Commit Graph

44919 Commits

Author SHA1 Message Date
Hannes Payer
6e086610e0 [heap] Remove --log-gc.
Bug: 
Change-Id: I7b085f89f22de7ea55156d2942f3437bbf9c5af8
Reviewed-on: https://chromium-review.googlesource.com/836588
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50227}
2017-12-20 11:11:42 +00:00
Clemens Hammacher
ee78c7d715 [wasm] [interpreter] Fix deallocation of InterpretedFrameImpl
We were passing a pointer to an object allocated as
{InterpretedFrameImpl} in an {std::unique_ptr<InterpretedFrame>}.
The default deleter then called {delete ptr;} on a ptr of type
{InterpretedFrame*}, even though that object was allocated as
{InterpretedFrameImpl}. This error might caught by validators.
Fix this by passing a custom deleter on the unique_ptr.

R=ahaas@chromium.org, ulan@chromium.org

Bug: v8:7231
Change-Id: Ia18114236384813c4878319209ae4535fda56c41
Reviewed-on: https://chromium-review.googlesource.com/834510
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50226}
2017-12-20 10:11:42 +00:00
Andreas Haas
bf691e79d7 [wasm] Turn on tests for multiple returns on Windows
R=clemensh@chromium.org

Change-Id: Id2978d2c37a5fb4191db285f4660e22472b70f9d
Reviewed-on: https://chromium-review.googlesource.com/836427
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50225}
2017-12-20 10:09:42 +00:00
jgruber
c293bc010b [csa] Add and use ToInteger_Inline
This reduces reduces code size by 16 KB while keeping the fast path (in
which the given argument is already a smi) inlined and extracting
remaining logic to a stub call.

Change-Id: I531999c990519eef1247cc3785ad4b16164f7a5e
Reviewed-on: https://chromium-review.googlesource.com/833912
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50224}
2017-12-20 07:35:58 +00:00
Yang Guo
9c6bc7afc0 Leave spaces between instance types.
We used to frequently break the ABI when we introduced new instance
types because some instance types are hard-coded in v8.h.

Now that we have more instance types available, we can leave some
room to anticipate future new instance types.

Also take this opportunity to reorder some instance types.

Also see: https://github.com/nodejs/node/issues/17754

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I9b59eeab9dfcdf11d779f0b700fc5dce30d3eebe
Reviewed-on: https://chromium-review.googlesource.com/833874
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50223}
2017-12-20 07:34:39 +00:00
Yang Guo
50cb675191 Make ToString for wrapped functions consistent.
SharedFunctionInfo::GetSourceCodeHarmony uses whitespaces
between arguments. This CL adds whitespaces for JSFunction::ToString
for wrapped functions as well.

Bug: v8:7172
Change-Id: I8fde1842735aa35a427dfe5150a209f9cb640bf3
Reviewed-on: https://chromium-review.googlesource.com/832476
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50222}
2017-12-20 06:47:36 +00:00
Caitlin Potter
18dc491c7a [builtins] abort FrameFunctionIterator::next if frame summary empty
Previously, FrameFunctionIterator::next() assumed that the frame summary
was non-empty. It's now possible for the list not to be empty, if the
JS microtask pump invokes a builtin function which uses
FrameFunctionIterator directly. While this is unlikely to show up in
real world code, it is necessary to handle it to prevent crashes.

BUG=chromium:794744
R=mstarzinger@chromium.org, cbruni@chromium.org, verwaest@chromium.org

Change-Id: Ie95c2228544f57730d1c6c1ff955b2c94ff1c06b
Reviewed-on: https://chromium-review.googlesource.com/833266
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Cr-Commit-Position: refs/heads/master@{#50221}
2017-12-20 00:08:35 +00:00
Alexey Kozyatinskiy
17a6ec1b88 [inspector] aligned Runtime.evaluate(returnValue:true) result with json
If object contains undefined property then JSON.stringify will skip it,
if array contains undefined as property then JSON.stringify will censor
it to null. [1]

[1] https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/JSON/stringify

R=alph@chromium.org

Bug: none
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Iafa9d2828d264d89b26675b0e194ad0bfc4621fc
Reviewed-on: https://chromium-review.googlesource.com/834669
Reviewed-by: Alexei Filippov <alph@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50220}
2017-12-19 20:16:09 +00:00
peterwmwong
33c5e80276 [CSA] Add types to CSA HasProperty
Bug: 
Change-Id: If86c51b428f254ffce68d295f9e8001cee27b9ce
Reviewed-on: https://chromium-review.googlesource.com/833236
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Cr-Commit-Position: refs/heads/master@{#50219}
2017-12-19 20:10:29 +00:00
peterwmwong
bce199bbe7 Reland "[builtins] Port Object.p.toLocaleString to CSA from JS"
This is a reland of ab38b03d1b
Original change's description:
> [builtins] Port Object.p.toLocaleString to CSA from JS
>
> - Added ObjectPrototypeToLocaleString TFJ
> - Remove v8natives.js
> - Move GetMethod and GetIterator into prologue.js
>
> TBR=adamk@chromium.org
>
> Bug: v8:6005
> Change-Id: I2b5b65892304e62bf64375458f8ffb9473b2c9b7
> Reviewed-on: https://chromium-review.googlesource.com/826479
> Reviewed-by: Peter Wong <peter.wm.wong@gmail.com>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
> Cr-Commit-Position: refs/heads/master@{#50120}

Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_chromium_rel_ng

TBR=adamk@chromium.org

Bug: v8:6005
Change-Id: Ie8c8810c5231e933e61ea8babe963e58bb6dcaed
Reviewed-on: https://chromium-review.googlesource.com/831156
Reviewed-by: Peter Wong <peter.wm.wong@gmail.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Cr-Commit-Position: refs/heads/master@{#50218}
2017-12-19 19:46:10 +00:00
Max Moroz
f9eb31bb8e [fuzzer] Declare LLVMFuzzerInitialize with attributes only if V8_OS_MACOSX.
R=ahaas@chromium.org, clemensh@chromium.org, mathias@chromium.org

Bug: chromium:754124, chromium:787723
Change-Id: I7eafee50a47ca0ad56a5458f1f232e3ed07c1cca
Reviewed-on: https://chromium-review.googlesource.com/834457
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Max Moroz <mmoroz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50217}
2017-12-19 19:44:20 +00:00
Bill Budge
52cc5fe0d1 Reland [Memory] Speculative fix for sanitizer flakiness.
- Uses a mutex to prevent races on getting random mmap addresses, on
  POSIX and Windows.

Original change's description:
> [Memory] Speculative fix for sanitizer flakiness.
>
> - When allocating virtual memory, make sure addresses don't interfere
>   with hard-coded sanitizer regions.
>
> Bug: v8:7146
> Change-Id: I5bcb664b32bf53c8581772fe329190da6033701f
> Reviewed-on: https://chromium-review.googlesource.com/833171
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Commit-Queue: Bill Budge <bbudge@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50208}

Bug: v8:7146
Change-Id: I5a82f2a1f6136498fb2aa7a37e0206c506545073
Reviewed-on: https://chromium-review.googlesource.com/834453
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50216}
2017-12-19 19:19:50 +00:00
Ulan Degenbaev
42ac7fe04b [runtime] Make access to FLAG_runtime_stats atomic.
Background tasks read this flag, which creates a data race. This patch
works around the data races by making the access to the flag atomic.

The actual fix will be to not mutate the flag.

Bug: chromium:794911
Change-Id: Idcf03b7a1037e876036918418ce989b420784428
Reviewed-on: https://chromium-review.googlesource.com/834508
Reviewed-by: Fadi Meawad <fmeawad@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50215}
2017-12-19 19:01:50 +00:00
Clemens Hammacher
2203a37c5d Replace CHECK(false) by UNREACHABLE()
... or sometimes by FATAL(...) to give a better error message.
The benefit of UNREACHABLE() over CHECK(false) is that the compiler
knows that this macro will never return, hence we can omit the return
of a dummy value afterwards.

R=neis@chromium.org

Change-Id: I14e6a4f1d75f1338f481bd1520d841fd383d6202
Reviewed-on: https://chromium-review.googlesource.com/832431
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50214}
2017-12-19 18:58:07 +00:00
Clemens Hammacher
3ffbef33bc Revert "[fuzzer] Add attributes to LLVMFuzzerInitialize definition."
This reverts commit 004f348aba.

Reason for revert: Breaks msvc compile: https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20msvc/builds/672

Original change's description:
> [fuzzer] Add attributes to LLVMFuzzerInitialize definition.
> 
> That prevents the linker from dead-stripping the function, as it is not called
> directly, it is resolved in the runtime via dlsym().
> 
> Bug: chromium:754124, chromium:787723
> Change-Id: I46a02ef01349f59b7ed944ce1483b7277e234a19
> Reviewed-on: https://chromium-review.googlesource.com/833995
> Commit-Queue: Max Moroz <mmoroz@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Mathias Bynens <mathias@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50212}

TBR=ahaas@chromium.org,mmoroz@chromium.org,mathias@chromium.org

Change-Id: Iba35b55ee4d11aca0dfb9cffde7a6a51e0c8e46c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:754124, chromium:787723
Reviewed-on: https://chromium-review.googlesource.com/834548
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50213}
2017-12-19 18:57:01 +00:00
Max Moroz
004f348aba [fuzzer] Add attributes to LLVMFuzzerInitialize definition.
That prevents the linker from dead-stripping the function, as it is not called
directly, it is resolved in the runtime via dlsym().

Bug: chromium:754124, chromium:787723
Change-Id: I46a02ef01349f59b7ed944ce1483b7277e234a19
Reviewed-on: https://chromium-review.googlesource.com/833995
Commit-Queue: Max Moroz <mmoroz@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50212}
2017-12-19 18:18:11 +00:00
Andreas Haas
ca199ef872 Reland [wasm] Stop decoding operands after error.
The problem was that parts of Simd8x16ShuffleOperand were uninitialized.

Original message:

[wasm] Stop decoding operands after error.

When we decode operands of WebAssembly instructions, we do not use the
current pc but a pc of the instruction plus some offset. However, the
pc of the instruction + offset can become invalid in case of a decoder
error. Therefore we have to stop decoding operands explicitly in case
of an error.

R=clemensh@chromium.org

Bug: chromium:795131
Change-Id: I732bc23547dbe531019d81a4397d22165a26d46b
Reviewed-on: https://chromium-review.googlesource.com/833934
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50211}
2017-12-19 17:29:00 +00:00
Bill Budge
b7f15425bb Revert "[Memory] Speculative fix for sanitizer flakiness."
This reverts commit dc5493f4a8.

Reason for revert: Broke TSAN
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20TSAN/builds/18819

Original change's description:
> [Memory] Speculative fix for sanitizer flakiness.
> 
> - When allocating virtual memory, make sure addresses don't interfere
>   with hard-coded sanitizer regions.
> 
> Bug: v8:7146
> Change-Id: I5bcb664b32bf53c8581772fe329190da6033701f
> Reviewed-on: https://chromium-review.googlesource.com/833171
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Commit-Queue: Bill Budge <bbudge@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50208}

TBR=bbudge@chromium.org,ulan@chromium.org,hpayer@chromium.org,mlippautz@chromium.org

Change-Id: I8b0fcda1510854fe7fac3aba8c1a462e3350c639
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7146
Reviewed-on: https://chromium-review.googlesource.com/834070
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50210}
2017-12-19 17:04:55 +00:00
Michal Majewski
56b2b3be5e [test] Fix --report output.
Fix report mode and make it use testcase properties so statusfile
outcomes can be private.

Bug: v8:6917
Change-Id: Id38e89e0ba427c3bbb7ad12ba93e02beb7e46219
Reviewed-on: https://chromium-review.googlesource.com/833909
Commit-Queue: Michał Majewski <majeski@google.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50209}
2017-12-19 16:35:39 +00:00
Bill Budge
dc5493f4a8 [Memory] Speculative fix for sanitizer flakiness.
- When allocating virtual memory, make sure addresses don't interfere
  with hard-coded sanitizer regions.

Bug: v8:7146
Change-Id: I5bcb664b32bf53c8581772fe329190da6033701f
Reviewed-on: https://chromium-review.googlesource.com/833171
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50208}
2017-12-19 15:38:10 +00:00
Michal Majewski
5e6fd798f9 [test] Fixed target_name in json progress indicator
Pass shell name instead of an absolute path.

Bug: v8:796166
Change-Id: Ia9472e893fd2cb3fde2a94997f3e9daf30da06ea
Reviewed-on: https://chromium-review.googlesource.com/833917
Commit-Queue: Michał Majewski <majeski@google.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50207}
2017-12-19 15:23:54 +00:00
Igor Sheludko
21a6239113 [classes] Set proper representation during fast class boilerplate instantiation.
Bug: chromium:791368
Change-Id: I86d9df38698d9c8b6109d0a11579fa28810ba1dc
Reviewed-on: https://chromium-review.googlesource.com/833908
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50206}
2017-12-19 15:22:50 +00:00
Clemens Hammacher
cbd308945f [asm.js] Add masking to memory accesses
Similar to wasm, do also mask memory accesses from asm.js code as an
additional protection against OOB accesses.

R=ahaas@chromium.org
CC=titzer@chromium.org, mstarzinger@chromium.org

Change-Id: Iee7124c6d6078fb52cd1caa37b013c919c5505fb
Reviewed-on: https://chromium-review.googlesource.com/833914
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50205}
2017-12-19 15:07:49 +00:00
Leszek Swirski
9128e8bf1b [ignition] Move object/array literal init to bytecode gen
Move the object and array literal flag and depth initialization to when
they are visited by the bytecode generator. This avoids issues with
doing this initialization before we know whether the (syntactic) literal
is actually a literal value or a destructuring assignment.

Bug: chromium:795922
Bug: v8:7178
Change-Id: I022178ab4bc9e71f80560f3b78a759d95d4d0584
Reviewed-on: https://chromium-review.googlesource.com/833882
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50204}
2017-12-19 14:50:19 +00:00
Michal Majewski
4695e97905 [test] Move getting outcomes to the statusfile
Bug: v8:6917
Change-Id: I175fa426546f2f3775a35f1094dfb19e06b2185d
Reviewed-on: https://chromium-review.googlesource.com/832394
Commit-Queue: Michał Majewski <majeski@google.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50203}
2017-12-19 14:35:16 +00:00
Michal Majewski
e0c4321479 [test] Prepare new API for statusfile parsing.
First step in moving all statusfile logic into statusfile.py.

Introduce StatusFile object that will be used for storing and managing
outcomes.

Bug: v8:6917
Change-Id: I024f9b1d029830345149422a08a8905e92545252
Reviewed-on: https://chromium-review.googlesource.com/832433
Commit-Queue: Michał Majewski <majeski@google.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50202}
2017-12-19 14:26:26 +00:00
Michal Majewski
c0173165ee [test] Update testsuite unittests.
Fix unittests since they were incompatible with the
new testcase and testsuite API.

Bug: v8:6917
Change-Id: I917bf58e21402e0b90bc91c0483ade0e7c90bdd6
Reviewed-on: https://chromium-review.googlesource.com/832392
Commit-Queue: Michał Majewski <majeski@google.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50201}
2017-12-19 14:13:56 +00:00
Michal Majewski
1f60466659 [test] Store outcomes in the testcase
Bug: v8:6917
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: Ia52d4bedbeff5b93915ef69a2dc78f6d92669061
Reviewed-on: https://chromium-review.googlesource.com/832467
Commit-Queue: Michał Majewski <majeski@google.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50200}
2017-12-19 14:10:06 +00:00
Michael Achenbach
8ae67cf18e Revert "[wasm] Stop decoding operands after error."
This reverts commit 6633ad56d8.

Reason for revert:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/builds/18850

Original change's description:
> [wasm] Stop decoding operands after error.
> 
> When we decode operands of WebAssembly instructions, we do not use the
> current pc but a pc of the instruction plus some offset. However, the
> pc of the instruction + offset can become invalid in case of a decoder
> error. Therefore we have to stop decoding operands explicitly in case
> of an error.
> 
> R=​clemensh@chromium.org
> 
> Bug: chromium:795131
> Change-Id: I3b7b45782c71a70364adf930bee3e94a1be88fea
> Reviewed-on: https://chromium-review.googlesource.com/832867
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50196}

TBR=ahaas@chromium.org,clemensh@chromium.org

Change-Id: I5a67f77285fdedc7f4645f8efaaf0087b4046011
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:795131
Reviewed-on: https://chromium-review.googlesource.com/832650
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50199}
2017-12-19 13:42:37 +00:00
Yang Guo
fe2d98ae1a Fix --serialization-statistics.
R=jgruber@chromium.org

Bug: v8:7227, v8:7228
Change-Id: I2c567a6bf4a3d1128559ae440182bd14fb78d005
Reviewed-on: https://chromium-review.googlesource.com/832462
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50198}
2017-12-19 12:55:46 +00:00
Sathya Gunasekaran
022d1ab234 Remove slow path branch
The fast paths aren't pure and have side effects like calling out to
the debugger and runtime calls. Note: These aren't "fast" paths per se,
but just *native promise* code paths.

Forcing the slow path omits these calls to the debugger and runtime
causing test failures.

Bug: v8:7148
Change-Id: Idf46a33622a6edf03d69fefa4c6bfb7efc8ea625
Reviewed-on: https://chromium-review.googlesource.com/824102
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50197}
2017-12-19 12:46:11 +00:00
Andreas Haas
6633ad56d8 [wasm] Stop decoding operands after error.
When we decode operands of WebAssembly instructions, we do not use the
current pc but a pc of the instruction plus some offset. However, the
pc of the instruction + offset can become invalid in case of a decoder
error. Therefore we have to stop decoding operands explicitly in case
of an error.

R=clemensh@chromium.org

Bug: chromium:795131
Change-Id: I3b7b45782c71a70364adf930bee3e94a1be88fea
Reviewed-on: https://chromium-review.googlesource.com/832867
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50196}
2017-12-19 12:45:06 +00:00
Michael Achenbach
a0421ac45e [tools] Merge ChangeLog from latest release
This is to make the diffs on rolls and releases smaller.

NOTRY=true

Change-Id: I3fb837a70e7b5be0f9d5b5b7ea6318d6a22ebd32
Reviewed-on: https://chromium-review.googlesource.com/832464
Reviewed-by: Michael Hablich <hablich@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50195}
2017-12-19 12:30:56 +00:00
Georg Neis
ee40f4efa5 [bigint,compiler] Pass BigInt binop feedback through to Turbofan.
It's still unused there but now at least it ends up in the
feedback vector.

Bug: v8:6791
Change-Id: I0114d317830b80be4715c74dc5a8950fff4d3485
Reviewed-on: https://chromium-review.googlesource.com/829136
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50194}
2017-12-19 12:20:36 +00:00
Andreas Haas
e04238b744 [wasm][multi-return] Fix problem with unused stack returns
There was an issue when the caller of a function with multiple returns
did not use all values which were returned over the stack. The caller
used only the used returns to calculate the offsets on the stack,
whereas the callee used all returns to calculate the offsets.

With this CL also the caller uses all returns to calculate the stack
offsets and thereby agrees again with the callee on the location of
all returns.

In addition I fixed an issue on x64: A quad word is reserved on the
stack frame to spill callee-saved FP registers, which is not pointer
size.

R=titzer@chromium.org

Change-Id: Ibe56b4b57e4b6e59071a868805b1237412344f93
Reviewed-on: https://chromium-review.googlesource.com/824043
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50193}
2017-12-19 11:37:36 +00:00
Clemens Hammacher
44aa135a6e [asm.js] Implement loads in terms of regular branches
This is the counterpart of https://crrev.com/c/822471.
It implements asm.js bounds checks for loads using normal branch nodes
and removes the need for CheckedLoad, improving maintainability at some
small cost to compilation time.

R=ahaas@chromium.org
CC=mstarzinger@chromium.org, titzer@chromium.org

Change-Id: I7a2716f364b9e4d7beb9cc460eb028c3bd1c3a99
Reviewed-on: https://chromium-review.googlesource.com/832457
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50192}
2017-12-19 11:31:16 +00:00
Sigurd Schneider
5e18f84953 [turbofan] Add benchmarks for String.indexOf
Bug: v8:7127, v8:6270
Change-Id: Ic35a9b7a5145115736934b0c7de6ace26e9c0e51
Reviewed-on: https://chromium-review.googlesource.com/832966
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50191}
2017-12-19 10:54:37 +00:00
Yang Guo
ad126d46bb Make SharedFunctionInfo::GetSourceCodeHarmony GC-safe.
R=mlippautz@chromium.org

Bug: chromium:795856
Change-Id: I2a631a94e4bc0c000842923a962e812e0370b837
Reviewed-on: https://chromium-review.googlesource.com/832454
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50190}
2017-12-19 10:43:16 +00:00
Sigurd Schneider
43577d6571 [turbofan] Fix VectorSlotPair printer
Bug: v8:7127
Change-Id: I9081710445bf44e1af18e8f254f373c5736792a5
Reviewed-on: https://chromium-review.googlesource.com/832477
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50189}
2017-12-19 10:19:56 +00:00
Jakob Gruber
95df7aa6fd [regexp] Add DotAll flag to regexp fuzzer
Teach the fuzzer about the new DotAll flag.

Bug: v8:6612
Change-Id: I92d6bfd920f5daef6733b1c547063ede718ecc8f
Reviewed-on: https://chromium-review.googlesource.com/832748
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50188}
2017-12-19 10:06:15 +00:00
Clemens Hammacher
f4d4292dc1 [asm.js] Fix bounds check on 64bit systems
The memory size is always stored as 32 bit value, so the comparison
should always be done in 32 bit space.

R=ahaas@chromium.org

Change-Id: Ic059e63bf1dc9e8bf568dbb5f8d7ccde1da4761a
Reviewed-on: https://chromium-review.googlesource.com/832473
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50187}
2017-12-19 09:51:26 +00:00
Michael Achenbach
0621bf4683 Update V8 DEPS.
Rolling v8/build: 9caf5bf..9f00b2f

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/9cfb34e..035dfdb

Rolling v8/third_party/instrumented_libraries: 2841745..b7578b4

Rolling v8/tools/clang: ec766dc..07e0150

Rolling v8/tools/luci-go: 45a8a51..564ab65

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: Ibb83e4858f476caaece11b8365234351a2211995
Reviewed-on: https://chromium-review.googlesource.com/832788
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50186}
2017-12-19 09:37:15 +00:00
Michael Achenbach
d51df831d7 [test] Remove promises-aplus test suite
Bug: 
Change-Id: I7d4152139548d8a24c0b444dfff3c363bf92680b
Reviewed-on: https://chromium-review.googlesource.com/816836
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50185}
2017-12-19 09:29:26 +00:00
Clemens Hammacher
352e4bf2e8 [wasm] Some CHECK / DCHECK fixes
Even inside an "#ifdef DEBUG", we still want to use the DCHECK macro
instead of CHECK in order to get the "correct" error message.

Drive-by: Remove "#ifdef DEBUG" around DCHECKS in macro-assembler-x64.cc

R=ahaas@chromium.org
CC=mtrofin@chromium.org

Change-Id: I5b92c87fa9b10e5751cc2704d6218bee292cfb8f
Reviewed-on: https://chromium-review.googlesource.com/832687
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50184}
2017-12-19 08:03:03 +00:00
Clemens Hammacher
e1e2aa06dd Refactor FATAL macro
Remove comment about usage of FATAL, UNREACHABLE and UNIMPLEMENTED,
which was deprecated since https://crrev.com/1410713006.
Also, refactor the FATAL macro and use it for implementing UNREACHABLE
and UNIMPLEMENTED, and in more code. The benefit over printf +
CHECK(false) is that the compiler knows that FATAL will never return.

R=bmeurer@chromium.org

Change-Id: I8c2ab3b4e6edfe8eff5ec6fdf3d92b15d0ed7126
Reviewed-on: https://chromium-review.googlesource.com/832726
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50183}
2017-12-19 07:57:12 +00:00
Michael Achenbach
4faed83040 Revert "Enable --harmony-function-tostring by default"
This reverts commit c3dda0bbac.

Reason for revert: Breaks gc stress bots:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20gc%20stress/builds/14266

Original change's description:
> Enable --harmony-function-tostring by default
>
> Update tests to work with new behavior.
>
> This feature is shipping in Firefox 54, so compatibility risk is low.
>
> R=​littledan@chromium.org, adamk@chromium.org, caitp@igalia.com
> CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_trusty_blink_rel
>
> Bug: v8:4958
> Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
> Change-Id: Ib16d19468cf935f961d7bcd856ebbeb5692d3e61
> Reviewed-on: https://chromium-review.googlesource.com/546941
> Commit-Queue: Josh Wolfe <jwolfe@igalia.com>
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50178}

TBR=adamk@chromium.org,hablich@chromium.org,kozyatinskiy@chromium.org,littledan@chromium.org,caitp@igalia.com,jwolfe@igalia.com

Change-Id: Ie5dd0bd2b97ae6d0126edec6373e48abe0eeb3f0
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:4958
Reviewed-on: https://chromium-review.googlesource.com/832649
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50182}
2017-12-19 07:47:35 +00:00
Sergiy Byelozyorov
2c4704abf5 Whitespace CL to trigger CI bots
TBR=sergiyb@chromium.org

No-Try: true
Change-Id: I16311dee2256f800f9d8fd297e1d45ae301fa207
Reviewed-on: https://chromium-review.googlesource.com/832452
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50181}
2017-12-19 03:08:42 +00:00
Sergiy Byelozyorov
d48bab7cc0 Whitespace CL to trigger CI builders
TBR=sergiyb@chromium.org

No-Try: true
Change-Id: I86256c61155e42c193a2532adc15392c0bf33e3b
Reviewed-on: https://chromium-review.googlesource.com/832451
Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50180}
2017-12-19 03:02:52 +00:00
marcin
6e174eb826 Remove initial whitespace & empty lines to decrease JS files size
Patch will decrease size of JS files included into Chrome APK
(about 11 KB now)

Bug: 
Change-Id: I701c9904fbf22fd295199f255601dea6524a3766
Reviewed-on: https://chromium-review.googlesource.com/821071
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Marcin Wiącek <marcin@mwiacek.com>
Cr-Commit-Position: refs/heads/master@{#50179}
2017-12-19 00:04:19 +00:00
Josh Wolfe
c3dda0bbac Enable --harmony-function-tostring by default
Update tests to work with new behavior.

This feature is shipping in Firefox 54, so compatibility risk is low.

R=littledan@chromium.org, adamk@chromium.org, caitp@igalia.com
CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_trusty_blink_rel

Bug: v8:4958
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: Ib16d19468cf935f961d7bcd856ebbeb5692d3e61
Reviewed-on: https://chromium-review.googlesource.com/546941
Commit-Queue: Josh Wolfe <jwolfe@igalia.com>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50178}
2017-12-18 23:17:17 +00:00