: broke on this build: https://build.chromium.org/p/client.v8/builders/V8%20Mac%20-%20debug/builds/16703

Original change's description:
> [heap] Add missing steps for Add/Remove observers
> 
> Change-Id: I9935ff4debc623af674e606c006085258b685ced
> Reviewed-on: https://chromium-review.googlesource.com/715118
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
> Cr-Commit-Position: refs/heads/master@{#48513}

TBR=ulan@chromium.org,mlippautz@chromium.org,ofrobots@google.com

Change-Id: Idc53870cbcb692e79764dfe0984ff765ed2458f3
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/717318
Reviewed-by: Ali Ijaz Sheikh <ofrobots@google.com>
Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
Cr-Commit-Position: refs/heads/master@{#48515}
2017-10-12 22:22:16 +00:00
Ali Ijaz Sheikh
e770879eee [heap] Add missing steps for Add/Remove observers
Change-Id: I9935ff4debc623af674e606c006085258b685ced
Reviewed-on: https://chromium-review.googlesource.com/715118
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
Cr-Commit-Position: refs/heads/master@{#48513}
2017-10-12 21:37:33 +00:00
Pierre Langlois
d5b29f43de [arm] Support splitting add with immediate instructions
When an immediate does not fit an add instruction we use a temporary register to
hold the value, using movw/movt to encode it. However, in order to remove a use
of r9 in TurboFan's code generator, we need to cope with no scratch registers
being available. That is to say that the destination and source registers are
the same, and `ip` is not available to use.

In this case, we can split an add instruction into a sequence of additions:
```
UseScratchRegisterScope temps(...);
Register my_scratch = temps.Acquire();
__ add(r0, r0, Operand(0xabcd); // add r0, r0, #0xcd
                                // add r0, r0, #0xab00
```

As a drive-by fix, make the disassembler test fail if we expected a different
number of instructions generated.

Bug: v8:6553
Change-Id: Ib7fcc765d28bccafe39257f47cd73f922c5873bf
Reviewed-on: https://chromium-review.googlesource.com/685014
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#48491}
2017-10-12 08:06:35 +00:00
Ulan Degenbaev
bfd10baf7f [heap] Remove dead code related to idle finalization rounds.
Bug: 
Change-Id: I9e4b2e1157f36dacb24f7a0d0c43d31c84de8488
Reviewed-on: https://chromium-review.googlesource.com/712397
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48484}
2017-10-12 07:11:05 +00:00
Jaroslav Sevcik
a803fad068 Make sure the identity hash is uniform (at least in the lower bits).
In the current implementation of hash code for objects (identity hash),
we do not bother to shift the hash when we retrieve it from the 
hash-length bitfield in a property array. (Even worse, we store shifted
value even if we do not have property array or inside dictionaries.)
That means that the hash-code for objects is always divisible by 1024.
Since our hash table uses a simple masking with (2^logsize - 1) to 
obtain the bucket, we get terrible hash collisions - essentially, our
hash table degenerates to a linked list for fewer than 1024 elements.

This CL always shifts the hash code so that the value in the lowest 
21 bits is uniformly distributed.

This results in big improvements on medium to large hash tables.
A program storing 1M elements into a WeakMap gets roughly
17x faster.  A program retrieving 1M elements from a Map 
improves even more dramatically (>100x).

const a = [];
for (let i = 0; i < 1e6; i++) a[i] = {};

const m = new Map();
console.time("Map.set");
for (let i = 0; i < 1e6; i++) {
  m.set(a[i], i);
}
console.timeEnd("Map.set");

console.time("Map.get");
let s = 0;
for (let i = 0; i < 1e6; i++) {
  s += m.get(a[i]);
}
console.timeEnd("Map.get");

const w = new WeakMap();
console.time("WeakMap.set");
for (let i = 0; i < 1e6; i++) {
  w.set(a[i], i);
}
console.timeEnd("WeakMap.set");

Before the fix:

Map.set: 157.575000
Map.get: 28333.182000
WeakMap.set: 6923.826000

After the fix:

Map.set: 178.382000
Map.get: 185.930000
WeakMap.set: 409.529000

Note that Map does not suffer from the hash collision on insertion because
it uses chaining (insertion into linked list is fast regardless of size!), and
we cleverly avoid lookup in the hash table on update if the key does not have 
identity hash yet. This is in contrast to the WeakMap, which uses 
open-addressing, and deals with collisions on insertion.

Bug: v8:6916
Change-Id: Ic5497bd4501e3b767b3f4acb7efb4784cbb3a2e4
Reviewed-on: https://chromium-review.googlesource.com/713616
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48480}
2017-10-12 03:47:56 +00:00
Jakob Kummerow
e34debaf2b [bigint] Support BigInts in -,~,++,-- unary ops
and add the implementations for BitwiseNot, Increment, Decrement.
This CL teaches the respective bytecode handlers about BigInts,
and collects kBigInt type feedback for them (which TF discards
for now, substituting "any").

Bug: v8:6791
Change-Id: I4e802b301b9702d8270bda400edd7e885e6b11b9
Reviewed-on: https://chromium-review.googlesource.com/706101
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48479}
2017-10-12 01:40:33 +00:00
Jan Krems
1c5529993d Reland "[modules] Implement import.meta proposal"
This is a reland of ed6f00fb8e
Original change's description:
> [modules] Implement import.meta proposal
> 
> Rewrites references to import.meta to a new GetImportMetaObject runtime
> call. Embedders can define a callback for creating the meta object using
> v8::Isolate::SetHostGetImportMetaObjectCallback. If no callback has been
> provided, an empty object with null prototype is created.
> 
> This adds an example implementation to d8 that sets meta.url.
> 
> Bug: v8:6693
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: I6871eec79da45bba81bbbc84b1ffff48534c368d
> Reviewed-on: https://chromium-review.googlesource.com/707902
> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48433}

TBR=adamk@chromium.org

Bug: v8:6693
Change-Id: Ie2d746ad996a56ed6ff50b832f320fe44e02f231
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/712834
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48468}
2017-10-11 15:37:10 +00:00
Andreas Rossberg
5d3dfc855d [wasm] [multival] Reland: Allow function types as block types
Only change over original: Init sig_index to 0 at
function-body-decoder-impl.h:168, to make MSAN happy on error path.

R=titzer@chromium.org

Change-Id: I9ac17215360523b656b10d2466201001b65992c0
Reviewed-on: https://chromium-review.googlesource.com/712655
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Rossberg <rossberg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48463}
2017-10-11 14:59:49 +00:00
Pierre Langlois
dabd1c0af8 [cctest] Record execution of parallel moves.
This patch is a first step towards target independent tests for the
CodeGenerator's AssembleMove and AssembleSwap methods.

The tests on top of which this builds would only make sure that no assertions
were triggered while generating moves, and that the hardware is happy executing
them. We want to do more and check that the generated code performs correctly.

In a nutshell, this introduces a facility that can do the following:

  - Setup an environment with registers and stack slots initialised with random
    values.
  - Perform a list of randomly generated moves and/or swaps on those.
  - Return the resulting environment.

This is a first step and therefore is lacking a few things which will be
implemented as follow-ups:

  - Support for kSimd128 moves and swaps.
  - Support large offsets for stack moves, as well as positive and negative.
  - Compare the resulting environment against the result of a reference
    simulation.

For more background information, see this design document:
https://docs.google.com/document/d/1KpioxCmtiB_9RaPaRidZPVtKlZ2BaNKGPYUjKFihhK0

Bug: v8:6848
Change-Id: Ie7dc837f4444df010ab58c64b722d40ee5d2af72
Reviewed-on: https://chromium-review.googlesource.com/677398
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#48459}
2017-10-11 14:18:49 +00:00
Ben L. Titzer
b54bd06bdb [wasm] Use Handle<WasmInstanceObject> in wasm-module-runner.*
R=clemensh@chromium.org

Bug: 
Change-Id: I54e4d02cd5665d3ba3fd2e91da05599a915c0317
Reviewed-on: https://chromium-review.googlesource.com/712654
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48457}
2017-10-11 13:33:59 +00:00
Michael Lippautz
777ca5eb3b [cctests] Check for stray Isolates in DEBUG builds
Bug: 
Change-Id: Id3373279f2d985f7899cf893c1f63692b97166b7
Reviewed-on: https://chromium-review.googlesource.com/704655
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48456}
2017-10-11 13:02:15 +00:00
Michael Achenbach
a8590f9d6c Revert "[wasm] [multival] Allow function types as block types"
This reverts commit e44fdc7067.

Reason for revert: Breaks msan:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/builds/17482

Original change's description:
> [wasm] [multival] Allow function types as block types
> 
> Changes the binary encoding of multi-return blocks to contain a function type index instead of a vector of value types.
> 
> Cf. https://github.com/WebAssembly/multi-value/blob/master/proposals/multi-value/Overview.md#binary-format
> 
> Bug: v8:6672
> Change-Id: I506d9323bfd6dba1e7a24c8590bcf5a08b68c433
> Reviewed-on: https://chromium-review.googlesource.com/599807
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Commit-Queue: Andreas Rossberg <rossberg@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48453}

TBR=titzer@chromium.org,rossberg@chromium.org

Change-Id: Ia711d16ec6bd1c0731a96d38b8661f05be71f64b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6672
Reviewed-on: https://chromium-review.googlesource.com/712634
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48455}
2017-10-11 12:50:37 +00:00
Andreas Rossberg
e44fdc7067 [wasm] [multival] Allow function types as block types
Changes the binary encoding of multi-return blocks to contain a function type index instead of a vector of value types.

Cf. https://github.com/WebAssembly/multi-value/blob/master/proposals/multi-value/Overview.md#binary-format

Bug: v8:6672
Change-Id: I506d9323bfd6dba1e7a24c8590bcf5a08b68c433
Reviewed-on: https://chromium-review.googlesource.com/599807
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Rossberg <rossberg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48453}
2017-10-11 12:21:13 +00:00
Martyn Capewell
247bc200d1 Reland "[arm64] Add slot copier to masm and use in builtins"
This is a reland of 7c80f9ce69 with fixed restore
of system stack pointer in the tests.

Original change's description:
> Abstract some stack slot copies through a macro assembler function. This
> eliminates some non-paired stack operations.
>
> This is a reland of 1cc93be0f1 with
> additional tests, originally reviewed on
> https://chromium-review.googlesource.com/685238 and reverted due to an
> unrelated intermittent x64 failure.
>
> Bug: v8:6644
> Change-Id: If22b359dbda4bab1cb83cd8c44a2af5801012c37
> Reviewed-on: https://chromium-review.googlesource.com/707247
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
> Cr-Commit-Position: refs/heads/master@{#48419}

Bug: v8:6644
Change-Id: Ie8b45c73acc13df36c978a9ae4bee77082cb7c8d
Reviewed-on: https://chromium-review.googlesource.com/709515
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/master@{#48449}
2017-10-11 10:38:54 +00:00
Georg Neis
6ff68255e9 [bigint] Introduce ToNumeric conversion.
This introduces a ToNumeric conversion to the runtime and interpreter.
ToNumeric behaves like ToNumber, except that it also lets BigInts pass.

Bug: v8:6791
Change-Id: Idf9d0b5d283638459fe5893de41cc120356247a7
Reviewed-on: https://chromium-review.googlesource.com/707013
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48440}
2017-10-11 07:49:28 +00:00
Jaroslav Sevcik
6aa9f43d8d [profiler] Fix heap iteration to ignore deoptimized code objects.
When starting profiling, we iterate the heap to find all existing code
objects and the associated functions.

The iteration tried to log the function's code if either the closure's
code was optimized-but-not-deoptimized or if the optimized code in its
feedback vector was optimized-but-not-deoptimized.

That caused some trouble if the function's code was deoptimized but
we had a valid optimized code in the feedback vector. In that case
we would log the deoptimized code object from the closure, which 
would later crash when trying to access the deoptimization information
(which we clear on deoptimization).

This CL just fixes the iteration so that we do not crash. A better fix
might be to log the function's code object if not deoptimized *and*
the code object in type feedback vector if not not deoptimized. Or
perhaps iterate optimized code objects and log those that have
deoptimization information.

Bug: chromium:763073
Change-Id: Iddee6a1c8b0fe332186ef7af2f3751c8828434b1
Reviewed-on: https://chromium-review.googlesource.com/709116
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48437}
2017-10-11 06:51:18 +00:00
Sathya Gunasekaran
a5565227f2 Revert "[modules] Implement import.meta proposal"
This reverts commit ed6f00fb8e.

Reason for revert: tree is broken

NOTRY=true
NOTREECHECKS=true

Original change's description:
> [modules] Implement import.meta proposal
> 
> Rewrites references to import.meta to a new GetImportMetaObject runtime
> call. Embedders can define a callback for creating the meta object using
> v8::Isolate::SetHostGetImportMetaObjectCallback. If no callback has been
> provided, an empty object with null prototype is created.
> 
> This adds an example implementation to d8 that sets meta.url.
> 
> Bug: v8:6693
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: I6871eec79da45bba81bbbc84b1ffff48534c368d
> Reviewed-on: https://chromium-review.googlesource.com/707902
> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48433}

TBR=adamk@chromium.org,gsathya@chromium.org,jan.krems@groupon.com

Change-Id: I908a508d5db84cc8ae60d4fd4a0446bb570c1492
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6693
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/710760
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48434}
2017-10-11 00:05:13 +00:00
Jan Krems
ed6f00fb8e [modules] Implement import.meta proposal
Rewrites references to import.meta to a new GetImportMetaObject runtime
call. Embedders can define a callback for creating the meta object using
v8::Isolate::SetHostGetImportMetaObjectCallback. If no callback has been
provided, an empty object with null prototype is created.

This adds an example implementation to d8 that sets meta.url.

Bug: v8:6693
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I6871eec79da45bba81bbbc84b1ffff48534c368d
Reviewed-on: https://chromium-review.googlesource.com/707902
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48433}
2017-10-10 23:56:35 +00:00
jgruber
159236ec25 [regexp] Update semantics of GetSubstitution with named captures
The specced semantics of GetSubstitution are expected to change in the
case of malformed named references, or named references to nonexistent
named groups. The former will evaluate to the identity replacement of
'$<', while the latter will result in replacement by the empty string.

See also:
https://github.com/tc39/proposal-regexp-named-groups/issues/29

Bug: v8:5437, v8:6912
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I879288f775774cb0ec563f9d9129a99710efb77c
Reviewed-on: https://chromium-review.googlesource.com/708654
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48426}
2017-10-10 11:37:29 +00:00
Michael Lippautz
b7e6eb9208 [heap] Introduce on-hold concurrent marking work list
When hitting objects that are allocated in the most recent lienar
allocation area, the concurrent marker currently has to bail out to the
main thread.

However, we only have to delay processing those objects until we are at
a safepoint, e.g. IM::Step(). With this change we flush those
on-hold-objects back to the shared queue upon performing an incremental
marking step.

Bug: chromium:694255
Change-Id: I25647d0fc581a5c4de0346bc394dc51062f65f70
Reviewed-on: https://chromium-review.googlesource.com/707315
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48424}
2017-10-10 11:33:39 +00:00
Yang Guo
343cbe955b Remove FFI prototype.
Bug: v8:6867
TBR=ofrobots@google.com

Change-Id: I0eaebe04863f4cc9152655fedbeb67225a4d8103
Reviewed-on: https://chromium-review.googlesource.com/691722
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48422}
2017-10-10 11:12:59 +00:00
Clemens Hammacher
ce1104cbe8 Revert "[arm64] Add slot copier to masm and use in builtins"
This reverts commit 7c80f9ce69.

Reason for revert: arm64 msan failures: https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/builds/17455/steps/Check/logs/copy_slots_up

Original change's description:
> [arm64] Add slot copier to masm and use in builtins
> 
> Abstract some stack slot copies through a macro assembler function. This
> eliminates some non-paired stack operations.
> 
> This is a reland of 1cc93be0f1 with
> additional tests, originally reviewed on
> https://chromium-review.googlesource.com/685238 and reverted due to an
> unrelated intermittent x64 failure.
> 
> Bug: v8:6644
> Change-Id: If22b359dbda4bab1cb83cd8c44a2af5801012c37
> Reviewed-on: https://chromium-review.googlesource.com/707247
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
> Cr-Commit-Position: refs/heads/master@{#48419}

TBR=rmcilroy@chromium.org,martyn.capewell@arm.com,bmeurer@chromium.org

Change-Id: I8a8aeff89b6995d5fffaab1f2e4e45f478c28bed
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6644
Reviewed-on: https://chromium-review.googlesource.com/708814
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48420}
2017-10-10 10:48:12 +00:00
Martyn Capewell
7c80f9ce69 [arm64] Add slot copier to masm and use in builtins
Abstract some stack slot copies through a macro assembler function. This
eliminates some non-paired stack operations.

This is a reland of 1cc93be0f1 with
additional tests, originally reviewed on
https://chromium-review.googlesource.com/685238 and reverted due to an
unrelated intermittent x64 failure.

Bug: v8:6644
Change-Id: If22b359dbda4bab1cb83cd8c44a2af5801012c37
Reviewed-on: https://chromium-review.googlesource.com/707247
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/master@{#48419}
2017-10-10 10:21:49 +00:00
Camillo Bruni
6ee34530ea [literals] Don't reserve unused FeedbackVectorSlot for the empty object literal
Bug: v8:6211
Change-Id: Ie838cf118679e12483689e2c223e7ecc8335db18
Reviewed-on: https://chromium-review.googlesource.com/662759
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48418}
2017-10-10 10:00:49 +00:00
Eric Holk
69d790e521 [wasm] Remove --wasm-guard-pages flag
This flag was originally added as a staging mechanism to let us land and test
guard regions without the full trap handler feature landing. Additionally, we
thought we might enable guard regions without trap handlers on some systems.

Trap handlers are now supported, and there's not a real compelling reason for
why we need guard regions without trap handlers. Keeping the separate flag leads
to confusion, since some code treats guard regions and trap handlers the same,
while other code treats them as independent.

Removing this flag and its associated special cases makes everything more
uniform and predictable.

R=gdeepti@chromium.org

Change-Id: Icebab91d1f1e0c55e7a35c75b880085d37fa14ae
Reviewed-on: https://chromium-review.googlesource.com/706570
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48411}
2017-10-10 01:10:28 +00:00
Toon Verwaest
de578fe3f8 [macro-assembler] Delete unused Jump/CheckBothSmi
Bug: 
Change-Id: I0c2dabebbfa709589c19b1c48ec8de4c7f7a3952
Reviewed-on: https://chromium-review.googlesource.com/707151
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48410}
2017-10-09 23:29:45 +00:00
Ulan Degenbaev
f47b32b2a3 [wasm] Fix platform initialization in test-streaming-compilation.
This ensures that platform is initialized before the isolate and
properly restores the previous platform at the end of the test.

Bug: 
Change-Id: I2771b7538362c400c5ff61411222beb7d7e62b02
Reviewed-on: https://chromium-review.googlesource.com/707111
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48405}
2017-10-09 19:25:14 +00:00
Ulan Degenbaev
cd3209e830 [heap] Make concurrent marking tasks cancelable.
Bug: chromium:694255
Change-Id: I5c0c0b58cdcf3cf745670148724e3c6ecc34d485
Reviewed-on: https://chromium-review.googlesource.com/707149
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48395}
2017-10-09 15:58:53 +00:00
Toon Verwaest
20a47ce094 [macro-assembler] Delete unused AllocateJSValue and related functions
Bug: 
Change-Id: I315d0017179e2f0a9883647b91fd4f0a762eade0
Reviewed-on: https://chromium-review.googlesource.com/707054
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48381}
2017-10-09 13:32:21 +00:00
Ulan Degenbaev
b54c1a6ef6 [heap] Ensure that sweeping is completed in ConcurrentMarking cctests.
Bug: chromium:694255
Change-Id: I5dc6157126544f20bca0ddee967e1d08d69bb060
Reviewed-on: https://chromium-review.googlesource.com/707104
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48380}
2017-10-09 13:12:41 +00:00
Ulan Degenbaev
2e70adc7e2 [heap] Add thread-safe counter that tracks bytes marked concurrently.
Each concurrent marking task maintains task_state[i]->marked_bytes.
When a task finishes, its local counter is flushed into global
total_marked_bytes_ atomic counter.

Bug: chromium:694255
Change-Id: I629467385e80bf229e06a4231673ceb5ef8e4aea
Reviewed-on: https://chromium-review.googlesource.com/704823
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48374}
2017-10-09 12:01:18 +00:00
Michael Starzinger
f7da4d7110 [iwyu] Remove stale TODOs about objects-inl.h inclusion.
R=marja@chromium.org

Change-Id: I93a366caded175256abd7966c3c157191a2b7de2
Reviewed-on: https://chromium-review.googlesource.com/690455
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48370}
2017-10-09 11:14:59 +00:00
Daniel Clifford
9019de3812 Add NumberAdd/NumberSub methods to CSA
These will be used in subsequent CLs to add spec-compliant builtins
on Array.prototype built with the CSA.

Change-Id: I4c9f72f90dffe018b99efdc73e9d40b3d175c2aa
Reviewed-on: https://chromium-review.googlesource.com/704115
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48362}
2017-10-09 06:24:41 +00:00
Jan Krems
8e60857093 Parsing import.meta expression
Rewrites import.meta expressions into null literals. Builds on top
of- and requires dynamic import parsing to simplify the implementation.

Adds a new --harmony-import-meta flag.

BUG=v8:6693

Change-Id: Iadb7ddf6bad8986bf3ad641dbd3826fe730b5f44
Reviewed-on: https://chromium-review.googlesource.com/702678
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48359}
2017-10-09 02:47:31 +00:00
Michael Lippautz
8e45603136 [arm64-simulator] Dispose stray Isolate in test
Bug: 
Change-Id: I2bebb92d2f5ed245bd7b20ee3ed1c6804605f837
Reviewed-on: https://chromium-review.googlesource.com/704644
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48343}
2017-10-06 15:09:03 +00:00
Michael Lippautz
e0f21bb743 [arm-simulator] Dispose stray Isolate in test
Bug: 
Change-Id: I6b853f9462793c14aca3cc45c735ddcef6ed6155
Reviewed-on: https://chromium-review.googlesource.com/704637
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48339}
2017-10-06 12:05:02 +00:00
Ben L. Titzer
afbfddd75e [wasm] Honor AllowCodegenFromStrings() for all WASM compile types.
R=clemensh@chromium.org

Bug: v8:6756
Change-Id: I3b25b89f3ead5c856be5c7ba3c7c236e595ce8de
Reviewed-on: https://chromium-review.googlesource.com/695524
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48333}
2017-10-06 08:50:51 +00:00
Michael Lippautz
4443683654 [serializer] Properly dispose Isolates in tests
Bug: 
Change-Id: I1ca4246174e16dc3577f31a9e3a8333aadc17415
Reviewed-on: https://chromium-review.googlesource.com/702894
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48328}
2017-10-06 07:50:01 +00:00
Michael Lippautz
f84d216ff9 [wasm] TransferrableWasModules test: Properly disposte Isolate
Bug: 
Change-Id: I824f42cf6159f94204ee3e3c26a6af18e717b11e
Reviewed-on: https://chromium-review.googlesource.com/702874
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48327}
2017-10-06 07:48:21 +00:00
Deepti Gandluri
3dcb40c9b3 [wasm] Add disassembly for Atomic ops in wasm-text
Fix disassembly of atomic operations for the inspector.

BUG=v8:6842,v8:6532

Change-Id: I3701b55c28b10561d1726e2c0b9fe2e1b2c76b8e
Reviewed-on: https://chromium-review.googlesource.com/703468
Commit-Queue: Brad Nelson <bradnelson@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48324}
2017-10-05 23:00:51 +00:00
Aseem Garg
8fc10b5af7 [wasm] Re-enable Simd lowering tests for wasm
This adds a new simd lowering execution mode for
simd and re-enables the lowering tests

R=titzer@chromium.org,gdeepti@chromium.org,bbudge@chromium.org,mtrofin@chromium.org
BUG=v8:6020

Change-Id: Ice6b7ff2f5973804d379c88241d49b811429a965
Reviewed-on: https://chromium-review.googlesource.com/698928
Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48322}
2017-10-05 21:25:34 +00:00
Ulan Degenbaev
50edfd171e [heap] Fix ConcurrentMarkingReschedule cctest.
This makes the test robust for stress GC flags.

Bug: 
Change-Id: Ica65987f0ee09fbdb4aab233dea4c51db5b19459
Reviewed-on: https://chromium-review.googlesource.com/702436
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48313}
2017-10-05 15:00:12 +00:00
Sathya Gunasekaran
87e1b8dfdb Use MaybeHandle for values that could be empty
This fixes some of the old legacy API that used empty Handle<>

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I861e31a4a6f65bc497bfc512174adba39c17abca
Reviewed-on: https://chromium-review.googlesource.com/701634
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48311}
2017-10-05 13:16:55 +00:00
Michael Achenbach
c7e84f5216 [test] Add stress_incremental_marking testing variant
Bug: 
Change-Id: Iddb8dde328af42b99c74195a13975346437c7259
Reviewed-on: https://chromium-review.googlesource.com/700635
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48310}
2017-10-05 13:10:42 +00:00
Marja Hölttä
f6f5bafe41 [parser] Skipping inner funcs: Fix hoisting.
The catch variable is a special VAR-mode variable which is not in a declaration
scope. Normally creating such a variable is not possible with DeclareVariable,
but Parser bypasses it by calling DeclareLocal directly (which doesn't have the
hoisting check).

PreParser used to cut corners and declare the catch variable as a LET-mode
variable to prevent hoisting.

But since LET and VAR variables behave differently when deciding whether they
block sloppy block function hoisting, that approach doesn't fly.

BUG=v8:5516,chromium:771474

Change-Id: Ic6f5f4996416c9fa59132725c8b0b6b570c72f48
Reviewed-on: https://chromium-review.googlesource.com/700634
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48308}
2017-10-05 12:00:45 +00:00
Daniel Clifford
a9e6215248 Add NumberMin/NumberMax methods to CSA
Change-Id: Ib36b6e27476f7cc1e2064e147fbfa7d3d1e28b49

These will be used in subsequent CLs to add spec-compliant builtins
on Array.prototype built with the CSA.

Change-Id: Ib36b6e27476f7cc1e2064e147fbfa7d3d1e28b49
Reviewed-on: https://chromium-review.googlesource.com/700694
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48306}
2017-10-05 09:15:35 +00:00
Michael Achenbach
ba44981a6a Revert "[language] Implement optional catch binding proposal"
This reverts commit d0651bd108.

Reason for revert: Breaks gc stress with embedded snapshot:
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/15355

Original change's description:
> [language] Implement optional catch binding proposal
> 
> This allows the syntax `try {} catch {}` (with no binding after the
> `catch`).
> 
> See https://github.com/michaelficarra/optional-catch-binding-proposal/
> 
> Currently behind --harmony-optional-catch-binding.
> 
> As part of the implementation, this allows TryCatchStatements to not
> have an associated catch scope; various paths which assumed they
> would have been updated to handle this case.
> 
> Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
> Change-Id: Ic525b45199eef025eb05da562e10fbd4f3d7465f
> Reviewed-on: https://chromium-review.googlesource.com/571453
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Commit-Queue: Kevin Gibbons <bakkot@gmail.com>
> Cr-Commit-Position: refs/heads/master@{#48300}

TBR=rmcilroy@chromium.org,adamk@chromium.org,marja@chromium.org,gsathya@chromium.org,bakkot@gmail.com

Change-Id: I63d68160ec75b87e28d3dcdddca2d8b7d0503b46
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/702334
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48303}
2017-10-05 08:31:15 +00:00
Michaël Zasso
b096c44ffc [build] Introduce an embedder version string
Sometimes, the embedder might want to merge a fix to an abandoned branch
or to a supported branch but the fix is not relevant to Chromium.
This adds a new version string that the embedder can set at compile time
and that will be appended to the official V8 version.
The separator must be provided in the string. For instance, to have a
full version string like "6.0.287.53-emb.1", the embedder must set
V8_EMBEDDER_STRING to "-emb.1".

Related Node.js issue: https://github.com/nodejs/node/pull/9754

BUG=v8:5740
R=machenbach@chromium.org

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ifa2d9bd213795e6d54886436f8c3787ac6162823
Reviewed-on: https://chromium-review.googlesource.com/690475
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Michaël Zasso <mic.besace@gmail.com>
Cr-Commit-Position: refs/heads/master@{#48301}
2017-10-05 07:17:45 +00:00
Kevin Gibbons
d0651bd108 [language] Implement optional catch binding proposal
This allows the syntax `try {} catch {}` (with no binding after the
`catch`).

See https://github.com/michaelficarra/optional-catch-binding-proposal/

Currently behind --harmony-optional-catch-binding.

As part of the implementation, this allows TryCatchStatements to not
have an associated catch scope; various paths which assumed they
would have been updated to handle this case.

Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: Ic525b45199eef025eb05da562e10fbd4f3d7465f
Reviewed-on: https://chromium-review.googlesource.com/571453
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Kevin Gibbons <bakkot@gmail.com>
Cr-Commit-Position: refs/heads/master@{#48300}
2017-10-05 01:51:20 +00:00
Jakob Kummerow
f83d0e0be8 [bigint] Implement shift ops
Bug: v8:6791
Change-Id: I5e91832bcb74e895eaf7a3d6ee493c832abba7bf
Reviewed-on: https://chromium-review.googlesource.com/699635
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48299}
2017-10-05 00:56:50 +00:00
Sathya Gunasekaran
c56258849c [Promises] Fulfill promise before firing PromiseRejectCallback
Previously, we would first fire the PromiseRejectCallback before
fulfilling the promise. This patch changes the behavior to first
fulfill the promise. This behavior is more intuitive.

This patch also merges the check for PromiseHook callback with the
debug callback, since they use the same boolean bit on the isolate.

Bug: v8:6880
Change-Id: Ia04867e16423a1d6006f0f3f93a14fa6026e17ed
Reviewed-on: https://chromium-review.googlesource.com/700980
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48298}
2017-10-04 23:01:00 +00:00
Eric Holk
df5a509a2c [wasm] use ccall to set/clear thread in wasm flag
CCalls have significantly less overhead than runtime calls which will improve
runtime performance on programs that make lots of transitions between JS and
Wasm.

Bug: v8:5277
Change-Id: If09dea97f24eb43753847e2b894ebc1ba5168c23
Reviewed-on: https://chromium-review.googlesource.com/688481
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48297}
2017-10-04 22:30:09 +00:00
Michael Lippautz
56dc592516 Dispose isolate at end of UNINITIALIZED_TEST
No-try: true
Bug: v8:6886
Change-Id: I994b998e9e5006c6de183328603f3545158bd32c
Reviewed-on: https://chromium-review.googlesource.com/700536
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48292}
2017-10-04 16:21:09 +00:00
Mostyn Bramley-Moore
0c93ef357d [jumbo] arm unittests fixup
Avoid F5 symbol clash.

Bug: chromium:770684
Change-Id: I9e851c1fe5abbdc4d032b7efdd0462c96d0c8ef3
Reviewed-on: https://chromium-review.googlesource.com/696063
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Mostyn Bramley-Moore <mostynb@vewd.com>
Cr-Commit-Position: refs/heads/master@{#48267}
2017-10-03 06:24:30 +00:00
Mathias Bynens
d3c9812143 [parser] Add use counter for U+2028 & U+2029
The context is the following proposal to make JSON a subset of
JavaScript: https://github.com/tc39/proposal-json-superset

There’s interest in performing a side investigation to answer the
question of what would happen if we stopped treating U+2028 and U+2029
as `LineTerminator`s *entirely*. (Note that this is separate from the
proposal, which just changes how these characters are handled in
ECMAScript strings.) This is technically a breaking change, and IMHO it
would be wonderful if we could get away with it, but no one really has
any data on whether or not we could. Adding this use counter lets us get
that data.

BUG=v8:6827

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ia22e8db1634df4d3f965bec8e1cfa11cc7b5e9aa
Reviewed-on: https://chromium-review.googlesource.com/693155
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48260}
2017-10-02 11:46:36 +00:00
Ben L. Titzer
9debe4411c [wasm] Move memory-related methods to wasm-memory.(cc|h).
R=gdeepti@chromium.org

Bug: 
Change-Id: Ic2e519d24354b3327a92daa0d4d6e06c9ca4605e
Reviewed-on: https://chromium-review.googlesource.com/687056
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48256}
2017-10-02 09:09:06 +00:00
Deepti Gandluri
b380525b3b [wasm] Implement I32AtomicLoad, I32AtomicStore ops
Bug: V8:6532
Change-Id: I6713e1c01ec669b7fa9a09bb75fbecff12f6cc22
Reviewed-on: https://chromium-review.googlesource.com/685949
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48252}
2017-10-02 05:40:59 +00:00
Mostyn Bramley-Moore
37305e918f [jumbo] arm64 cctest fixes
Remove more "using" statements.

Bug: chromium:746958
Change-Id: I2f9c45b1ff1d51fc58b7a702fee046ba3c6a7c17
Reviewed-on: https://chromium-review.googlesource.com/693862
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Mostyn Bramley-Moore <mostynb@vewd.com>
Cr-Commit-Position: refs/heads/master@{#48248}
2017-09-30 17:17:23 +00:00
Toon Verwaest
1067026ff1 Remove ComputeFlags, simply pass in Code::Kind instead of Code::Flags
TBR: ofrobots@google.com, yangguo@chromium.org
Bug: 
Change-Id: I6cb0704acabf9a7f2334de539a6600db8607baef
Reviewed-on: https://chromium-review.googlesource.com/691720
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48237}
2017-09-29 15:37:27 +00:00
Marja Hölttä
a02580636f [parser] Skipping inner funcs: Make the data on heap smaller.
We were unnecessarily storing everything as uint32_t, even though many items in
the preparsed scope data can be stored as uint8_t. This CL also adds an
(internal) API which abstracts away the actual data storing, so the backing
store can be made even more efficient (e.g., use only 1-3 bytes for some
uint32_t values, if they fit) without affecting other parts of the code.

BUG=v8:5516,chromium:762492

Change-Id: I7cd4d91dc11f87f8aec9c7584044a6f2a59b73ba
Reviewed-on: https://chromium-review.googlesource.com/684182
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48231}
2017-09-29 13:31:13 +00:00
Predrag Rudic
d2e22dbf6d MIPS[64]: Implement MSA 2RF instructions for V8 builtin simulator
Change-Id: Id2eef89f0eba3c59bcdb490e7d986b4b3af0ff9b
Reviewed-on: https://chromium-review.googlesource.com/657677
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@imgtec.com>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@imgtec.com>
Cr-Commit-Position: refs/heads/master@{#48230}
2017-09-29 13:22:42 +00:00
Clemens Hammacher
cbaa568275 [wasm] Fix function compilation profiling
We had dangling pointers by storing a raw pointer and then discarding
the unique_ptr holding it alive, and we had lots of redundant
information there.
This CL refactors the interface to take a format string and a variable
number of argument.

R=titzer@chromium.org

Change-Id: I8eb6ccd19d307e2477c97a3e5e7f537b5671a891
Reviewed-on: https://chromium-review.googlesource.com/690196
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48223}
2017-09-29 10:30:40 +00:00
Toon Verwaest
04afb10f35 Migrate StringLengthStub to TF builtin
Bug: 
Change-Id: I58ce9a0f42dfa81c8e8affa2377c5cc0d08a35e2
Reviewed-on: https://chromium-review.googlesource.com/691714
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48222}
2017-09-29 10:21:41 +00:00
Ross McIlroy
22e3211d9f [compiler] Remove script() from CompilationInfo
Removes script() from CompilationInfo since it might not be created when
compiling from a background thread.

BUG=v8:5203

Change-Id: Ic36fd04cf4792336707b2d3715d47c59b6a97faf
Reviewed-on: https://chromium-review.googlesource.com/690299
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48220}
2017-09-29 09:33:59 +00:00
Toon Verwaest
8f06e08a21 Replace Code::HANDLER by Code::BUILTIN or Code::STUB
Bug: 
Change-Id: I644c9f8b9ab3bd4250809ee557ec34ee738f5244
Reviewed-on: https://chromium-review.googlesource.com/691654
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48219}
2017-09-29 08:54:39 +00:00
Enrico Bacis
6cd7a5a73a [wasm] Introduce the WasmContext
The WasmContext struct introduced in this CL is used to store the
mem_size and mem_start address of the wasm memory. These variables can
be accessed at C++ level at graph build time (e.g., initialized during
instance building). When the GrowMemory runtime is invoked, the context
variables can be changed in the WasmContext at C++ level so that the
generated code will load the correct values.

This requires to insert a relocatable pointer only in the
JSToWasmWrapper (and in the other wasm entry points), the value is then
passed from function to function as an automatically added additional
parameter. The WasmContext is then dropped when creating an Interpreter
Entry or when invoking a JavaScript function. This removes the need of
patching the generated code at runtime (i.e., when the memory grows)
with respect to WASM_MEMORY_REFERENCE and WASM_MEMORY_SIZE_REFERENCE.
However, we still need to patch the code at instance build time to patch
the JSToWasmWrappers; in fact the address of the WasmContext is not
known during compilation, but only when the instance is built.

The WasmContext address is passed as the first parameter. This has the
advantage of not having to move the WasmContext around if the function
does not use many registers. This CL also changes the wasm calling
convention so that the first parameter register is different from the
return value register. The WasmContext is attached to every
WasmMemoryObject, to share the same context with multiple instances
sharing the same memory. Moreover, the nodes representing the
WasmContext variables are cached in the SSA environment, similarly to
other local variables that might change during execution.  The nodes are
created when initializing the SSA environment and refreshed every time a
grow_memory or a function call happens, so that we are sure that they
always represent the correct mem_size and mem_start variables.

This CL also removes the WasmMemorySize runtime (since it's now possible
to directly retrieve mem_size from the context) and simplifies the
GrowMemory runtime (since every instance now has a memory_object).

R=ahaas@chromium.org,clemensh@chromium.org
CC=gdeepti@chromium.org

Change-Id: I3f058e641284f5a1bbbfc35a64c88da6ff08e240
Reviewed-on: https://chromium-review.googlesource.com/671008
Commit-Queue: Enrico Bacis <enricobacis@google.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48209}
2017-09-28 16:14:03 +00:00
Toon Verwaest
6e68a28bfc Replace specific IC Code::Kind with Code::STUB
Bug: 
Change-Id: I41d3f3086f5e90a1a1579c18eca59b5d098f637f
Reviewed-on: https://chromium-review.googlesource.com/690374
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48207}
2017-09-28 15:40:41 +00:00
Martyn Capewell
193dcf7693 [arm64] Pair some pushes and delete unused code
Pair some stack ops so that they deal with an even numbers of registers, add
padding around profile entry calls, and delete some unused macro assembler code.

Bug: v8:6644
Change-Id: I5a5529f04738ba2a2fdb1b0d4ee93c567a3c504e
Reviewed-on: https://chromium-review.googlesource.com/686823
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/master@{#48205}
2017-09-28 13:36:17 +00:00
Ben L. Titzer
afb7bdc46a [wasm] Move compilation methods to module-compiler.h
Note that this also makes it possible to move several classes
into the module-compiler.cc file and inline their implementations.

This also allows removing several uses of wasm-module.h from
other places in V8 that include wasm-objects.h.

R=yangguo@chromium.org,clemensh@chromium.org,ahaas@chromium.org

Bug: 
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I303ee2bb49dc53c951d377a1b65699c1e0e91da7
Reviewed-on: https://chromium-review.googlesource.com/687494
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48204}
2017-09-28 13:14:26 +00:00
Michael Starzinger
4ba6f15ece [objects] Remove obsolete uses of {ReplaceCode} methods.
R=rmcilroy@chromium.org

Change-Id: Id568afef0d6ac68170faa33ad9ab4bba97d40ce9
Reviewed-on: https://chromium-review.googlesource.com/690294
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48202}
2017-09-28 12:37:46 +00:00
Toon Verwaest
b8b25e1c27 [ic] Remove extra-ic-state and Map::code_cache
There are only very few custom compiled IC handlers left that go in there, and for each compiled handler we only have 1 cache hit on top25; maximally saving 60ms over 33s. Additionally we'll migrate the remaining handlers to data-driven handlers anyway. Let's try to remove this code.

Bug: 
Change-Id: Ib874cc498015046a3ff67c83ea8b10b3c4eb7d0f
Reviewed-on: https://chromium-review.googlesource.com/668409
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48201}
2017-09-28 11:24:12 +00:00
Peter Marshall
690d52afa8 [cleanup] Remove List.
ZoneList still used List as a base class, so this CL merges the two
classes together. We also remove unused functions in List and ZoneList.

We keep the inline header but move it to src/zone/zone-list-inl.h. The
includes that use this header are still quite tangled, but we can fix
that later.

Bug: v8:6333
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: Ia809813834b2328ff616623f8a843812a1eb42a7
Reviewed-on: https://chromium-review.googlesource.com/681658
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48200}
2017-09-28 10:47:40 +00:00
Yang Guo
aaebbbaa59 Remove --string-slices and --serialize-eager.
Both flags are obsolete.

R=cbruni@chromium.org

Change-Id: I78f5980f2d0bd569b8e5f6e29539cf87293cab94
Reviewed-on: https://chromium-review.googlesource.com/684296
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48194}
2017-09-28 04:41:18 +00:00
Yang Guo
5dcedc18c1 [snapshot] correctly mark SFIs with deserialized code.
We used to only mark top-level SFIs with the 'deserialized' bit.
Now we do it for every SFI that has cached code. This is the
first step to surface caching information in the future.

R=cbruni@chromium.org

Bug: chromium:769166
Change-Id: I12f21511419ce54fd07a2cc277a65866660c366a
Reviewed-on: https://chromium-review.googlesource.com/686715
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48184}
2017-09-27 14:32:34 +00:00
Jakob Kummerow
35f94cbe55 [refactoring] Prepare conversions{.h,-inl.h,.cc} for BigInt.parseInt
- Move things to conversions.cc that don't need to be in headers
- Turn InternalStringToInt into a subclassable helper class
  so we can re-use it for BigInt.parseInt
- Bonus: play a round of IWYU with all the .cc files who thought that
  #including conversions-inl.h would give them nice Unicode things

Bug: v8:6791
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I64022543a9b83002e2b78416c7e87b40a1a016e6
Reviewed-on: https://chromium-review.googlesource.com/673725
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48174}
2017-09-26 22:52:31 +00:00
Jakob Kummerow
3b57e96cd1 [bigint] Support BigInts in +,-,*,/,% binary ops.
This CL teaches the respective bytecode handlers and standalone stubs
about BigInts, and collects "kBigInt" feedback for them. However,
Turbofan does not yet care about such feedback, so it is simply converted
to "any" for now (making TF emit stub calls for BigInt operations).

Bug: v8:6791
Change-Id: I6440c108ccd79058d77adc2a6041251db9d5f81d
Reviewed-on: https://chromium-review.googlesource.com/683758
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48173}
2017-09-26 22:01:54 +00:00
Tobias Tebbi
e6d84f4ecb [csa] fix variable merge for switch default label
Bug: 
Change-Id: I52e757aa2de951ff40660545472321c7dec84241
Reviewed-on: https://chromium-review.googlesource.com/632156
Reviewed-by: Daniel Clifford <danno@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48167}
2017-09-26 12:31:29 +00:00
Marja Hölttä
f130bfd394 [unicode] Fix overlong / surrogate sequences detection some more.
Follow up to https://chromium-review.googlesource.com/671020

We still didn't return the correct amount of invalid characters, according to
the Encoding spec ( https://encoding.spec.whatwg.org/#utf-8-decoder ), when we
saw a byte sequence which was as start of an overlong / invalid sequence, but
there weren't enough continuation bytes.

A more rigorous test will follow in
https://chromium-review.googlesource.com/c/v8/v8/+/681217

BUG=chromium:765608

Change-Id: I535670edc14d3bae144e5a9ca373f12eec78a934
Reviewed-on: https://chromium-review.googlesource.com/681674
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48165}
2017-09-26 12:08:24 +00:00
Yang Guo
dc7b2b2ba7 Reland "[snapshot] include version string in the startup snapshot."
This is a reland of 629406d1e9
Original change's description:
> [snapshot] include version string in the startup snapshot.
> 
> This is to easier diagnose build issues involving the snapshot.
> Sample error message for mismatching snapshot:
> 
> #
> # Fatal error in ../../src/snapshot/snapshot-common.cc, line 286
> # Version mismatch between V8 binary and snapshot.
> #   V8 binary version: 6.3.1 (candidate)
> #    Snapshot version: 6.3.0 (candidate)
> # The snapshot consists of 2820444 bytes and contains 1 contexts.
> #
> 
> 
> R=machenbach@chromium.org
> 
> Bug: chromium:764327
> Change-Id: Icdc7aeac77819b113985b424feda814a072d5406
> Reviewed-on: https://chromium-review.googlesource.com/684295
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Commit-Queue: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48161}

Bug: chromium:764327
Change-Id: I3721689824e0a6909eede86d0829dc258ae40c4d
Reviewed-on: https://chromium-review.googlesource.com/684494
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48164}
2017-09-26 11:29:44 +00:00
Yang Guo
7f9de3dce9 [snapshot] add kProduceExhaustiveCodeCache option.
- Add kProduceExhaustiveCodeCache to v8::ScriptCompiler::CompileOptions
  to request eager compilation to add as much as possible to the code
  cache for the script.
- Repurpose ParseInfo::kLazy flag.
- Remove ParseInfo::kDebug flag.
- Remove --serialize-toplevel as it has become obsolete.

R=marja@chromium.org

Bug: chromium:768705
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ife14f7a1d1c02e525f0b9dbfd2452013d67c7167
Reviewed-on: https://chromium-review.googlesource.com/684019
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48160}
2017-09-26 09:53:53 +00:00
Andreas Haas
17a8867023 [wasm] Allow traps in tests with many parameters in cctests
In the test-run-wasm and test-run-wasm-64 cctests it is not possible to
call runtime functions. To test traps in these cctests we therefore
replace the runtime call with a call to a c-callback, followed by a
return. This CL fixes the problem that the return did not clean up stack
parameters.

This CL unblocks
https://chromium-review.googlesource.com/c/v8/v8/+/671008. Originally I
wanted to mitigate the problem in that CL by defining an additional
parameter register for arm. However, adding additional parameter
registers lets other tests fail.

R=titzer@chromium.org, rodolph.perfetta@arm.com
CC=enricobacis@google.com

Bug: v8:6858
Change-Id: Ia8de73b70a0677ca4d379ed5b16272faee92a78d
Reviewed-on: https://chromium-review.googlesource.com/684017
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48158}
2017-09-26 07:53:39 +00:00
Mostyn Bramley-Moore
a32c948344 [jumbo] also exclude test-bytecode-generator.cc from cctest jumbo builds
This caused trouble for my downstream CI tests, even though it builds
successfully in the canonical v8 tree.  To be investigated properly
later.

Bug: chromium:746958
Change-Id: I180a5ecc51051e4eb6617180ccba787ff80bcf45
Reviewed-on: https://chromium-review.googlesource.com/682695
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Mostyn Bramley-Moore <mostynb@opera.com>
Cr-Commit-Position: refs/heads/master@{#48151}
2017-09-25 21:00:26 +00:00
Mostyn Bramley-Moore
dbe9457fcb [jumbo]: allow cctest jumbo mode builds
There is no jumbo_executable target atm, so split the cctest v8_executable
target into cctest and cctest_sources.

Bug: chromium:746958
Change-Id: Iec0956234d026039c4d29921170dd2f0955222ca
Reviewed-on: https://chromium-review.googlesource.com/680575
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Mostyn Bramley-Moore <mostynb@opera.com>
Cr-Commit-Position: refs/heads/master@{#48147}
2017-09-25 16:56:09 +00:00
Mostyn Bramley-Moore
54f1f4dfc1 [jumbo] add test source file namespace in test-hashmap.cc
Bug: chromium:746958
Change-Id: Ia251d99ffe142fadb99fc83082683aa87676c47d
Reviewed-on: https://chromium-review.googlesource.com/680574
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Mostyn Bramley-Moore <mostynb@opera.com>
Cr-Commit-Position: refs/heads/master@{#48145}
2017-09-25 16:51:38 +00:00
Eric Holk
c7b3fddcbb [wasm] do not register trap handler data for previously registered code
Previously, we would blindly register new handler data, leading to us leaking
the old handler data. This meant we could then end up with overlapping handler
data where the instruction offset and landing pads didn't line up right.

Bug: v8:6841
Change-Id: Iedcd75925b8d9d59c8f9accf288cae954fdc568f
Reviewed-on: https://chromium-review.googlesource.com/677632
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48144}
2017-09-25 16:44:57 +00:00
Mostyn Bramley-Moore
4187a62734 [jumbo] undef some more macros defined in .cc files
Bug: chromium:746958
Change-Id: I81ad56e3bfbdc458c3e318927191f6c5e137c448
Reviewed-on: https://chromium-review.googlesource.com/680554
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Mostyn Bramley-Moore <mostynb@opera.com>
Cr-Commit-Position: refs/heads/master@{#48143}
2017-09-25 16:37:54 +00:00
Ali Ijaz Sheikh
52e8d0ab40 Reland "Reland "[profiler] proper observation of old space inline allocations""
This is a reland of ec952aaa68.

Included is a fix that ensures that top_on_previous_step_ is cleared when we
release a page.

Original change's description:
> Reland "[profiler] proper observation of old space inline allocations"
>
> This is a reland of 672a41c3ca
> Original change's description:
> > [profiler] proper observation of old space inline allocations
> >
> > Bug: chromium:633920
> > Change-Id: I9a2f4a89f6b9c0f63cb3b166b06a88a12f0a203c
> > Reviewed-on: https://chromium-review.googlesource.com/631696
> > Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#48043}
>
> Bug: chromium:633920
> Change-Id: I6fe743d31b8ff26f3858488d4c014c62d3c85add
> Reviewed-on: https://chromium-review.googlesource.com/671127
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
> Cr-Commit-Position: refs/heads/master@{#48085}

Bug: chromium:633920
Change-Id: I8a0dcc4eaffc1f1d3ac5b3f8d344001cdae36606
Reviewed-on: https://chromium-review.googlesource.com/677407
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
Cr-Commit-Position: refs/heads/master@{#48141}
2017-09-25 15:13:01 +00:00
Clemens Hammacher
f137052e9e [cleanup] Fix (D)CHECK macros in src/heap
Use the (D)CHECK_{EQ,NE,GT,...} macros instead of (D)CHECK with an
embedded comparison. This gives better error messages and also does the
right comparison for signed/unsigned mismatches.

This will allow us to reenable the readability/check cpplint check.

R=ulan@chromium.org

Bug: v8:6837
Change-Id: I8d900f3c703dea6ee3bcc225a1d2754e91666b9d
Reviewed-on: https://chromium-review.googlesource.com/671047
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48136}
2017-09-25 10:25:13 +00:00
Clemens Hammacher
7ed27c474a [cleanup] [compiler] Fix (D)CHECK macros
Use the (D)CHECK_{EQ,NE,GT,...} macros instead of (D)CHECK with an
embedded comparison. This gives better error messages and also does the
right comparison for signed/unsigned mismatches.

This will allow us to reenable the readability/check cpplint check.

R=jarin@chromium.org

Bug: v8:6837
Change-Id: I712580c2a4326e06ee3d6d0eb4ff8c7d24f5fdb9
Reviewed-on: https://chromium-review.googlesource.com/671227
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48135}
2017-09-25 10:21:34 +00:00
Deepti Gandluri
0dffd972e2 [wasm] Use the right access operand for atomic ops
Bug=v8:6842,v8:6532

Change-Id: I6ae1064e1e9a54c189311d6f34fc5fad85f13b7f
Reviewed-on: https://chromium-review.googlesource.com/678594
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48127}
2017-09-23 19:52:42 +00:00
Bill Budge
d607f1e72d [Memory] Move GetRandomMmapAddr from base::OS platform to v8::internal.
- Moves GetRandomMmapAddr from platform to v8::internal allocation
  primitives, in preparation for delegating this to the embedder.
- Adds hint parameters to OS functions that used to use this function.

Bug: chromium:756050
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Iad72e6eac9c08a3e22c2cd2b2905623b8e514ae0
Reviewed-on: https://chromium-review.googlesource.com/677777
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48124}
2017-09-22 15:26:18 +00:00
Albert Mingkun Yang
c9b08c6579 Use args to avoid unnecessary work in RecordWrite stub
TurboAssembler::CallRecordWriteStub contains info that could be used to
conditionally skip generational write barrier or skip saving float-point
registers. This commits uses those info in RecordWrite stub.

Bug: chromium:749486
Change-Id: I41c9a593473e1f8863a09887fd2ce917f1d4fb3b
Reviewed-on: https://chromium-review.googlesource.com/672527
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Albert Mingkun Yang <albertnetymk@google.com>
Cr-Commit-Position: refs/heads/master@{#48123}
2017-09-22 12:28:38 +00:00
Mostyn Bramley-Moore
b4ff29d870 [jumbo] drop duplicate BUILD macro from test-run-wasm-js.cc
BUILD is already defined in test/cctest/wasm/wasm-run-utils.h.

Bug: chromium:746958
Change-Id: Icf577ce91424d9851d2db39658fd52c68c864995
Reviewed-on: https://chromium-review.googlesource.com/676843
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Mostyn Bramley-Moore <mostynb@opera.com>
Cr-Commit-Position: refs/heads/master@{#48122}
2017-09-22 11:15:08 +00:00
Aseem Garg
478bd9b1c0 [wasm] remove movable objects from WasmToJsWrapper
This change enables moving the WasmToJSWrapper off the GCed heap

R=bradnelson@chromium.org,mtrofin@chromium.org,clemensh@chromium.org

Bug: 
Change-Id: I1ea8810fa7b71bcb2a80a1390742db64872c5bb1
Reviewed-on: https://chromium-review.googlesource.com/665977
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48118}
2017-09-21 19:24:42 +00:00
Pierre Langlois
cf4fb91665 Reland "[cctest] Add fuzz tests for generating parallel moves."
This is a reland of c6b153fd69
Original change's description:
> [cctest] Add fuzz tests for generating parallel moves.
>
> These new tests are somewhat similar to the existing gap resolver tests except
> we use the code generator and eventually run the generated code. The main idea
> is to cover cases that are difficult to hit, such as move from/to slots which
> are out of range of loads and stores, but may happen nonetheless.
>
> At this time, the tests only make sure the code generator actually generated
> some code, and that this code runs. In the future, it would be great to also
> check that the moves were actually performed.
>
> Bug: v8:6553
> Change-Id: I089a25fa05b3a20649658bb8952926ab11f91d68
> Reviewed-on: https://chromium-review.googlesource.com/574850
> Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
> Reviewed-by: Bill Budge <bbudge@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47733}

Bug: v8:6553
Change-Id: Ia3eac9d7e6a23e2f6fea839b71d460cb7ad6ff6e
Reviewed-on: https://chromium-review.googlesource.com/645868
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#48115}
2017-09-21 17:46:50 +00:00
Bill Budge
645cda074f Reland "Reland "[Memory] Move VirtualMemory out of base:: platform.""
This is a reland of f2cd10db14
Original change's description:
> Reland "[Memory] Move VirtualMemory out of base:: platform."
> 
> This is a reland of 4dd293d922
> Original change's description:
> > [Memory] Move VirtualMemory out of base:: platform.
> > 
> > - Moves base::VirtualMemory to v8::internal::VirtualMemory.
> > - Makes VirtualMemory platform-independent by moving internals to new
> >   OS:: static methods, for each platform.
> > 
> > This will make it easier to delegate memory management in VirtualMemory
> > to V8::Platform, so that embedders like Blink can override it. We can't
> > depend on V8::Platform in base/platform.
> > 
> > Bug: chromium:756050
> > Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> > Change-Id: Iadfe230b6850bd917727a373f277afded9883adf
> > Reviewed-on: https://chromium-review.googlesource.com/653214
> > Commit-Queue: Bill Budge <bbudge@chromium.org>
> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#48048}
> 
> Bug: chromium:756050
> Change-Id: Ib492c7c69f1833be127a571808301e96b84b8aa2
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Reviewed-on: https://chromium-review.googlesource.com/671125
> Commit-Queue: Bill Budge <bbudge@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48084}

Bug: chromium:756050
Change-Id: Ie596730b5cefc38137cab7fc1f76613f5af7b825
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/675283
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48113}
2017-09-21 15:07:22 +00:00
Ivica Bogosavljevic
01e3be5046 MIPS[64]: Implement 3R MSA instructions in simulator
Bug: 
Change-Id: Ia7bbbb2aba28ec36b470a1b23ebe38fc3a09e600
Reviewed-on: https://chromium-review.googlesource.com/657757
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@imgtec.com>
Reviewed-by: Miran Karić <Miran.Karic@imgtec.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48108}
2017-09-21 13:27:44 +00:00
Mostyn Bramley-Moore
2857dab5cb [jumbo] add some missing cctest header guards
Bug: chromium:746958
Change-Id: I0c1dfe1019b5324d322f5c7a6a2e6095c18f0b40
Reviewed-on: https://chromium-review.googlesource.com/676583
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Mostyn Bramley-Moore <mostynb@opera.com>
Cr-Commit-Position: refs/heads/master@{#48106}
2017-09-21 12:19:10 +00:00
Marja Hölttä
6389b7e6b6 [unicode] Return (the correct) errors for overlong / surrogate sequences.
This fix is two-fold:

1) Incremental UTF-8 decoding: Unify incorrect UTF-8 handling between V8 and
Blink.

Incremental UTF-8 decoding used to allow some overlong sequences / invalid code
points which Blink treated as errors. This caused the decoder and the Blink
UTF-8 decoder to produce a different number of bytes, resulting in random
failures when scripts were streamed (especially, this was detected by the
skipping inner functions feature which adds CHECKs against expected function
positions).

2) Non-incremental UTF-8 decoding: return the correct amount of invalid characters.

According to the encoding spec ( https://encoding.spec.whatwg.org/#utf-8-decoder
), the first byte of an overlong sequence / invalid code point generates an
invalid character, and the rest of the bytes are not processed (i.e., pushed
back to the byte stream). When they're handled, they will look like lonely
continuation bytes, and will generate an invalid character each.

As a result, an overlong 4-byte sequence should generate 4 invalid characters
(not 1).

This is a potentially breaking change, since the (non-incremental) UTF-8
decoding is exposed via the API (String::NewFromUtf8). The behavioral difference
happens when the client is passing in invalid UTF-8 (containing overlong /
surrogate sequences).

However, afaict, this doesn't change the semantics of any JavaScript program:
according to the ECMAScript spec, the program is a sequence of Unicode code
points, and there's no way to invoke the UTF-8 decoding functionalities from
inside JavaScript. Though, this changes the behavior of d8 when decoding source
files which are invalid UTF-8.

This doesn't change anything related to URI decoding (it already throws
exceptions for overlong sequences / invalid code points).

BUG: chromium:765608, chromium:758236, v8:5516
Bug: 
Change-Id: Ib029f6a8e87186794b092e4e8af32d01cee3ada0
Reviewed-on: https://chromium-review.googlesource.com/671020
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Franziska Hinkelmann <franzih@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48105}
2017-09-21 10:44:40 +00:00
Mostyn Bramley-Moore
01946db5e0 [jumbo] add test namespaces for cctest
By adding a per test source file namespace, we can avoid a lot of
symbol collisions in jumbo builds.

While we're at it, let's remove some "using" statements that also
cause trouble.

Bug: chromium:746958
Change-Id: I6f8a723e1ba5905888638e0687b23193f3f012ca
Reviewed-on: https://chromium-review.googlesource.com/676803
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Mostyn Bramley-Moore <mostynb@opera.com>
Cr-Commit-Position: refs/heads/master@{#48102}
2017-09-21 08:46:16 +00:00
Ulan Degenbaev
f16b561bee Revert "Reland "[profiler] proper observation of old space inline allocations""
This reverts commit ec952aaa68.

Reason for revert: https://bugs.chromium.org/p/chromium/issues/detail?id=767144

Original change's description:
> Reland "[profiler] proper observation of old space inline allocations"
> 
> This is a reland of 672a41c3ca
> Original change's description:
> > [profiler] proper observation of old space inline allocations
> > 
> > Bug: chromium:633920
> > Change-Id: I9a2f4a89f6b9c0f63cb3b166b06a88a12f0a203c
> > Reviewed-on: https://chromium-review.googlesource.com/631696
> > Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#48043}
> 
> Bug: chromium:633920
> Change-Id: I6fe743d31b8ff26f3858488d4c014c62d3c85add
> Reviewed-on: https://chromium-review.googlesource.com/671127
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
> Cr-Commit-Position: refs/heads/master@{#48085}

TBR=ulan@chromium.org,mlippautz@chromium.org,ofrobots@google.com

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: chromium:633920
Change-Id: I576cdab4a03f9fe057ebe1bf7da9dfe3c7bf62cd
Reviewed-on: https://chromium-review.googlesource.com/676683
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48098}
2017-09-21 04:19:29 +00:00
Ilija Pavlovic
ce76dd60c8 Skip WASM atomic tests on big-endian machines.
There is no support to emulate atomic WASM operations on big-endian
platforms, since this would require bit swapping as a part of atomic
operations. Therefore, cctest/test-run-wasm-atomics/* will be skipped.

TEST=cctest/test-run-wasm-atomics/*
BUG=

Change-Id: I1a8b085f816f615011788092e6fc8a8390678382
Reviewed-on: https://chromium-review.googlesource.com/671010
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@imgtec.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@imgtec.com>
Cr-Commit-Position: refs/heads/master@{#48093}
2017-09-20 12:28:37 +00:00
Clemens Hammacher
5c2ffc9c3c [wasm] Execute more tests in both interpreter and compiled
This fixes a few leftovers where we use WASM_EXEC_TEST, but then
unconditionally execute the compiled code, and also changes more tests
to use WASM_EXEC_TEST, hence run in both the interpreter and compiled
code.
Once we have land the baseline compiler, those tests will also execute
in baseline compilation mode.

R=ahaas@chromium.org

Bug: v8:6600
Change-Id: I79598df21a7538934306e01ca6593f05afe19ed3
Reviewed-on: https://chromium-review.googlesource.com/672528
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48091}
2017-09-20 09:37:21 +00:00
Michael Hablich
7447fd53b5 Revert "Reland "[Memory] Move VirtualMemory out of base:: platform.""
This reverts commit f2cd10db14.

Reason for revert: Blocks the roll https://chromium-review.googlesource.com/c/chromium/src/+/674623

Original change's description:
> Reland "[Memory] Move VirtualMemory out of base:: platform."
> 
> This is a reland of 4dd293d922
> Original change's description:
> > [Memory] Move VirtualMemory out of base:: platform.
> > 
> > - Moves base::VirtualMemory to v8::internal::VirtualMemory.
> > - Makes VirtualMemory platform-independent by moving internals to new
> >   OS:: static methods, for each platform.
> > 
> > This will make it easier to delegate memory management in VirtualMemory
> > to V8::Platform, so that embedders like Blink can override it. We can't
> > depend on V8::Platform in base/platform.
> > 
> > Bug: chromium:756050
> > Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> > Change-Id: Iadfe230b6850bd917727a373f277afded9883adf
> > Reviewed-on: https://chromium-review.googlesource.com/653214
> > Commit-Queue: Bill Budge <bbudge@chromium.org>
> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#48048}
> 
> Bug: chromium:756050
> Change-Id: Ib492c7c69f1833be127a571808301e96b84b8aa2
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Reviewed-on: https://chromium-review.googlesource.com/671125
> Commit-Queue: Bill Budge <bbudge@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48084}

TBR=bbudge@chromium.org,ulan@chromium.org,hpayer@chromium.org,mlippautz@chromium.org,scottmg@chromium.org

Change-Id: I04176d77ca9ad8315b0e1bb2b21f40f2c8ab9536
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:756050
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/674843
Reviewed-by: Michael Hablich <hablich@chromium.org>
Commit-Queue: Michael Hablich <hablich@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48088}
2017-09-20 05:36:29 +00:00
Ali Ijaz Sheikh
ec952aaa68 Reland "[profiler] proper observation of old space inline allocations"
This is a reland of 672a41c3ca
Original change's description:
> [profiler] proper observation of old space inline allocations
> 
> Bug: chromium:633920
> Change-Id: I9a2f4a89f6b9c0f63cb3b166b06a88a12f0a203c
> Reviewed-on: https://chromium-review.googlesource.com/631696
> Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48043}

Bug: chromium:633920
Change-Id: I6fe743d31b8ff26f3858488d4c014c62d3c85add
Reviewed-on: https://chromium-review.googlesource.com/671127
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
Cr-Commit-Position: refs/heads/master@{#48085}
2017-09-20 01:28:55 +00:00
Bill Budge
f2cd10db14 Reland "[Memory] Move VirtualMemory out of base:: platform."
This is a reland of 4dd293d922
Original change's description:
> [Memory] Move VirtualMemory out of base:: platform.
> 
> - Moves base::VirtualMemory to v8::internal::VirtualMemory.
> - Makes VirtualMemory platform-independent by moving internals to new
>   OS:: static methods, for each platform.
> 
> This will make it easier to delegate memory management in VirtualMemory
> to V8::Platform, so that embedders like Blink can override it. We can't
> depend on V8::Platform in base/platform.
> 
> Bug: chromium:756050
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: Iadfe230b6850bd917727a373f277afded9883adf
> Reviewed-on: https://chromium-review.googlesource.com/653214
> Commit-Queue: Bill Budge <bbudge@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48048}

Bug: chromium:756050
Change-Id: Ib492c7c69f1833be127a571808301e96b84b8aa2
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/671125
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48084}
2017-09-19 18:48:07 +00:00
Clemens Hammacher
2d75dd9bbb [cleanup] [wasm] Fix (D)CHECK macros
Use the (D)CHECK_{EQ,NE,GT,...} macros instead of (D)CHECK with an
embedded comparison. This gives better error messages and also does the
right comparison for signed/unsigned mismatches.

This will allow us to reenable the readability/check cpplint check.

R=ahaas@chromium.org

Bug: v8:6837
Change-Id: Ic8966dfeacf02b2684eeef23fde99ec2be4ed81e
Reviewed-on: https://chromium-review.googlesource.com/671364
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48080}
2017-09-19 11:40:37 +00:00
Michael Lippautz
4e5db9a6c8 [heap] Remove marking deque overflow handling
Removes
- SequentialMarkingDeque
- The ability to handle marking deque overflow
- BlackToGrey transitions

We switched to a different marking work list on M61 that fails
in OOM upon failing to allocate Segments used in the work list.

Bug: chromium:758570
Change-Id: I66e2ab912271bf84b085dccc9b4bdd96076b64fb
Reviewed-on: https://chromium-review.googlesource.com/632676
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48078}
2017-09-19 05:20:20 +00:00
Marja Hölttä
68310c9f69 [scanner] UTF-8 handling fix (errors near chunk end).
The bug occurred when we detected an erroneous char late, and put the last
character in a chunk into the "incomplete char" buffer. It was not correctly
retrieved when seeking.

BUG=v8:6836

Change-Id: I8ca946dfdb39244c5ca0bdcebe047047010b3a07
Reviewed-on: https://chromium-review.googlesource.com/670729
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48066}
2017-09-18 14:13:26 +00:00
Michael Hablich
4fc43530a7 Revert "[Memory] Move VirtualMemory out of base:: platform."
This reverts commit 4dd293d922.

Reason for revert: Blocks roll: https://chromium-review.googlesource.com/c/chromium/src/+/669785

Original change's description:
> [Memory] Move VirtualMemory out of base:: platform.
> 
> - Moves base::VirtualMemory to v8::internal::VirtualMemory.
> - Makes VirtualMemory platform-independent by moving internals to new
>   OS:: static methods, for each platform.
> 
> This will make it easier to delegate memory management in VirtualMemory
> to V8::Platform, so that embedders like Blink can override it. We can't
> depend on V8::Platform in base/platform.
> 
> Bug: chromium:756050
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: Iadfe230b6850bd917727a373f277afded9883adf
> Reviewed-on: https://chromium-review.googlesource.com/653214
> Commit-Queue: Bill Budge <bbudge@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48048}

TBR=bbudge@chromium.org,ulan@chromium.org,hpayer@chromium.org,mlippautz@chromium.org,scottmg@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: chromium:756050
Change-Id: Ice2618ef72950e1b64c31434a239c626aa5e5970
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/670843
Reviewed-by: Michael Hablich <hablich@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Hablich <hablich@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48062}
2017-09-18 10:13:26 +00:00
Juliana Franco
596d55adf6 Deoptimization and multithreading.
When using Lockers and Unlockers it is possible to create a
scenario where multiple threads point to the same optimized
code object. When that happens, if one of the threads triggers
deoptimization, then the stack replacement needs to happen in
the stacks of all threads.
With this CL, the deoptimizer visits all threads to do so.
The CL also adds three tests where V8 used to crash due to this
issue.

Bug: v8:6563
Change-Id: I74e9af472d4833aa8d13e579df45133791f6a503
Reviewed-on: https://chromium-review.googlesource.com/670783
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Juliana Patricia Vicente Franco <jupvfranco@google.com>
Cr-Commit-Position: refs/heads/master@{#48060}
2017-09-18 09:23:16 +00:00
Ali Ijaz Sheikh
258f270f15 Revert "[profiler] proper observation of old space inline allocations"
This reverts commit 672a41c3ca.

Reason for revert: Linux64 TSAN bot failures

Original change's description:
> [profiler] proper observation of old space inline allocations
> 
> Bug: chromium:633920
> Change-Id: I9a2f4a89f6b9c0f63cb3b166b06a88a12f0a203c
> Reviewed-on: https://chromium-review.googlesource.com/631696
> Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48043}

TBR=ulan@chromium.org,mlippautz@chromium.org,ofrobots@google.com

Change-Id: Ib71baf69b29b067fa0ba76027170054b8faa78d3
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:633920
Reviewed-on: https://chromium-review.googlesource.com/669559
Reviewed-by: Ali Ijaz Sheikh <ofrobots@google.com>
Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
Cr-Commit-Position: refs/heads/master@{#48052}
2017-09-15 20:38:18 +00:00
Bill Budge
483e353d6b Revert "Deoptimization and multithreading. "
This reverts commit c87f8954cc.

Reason for revert: LazyDeoptimizationMultithread failing.

https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20TSAN%20-%20concurrent%20marking/builds/1876/steps/Bisect%20c87f8954.Retry/logs/LazyDeoptimizationMul..

Original change's description:
> Deoptimization and multithreading. 
> 
> When using Lockers and Unlockers it is possible to create a 
> scenario where multiple threads point to the same optimized 
> code object. When that happens, if one of the threads triggers
> deoptimization, then the stack replacement needs to happen in 
> the stacks of all threads.
> With this CL, the deoptimizer visits all threads to do so.
> The CL also adds three tests where V8 used to crash.
> 
> Bug: v8:6563
> Change-Id: Iea88f47af2f31181c0ef06d898faccde9ad14432
> Reviewed-on: https://chromium-review.googlesource.com/657423
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Juliana Patricia Vicente Franco <jupvfranco@google.com>
> Cr-Commit-Position: refs/heads/master@{#48033}

TBR=mstarzinger@chromium.org,jarin@chromium.org,bmeurer@chromium.org,jupvfranco@google.com

Change-Id: I290c9e339c367f68c0d1b6f7c0780cdbbbdf3f8a
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6563
Reviewed-on: https://chromium-review.googlesource.com/669399
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48049}
2017-09-15 20:04:00 +00:00
Bill Budge
4dd293d922 [Memory] Move VirtualMemory out of base:: platform.
- Moves base::VirtualMemory to v8::internal::VirtualMemory.
- Makes VirtualMemory platform-independent by moving internals to new
  OS:: static methods, for each platform.

This will make it easier to delegate memory management in VirtualMemory
to V8::Platform, so that embedders like Blink can override it. We can't
depend on V8::Platform in base/platform.

Bug: chromium:756050
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Iadfe230b6850bd917727a373f277afded9883adf
Reviewed-on: https://chromium-review.googlesource.com/653214
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48048}
2017-09-15 19:48:28 +00:00
Ali Ijaz Sheikh
672a41c3ca [profiler] proper observation of old space inline allocations
Bug: chromium:633920
Change-Id: I9a2f4a89f6b9c0f63cb3b166b06a88a12f0a203c
Reviewed-on: https://chromium-review.googlesource.com/631696
Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48043}
2017-09-15 14:11:46 +00:00
Ulan Degenbaev
163d3604a6 [heap] Fix memory leak in the remembered set.
Empty slot set buckets can leak in the following scenarios.

Scenario 1 (large object space):
1) A large array is allocated in the large object space.
2) The array is filled with old->new references, which allocates new
   slot set buckets.
3) The references are overwritten with smis or old space pointers, which
   make the slots set buckets empty.
4) Garbage collection (scavenge or mark-compact) iterates the slots set
   of the array and pre-frees the empty buckets.
5) Steps 2-4 repeated many times and leak arbitary many empty buckets.
The fix to free empty buckets for large object space in mark-compact. 

Scenario 2 (no mark-compact):
1) A small array is allocated in the old space.
2) The array is filled with old->new references, which allocates new
   slot set buckets.
3) The references are overwritten with smis or old space pointers, which
   make the slots set buckets empty.
4) Scavenge iterates the slots set of the array and pre-frees the empty
   buckets.
5) Steps 2-4 repeated many times and leak arbitary many empty buckets.
The fix to free empty buckets for swept pages in scavenger.

Bug: v8:6800
TBR: mlippautz@chromium.org
Change-Id: I48d94870f5acf4f6208858271886911c895a9126
Reviewed-on: https://chromium-review.googlesource.com/668442
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48041}
2017-09-15 13:24:16 +00:00
Camillo Bruni
7742e534a8 [runtime] Remove unecessary ToString conversion for Array.prototype.forEach
Given that the index we use is checked to be in array index range there is no
need for a costly ToString conversion. All involved helpers for lookup up
properties directly support Smi/HeapNumber indices directly.

Cleanup: Rename GotoUnlessNumberLessThan => GotoIfNumberGreaterThanOrEqual

Change-Id: Iaddc4940f5d984572aa218d568ca71bf694cee74
Reviewed-on: https://chromium-review.googlesource.com/640388
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48039}
2017-09-15 12:39:56 +00:00
Sigurdur Asgeirsson
a787c3f9e1 Allow overriding DCHECK handling and make it non-fatal.
Bug: chromium:763010
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I7d479f8abb16ffd7ffc19d3a6b58da01f5feddd0
Reviewed-on: https://chromium-review.googlesource.com/661054
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Sigurður Ásgeirsson <siggi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48038}
2017-09-15 11:48:16 +00:00
Juliana Franco
c87f8954cc Deoptimization and multithreading.
When using Lockers and Unlockers it is possible to create a 
scenario where multiple threads point to the same optimized 
code object. When that happens, if one of the threads triggers
deoptimization, then the stack replacement needs to happen in 
the stacks of all threads.
With this CL, the deoptimizer visits all threads to do so.
The CL also adds three tests where V8 used to crash.

Bug: v8:6563
Change-Id: Iea88f47af2f31181c0ef06d898faccde9ad14432
Reviewed-on: https://chromium-review.googlesource.com/657423
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Juliana Patricia Vicente Franco <jupvfranco@google.com>
Cr-Commit-Position: refs/heads/master@{#48033}
2017-09-15 11:01:46 +00:00
Jaideep Bajwa
34bc3cb4af [cctest] fix CustomSnapshotDataBlobSharedArrayBuffer on Big Endian
When accessing the buffer in 1 byte increments, the order should
be reversed for BE.

R=petermarshall@chromium.org, yangguo@chromium.org
BUG=
LOG=N

Change-Id: I27a57e12479d1c00488546a92428b9183d87f8bf
Reviewed-on: https://chromium-review.googlesource.com/667902
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jaideep Bajwa <bjaideep@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#48031}
2017-09-15 10:56:12 +00:00
Mathias Bynens
a10e4a179e [js] Check comparefn in (Typed)Array#sort
This patch ensures a `TypeError` is thrown when the argument passed to
`Array.prototype.sort` or `%TypedArray%.prototype.sort` is neither a
function nor `undefined`.

Every other major JavaScript engine already threw in this case. Making
V8’s behavior match increases interoperability.

https://github.com/tc39/ecma262/pull/785

BUG=v8:6542

Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I412a59810abdd118217c8d8361389ec6c2f640bd
Reviewed-on: https://chromium-review.googlesource.com/668356
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48028}
2017-09-15 10:08:06 +00:00
Andreas Haas
549692cbc0 [wasm] Streaming compilation for WebAssembly.
In this CL I implement streaming compilation for WebAssembly,
as described in the design doc I have sent out already.

In this implementation the decoding of sections other than the
code section is done immediately on the foreground thread.
Eventually all decoding should happen in the background. I
think it is acceptable to do the decoding on the foreground
thread for now because I have finished it already, and
decoding in the background would add even more complexity to
this CL.

Bug:v8:6785

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I285e1e5e1a5a243113c92571b25ee9bae551d0ed
Reviewed-on: https://chromium-review.googlesource.com/631721
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48022}
2017-09-15 06:36:25 +00:00
Deepti Gandluri
0202a040c9 [wasm] Module bytes can set shared attribute on memory
- Validate that atomic ops can only be called when shared memory is declared
- Throw Compile/Link erros on mismatch between declared, imported memory
- Test harness helpers for setting shared memory, tests

BUG=v8:6532

R=binji@chromium.org, bradnelson@chromium.org

Change-Id: I43fe3d04bb7e3e0a2cecca0528578f98844d2608
Reviewed-on: https://chromium-review.googlesource.com/665379
Commit-Queue: Brad Nelson <bradnelson@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48019}
2017-09-14 18:16:31 +00:00
Ulan Degenbaev
97b2a814e4 [heap] Fix black allocation.
This patch ensures that an object returned by AllocateRaw is marked
black if black allocation starts during the object allocation.

This fixes the following issue:
1) Generated code requests allocation of size N for folded allocation.
2) Runtime gets a free list node at address A of size N+M and sets up
   a linear allocation area with top = A+N and limit = A+N+M.
3) Runtime invokes the allocation observer that starts incremental marking
   and start black allocation. The area [A+N, A+N+M) is marked black.
4) Runtime returns a white object at address A as the allocation result.
5) Generated code moves the top pointer to A and does bump pointer
   allocations of white objects from A to A+N+M.
6) Object allocated new A+N can have the impossible marbit pattern.

Bug: chromium:694255
Change-Id: I09ceebc97a510fa5fe4ff20706bc46a99f8b7cf4
Reviewed-on: https://chromium-review.googlesource.com/638338
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48005}
2017-09-14 08:33:49 +00:00
Michael Starzinger
bc69f3450b [iwyu] Remove illegal inline include from "macro-assembler.h"
R=clemensh@chromium.org

Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I3df5d50f81909188ee0cb31d0f479aadeeabe20f
Reviewed-on: https://chromium-review.googlesource.com/662780
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47991}
2017-09-13 11:44:07 +00:00
Adam Klein
c9efff3fcd [bigint] Add bytecodes for unary-minus and bitwise-not
This continues to move the "desugaring" of unary operators further
down the pipeline, in this case into the bytecode handlers for new
bytecodes `Negate` and `BitwiseNot` and the corresponding TF code
in BytecodeGraphBuilder.

Bug: v8:6971
Tbr: yangguo@chromium.org
Change-Id: If6b5d6b239a09ef8b4dbde49321614503c0f5beb
Reviewed-on: https://chromium-review.googlesource.com/661146
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47980}
2017-09-12 19:07:59 +00:00
Adam Klein
bf55951cdd [bigint] Output ToNumber bytecode for unary plus
As part of that change, make ToNumber return in the accumulator.

Bug: v8:6791
Change-Id: I8ce0f4fbc7ad8ee7fb4a32a8a499394395010750
Reviewed-on: https://chromium-review.googlesource.com/658082
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47976}
2017-09-12 15:27:21 +00:00
Clemens Hammacher
ae53f26d8f [wasm] [test] Reuse WasmCompilationUnit to compile functions
This further reduces the amount of test-specific code. It will also
help testing the wasm baseline compiler, since it is also being called
from the {WasmCompilationUnit}.

Also, move the {RuntimeExceptionSupport} flag from the
{WasmFunctionCompiler} to the {TestingModuleBuilder}. There is no need
to store this per function builder. The {TestingModuleBuilder} then
passes it on to the {WasmCompilationUnit}, which finally sets it on the
{WasmGraphBuilder}.

R=mtrofin@chromium.org

Bug: v8:6600
Change-Id: I783dc296297a5ca37a2dd0d2035d782ca19a0fee
Reviewed-on: https://chromium-review.googlesource.com/660239
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47970}
2017-09-12 12:43:57 +00:00
Clemens Hammacher
3c8e1598bd [wasm] [test] Introduce enum for runtime exception support
We were using a boolean before, which makes the meaning non-obvious
when passed as a parameter. With the enum, you actually have to use
{kRuntimeExceptionSupport} or {kNoRuntimeExceptionSupport}.

R=mtrofin@chromium.org

Change-Id: Iaf5a7b6f1b446d4c3e16e044a6055d923d3b0b49
Reviewed-on: https://chromium-review.googlesource.com/660738
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47969}
2017-09-12 11:30:18 +00:00
Clemens Hammacher
05720af2b0 [wasm] [cleanup] Remove unused field
R=ahaas@chromium.org

Change-Id: I9b8a00061fe202b8c18426626b496c15455c8b7f
Reviewed-on: https://chromium-review.googlesource.com/660280
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47965}
2017-09-12 08:10:40 +00:00
Deepti Gandluri
2aecded25c [wasm] Memory.Grow with guard pages enabled should adjust memory allocated
- Memory.Grow with guard pages enabled should adjust amount of allocated
   memory, and not allocate a new buffer. This was disabled because previously
   the backing store was freed in the MemoryFinalizer, and we needed to be sure
   that the backing store is not released till the last buffer using it is
   released. This is now safe as we no longer use the MemoryFinalizer
 - SetProtection should use Guard/Unprotect that use mprotect underneath,
   instead of CommitRegion/UncommitRegion that use mmap
 - Move buffer allocation to the end to avoid inconsistent memory due to GC

BUG=v8:5886

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I0d7edb884bd1e3167eb5fbced6953c6401688d40
Reviewed-on: https://chromium-review.googlesource.com/629517
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Reviewed-by: Eric Holk <eholk@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47960}
2017-09-11 22:51:48 +00:00
Mike Stanton
8340a86a62 Remove Code::FUNCTION type and predicates.
Since we don't have a full-codegen compiler anymore, we no longer
generate Code::FUNCTION kind. Nice! Here is some cleanup.

Bug: v8:6409
Change-Id: I05634e4ca85c4037b49a4346f4e8bae8042b8762
Reviewed-on: https://chromium-review.googlesource.com/657817
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47951}
2017-09-11 14:57:57 +00:00
Michael Starzinger
955d7e414e [iwyu] Remove obsolete "api.h" include from "handles-inl.h".
R=clemensh@chromium.org

Change-Id: If0554f01068fb76228e85cfe120630eda86de41d
Reviewed-on: https://chromium-review.googlesource.com/659997
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47945}
2017-09-11 12:52:20 +00:00
Clemens Hammacher
f9efb571ab [wasm] [test] [cleanup] Add missing undefs
Cleanup before enabling the presubmit check:
https://chromium-review.googlesource.com/c/v8/v8/+/657104

Bug: v8:6811
R=ahaas@chromium.org
CC=​​mstarzinger@chromium.org

Change-Id: Ifbf9210464b46dfdb5e04fbedc41d30e11536f74
Reviewed-on: https://chromium-review.googlesource.com/657422
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47943}
2017-09-11 12:09:50 +00:00
Franziska Hinkelmann
50fb877eb8 [coverage] Use shared_ptr instead of raw pointer
If Coverage goes out of scope, ScriptData, FunctionData, or BlockData still rely on 
Coverage's coverage_. Make coverage_ a shared_ptr owned by all four classes. 

Bug: 
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ifab5d05184cc5db0fd0a935254b967286295e63f
Reviewed-on: https://chromium-review.googlesource.com/657381
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Franziska Hinkelmann <franzih@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47938}
2017-09-11 07:34:18 +00:00
Benedikt Meurer
62649c8e7e [cleanup] Drop obsolete %StringCharCodeAt intrinsic.
The previous %StringCharCodeAt runtime entry (and the inlined intrinsic)
are obsolete and not used anymore (except in dedicated tests for this
runtime function), so remove it. And rename the %StringCharCodeAtRT
function, which is actually used to %StringCharCodeAt instead to have
a consistent naming scheme for runtime fallbacks.

Bug: v8:5049
Change-Id: I619429ef54f6efea61fc51ab9ed1d5cfe4417f99
Reviewed-on: https://chromium-review.googlesource.com/657719
Commit-Queue: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47928}
2017-09-08 15:45:44 +00:00
Michael Starzinger
4214aa7d5a [objects] Remove obsolete Code::prologue_offset field.
R=mvstanton@chromium.org
BUG=v8:6409

Change-Id: I9252055a395287381d2646fedc59c8c376333694
Reviewed-on: https://chromium-review.googlesource.com/652469
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47927}
2017-09-08 14:42:24 +00:00
Marja Hölttä
9f21cab8c8 Revert "Reland#2 [parser] Refactor streaming scanner streams."
This reverts commit de9269f3c3.

Something's still wrong in the encoding handling (see bug).

Bug: chromium:763106
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Icd19dd42b84b9d090e191375a2942b9941110bcf
Reviewed-on: https://chromium-review.googlesource.com/657386
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47924}
2017-09-08 13:36:04 +00:00
Anna Henningsen
9b21865822 [api] Add optional data pointer to GC callbacks
This can be useful when there may be multiple callbacks attached by
code that's not directly tied to a single isolate, e.g. working
on a per-context basis.

This also allows rephrasing the global non-isolate APIs in terms
of this new API, rather than working around it inside `src/heap`.

TBR=hpayer@chromium.org

Bug: 
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I2e490ec40d1a34ea812f25f41ef9741d2116d965
Reviewed-on: https://chromium-review.googlesource.com/647548
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47923}
2017-09-08 13:07:24 +00:00
Jaroslav Sevcik
6e8c00f7df Introduce an Abort bytecode and turbofan operator.
The advantage of an explicit Abort that the interpreter and the compiler know
that aborting cannot continue or throw or deopt. As a result we generate less
code and we do not confuse the compiler if the environment is not set up for
throwing (as in the generator dispatch that fails validation in
crbug.com/762057).

Bug: chromium:762057
Change-Id: I3e88f78be32f31ac49b1845595255f802c405ed7
Reviewed-on: https://chromium-review.googlesource.com/657025
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47922}
2017-09-08 12:16:23 +00:00
Michael Starzinger
9b42967642 [iwyu] Fix cctest inline header inclusion violation.
R=clemensh@chromium.org

Change-Id: I35a69e690a0647e1e6092bf881007198b252d3e8
Reviewed-on: https://chromium-review.googlesource.com/657577
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47921}
2017-09-08 11:59:53 +00:00
Michael Starzinger
532c9052d6 [iwyu] Extend inline include checking to tests.
R=clemensh@chromium.org

Change-Id: I4e2108beee792e54d4ff54c36fd326a058272b73
Reviewed-on: https://chromium-review.googlesource.com/657179
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47919}
2017-09-08 09:31:32 +00:00
Yang Guo
cd61390ea5 [snapshot] include fewer strings.
R=mstarzinger@chromium.org

Change-Id: I6cb9d9b7b82ce05299bb6088b187e91c4fa2ca0f
Reviewed-on: https://chromium-review.googlesource.com/649750
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47911}
2017-09-08 06:10:12 +00:00
Aseem Garg
5f3a2def82 [wasm] redirect wasm calls to js functions through a GCed table
This is revert of commit aee1e1fb8d with the fix for A1 and N6 jetstream failure.

R=bradnelson@chromium.org,mtrofin@chromium.org,clemensh@chromium.org
Bug: chromium:750828

Change-Id: Id38896af51315f76a0667ace32c77a2ba7287eec
Reviewed-on: https://chromium-review.googlesource.com/607092
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47910}
2017-09-08 04:36:12 +00:00
Sathya Gunasekaran
335e169b6c Reland "[debug] Add test for promise finally"
This is a reland of a2ed05144c
Original change's description:
> [debug] Add test for promise finally
> 
> As of v8:6536, we no longer have to mark builtins explicitly.
> 
> Also remove test whitelist for promise finally
> builtins.
> 
> Bug: v8:6088, v8:5967
> Change-Id: I7f98dfe7708678653e944ac76ba9938205490b16
> Reviewed-on: https://chromium-review.googlesource.com/654067
> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47896}

TBR=jgruber@chromium.org

Bug: v8:6088, v8:5967
Change-Id: I25a1820e04596a44769fc8ded80678f3663bbcd5
Reviewed-on: https://chromium-review.googlesource.com/655740
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47906}
2017-09-07 21:36:53 +00:00