Commit Graph

49790 Commits

Author SHA1 Message Date
Peter Marshall
3f1e2346b4 [cleanup] Use ZoneChunkList in SafepointTableBuiler
Change-Id: I8cbcc8a052d9c9a72f792e2fbe836e219878daaf
Reviewed-on: https://chromium-review.googlesource.com/1183661
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55298}
2018-08-22 10:53:06 +00:00
Georg Neis
d67f0a05d9 [turbofan] Serialize more data.
- FixedArrayBase length
- BytecodeArray register count

Bug: v8:7790
Change-Id: Id514dd8857c06e5791c62fb898f778206de8aac4
Reviewed-on: https://chromium-review.googlesource.com/1183233
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55297}
2018-08-22 10:50:37 +00:00
jgruber
e5e30b3463 [wasm] Ensure all wasm runtime stubs are PIC
Some builtins, so-called wasm runtime stubs, are copied off-heap to
ensure reachability through near jumps. These builtins must be
individually position-independent. In particular, they may not contain
pc-relative calls to other builtins.

Drive-by: Set hard_abort mode for all wasm runtime stubs to avoid Abort
calls.

Bug: v8:6666
Change-Id: Ie5bc9fc539d6a043dcf7dff66c3b4643baec69ab
Reviewed-on: https://chromium-review.googlesource.com/1183236
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55296}
2018-08-22 10:03:16 +00:00
Ben L. Titzer
f0409b91c9 [gcc] Minor syntactic fixes for older gcc
R=ahaas@chromium.org

Change-Id: Ida5a43f65d09a48cce316185932f6d863b0e58a4
Reviewed-on: https://chromium-review.googlesource.com/1184711
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55295}
2018-08-22 10:01:46 +00:00
Peter Marshall
2923d2d44a Fix a bug in ZoneChunkList::Find() at chunk boundaries.
We would return the wrong chunk for the first element past the chunk
boundary, e.g. if the first chunk was size=8, then Find(8) would
return an address in the first block rather than the second one.

Bug: v8:8077
Change-Id: I90281f853dd7ca68dc065ed773d0ae9787f00988
Reviewed-on: https://chromium-review.googlesource.com/1183483
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55294}
2018-08-22 09:37:41 +00:00
Jaroslav Sevcik
21e7b70c9c Remove unused method from FieldIndex
Change-Id: I319496294fe5b560ac6189c178fa047879093729
Reviewed-on: https://chromium-review.googlesource.com/1184701
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55293}
2018-08-22 09:36:36 +00:00
Bogdan Lazarescu
f26eaaa9a8 Use TBZ/TBNZ regardless of CanCover() check.
This is useful even if there are other uses of the
arithmetic result, because it moves dependencies further back.

Change-Id: I6136a657b547198cb4ec92f38b89ddf5df334124
Reviewed-on: https://chromium-review.googlesource.com/1179662
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Bogdan Lazarescu <bogdan.lazarescu@arm.com>
Cr-Commit-Position: refs/heads/master@{#55292}
2018-08-22 09:35:34 +00:00
Andreas Haas
64566daa99 [wasm] Update spec tests
R=titzer@chromium.org

Change-Id: I6c817fa82333ca12d2d8f9f8704eac157f3caa9f
Reviewed-on: https://chromium-review.googlesource.com/1184705
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55291}
2018-08-22 09:34:31 +00:00
Maya Lekova
6b860b6977 Revert "inspector: do not convert and store String16 for script source"
This reverts commit e987606a8a.

Reason for revert: Speculatively reverting due to possible failure: https://ci.chromium.org/p/v8/builders/luci.v8.ci/Android%20Builder/8641

Original change's description:
> inspector: do not convert and store String16 for script source
> 
> We need script source for:
> - calculating hash to report as part of scriptParsed event,
> - reporting it as response on getScriptSource request,
> - searching inside as response on searchInContent request,
> - breakpoints hints.
> 
> In all cases there is no need to store source on inspector side.
> 
> R=​alph@chromium.org
> 
> Bug: chromium:873865,v8:7731
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
> Change-Id: Ice24ddc72cfff36fb9a2dff2d7c4543defe3f668
> Reviewed-on: https://chromium-review.googlesource.com/1182603
> Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Reviewed-by: Alexei Filippov <alph@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55286}

TBR=alph@chromium.org,kozyatinskiy@chromium.org

Change-Id: I38d744dc811a5b747c1fcf27d88bdf770acf5c18
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:873865, v8:7731
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Reviewed-on: https://chromium-review.googlesource.com/1184742
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55290}
2018-08-22 09:30:03 +00:00
Tobias Tebbi
e99a109281 Revert "[builtins] Reland Array.prototype.splice() Torque implementation."
This reverts commit cdaaa31151.

Reason for revert: chromium:876445 chromium:876453 chromium:876443

Original change's description:
> [builtins] Reland Array.prototype.splice() Torque implementation.
> 
> Before, splice was implemented with a C++ fast path and a
> comprehensive JavaScript version.
> 
> This impl. is entirely in Torque with a fastpath for SMI,
> DOUBLE and OBJECT arrays, and a comprehensive slow path.
> The same level of "sparse" array support as given by the
> array.js implementation is included.
> 
> Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
> Change-Id: Ia7334a30b401988309e9909cfa0069da0bb6fb9f
> Reviewed-on: https://chromium-review.googlesource.com/1169466
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55263}

TBR=mvstanton@chromium.org,jgruber@chromium.org,tebbi@chromium.org

Change-Id: I5b750a98e671b7284474ffcabc6b4d37a9d1219e
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/1184741
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55289}
2018-08-22 08:57:38 +00:00
Adam Klein
91041c1260 [scopes] Clean up and centralize mapped/unmapped arguments logic
Also update comments that'd gotten unnecessarily verbose over
ten years of language development.

Bug: v8:8015
Change-Id: I6688ce22e4aa92f66f937159d890b9922f109d43
Reviewed-on: https://chromium-review.googlesource.com/1180357
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55288}
2018-08-21 20:38:41 +00:00
Hannes Payer
f29fbf35a9 [heap] Provide memory order relaxed accessor of page flags.
Bug: chromium:874437,chromium:852420
Change-Id: I4f484a6bb7072804dbcaacab77d25ba7a3fe338f
Reviewed-on: https://chromium-review.googlesource.com/1183188
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55287}
2018-08-21 20:20:51 +00:00
Alexey Kozyatinskiy
e987606a8a inspector: do not convert and store String16 for script source
We need script source for:
- calculating hash to report as part of scriptParsed event,
- reporting it as response on getScriptSource request,
- searching inside as response on searchInContent request,
- breakpoints hints.

In all cases there is no need to store source on inspector side.

R=alph@chromium.org

Bug: chromium:873865,v8:7731
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ice24ddc72cfff36fb9a2dff2d7c4543defe3f668
Reviewed-on: https://chromium-review.googlesource.com/1182603
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55286}
2018-08-21 19:03:49 +00:00
Michael Lippautz
a6938128f4 [embedder-tracing] Add GarbageCollectionForTesting call
This call can be used by embedder to request a GC for testing reasons.
The GC also takes the current embedder stack state as an argument that
is forwarded to the embedder when entering the atomic pause.

This way embedders can request garbage collections for testing and set
how the embedder should treat the stack.

Bug: chromium:843903
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Id10604565b4457dd0fca402afeb5f8e592fa0bae
Reviewed-on: https://chromium-review.googlesource.com/1183431
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55285}
2018-08-21 18:42:05 +00:00
Ben L. Titzer
3d35921eb3 [wasm] Unify all enums representing execution tiers
R=mstarzinger@chromium.org

Change-Id: Iacdff28dd1383d77d7708de4ee22d9f2a77d872a
Reviewed-on: https://chromium-review.googlesource.com/1183440
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55284}
2018-08-21 15:45:18 +00:00
Benedikt Meurer
2650fc335d [builtin] Further cleanup %ArrayIteratorPrototype%.next().
Refactor the ArrayIteratorPrototypeNext CSA builtin to handle the
JSArray element access in a dedicated helper macro, very similar
to how it's done for JSTypedArray's. Also add support for dictionary
elements to this helper macro using the existing dictionary access
logic in the CodeStubAssembler.

This improves the readability of the builtin significantly and the
performance of iterating arrays with dictionary elements goes up by
a factor of ~3.5x.

Bug: v8:8015, v8:8070
Change-Id: Ibfee760ea1e4bc0fffb42b232fb1d097b706bd1f
Reviewed-on: https://chromium-review.googlesource.com/1183305
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55283}
2018-08-21 15:42:58 +00:00
Florian Sattler
4ea8e7778d [inspector] Updated third_party inspector_protocol
This pull in noexcept changes in inspector_protocol

Bug: v8:7999
Change-Id: I6db9ad419d6c1a11fee4379004435e76bbedcead
Reviewed-on: https://chromium-review.googlesource.com/1182804
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Commit-Queue: Florian Sattler <sattlerf@google.com>
Cr-Commit-Position: refs/heads/master@{#55282}
2018-08-21 15:28:08 +00:00
Bret Sepulveda
6bf31c7260 Refactor test-log.cc.
This patch splits the log file into a vector of std::strings when
logging is stopped, so verifying that lines are present can be done in
terms of std library functions. Verifications are now done by simple
substring matching instead of via a prefix or suffix, in preparation for
a new test that needs to match the middle of a line.

This patch also deletes some dead/debugging code.

Change-Id: I5c6b75b0807c41312d35208deda26546dc0f7216
Reviewed-on: https://chromium-review.googlesource.com/1183187
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Bret Sepulveda <bsep@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55281}
2018-08-21 15:18:26 +00:00
Alexey Kozyatinskiy
1b3b808a54 inspector: find magic comment using V8 scanner
Inspector tries to provide sourceURL and sourceMappingURL for scripts
with parser errors. Without this CL we convert source of each script
to inspector string and search for magic comment there. Some web sites
use pattern when they get some data from network and constantly try to
parse this data as JSON, in this case we do a lot of useless work.

So we can parse magic comments on V8 side only for compilation errors
(excluding parse JSON errors), to do it we can reuse scanner by running
it on each potential comment.

R=alph@chromium.org,verwaest@chromium.org,yangguo@chromium.org

Bug: chromium:873865,v8:7731
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I77c270fd0e95cd7b2c9ee4b7f72ef344bc1fa104
Reviewed-on: https://chromium-review.googlesource.com/1182446
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55280}
2018-08-21 15:17:07 +00:00
Toon Verwaest
7fb6109b1e [scanner] Add Skip to be used after successful Peek
Change-Id: Ic3df370e2859bf77572b34a314ad8ed17b75b942
Reviewed-on: https://chromium-review.googlesource.com/1183485
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55279}
2018-08-21 15:09:06 +00:00
Igor Sheludko
ca688f269c Make gdb macros work in Chrome when V8 is built in component mode.
... by properly exporting respective functions from the binary.

Change-Id: I6f9b63f65a886e430c1b0e431ebf62e589f4d455
Reviewed-on: https://chromium-review.googlesource.com/1183493
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55278}
2018-08-21 15:04:13 +00:00
Benedikt Meurer
2345f9526b [cleanup] Cleanup unused macros/intrinsics.
This removes a couple of intrinsics/runtime functions/macros that are no
longer needed at all (or not in TurboFan for performance reasons).

Bug: v8:8015
Change-Id: I08ae8de7cc63019eb30d3b71dd1c824d6392076a
Reviewed-on: https://chromium-review.googlesource.com/1183481
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55277}
2018-08-21 14:38:20 +00:00
Michael Starzinger
0f5973d6ce [wasm] Remove unused compilation event.
R=ahaas@chromium.org

Change-Id: I92d6e7fc41c9cbb3792a66c9ea8996efe1c8d87d
Reviewed-on: https://chromium-review.googlesource.com/1183434
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55276}
2018-08-21 14:36:01 +00:00
Florian Sattler
167f9546fa [parser] Mark recursive descent parse functions for inline to avoid excessive calls
Bug: v8:7926
Change-Id: I237428af129fd19dbca39c1e243252774e26902c
Reviewed-on: https://chromium-review.googlesource.com/1182805
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55275}
2018-08-21 14:01:19 +00:00
Ivica Bogosavljevic
a4211ad6ee [wasm]: Load and store globals properly on big-endian
TEST=wasm-spec-tests/tests/exports,wasm-spec-tests/tests/data

Change-Id: I5c1001b00f2a7eab41e6e143afa19803969c0fe4
Reviewed-on: https://chromium-review.googlesource.com/1181022
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Sreten Kovacevic <skovacevic@wavecomp.com>
Cr-Commit-Position: refs/heads/master@{#55274}
2018-08-21 13:57:37 +00:00
Benedikt Meurer
4f0e9d6cb7 [csa] Introduce ThrowIfArrayBufferIsDetached() helper.
This adds new CSA helpers ThrowIfArrayBufferIsDetached() and
ThrowIfArrayBufferViewBufferIsDetached() which check whether
ArrayBuffers or ArrayBufferViews have been detached. This
improves readability of the code that has to deal with typed
arrays.

Bug: v8:8015
Change-Id: Iafab86c418bd0e12bb7d7ec803151a1f6b786400
Reviewed-on: https://chromium-review.googlesource.com/1183422
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55273}
2018-08-21 13:55:31 +00:00
Toon Verwaest
60cbde18a6 [scanner] Reduce reliance on PushBack by Peeking more
Change-Id: I50f729eac8d8b0c25a1f83f2b1f86800f21a8a8b
Reviewed-on: https://chromium-review.googlesource.com/1183301
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55272}
2018-08-21 13:13:42 +00:00
Michael Starzinger
eedc7dbf7e [wasm] Simplify compilation state callback mechanism.
R=titzer@chromium.org

Change-Id: If459225345f8a94eb566334e15331f7741c952d4
Reviewed-on: https://chromium-review.googlesource.com/1183103
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55271}
2018-08-21 13:10:43 +00:00
Ross McIlroy
20122d46f2 [Tests] Disable regress-752764 on Android since it's still flaky
BUG=v8:8040

Change-Id: I004f5748bafeff60885fd85f1b1a6ea44af06340
Reviewed-on: https://chromium-review.googlesource.com/1183196
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55270}
2018-08-21 13:07:38 +00:00
Igor Sheludko
bf1e47e6ff [ptr-compr] Switch Smis to 31-bit on 64-bit platforms.
This is prerequisite for V8 heap pointer compression.

Bug: v8:7703
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I2cdf02bd4cd535beb78a5db5b7cbdf67433a6d16
Reviewed-on: https://chromium-review.googlesource.com/1181136
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55269}
2018-08-21 13:06:31 +00:00
Toon Verwaest
a1995eca83 [scanner] Mark source_ and is_module as const and initialize in constructor
Change-Id: I692ce8dbe3169cfb912647c31a9e8121dc5eff5d
Reviewed-on: https://chromium-review.googlesource.com/1183306
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55268}
2018-08-21 12:46:49 +00:00
Dan Elphick
d9770a27b5 [gdb] Move stack frame up to frame above V8_Fatal
UNREACHABLE and CHECK call V8_Fatal directly so treat them like
V8_Dcheck, but also ensure that the frame is moved up to the DCHECK
frame even if it calls V8_Fatal.

Change-Id: Iad5f2e3ea95182bed473d6b2d843a0c1e111911d
Reviewed-on: https://chromium-review.googlesource.com/1183303
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55267}
2018-08-21 12:32:03 +00:00
Georg Neis
6ec7771491 Revert "[turbofan] Force creation of initial maps upfront."
This reverts commit acf0925255.

Reason for revert: Undesired side effects.

Original change's description:
> [turbofan] Force creation of initial maps upfront.
> 
> When encountering a JSFunction, generate its initial map (if
> appropriate).  This ensures that we can depend on the initial
> map during optimization.
> 
> We are not sure about the performance impact of this change, it
> might cause regressions.
> 
> R=​jarin@chromium.org, mslekova@chromium.org
> 
> Bug: v8:7790, chromium:875175
> Change-Id: I4bbf62e30730f55a53d9bb7eee62c87d820616fb
> Reviewed-on: https://chromium-review.googlesource.com/1180970
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55253}

TBR=jarin@chromium.org,neis@chromium.org,mslekova@chromium.org

Change-Id: I322f504d068f752b218680f633b8719864ca4950
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7790, chromium:875175
Reviewed-on: https://chromium-review.googlesource.com/1183341
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55266}
2018-08-21 12:06:45 +00:00
jgruber
6ab1908775 [builtins] Mark initial builtins on ia32 isolate-independent
This populates the isolate-independent builtin whitelist with initial
builtins that do not access any isolate-dependent data and thus don't
need the root register at all.

Unlike most other platforms, we can't use a scratch register in the
off-heap trampoline since there's no free register available. The
trampolines on ia32 are thus implemented as pc-relative jumps
(thankfully we can address the entire address space).

Drive-by: Made Code::IsIsolateIndependent consistent with
FinalizeEmbeddedCodeTargets. Code targets are only allowed on some
platforms.

Bug: v8:6666
Change-Id: I0bf02eecba8a099afa7b7c892188cd377cbda840
Reviewed-on: https://chromium-review.googlesource.com/1183224
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55265}
2018-08-21 11:52:24 +00:00
jgruber
e44e4636b1 [builtins] Add --print-embedded-builtin-candidates
When enabled, this will print all builtins that could, in theory, be
marked as isolate-independent (because their reloc info only contains
viable entries), but are not. This is only intended for use while
implementing embedded builtins on ia32 and can be removed afterwards.

Bug: v8:6666
Change-Id: I2cb54c851391480824f15f6e5ddb7919e179da4a
Reviewed-on: https://chromium-review.googlesource.com/1183222
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55264}
2018-08-21 11:43:34 +00:00
Tobias Tebbi
cdaaa31151 [builtins] Reland Array.prototype.splice() Torque implementation.
Before, splice was implemented with a C++ fast path and a
comprehensive JavaScript version.

This impl. is entirely in Torque with a fastpath for SMI,
DOUBLE and OBJECT arrays, and a comprehensive slow path.
The same level of "sparse" array support as given by the
array.js implementation is included.

Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Ia7334a30b401988309e9909cfa0069da0bb6fb9f
Reviewed-on: https://chromium-review.googlesource.com/1169466
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55263}
2018-08-21 11:40:19 +00:00
Andreas Haas
41819b39c4 [wasm][threads] Do not overwrite the V8 flag with the origin trial flag
R=titzer@chromium.org

Bug: chromium:868844
Change-Id: Ib96416dc6ae36e024e90187944f2e9ca92e8b83b
Reviewed-on: https://chromium-review.googlesource.com/1183200
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55262}
2018-08-21 11:39:17 +00:00
Benedikt Meurer
6031f172ed [es2015] Use [[ArrayIteratorNextIndex]] to indicate exhaustion.
Instead of changing the [[IteratedObject]] field to undefined to mark an
array iterator as exhausted, store the appropriate maximum value into
the [[ArrayIteratorNextIndex]] field such that the iterator will never
produce any values again.

Without this change the map check and the "length" access on the
[[IteratedObject]] cannot be eliminated inside the loop, since the
object can either be the array or undefined. Even with this change
it's still not possible immediately due to missing aliasing
information in the LoadElimination, but it paves the way for follow
up improvements. Eventually the goal is to have `for..of` as fast as
a traditional `for` loop even for really tight loops.

This CL also hardens the implementation of the ArrayIterator by using
proper CASTs and CSA_ASSERTs. The readability of the CSA builtin was
improved by utilizing proper helper functions.

Bug: v8:7510, v8:7514, v8:8070
Change-Id: Ib46604fadad1a0f80e77fe71a1f47b0ca31ab841
Reviewed-on: https://chromium-review.googlesource.com/1181902
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55261}
2018-08-21 11:26:00 +00:00
Ross McIlroy
16fd84f3bd [Tests] Fix regress/regress-599414-array-concat-fast-path on Android.
BUG=v8:8040

Change-Id: I705f9afebfa770a8415fa268dd13ba00e90808d4
Reviewed-on: https://chromium-review.googlesource.com/1181429
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55260}
2018-08-21 11:02:26 +00:00
Sigurd Schneider
41b3955fbf Revert "[Intl] Move ToDateTimeOptions/ToLocaleDateTime to C++"
This reverts commit cabcfb3a5d.

Reason for revert: Breaks a layout test "fast/js/date-proto-generic-invocation.html" as can be seen in 
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8-Blink%20Linux%2064/25626

Original change's description:
> [Intl] Move ToDateTimeOptions/ToLocaleDateTime to C++
> 
> Bug: v8:7961
> Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
> Change-Id: Ic414a51a64040f253da1d7ccf03c558ea70ad2bf
> Reviewed-on: https://chromium-review.googlesource.com/1155271
> Commit-Queue: Frank Tang <ftang@chromium.org>
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55199}

TBR=kadams@nvidia.com,jshin@chromium.org,gsathya@chromium.org,ftang@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:7961
Change-Id: I39203fb281b9a54236b12a69c1f8389bcb5d411f
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/1183165
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55259}
2018-08-21 10:57:26 +00:00
Toon Verwaest
fcfd995aa1 [scanner] Go back to untemplatized scanning with buffering
This reverts the following 3 CLs:

Revert "[scanner] Templatize scan functions by encoding"
Revert "[asm] Remove invalid static cast of character stream"
Revert "[scanner] Prepare CharacterStreams for specializing scanner and parser by character type"

The original idea behind this work was to avoid copying, converting and
buffering characters to be scanned by specializing the scanner functions. The
additional benefit was for scanner functions to have a bigger window over the
input. Even though we can get a pretty nice speedup from having a larger
window, in practice this rarely helps. The cost is a larger binary.

Since we can't eagerly convert utf8 to utf16 due to memory overhead, we'd also
need to have a specialized version of the scanner just for utf8. That's pretty
complex, and likely won't be better than simply bulk converting and buffering
utf8 as utf16.

Change-Id: Ic3564683932a0097e3f9f51cd88f62c6ac879dcb
Reviewed-on: https://chromium-review.googlesource.com/1183190
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55258}
2018-08-21 10:52:52 +00:00
Hai Dang
f30b43ed95 Add bytecode generation tests for array spreads.
Bug: v8:7973
Change-Id: I44ad457c3a103c36bd7b928cc64a056c1a1afc46
Reviewed-on: https://chromium-review.googlesource.com/1183102
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Hai Dang <dhai@google.com>
Cr-Commit-Position: refs/heads/master@{#55257}
2018-08-21 10:51:51 +00:00
Michael Lippautz
8b2cee550c [heap] Fix ArrayBufferTracker processing
Avoid accessing |byte_length| during processing buffers. The length
might be a HeapNumber that has already been processed (e.g. moved) in
the current garbage collection cycle.

Bug: v8:8076
Change-Id: I6d79631e300845a29f15a9f60933ee41ffc95300
Reviewed-on: https://chromium-review.googlesource.com/1183193
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55256}
2018-08-21 10:50:46 +00:00
Jakob Gruber
dcc09b60ab Revert "[x64] Apply rip-relative call/jump for OFF_HEAP_TARGET"
This reverts commit ad5b736500.

Reason for revert: https://crbug.com/875678

Original change's description:
> [x64] Apply rip-relative call/jump for OFF_HEAP_TARGET
>
> Merge rip-relative loading and call/jump into one instruction for
> OFF_HEAP_TARGET call/jump. For example,
>
>   REX.W movq r10,[rip+#disp]
>   call r10
>
> turns into:
>
>   call [rip+#disp]
>
> Change-Id: I17e115d054b4b352bdaf8eba2e6ac4054bbedaca
> Reviewed-on: https://chromium-review.googlesource.com/1172152
> Commit-Queue: Shiyu Zhang <shiyu.zhang@intel.com>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55150}

TBR=sigurds@chromium.org,jgruber@chromium.org,shiyu.zhang@intel.com

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: chromium:875678
Change-Id: I5a9dd6e29cc53566d681864f7e275a70ccdcb0cb
Reviewed-on: https://chromium-review.googlesource.com/1183164
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55255}
2018-08-21 10:39:27 +00:00
Dominik Inführ
32ec3c1c5e [heap-profiler] Generate location for generators
Add source code location for generators into heap snapshot file.

Bug: chromium:854097
Change-Id: I726b245a707515502976476703e57b7f58c92782
Reviewed-on: https://chromium-review.googlesource.com/1174433
Commit-Queue: Dominik Inführ <dinfuehr@google.com>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55254}
2018-08-21 10:32:56 +00:00
Georg Neis
acf0925255 [turbofan] Force creation of initial maps upfront.
When encountering a JSFunction, generate its initial map (if
appropriate).  This ensures that we can depend on the initial
map during optimization.

We are not sure about the performance impact of this change, it
might cause regressions.

R=jarin@chromium.org, mslekova@chromium.org

Bug: v8:7790, chromium:875175
Change-Id: I4bbf62e30730f55a53d9bb7eee62c87d820616fb
Reviewed-on: https://chromium-review.googlesource.com/1180970
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55253}
2018-08-21 10:24:41 +00:00
Benedikt Meurer
932faf95b3 [cleanup] Use ThrowIfNotInstanceType() more consistently.
There were still a few places left in builtins where we have custom
logic to check for a certain instance type and raise the incompatible
receiver error.

Bug: v8:8015
Change-Id: Ic5ed80aa6327b2902209b1822677f75b19d8a715
Reviewed-on: https://chromium-review.googlesource.com/1183183
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55252}
2018-08-21 10:11:28 +00:00
Maya Lekova
fc41794efa Revert "[Intl] remove unused js"
This reverts commit 2dc505a418.

Reason for revert: Breaks a layout test "fast/js/date-proto-generic-invocation.html" as can be seen in 
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8-Blink%20Linux%2064/25626

Original change's description:
> [Intl] remove unused js
> 
> Bug: v8:8066
> Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
> Change-Id: I9d86577540cf227e038354d9661c60fcdc644b3f
> Reviewed-on: https://chromium-review.googlesource.com/1179467
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Commit-Queue: Frank Tang <ftang@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55200}

TBR=gsathya@chromium.org,ftang@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:8066
Change-Id: I4b6c7163a48f6f7fe439f8fd678abd053f60b020
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/1183163
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55251}
2018-08-21 09:56:09 +00:00
Maya Lekova
67c1f8fea0 Revert "[Intl] move Date.prototype.toLocale{,Date,Time}String to C++"
This reverts commit 8e57cd51fd.

Reason for revert: Breaks a layout test "fast/js/date-proto-generic-invocation.html" as can be seen in 
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8-Blink%20Linux%2064/25626

Original change's description:
> [Intl] move Date.prototype.toLocale{,Date,Time}String to C++
> 
> Bug: v8:7961
> Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
> Change-Id: Ie75eb443fc0907a4e1e4cafd4f5c06c23794f5a9
> Reviewed-on: https://chromium-review.googlesource.com/1156123
> Commit-Queue: Frank Tang <ftang@chromium.org>
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55239}

TBR=jshin@chromium.org,gsathya@chromium.org,ftang@chromium.org

Change-Id: Iafc2541185f8a6e44088432b3de58bdb53854e1b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7961
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/1183162
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55250}
2018-08-21 09:10:58 +00:00
Ben L. Titzer
438e7ec6dc Reland "[asmjs] Properly validate asm.js heap sizes"
This is a reland of 5c3092718e
(the CL was reverted because of a Chromium test that is now fixed)

Original change's description:
> Reland "[asmjs] Properly validate asm.js heap sizes"
>
> This is a reland of 5d69010e26
>
> Original change's description:
> > [asmjs] Properly validate asm.js heap sizes
> >
> > Enforce both engine limitations and spec (http://asmjs.org/spec/latest/)
> > limitations on the size of asm.js heaps.
> >
> > R=clemensh@chromium.org
> > CC=​mstarzinger@chromium.org
> >
> > Bug: chromium:873600
> > Change-Id: I104c23bbd0a9a7c494f97f8f9e83ac5a37496dfd
> > Reviewed-on: https://chromium-review.googlesource.com/1174411
> > Commit-Queue: Ben Titzer <titzer@chromium.org>
> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#55163}
>
> Bug: chromium:873600
> Change-Id: Id24070bda3aafb9e1a32af0732a1b18f633ef932
> Reviewed-on: https://chromium-review.googlesource.com/1179681
> Commit-Queue: Ben Titzer <titzer@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55193}

Bug: chromium:873600
Change-Id: I6eca2a89589070837b109278f964fc8e9a0fd6f1
Reviewed-on: https://chromium-review.googlesource.com/1183081
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55249}
2018-08-21 09:00:04 +00:00