Commit Graph

7675 Commits

Author SHA1 Message Date
Josh Wolfe
0bd428ffea [api] Fix harmony formatting for CompileFunctionInContext
Add newline at the start of the function body.

BUG=v8:6190, v8:4958
R=littledan@chromium.org, adamk@chromium.org, caitp@igalia.com

Change-Id: I10db088ac9807a503382fd5080ad955e418d8b45
Reviewed-on: https://chromium-review.googlesource.com/466566
Reviewed-by: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Josh Wolfe <jwolfe@igalia.com>
Cr-Commit-Position: refs/heads/master@{#44352}
2017-04-03 20:05:06 +00:00
Clemens Hammacher
d38334c575 [wasm] [interpreter] Fix integer underflow in mem access
For OOB checks on memory accesses, we first subtracted the size of the
type to load/store from the memory size, and then compared against this
effective_size. If the memory size is smaller than the size of the type,
this would lead to an integer underflow, and we would try to load the
value.
This CL fixes this, and adds a test case for this.

R=ahaas@chromium.org
BUG=v8:5822

Change-Id: I26fcba0be7343c88b8459d029b0c0af095d2466a
Reviewed-on: https://chromium-review.googlesource.com/465946
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44345}
2017-04-03 15:00:00 +00:00
rmcilroy
f4f58e31c1 [Interpreter] Optimize code of the form 'if (x === undefined)'.
Translates code of the form 'if (x === undefined)' into the JumpIfUndefined
bytecode, and similarly for comparisons with null. Also adds bytecodes for
JumpIfNotUndefined / Null.

Moves the peephole optimization for CompareUndefined out of the peephole
optimizer and into the BytecodeGenerator, having the side-effect of enabling
it for comparisons with undefined on both side of the compare operation.

BUG=v8:6107

Review-Url: https://codereview.chromium.org/2793923002
Cr-Commit-Position: refs/heads/master@{#44341}
2017-04-03 14:17:16 +00:00
Caitlin Potter
d73b11ecd2 [api] fix incorrect parameter end position in CompileFunctionInContext
With --harmony-function-tostring enabled (now enabled by --harmony),
CompileFunctionInContext would produce incorrect results whenever called
with 1 or more argument parameters, due to specifying an incorrect end
position for the parameters.

BUG=v8:6190, v8:4958
R=littledan@chromium.org, adamk@chromium.org, jwolfe@igalia.com

Change-Id: Ied2bcba44116311ebcae3967963472b4e1058fd3
Reviewed-on: https://chromium-review.googlesource.com/465515
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44340}
2017-04-03 14:16:57 +00:00
dusan.simicic
12faf0f87f MIPS[64]: Support for some SIMD operations
Adds support for I32x4Splat, I32x4ExtractLane, I32x4ReplaceLane,
I32x4Add, I32x4Sub, S128Zero operations for mips32 and mips64
architectures.

BUG=

Note: Depends on patch: https://codereview.chromium.org/2740123004/
Review-Url: https://codereview.chromium.org/2753903004
Cr-Commit-Position: refs/heads/master@{#44326}
2017-04-03 08:22:19 +00:00
machenbach
cc047635ff Revert "ARM64: Add NEON support"
This reverts commit 4506382dce.

We don't allow DEPS'ing things outside googlesource. This requires a
mirror. Also .gitignore entry is missing.

NOTRY=true
NOTREECHECKS=true
NOPRESUBMIT=true
TBR=bmeurer@chromium.org

Review-Url: https://codereview.chromium.org/2785183005
Cr-Commit-Position: refs/heads/master@{#44307}
2017-03-31 12:33:57 +00:00
martyn.capewell
4506382dce ARM64: Add NEON support
Add assembler, disassembler and simulator support for NEON in the ARM64 backend.

BUG=

Review-Url: https://codereview.chromium.org/2622643005
Cr-Commit-Position: refs/heads/master@{#44306}
2017-03-31 11:33:02 +00:00
bmeurer
04f48a76c8 [turbofan] Specialize to closure with function context specialization.
R=jarin@chromium.org
BUG=v8:5267,v8:6181

Review-Url: https://codereview.chromium.org/2792553002
Cr-Commit-Position: refs/heads/master@{#44305}
2017-03-31 11:22:20 +00:00
Clemens Hammacher
c32113e7eb [wasm] [cleanup] Attach methods to the object they operate on
This CL cleans up a few things:
- It removes two dead declarations: WasmMemoryObject::Grow and
  wasm::GrowInstanceMemory.
- It removes the unneeded wasm::GetInstanceMemory function (use
  instance->memory_buffer() directly).
- It moves wasm::GetInstanceMemorySize to
  WasmInstanceObject::GetMemorySize.
- It moves wasm::GrowInstanceMemory to WasmInstanceObject::GrowMemory.
- It moves wasm::GrowWebAssemblyMemory to WasmMemoryObject::Grow.

R=ahaas@chromium.org
CC=gdeepti@chromium.org

Change-Id: I19781ca9784f1a8e7b60955bef82e341c4f75550
Reviewed-on: https://chromium-review.googlesource.com/463167
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44293}
2017-03-31 08:12:15 +00:00
domenic
a6e635d692 Add V8 extra utils for promise state
This will allow V8 extra consumers to track promise state without
using a side-table. This is used by streams as of
173f9f67be.

BUG=chromium:658144

Review-Url: https://codereview.chromium.org/2784213002
Cr-Commit-Position: refs/heads/master@{#44287}
2017-03-31 05:58:15 +00:00
Andreas Haas
eef2a462ad [gn] Remove the wasm_test_signatures source set.
The source set only contained a header file, which caused problems
when compiling a static library with VS.

R=machenbach@chromium.org
BUG=v8:6158

Change-Id: I3eed4a888e72cf6a2917190e4a1db7b38006cd0c
Reviewed-on: https://chromium-review.googlesource.com/463027
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44263}
2017-03-30 10:00:28 +00:00
Franziska Hinkelmann
3e6dde8769 [interpreter] Split function into Receiver() and Parameter(i).
The parameter indices are shifted by 1 in BytecodeArrayBuilder
because the receiver is variable at index 0 and not -1.

Split BytecodeArrayBuilder::Parameter(index) method into
Receiver() (same as Parameter(-1)) and
Parameter(index).

This way we avoid confusing (index+1) counting in BytecodeGenerator().

BUG=

Change-Id: Id87ec7c708cecfc3108011994f3177f483772bcc
Reviewed-on: https://chromium-review.googlesource.com/461904
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Franziska Hinkelmann <franzih@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44262}
2017-03-30 09:40:08 +00:00
Caitlin Potter
bf463c4dc0 [async-iteration] implement AsyncGenerator
- Introduce new struct AsyncGeneratorRequest, which holds
  information pertinent to resuming execution of an
  AsyncGenerator, such as the Promise associated with the async
  generator request. It is intended to be used as a singly
  linked list, and holds a pointer to the next item in te queue.

- Introduce JSAsyncGeneratorObject (subclass of
  JSGeneratorObject), which includes several new internal fields
  (`queue` which contains a singly linked list of
  AsyncGeneratorRequest objects, and `await_input` which
  contains the sent value from an Await expression (This is
  necessary to prevent function.sent (used by yield*) from
  having the sent value observably overwritten during
  execution).

- Modify SuspendGenerator to accept a set of Flags, which
  indicate whether the suspend is for a Yield or Await, and
  whether it takes place on an async generator or ES6
  generator.

- Introduce interpreter intrinsics and TF intrinsic lowering for
  accessing the await input of an async generator

- Modify the JSGeneratorStore operator to understand whether or
  not it's suspending for a normal yield, or an AsyncGenerator
  Await. This ensures appropriate registers are stored.

- Add versions of ResumeGeneratorTrampoline which store the
  input value in a different field depending on wether it's an
  AsyncGenerator Await resume, or an ordinary resume. Also modifies
  whether debug code will assert that the generator object is a
  JSGeneratorObject or a JSAsyncGeneratorObject depending on the
  resume type.

BUG=v8:5855
R=bmeurer@chromium.org, rmcilroy@chromium.org, jgruber@chromium.org,
littledan@chromium.org, neis@chromium.org
TBR=marja@chromium.org

Change-Id: I9d58df1d344465fc937fe7eed322424204497187
Reviewed-on: https://chromium-review.googlesource.com/446961
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44240}
2017-03-29 17:33:12 +00:00
gdeepti
6234fda3c9 [wasm] Make Opcode names consistent across architectures, implementations
- Fix opcode names to be consistent with opcodes as in wasm-opcodes.h
- Fix Ordering of Ops, inconsistencies

BUG=v8:6020

Review-Url: https://codereview.chromium.org/2776753004
Cr-Commit-Position: refs/heads/master@{#44239}
2017-03-29 17:02:17 +00:00
Jochen Eisinger
f8deca1c86 Never freeze/seal/preventExtensions objects with interceptors
BUG=v8:6163
R=verwaest@chromium.org

Change-Id: Ieaec78c806cc3d459488a8491e77b7b5a8047079
Reviewed-on: https://chromium-review.googlesource.com/461903
Commit-Queue: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44228}
2017-03-29 13:04:58 +00:00
Yang Guo
da5b745dba [api] deprecate unused context size estimate.
Change-Id: I8de170892f061a8b30d1e39d1a7d3b4e2fe9230d
Reviewed-on: https://chromium-review.googlesource.com/461823
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44222}
2017-03-29 09:56:22 +00:00
Michael Starzinger
ab4c91904d [asm.js] Widen test coverage to message tests.
R=machenbach@chromium.org
BUG=v8:6127

Change-Id: Ie828f6e0dc6fe9f9f9351aa1afaf7b9dbf536e26
Reviewed-on: https://chromium-review.googlesource.com/461181
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44219}
2017-03-29 08:42:32 +00:00
Mythri
1608919603 [Interpreter] Inline fast paths in compare bytecode handlers.
Compare bytecode handlers does several checks to collect feedback and
repeats these checks when actually performing the operation. This cl
changes it perform the actual comparison for smi / number along with 
collecting feedback. 

BUG=v8:4280

Change-Id: If0954b68dd232461e08e94a90ccc17604c235b27
Reviewed-on: https://chromium-review.googlesource.com/458420
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44216}
2017-03-29 07:23:58 +00:00
littledan
76e3fe97d6 [heap] Two minor fixes in EstimatedSize
A couple bugs had led code in one Context to be able to lead to
estimated memory usage in another Context, even in cases that should be
easy to detect.

- Ensure that the pointer to the next context is nulled out while
  recursing over the portion of the heap. It seems like there was
  previously some code to do this partway, but the nulling part
  was left out.
- Skip including maps in the understanding of the Context estimated
  size, as the maps are shared between Contexts and may be reachable
  from other Contexts

Review-Url: https://codereview.chromium.org/2780773002
Cr-Commit-Position: refs/heads/master@{#44208}
2017-03-28 20:41:11 +00:00
Daniel Vogelheim
ae1e87596d [parser] Introduce 'contextual keyword tokens'.
Introduce 'contextual keyword' tokens, which are parsed as identifiers but
in some contexts are treated by the parser like proper keywords. These are
usually keywords introduced by recent ECMAScript versions, which for reasons
of backwards compatibility are still permissible as regular identifiers in
most contexts.

Current usage is to check for Token::IDENTIFIER and then do a string
compare. With this change the initial scan will scan them as usual, but
will then record the token as IDENTIFIER plus a secondary token with the
'contextual' value.

BUG=v8:6902

Change-Id: I6ae390382998cf756a23720bd481cb9c0eb78a72
Reviewed-on: https://chromium-review.googlesource.com/459479
Commit-Queue: Daniel Vogelheim <vogelheim@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44189}
2017-03-28 12:43:23 +00:00
martyn.capewell
630c33c6f4 [arm64] Use acquire/release memory accesses for atomics
Implement ASSEMBLE_ATOMIC_LOAD/STORE_INTEGER using acquire/release instructions,
to match the existing ASSEMBLE_ATOMIC_EXCHANGE_INTEGER macro.

BUG=v8:6097

Review-Url: https://codereview.chromium.org/2760963002
Cr-Commit-Position: refs/heads/master@{#44184}
2017-03-28 10:06:58 +00:00
jgruber
9403edfa83 [regexp] Named capture support for string replacements
This implements support for named captures in
RegExp.prototype[@@replace] for when the replaceValue is not callable.

Named captures can be referenced from replacement strings by using the
"$<name>" syntax. A couple of examples:

let re = /(?<fst>.)(?<snd>.)/u;
"abcd".replace(re, "$<snd>$<fst>")  // "bacd"
"abcd".replace(re, "$2$1")     // "bacd" (numbered refs work as always)
"abcd".replace(re, "$<snd")    // SyntaxError (unterminated named ref)
"abcd".replace(re, "$<42$1>")  // "cd" (invalid name)
"abcd".replace(re, "$<thd>")   // "cd" (non-existent name)
"abcd".replace(/(?<fst>.)|(?<snd>.)/u, "$<snd>")  // "cd" (non-matched capture)

Support is currently behind the --harmony-regexp-named-captures flag.

BUG=v8:5437

Review-Url: https://codereview.chromium.org/2775303002
Cr-Original-Commit-Position: refs/heads/master@{#44171}
Committed: 17f13863b6
Review-Url: https://codereview.chromium.org/2775303002
Cr-Commit-Position: refs/heads/master@{#44182}
2017-03-28 09:09:42 +00:00
jgruber
34ffdd6238 Revert of [regexp] Named capture support for string replacements (patchset #5 id:80001 of https://codereview.chromium.org/2775303002/ )
Reason for revert:
Invalid DCHECKs for non-matched groups.

Original issue's description:
> [regexp] Named capture support for string replacements
>
> This implements support for named captures in
> RegExp.prototype[@@replace] for when the replaceValue is not callable.
>
> Named captures can be referenced from replacement strings by using the
> "$<name>" syntax. A couple of examples:
>
> let re = /(?<fst>.)(?<snd>.)/u;
> "abcd".replace(re, "$<snd>$<fst>")  // "bacd"
> "abcd".replace(re, "$2$1")     // "bacd" (numbered refs work as always)
> "abcd".replace(re, "$<snd")    // SyntaxError (unterminated named ref)
> "abcd".replace(re, "$<42$1>")  // "cd" (invalid name)
> "abcd".replace(re, "$<thd>")   // "cd" (non-existent name)
> "abcd".replace(/(?<fst>.)|(?<snd>.)/u, "$<snd>")  // "cd" (non-matched capture)
>
> Support is currently behind the --harmony-regexp-named-captures flag.
>
> BUG=v8:5437
>
> Review-Url: https://codereview.chromium.org/2775303002
> Cr-Commit-Position: refs/heads/master@{#44171}
> Committed: 17f13863b6

TBR=yangguo@chromium.org,littledan@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5437

Review-Url: https://codereview.chromium.org/2776293003
Cr-Commit-Position: refs/heads/master@{#44180}
2017-03-28 09:02:14 +00:00
Andreas Haas
53af0d1ad3 [wasm] Alignment information of wasm programs cannot be trusted
This CL removes code which is based on the assumption that if
WebAssembly code says that memory accesses are aligned, that they are
really aligned. On arm, memory accesses crashed when this assumption
was violated.

Most likely this CL will cause a performance regression on arm. At the
moment we plan to fix this regression eventually by using arm NEON
instructions in V8.

R=titzer@chromium.org

Change-Id: Ibb60fa1ef0173c13af813a3cb7eb26bfa2a847c2
Reviewed-on: https://chromium-review.googlesource.com/451297
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44179}
2017-03-28 08:28:25 +00:00
Wiktor Garbacz
80752a29b6 Make isolate explicit param of parsing:: functions
A step towards removing isolate from ParseInfo.
Removing isolate from ParseInfo will make it easier to create and
execute parse tasks on background threads.

BUG=v8:6093

Change-Id: I0a3546618d01b9232014da94cf8d0f72427a0d1d
Reviewed-on: https://chromium-review.googlesource.com/458006
Commit-Queue: Wiktor Garbacz <wiktorg@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44176}
2017-03-28 08:20:56 +00:00
Wiktor Garbacz
048f89c80d Do NOT get isolate from ParseInfo in compiler.cc
A step towards removing isolate from ParseInfo.
Removing isolate from ParseInfo will make it easier to create and
execute parse tasks on background threads.

BUG=v8:6093

Change-Id: Ief4eb3c9873026a93338d5556985f31c9abe17e6
Reviewed-on: https://chromium-review.googlesource.com/458005
Commit-Queue: Wiktor Garbacz <wiktorg@google.com>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44173}
2017-03-28 08:12:48 +00:00
jgruber
17f13863b6 [regexp] Named capture support for string replacements
This implements support for named captures in
RegExp.prototype[@@replace] for when the replaceValue is not callable.

Named captures can be referenced from replacement strings by using the
"$<name>" syntax. A couple of examples:

let re = /(?<fst>.)(?<snd>.)/u;
"abcd".replace(re, "$<snd>$<fst>")  // "bacd"
"abcd".replace(re, "$2$1")     // "bacd" (numbered refs work as always)
"abcd".replace(re, "$<snd")    // SyntaxError (unterminated named ref)
"abcd".replace(re, "$<42$1>")  // "cd" (invalid name)
"abcd".replace(re, "$<thd>")   // "cd" (non-existent name)
"abcd".replace(/(?<fst>.)|(?<snd>.)/u, "$<snd>")  // "cd" (non-matched capture)

Support is currently behind the --harmony-regexp-named-captures flag.

BUG=v8:5437

Review-Url: https://codereview.chromium.org/2775303002
Cr-Commit-Position: refs/heads/master@{#44171}
2017-03-28 08:02:03 +00:00
Michael Starzinger
54a1942a84 [asm.js] Widen test coverage to cctest and friends.
R=machenbach@chromium.org
BUG=v8:6127

Change-Id: I19092232bc0de728ec37fa9188998ec9dbd94bed
Reviewed-on: https://chromium-review.googlesource.com/459498
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44170}
2017-03-28 08:00:40 +00:00
Sathya Gunasekaran
32fdc69424 Better error for accessing 'this' in derived constructor.
Previously we threw a generic error meesage on failing hole check for
accessing 'this'. But 'this' can be a hole only if the super() has not
been called so we change the error message.

BUG=v8:5957

Change-Id: I2f0e3d813f16919645d8a5efa7d26e73bd2d83fe
Reviewed-on: https://chromium-review.googlesource.com/459085
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44162}
2017-03-27 20:42:38 +00:00
Wiktor Garbacz
319d915c6e Make isolate explicit param of Rewriter::Rewrite
A step towards removing isolate from ParseInfo.
Removing isolate from ParseInfo will make it easier to create and
execute parse tasks on background threads.

BUG=v8:6093

Change-Id: I977eec8faecc8a112506f219994b4e4ec388b180
Reviewed-on: https://chromium-review.googlesource.com/458004
Commit-Queue: Wiktor Garbacz <wiktorg@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44160}
2017-03-27 20:24:00 +00:00
bbudge
d7a09280d7 [ARM] Implement widening and narrowing integer moves, vmovl, vqmovn.
- Fixes vmovl for widening 16 to 32, 32 to 64.
- Adds vqmovn.

LOG=N
BUG=v8:6020

Review-Url: https://codereview.chromium.org/2773303002
Cr-Commit-Position: refs/heads/master@{#44156}
2017-03-27 18:23:42 +00:00
dusan.simicic
cd5c009569 MIPS[64]: Support for MSA instructions
This patch adds support for MIPS SIMD (MSA) instructions in Assembler
and Decoder (disassembler) classes. MSA instructions are implemented for
both mips32 and mips64 architectures.

BUG=

Review-Url: https://codereview.chromium.org/2740123004
Cr-Commit-Position: refs/heads/master@{#44148}
2017-03-27 13:20:35 +00:00
Ross McIlroy
980448dfcd [Compiler] Remove CompileBaseline and three tier pipeline.
Since we no longer support the ignition-staging configuration 
any longer,  we can retire the three tier pipeline and the
CompileBaseline functionallity.

We still need support for JSFunction self healing due to
liveedit (which for --no-turbo might end up replacing a
forced Ignition function with a FCG function) - we can
remove this once we remove --no-turbo support.

BUG=v8:4280

Change-Id: I5482abd17785324654e022affd6bdb555b19b181
Reviewed-on: https://chromium-review.googlesource.com/452620
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44141}
2017-03-27 11:15:43 +00:00
Wiktor Garbacz
d5d43ae337 Make isolate explicit param of CompilationInfo ctor
A step towards removing isolate from ParseInfo.
Removing isolate from ParseInfo will make it easier to create and
execute parse tasks on background threads.

BUG=v8:6093

Change-Id: I25b23b3bf64502f84c28ce688ad2997c9665a069
Reviewed-on: https://chromium-review.googlesource.com/458003
Reviewed-by: Daniel Clifford <danno@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Commit-Queue: Wiktor Garbacz <wiktorg@google.com>
Cr-Commit-Position: refs/heads/master@{#44140}
2017-03-27 09:12:44 +00:00
kschimpf
98ed1f9ca9 Hide WasmModule.origin field behind readable accessors.
Besides adding accessors get_origin() and set_origin(), it creates easier test
accessors is_wasm() and is_asm_js().

This allows the possibility of caching boolean flags for is_wasm() and
is_asm_js() without having to change any code except for the files containing
the class definition for WasmModule.

BUG= v8:6152
R=bbudge@chromium.org,mtrofin@chromium.org

Review-Url: https://codereview.chromium.org/2771803005
Cr-Commit-Position: refs/heads/master@{#44130}
2017-03-25 01:54:09 +00:00
mlippautz
79ac83e121 [heap] Enforce explicit MarkingState
Require the use of MarkingState when going through ObjectMarking
and friends.

BUG=chromium:651354

Review-Url: https://codereview.chromium.org/2770253002
Cr-Commit-Position: refs/heads/master@{#44123}
2017-03-24 18:54:04 +00:00
Toon Verwaest
885f0bc4a7 [csa] Support typed arrays in Has(Own)Property
BUG=chromium:703226

Change-Id: Ic71ae018c0090b2142f1d732bcf9c94c65e81f83
Reviewed-on: https://chromium-review.googlesource.com/458917
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44110}
2017-03-24 14:37:29 +00:00
Wiktor Garbacz
1ef7fcad8e Make isolate explicit param of DeclarationScope
A step towards removing isolate from ParseInfo.
Removing isolate from ParseInfo will make it easier to create and
execute parse tasks on background threads.

BUG=v8:6093

Change-Id: Iefd2fd01a700509f05d6f1a272cfa39cc545d39b
Reviewed-on: https://chromium-review.googlesource.com/458001
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Wiktor Garbacz <wiktorg@google.com>
Cr-Commit-Position: refs/heads/master@{#44096}
2017-03-24 11:53:14 +00:00
Igor Sheludko
16c38aa820 [ic] Split StoreIC into StoreGlobalIC and StoreIC.
The former will handle stores to global variables, lets and undeclared
variables. The latter will handle named stores to explicit receiver.

BUG=chromium:576312, v8:5561

Change-Id: I335fa21db47c3d001da8cc79fa8cb6f8abcbb7e2
Reviewed-on: https://chromium-review.googlesource.com/458639
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44085}
2017-03-24 07:45:14 +00:00
Bradley.Meck
b123ee3411 Allow global prototype to be a Proxy
There was a security issue from allowing WindowProxy to have its prototype mutated in https://bugs.chromium.org/p/chromium/issues/detail?id=399951 . This has since been resolved by making `window`, `location`, and `Object.prototype.__proto__` immutable. This change was fixed in https://bugs.chromium.org/p/v8/issues/detail?id=5149 .

Reverts https://codereview.chromium.org/1529303003

R=littledan@chromium.org
R=verwaest@chromium.org

Review-Url: https://codereview.chromium.org/2671553006
Cr-Commit-Position: refs/heads/master@{#44078}
2017-03-23 18:33:38 +00:00
skyostil
9b152fdafd Enable deterministic random number generation
This patch makes Math.random() behave deterministically when a fixed
random seed is provided. This is done by re-seeding the random number
generator the first time a script requests a random number. Doing this
ensures Math.random() returns the same sequence across page loads and
across iframes.

BUG=chromium:696001

Review-Url: https://codereview.chromium.org/2760393002
Cr-Commit-Position: refs/heads/master@{#44076}
2017-03-23 18:14:38 +00:00
yangguo
d71ef941ed [debug] introduce precise binary code coverage.
With precise binary code coverage, the reported count is either 0 or 1.
We only report 1 the first time we collect coverage data after the
function has been executed.

Since we do not care about the accurate execution count, we can optimize
the function once it has been executed once.

Also change best effort coverage to be implicitly binary.

R=caseq@chromium.org, jgruber@chromium.org, pfeldman@chromium.org
BUG=v8:5808

Review-Url: https://codereview.chromium.org/2766573003
Cr-Commit-Position: refs/heads/master@{#44074}
2017-03-23 17:23:17 +00:00
Clemens Hammacher
b8f8860161 [wasm] [interpreter] Implement indirect function calls
This CL adds support for indirect function calls to the interpreter. It
can indirectly call other wasm function in the same instance, which are
then executed in the interpreter, or call imported functions.

Implementing this required some refactoring:
- The wasm interpreter now unwraps import wrappers on demand, instead
  of unwrapping all of them on instantiation and storing a vector of
  handles. This also avoids the DeferredHandleScope completely, instead
  we just store two global handles in the code map.
- The interpreter gets the code table, function tables and signature
  tables directly from the attached wasm instance object. This ensures
  that the interpreter sees all updates to tables that might have been
  performed by external code.
- There is now common functionality for calling a code object. This is
  used for direct calls to imported functions and for all indirect
  calls. As these code objects can also be wasm functions which should
  be executed in the interpreter itself, I introduce a struct to hold
  the outcome of calling the code object, or a pointer to
  InterpreterCode to be called in the interpreter.

R=ahaas@chromium.org
BUG=v8:5822

Change-Id: I20fb2ea007e79e5fcff9afb4b1ca31739ebcb83f
Reviewed-on: https://chromium-review.googlesource.com/458417
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44059}
2017-03-23 10:54:58 +00:00
Wiktor Garbacz
90d28637dc Remove isolate param from DeserializeScopeChain.
It was removed so that Parser::DeserializeScopeChain does not have
 to get it from ParseInfo.
Only a small step in direction of removing isolate from ParseInfo.

BUG=v8:6093

Change-Id: Iaaf92dc6eb5ec9c4efc05ac73666fbc66e0ed8c1
Reviewed-on: https://chromium-review.googlesource.com/457999
Commit-Queue: Wiktor Garbacz <wiktorg@google.com>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44057}
2017-03-23 09:28:48 +00:00
mtrofin
78905107d3 [wasm] Skeleton WasmModuleObjectBuilder for streamed compilation
APIs and trivial implementation, to unblock Chrome side dev.

BUG=chromium:697028

Review-Url: https://codereview.chromium.org/2763413003
Cr-Commit-Position: refs/heads/master@{#44053}
2017-03-23 01:47:17 +00:00
Caitlin Potter
ff1a155a22 [parser] allow patterns within left/right branches of ConditionalExpr
The AssignmentExpressions can legally contain destructuring assignments.

BUG=v8:6098
R=marja@chromium.org, adamk@chromium.org

Change-Id: I99b3a0f4c8d103edfb1dda943ec3e2ab2a5969f7
Reviewed-on: https://chromium-review.googlesource.com/455221
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44049}
2017-03-22 21:39:29 +00:00
gdeepti
9d8d4dfa7d Add pshufw instruction, fix inconsistencies with pextrw instruction.
Current implementation of the pextrw instruction is the legacy SSE2 instruction in the assembler (66 0F C5), and SSE4 implementation(66 0F 3A 15) in disasm-x64.cc, this causes incorrect instruction encodings to be printed when using --print-code flag for debug, in this case, causes over flow of bytes, and subsequent instructions to be incorrectly disassembled. Fixing to use SSE4 encodings in the assembler cosistent with pextrb, pextrd.

R=bbudge@chromium.org, mtrofin@chromium.org

Review-Url: https://codereview.chromium.org/2771513002
Cr-Commit-Position: refs/heads/master@{#44047}
2017-03-22 20:49:27 +00:00
bbudge
2747ab31ef [WASM] Fix failing WASM SIMD tests.
- Skips test when expected value is very small or large.
- Renames methods to make more sense.

LOG=N
BUG=v8:4124

Review-Url: https://codereview.chromium.org/2764413003
Cr-Commit-Position: refs/heads/master@{#44045}
2017-03-22 19:18:47 +00:00
Caitlin Potter
9377fd1a46 [async-iteration] implement parsing for AsyncGenerators
Just the front-end side of
https://chromium-review.googlesource.com/c/446961/. Adds support for
parsing AsyncGeneratorExpression, AsyncGeneratorDeclaration, and
AsyncGeneratorMethod, as well as parser tests.

BUG=v8:5855
R=neis@chromium.org, marja@chromium.org, littledan@chromium.org

Change-Id: I70e1a9681f22573f29292eacb4b9f57f9a38e2b2
Reviewed-on: https://chromium-review.googlesource.com/447117
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Cr-Commit-Position: refs/heads/master@{#44040}
2017-03-22 17:38:27 +00:00
jarin
12d815b36e [profiler] Web UI: add summary of opts/deopts.
This adds optimization and deoptimization counts to the Web UI. Also, the function timeline
now shows optimization and deoptimization marks.

Review-Url: https://codereview.chromium.org/2753543006
Cr-Commit-Position: refs/heads/master@{#44033}
2017-03-22 16:02:25 +00:00