Commit Graph

51595 Commits

Author SHA1 Message Date
Jakob Gruber
d31a5b6569 [array] Fix left-trimming in Array.p.sort
Whenever left-trimming is possible (e.g. whenever user code is
called), we must not store a reference to an exposed JSArray's
elements.

Bug: chromium:897366,v8:7382
Change-Id: I8dd6a93aa6ed19e755ccce7122e0e019dc578a31
Reviewed-on: https://chromium-review.googlesource.com/c/1292066
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56903}
2018-10-23 13:58:54 +00:00
Benedikt Meurer
66941872c0 [async] Simplify async instrumentation checking a bit.
This introduces a new bit on the Isolate which tells whether promise
hooks, async event delegate or the debug delegate are enabled. Use
this new bit in places where we generally need to take the slow path
due to async instrumentation.

Bug: v8:7253, v8:7522, v8:8238
Change-Id: I8f34eeb9f8f7b56fcbb4deb59ac51b2d0907ff6c
Reviewed-on: https://chromium-review.googlesource.com/c/1296473
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56902}
2018-10-23 13:35:23 +00:00
Dan Elphick
7f963432af [snapshot] Add tracking for read-only snapshot size.
Bug: v8:8329
Change-Id: I5be972698809ca77a621bb960cbc6a23b9f0f4b0
Reviewed-on: https://chromium-review.googlesource.com/c/1296474
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56901}
2018-10-23 13:34:13 +00:00
Michael Achenbach
dc7992bc2d [test] Fix comment in test configs
NOTRY=true
TBR=sergiyb@chromium.org

Bug: chromium:830557
Change-Id: I598a8591559c489944da6aa06fea793aaed0fa6e
Reviewed-on: https://chromium-review.googlesource.com/c/1296479
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56900}
2018-10-23 13:27:53 +00:00
Michael Achenbach
5553ab52b9 [test] Fix predictable builder after swarming switch
NOTRY=true
TBR=sergiyb@chromium.org

Bug: chromium:830557
Change-Id: Ie9022b04cb5858654c6903f38031c860e8681b9e
Reviewed-on: https://chromium-review.googlesource.com/c/1296478
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56899}
2018-10-23 13:24:53 +00:00
Michael Achenbach
56ae234e01 [build][mips] Include libatomic when building for mips
NOTRY=true

Bug: v8:8291
Change-Id: Iae948ef9de027f86702accf34487524fd1c6b538
Reviewed-on: https://chromium-review.googlesource.com/c/1296455
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56898}
2018-10-23 13:22:43 +00:00
Clemens Hammacher
6b6fc8dda1 [wasm] Remove Result::MoveErrorFrom
This is the last method which modified the Result after construction.
Turn this into a named constructor instead.

Drive-by: Replace a Result<bool> by VoidResult, since the bool is not
used anywhere.

R=mstarzinger@chromium.org

Bug: v8:8238
Change-Id: I352e0687e99a90e6ad00587d6fdf388f68c9b60a
Reviewed-on: https://chromium-review.googlesource.com/c/1296271
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56897}
2018-10-23 13:08:13 +00:00
Clemens Hammacher
9716f689b8 [wasm] Do not store ModuleEnv
Instead, create it when needed and pass it down to the actual
compilation.
This saves memory by making the WasmCompilationUnit smaller and will
eventually allow us to implement the trap handler fallback correctly by
using an updated ModuleEnv in background compilation and tier up.

R=mstarzinger@chromium.org

Bug: v8:5277, v8:8343
Change-Id: I0dc3a37fb88e54eb4822dc99d58ff024f4b2a367
Reviewed-on: https://chromium-review.googlesource.com/c/1293953
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56896}
2018-10-23 12:47:14 +00:00
Clemens Hammacher
6d28125e1c [wasm] Use UseTrapHandler enum consistently
Update two more uses of {bool} instead of {UseTrapHandler}.

R=mstarzinger@chromium.org

Change-Id: I83715661a2238004a4cbccf271a2bf781ef2f44d
Reviewed-on: https://chromium-review.googlesource.com/c/1293952
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56895}
2018-10-23 12:23:37 +00:00
Michael Achenbach
01e3a03d24 [test] Prepare switching full-debug builder to swarming
NOTRY=true
TBR=sergiyb@chromium.org

Bug: chromium:830557
Change-Id: I2dd9e040c0d29a49aa0a23283da67d550a110677
Reviewed-on: https://chromium-review.googlesource.com/c/1296453
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56894}
2018-10-23 12:20:27 +00:00
Clemens Hammacher
097b5c3b82 [wasm] Move compilation-related structs to own header
This is to prepare larger refactorings that reduce the amount of
information stored in the WasmCompilationUnits and avoid ever storing
the ModuleEnv. Instead, we will generate it when needed. This will
allow us to correctly switch from a trap-handler configuration to
non-trap-handler.

R=mstarzinger@chromium.org

Bug: v8:8343, v8:5277
Change-Id: I383a8105448ccdcae1148ddfebd74db70c648ecf
Reviewed-on: https://chromium-review.googlesource.com/c/1293951
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56893}
2018-10-23 12:16:47 +00:00
Florian Sattler
497723cf37 Fix type within dcheck for MSVC.
Bug: v8:8351
Change-Id: I6ea08e0eb8b77a578a6a4fbe3eb0b96e6c3a0f95
Reviewed-on: https://chromium-review.googlesource.com/c/1296451
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Florian Sattler <sattlerf@google.com>
Cr-Commit-Position: refs/heads/master@{#56892}
2018-10-23 12:06:07 +00:00
Michael Achenbach
5679e3095e [test] Migrate test configs for branches console
All configs auto-generated with https://crrev.com/c/1270796.

NOTRY=true
TBR=sergiyb@chromium.org

Bug: chromium:830557
Change-Id: Ie421a3a01bbcd996297ab3a8585dd6f116e29886
Reviewed-on: https://chromium-review.googlesource.com/c/1296449
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56891}
2018-10-23 12:04:07 +00:00
Yang Guo
27ceb7499a [d8] only add arguments object if arguments are provided
This is to fix test262 tests which expect that there is no arguments
object.

Bug: v8:7186
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I56205c29609666dc832297e4d36a4d487eae36cc
Reviewed-on: https://chromium-review.googlesource.com/c/1291469
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56890}
2018-10-23 11:46:53 +00:00
Peter Marshall
1bcc69d707 Revert "[cpu-profiler] Fix a bug which caused a pure virtual function call"
This reverts commit c92a1dda41.

Reason for revert: Breaks arm sim: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20arm%20-%20sim/15207

Original change's description:
> [cpu-profiler] Fix a bug which caused a pure virtual function call
> 
> We need to remove each Sampler from the SamplerManager before we call
> the Sampler destructor. This is because the signal handler can interrupt
> the destructor, and call DoSampler(), which calls sampler->SampleStack()
> on the sampler being destructed, causing general unhappiness and
> "Pure virtual function called!" crashes.
> 
> Bug: v8:8346, v8:5193
> Change-Id: Iaa595a196eab33fb1af31584e9a68fd1ce0a18f6
> Reviewed-on: https://chromium-review.googlesource.com/c/1293949
> Commit-Queue: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Alexei Filippov <alph@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#56882}

TBR=alph@chromium.org,yangguo@chromium.org,petermarshall@chromium.org

Change-Id: I517e07d75045f6253e7f12714304fba77959fbc2
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8346, v8:5193
Reviewed-on: https://chromium-review.googlesource.com/c/1296472
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56889}
2018-10-23 10:59:08 +00:00
Toon Verwaest
4e90857627 [parser] Remove outdated comment about trivial expression parsing
Change-Id: I403a6c5124f560d47a3b5d54d79bf54563207c1e
Reviewed-on: https://chromium-review.googlesource.com/c/1296269
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56888}
2018-10-23 09:34:40 +00:00
Toon Verwaest
cd21f71f9c [parser] Validate destructuring assignment pattern in correct classifier
Previously we'd first accumulate errors to the parent and validate the
destructuring pattern in the parent. In the case of ParseArguments this
will invalidly propagate binding pattern errors from one argument to the
next. The reason why ParseArguments keeps track of binding pattern errors
is because it could also be used to parse async arrow function parameters.
If we see async(a,b) we don't yet know whether this is the head of an
async arrow function, or a call to async with arguments a and b.

Bug: v8:8241
Change-Id: I670ab9a9c6f2e0bee399808b02a465ae1afa7c3f
Reviewed-on: https://chromium-review.googlesource.com/c/1296229
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56887}
2018-10-23 09:26:19 +00:00
Marja Hölttä
3343947273 Reland [js weak refs] Add WeakCell.clear()
Previous version:
https://chromium-review.googlesource.com/c/v8/v8/+/1292058

BUG=v8:8179
TBR=hpayer@chromium.org, gsathya@chromium.org

Change-Id: Ia79b75a0630c5926e59206c29053addc88bfb6fe
Reviewed-on: https://chromium-review.googlesource.com/c/1296210
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56886}
2018-10-23 09:15:19 +00:00
Michael Achenbach
0c76110de1 [test] Migrate test configs for clusterfuzz console
All configs auto-generated with https://crrev.com/c/1270796/9.

NOTRY=true
TBR=sergiyb@chromium.org

Bug: chromium:830557
Change-Id: Ibc56891314907c0de393ce6858cac1450664e4c6
Reviewed-on: https://chromium-review.googlesource.com/c/1296270
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56885}
2018-10-23 09:12:53 +00:00
Tobias Tebbi
5b92f91ccd [elements] handle OOB-holes in Array.prototype.includes fast-path
In the ElementsAccessor fast-path for Array.prototype.includes, we
iterate backing-store elements according to start and length numbers
which might or might not be within the JSArray::length field, for
example when side-effects changed the receiver while start and length
are computed. So even when we have a packed ElementsKind, we might still
observe the hole. This is fine, since logical out-of-bounds accesses
are safe in this case, but it means we must not rely on the
ElementsKind telling us if we can encounter holes.

Bug: chromium:897098
Change-Id: I17db38246aef6edbdd5cee30598cbf7619aba6d8
Reviewed-on: https://chromium-review.googlesource.com/c/1293571
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56884}
2018-10-23 09:07:37 +00:00
Andreas Haas
351620dccb [wasm] Update wasm spec tests
The DEPS file was already up to date, so we only had to update the hash.

R=herhut@chromium.org

Change-Id: Ibbf960e140746b522339cb8f649691a08f4cd485
Reviewed-on: https://chromium-review.googlesource.com/c/1293576
Reviewed-by: Stephan Herhut <herhut@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56883}
2018-10-23 08:57:08 +00:00
Peter Marshall
c92a1dda41 [cpu-profiler] Fix a bug which caused a pure virtual function call
We need to remove each Sampler from the SamplerManager before we call
the Sampler destructor. This is because the signal handler can interrupt
the destructor, and call DoSampler(), which calls sampler->SampleStack()
on the sampler being destructed, causing general unhappiness and
"Pure virtual function called!" crashes.

Bug: v8:8346, v8:5193
Change-Id: Iaa595a196eab33fb1af31584e9a68fd1ce0a18f6
Reviewed-on: https://chromium-review.googlesource.com/c/1293949
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56882}
2018-10-23 08:52:07 +00:00
Tom Tan
fcbb023b0e Add Windows ARM64 ABI support to V8
This change added Windows ARM64 ABI support, major things are:
1. Excluding x18 register from any usage because it is reserved as
   platform register. Preserve alignment after the change.
2. Fix the assumption of LP64 in arm64 backend. Windows ARM64 is
   still LLP64.
3. Stack guard page probe for large allocation on stack.

Reference:
Windows ARM64 ABI:
https://docs.microsoft.com/en-us/cpp/build/arm64-windows-abi-conventions?view=vs-2017

Bug: chromium:893460
Change-Id: I325884ac8dab719154a0047141e18a9fcb8dff7e
Reviewed-on: https://chromium-review.googlesource.com/c/1285129
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56881}
2018-10-23 08:45:48 +00:00
Gus Caplan
1e7588617b [api] Redesign the Isolate PrepareStackTrace API
This CL replaces the stack trace parameter with a the array that is
usually passed to the JS prepareStackTrace callback. This allows two
important goals to be realized: 1) we can easily stringify individual
frames and 2) we can (if needed) call back into JS from this callback
with a usable structure. If, as is sometimes the case, a v8::StackTrace
is needed, |v8::Exception::GetStackTrace| can be used on the exception
that is passed to PrepareStackTraceCallback.

Bug: v8:7637

Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I57fa1f2b4552cc7f69351fe0918f4e59e3f5fce1
Reviewed-on: https://chromium-review.googlesource.com/c/1266698
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56880}
2018-10-23 08:30:02 +00:00
Hai Dang
727003c628 Reduce the chance Torque's Array.prototype.slice creates holey arrays.
Currently Torque's Array.prototype.slice creates holey arrays for those
that don't fit in new space in its slow path (by calling
ArraySpeciesCreate), even if the source is packed. This creates regression
on packed arrays where TurboFan optimizes and then deoptimizes because
the maps don't match.
See https://chromeperf.appspot.com/report?sid=4553b0826123337f5026fd6b4a285d5fc3cd77cafb515ddd954d195630642730

This CL reduces the chance that Torque's Array.prototype.slice returns
holey arrays. In particular, in the case of a large FastJSArray,
ExtractFastJSArray can still be used because it can handle large objects,
and will return a packed array if the source array is also packed.

Change-Id: I691cf48e07c699e5d42afda0bea6cbdc117b653f
Reviewed-on: https://chromium-review.googlesource.com/c/1293372
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Commit-Queue: Hai Dang <dhai@google.com>
Cr-Commit-Position: refs/heads/master@{#56879}
2018-10-23 08:28:58 +00:00
Benedikt Meurer
7fe7be168a [async] Remove obsolete AsyncFunctionPromiseCreate builtin.
This builtin was initially used to create the promise for an async
function, but that is now done by the AsyncFunctionEnter intrinsic.

Bug: v8:7253
Change-Id: I90d0bb31c1548bbfdb53833a5c06161db368f4f0
Reviewed-on: https://chromium-review.googlesource.com/c/1296129
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56878}
2018-10-23 07:45:52 +00:00
Hannes Payer
499efdfd40 [heap] Only reclaim inaccessible memory when reducing memory.
Bug: chromium:897074
Change-Id: I65894046064a230847f3e629e56d8a171546aa51
Reviewed-on: https://chromium-review.googlesource.com/c/1293950
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56877}
2018-10-23 07:42:17 +00:00
Benedikt Meurer
b8320b6f6a [turbofan] Properly type Promise builtins.
Add missing typing rules for calls to Promise builtins. All of these
return receivers always, since PromiseCapabilities.[[Promise]] can be
any receiver essentially. Adding the typing rules here helps to rule
out unnecessary Smi checks in the general case.

Bug: v8:7253
Change-Id: Ia51546420f331431872183a92702855f91b7daba
Reviewed-on: https://chromium-review.googlesource.com/c/1293956
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56876}
2018-10-23 04:33:18 +00:00
Frank Tang
1b4436e7f0 [Intl] Move code from builtins-intl.cc
Move Normalize into intl-objects.*
Move V8BreakIterator code to js-break-iterator*
Add heap-symbol for breakType of JSBreakIterator

Bug: v8:5751
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Id25af28770ae3c0b7716f4e3b602d4b040194a7d
Reviewed-on: https://chromium-review.googlesource.com/c/1293110
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56875}
2018-10-23 00:14:21 +00:00
Alexei Filippov
f03b329719 [heap profiler] Plumb samples through the protocol.
BUG=chromium:889545

Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ic00ffa9968cffaf2e20682e247747b5f7dc0f145
Reviewed-on: https://chromium-review.googlesource.com/c/1285394
Commit-Queue: Alexei Filippov <alph@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56874}
2018-10-23 00:12:01 +00:00
Frank Tang
c4311e52f7 [Intl] Remove intl.(h|cc)
Fold methods from intl.* to objects/intl-objects.*
Move Isolate* to the first parameter for some method
Move ICUSerice type under Intl
Hide ICUTimeZoneCache under a CreateTimeZoneCache factory method.

Bug: v8:5751
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Ie6f6a1ceee789333a077c1965de8e11d8c15c175
Reviewed-on: https://chromium-review.googlesource.com/c/1293109
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56873}
2018-10-22 22:44:36 +00:00
Alexey Kozyatinskiy
66daabcca9 inspector: generate custom preview using native code
Full custom preview generation is moved to custom-preview file
including frontend part. New custom preview implementation returns
body getter function instead of bind function, formatter and config
objects. Body getter function calls formatter.body(object, config)
and returns json ML.

R=dgozman@chromium.org

Bug: chromium:595206
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I14ff3d8abb4a47d2bbc2e6eaa1835fc362ac7369
Reviewed-on: https://chromium-review.googlesource.com/c/1292686
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56872}
2018-10-22 21:24:49 +00:00
Junliang Yan
7126530d45 s390: fix compare and swap 64 loop
R=joransiu@ca.ibm.com

Change-Id: Ia33e925339c66fcefb9c3739c1985477190dab44
Reviewed-on: https://chromium-review.googlesource.com/c/1294372
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#56871}
2018-10-22 20:40:41 +00:00
Camillo Bruni
6c703ffc86 [ic] Respect PropertyDetails::KindField when following transitions
Bug: chromium:897514
Change-Id: Ie7950a2caa2e63e102096a6a36475351259ea854
Reviewed-on: https://chromium-review.googlesource.com/c/1293955
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56870}
2018-10-22 18:46:28 +00:00
Junliang Yan
aff6b9aa46 s390: add missing header files to fix compilation
R=joransiu@ca.ibm.com

Change-Id: I26510b95469b6d9724bdae150f65f4c3068553ea
Reviewed-on: https://chromium-review.googlesource.com/c/1293774
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#56869}
2018-10-22 17:01:41 +00:00
andrew-cc-chen
1d5013f96d [ppc] cleaned up atomic64 ops
Change-Id: Id27bfca6f49d4ec351988a597307558cd75ecf56
Reviewed-on: https://chromium-review.googlesource.com/c/1278499
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#56868}
2018-10-22 16:58:51 +00:00
Alexei Filippov
4b2282b316 Add myself to the watch list.
Change-Id: Iefd58de58d5aaa9ac30f87dba249f7a123ede0bd
Reviewed-on: https://chromium-review.googlesource.com/c/1292685
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56867}
2018-10-22 16:20:40 +00:00
Maya Lekova
d2e12ffe5e [test] Disable failing weakrefs test on MacOS
NOTRY=true
R=sigurds@chromium.org

Change-Id: I94a735508f2ec4ca0b21e48ee0f486c3189b2d8a
Reviewed-on: https://chromium-review.googlesource.com/c/1293954
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56866}
2018-10-22 16:15:16 +00:00
Jakob Gruber
e217fbfffe [builtins] Properly handle arbitrary addresses in builtin lookup
TryLookupCode can be passed arbitrary addresses, e.g. by tentative
name lookups during disassembly. This CL makes sure that addresses
within non-builtin-code sections of the embedded blob (metadata or
padding) are handled properly.

Bug: v8:6666, v8:8334
Change-Id: I42eca57062e30eabd7bb1b069786aa809706cd2c
Reviewed-on: https://chromium-review.googlesource.com/c/1292060
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56865}
2018-10-22 16:14:09 +00:00
Jakob Gruber
adfe25c0ce [ia32] Remove embedded builtin porting helpers
This removes a bunch of porting helpers, e.g. scopes that mark
the addressability of ebx, printing embedded builtin candidates, and
the call/jump mechanism through a virtual target register.

This also disables root register verification by default on ia32. It
can be completely removed in a bit.

Bug: v8:6666
Change-Id: I4705d61991ddc57c30981c311a1c8c5e2f8ddf4d
Reviewed-on: https://chromium-review.googlesource.com/c/1288271
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56864}
2018-10-22 16:13:04 +00:00
Alexey Kozyatinskiy
c949f19b45 inspector: add couple tests
Test to cover a lot of injected script source corner cases.

R=dgozman@chromium.org

Bug: chromium:595206
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ia631de58c5a92b39ec3933c56cf7e3f108b9bd9e
Reviewed-on: https://chromium-review.googlesource.com/c/1292688
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56863}
2018-10-22 16:12:02 +00:00
Camillo Bruni
c2021a857a Add counter to track number compiled functiond with one-shot bytecodes.
Typically compiler does not have to compile one-shot code but, there
are some cases where user can capture IIFEs and execute it multiple times.
Adding counter to track number of such closures compiled with one-shot
bytecodes.

Bug: v8:8072
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I752a12cff6ee9bb751323f4d58897cdd41c6890c
Reviewed-on: https://chromium-review.googlesource.com/c/1237679
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56862}
2018-10-22 16:10:57 +00:00
Georgia Kouveli
3b98c90e64 [arm64] Fix disassembler for ADR with negative offsets.
Change-Id: I8b50ff0d53787fb19604644a71f091837a8dcbde
Reviewed-on: https://chromium-review.googlesource.com/c/1292062
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
Cr-Commit-Position: refs/heads/master@{#56861}
2018-10-22 14:53:20 +00:00
Michael Starzinger
99dcc4cd94 [wasm] Perform exception value encoding/decoding in code.
This removes some unnecessary runtime calls when encoding/decoding
values stored in exception objects. It reduces code size of the
generated code.

R=clemensh@chromium.org
BUG=v8:8341

Change-Id: I2394994be01d3071e58bfa2bfbba8bf72a6a04a5
Reviewed-on: https://chromium-review.googlesource.com/c/1293373
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56860}
2018-10-22 14:45:05 +00:00
Georg Neis
15f0263f12 [turbofan] Brokerize parts of JSCallReducer.
Bug: v8:7790
Change-Id: I1e168132f5d3c90e1a3ee5c13ebc6dbc11e9daa1
Reviewed-on: https://chromium-review.googlesource.com/c/1288250
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56859}
2018-10-22 14:41:46 +00:00
Benedikt Meurer
50f713c9a2 [promises] Add fast-path for native promises to Promise.all.
This CL introduces a new fast-path for `Promise.all(a)` for the case
that elements in `a` are native promises, and the Promise.prototype
and Promise function itself are intact. If so, we can skip the lookups
of "resolve" on Promise and "then" on the result of invoking "resolve",
which are both quite expensive, and we can instead directly call the
PerformPromiseThen() operation on the element of `a`.

In addition to that we don't need to create and chain a result promise,
since this is only used when either async_hooks or DevTools are enabled.
Otherwise it's a "throwaway promise" only used to satisfy the operation
parameter signature (see https://github.com/tc39/ecma262/pull/1146).

This results in a significant performance improvement on `Promise.all()`
heavy code. For example the parallel-promises-es2015-native test goes
from around 84ms to roughly 68ms, which is almost a 20% improvement.

Bug: v8:7253
Ref: tc39/ecma262#1146
Change-Id: Iab9c57edb26d13a467b0653fd8de6149c382efc6
Reviewed-on: https://chromium-review.googlesource.com/c/1293374
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56858}
2018-10-22 14:35:50 +00:00
Clemens Hammacher
5edf567a85 [wasm] Turn Result methods into named constructors
This removes the {error} and {verror} methods of {ResultBase} and
introduces a named constructor {Error} instead. This allows to
construct an error result in a single expression, and moves {Result}
closer to a container that is initialized once and is immutable
afterwards (just the {MoveErrorFrom} method is still violating this
pattern).

R=titzer@chromium.org

Bug: v8:8238
Change-Id: Iec16c8c6d66300ee82a48e8a9e941c72ae26e202
Reviewed-on: https://chromium-review.googlesource.com/c/1293370
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56857}
2018-10-22 14:34:46 +00:00
Camillo Bruni
956da336c1 [tools] Always set --data-path for content_shell
Making --data-path a subdir of --user-data-dir makes it easier to clean up
data after a benchmark run.

Bug: chromium:861668
Change-Id: If44527163ea396b11346d65d76411d03a5b9a424
Reviewed-on: https://chromium-review.googlesource.com/c/1292065
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56856}
2018-10-22 14:19:35 +00:00
Marja Hölttä
5bbb6e7827 Revert "[js weak refs] Add WeakCell.clear()"
This reverts commit 49bd7f50dc.

Reason for revert: breaks nonintl build since the added string is inside wrong ifdefs

Original change's description:
> [js weak refs] Add WeakCell.clear()
> 
> BUG=v8:8179
> 
> Change-Id: Ic0d9af273a8a92177bf60e4be0dd5bddaf31868c
> Reviewed-on: https://chromium-review.googlesource.com/c/1292058
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Commit-Queue: Marja Hölttä <marja@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#56853}

TBR=marja@chromium.org,hpayer@chromium.org,gsathya@chromium.org

Change-Id: I7d6831cfd8a5263ee327c2a80274d1cd10dd65cc
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8179
Reviewed-on: https://chromium-review.googlesource.com/c/1293573
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56855}
2018-10-22 14:16:52 +00:00
Michael Starzinger
f4c39c1a8b [wasm] Switch exception values encoding to {FixedArray}.
This changes the encoding of values stored in exception objects from a
typed uint16 array (a JSObject) to a {FixedArray} instead. Note that it
increases the memory footprint of the encoding, but will allow accessing
elements directly from generated code and also encode reference types
properly. The memory footprint can/should be optimized only after the
implementation is feature complete.

R=clemensh@chromium.org
BUG=v8:8341

Change-Id: If67c4e498d815e14f95d014e6a1f7a6725aa0b3a
Reviewed-on: https://chromium-review.googlesource.com/c/1293371
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56854}
2018-10-22 13:35:31 +00:00