Commit Graph

53380 Commits

Author SHA1 Message Date
Clemens Hammacher
23a85a3326 [Liftoff] Avoid quadratic behaviour in stack transfers
We currently iterate the list of unexecuted register moves repeatedly,
always executing the moves whose destination register is not being used
as source register any more. This can lead to quadratic execution times
if only a small number of moves is processed in every iteration.

This CL refactors this such that we iterate the moves at most three
times: Once for executing moves which can be executed right away (fast
path) and for computing the source register use counts. A second time
to execute all remaining non-cyclic moves, and a third time to execute
cyclic moves.
During the second and third iteration, whenever we decrement the source
register use count, we check whether it drops to zero and execute the
respective move right away.

R=ahaas@chromium.org

Bug: v8:6600, v8:8423
Change-Id: I503328f5ae5f0208e35d53c71b4c289d75799892
Reviewed-on: https://chromium-review.googlesource.com/c/1397703
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58588}
2019-01-07 14:23:39 +00:00
Clemens Hammacher
96671ab2e0 [Liftoff] Change the way we store stack transfers
Stack transfers consist of a number of register moves plus a number of
register loads. We currently store both in separate vectors. This CL
changes that to be stored in arrays indexed by the destination register
(such that it behaves like a map). This avoids any dynamically growing
structures.

Measured locally, this speeds up stack transfer processing by ~10%,
which translates to ~0.5% of overall Liftoff compilation time.

R=ahaas@chromium.org

Bug: v8:6600, v8:8423
Change-Id: Id532960dcc12f228507ed75e392ad4c57710593f
Reviewed-on: https://chromium-review.googlesource.com/c/1396278
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58587}
2019-01-07 13:38:33 +00:00
Jakob Kummerow
81becb8c10 [ubsan] Fix errors related to AsmType
The AsmType class uses a design similar to the old Object* model, where
arbitrary values (including 0) are reinterpret_cast to pointers. This
yields the following UBSan error, among others:

    src/asmjs/asm-parser.cc:2000:51: runtime error: member call on null
    pointer of type 'v8::internal::wasm::AsmType'

This patch does the smallest possible fix by turning the affected methods
into static functions. Longer-term, we should consider switching the
overall class design to a "struct wrapping an Address" model like the new
Object definition, which is a bit non-trivial because some AsmType types
are ZoneObject subclasses.

Bug: v8:3770
Change-Id: Ie2a7cdc9eab32c4c469d699212c84b0419480b4f
Reviewed-on: https://chromium-review.googlesource.com/c/1397663
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58586}
2019-01-07 13:07:26 +00:00
Clemens Hammacher
5a5606bec3 [presubmit] Extend regular expression for V8_NOEXCEPT
We were missing a few declarations, especially fully-qualified
declarations in cc files like here: https://crrev.com/c/1396459

R=mlippautz@chromium.org

Bug: v8:8616
No-Try: true
Change-Id: Iff93f1cd4fde18ac7fc8391e459e6bdcb4eb8f9b
Reviewed-on: https://chromium-review.googlesource.com/c/1397706
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58585}
2019-01-07 12:45:51 +00:00
Georg Neis
62302d6ca4 [turbofan] Brokerize (parts of) reduction of string.length load.
Bug: v8:7790
Change-Id: Ie8825227048a00892117e98cd4e591b3e5e06930
Reviewed-on: https://chromium-review.googlesource.com/c/1396090
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58584}
2019-01-07 12:37:20 +00:00
Georg Neis
e9c936392f [turbofan] Brokerize more pieces of JSNativeContextSpecialization.
Bug: v8:7790
Change-Id: I8cc88aadaaacca4cc6b87a6f5bead9129b8dfa14
Reviewed-on: https://chromium-review.googlesource.com/c/1394550
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58583}
2019-01-07 12:36:15 +00:00
Maya Lekova
2681ec65dc [turbofan] Introduce serializer for background compilation phase
Design doc:
https://docs.google.com/document/d/1vCQYhtFPqXafSMweSnGD8l0TKEIB6cPV5UGMHJtpy8k/edit?ts=5bf7d341

This CL only introduces a skeleton of the new phase that implements a bytecode
walker. The SUPPORTED_BYTECODE_LIST is supposed to be filled in gradually.

Bug:v8:7790

R=jarin@chromium.org, neis@chromium.org

Change-Id: I57fea91c55dca888581f2490bdf7b831fc61eda4
Reviewed-on: https://chromium-review.googlesource.com/c/1386872
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58582}
2019-01-07 12:26:28 +00:00
Georg Neis
3b6efcdc1b [turbofan] Make it explicit that module namespace map has proto info.
R=jarin@chromium.org

Change-Id: I08ecc5c86aa098a566c57e8ac8575504c9c36361
Reviewed-on: https://chromium-review.googlesource.com/c/1397667
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58581}
2019-01-07 12:25:13 +00:00
Jakob Kummerow
4737de1f0a [ubsan] Fix "division by zero" UBSan reports
The C++ spec does not guarantee IEEE-754 behavior for doubles, in
particular it says that dividing by zero is undefined behavior,
and UBSan complains about it when it happens.

Bug: v8:3770
Change-Id: I79e52c0e11ebfb581191f6f1c3ff95eb747dd97f
Reviewed-on: https://chromium-review.googlesource.com/c/1391751
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58580}
2019-01-07 12:24:08 +00:00
Sigurd Schneider
753ff7f3ba [turbolizer] Rework keydown event handling
This CL simplifies the keydown handling code and fixes
several issues:

 - Input to the search box was not reliably working, because
   the SVG keydown handler was attached to the window and its
   repeat-key detection was supressing key events.
 - Selecting the input of a node via keys 1-9 did not select the
   input, but always enabled the corresponding input node.
   1-9 now select the input node, and CTRL+1 through CTRL+9 can
   be used to toggle the input edge.

Bug: v8:7327
Notry: true
Change-Id: Ifedc8b703f6552e101ad00fee2f3c50f29b325b5
Reviewed-on: https://chromium-review.googlesource.com/c/1397666
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58579}
2019-01-07 12:07:28 +00:00
Sigurd Schneider
94f8147127 [turbolizer] Move Resizer to its own file
This improves readability and encapsulation of the code.

Change-Id: Ifbca8441941a1776797937c973a064153818c859
Notry: true
Bug: v8:7327
Reviewed-on: https://chromium-review.googlesource.com/c/1396423
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58578}
2019-01-07 11:58:51 +00:00
peterwmwong
263dce9b57 [js] Remove CORE JS Natives (prologue.js), port extra utils to C++/Torque
- Removes the last `CORE` JS native script: `prologue.js`.
- Removes build step and bootstrapping associated with building/loading `CORE` JS natives.
- Removes `natives_utils_object` from context.
- Deprecates `--expose-natives-as` flag.
- Ports extra utils functions to C++ (`uncurryThis`) or Torque
  (`createPrivateSymbol`, `markPromiseAsHandled`, and `promiseState`).
- Move extra utils constants initialization into bootstrapper
  (`kPROMISE_PENDING`, `kPROMISE_FULFILLED`, `kPROMISE_REJECTED`).
- Removes unused extra utils functions `log` and `logStackTrace`.

Drive-by: Added test coverage for Array#includes being an unscopeable.

Bug: v8:7624
Change-Id: I5d983f8d11b76cb4dd3c2c67592ce1dc88364cd9
Reviewed-on: https://chromium-review.googlesource.com/c/1381672
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Cr-Commit-Position: refs/heads/master@{#58577}
2019-01-07 11:57:46 +00:00
Sigurd Schneider
2a9a60a5b5 [turbolizer] Various clean-ups
This CL enables noImplicitReturns and noImplicitThis warnings in
TypeScript, another step on the road to stricter types.

Drive-by: Fix bug in search function.

Change-Id: Iafb528b5f0e7ccc8774bc218fd0dcdb206a0de31
Notry: true
Bug: v8:7327
Reviewed-on: https://chromium-review.googlesource.com/c/1396422
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58576}
2019-01-07 11:55:06 +00:00
Sigurd Schneider
8a33859721 [turbolizer] Remember pane width in session storage
Turbolizer only remembered the expansion state of the panes,
but not their widths. This CL remembers the relative widths,
and restores them upon reload. This is also useful when the
size of the Turbolizer window changes.

Change-Id: I0fd81c1266bfbddded86da16e2241420cdf73f4e
Notry: true
Bug: v8:7327
Reviewed-on: https://chromium-review.googlesource.com/c/1396421
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58575}
2019-01-07 11:51:42 +00:00
Hajime Hoshi
9301ea6a2a Reset the platform at MockPlatform in the test
This CL fixes the problem that the platform was set at MockPlatform's
constructor but was not reset.

Bug: v8:8527
Change-Id: I21c3b19320885b1b38999161db7cc1b8f15d798e
Reviewed-on: https://chromium-review.googlesource.com/c/1397821
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Hajime Hoshi <hajimehoshi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58574}
2019-01-07 11:47:41 +00:00
Sigurd Schneider
c68c3c6b20 [turbolizer] Reformat CSS file
Drive-by: Fix z-index (stacking) issue with hovers and pane
resize bars.

Change-Id: Ibd028a666681face1ccd6ec36b388f1ef25b1393
Notry: true
Bug: v8:7327
Reviewed-on: https://chromium-review.googlesource.com/c/1396420
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58573}
2019-01-07 11:46:36 +00:00
Sigurd Schneider
0c09e615e4 [turbolizer] Add more types to graph layout
This is a step towards removing all instances of implicit any types
from turbolizer.

This CL also replaces var with const/let. This improves readability
and warnings.

Change-Id: I67c2974df209f857e67dfdbb743ce695ce861982
Notry: true
Bug: v8:7327
Reviewed-on: https://chromium-review.googlesource.com/c/1396419
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58572}
2019-01-07 11:42:46 +00:00
Sigurd Schneider
c0f6220914 [turbolizer] Refactor NodeLabel from GNode
Refactor NodeLabel from GNode, which saves memory and is a step towards
decoupling the node layout from the graph structure.

Change-Id: I095a2f7a7ab28067161deffbc37952ae15410e0a
Notry: true
Bug: v8:7327
Reviewed-on: https://chromium-review.googlesource.com/c/1396418
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58571}
2019-01-07 11:36:16 +00:00
Toon Verwaest
76f8893699 [parser] Create arrow function scopes while parsing the head
This simplifies NextArrowFunctionInfo, allows us to Scope::Snapshot::Reparent
directly rather than moving it, and allows us to skip reparenting in the simple
parameter arrow function cases.

This is a reland of https://chromium-review.googlesource.com/c/v8/v8/+/1397664,
simply splitting out the arrow-function-name-inferring part.

Change-Id: I640d911a9607edc3bbb0e5ff3bf992094e4159e4
Reviewed-on: https://chromium-review.googlesource.com/c/1397701
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58570}
2019-01-07 11:13:31 +00:00
Clemens Hammacher
b962c07107 [Liftoff] Restructure execution of stack transfers
This is a fully semantically preserving CL, it just moves code around a
bit to make the follow-up CL easier to review.

R=ahaas@chromium.org

Bug: v8:6600, v8:8423
Change-Id: I0de80b18faa3ae570894cbd8073c495a5731d255
Reviewed-on: https://chromium-review.googlesource.com/c/1396096
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58569}
2019-01-07 10:58:31 +00:00
Ross McIlroy
69e36a95be [Parser] Remove aborting of preparsing for trivial long functions.
Real world websites don't benifit from aborting preparsing to eagerly compile
long trivial functions, and it adds unecessary complexity to the parser and
doesn't work well with bytecode flushing, so we remove it.

Perf Sheriffs: this is expected to regress the MandreelLatency benchmark on
Octane.

BUG=v8:8395

Change-Id: Ia60cd67d4dd100376d2a366939a1d2a97cbc2b0d
Reviewed-on: https://chromium-review.googlesource.com/c/1394297
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58568}
2019-01-07 10:50:41 +00:00
Toon Verwaest
095343926b Reland "[parser] Simplify ParseFunctionBody"
This is a reland of 2963f1b2e3

Original change's description:
> [parser] Simplify ParseFunctionBody
> 
> - Merge is_simple branches at the top
> - Remove block around inner_body parsing. Always merge fully at the end.
> - Remove conditional inner block adding to outer body. Simply add it to the
>   inner body making merge push it to the parent.
> 
> Change-Id: I1f062918a7abac354b949136463517bd0440984f
> Reviewed-on: https://chromium-review.googlesource.com/c/1386111
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58390}

Change-Id: I145f0cb1eda1dca4dd047b55e54b2b1bb704ecf8
Reviewed-on: https://chromium-review.googlesource.com/c/1397662
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58567}
2019-01-07 10:44:31 +00:00
cjihrig
d575bdd8e2 Update postmortem metadata generation script
This commit updates gen-postmortem-metadata.py to handle the
new ACCESSORS2 macro. Once that migration is complete,
ACCESSORS2 can be dropped from this script.

A constant is also added for SharedFunctionInfo's
kFunctionDataOffset, which was broken in
a55803a15d.

See: https://github.com/nodejs/node-v8/issues/95
Change-Id: I5c3f960b4fd739a76f96d0ece9543574ff96be0f
Reviewed-on: https://chromium-review.googlesource.com/c/1392449
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58566}
2019-01-07 10:23:10 +00:00
Georg Neis
af0b5af182 [turbofan] Extend list of operators that only produce HeapObjects
Change-Id: If8763d2a46a13e75722f2f5314ba50dc9df281e0
Reviewed-on: https://chromium-review.googlesource.com/c/1396089
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58565}
2019-01-07 09:41:39 +00:00
Clemens Hammacher
3c54b7a496 Revert "Reland: [Compiler] Ensure unoptimized code generation is context independent."
This reverts commit dcd75706c0.

Reason for revert: Breaks layout tests, blocks roll, see
https://crrev.com/c/1396602; there are wasm CLs in this range too,
but this CL looks like the most likely culprit.

Original change's description:
> Reland: [Compiler] Ensure unoptimized code generation is context independent.
> 
> Now that Asm.js code is also context independent, move code to ensure context independence
> from BytecodeGenerator to FinalizeUnoptimizedCode.
> 
> Reland of CL: https://chromium-review.googlesource.com/c/v8/v8/+/1349236
> 
> Change-Id: I718090850870c61733e0719d4091ec60bc080ebb
> Reviewed-on: https://chromium-review.googlesource.com/c/1396201
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Dan Elphick <delphick@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58558}

TBR=rmcilroy@chromium.org,delphick@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Change-Id: I5f547319f31f87777165361747dd42d223fc0b0e
Reviewed-on: https://chromium-review.googlesource.com/c/1396427
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58564}
2019-01-07 08:25:56 +00:00
Benedikt Meurer
b6bcf3210a [async] The Promise.all() fast-path must check @@species protector.
We cannot take the fast-path if the user messed with the Symbol.species
property on the Promise.prototype, as that makes the internal promises
observable.

Bug: chromium:917076
Change-Id: I928e0bd17836ca78cf88591610526aa7bc1d293c
Reviewed-on: https://chromium-review.googlesource.com/c/1396426
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58563}
2019-01-07 08:22:56 +00:00
Yang Guo
61f4c2251e Assume flat string when checking CompileFunctionInContext arguments.
R=jkummerow@chromium.org

Change-Id: I54c6137a3c6e14d4102188f154aa7216e7414dbc
Reviewed-on: https://chromium-review.googlesource.com/c/1388533
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58562}
2019-01-07 07:19:06 +00:00
Mathias Bynens
638d1b3137 [tools] Clean up HTML for tools
This patch ensures each HTML page has a DOCTYPE (to trigger
standards mode as opposed to quirks mode), a <meta
charset="utf-8">, and a <title>.

Additionally, it removes redundant attribute/value pairs such
as `type="text/javascript"` on <script> elements or
`type="text/css"` on <style> or <link rel="stylesheet">
elements. [1]

Finally, it removes the optional solidus for self-closing HTML
elements. [2]

[1] https://mathiasbynens.be/notes/html5-levels#type-attributes
[2] https://mathiasbynens.be/notes/html5-levels#solidus

Change-Id: I66d2700be120dc8fd52bdf38f9d34749f55e1e7f
Reviewed-on: https://chromium-review.googlesource.com/c/1396084
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58561}
2019-01-06 14:20:33 +00:00
v8-ci-autoroll-builder
2c726dd381 Update V8 DEPS.
Rolling v8/build: de2f586..fd2243f

Rolling v8/buildtools: 0e1cbc4..7d88270

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: Iad30ca6331cf69d1fbc33399f4c3ebc929fd8970
Reviewed-on: https://chromium-review.googlesource.com/c/1396742
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#58560}
2019-01-06 03:44:07 +00:00
v8-ci-autoroll-builder
f1e04dbc0a Update V8 DEPS.
Rolling v8/build: 29fca48..de2f586

Rolling v8/buildtools: 7d88270..0e1cbc4

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/ebf0d23..865a64d

Rolling v8/third_party/depot_tools: 936a994..c0641b8

Rolling v8/third_party/icu: 23de016..d653014

Rolling v8/tools/clang: a974cf8..35ea2f3

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: Ic7fd356b161f22ef7484b8ea36e6f53e01da0102
Reviewed-on: https://chromium-review.googlesource.com/c/1396740
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#58559}
2019-01-05 03:49:20 +00:00
Ross McIlroy
dcd75706c0 Reland: [Compiler] Ensure unoptimized code generation is context independent.
Now that Asm.js code is also context independent, move code to ensure context independence
from BytecodeGenerator to FinalizeUnoptimizedCode.

Reland of CL: https://chromium-review.googlesource.com/c/v8/v8/+/1349236

Change-Id: I718090850870c61733e0719d4091ec60bc080ebb
Reviewed-on: https://chromium-review.googlesource.com/c/1396201
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58558}
2019-01-04 16:29:38 +00:00
Andreas Haas
122d8b5103 [wasm][anyref] Add support for importing anyref globals
With this CL it is possible to import any JavaScript object as an anyref
global. The exception is WasmGlobalObject, which cannot hold anyref
globals yet.

R=clemensh@chromium.org

Bug: v8:7581
Change-Id: I5b0fc686a4ec5c579d1d635b53be5ccdf0a78f27
Reviewed-on: https://chromium-review.googlesource.com/c/1382452
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58557}
2019-01-04 16:10:18 +00:00
Clemens Hammacher
5ac88bfca6 Revert "Remove trap handler fallback for sanitizers"
This reverts commit 26a78061af.

Reason for revert: Not all fuzzers support custom segfault handlers yet, see https://crbug.com/918949

Original change's description:
> Remove trap handler fallback for sanitizers
> 
> Since https://crrev.com/c/1335572, our sanitizers allow to set custom
> segfault handlers. Thus remove special code that was added to handle
> sanitizers that prevent installation of segfault handlers. Instead,
> CHECK that the signal handler was installed correctly.
> 
> R=​ahaas@chromium.org, mseaborn@chromium.org, mark@chromium.org
> 
> Bug: chromium:830894
> Change-Id: I3bd66e33efdceb3e8469f3f4a09fbde90cb3d7ec
> Reviewed-on: https://chromium-review.googlesource.com/c/1392199
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58513}

TBR=mseaborn@chromium.org,ahaas@chromium.org,mark@chromium.org,clemensh@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: chromium:830894, chromium:918949
Change-Id: Ide545860cf7729139ac50c0dd2e85facca49b0b1
Reviewed-on: https://chromium-review.googlesource.com/c/1396277
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58556}
2019-01-04 16:08:38 +00:00
Sigurd Schneider
8a632f5c38 [mjsunit] Fix webkit/run-json-stringify in Debug mode again
Clang is known to use a lot of stack space for Debug builds, so
this patch lowers the recursion depth of that test.

Failing bot:

https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20full%20debug

First failing run:

https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20full%20debug/6606

Change-Id: Ib1da016b190fa0d9d7d38bced19f600a284c7f01
Reviewed-on: https://chromium-review.googlesource.com/c/1396079
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58555}
2019-01-04 15:53:38 +00:00
Peter Marshall
a0572f0bc7 [cpu-profiler] Reduce the size of inlining information
Previously we stored the source position table, which stored a mapping
of pc offsets to line numbers, and the inline_locations, which stored a
mapping of pc offsets to stacks of {CodeEntry, line_number} pairs. This
was slightly wasteful because we had two different tables which were
both keyed on the pc offset and contained some overlapping information.

This CL combines the two tables in a way. The source position table now
maps a pc offset to a pair of {line_number, inlining_id}. If the
inlining_id is valid, then it can be used to look up the inlining stack
which is stored in inline_locations, but is now keyed by inlining_id
rather than pc offset. This also has the nice effect of de-duplicating
inline stacks which we previously duplicated.

The new structure is similar to how this data is stored by the compiler,
except that we convert 'source positions' (char offset in a file) into
line numbers as we go, because we only care about attributing ticks to
a given line.

Also remove the helper RecordInliningInfo() as this is only actually
used to add inline stacks by one caller (where it is now inlined). The
other callers would always bail out or are only called from
test-cpu-profiler.

Remove AddInlineStack and replace it with SetInlineStacks which adds all
of the stacks at once. We need to do it this way because the source pos
table is passed into the constructor of CodeEntry, so we need to create
it before the CodeEntry, but the inline stacks are not (they are part of
rare_data which is not always present), so we need to add them after
construction. Given that we calculate both the source pos table and the
inline stacks before construction, it's just easier to add them all at
once.

Also add a print() method to CodeEntry to make future debugging easier
as I'm constantly rewriting this locally.

Bug: v8:8575, v8:7719, v8:7203

Change-Id: I39324d6ea13d116d5da5d0a0d243cae76a749c79
Reviewed-on: https://chromium-review.googlesource.com/c/1392195
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58554}
2019-01-04 15:05:55 +00:00
Sigurd Schneider
3346b8a38e [turbolizer] Improve TypeScript types
This CL adds more TypeScript types and inserts some instanceof checks to
ensure typing. The CL also selects es2018 as target and loads es6/es2018
libs for TypeScript types. This ensures that RegExp groups matching
results are properly typed.

Notry: true
Bug: v8:7327
Change-Id: I1a59a1047188a49579c975149b336cc232c05eef
Reviewed-on: https://chromium-review.googlesource.com/c/1396095
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58553}
2019-01-04 14:37:34 +00:00
Sigurd Schneider
ff3458cef1 [turbolizer] Enable TypeScript warning noUnusedLocals
...and fix all related issues.

Change-Id: I3bd37ae038b9ea7c4305600958c1ae20e67e0f1f
Notry: true
Bug: v8:7327
Reviewed-on: https://chromium-review.googlesource.com/c/1396092
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58552}
2019-01-04 14:30:14 +00:00
Sigurd Schneider
e75a97cd64 [turbolizer] Version bumps for dependencies
This CL updates TypeScript, rollup and d3 to newer versions.

Drive-bys:
 - Remove unused source file lang-disassembly.
 - Fix typing problem with FileReader callback

The rollup version update also ensures that watch mode works again:

  npm run-script watch

Change-Id: If852bc4287760017c185fbcb6dd9d2e36db36a04
Notry: true
Bug: v8:7327
Reviewed-on: https://chromium-review.googlesource.com/c/1396091
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58551}
2019-01-04 14:17:04 +00:00
Sigurd Schneider
f214b914cf [turbolizer] Various cleanups
- Move helper functions to utils
- Use let/const instead of var
- Fix display bug when schedule view was initially selected

Bug: v8:7327
Notry: true
Change-Id: I7caf3dd17b725a4553d035293716f452b9999ed8
Reviewed-on: https://chromium-review.googlesource.com/c/1396088
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58550}
2019-01-04 14:12:24 +00:00
Sigurd Schneider
b53dcfd5a6 [turbolizer] Split Graph class from GraphView
This CL splits out a Graph class from the GraphView, which improves
maintainability and is a first step towards preserving node positions
during phase view changes.

This CL also removes duplication of node storage on the graph and
provides a generator function instead. The only storage for nodes
in the graph is now the {nodeMap}.

Bug: v8:7327
Notry: true
Change-Id: I1659ecfe46f62a12d2fb3c40ccd6f4936f081b53
Reviewed-on: https://chromium-review.googlesource.com/c/1396087
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58549}
2019-01-04 13:36:43 +00:00
Sigurd Schneider
a53332fe35 [turbolizer] Improve handling of graph layout/redraw
This removes duplicate storage of edges in the graph view, thereby
reducing memory overhead.

Bug: v8:7327
Notry: true
Change-Id: I70df4bc102add8c89bc5145f01c0555b3e0a73d7
Reviewed-on: https://chromium-review.googlesource.com/c/1396085
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58548}
2019-01-04 13:15:23 +00:00
Clemens Hammacher
f5e1353f06 [wasm] Finish compilation units from background
"Finishing" currently only means decrementing a counter and notifying
users via the callback if baseline compilation or tier-up finished.
We can totally do this from background, if we spawn foreground tasks to
actually call the callback.

R=ahaas@chromium.org

Bug: v8:7921, v8:8423
Change-Id: I815964d07a4d9111248097c41ebbd650842304c3
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel
Reviewed-on: https://chromium-review.googlesource.com/c/1375662
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58547}
2019-01-04 12:25:31 +00:00
Mathias Bynens
40eb442783 [test] Fix expectations in WebKit JSON.stringify tests
The reference implementation used in the tests does not fully match
the spec, so for the diverging cases we need to explicitly specify
the correct expectation.

Every single change in this patch has been verified against every
major JavaScript engine using eshost + jsvu. All implementations
match the spec (and the V8 implementation), with the following two
exceptions:

- One expectation was wrong because of a JavaScriptCore bug (that
  is, we inherited the incorrect expectation when importing the
  tests from WebKit). A comment was added for that one.
- This work resulted in the discovery of bugs in Moddable/XS:
  https://github.com/Moddable-OpenSource/moddable/issues/112

Change-Id: I05d91d7acc5c8765e941fcd68c1086c2694c710c
Reviewed-on: https://chromium-review.googlesource.com/c/1396081
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58546}
2019-01-04 11:35:57 +00:00
Peter Marshall
af0428aca9 [cpu-profiler] Add source positions for inlined function calls
Currently in both kCallerLineNumbers and kLeafNodeLineNumbers modes, we
correctly capture inline stacks. In leaf number mode, this is simple as
we simply add the path onto the existing tree. For caller line numbers
mode this is more complex, because each path through various inlined
function should be represented in the tree, even when there are
multiple callsites to the same function inlined.

Currently we don't correctly show line numbers for inlined functions.
We do actually have this information though, which is generated by
turbofan and stored in the source_position_table data structure on the
code object.

This also changes the behavior of the SourcePositionTable class. A
problem we uncovered is that the PC that the sampler provides for every
frame except the leaf is the return address of the calling frame. This
address is *after* the call has already happened. It can be attributed
to the next line of the function, rather than the calling line, which
is wrong. We fix that here by using lower_bound in GetSourceLineNumber.

The same problem happens in GetInlineStack - the PC of the caller is
actually the instruction after the call. The information turbofan
generates assumes that the instruction after the call is not part of
the call (fair enough). To fix this we do the same thing as above - use
lower_bound and then iterate back by one.

TBR=alph@chromium.org

Bug: v8:8575, v8:8606
Change-Id: Idc4bd4bdc8fb70b70ecc1a77a1e3744a86f83483
Reviewed-on: https://chromium-review.googlesource.com/c/1374290
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58545}
2019-01-04 11:12:06 +00:00
Clemens Hammacher
3512fab37d Refactor lazily initialized singletons in simulators
Use the slimmer base::LeakyObject instead of base::LazyInstance.

R=tebbi@chromium.org

Bug: v8:8600
Change-Id: I71755db9fe3ea9c61be2cdf009a006947ef5560a
Reviewed-on: https://chromium-review.googlesource.com/c/1392203
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58544}
2019-01-04 10:49:26 +00:00
Predrag Rudic
aaec5fd51e MIPS: Fix broken build
Redefinition of GetHalfStackSlot after commit 5ea59597cf.

Change-Id: Ib2b1fe6bd130c6737a73ef55b09dc80f4cd9b3fb
Reviewed-on: https://chromium-review.googlesource.com/c/1396077
Reviewed-by: Sreten Kovacevic <skovacevic@wavecomp.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Predrag Rudic <prudic@wavecomp.com>
Cr-Commit-Position: refs/heads/master@{#58543}
2019-01-04 10:19:06 +00:00
Clemens Hammacher
5ed7dff356 [Liftoff][ia32] Fix i64 sign extension on non-byte register
The {movsx_b} instruction can only take byte registers (or operands) as
source. Ensure that for i8 sign extensions to i64, the src register is
moved to a temporary byte register first, similar to the same operation
on i32 a few lines above.

R=ahaas@chromium.org

Bug: chromium:918149, v8:6600
Change-Id: I17bc942127baee57279a7fc0caac9d82bd7c6bfb
Reviewed-on: https://chromium-review.googlesource.com/c/1394555
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58542}
2019-01-04 10:12:06 +00:00
Ross McIlroy
289452b06e [Test] Disable bytecode flushing in DecideToPretenureDuringCompilation.
The high GC stressing in this tests causes bytecode flushing which breaks some
invariants in the test.

BUG=v8:8629

Change-Id: I7efff098ed4fa96006c8200e174132a6297bd36f
Reviewed-on: https://chromium-review.googlesource.com/c/1394743
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58541}
2019-01-04 10:09:26 +00:00
Sigurd Schneider
5bcd6e1a60 [mjsunit] Disable test unsuitable for GC stress
regress-6989 uses assertOptimized and will hence fail randomly depending
on GC timing. This means we should not run it under GC stress.

This can be verified by running the test under GC stress and changing the
--gc-interval. It is easy to find values for which the test fails, and
values for which the test passes.

Change-Id: Ibd8bfbc1712ad60830255e4d89ea795023134891
Reviewed-on: https://chromium-review.googlesource.com/c/1396078
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58540}
2019-01-04 09:51:55 +00:00
Tamer Tas
6df42e36e5 [testrunner] remove dead code
This code is very old and is not referenced anywhere else.

Verifying that the code isn't called anywhere else:
- https://cs.chromium.org/search/?q=FilterTestCasesByArgs&type=cs
- https://cs.chromium.org/search/?q=FilterTestCasesByStatus&type=cs

R=machenbach@chromium.org
CC=yangguo@chromium.org,sergiyb@chromium.org

No-Try: true
Change-Id: I18b0309430d86649046e64e863ca252951786061
Reviewed-on: https://chromium-review.googlesource.com/c/1394553
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Tamer Tas <tmrts@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58539}
2019-01-04 09:40:53 +00:00