Commit Graph

20971 Commits

Author SHA1 Message Date
Michael Lippautz
fe76251df3 [heap] Add GC sum counters
Adds reporting for
- V8.GCMarkCompactor as sum of V8 mark-compact events

Bug: chromium:843903
Change-Id: I5e8a80c8d1a9c5bf696635b54659ac56403f52d5
Reviewed-on: https://chromium-review.googlesource.com/c/1256764
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56750}
2018-10-17 19:42:30 +00:00
Bill Budge
5c5dd02128 Revert "[wasm] Add a new wasm-js testsuite to run js-api tests"
This reverts commit a12203c64b.

Reason for revert: Breaks isolate_tests

https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20builder/36777

Original change's description:
> [wasm] Add a new wasm-js testsuite to run js-api tests
> 
> These changes were necessary to run with the new style of jsapi tests
> introduced in https://github.com/WebAssembly/spec/pull/883.
> 
> Change-Id: I4629dd48d595ed97ed0607dec9e7d9808c706a7e
> Reviewed-on: https://chromium-review.googlesource.com/c/1277724
> Commit-Queue: Ben Smith <binji@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Mathias Bynens <mathias@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#56745}

TBR=binji@chromium.org,machenbach@chromium.org,yangguo@chromium.org,ahaas@chromium.org,clemensh@chromium.org,mathias@chromium.org

Change-Id: I2edd0ca94cb5990322571879c81671fa835f3ecd
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/1286526
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56746}
2018-10-17 17:30:45 +00:00
Ben Smith
a12203c64b [wasm] Add a new wasm-js testsuite to run js-api tests
These changes were necessary to run with the new style of jsapi tests
introduced in https://github.com/WebAssembly/spec/pull/883.

Change-Id: I4629dd48d595ed97ed0607dec9e7d9808c706a7e
Reviewed-on: https://chromium-review.googlesource.com/c/1277724
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56745}
2018-10-17 17:07:53 +00:00
Peter Marshall
d1943e9b85 [cpu-profiler] Make ProfilerEventsProcessor the CodeEventObserver.
Currently ProfilerListener channels the code events to Processor
via CpuProfiler - we don't need this indirection and can just hook
it up directly. This also makes it easier to test because we don't need
a CpuProfiler object just to test the Processor.

Drive-by cleanup:
- Remove NUMBER_OF_TYPES from CodeEventRecord as it is not used.
- Remove Isolate* parameter from AddDeoptStack and AddCurrentStack as
  a Processor object is only ever for one Isolate. Store the Isolate*
  on the ProfilerEventsProcessor object itself.
- Remove the default case from switch in ProcessCodeEvent().

Bug: v8:5193
Change-Id: I26c1a46b0eec34b5248b707d1997c3a9409a9604
Reviewed-on: https://chromium-review.googlesource.com/c/1286341
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56740}
2018-10-17 14:24:50 +00:00
Clemens Hammacher
3539d6d543 [wasm][test] Last cleanups in decoder unittest
This is cleanups that I forgot to include in the previous CLs or that
did not fit in any of them.

This is the eighth CL in a series to improve our module decoder tests
and make them more readable.

R=titzer@chromium.org

Bug: v8:8238
Change-Id: I0db04288f1efd9bb4642478d22c0edc8ac17e024
Reviewed-on: https://chromium-review.googlesource.com/c/1286669
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56738}
2018-10-17 14:07:25 +00:00
Clemens Hammacher
731fda480e [wasm][test] Refactor src map tests
This is the seventh CL in a series to improve our module decoder tests
and make them more readable.

R=titzer@chromium.org

Bug: v8:8238
Change-Id: Ib8bd2cc3f2fdb23b39511657a4af99f6fa781172
Reviewed-on: https://chromium-review.googlesource.com/c/1286346
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56737}
2018-10-17 13:37:51 +00:00
Clemens Hammacher
fa40461365 [wasm][test] Fix empty function bodies
Currently, the empty function bodies actually contain the byte 0, which
is the unreachable opcode. This CL fixes this to be empty function
bodies, and uses the macros more consistently.

This is the sixth CL in a series to improve our module decoder tests and
make them more readable.

R=titzer@chromium.org

Bug: v8:8238
Change-Id: I5f029210b4589797ee194e4082afec2c7bc31561
Reviewed-on: https://chromium-review.googlesource.com/c/1286343
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56736}
2018-10-17 13:32:02 +00:00
Michael Achenbach
1dac557532 [test] Skip test on GC fuzzer
TBR=sergiyb@chromium.org
NOTRY=true

Change-Id: Idef28a62e250fafb04c3dd0de29429a75a924df0
Reviewed-on: https://chromium-review.googlesource.com/c/1283110
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56729}
2018-10-17 12:48:07 +00:00
Clemens Hammacher
5d0055fa6e [wasm][test] Compute more lengths automatically
Compute the length of more fields automatically, in particular names.

This is the fifth CL in a series to improve our module decoder tests and
make them more readable.

R=titzer@chromium.org

Bug: v8:8238
Change-Id: I1bd27f45380d82af2d7319f15ac7e37d5b9e4081
Reviewed-on: https://chromium-review.googlesource.com/c/1283077
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56721}
2018-10-17 10:31:40 +00:00
Jaroslav Sevcik
2d11ddab98 [deoptimizer] Materialize context properly for construct stub frame.
Bug: chromium:895799
Change-Id: Icbc06f1fc2362a04e76961f50a8ba4b29080837c
Reviewed-on: https://chromium-review.googlesource.com/c/1286336
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56720}
2018-10-17 10:27:04 +00:00
Toon Verwaest
e1c6fa8878 [parser] Token-range-check for callable identifier tokens
This also fixes the tokens that are identified as called identifiers.

Change-Id: I4a2179b98214f9018c8c07c0ab27f878cdae13cf
Bug: v8:6513
Reviewed-on: https://chromium-review.googlesource.com/c/1286338
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56719}
2018-10-17 10:21:44 +00:00
Clemens Hammacher
e19dc9f604 [wasm][test] Compute section length automatically
Instead of specifying the byte length of a section manually, just
compute it automatically from the bytes given. Manual computation is
particularly difficult because of the macros involved, which can expand
to several bytes.
This is not a pure refactoring, it also fixes several occasions where
we calculated the length wrong.

Drive-by: Add some ENTRY_COUNT macro uses.

This is the fourth CL in a series to improve our module decoder tests and
make them more readable.

R=titzer@chromium.org

Bug: v8:8238
Change-Id: I0d2ceb751fc8e5625ffdf4189d4b5253aecc2541
Reviewed-on: https://chromium-review.googlesource.com/c/1283075
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56718}
2018-10-17 09:29:21 +00:00
Peter Marshall
2278383261 [cpu-profiler] Refactor SamplingEventsProcessor into base and subclass
This is preparation to allow for a non-sampling events processor which
receives ticks from a source not driven by a timer. This will allow us
to have more deterministic testing of the CPU profiler.

It also allows different implementations for a wall time and CPU time
triggered sampler.

Change-Id: I2e9db9580ec70f05094e59c2c1e5efc28c8f7da8
Reviewed-on: https://chromium-review.googlesource.com/c/1280436
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56717}
2018-10-17 09:27:52 +00:00
Hai Dang
fb29a554e8 Add fast path for spreading keys/values of JSMap and JSSet.
This CL extends IterableToListWithSymbolLookup with fast paths
for spreading keys/values iterators of JSMap, and values iterator
of JSSet (which is also the iterator of Set.prototype.keys() and
Set.prototype[Symbol.iterator]()). The fast paths are only taken
if the target still has original iteration behavior.

For iterators it is also required that the iterator is not
partially consumed. After spreading, to be spec-compliant, the
iterator is exhausted. Tests are added.

Bug: v8:7980
Change-Id: Ida74e5ecbbc5ba5488d13a40f2c4bda14c781cbf
Reviewed-on: https://chromium-review.googlesource.com/c/1276632
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Hai Dang <dhai@google.com>
Cr-Commit-Position: refs/heads/master@{#56716}
2018-10-17 09:18:50 +00:00
Michael Achenbach
676460f943 [test] Skip slow tests on arm simulators
This skips the slowest tests in stress and noopt variants.

TBR=sigurds@chromium.org
NOTRY=true

Bug: v8:7783
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ic471a2ab3e6806c4c60b81c0cdddfb44b199dd26
Reviewed-on: https://chromium-review.googlesource.com/c/1286334
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56715}
2018-10-17 08:52:47 +00:00
Clemens Hammacher
a28a2f06e4 [wasm][test] Add sig index to empty functions
Function declarations reference a previously defined or imported
signature. Make this visible when declaring empty functions.
Also rename IMPORT_SIG_INDEX to SIG_INDEX since it can also reference a
locally defined signature.

This is the third CL in a series to improve our module decoder tests and
make them more readable.

R=titzer@chromium.org

Bug: v8:8238
Change-Id: Ibfd9ea39ea35bacdb453602f8985fb3306455de4
Reviewed-on: https://chromium-review.googlesource.com/c/1282958
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56714}
2018-10-17 08:37:28 +00:00
Marja Hölttä
979643e426 [js weak cells] Implement makeCell corner cases
BUG=v8:8179

Change-Id: I29c5a5359a6e682ec6d94e9779f921889546b6a7
Reviewed-on: https://chromium-review.googlesource.com/c/1278393
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56711}
2018-10-17 07:08:23 +00:00
Frank Tang
e6261d708a [Intl] Changes to new behavior when style is narrow
This is to implement a new change in the proposal
'14.  If style is "narrow" and type is not "unit", throw a RangeError exception.'
in #sec-Intl.ListFormat
See also
https://github.com/tc39/proposal-intl-list-format/issues/16
https://github.com/tc39/proposal-intl-list-format/pull/27
and
https://github.com/tc39/test262/pull/1860

Bug: v8:8302
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I0a3dc99eeb18082f359c24c472889d8b6e905225
Reviewed-on: https://chromium-review.googlesource.com/c/1277660
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Frank Tang <ftang@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56707}
2018-10-16 21:40:32 +00:00
Caitlin Potter
4d07af1a34 [counters] add use count for the "override mistake"
Adds 2 counts to see how often this occurs on the web, both the throwing
version (strict mode), and the no-op sloppy mode case, to help determine
if the proposal at https://github.com/tc39/ecma262/pull/1307 is web
compatible.

This is the V8 side of required changes.
The Chromium-side CL: https://crrev.com/c/1280618

BUG=v8:8175
R=littledan@chromium.org, cbruni@chromium.org, jkummerow@chromium.org, yangguo@chromium.org

Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Id12336c2e566093bb554b6d4624c9301fbc4a0f7
Reviewed-on: https://chromium-review.googlesource.com/c/1255549
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56706}
2018-10-16 21:34:23 +00:00
Frank Tang
db6db6ed8f [Intl] Add more tests for Intl.Segmenter
Bug: v8:6891
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I0b82b194cb7089aeaa322ed4e45008db6890e7a1
Reviewed-on: https://chromium-review.googlesource.com/c/1266995
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56704}
2018-10-16 15:17:09 +00:00
Clemens Hammacher
db59389950 [wasm][test] Fix uses of EXPECT_FAILURE_LEN
Ensure that {min} is smaller than {max}, and auto-compute {max} as
{arraysize(data)}.
We had two tests which did not actually test anything.

This is the second CL in a series to improve our module decoder tests
and make them more readable.

R=titzer@chromium.org

Bug: v8:8238
Change-Id: Ie467fa54609bc5fd860608085a2d58ed8341f5e7
Reviewed-on: https://chromium-review.googlesource.com/c/1282956
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56703}
2018-10-16 14:24:59 +00:00
Clemens Hammacher
9b8e034b5f [wasm][test] Use EXPECT_FAILURE consistently
First CL in a series to improve our module decoder tests and make them
more readable.

R=titzer@chromium.org

Bug: v8:8238
Change-Id: Ie6ac83fbe2f873bfda8597ab3dd9ec4c0fb548ad
Reviewed-on: https://chromium-review.googlesource.com/c/1283054
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56702}
2018-10-16 14:19:09 +00:00
peterwmwong
952c097679 [builtins] Port Array.p.join to Torque.
This also includes ports of Array.p.toString and Array.p.toLocaleString.
Many parts of the old JS implementation are preserved, because
TypedArray.p.join still relies on it.  These will be removed once
TypedArray.p.join is ported to Torque.

To simplify implementation, special handling of extremely sparse arrays
has been removed.

Performance improvements vary by array size, elements, and sparse-ness.
Some quick numbers and graphs are here:
https://docs.google.com/spreadsheets/d/125VLmRMudk8XaomLCsZQ1ewc94WCqht-8GQwU3s9BW8/edit#gid=2087673710

Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;luci.v8.try:v8_linux_noi18n_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ia4069a068403ce36676c37401d349aefc976b045
Reviewed-on: https://chromium-review.googlesource.com/c/1196693
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56699}
2018-10-16 13:56:31 +00:00
Marja Hölttä
8060b60fae [js weak refs] Add WeakCell.prototype.holdings
BUG=v8:8179

Change-Id: I528e64fafff2dc00808c48107799d39603f0ca48
Reviewed-on: https://chromium-review.googlesource.com/c/1275823
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56697}
2018-10-16 13:41:40 +00:00
Georg Neis
a8cb521a58 [turbofan] Allow converting word64 to float32 if value is safe integer.
Bug: v8:895691
Change-Id: Ic92cb250555d097b01f894b4b7b9ae5b2eea6668
Reviewed-on: https://chromium-review.googlesource.com/c/1282990
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56691}
2018-10-16 11:31:39 +00:00
Mathias Bynens
e4cfb007ba Ship well-formed JSON.stringify 🎉
This is a reland of 0d91db0b32.

Proposal repository:
https://github.com/tc39/proposal-well-formed-stringify

Intent to ship:
https://groups.google.com/d/msg/v8-users/IRu3bAC_pLM/pFwz2ti1AgAJ

TBR=gsathya@chromium.org

Bug: v8:7782
Change-Id: I53d006650e2b4099a111d2e5bc067e4a2c7cf4a0
Reviewed-on: https://chromium-review.googlesource.com/c/1282993
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56689}
2018-10-16 11:11:16 +00:00
Sigurd Schneider
2787874275 [mjsunit] Disable slow test on verify_csa bot
Change-Id: Ie77197db54b6d9117ba3e8823e1308e9419f766d
Bug: v8:8312
Reviewed-on: https://chromium-review.googlesource.com/c/1282227
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56688}
2018-10-16 11:10:11 +00:00
Sathya Gunasekaran
bc324dbd9b [class] Fix class field name initialization
Previously when class names were computed and set as part of
StoreDataPropertyInLiteral calls, it was observable to static fields
as these static fields are initialized right after the classes were
constructed but before the class names were installed.
This caused the name property to be undefined for this case.

Instead, this patch always forces the creation of a name property on
the class constructor when static class fields are used. This patch
does kill the class boilerplate optimization, but currently all static
class fields are installed using a runtime call to CreateDataProperty
so this isn't any worse when using static class fields.

In the future, this can be optimized away by storing the name on the
boilerplate.

There is spec discussion here:
https://github.com/tc39/proposal-class-fields/issues/85

There isn't a resolution yet, there's still discussion about whether
to have the name be undefined always for static class field
initializers. But, I don't think that's useful as it would always kill
our boilerplate optimization (like this patch does ..., but without the
future optimization potential).

Bug: v8:5367
Change-Id: I14afdf7ece3f2d9fa3c659d2c0bc3806e0b17abb
Reviewed-on: https://chromium-review.googlesource.com/c/1281002
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56686}
2018-10-16 11:02:21 +00:00
Dan Elphick
f602712f6f [snapshot] Create a ReadOnly snapshot
In preparation for sharing RO_SPACE between all Isolates within a
process, this first pulls RO_SPACE out of the Startup snapshot and puts
it in its own ReadOnly snapshot.

The snapshot is first populated with the read-only roots. After that the
StartupSerializer serializes as before but starting from the first
mutable root. References to objects in the ReadOnly snapshot that aren't
themselves roots are added to a new cache called ReadOnlyObjectCache
which functions like the PartialSnapshotCache but lives in the
ReadOnlySerializer rather than the StartupSerializer. These cache
entries are referenced using a new bytecode: ReadOnlyObjectCache. (To
make room for this, the ApiReference bytecode has been moved).

To reduce code duplication, the StartupSerializer has been refactored to
create a new base class RootSerializer, which ReadOnlySerializer also
subclasses. The base class is responsible primarily for keeping track of
already serialized roots and visiting the roots.

Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Iff26042886130ae22eccf2e11b35f6f226f4a792
Bug: v8:8191
Reviewed-on: https://chromium-review.googlesource.com/c/1244676
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56681}
2018-10-16 10:13:20 +00:00
Benedikt Meurer
1e586c3c70 [turbofan][x64] Match memory operand comparisons with zero.
The InstructionSelector on x64 was missing the ability to properly match
comparisons of memory operands with zero, i.e. it used to turn something
like

  Word32Equal(Load[Uint8](o, i), Int32Constant(0))

into

  movzbl reg, [o,i]
  cmp 0, reg

even requiring a temporary register. Now with this change it generates
the proper

  cmpb [o,i], 0

sequence.

R=sigurds@chromium.org

Bug: v8:8238
Change-Id: I52a71bbf95c85e11cb275f0f4a5726a6873cde95
Reviewed-on: https://chromium-review.googlesource.com/c/1281342
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56677}
2018-10-16 09:29:25 +00:00
Tobias Tebbi
b76c27bfe9 [torque] fix bug in Stack::DeleteRange
This bug does not affect the Torque run on tip-of-tree, but surfaced
in https://crrev.com/c/1196693.
The logic in Stack::DeleteRange was completely wrong and does not work
if the number of moved elements is bigger than the number of deleted
elements.

Change-Id: I5433b3b06e2e54646104493e9bc5e77b9763a521
Reviewed-on: https://chromium-review.googlesource.com/c/1282103
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56676}
2018-10-16 09:24:45 +00:00
Jakob Gruber
34ec9ec7ca [regexp] Fix invalid access into empty string
If `out` is empty accessing `out.back()` is invalid.

TBR=yangguo@chromium.org

Bug: chromium:894934
Change-Id: I7286c5b6a9857f1cdb2bcaf383094bee65bac393
Reviewed-on: https://chromium-review.googlesource.com/c/1282565
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56669}
2018-10-16 08:17:24 +00:00
Mathias Bynens
f69bc879a4 Revert "Ship well-formed JSON.stringify 🎉"
This reverts commit 0d91db0b32.

Reason for revert: <INSERT REASONING HERE>

Original change's description:
> Ship well-formed JSON.stringify 🎉
> 
> Proposal repository:
> https://github.com/tc39/proposal-global
> 
> Intent to ship:
> https://groups.google.com/d/msg/v8-users/IRu3bAC_pLM/pFwz2ti1AgAJ
> 
> Bug: v8:7782
> Change-Id: Iaf790f134917796deac0e84cc931828934a6e589
> Reviewed-on: https://chromium-review.googlesource.com/c/1260122
> Commit-Queue: Mathias Bynens <mathias@chromium.org>
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#56650}

TBR=gsathya@chromium.org,mathias@chromium.org

Change-Id: Ie214a72a01fa81f754fd411808eb0bb748f89dbb
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7782
Reviewed-on: https://chromium-review.googlesource.com/c/1282563
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56663}
2018-10-16 06:00:03 +00:00
Sathya Gunasekaran
9e984162da [Intl] Port ResolveLocale
- Add a new Intl::ResolveLocale method and uses it in all the intl objects.
- Fix CanonicalizeLocaleList to call out to HasProperty as per spec.
- Add calls to CanonicalizeLocaleList where it was previously missing.
- Change CanonicalizeLocaleListJS calls to CanonicalizeLocaleList now
  that we have migrated ResolveLocale.

Bug: v8:5751
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I4249d2045c1556f18d570b00f7c92cbc3fa52077
Reviewed-on: https://chromium-review.googlesource.com/c/1270255
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Frank Tang <ftang@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56660}
2018-10-16 02:34:54 +00:00
Hai Dang
d34cbcd789 [js-perf-tests] Fix micro-benchmark of spreading double arrays.
Array.prototype.map is currently not preserving PACKEDness. Use a
for-loop instead.

Bug: v8:7980
Change-Id: I08aff1cbcd84b9de260a5a1e2c68b9cfb5c3d888
Reviewed-on: https://chromium-review.googlesource.com/c/1280329
Commit-Queue: Hai Dang <dhai@google.com>
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56657}
2018-10-15 17:41:16 +00:00
Michael Lippautz
e11053a96f [api] Remove deprecated EmbedderHeapTracer APIs
Also fully deprecate AbortTracing.

Bug: chromium:843903
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I852d28d8ce0f02b3a048b1061de29c9fce71ce62
Reviewed-on: https://chromium-review.googlesource.com/c/1278811
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56655}
2018-10-15 16:37:49 +00:00
Michael Starzinger
c113f71a32 [wasm] Switch exception section encoding to new proposal.
This switches the encoding of the exceptions (in the exceptions as well
as the import section) to use a signature index instead of a flat type
vector encoding. Note that only signatures that have a void return type
can be used for declaring exceptions.

R=clemensh@chromium.org
BUG=v8:8153

Change-Id: I481ccbce9ddf29becdf4ed7ceffe80d6145446e1
Reviewed-on: https://chromium-review.googlesource.com/c/1280323
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56654}
2018-10-15 16:05:21 +00:00
Ross McIlroy
c73fa4fce4 [Build] Add support for V8 Lite mode.
Adds a build-time flag to control enabling of V8 Lite mode. Currently
this mode enables optimize-for-size and makes that flag read-only so that
it can't be changed at runtime.

This mode also replaces the --minimal flag which was previously used
to make porting easier.

BUG=v8:8293

Change-Id: I8360b4d55dd15a2a7c18429c94329dc5264dea86
Reviewed-on: https://chromium-review.googlesource.com/c/1276467
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56653}
2018-10-15 16:04:17 +00:00
Ulan Degenbaev
2dd15af700 [heap] Fix data race in sweeper.
The race happens when the sweeper is looking up the size of an object
that had its map replaced concurrently.

The fix is to load the object map using an acquire load so that the
sweeper observes the initializing stores of the new map.

Bug: v8:8303
Change-Id: Ifaaef06cb815be7d07b6a574085ee61a466bc1d6
Reviewed-on: https://chromium-review.googlesource.com/c/1280310
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56652}
2018-10-15 16:00:07 +00:00
Mathias Bynens
0d91db0b32 Ship well-formed JSON.stringify 🎉
Proposal repository:
https://github.com/tc39/proposal-global

Intent to ship:
https://groups.google.com/d/msg/v8-users/IRu3bAC_pLM/pFwz2ti1AgAJ

Bug: v8:7782
Change-Id: Iaf790f134917796deac0e84cc931828934a6e589
Reviewed-on: https://chromium-review.googlesource.com/c/1260122
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56650}
2018-10-15 15:29:33 +00:00
Hai Dang
05b7308aec [js-perf-tests] Add micro-benchmarks for copying double arrays.
Bug: v8:7980
Change-Id: I6e7f1c064830c0055f8708472b62221ab5ca3288
Reviewed-on: https://chromium-review.googlesource.com/c/1280325
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Hai Dang <dhai@google.com>
Cr-Commit-Position: refs/heads/master@{#56647}
2018-10-15 15:05:21 +00:00
Adam Klein
cc8c92a9ae Reduce wasm OWNERS to current team members
Change-Id: I982f3615136c7a4ba18e4a6d2cc06a3e24e22f54
Reviewed-on: https://chromium-review.googlesource.com/c/1277722
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56645}
2018-10-15 14:47:49 +00:00
Clemens Hammacher
f717e7f5b2 [wasm] Don't put interpreter entries in the code table
For serialization we are using the code table to find the code of all
functions. We want to serialize compiled code though, not interpreter
entries (we currently fail a DCHECK there).
This CL changes the logic to not update the code table with interpreter
entries but instead keeps a separate bit set of interpreted functions.

R=mstarzinger@chromium.org

Bug: v8:8177, chromium:735509
Change-Id: I69c59f92712135ddef667b54114614fad94cc6fc
Reviewed-on: https://chromium-review.googlesource.com/c/1278794
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56644}
2018-10-15 14:46:09 +00:00
Maya Lekova
860ddfc06b [async-await] Fix INIT hook with --harmony-await-optimization
Split the runtime function for initializing a promise into AwaitPromisesInit
and AwaitPromisesInitOld, the former not firing the INIT hook and being used
by the AwaitOptimized builtin. In addition to this the AsyncHooks now caches
all the previously inited promises and checks that the init hook is not fired
twice for the same promise.

Modified test expectations for the new async ids in the async hooks tests.

Bug: v8:8300
Change-Id: If4a17e501b2a233578fa70b6442f219473f001d9
Reviewed-on: https://chromium-review.googlesource.com/c/1280442
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56642}
2018-10-15 14:36:56 +00:00
Igor Sheludko
1898944bd9 Revert "Reland "Create a fast path to get migration target when updating map""
This reverts commit 6ec90ecee2.

Reason for revert: causes a lot of Canary crashes (chromium:895208).
GC relies on an the fact that the transition array stays alive while it's owner map
is alive (this is needed in order to properly transfer descriptor array ownership
to the parent map when the map owning a shared descriptor array dies). We need to
rethink a way of caching the migration target shortcut.

Original change's description:
> Reland "Create a fast path to get migration target when updating map"
>
> This is a reland of c285380ca8
>
> Original change's description:
> > Create a fast path to get migration target when updating map
> >
> > During map updating, store the pointer to new map in the
> > raw_transitions slot of the old map that is deprecated from map
> > transition tree. Thus, we can get the migration target directly
> > instead of TryReplayPropertyTransitions when updating map.
> >
> > This can improve Speedometer2.0 Elm-TodoMVC case by ~5% on ATOM
> > Chromebook and ~9% on big-core Ubuntu.
> >
> > Change-Id: I56f9ce5183bbdd567b964890f623ef0ceed9b7db
> > Reviewed-on: https://chromium-review.googlesource.com/1233433
> > Commit-Queue: Shiyu Zhang <shiyu.zhang@intel.com>
> > Reviewed-by: Igor Sheludko <ishell@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#56303}
>
> Change-Id: Idf0b7716b92a6a15bfe58721c2c34dbd02b31137
> Reviewed-on: https://chromium-review.googlesource.com/c/1270261
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Shiyu Zhang <shiyu.zhang@intel.com>
> Cr-Commit-Position: refs/heads/master@{#56588}

TBR=ishell@chromium.org,shiyu.zhang@intel.com

# Not skipping CQ checks because original CL landed > 1 day ago.

Change-Id: Ie7e9b98395b041a1095da549d1cd71d7180a4888
Bug: chromium:895208
Reviewed-on: https://chromium-review.googlesource.com/c/1280223
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56641}
2018-10-15 14:35:37 +00:00
Ross McIlroy
27e5c0b33f [CompilerDispatcher] Add support for aborting a job.
Some jobs might need to be aborted, e.g., if a function is a default parameter in an
arrow function it will be re-scoped and won't have a SFI to register. Adds support to
abort jobs without having to block if the job is currently running on the background
thread.

BUG=v8:8041

Change-Id: I9149740401cbaaa31c21be9d79d4e3f5c450bfcf
Reviewed-on: https://chromium-review.googlesource.com/c/1278497
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56637}
2018-10-15 13:31:26 +00:00
Toon Verwaest
ee9ac86ad9 [parser] Restructure ParseLeftHandSide
- use a token-range to quickly identify LHS continuation
- queue binding pattern errors only once
- outline LHS continuation to reduce memory overhead from aggressive inlining (30kb)

Change-Id: Ic0f3cfc3ea0bd6cedb6cea991a69f55f2bada14a
Reviewed-on: https://chromium-review.googlesource.com/c/1280207
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56633}
2018-10-15 12:36:43 +00:00
Clemens Hammacher
40be7df641 Remove redundant IsAddressAligned function
Since {Address} is just {uintptr_t}, we can just use the standard
{IsAligned} function.

R=mlippautz@chromium.org

Bug: v8:8238
Change-Id: I260591e88b50855cf327096a07b2c18f0c1e4508
Reviewed-on: https://chromium-review.googlesource.com/c/1280204
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56631}
2018-10-15 12:16:44 +00:00
Georg Neis
4bc1517fe8 [test] Remove dead flags from some tests.
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I37c67adc857ce7dec1a06f580d981a35c474df1c
Reviewed-on: https://chromium-review.googlesource.com/c/1280322
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56626}
2018-10-15 10:00:12 +00:00
Georg Neis
be41df9646 [turbofan] Rename "js_heap_broker" to "broker".
There's no ambiguity and the shorter name makes things easier to read.

Bug: v8:7790
Change-Id: Ibcf3fd7f38a91e26a83cd335fad0ec80a5fe9be1
Reviewed-on: https://chromium-review.googlesource.com/c/1278392
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56623}
2018-10-15 08:17:17 +00:00
Benedikt Meurer
63f92a9f31 [turbofan] Fix representation selection of CheckFloat64Hole.
Properly handle the case where the CheckFloat64Hole becomes a
no-op after RETYPE (because the feedback type is already Number).
We always need to pass the Number restriction type here.

Bug: chromium:895199
Change-Id: I96a949ba35db1e6d35abedddc4507c101d95b716
Reviewed-on: https://chromium-review.googlesource.com/c/1278804
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56622}
2018-10-15 07:11:58 +00:00
Jaroslav Sevcik
c59c9c46b5 [turbofan] Fix Math.expm1 builtin typing.
This fixes the typing for the case when the call is not lowered to
the simplified operator.

Bug: chromium:880207
Change-Id: Icecf12de77ece0fe9ffec2777874f5f0004a1e97
Reviewed-on: https://chromium-review.googlesource.com/c/1278642
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56621}
2018-10-15 06:00:03 +00:00
Bill Budge
9ecd4545fe [api] Add WebAssembly caching API
- Adds embedder callback to notify fully tiered compilation is finished,
  returning a WasmCompiledModule for serialization.
- Adds function to pass previously compiled bytes into WASM streaming
  compilation, for deserialization.
- Plumbs this API through StreamingDecoder.

Bug: chromium:719172
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ibe376f3a8ccfa90fda730ef4ff6628a1532da45c
Reviewed-on: https://chromium-review.googlesource.com/c/1252884
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56617}
2018-10-12 21:34:45 +00:00
Maya Lekova
71ed3d9b95 [test] Skip flaky user-properties-module test on TSAN
Bug:v8:8303

NOTRY=true

Change-Id: I45da1a1f0f16488610ddabfd0bb88408571fa161
Reviewed-on: https://chromium-review.googlesource.com/c/1278279
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56614}
2018-10-12 16:05:42 +00:00
Benedikt Meurer
b1a9769425 [async] Follow initial promise chains created via Promise#then().
For the --async-stack-traces we can also look through initial parts of
the promise chain that were created by regular Promise#then() calls to
walk up to the first async function frame. This addresses the missing
support for aforementioned example

```js
(async function() {
  await Promise.resolve().then(() =>
    console.log(new Error().stack));
})();
```

which now also works.

Bug: v8:7522
Change-Id: I574943c1fc6ee4a1bd56f208dce78eb7506c5c4f
Reviewed-on: https://chromium-review.googlesource.com/c/1278276
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56613}
2018-10-12 15:49:01 +00:00
Clemens Hammacher
75b5666175 [base] Introduce MutexGuard as typedef for LockGuard<Mutex>
LockGuard is mostly used with Mutex. Since both are defined outside the
internal namespace, we often have to write
{base::LockGuard<base::Mutex>}. This CL shortens this to
{base::MutexGuard} across the code base

R=mlippautz@chromium.org

Bug: v8:8238
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I020d5933b73aafb98c4b72e3bb2dfd07c979ba73
Reviewed-on: https://chromium-review.googlesource.com/c/1278796
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56612}
2018-10-12 15:44:51 +00:00
Sathya Gunasekaran
230dd86ce6 [Class] Fix debug scope iteration for class fields
When trying to print the scope information for the class fields
initializer function, the debugger asks the parser to parse the class
literal as a function literal (to get the scope info) ... which
doesn't quite work.

Instead of adding support for parsing the class literal, we just short
cicruit this parsing step by just returning an empty context.

This works fine because initializer function doesn't have any
variables in it's local scope.

The one caveat is that the objects in the scope above this function
(like the global) are now missing. This trade off is possibly fine
for now, as adding parsing support for class literal to only produce
would be a lot of code for not enough use.

As a follow up to this change, the devtools UI needs to be updated to
handle this empty context cleanly. Currently, it doesn't show the
`this` object if no context exists even if the `this` object is
correctly passed to the UI from the backend.

Bug: v8:5367, v8:8122
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I52965f26241bbf6abdc988783aa0fc44bb36901f
Reviewed-on: https://chromium-review.googlesource.com/c/1274268
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56611}
2018-10-12 14:01:22 +00:00
Maya Lekova
fb23303806 Revert "[test] Skpping flaky object-seal test on TSAN"
This reverts commit b5800a63e3.

Reason for revert: Proper fix has already landed, see https://chromium-review.googlesource.com/c/v8/v8/+/1278386

Original change's description:
> [test] Skpping flaky object-seal test on TSAN
> 
> NOTRY=true
> 
> TBR=machenbach@chromium.org
> 
> Bug: v8:8294
> Change-Id: Ib235139087bd6a651dc8bd43c5f9990e0513c7a5
> Reviewed-on: https://chromium-review.googlesource.com/c/1276627
> Commit-Queue: Maya Lekova <mslekova@chromium.org>
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#56573}

TBR=machenbach@chromium.org,mslekova@chromium.org

Change-Id: I641aa14c2a5c4a4d1db3cde6048cf355b59e4f7c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8294
Reviewed-on: https://chromium-review.googlesource.com/c/1278795
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56610}
2018-10-12 13:45:08 +00:00
Ross McIlroy
823a918240 [CompilerDispatcher] Simplify Abort logic and remove MemoryPressure notifications.
The memory pressure notification logic wasn't correct and given the current users of
the compiler dispatcher aren't posting speculative tasks, it isn't particularly useful.
After removing this, the abort logic can also be simplified significantly by removing the
non-blocking abort logic.

BUG=v8:8041

Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I584533b58fb717fdca46cc620822914d6bdb28b8
Reviewed-on: https://chromium-review.googlesource.com/c/1278495
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56609}
2018-10-12 13:28:20 +00:00
Maya Lekova
fa8af5a775 [test] Fix async hooks test which was swallowing a promise rejection
Updated the test so that it uses assertPromiseResult, which makes sure that
a promise rejection is not swallowed. The change is reflected in the actual
async ids, checked in the test.

Bug: v8:8300
Change-Id: Ie227ca74a8cf4e0e079809b21c3abc5a5f87c11a
Reviewed-on: https://chromium-review.googlesource.com/c/1278388
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56608}
2018-10-12 13:14:15 +00:00
Michael Starzinger
c3e66ed23e [wasm] Fix {WasmDecoder::OpcodeLength} for rethrow.
R=clemensh@chromium.org
TEST=unittests/WasmOpcodeLengthTest.Statements
BUG=v8:8091

Change-Id: Ia2a01d5c35ace33c9c8a29a8df7b30e3f1e119cc
Reviewed-on: https://chromium-review.googlesource.com/c/1278728
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56606}
2018-10-12 11:56:10 +00:00
Hai Dang
c659e944f1 [js-perf-test] Fix spread set benchmark (again).
Change-Id: Iec5e6baff16260317f693188b01230ab0c2bb86f
Reviewed-on: https://chromium-review.googlesource.com/c/1278809
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Hai Dang <dhai@google.com>
Cr-Commit-Position: refs/heads/master@{#56603}
2018-10-12 10:50:59 +00:00
Clemens Hammacher
bfa2be86af [wasm] Move WasmGraphBuildingInterface to own cc file
This class was defined in function-body-decoder.cc, but it's not an
implementation of function body decoding, but rather the interface
between the decoder and the WasmGraphBuilder. Hence move it out to its
own file.

R=titzer@chromium.org, mstarzinger@chromium.org

Bug: v8:8238
Change-Id: Ib9bf47e90a3683f578b30b6de74d01da81b2be93
Reviewed-on: https://chromium-review.googlesource.com/c/1278391
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56602}
2018-10-12 10:40:11 +00:00
Clemens Hammacher
ede7df9cb4 [wasm] Move definition of FunctionSig to a common place
We were re-definining the FunctionSig typedef in several places. This
CL moves it to value-type.h, since it's a signature over ValueType.

R=titzer@chromium.org

Bug: v8:8238
Change-Id: Id5e8a55c7e0f98d61235e32a5e6cd12e04d26947
Reviewed-on: https://chromium-review.googlesource.com/c/1278387
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56597}
2018-10-12 09:56:58 +00:00
Ross McIlroy
85b7f1cd91 [Parser] Add basic support for parallel IIFE parse / compile tasks.
Adds support for enqueuing parallel parse / compile tasks for eagerly
compiled IIFEs during parsing. If the --parallel-compile-tasks flag is
enabled, the parser will pre-parse eager top-level IIFEs and enqueue a
task on the compiler dispatcher to do the actual parsing / compilation
on a worker thread.

Currently we always enqueue the task, but we likely want to only
enqueue parallel tasks where the script has multiple IIFEs or a
substantial amount of top-level script code before the IIFE to avoid
the main thread having to immediately block on the parallel task. This
work will be done as a follow-up.

BUG=v8:8041

Change-Id: If68d7c374548cabd4ec32f1fb6752da7d6aaae6b
Reviewed-on: https://chromium-review.googlesource.com/c/1275354
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56593}
2018-10-12 08:48:48 +00:00
Hai Dang
65aaf00a61 [js-perf-test] Fix spread set benchmark.
Bug: v8:7980
Change-Id: I35b24638b5e2995bb6a5cbb5a28d0d186e807ef3
Reviewed-on: https://chromium-review.googlesource.com/c/1278725
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Hai Dang <dhai@google.com>
Cr-Commit-Position: refs/heads/master@{#56591}
2018-10-12 08:43:58 +00:00
Benedikt Meurer
9f28c129a0 [async] Introduce the notion of a "current microtask".
Change the way we start collecting async stack traces by storing the
current microtask as a root instead of trying to make sense of the
last frame we see. This makes it possible to use the zero cost async
stack traces in Node.js as well (where the last JavaScript frame we
see is not the actual async function, but some frame related to the
main event loop usually).

In addition to the benefit that it now works with Node.js, we can also
extend the new machinery to look through (almost arbitrary) promise
chains. For example this code snippet

```js
(async function() {
  await Promise.resolve().then(() =>
    console.log(new Error().stack));
})();
```

can be made to also show the async function frame, even though at the
point where the stack trace is collected we don't have any async
function on the stack. But instead there's a PromiseReactionJobTask
as "current microtask", and we can dig into the chained promise to
see where the async execution is going to continue and eventually
find the await promise in the chain.

This also removes the removes the need to allocate `.generator_object`
specially during scope resolution.

Bug: v8:7522
Ref: nodejs/node#11865
Tbr: ulan@chromium.org
Design-Document: bit.ly/v8-zero-cost-async-stack-traces
Change-Id: Ib96cb17c2f75cce083a24e5ba2bbb7914e20d203
Reviewed-on: https://chromium-review.googlesource.com/c/1277505
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56590}
2018-10-12 08:42:53 +00:00
Shiyu Zhang
6ec90ecee2 Reland "Create a fast path to get migration target when updating map"
This is a reland of c285380ca8

Original change's description:
> Create a fast path to get migration target when updating map
>
> During map updating, store the pointer to new map in the
> raw_transitions slot of the old map that is deprecated from map
> transition tree. Thus, we can get the migration target directly
> instead of TryReplayPropertyTransitions when updating map.
>
> This can improve Speedometer2.0 Elm-TodoMVC case by ~5% on ATOM
> Chromebook and ~9% on big-core Ubuntu.
>
> Change-Id: I56f9ce5183bbdd567b964890f623ef0ceed9b7db
> Reviewed-on: https://chromium-review.googlesource.com/1233433
> Commit-Queue: Shiyu Zhang <shiyu.zhang@intel.com>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#56303}

Change-Id: Idf0b7716b92a6a15bfe58721c2c34dbd02b31137
Reviewed-on: https://chromium-review.googlesource.com/c/1270261
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Shiyu Zhang <shiyu.zhang@intel.com>
Cr-Commit-Position: refs/heads/master@{#56588}
2018-10-12 08:21:13 +00:00
Clemens Hammacher
56b8ab5d07 [Liftoff] Fewer pinned registers on store
On ia32, we were pinning too many registers, resulting in no unpinned
byte registers left (we only have three byte registers since {ebx}
is reserved for the root register).
It turns out that on most paths, we don't actually need to pin any
registers, since {Store} is often the last call for an operation (like
any store or set_global). If registers need to be pinned, only pass
those that must be kept alive across the {Store}. This allows to
compute a more narrow set of pinned registers on demand inside {Store}.

Plus minor drive-by changes.

R=titzer@chromium.org

Bug: chromium:894374, chromium:894307, v8:6600
Change-Id: Ic4d7131784c193dc7a2abf0e504d9973f6d5c5f1
Reviewed-on: https://chromium-review.googlesource.com/c/1275819
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56587}
2018-10-12 08:11:52 +00:00
Jakob Kummerow
d4612bbd61 Move MessageTemplate enum into its own header file
The primary purpose of this is to untangle a circular dependency
objects.h -> handles.h -> objects.h. Most compilation units only
need message-template.h, without the rest of messages.h.
Bonus: change the enum to an enum class for improved type safety.

Bug: v8:3770
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I8102c55197a450811de2588a68a08e7f99ea6b9e
Reviewed-on: https://chromium-review.googlesource.com/c/1272193
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56583}
2018-10-11 23:01:32 +00:00
Yang Guo
4dc8ce935b Allow instance call handler to be called as constructor
If the instance template is not marked as undetectable, we can
allow it to be called as a constructor. This broke previously with
commit ff05633408.

R=verwaest@chromium.org

Bug: v8:7670
Change-Id: I6ecde33bd7532bea4786b2282efce9060bb76276
Reviewed-on: https://chromium-review.googlesource.com/c/1272579
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56577}
2018-10-11 16:21:53 +00:00
Maya Lekova
45406d0e78 [test] Skip flaky cctest OutOfMemorySmallObjects
Skipping on all platforms, as it started appearing regularly.

Bug:v8:8296

NOTRY=true

TBR=machenbach@chromium.org

Change-Id: Ia43ece07af5ed5f0767fad9651be30b2cd3563f2
Reviewed-on: https://chromium-review.googlesource.com/c/1276633
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56575}
2018-10-11 15:57:57 +00:00
Toon Verwaest
79d1b0447e [parser] Move GetUnexpectedTokenMessage to Parser with dummy preparser impl
Now that the preparser doesn't track errors anymore, it also doesn't make sense
to prepare the message.

Change-Id: Ifc69e67f9220be69812257b0fc18b55097236dbd
Reviewed-on: https://chromium-review.googlesource.com/c/1275818
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56574}
2018-10-11 15:37:44 +00:00
Maya Lekova
b5800a63e3 [test] Skpping flaky object-seal test on TSAN
NOTRY=true

TBR=machenbach@chromium.org

Bug: v8:8294
Change-Id: Ib235139087bd6a651dc8bd43c5f9990e0513c7a5
Reviewed-on: https://chromium-review.googlesource.com/c/1276627
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56573}
2018-10-11 15:06:10 +00:00
Hannes Payer
17890f67fb [heap] Externalize mark bitmap.
Change-Id: Idc52e3ed6af13b20569a412e98bae0841d32e009
Reviewed-on: https://chromium-review.googlesource.com/c/1254125
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56572}
2018-10-11 15:03:40 +00:00
Marja Hölttä
1f37c0c592 [js weak refs] Add cctests
These test mainly the data structures of JSWeakFactory / JSWeakCell.

BUG=v8:8179

Change-Id: I20ffd07c18bbb2e21c69d11aa65d1e245203cc82
Reviewed-on: https://chromium-review.googlesource.com/c/1267939
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56569}
2018-10-11 13:42:08 +00:00
Michael Starzinger
eac44d603b [wasm] Initial implementation of rethrow expressions.
R=titzer@chromium.org
TEST=mjsunit/wasm/exceptions-rethrow,unittests/FunctionBodyDecoderTest
BUG=v8:8091

Change-Id: If52be505fb9897af1bd59d17d1ab47b33b665be0
Reviewed-on: https://chromium-review.googlesource.com/c/1273050
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56563}
2018-10-11 12:54:22 +00:00
Sigurd Schneider
f90f20d8f3 [ia32,root] Skip tests instead of expecting failure
Change-Id: I63abed81995b408ac4e82a4d3b31c948a96de06d
Bug: v8:6666, v8:8288
Reviewed-on: https://chromium-review.googlesource.com/c/1275809
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56558}
2018-10-11 10:48:57 +00:00
Georg Neis
00227e7f4c [turbofan] Introduce experimental --concurrent-inlining flag.
For now, all it does is control when the heap broker starts
serializing. Eventually it will do what its name suggests.

I'm also renaming --concurrent-compiler-frontend to the more
accurate --concurrent-typed-lowering. Note that it's forceably
implied by --concurrent-inlining.

Bug: v8:7790
Change-Id: I55c1d8f1538146e89f3e166cb9165f6f38447146
Reviewed-on: https://chromium-review.googlesource.com/c/1270839
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56557}
2018-10-11 10:38:17 +00:00
Michael Starzinger
b7f1334e74 [wasm] Fix corner cases with unreachable catch-all blocks.
This makes sure that catch blocks that are practically unreachable due
to missing exceptional projections are handled properly. Note that this
is independent of how reachability will be outlined in the final spec
for exception handling. Currently we just assume that all catch blocks
are spec-wise reachable.

R=titzer@chromium.org
TEST=mjsunit/wasm/exceptions-catchall
BUG=v8:8091

Change-Id: I13607a59bd76be146df836e88105a2fbafedb760
Reviewed-on: https://chromium-review.googlesource.com/c/1273018
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56556}
2018-10-11 10:27:47 +00:00
Benedikt Meurer
a63987a41a [async] Introduce dedicated JSAsyncFunctionObject.
This JSAsyncFunctionObject represents the implicit generator object
inside of async functions, and also holds the outer promise for the
async functions. This in turn allows us to get rid of the .promise
in the Parser / BytecodeGenerator completely, and will make it
possible to build zero-cost async stack traces independent of the
concrete synchronous part of the stack frame (which currently breaks
in Node.js).

In the bytecode all the async function operations now take this new
JSAsyncFunctionObject instead of passing both the .generator_object
and the .promise, which further simplifies and shrinks the bytecode.
It also reduces the size of async function frames, potentially making
the suspend/resume cheaper.

This also changes `await` to use intrinsics instead of calling to
special JSFunctions on the native context, and thus reduces the size of
the native contexts.

Drive-by-fix: Introduce a dedicated JSCreateAsyncFunctionObject operator
to TurboFan.

Bug: v8:7253, v8:7522
Change-Id: I2305302285156aa1f71328ecac70377abdd92c80
Ref: nodejs/node#11865
Design-Document: http://bit.ly/v8-zero-cost-async-stack-traces
Reviewed-on: https://chromium-review.googlesource.com/c/1273049
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56554}
2018-10-11 09:22:58 +00:00
Igor Sheludko
54855b67d4 [ptr-compr] Move Heap::root() to Isolate
... and Heap::root_handle() to RootsTable.

This is a preliminary step before moving IsolateData object from Heap to Isolate
which is required for pointer-compression friendly heap layout.

Bug: v8:8182
Change-Id: Ideacc1c9e4435be7a33db08415ac1ad46e956199
Reviewed-on: https://chromium-review.googlesource.com/c/1273238
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56552}
2018-10-11 08:59:50 +00:00
Igor Sheludko
b929b52e36 [ptr-compr] Introduce IsolateData class
... containing RootsTable, ExternalReferenceTable, builtins array and
potentially some other data that can be accessed via the RootRegister.

This is a preliminary step before adding support for pointer-compression
friendly heap layout.

Bug: v8:8182
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I2899f657aaff1351a5304afa0b1a4c5ae4cfc31d
Reviewed-on: https://chromium-review.googlesource.com/c/1245426
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56551}
2018-10-11 08:01:37 +00:00
Georg Neis
812e768cbe [modules] Implement new syntax: export * as foo from "..."
This is behind a new flag --harmony-namespace-exports.

Bug: v8:8101
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I9c252b6de2b08223fcf3296340b78d721471bdb4
Reviewed-on: https://chromium-review.googlesource.com/c/1258004
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56550}
2018-10-11 07:08:33 +00:00
Michael Achenbach
4efa9aacdd Revert "[test] Skip test on gc fuzzer"
This reverts commit 2148d82732.

Reason for revert: bug was fixed

Original change's description:
> [test] Skip test on gc fuzzer
> 
> TBR=marja@chromium.org
> 
> Bug: v8:8286
> Change-Id: I862d557c22e373c81171f0bb33b23d37157fbccd
> Reviewed-on: https://chromium-review.googlesource.com/c/1273120
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#56527}

TBR=machenbach@chromium.org,marja@chromium.org

Change-Id: I9bf0632815acdd1ea29f5e622e8313b061ddd20e
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8286
Reviewed-on: https://chromium-review.googlesource.com/c/1275805
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56548}
2018-10-11 07:03:27 +00:00
Ben Smith
bf3c8b8ff3 [wasm] Cleanup wasm-module-builder.js
Use naming similar to the spec: "table" instead of "function table",
"element segment" instead of "function table init".

Change-Id: Ib1b6cdfa566f8bd00017ccedf9440084204f10ff
Reviewed-on: https://chromium-review.googlesource.com/c/1273612
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56545}
2018-10-10 22:50:57 +00:00
Michael Lippautz
dfa56840fe [heap] Use non-nestable tasks for finalizing garbage collection
Pass on information about the embedder state using the fact that tasks
are run from top level

Bug: chromium:893944
Change-Id: I01441778770c5acc784540e496eec5c3fdb87796
Reviewed-on: https://chromium-review.googlesource.com/c/1273048
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56540}
2018-10-10 18:38:14 +00:00
Benedikt Meurer
585b4eef6a [turbofan] Improve NumberMultiply typing rule.
The NumberMultiply typing rule gave up in the presence of NaN inputs,
but we can still infer useful ranges here and just union the result
of that with the NaN propagation (similar for MinusZero propagation).
This way we can still makes sense of these ranges at the uses.

Bug: v8:8015
Change-Id: Ic4c5e8edc6c68776ff3baca9628ad7de0f8e2a92
Reviewed-on: https://chromium-review.googlesource.com/c/1261143
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56539}
2018-10-10 18:16:17 +00:00
Jaroslav Sevcik
1e06ed35ad [test] Add type confusion poisoning test for polymorhic access.
Bug: chromium:866847
Change-Id: Icfda750c64c31ab48a882822883f6cef51c5bf92
Reviewed-on: https://chromium-review.googlesource.com/c/1270918
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56537}
2018-10-10 17:57:57 +00:00
Michael Achenbach
a19044e243 [test] Bump shards on slow optional trybot
Also skip the slowest test.

TBR=sergiyb@chromium.org
NOTRY=true

Change-Id: I9646dc750fafe47a0680e57ed029ab24a521d1a3
Reviewed-on: https://chromium-review.googlesource.com/c/1273885
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56535}
2018-10-10 17:22:13 +00:00
Sigurd Schneider
1e3a8d36e8 [ia32,root] Disable test triggering known issue
Disable a new test that triggers a known issue with the arguments
adaptor trampoline.

TBR=jgruber@chromium.org

Change-Id: Id89b71e49e5dbef06d75758d98ed162c07fc34f4
Bug: v8:6666
Reviewed-on: https://chromium-review.googlesource.com/c/1273052
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56532}
2018-10-10 14:56:46 +00:00
Jakob Gruber
aac2f8c933 [coverage] Filter out singleton ranges that alias full ranges
Block coverage is based on a system of ranges that can either have
both a start and end position, or only a start position (so-called
singleton ranges). When formatting coverage information, singletons
are expanded until the end of the immediate full parent range. E.g.
in:

{0, 10}  // Full range.
{5, -1}  // Singleton range.

the singleton range is expanded to {5, 10}.

Singletons are produced mostly for continuation counters that track
whether we execute past a specific language construct.

Unfortunately, continuation counters can turn up in spots that confuse
our post-processing. For example:

if (true) { ... block1 ... } else { ... block2 ... }

If block1 produces a continuation counter, it could end up with the
same start position as the else-branch counter. Since we merge
identical blocks, the else-branch could incorrectly end up with an
execution count of one.

We need to avoid merging such cases. A full range should always take
precedence over a singleton range; a singleton range should never
expand to completely fill a full range. An additional post-processing
pass ensures this.

Bug: v8:8237
Change-Id: Idb3ec7b2feddc0585313810b9c8be1e9f4ec64bf
Reviewed-on: https://chromium-review.googlesource.com/c/1273095
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56531}
2018-10-10 14:17:59 +00:00
Hai Dang
60d3ce727f Add iterator protectors for JSMapIterator/JSSet/JSSetIterator.
The MapIterator protector protects the original iteration behaviors of
Map.prototype.keys(), Map.prototype.values(), and Set.prototype.entries().
It does not protect the original iteration behavior of
Map.prototype[Symbol.iterator](). The protector is invalidated when:
* The 'next' property is set on an object where the property holder is the
  %MapIteratorPrototype% (e.g. because the object is that very prototype).
* The 'Symbol.iterator' property is set on an object where the property
  holder is the %IteratorPrototype%. Note that this also invalidates the
  SetIterator protector (see below).

The SetIterator protector protects the original iteration behavior of
Set.prototype.keys(), Set.prototype.values(), Set.prototype.entries(),
and Set.prototype[Symbol.iterator](). The protector is invalidated when:
* The 'next' property is set on an object where the property holder is the
  %SetIteratorPrototype% (e.g. because the object is that very prototype).
* The 'Symbol.iterator' property is set on an object where the property
  holder is the %SetPrototype% OR %IteratorPrototype%. This means that
  setting Symbol.iterator on a MapIterator object can also invalidate the
  SetIterator protector, and vice versa, setting Symbol.iterator on a
  SetIterator object can also invalidate the MapIterator. This is an over-
  approximation for the sake of simplicity.

Bug: v8:7980
Change-Id: I54ad6e4c7f19ccc27d7001f6c4b6c8d6ea4ee871
Reviewed-on: https://chromium-review.googlesource.com/c/1273102
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Hai Dang <dhai@google.com>
Cr-Commit-Position: refs/heads/master@{#56530}
2018-10-10 14:10:29 +00:00
Michael Achenbach
2148d82732 [test] Skip test on gc fuzzer
TBR=marja@chromium.org

Bug: v8:8286
Change-Id: I862d557c22e373c81171f0bb33b23d37157fbccd
Reviewed-on: https://chromium-review.googlesource.com/c/1273120
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56527}
2018-10-10 13:21:45 +00:00
Ben L. Titzer
98e3e32df2 [wasm] Cache import wrappers in NativeModule
Now that import wrappers are no longer specialized to an index, they
can be cached in the native module, keyed by
(WasmImportCallKind, FunctionSig). This saves instantiation time and
also fixes a (slow) memory leak.

R=mstarzinger@chromium.org

Change-Id: I5197bbfae79d6e811a01289b990db445373eea6c
Reviewed-on: https://chromium-review.googlesource.com/c/1270943
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56526}
2018-10-10 13:03:32 +00:00
Ben L. Titzer
a2b3480611 [wasm] Use a tuple as the instance for JS imports
This CL refactors the implementation of WASM->JS import wrappers in order
to make the wrapper code shareable. Instead of specializing to the import
index, we use a tuple as the object ref in the both the import and indirect
tables. The tuple allows the wrapper code to load both the calling
instance and the target callable, rather than relying on code specialization.

This requires some tricky codegen machinery, because WASM call descriptors
expect an instance argument in a given register, yet the wrappers receive
a tuple, the code generator must generate a prologue that loads the
instance (and the callable), since it is not possible to express this at
the graph level.

R=mstarzinger@chromium.org
CC=clemensh@chromium.org

Change-Id: Id67e307f7f5089e776f5439a53b5aee4b76934b6
Reviewed-on: https://chromium-review.googlesource.com/c/1268237
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56520}
2018-10-10 11:07:35 +00:00
Sigurd Schneider
ed93fc67d3 [ia32,root] Enable compilation with the PreserveRoot register config
Change-Id: I2499c3ada16bdf51f7830847753b856aa8aaff46
Bug: v8:6666
Reviewed-on: https://chromium-review.googlesource.com/c/1270836
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56515}
2018-10-10 10:34:10 +00:00
Clemens Hammacher
7074113d7e [wasm][test] Refactor breakpoint inspector test
Before adding another test for removing breakpoint, this CL modernizes
the existing test for setting breakpoints.

R=kozy@chromium.org
CC=ahaas@chromium.org

Bug: chromium:837572
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I642f9673f327f4ec569a4f67a61b5e264cf25b8f
Reviewed-on: https://chromium-review.googlesource.com/c/1264636
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56514}
2018-10-10 10:24:32 +00:00
Jakob Gruber
47d34a317e Revert "[coverage] change block range to avoid ambiguity."
This reverts commit 471fef0469.

Reason for revert: A more general fix incoming at https://crrev.com/c/1273095.

Original change's description:
> [coverage] change block range to avoid ambiguity.
> 
> By moving the block range end to left of closing bracket,
> we can avoid ambiguity where an open-ended singleton range
> could be both interpreted as inside the parent range, or
> next to it.
> 
> R=​verwaest@chromium.org
> 
> Bug: v8:8237
> Change-Id: Ibc9412b31efe900b6d8bff0d8fa8c52ddfbf460a
> Reviewed-on: https://chromium-review.googlesource.com/1254127
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#56347}

TBR=yangguo@chromium.org,neis@chromium.org,verwaest@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:8237
Change-Id: I39310cf3c2f06a0d98ff314740aaeefbfffc0834
Reviewed-on: https://chromium-review.googlesource.com/c/1273096
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56513}
2018-10-10 10:11:57 +00:00
Hai Dang
2293f88074 [js-perf-test] Add micro-benchmarks for spreading maps and sets.
Bug: v8:7980
Change-Id: I640119fc9a9af66370c47f4d5b16244a1cc3f716
Reviewed-on: https://chromium-review.googlesource.com/c/1256810
Commit-Queue: Hai Dang <dhai@google.com>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56504}
2018-10-10 08:32:15 +00:00
Benedikt Meurer
0038e5f05f [async] Improve async function handling.
This change introduces new intrinsics used to desugar async functions
in the Parser and the BytecodeGenerator, namely we introduce a new
%_AsyncFunctionEnter intrinsic that constructs the generator object
for the async function (and in the future will also create the outer
promise for the async function). This generator object is internal
and never escapes to user code, plus since async functions don't have
a "prototype" property, we can just a single map here instead of tracking
the prototype/initial_map on every async function. This saves one word
per async function plus one initial_map per async function that was
invoked at least once.

We also introduce two new intrinsics %_AsyncFunctionReject, which
rejects the outer promise with the caught exception, and another
%_AsyncFunctionResolve, which resolves the outer promise with the
right hand side of the `return` statement. These functions also perform
the DevTools part of the job (aka popping from the promise stack and
sending the debug event). This allows us to get rid of the implicit
try-finally from async functions completely; because the finally
block only called to the %AsyncFunctionPromiseRelease builtin, which
was used to inform DevTools.

In essence we now turn an async function like

```js
async function f(x) { return await bar(x); }
```

into something like this (in Parser and BytecodeGenerator respectively):

```
function f(x) {
  .generator_object = %_AsyncFunctionEnter(.closure, this);
  .promise = %AsyncFunctionCreatePromise();
  try {
    .tmp = await bar(x);
    return %_AsyncFunctionResolve(.promise, .tmp);
  } catch (e) {
    return %_AsyncFunctionReject(.promise, e);
  }
}
```

Overall the bytecode for async functions gets significantly shorter
already (and will get even shorter once we put the outer promise into
the async function generator object). For example the bytecode for a
simple async function

```js
async function f(x) { return await x; }
```

goes from 175 bytes to 110 bytes (a ~38% reduction in size), which
is in particular due to the simplification around the try-finally
removal.

Overall this seems to improve the doxbee-async-es2017-native test by
around 2-3%. On the test case mentioned in v8:8276 we go from
1124ms to 441ms, which corresponds to a 60% reduction in total
execution time!

Tbr: marja@chromium.org
Bug: v8:7253, v8:7522, v8:8276
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Id29dc92de7490b387ff697860c900cee44c9a7a4
Reviewed-on: https://chromium-review.googlesource.com/c/1269041
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56502}
2018-10-10 06:37:53 +00:00
Igor Sheludko
33ebe358a5 [cleanup] Split the mutable roots list into immovable and movable
... and remove Heap::RootCanBeWrittenAfterInitialization() and
Heap::RootCanBeTreatedAsConstant() in favour of RootsTable::IsImmortalImmovable().

Bug: v8:8238
Change-Id: I804d06136de9584b8c4940fd8ab9d18fb3ef7980
Reviewed-on: https://chromium-review.googlesource.com/c/1270837
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56500}
2018-10-10 00:05:11 +00:00
Igor Sheludko
6621c2d8ec [ReadOnlyRoots] Make empty_property_dictionary a RO root
Bug: v8:8238
Change-Id: I112b6ec9c32afe03f43670aa3ed572af7525b26b
Reviewed-on: https://chromium-review.googlesource.com/c/1270586
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56491}
2018-10-09 15:15:50 +00:00
Maya Lekova
a297c58771 [test] Disable promise-all-overflow-1 on all platforms
The test started flaking on almost every run since 1 day, disabling
until the root cause is triaged.

NOTRY=true

Bug: v8:8219
Change-Id: Id3cf219874e79cefc41bb63a9a4a04b6288d5350
Reviewed-on: https://chromium-review.googlesource.com/c/1270942
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56488}
2018-10-09 14:59:39 +00:00
Igor Sheludko
39865bea7c Remove the check from the roots test that doesn't add value
Bug: v8:8238
Change-Id: I0883e36ddbacb3e6f222e33f5e4604b31723872f
Reviewed-on: https://chromium-review.googlesource.com/c/1270919
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56487}
2018-10-09 14:24:55 +00:00
Michael Starzinger
73250d9c88 [wasm] Fix corner cases with catch-all handling.
This fixes handling of two corner cases with catch-all blocks:
1) The catch-all blocks are conceptually outside the corresponding try.
2) Reachability of catch-all is determined by parent reachability.

R=clemensh@chromium.org
TEST=mjsunit/wasm/exceptions-catchall
BUG=v8:8091

Change-Id: Idfd8310bc232f3ce389763023c5a33f1ef90e0b5
Reviewed-on: https://chromium-review.googlesource.com/c/1270816
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56486}
2018-10-09 14:15:13 +00:00
Alexey Kozyatinskiy
9c9583a2f2 inspector: speedup InspectorTest.logMessage
Current implementation might take significant amount of time to
traverse big message. We can reuse builtin JSON.stringify replacer
feature to achieve big performance boost.

R=dgozman@chromium.org

Bug: none
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I59c15f3abb951e2aac938436657b18f608df5099
Reviewed-on: https://chromium-review.googlesource.com/c/1270263
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56484}
2018-10-09 13:42:30 +00:00
Marja Hölttä
b8f8deaf02 [js weak refs] Initial JS Weak Ref implementation.
Minimal implementation to run a simple example (see test) demonstrating the
weakness of WeakCell.

- Behind FLAG_harmony_weak_refs
- Add WeakFactory & WeakCell, no WeakRef in this version.

Spec clarifications: goo.gl/7ujBAk
Design doc: goo.gl/nvof2T

BUG=v8:8179

Change-Id: Iea2a7a2201e6380644235d190a542ab46e082382
Reviewed-on: https://chromium-review.googlesource.com/c/1238579
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56483}
2018-10-09 13:16:50 +00:00
Igor Sheludko
62e996536d Reland "[cleanup] Remove Heap::kOldSpaceRoots constant"
This is a reland of e3a42cfd2d

Original change's description:
> [cleanup] Remove Heap::kOldSpaceRoots constant
>
> ... in favour of RootsTable::IsImmortalImmovable().
>
> Bug: v8:8238
> Change-Id: Ic8434a1658b9ba982a93dd268dbfe52a6cc5c6a2
> Reviewed-on: https://chromium-review.googlesource.com/c/1270582
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#56472}

TBR=ulan@chromium.org,yangguo@chromium.org

Bug: v8:8238
Change-Id: I20edf9c4a596670ad2e6cf1ee87e679ee4a66bee
Reviewed-on: https://chromium-review.googlesource.com/c/1270593
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56480}
2018-10-09 12:39:21 +00:00
Michael Starzinger
2e007737ca [wasm] Add support for multiple catch blocks.
This adds support for multiple catch blocks being attached to a single
try block. The implemented semantics are that type checks are performed
in order from top to bottom.

Note that multiple catch blocks of the same type are not prohibited and
will be accepted, making the second such block essentially unreachable.
The current proposal neither explicitly allows nor prohibits it.

R=clemensh@chromium.org
TEST=mjsunit/wasm/exceptions
BUG=v8:8091

Change-Id: I31e7a07a7cffdd909a58342e00f05e52ed1a3182
Reviewed-on: https://chromium-review.googlesource.com/c/1270591
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56478}
2018-10-09 12:26:55 +00:00
Michael Starzinger
d56e29d1c0 [wasm] Initial catch-all control flow wiring.
This adds support to wire control flow of catch-all expressions into an
existing try-catch cascade. Note that multiple typed catch blocks are
not yet supported, only one typed catch block followed by one catch-all
block is supported.

In case the explicit catch-all block is missing, we emulate the correct
semantics by internally always emitting a catch-all containing a simple
rethrow instruction.

R=clemensh@chromium.org
TEST=mjsunit/wasm/exceptions-catchall
BUG=v8:8091

Change-Id: I6b29a98c4f1a558fabe6012f4ba6c7b7d43529bb
Reviewed-on: https://chromium-review.googlesource.com/c/1270585
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56476}
2018-10-09 11:09:58 +00:00
Maya Lekova
2f9fe115ce Revert "[cleanup] Remove Heap::kOldSpaceRoots constant"
This reverts commit e3a42cfd2d.

Reason for revert: Breaking compilation on "V8 Linux - noi18n - debug" bot, see https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20noi18n%20-%20debug/23170

Original change's description:
> [cleanup] Remove Heap::kOldSpaceRoots constant
> 
> ... in favour of RootsTable::IsImmortalImmovable().
> 
> Bug: v8:8238
> Change-Id: Ic8434a1658b9ba982a93dd268dbfe52a6cc5c6a2
> Reviewed-on: https://chromium-review.googlesource.com/c/1270582
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#56472}

TBR=ulan@chromium.org,yangguo@chromium.org,ishell@chromium.org

Change-Id: I3a160716c9d558f4ab89b45a7257a461733f7273
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8238
Reviewed-on: https://chromium-review.googlesource.com/c/1270588
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56475}
2018-10-09 10:56:27 +00:00
Florian Sattler
ea60dfcb05 [base] Fix wrong ThreadedList append for empty lists allocated on the stack.
Change-Id: Ieae88990f3d960c13a2bafc223e12061e994fce0
Reviewed-on: https://chromium-review.googlesource.com/c/1270580
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Florian Sattler <sattlerf@google.com>
Cr-Commit-Position: refs/heads/master@{#56474}
2018-10-09 10:49:15 +00:00
Ross McIlroy
493c894a2e [Compiler] Remove CompilerDispatcherJob and use BackgroundCompileTask directly
Simplify the logic in the CompilerDispatcher to use BackgroundCompileTasks
directly, rather than having a (now unecessary) CompilerDispatcherJob
abstraction. In the process, the CompilerDispatcherTracer is removed, and the
idle task logic is simplified finalize already compiled jobs until the
idle task deadline.

BUG=v8:8238, v8:8041

Change-Id: I1ea2366f959b6951de222d62fde80725b3cc70ff
Reviewed-on: https://chromium-review.googlesource.com/c/1260123
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56473}
2018-10-09 10:39:27 +00:00
Igor Sheludko
e3a42cfd2d [cleanup] Remove Heap::kOldSpaceRoots constant
... in favour of RootsTable::IsImmortalImmovable().

Bug: v8:8238
Change-Id: Ic8434a1658b9ba982a93dd268dbfe52a6cc5c6a2
Reviewed-on: https://chromium-review.googlesource.com/c/1270582
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56472}
2018-10-09 10:30:30 +00:00
Toon Verwaest
d46467c0d2 [parser] Remove FLAG_preparser_scope_analysis and friends
This flag has been on by default for some time. Once
https://chromium-review.googlesource.com/c/v8/v8/+/1270578 lands we need it to
be able to find duplicate parameters (to be spec-compliant).

Change-Id: I222023d7cd955127d3ecca42283b37063e962c58
Reviewed-on: https://chromium-review.googlesource.com/c/1270581
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56468}
2018-10-09 09:31:03 +00:00
Toon Verwaest
e874d6a3d0 [parser] Rewrite duplicate formal detection
Now duplicate parameter detection depends on tracking of unresolved references.
This also fixes finding duplicate parameters of arrow functions nested in other
arrow functions.

Change-Id: I644bfdc513244637345c1069e5c7e5fde713da63
Reviewed-on: https://chromium-review.googlesource.com/c/1270578
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56467}
2018-10-09 09:17:42 +00:00
Igor Sheludko
5bc86670b6 [cleanup] Cleanup IMMORTAL_IMMOVABLE_ROOT_LIST
... by removing entries corresponding to read only roots (which are
immortal immovable by definition) and using READ_ONLY_ROOT_LIST explicitly.

This CL also renames the list to MUTABLE_IMMORTAL_IMMOVABLE_ROOT_LIST and
moves Heap::RootIsImmortalImmovable() to RootsTable::IsImmortalImmovable().

Bug: v8:8238
Change-Id: I3e44a06d7a816955bc3471e788e883fb053b03d9
Reviewed-on: https://chromium-review.googlesource.com/c/1269035
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56466}
2018-10-09 09:05:37 +00:00
Jaroslav Sevcik
e16004833a [test] Add type confusion poisoning pattern matching test.
Change-Id: I588ada3eb4d47ce36fa84e1e2fd5014346c69dca
Bug: chromium:866847
Reviewed-on: https://chromium-review.googlesource.com/c/1268215
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56461}
2018-10-09 05:42:50 +00:00
Frank Tang
e12d6ab1eb [Intl] Fix intl/date-format/constructor-order
Also move some code from separated function into
JSDateTimeFormat::Initialize as suggested in review of previous CL.

Bug: v8:8066
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I6be61482759aa54890e8f9d86483436a1abcde87
Reviewed-on: https://chromium-review.googlesource.com/c/1252882
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56459}
2018-10-08 23:28:00 +00:00
Sathya Gunasekaran
d58f40b63b [Intl] Refactor LookupSupportedLocales
Fix spec non compliance by only trimming the unicode locales and not
all extensions.

Remove regexp and just use straightforward string manipulation.

Bug: v8:5751
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Ie95828a8f62834daf8cde189f408e95a14e796fe
Reviewed-on: https://chromium-review.googlesource.com/c/1255556
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56458}
2018-10-08 20:36:48 +00:00
Frank Tang
766ab3a5a3 [Intl] fix Intl.Locale subclassing bug
Bug: v8:8259
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I52e1f23453cb9c0010645b7b71b09d0643765d28
Reviewed-on: https://chromium-review.googlesource.com/c/1269042
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56457}
2018-10-08 20:20:08 +00:00
Sathya Gunasekaran
55d37600e5 [Intl] Clean up SupportedLocalesOf and GetAvailableLocales
As per
https://unicode-org.atlassian.net/browse/ICU-20009?focusedCommentId=62380&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-62380
we can just use DateFormat::GetAvailableLocales for RelativeTimeFormat
removing a lot of code.

This patch also cleans up the code to be in line with the rest of V8.

Bug: v8:5751
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I8df5b0e5a9a05c426aaa4f7fb9c67d7947301478
Reviewed-on: https://chromium-review.googlesource.com/c/1237298
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56455}
2018-10-08 19:45:31 +00:00
Benedikt Meurer
8f8b5f8c6c [es2018] Consistently use AsyncReturnStatement in async functions.
The Parser desugaring didn't use the AsyncReturnStatement consistently
to return from async functions (aka resolve the .promise with the return
value and return the .promise from the async function). Instead the
Parser essentially had a copy of the BytecodeGenerator functionality.

This change unifies the handling of returns from async functions.

Bug: v8:7522, v8:8238
Change-Id: Ib00a60aee30d541b84835d9cc83e9937b7a39e26
Reviewed-on: https://chromium-review.googlesource.com/c/1269036
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56453}
2018-10-08 18:42:22 +00:00
Daniel Clifford
6f5600e256 [torque] Allow atomarStatements in otherwise statements
In the process:
- Convert TryLabelStatements into TryLabelExpressions
- Change TryLabelExpressions to support only single label blocks and de-sugar
  try/labels into nested try/label statements. This allows the code in a label
  block to goto subsequent labels in the same try/label statement.
- Make otherwise expressions either take IdentifierExpressions which get
  converted into simple label names OR atomarStatements, which make useful
  non-label operations, like 'break' and 'continue', useful together with
  otherwise. Non-label otherwise statements get de-sugared into try/label
  blocks.

Bug: v8:7793
Change-Id: Ie56ede6306e2a3182f6aa1bb8750ed418bda01db
Reviewed-on: https://chromium-review.googlesource.com/c/1266997
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56447}
2018-10-08 15:05:51 +00:00
Toon Verwaest
af34c6c236 [parser] Fix single-expression arrow function scoping
Always parse through ParseFunctionBody to avoid bugs with parameter/scope
handling.

Change-Id: Ia0e78c6b3127e99f92a6c772ba2be509f6379f5a
Reviewed-on: https://chromium-review.googlesource.com/c/1268236
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56445}
2018-10-08 13:43:21 +00:00
Michael Starzinger
8cc0761841 [wasm] Initial implementation of catch-all decoding.
This adds basic support for decoding catch-all expressions as part of a
try block. Note that control flow and code generation support is still
missing.

R=clemensh@chromium.org
TEST=unittests/FunctionBodyDecoderTest.TryCatchAll
BUG=v8:8091

Change-Id: I10a1aa3e3e0418e0a04965e8318c94f449a00bb4
Reviewed-on: https://chromium-review.googlesource.com/c/1268059
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56444}
2018-10-08 13:04:03 +00:00
Benedikt Meurer
3e43ded932 [turbofan] Escape analysis support for LoadElement with variable index.
This adds support to the escape analysis to allow scalar replacement
of (small) FixedArrays with element accesses where the index is not a
compile time constant. This happens quite often when inlining functions
that operate on variable number of arguments. For example consider this
little piece of code:

```js
function sum(...args) {
  let s = 0;
  for (let i = 0; i < args.length; ++i) s += args[i];
  return s;
}

function sum2(x, y) {
  return sum(x, y);
}
```

This example is made up, of course, but it shows the problem. Let's
assume that TurboFan inlines the function `sum` into it's call site
at `sum2`. Now it has to materialize the `args` array with the two
values `x` and `y`, and iterate through these `args` to sum them up.
The escape analysis pass figures out that `args` doesn't escape (aka
doesn't outlive) the optimized code for `sum2` now, but TurboFan still
needs to materialize the elements backing store for `args` since there's
a `LoadElement(args.elements,i)` in the graph now, and `i` is not a
compile time constant.

However the escape analysis has more information than just that. In
particular the escape analysis knows exactly how many elements a non
escaping object has, based on the fact that the allocation must be
local to the function and that we only track objects with known size.
So in the case above when we get to `args[i]` in the escape analysis
the relevant part of the graph looks something like this:

```
elements = LoadField[elements](args)
length = LoadField[length](args)
index = CheckBounds(i, length)
value = LoadElement(elements, index)
```

In particular the contract here is that `LoadElement(elements,index)`
is guaranteed to have an `index` that is within the valid bounds for
the `elements` (there must be a preceeding `CheckBounds` or some other
guard in optimized code before it). And since `elements` is allocated
inside of the optimized code object, the escape analysis also knows
that `elements` has exactly two elements inside (namely the values of
`x` and `y`). So we can use that information and replace the access
with a `Select(index===0,x,y)` operation instead, which allows us to
scalar replace the `elements`, since there's no escaping use anymore
in the graph.

We do this for the case that the number of elements is 2, as described
above, but also for the case where elements length is one. In case
of 0, we know that the `LoadElement` must be in dead code, but we can't
just mark it for deletion from the graph (to make sure it doesn't block
scalar replacement of non-dead code), so we don't handle this for now.
And for one element it's even easier, since the `LoadElement` has to
yield exactly said element.

We could generalize this to handle arbitrary lengths, but since there's
a cost to arbitrary decision trees here, it's unclear when this is still
beneficial. Another possible solution for length > 2 would be to have
special stack allocation for these backing stores and do variable index
accesses to these stack areas. But that's way beyond the scope of this
isolated change.

This change shows a ~2% improvement on the EarleyBoyer benchmark in
JetStream, since it benefits a lot from not having to materialize these
small arguments backing stores.

Drive-by-fix: Fix JSCreateLowering to properly initialize "elements"
with StoreElement instead of StoreField (which violates the invariant
in TurboFan that fields and elements never alias).

Bug: v8:5267, v8:6200
Change-Id: Idd464a15a81e7c9653c48c814b406eb859841428
Reviewed-on: https://chromium-review.googlesource.com/c/1267935
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56442}
2018-10-08 11:55:50 +00:00
Benedikt Meurer
51274d3c99 [turbofan] Introduce the notion of context-sensitivity for JS operators.
This change adds predicates to check whether a given JavaScript operator
needs the "current context" or if any surrounding context (including the
"native context") does it. For example JSAdd doesn't ever need the
current context, but actually only the native context. In the
BytecodeGraphBuilder we use this predicate to check whether a given
operator needs the current context, and if not, we just pass in the
native context.

Doing so we improve the performance on the benchmarks given in the
tracking bug significantly, and go from something around

  arrayMap: 476 ms.
  arrayFilter: 312 ms.
  arrayEvery: 241 ms.
  arraySome: 152 ms.

to

  arrayMap: 377 ms.
  arrayFilter: 296 ms.
  arrayEvery: 191 ms.
  arraySome: 91 ms.

which is an up to 40% improvement. So for idiomatic modern JavaScript
which uses higher order functions quite a lot, not just the builtins
provided by the JSVM, this is going to improve peak performance
noticably.

This also makes it possible to completely eliminate all the allocations
in the aliased sloppy arguments example

```js
function foo(a) { return arguments.length; }
```

concretely we don't allocate the function context anymore and we also
don't allocate the arguments object anymore (the JSStackCheck was the
reason why we did this in the past, because it was holding on to the
current context, which also kept the allocation for the arguments
alive).

Bug: v8:6200, v8:8060
Change-Id: I1db56d00d6b510ce6337608c0fff16af96e95eef
Design-Document: bit.ly/v8-turbofan-context-sensitive-js-operators
Reviewed-on: https://chromium-review.googlesource.com/c/1267176
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56441}
2018-10-08 11:33:56 +00:00
Hai Dang
760eed0525 Reland "Add fast path for spreading primitive strings."
This is a reland of ef2a19a211.
Use AllocateJSArray to avoid allocating an empty fixed array.

Original change's description:
> Add fast path for spreading primitive strings.
>
> This improves the performance on primitive strings of
> IterableToListWithSymbolLookup, which implements the
> CreateArrayFromIterable bytecode. The fast path is only
> taken if the string iterator protector is valid (that is,
> String.prototype[Symbol.iterator] and
> String.prototype[Symbol.iterator]().next are untouched).
>
> This brings spreading of primitive strings closer to the
> performance of the string iterator optimizations.
> (see https://docs.google.com/document/d/13z1fvRVpe_oEroplXEEX0a3WK94fhXorHjcOMsDmR-8/).
>
> Bug: chromium:881273, v8:7980
> Change-Id: Ic8d8619da2f2afcc9346203613a844f62653fd7a
> Reviewed-on: https://chromium-review.googlesource.com/1243110
> Commit-Queue: Hai Dang <dhai@google.com>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#56329}

Bug: chromium:881273, v8:7980
Change-Id: I746c57ddfc300e1032057b5125bc824adf5c2cd3
Reviewed-on: https://chromium-review.googlesource.com/c/1267497
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56438}
2018-10-08 10:47:50 +00:00
Mathias Bynens
c74db9f6cd Roll Test262
Bug: v8:7834
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Ie588d032136b164a2e1bcfacf3c22b1a3428f20e
Reviewed-on: https://chromium-review.googlesource.com/c/1262676
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56437}
2018-10-08 10:33:49 +00:00
Maya Lekova
890fd9c89f [async-await] Fix global-buffer-overflow issue when loading flag
Bug: chromium:892858
Change-Id: I97b0b239e3ee0a9073fdbd609fb26271dda64d6d
Reviewed-on: https://chromium-review.googlesource.com/c/1267936
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56432}
2018-10-08 09:16:14 +00:00
Benedikt Meurer
bcdede0c53 [turbofan] Eliminate redundant Smi checks around array accesses.
As identified in the web-tooling-benchmark, there are specific code
patterns involving array indexed property accesses and subsequent
comparisons of those indices that lead to repeated Smi checks in the
optimized code, which in turn leads to high register pressure and
generally bad register allocation. An example of this pattern is
code like this:

```js
function f(a, n) {
  const i = a[n];
  if (n >= 1) return i;
}
```

The `a[n]` property access introduces a CheckBounds on `n`, which
later lowers to a `CheckedTaggedToInt32[dont-check-minus-zero]`,
however the `n >= 1` comparison has collected `SignedSmall` feedback
and so it introduces a `CheckedTaggedToTaggedSigned` operation. This
second Smi check is redundant and cannot easily be combined with the
earlier tagged->int32 conversion, since that also deals with heap
numbers and even truncates -0 to 0.

So we teach the RedundancyElimination to look at the inputs of these
speculative number comparisons and if there's a leading bounds check
on either of these inputs, we change the input to the result of the
bounds check. This avoids the redundant Smi checks later and generally
allows the SimplifiedLowering to do a significantly better job on the
number comparisons. We only do this in case of SignedSmall feedback
and only for inputs that are not already known to be in UnsignedSmall
range, to avoid doing too many (unnecessary) expensive lookups during
RedundancyElimination.

All of this is safe despite the fact that CheckBounds truncates -0
to 0, since the regular number comparisons in JavaScript identify
0 and -0 (unlike Object.is()). This also adds appropriate tests,
especially for the interesting cases where -0 is used only after
the code was optimized.

Bug: v8:6936, v8:7094
Change-Id: Ie37114fb6192e941ae1a4f0bfe00e9c0a8305c07
Reviewed-on: https://chromium-review.googlesource.com/c/1246181
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56428}
2018-10-07 12:00:01 +00:00
Benedikt Meurer
248fd5ffe0 Revert "[turbofan] Do not consume SignedSmall feedback in TurboFan anymore."
This reverts commit 4fd92b252b.

Reason for revert: Significant tankage on the no-mitigations bots (bad timing on the regular bots)

Original change's description:
> [turbofan] Do not consume SignedSmall feedback in TurboFan anymore.
> 
> This changes TurboFan to treat SignedSmall feedback similar to Signed32
> feedback for binary and compare operations, in order to simplify and
> unify the machinery.
> 
> This is an experiment. If this turns out to tank performance, we will
> need to revisit and ideally revert this change.
> 
> Bug: v8:7094
> Change-Id: I885769c2fe93d8413e59838fbe844650c848c3f1
> Reviewed-on: https://chromium-review.googlesource.com/c/1261442
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#56411}

TBR=jarin@chromium.org,bmeurer@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:7094
Change-Id: I9fff3b40e6dc0ceb7611b55e1ca9940089470404
Reviewed-on: https://chromium-review.googlesource.com/c/1267175
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56427}
2018-10-07 10:19:01 +00:00
Frank Tang
994b23945c [Intl] Add unit tests for Intl.Segmenter
Bug: v8:6891
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I075c4f615a4366c34723104410e8445054a3cacd
Reviewed-on: https://chromium-review.googlesource.com/c/1256867
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56424}
2018-10-06 23:07:05 +00:00
Frank Tang
fdfdce1d1e [Intl] Use flags in Locale
Use bits flag for caseFirst, hourCycle and numeric in Locale.
Also set up macro for V8_INTL_SUPPORT only in heap-symbols.h

Bug: v8:7684, v8:8256
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I3f6956b6dd5782e88676667381a7d8a7b2476bfc
Reviewed-on: https://chromium-review.googlesource.com/c/1262476
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56423}
2018-10-06 08:11:44 +00:00
Frank Tang
598ad02887 [Intl] clean up Locale code
Bug: v8:7684
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I9c727e2d8b9efad09fdf712655ea367560cd971f
Reviewed-on: https://chromium-review.googlesource.com/c/1263655
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56421}
2018-10-06 01:49:31 +00:00
Alexei Filippov
88c5da047e Warm up RNG when --random_seed is used
The RNG state is initialized with random_seed parameter that usually
has lots of zeros. Each random generation iteration shuffles bits with
xor operation over the state. It takes a while before the state is populated
with enough 1s and starts generating uniformly distributed numbers.

The patch warms up the state with 32 iterations when --random_seed is used.

BUG=v8:8265

Change-Id: I7a4e8c842962bea0f2935c7b3673494367d8580f
Reviewed-on: https://chromium-review.googlesource.com/c/1263816
Commit-Queue: Alexei Filippov <alph@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56418}
2018-10-05 15:34:58 +00:00
Junliang Yan
abb6db889c PPC64/s390x: re-enable I64Atomic test on ppc64/s390x
This reverts commit b8a5ae4749.

Change-Id: If5953398586af66f827103326891f7b4b39b78d1
Reviewed-on: https://chromium-review.googlesource.com/c/1262999
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#56416}
2018-10-05 15:08:23 +00:00
Benedikt Meurer
1f0cd95278 [async] Initial async generator support for --async-stack-traces.
This forces .generator_object variable to stack slot 0 for async
generator functions so that the stack trace construction logic
can extract the JSAsyncGeneratorObject appropriately.

Bug: v8:7522
Change-Id: I37b52836bb512bcf5cd7e10e1738c8e7895b06ea
Ref: nodejs/node#11865
Design-Document: http://bit.ly/v8-zero-cost-async-stack-traces
Reviewed-on: https://chromium-review.googlesource.com/c/1264556
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56415}
2018-10-05 13:41:53 +00:00
Maya Lekova
2a2c9e5f79 [async-await] Refactor await optimization and include async generators
Design doc:
https://docs.google.com/document/d/1kL08cz4lR6gO5b2FATNK3QAfS8t-6K6kdk88U-n8tug/edit

This CL is a follow-up after the original implementation, see CL:
https://chromium-review.googlesource.com/c/v8/v8/+/1106977

It includes a fix for the missing async generators optimization,
as well as cleanup of the manual patching of the builtins. It also includes
mjsunit test for all usages of the new behaviour.

Bug: v8:8267

Change-Id: I999f341acb746c6da5216e44b68a519656fd5403
Reviewed-on: https://chromium-review.googlesource.com/c/1261124
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56414}
2018-10-05 13:25:56 +00:00
Peter Marshall
4942076091 [cleanup] Don't declare inline runtime functions by default
For each intrinsic/runtime function we define in runtime.h, an inline
version is automatically declared. We only ever use 24 of the inline
functions. Even though we don't call the other ones, macro magic means
they still take up space by existing in various arrays and tables like
kIntrinsicFunctions. They also create code in switch statements.

Some drive-by cleanups:
 - Remove the switch in NameForRuntimeId() and just use the table of
   runtime functions to lookup the name directly.
 - Remove tests for IsFunction, ClassOf and StringAdd intrinsics as
   they are the last users of the inline versions of these.
 - Remove the MaxSmi inline version as it is only used in tests.

Saves 64 KiB binary size.

Change-Id: I4c870ddacd2655ffcffa97d93200ed8f853752f5
Reviewed-on: https://chromium-review.googlesource.com/c/1261939
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56412}
2018-10-05 13:10:56 +00:00
Benedikt Meurer
4fd92b252b [turbofan] Do not consume SignedSmall feedback in TurboFan anymore.
This changes TurboFan to treat SignedSmall feedback similar to Signed32
feedback for binary and compare operations, in order to simplify and
unify the machinery.

This is an experiment. If this turns out to tank performance, we will
need to revisit and ideally revert this change.

Bug: v8:7094
Change-Id: I885769c2fe93d8413e59838fbe844650c848c3f1
Reviewed-on: https://chromium-review.googlesource.com/c/1261442
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56411}
2018-10-05 12:41:22 +00:00
Sigurd Schneider
b79147d5f2 [multi-return-fuzzer] Fix clusterfuzz issue in test
Change-Id: I20ee0d411155e23d87c731f0d909b14c55088c4c

R=ahaas@chromium.org
Also-By: ahaas@chromium.org

Bug: chromium:892435
Change-Id: I70ca2982ea0ddc39fecfbab983a7295707fe8873
Reviewed-on: https://chromium-review.googlesource.com/c/1264283
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56407}
2018-10-05 10:49:10 +00:00
Andreas Haas
3f8c6e0143 [api][cleanup] Mark Call*OnForegroundThread as V8_DEPRECATE_SOON
These functions got replaced the the taskrunner API. The new way to
post tasks is as follows:

v8::Platform* platform = ...; // e.g. V8::GetCurrentPlatform();
v8::Isolate* = ...;

std::shared_ptr<v8::TaskRunner> taskrunner = platform->GetForegroundTaskRunner(isolate);
std::unique_ptr<v8::Task> task = ...;

taskrunner->PostTask(std::move(task));

R=ulan@chromium.org

Bug: v8:8238
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I44a70fc530daae581ee31e54fd09e776ba648406
Reviewed-on: https://chromium-review.googlesource.com/c/1261936
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56400}
2018-10-05 08:38:09 +00:00
Jungshik Shin
2abb31a9d6 Use ICU to validate and canonicalize lang tag
- Get rid of an unnecessary call to uloc_canonicalize in js-locale.
- Do not use regex, but rely on ICU for the structrural validity check
with Chrome's ICU or ICU 63 or newer. Otherwise, continue to use regex.

This became possible thanks to a couple of bug fixes in ICU ToT that
were cherry-picked for Chromium's ICU.

Not yet done is to change js-locale to use CanonicalizeLocale().
That will make a few more tests pass.

Bug: v8:8135
Test: test262/intl402/Intl/getCanonicalLocales/*
Test: test262/intl402/Locale/*
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I45c10b298fb041e0b39a4d96309c68a7966f91c2
Reviewed-on: https://chromium-review.googlesource.com/c/1215223
Commit-Queue: Jungshik Shin <jshin@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56399}
2018-10-05 08:26:39 +00:00
Benedikt Meurer
4111c98e7a [async] Only try to peak into async functions/generators.
For --async-stack-traces don't try to peak into frames that don't belong
to async functions/generators, specifically don't try to peak into some
arbitrary builtin frames (the FrameInspector doesn't support that).

Bug: chromium:892472, chromium:892473, v8:7522
Change-Id: Idcdee26ff958c03b24dd2910bb92fc51cbc14e3c
Ref: nodejs/node#11865
Design-Document: http://bit.ly/v8-zero-cost-async-stack-traces
Reviewed-on: https://chromium-review.googlesource.com/c/1264276
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56396}
2018-10-05 06:36:27 +00:00
Benedikt Meurer
63345e68f8 [turbofan] Remove CheckSmi from String.fromCodePoint() lowering.
The CheckSmi in String.fromCodePoint() is unnecessary and even leads to
unnecessary deoptimizations, since the CheckBounds already does the
right thing, plus it also handles HeapNumbers (in Signed32 range) and
properly identifies zeros.

Bug: v8:8238
Change-Id: I73bf7a70c3cd718c987f112ceb928188c0534cd5
Reviewed-on: https://chromium-review.googlesource.com/c/1262675
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56395}
2018-10-05 05:27:44 +00:00
Frank Tang
4274d2f190 [Intl] add Intl.Segmenter - part 1
Add the JSSegmenter and hook up constructor,
supportedLocales and resolvedOptions only
Desgin Doc- https://goo.gl/fgc2Cp

TBR: bmeurer@chromium.org
Bug: v8:6891
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Ief25fb31d724c55c43c0fdf3080294fa83486e4f
Reviewed-on: https://chromium-review.googlesource.com/c/1247362
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56393}
2018-10-05 02:42:30 +00:00
Tobias Tebbi
a4008bf009 [torque] add an intermediate representation to Torque
Bug: v8:7793
Change-Id: I5261122faf422987968ee1e405966f878ff910a1
Reviewed-on: https://chromium-review.googlesource.com/c/1245766
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56391}
2018-10-04 21:29:18 +00:00
Deepti Gandluri
f3c6753e53 [wasm-atomics] enable tests on ARM hardware
BUG:v8:8201

Change-Id: I2f0c2f7d26020188dcec6dabe0a08fc49ee0f33b
Reviewed-on: https://chromium-review.googlesource.com/c/1259406
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56386}
2018-10-04 17:53:17 +00:00
Maya Lekova
4ebeb540d7 [test] Disable a flaky command-line-api-without-side-effects test
Bug: v8:7932
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I293b83758be5dadb04c149ffdf7a8a126dca0a50
Reviewed-on: https://chromium-review.googlesource.com/c/1261444
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56383}
2018-10-04 14:41:22 +00:00
Alexei Filippov
c9462a3464 [heap profiler] Refactor: Replace indices with HeapEntry*
Change-Id: I1022cceafed0b27fa2fb5f0f30a1b75fd3a27f3f
Reviewed-on: https://chromium-review.googlesource.com/c/1260258
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56381}
2018-10-04 14:15:23 +00:00
Andreas Haas
c862d2c2e4 [cleanup] Use the new taskrunner API in the gc
We want to replace all uses of CallOnForegroundThread eventually by the
new TaskRunner API so that we can eventually deprecate the old API and
remove it.

R=ulan@chromium.org

Bug: v8:8238
Change-Id: I7e451eddf05f1f7f273c5cfd57d82737380f3f02
Reviewed-on: https://chromium-review.googlesource.com/c/1261145
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56378}
2018-10-04 11:18:32 +00:00
Benedikt Meurer
c4ada3de70 [turbofan] Propagate kIdentifyZeros correctly for modulus.
For NumberModulus and SpeculativeNumberModulus there's no observable
difference between 0 and -0 for the right hand side, since both of them
result in NaN (in general the sign of the right hand side is ignored
for modulus in JavaScript). For the left hand side we can just propagate
the zero identification part of the truncation, since we only care about
-0 on the left hand side if the use nodes care about -0 too.

This further improves the Kraken/audio-oscillator test from around 67ms
to 64ms.

Bug: v8:8015, v8:8178
Change-Id: I1f51d42f7df08aaa28a9b0ddd3177df6b76be98c
Reviewed-on: https://chromium-review.googlesource.com/c/1260024
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56372}
2018-10-04 09:57:33 +00:00
Benedikt Meurer
1d2a8e96f8 [turbofan] Unify number rounding operators.
This is a follow-up cleanup to treat NumberRound like the other rounding
operations (NumberFloor, NumberCeil and NumberTrunc).

Bug: v8:8015
Change-Id: I2b2fbc7f0319497d16ccb7472595eeb68be1f51d
Reviewed-on: https://chromium-review.googlesource.com/c/1260403
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56371}
2018-10-04 09:47:27 +00:00
Benedikt Meurer
7cd2cacf50 [turbofan] Avoid unnecessary bit materialization in CheckedInt32Mod.
The slow-path of CheckedInt32Mod(x,y) when x is found to be negative
still had the power of two right hand side optimization, and thus would
perform a dynamic check on y. Now the same dynamic check was done for
the fast-path, and the word operations for this check were pure, leading
to weird bit materialization in TurboFan (due to sea of nodes). But
there's not really a point to be clever for the slow-path, so we just
insert the Uint32Mod operation directly here, which completely avoids
the problem.

This improves the Kraken/audio-oscillator test from around 73ms to 69ms.

Bug: v8:8069
Change-Id: Ie8ea667136c95df2bd8c5ba56ebbc6bd2442ff23
Reviewed-on: https://chromium-review.googlesource.com/c/1259063
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56370}
2018-10-04 09:43:03 +00:00
Benedikt Meurer
513a5bdd04 [turbofan] Fix Word32 (Signed32OrMinusZero) conversions that identify zeros.
When converting a Signed32\/MinusZero value from Word32 to Float64
representation or just passing it through as Word32 (with potential
type checks on it) we don't need to worry about -0 as long as the uses
identify 0 and -0.

Drive-by-fix: Fix the CheckChange() helper in the representation
changer test to pass Truncation::Any() by default.

Bug: chromium:891639, chromium:891612, chromium:891627, v8:8015, v8:8178
Change-Id: I06948ec0cdb8e778cb3678124ef927277a5f40ee
Reviewed-on: https://chromium-review.googlesource.com/c/1258902
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56369}
2018-10-04 09:13:18 +00:00
Benedikt Meurer
f537d77845 [async] First prototype of zero-cost async stack traces.
This introduces a new flag --async-stack-traces, which enables zero-cost
async stack traces. This enriches the non-standard Error.stack property
with async stack frames computed from walking up the promise chains and
collecting all the await suspension points along the way. In Error.stack
these async frames are marked with "async" to make it possible to
distinguish them from regular frames, for example:

```
Error: Some error message
    at bar (<anonymous>)
    at async foo (<anonymous>)
```

It's zero-cost because no additional information is collected during the
execution of the program, but only the information already present in the
promise chains is used to reconstruct an approximation of the async stack
in case of an exception. But this approximation is limited to suspension
points at await's in async functions. This depends on a recent ECMAScript
specification change, flagged behind --harmony-await-optimization and
implied the --async-stack-traces flag. Without this change there's no
way to get from the outer promise of an async function to the rest of
the promise chain, since the link is broken by the indirection introduced
by await.

For async functions the special outer promise, named .promise in the
Parser desugaring, is now forcible allocated to stack slot 0 during
scope resolution, to make it accessible to the stack frame construction
logic. Note that this first prototype doesn't yet work fully support
async generators and might have other limitations.

Bug: v8:7522
Ref: nodejs/node#11865
Change-Id: I0cc8e3cdfe45dab56d3d506be2d25907409b01a9
Design-Document: http://bit.ly/v8-zero-cost-async-stack-traces
Reviewed-on: https://chromium-review.googlesource.com/c/1256762
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56363}
2018-10-04 08:02:06 +00:00
Frank Tang
b07081f2e2 [Intl] Split the failed tests into different bugs
Bug: v8:7684
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I0f83c37dd1f5bd85dc3f444b6583fda404812b92
Reviewed-on: https://chromium-review.googlesource.com/c/1260402
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56361}
2018-10-04 00:55:52 +00:00
Mathias Bynens
ae956fd94d Roll Test262
Bug: v8:7834
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I146f32f9f71beb58efefa12ffcf7beca67d6c850
Reviewed-on: https://chromium-review.googlesource.com/c/1259865
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56359}
2018-10-03 22:57:47 +00:00
Vasili Skurydzin
ab6462e883 ppc64,aix: fixed Abort() calling sequence on Aix
fixed Abort() calling sequence on platforms with function descriptors by taking
function descriptor of the External Reference object into account when calling
C code.

Change-Id: I54c04a5f1774f2768380cc5c95b1b807204335ce
Reviewed-on: https://chromium-review.googlesource.com/c/1258186
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#56356}
2018-10-03 19:40:59 +00:00
Mathias Bynens
fa911fc68e Remove always-true --harmony-function-tostring runtime flag
It was shipped in Chrome 66.

Bug: v8:4958, v8:8255, v8:8238
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I52fb826f4f245bc6484d8f406ecf99bc17d268ee
Reviewed-on: https://chromium-review.googlesource.com/c/1254123
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56350}
2018-10-03 15:04:16 +00:00
Mathias Bynens
38feca55da [esnext] Add cctests for well-formed JSON.stringify
The proposal is currently at Stage 3 of the TC39 process.

Repository: https://github.com/tc39/proposal-well-formed-stringify

Bug: v8:7782
Change-Id: Ice2125ffd3dbc5381c81193eb64d460e0d5485cd
Reviewed-on: https://chromium-review.googlesource.com/c/1255728
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56349}
2018-10-03 09:53:19 +00:00
Yang Guo
471fef0469 [coverage] change block range to avoid ambiguity.
By moving the block range end to left of closing bracket,
we can avoid ambiguity where an open-ended singleton range
could be both interpreted as inside the parent range, or
next to it.

R=verwaest@chromium.org

Bug: v8:8237
Change-Id: Ibc9412b31efe900b6d8bff0d8fa8c52ddfbf460a
Reviewed-on: https://chromium-review.googlesource.com/1254127
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56347}
2018-10-02 19:27:02 +00:00
Sigurd Schneider
4130d6162b [wasm] Reflect unavailability of root register in linkage
The root register is not available in JS-to-Wasm functions, and
this was not reflected in the linkage. Similarily, it is not
available in C-to-Wasm functions.

Change-Id: I2dbfd06ef99d6f9b9940e9489f563441d9ebfabd
Bug: v8:6666
Reviewed-on: https://chromium-review.googlesource.com/1256766
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56346}
2018-10-02 16:31:48 +00:00
Sigurd Schneider
bd16cc8aee [ia32,root] Use root register config in tests
Change-Id: Iaa48cf1b7682aecfcb163e0b30538b9d8bd396db
Bug: v8:6666
Reviewed-on: https://chromium-review.googlesource.com/1256767
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56342}
2018-10-02 15:53:03 +00:00
Ulan Degenbaev
5301210379 Fix String::Is{One,Two}ByteRepresentationUnderneath for thin strings.
Bug: chromium:876759
Change-Id: I9ea3c84b477e03f96cbef79a4a0b546a53a674ce
Reviewed-on: https://chromium-review.googlesource.com/1256771
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56339}
2018-10-02 14:46:04 +00:00
Sigurd Schneider
52bd944db8 [wasm,test] Pass correct code kind in Wasm tests
Change-Id: I8fd0ce9ac2dc37e2daa0728b5d4c119a2bd1f340
Bug: v8:6666
Reviewed-on: https://chromium-review.googlesource.com/1256865
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56338}
2018-10-02 14:21:53 +00:00
Aseem Garg
1e250a75e4 [wasm] fix source maps for relative path
For wasm modules with non-absolute sourceMappingURL, the source needs
to be empty so that devtools can look for the source map at the origin
of the module.

R=clemensh@chromium.org,adamk@chromium.org

Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I74c40addc1a7cb1be0442e9f2b272590c0b81f60
Reviewed-on: https://chromium-review.googlesource.com/1250402
Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56326}
2018-10-01 18:32:31 +00:00
Benedikt Meurer
8ead569818 [turbofan] Unify handling of zeros.
Following up on the earlier work regarding redundant Smi checks in
https://chromium-review.googlesource.com/c/v8/v8/+/1246181, it was
noticed that the handling of the 0 and -0 and how some operations
identify these is not really consistent, but was still rather ad-hoc.
This change tries to unify the handling a bit by making sure that all
number comparisons generally pass truncations that identify zeros, since
for the number comparisons in JavaScript there's no difference between
0 and -0. In the same spirit NumberAbs and NumberToBoolean should also
pass these truncations, since they also don't care about the differences
between 0 and -0.

Adjust NumberCeil, NumberFloor, NumberTrunc, NumberMin and NumberMax
to pass along any incoming kIdentifiesZeros truncation, since these
operations also don't really care whether the inputs can be -0 if the
use nodes don't care.

Also utilize the kIdentifiesZeros truncation for NumberModulus with
Signed32 inputs, because it's kind of common to do something like
`x % 2 === 0`, where it doesn't really matter whether `x % 2` would
eventually produce a negative zero (since that would still be considered
true for the sake of the comparison).

This also adds a whole lot of tests to ensure that not only are these
optimizations correct, but also that we do indeed perform them.

Drive-by-fix: The `NumberAbs(x)` would incorrectly lower to just `x` for
PositiveIntegerOrMinusZeroOrNaN inputs, which was obviously wrong in
case of -0. This was fixed as well, and an appropriate test was added.

The reason for the unification is that with the introduction of Word64
for CheckBounds (which is necessary to support large TypedArrays and
DataViews) we can no longer safely pass Word32 truncations for the
interesting cases, since the index might be outside the Signed32 or
Unsigned32 ranges, but we still identify 0 and -0 for the sake of the
bounds check, and so it's important that this is handled consistently
to not regress performance on TypedArrays and DataViews accesses.

Bug: v8:8015, v8:8178
Change-Id: Ia1d32f1b726754cea1e5793105d9423d84a6393a
Reviewed-on: https://chromium-review.googlesource.com/1246172
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56325}
2018-10-01 17:51:16 +00:00
Mathias Bynens
6f59af6dba Remove always-true --harmony-string-trimming runtime flag
It was shipped in Chrome 66.

Bug: v8:6530, v8:8238
Change-Id: I07e95073ffcf388659b9d0b16a081e0f5a5eedaf
Reviewed-on: https://chromium-review.googlesource.com/1253603
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56323}
2018-10-01 16:19:19 +00:00
Georg Neis
26e6ed33c1 [turbofan] First steps in brokerizing JSNativeContextSpecialization.
Picking a few low-hanging fruits.

Bug: v8:7790
Change-Id: I798d579b1f1a08fab821e159d08f453d2dad89c1
Reviewed-on: https://chromium-review.googlesource.com/1254124
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56320}
2018-10-01 15:08:03 +00:00
Hai Dang
6cb0a014de Add string iterator protector.
The protector is useful for follow-up optimizations on string iterator.
Tests are also added.

Change-Id: I416037c742628c4d4d3b878d0df727a9ae7162f7
Reviewed-on: https://chromium-review.googlesource.com/1251122
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Hai Dang <dhai@google.com>
Cr-Commit-Position: refs/heads/master@{#56315}
2018-10-01 13:15:53 +00:00
Florian Sattler
563eeec64c [parser] Fix function name variable tracking
Delay the creation of FunctionNameVariables until we validated the
FormalParameters. This is needed so we don't declare them in cases where
we later get an error, have to reset, and reparse.

Bug: chromium:890553, v8:7926
Change-Id: I742e6f7f71158e3903843bd583dc7943468c18f6
Reviewed-on: https://chromium-review.googlesource.com/1254061
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Florian Sattler <sattlerf@google.com>
Cr-Commit-Position: refs/heads/master@{#56314}
2018-10-01 13:14:33 +00:00
Mathias Bynens
f7d357b20a Remove always-true --harmony-bigint runtime flag
It was shipped in Chrome 67.

Bug: v8:6791, v8:8238
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;luci.chromium.try:linux_chromium_rel_ng;luci.v8.try:v8_linux_noi18n_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I94d8f0aa18570452403a35dea270b18f155c970a
Reviewed-on: https://chromium-review.googlesource.com/1253604
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56310}
2018-10-01 11:31:13 +00:00
Jaroslav Sevcik
56b6b6a8fa [turbofan] Make sure we use only serialized elements kind transitions.
Currently, we call the MapRef::AsElementsKind method on an initial
map multiple times (from JSCreateLowering::ReduceJSCreateArray).
However, this does not does not play well with the heap copier/broker,
which only expectes AsElementsKind to be called on initial maps.

This CL makes sure we only call AsElementsKind once (on the initial map).

Bug: chromium:890620
Change-Id: If44421d3900abb7629ea8f789a005b8d8ebaf881
Reviewed-on: https://chromium-review.googlesource.com/1253105
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56307}
2018-10-01 08:44:23 +00:00
Michael Achenbach
f4d0d7e9fd Revert "Create a fast path to get migration target when updating map"
This reverts commit c285380ca8.

Reason for revert: Lots of dcheck failures on GPU bots, e.g.:
https://ci.chromium.org/p/v8/builders/luci.v8.ci/Win%20V8%20FYI%20Release%20(NVIDIA)/1997
https://ci.chromium.org/p/v8/builders/luci.v8.ci/Linux%20V8%20FYI%20Release%20(NVIDIA)/2770

Original change's description:
> Create a fast path to get migration target when updating map
> 
> During map updating, store the pointer to new map in the
> raw_transitions slot of the old map that is deprecated from map
> transition tree. Thus, we can get the migration target directly
> instead of TryReplayPropertyTransitions when updating map.
> 
> This can improve Speedometer2.0 Elm-TodoMVC case by ~5% on ATOM
> Chromebook and ~9% on big-core Ubuntu.
> 
> Change-Id: I56f9ce5183bbdd567b964890f623ef0ceed9b7db
> Reviewed-on: https://chromium-review.googlesource.com/1233433
> Commit-Queue: Shiyu Zhang <shiyu.zhang@intel.com>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#56303}

TBR=ishell@chromium.org,shiyu.zhang@intel.com

Change-Id: I9b268d662cfa3a7fec577468eafe6570389252bc
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/1253104
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56305}
2018-09-30 09:29:26 +00:00
Benedikt Meurer
852a8d35b9 [turbofan] Add missing Word64->Bit support.
The representation changer was lacking support for directly converting
Word64 values to Bit representation.

Bug: chromium:890243, v8:4153, v8:7881, v8:8171, v8:8178
Change-Id: I5fa31716c7b2b10ad00dc31d5035a1ada152661c
Reviewed-on: https://chromium-review.googlesource.com/1251551
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56304}
2018-09-30 09:07:15 +00:00
Shiyu Zhang
c285380ca8 Create a fast path to get migration target when updating map
During map updating, store the pointer to new map in the
raw_transitions slot of the old map that is deprecated from map
transition tree. Thus, we can get the migration target directly
instead of TryReplayPropertyTransitions when updating map.

This can improve Speedometer2.0 Elm-TodoMVC case by ~5% on ATOM
Chromebook and ~9% on big-core Ubuntu.

Change-Id: I56f9ce5183bbdd567b964890f623ef0ceed9b7db
Reviewed-on: https://chromium-review.googlesource.com/1233433
Commit-Queue: Shiyu Zhang <shiyu.zhang@intel.com>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56303}
2018-09-30 05:38:24 +00:00
Frank Tang
9b5ba9699a [Intl] Split the Locales bugs for easier triage
Bug: v8:7684
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Ifbdce635d190bd379414d3410aed1208412a9530
Reviewed-on: https://chromium-review.googlesource.com/1251587
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56298}
2018-09-29 00:58:43 +00:00
Deepti Gandluri
caf93c9f6f [x64] Wasm SIMD x64 Conversion, AllTrue/AnyTrue operations
This CL mirrors the ia32 SIMD conversion, Alltrue/AnyTrue operations
with minor cleanliness changes to use TempRegisters instead of
ScratchRegisters

Change-Id: I84d3e148200dd611a72380b24404b75c73c5352d
Reviewed-on: https://chromium-review.googlesource.com/1174096
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56297}
2018-09-28 23:38:50 +00:00
Alexey Kozyatinskiy
a55e009f3a inspector: simplify preview generator for Error objects
- we can avoid using regexps,
- this CL also fixed a bug.

R=alph@chromium.org

Bug: chromium:870957
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I9799507b85942be454a7c20d2768fe7442fc965e
Reviewed-on: https://chromium-review.googlesource.com/1250403
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56295}
2018-09-28 19:15:45 +00:00
Alexey Kozyatinskiy
7b32eb8c7b inspector: implement console.timeLog
New method was added to console spec [1].
This CL implements it.

[1] https://console.spec.whatwg.org/#timelog

R=dgozman@chromium.org,yangguo@chromium.org

Bug: chromium:854474
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ie5f249795979bb886cf824ae9f950c5ef78ce04d
Reviewed-on: https://chromium-review.googlesource.com/1247641
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56294}
2018-09-28 17:34:08 +00:00
Alexey Kozyatinskiy
3f99afc93c inspector: mark all pauses on promise rejection with proper reason
Sometimes we do not have promise on stack, e.g. Promise.reject call,
but we need to attribute this pause with promise rejection.

TBR=yangguo@chromium.org

Bug: chromium:755728
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I03ca1e1cd6c21677f0a12ece626e2c8a1938437b
Reviewed-on: https://chromium-review.googlesource.com/1249942
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56293}
2018-09-28 15:53:34 +00:00
Igor Sheludko
8034b9a539 [heap] Add missing notification about freed code range
It was accidentally removed in CL that introduced BoundedPageAllocator.

This CL also cleans up the CodeRangeAddressHint a bit.

Bug: v8:8096, chromium:887252
Change-Id: Idc84796dd1ff1b440cbe3515732984264defcf2d
Reviewed-on: https://chromium-review.googlesource.com/1249125
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56287}
2018-09-28 11:01:50 +00:00
Igor Sheludko
de5d1200b2 [ptr-compr] Re-imlpement BoundedPageAllocator::ReleasePages()
Trimming may free up some allocatable pages that can be reused by subsequent
allocations.

This CL also fixes base::AddressRegion::contains(Address, size_t).

Bug: v8:8096
Change-Id: I3b7381fd32f7dbf186dffc1a26d5a88cd8a30d2f
Reviewed-on: https://chromium-review.googlesource.com/1249127
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56284}
2018-09-28 10:41:06 +00:00
Clemens Hammacher
989e2e31d2 Revert "[heap] Free dead young generation large objects."
This reverts commit e4c650ad94.

Reason for revert: Break Linux nosnap: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20nosnap%20-%20debug/20786

Original change's description:
> [heap] Free dead young generation large objects.
> 
> Bug: chromium:852420
> Change-Id: I77479c3a96bcae6041ddce316c5062f129447edd
> Reviewed-on: https://chromium-review.googlesource.com/1249124
> Commit-Queue: Hannes Payer <hpayer@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#56280}

TBR=hpayer@chromium.org,mlippautz@chromium.org

Change-Id: If35a09497e09f5cc7ceef8ec33a7c86761f2a336
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:852420
Reviewed-on: https://chromium-review.googlesource.com/1251124
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56282}
2018-09-28 10:08:55 +00:00
Florian Sattler
7b11480f3b [preparser] Remove ExpressionClassifier error tracking in the PreParser.
PreParser now does not longer track which kind of error occurred.
If we see an error we reparse with the parser and report the error.
Furthermore, this fixes tests in test-parsing.

Change-Id: I1860949fab4d65ff4a5a1b63796c7574494f9d50
Reviewed-on: https://chromium-review.googlesource.com/1231173
Commit-Queue: Florian Sattler <sattlerf@google.com>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56281}
2018-09-28 09:17:03 +00:00
Hannes Payer
e4c650ad94 [heap] Free dead young generation large objects.
Bug: chromium:852420
Change-Id: I77479c3a96bcae6041ddce316c5062f129447edd
Reviewed-on: https://chromium-review.googlesource.com/1249124
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56280}
2018-09-28 09:04:22 +00:00
Jaroslav Sevcik
e693c691ec [turbofan] Fail slack tracking dependency if initial map disappears.
Bug: chromium:890057
Change-Id: I98bc278ebc202c3d8f6417367bd1c592e4824011
Reviewed-on: https://chromium-review.googlesource.com/1250481
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56279}
2018-09-28 08:20:42 +00:00
Vasili Skurydzin
77147c8e09 ppc64, aix: eliminate cctest failures due to gcc bug on Aix
test/cctest/compiler/value-helper.h: fix due to a GCC bug affecting padding
of aggregate data types on Aix.

GCC bug: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61976

Change-Id: I303b09a9a84b372033c16cbf157d5fc2bf25f93a
Reviewed-on: https://chromium-review.googlesource.com/1244616
Reviewed-by: Daniel Clifford <danno@chromium.org>
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#56274}
2018-09-27 17:35:41 +00:00
Florian Sattler
56c832a5a5 [utils] Move ThreadedList into own header
Change-Id: I49a4e9740f6a3715ca5cdafd121b3b99fed8dc6b
Reviewed-on: https://chromium-review.googlesource.com/1245428
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Florian Sattler <sattlerf@google.com>
Cr-Commit-Position: refs/heads/master@{#56267}
2018-09-27 15:07:41 +00:00
Creddy
0714bd9fa0 Reland "[interpreter] Separate bytecodes for one-shot property loads and stores"
This is a reland of eccf186749

Original change's description:
> [interpreter] Separate bytecodes for one-shot property loads and stores
> 
> Create LdaNamedPropertyNoFeedback and StaNamedPropertyNoFeedback
> for one-shot property loads and stores. This CL replaces the runtime
> calls with new bytecodes for named property load stores in one-shot code.
> the runtime calls needed extra set of consecutive registers and
> additional move instructions. This increased the size of
> bytecode-array and possibly extended the life time of objects.
> By replacing them with NoFeedback bytecodes we avoid these issues.
> 
> Bug: v8:8072
> Change-Id: I20a38a5ce9940026171d870d354787fe0b7c5a6f
> Reviewed-on: https://chromium-review.googlesource.com/1196725
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Chandan Reddy <chandanreddy@google.com>
> Cr-Commit-Position: refs/heads/master@{#56211}

Bug: v8:8072
Change-Id: Ie8e52b37daf35c7bc08bb910d7b15a9b783354e4
Reviewed-on: https://chromium-review.googlesource.com/1245742
Commit-Queue: Chandan Reddy <chandanreddy@google.com>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56266}
2018-09-27 13:56:53 +00:00
Stephan Herhut
94364486c6 [wasm] Add test for I64AtomicCompareExchange
This adds a stress test for the I64 variants of the
AtomicCompareExchange opcodes.

Bug: v8:6532
Change-Id: Iaba4f31f944a71393e5c3222d364d214ff482b9e
Reviewed-on: https://chromium-review.googlesource.com/1235913
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56261}
2018-09-27 11:46:35 +00:00
Georg Neis
bcbb6d9eb4 [turbofan] Prepare broker for the next steps.
- Add a new broker mode kRetired, in which the heap can
  again be accessed.
- Change the way modes work. We now always start in kDisabled.
  If FLAG_concurrent_compiler_frontend is on, we eventually move
  to kSerializing, then to kSerialized, then to kRetired.
- Add an ObjectDataKind to ObjectData that indicates whether the
  data is just a dummy (i.e. created while broker was in kDisabled
  mode).

This also happens to fix a bug found by clusterfuzz.

Bug: v8:7790, chromium:889722
Change-Id: I38833fe7ad26d2d3efb15ba560576defb82f673a
Reviewed-on: https://chromium-review.googlesource.com/1245425
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56260}
2018-09-27 10:22:51 +00:00
Clemens Hammacher
5ead3a5507 [wasm] Refactor code space allocation
Make {AllocateForCode} return an actual buffer, and move the OOM check
into that method. This allows us to generate more precise OOM messages.

R=mstarzinger@chromium.org

Change-Id: Ie9ed81248fe8068c92eec29a4911ffef43032de2
Reviewed-on: https://chromium-review.googlesource.com/1245769
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56258}
2018-09-27 09:57:59 +00:00
Maya Lekova
32c5c91d93 [test] Disable a flaky logAll test
NOTRY=true

Bug: v8:8220
Change-Id: I4f6dc81321adc5efceaf64be04fc23627e90b0fe
Reviewed-on: https://chromium-review.googlesource.com/1245772
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56255}
2018-09-27 08:10:40 +00:00
Deepti Gandluri
0423b9e330 [atomics] Fix I64CmpExchg for narrow width operations
Change-Id: I1cf8d697b5a4408fb75332dc39be12c0a2ee0e5a
Bug: v8:8202, v8:6532
Reviewed-on: https://chromium-review.googlesource.com/1240907
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56254}
2018-09-27 08:05:10 +00:00
Alexei Filippov
62b03d55f1 Revert "Reland "[heap profiler] Refactor: Replace indices with HeapEntry*""
This reverts commit 181bbd5c88.

Reason for revert: Still break Win tests https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Win64%20-%20debug/25096

Original change's description:
> Reland "[heap profiler] Refactor: Replace indices with HeapEntry*"
> 
> This is a reland of 69a502ce5c
> 
> TBR=ulan@chromium.org
> 
> Original change's description:
> > [heap profiler] Refactor: Replace indices with HeapEntry*
> >
> > Change-Id: I0c176f66711d45e2f59d527f3133a1afbf825ec3
> > Reviewed-on: https://chromium-review.googlesource.com/1229613
> > Commit-Queue: Alexei Filippov <alph@chromium.org>
> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#56245}
> 
> Change-Id: I416da19eb38a1a55f5e2f5897062bc1ca454ac34
> Reviewed-on: https://chromium-review.googlesource.com/1246802
> Commit-Queue: Alexei Filippov <alph@chromium.org>
> Reviewed-by: Alexei Filippov <alph@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#56250}

TBR=ulan@chromium.org,alph@chromium.org,mlippautz@chromium.org

Change-Id: I0d027d192a9354eb6157405566420e6aa38738c1
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/1248131
Reviewed-by: Alexei Filippov <alph@chromium.org>
Commit-Queue: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56252}
2018-09-27 06:04:44 +00:00
Alexei Filippov
181bbd5c88 Reland "[heap profiler] Refactor: Replace indices with HeapEntry*"
This is a reland of 69a502ce5c

TBR=ulan@chromium.org

Original change's description:
> [heap profiler] Refactor: Replace indices with HeapEntry*
>
> Change-Id: I0c176f66711d45e2f59d527f3133a1afbf825ec3
> Reviewed-on: https://chromium-review.googlesource.com/1229613
> Commit-Queue: Alexei Filippov <alph@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#56245}

Change-Id: I416da19eb38a1a55f5e2f5897062bc1ca454ac34
Reviewed-on: https://chromium-review.googlesource.com/1246802
Commit-Queue: Alexei Filippov <alph@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56250}
2018-09-26 22:17:36 +00:00
Frank Tang
e6d208b6a0 [Intl] add tests for 'quarter'
Add tests for 'quarter' unit in Intl.RelativeTimeFormat#format

Bug: v8:7869
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I03077d5d89e1b9e459af0c31b5bf7378d9c4a1f0
Reviewed-on: https://chromium-review.googlesource.com/1244758
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56249}
2018-09-26 20:56:49 +00:00
Alexei Filippov
a87b0e63db Revert "[heap profiler] Refactor: Replace indices with HeapEntry*"
This reverts commit 69a502ce5c.

Reason for revert: Broke the build https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20gcc%204.8/22123

Original change's description:
> [heap profiler] Refactor: Replace indices with HeapEntry*
> 
> Change-Id: I0c176f66711d45e2f59d527f3133a1afbf825ec3
> Reviewed-on: https://chromium-review.googlesource.com/1229613
> Commit-Queue: Alexei Filippov <alph@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#56245}

TBR=ulan@chromium.org,alph@chromium.org,mlippautz@chromium.org

Change-Id: Ib4495f17a653a95f8d5af634da74905c63048f8e
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/1246235
Reviewed-by: Alexei Filippov <alph@chromium.org>
Commit-Queue: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56248}
2018-09-26 18:45:44 +00:00
Alexei Filippov
69a502ce5c [heap profiler] Refactor: Replace indices with HeapEntry*
Change-Id: I0c176f66711d45e2f59d527f3133a1afbf825ec3
Reviewed-on: https://chromium-review.googlesource.com/1229613
Commit-Queue: Alexei Filippov <alph@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56245}
2018-09-26 18:21:03 +00:00
Clemens Hammacher
6d86857cd4 [wasm] Remove AddressRange, use base::AddressRegion
R=ahaas@chromium.org

Bug: v8:8015
Change-Id: Ic449b76ab3957bb989bbb1fc9cc1fb4782db7acf
Reviewed-on: https://chromium-review.googlesource.com/1240119
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56240}
2018-09-26 12:49:44 +00:00
Hannes Payer
6b5b3a5abf [heap] Promote surviving young generation large objects in the Scavenger.
Surviving large objects are directly promoted to the old generation.

Bug: chromium:852420
Change-Id: I460649714544d4338e01085f487d4b70065ecfb5
Reviewed-on: https://chromium-review.googlesource.com/1238173
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56237}
2018-09-26 12:34:24 +00:00
Jaroslav Sevcik
52a9e67a47 [turbofan] Fix ObjectCreate's side effect annotation.
Bug: chromium:888923
Change-Id: Ifb22cd9b34f53de3cf6e47cd92f3c0abeb10ac79
Reviewed-on: https://chromium-review.googlesource.com/1245763
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56236}
2018-09-26 12:02:11 +00:00
Igor Sheludko
647e0c2312 [cleanup] Use RootIndex instead of int in serializer code
Bug: v8:8015
Change-Id: I2f407c5ffaed96b90b9ead452a98a19ef1700b75
Reviewed-on: https://chromium-review.googlesource.com/1240336
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56233}
2018-09-26 09:49:40 +00:00
Maya Lekova
3c3330f6f0 Revert "[interpreter] Separate bytecodes for one-shot property loads and stores"
This reverts commit eccf186749.

Reason for revert: Speculative revert because it seems to introduce a pretty stable flake on gc stress tests, see https://bugs.chromium.org/p/v8/issues/detail?id=8229

Original change's description:
> [interpreter] Separate bytecodes for one-shot property loads and stores
> 
> Create LdaNamedPropertyNoFeedback and StaNamedPropertyNoFeedback
> for one-shot property loads and stores. This CL replaces the runtime
> calls with new bytecodes for named property load stores in one-shot code.
> the runtime calls needed extra set of consecutive registers and
> additional move instructions. This increased the size of
> bytecode-array and possibly extended the life time of objects.
> By replacing them with NoFeedback bytecodes we avoid these issues.
> 
> Bug: v8:8072
> Change-Id: I20a38a5ce9940026171d870d354787fe0b7c5a6f
> Reviewed-on: https://chromium-review.googlesource.com/1196725
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Chandan Reddy <chandanreddy@google.com>
> Cr-Commit-Position: refs/heads/master@{#56211}

TBR=rmcilroy@chromium.org,yangguo@chromium.org,jarin@chromium.org,neis@chromium.org,cbruni@chromium.org,chandanreddy@google.com

Change-Id: I445db58e6d4c275b434fabad5fad775bf259033f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8072
Reviewed-on: https://chromium-review.googlesource.com/1245421
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56232}
2018-09-26 08:36:14 +00:00
Jakob Kummerow
c2088790ae [atomics] Implement 64-bit Atomics operations
Atomics.{load,store,add,sub,and,or,xor,exchange,compareExchange}
are updated to support BigInt and BigInt64Array/BigUint64Array inputs.

Atomics.{wait,wake,isLockFree} are left unchanged for now.

Bug: v8:8100
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I8862d7e18c58ae08784535e9c010ba94f067a0ee
Reviewed-on: https://chromium-review.googlesource.com/1237294
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56228}
2018-09-26 01:13:30 +00:00
Frank Tang
d34ffa6a38 [Intl] move DateTimeFormat.prototype.resolvedOptions to c++
Bug: v8:8066
Change-Id: I931de0472941fca8f68739a05fa38dee308d59f4
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng;luci.chromium.try:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/1212467
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56227}
2018-09-26 00:57:09 +00:00
Frank Tang
93cbb579a6 [Intl] Remove incorrect CHECK
The CHECK was introduced in d7ae63e6f2.

The first time the property got read by ToDateTimeOptions
and the test will cause the needsDefault in ToDateTimeOptions
be false. Then in step 22 of InitializeDateTimeFormat,
it will get all undefined and cause the
skeleton to be empty string. If we only pass in empty options, the
defaults will be filled by ToDateTimeOptions and won't cause any
CHECK failure.


Bug: chromium:888299
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I3ee14434f0708eaaea78cc8857591152d1bdef8a
Reviewed-on: https://chromium-review.googlesource.com/1241316
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56226}
2018-09-26 00:24:28 +00:00
Yang Guo
8ff37bc769 Reland "[snapshot] add checksum to startup snapshot"
This is a reland of bcb8d49b2c

TBR=petermarshall@chromium.org

Original change's description:
> [snapshot] add checksum to startup snapshot
>
> We already had checksumming for code cache data. We now extend
> checksumming to the startup snapshot to catch data corruption early.
>
> The performance impact for deserialization is a regression of 1-2%,
> which should be acceptable.
>
> Sample output for the included test with --profile-deserialization:
>
> [Verifying snapshot checksum took 0.023 ms]
> [Deserializing isolate (134348 bytes) took 1.891 ms]
> [Verifying snapshot checksum took 0.024 ms]
> [Deserializing isolate (134348 bytes) took 1.654 ms]
> [Deserializing context #0 (47208 bytes) took 0.331 ms]
> Deserialization will reserve:
>     208168 bytes per isolate
>     123368 bytes per context #0
> Snapshot blob consists of:
>     134492 bytes in 6 chunks for startup
>     115272 bytes for builtins
>      47152 bytes in 31 chunks for context #0
> [Verifying snapshot checksum took 0.048 ms]
> [Verifying snapshot checksum took 0.043 ms]
>
> R=peria@chromium.org, petermarshall@chromium.org
>
> Bug: chromium:881417
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
> Change-Id: Ibc57520d459c86be8972f731aa35045b5e3751d7
> Reviewed-on: https://chromium-review.googlesource.com/1241874
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Commit-Queue: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#56217}

Bug: chromium:881417
Change-Id: I037f378fc2d45c3e0fa670bf538df68cbba5c53c
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/1243191
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56224}
2018-09-25 19:18:23 +00:00
Clemens Hammacher
0a04f26370 Revert "[snapshot] add checksum to startup snapshot"
This reverts commit bcb8d49b2c.

Reason for revert: MSan compile error: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/23025

Original change's description:
> [snapshot] add checksum to startup snapshot
> 
> We already had checksumming for code cache data. We now extend
> checksumming to the startup snapshot to catch data corruption early.
> 
> The performance impact for deserialization is a regression of 1-2%,
> which should be acceptable.
> 
> Sample output for the included test with --profile-deserialization:
> 
> [Verifying snapshot checksum took 0.023 ms]
> [Deserializing isolate (134348 bytes) took 1.891 ms]
> [Verifying snapshot checksum took 0.024 ms]
> [Deserializing isolate (134348 bytes) took 1.654 ms]
> [Deserializing context #0 (47208 bytes) took 0.331 ms]
> Deserialization will reserve:
>     208168 bytes per isolate
>     123368 bytes per context #0
> Snapshot blob consists of:
>     134492 bytes in 6 chunks for startup
>     115272 bytes for builtins
>      47152 bytes in 31 chunks for context #0
> [Verifying snapshot checksum took 0.048 ms]
> [Verifying snapshot checksum took 0.043 ms]
> 
> R=​peria@chromium.org, petermarshall@chromium.org
> 
> Bug: chromium:881417
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
> Change-Id: Ibc57520d459c86be8972f731aa35045b5e3751d7
> Reviewed-on: https://chromium-review.googlesource.com/1241874
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Commit-Queue: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#56217}

TBR=peria@chromium.org,yangguo@chromium.org,petermarshall@chromium.org

Change-Id: Iccb82092858ab68a5d6ae9552fa716108eda354b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:881417
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/1243190
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56221}
2018-09-25 16:37:22 +00:00
Ben L. Titzer
89f52f8a44 [wasm] Load formal_param_count for mismatched import calls
For WASM import calls to JSFunctions where the arity is mismatched,
we currently generate code that inlines the formal parameter count
of the target function as a constant in a call to the arguments
adapter. This CL changes this to generate code that loads the formal
parameter count from the function at runtime in order to permit
more sharing later.

R=mstarzinger@chromium.org
CC=clemensh@chromium.org

Change-Id: I5cce97fc338f6468f9d42d48f5bc860b25fb7d73
Reviewed-on: https://chromium-review.googlesource.com/1243108
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56220}
2018-09-25 16:13:53 +00:00
Toon Verwaest
55ecf51e33 [parser] Don't resolve preparser variables for arrow functions
I moved AnalyzePartially from ParseFunctionLiteral to SkipFunction, but arrow
functions only used the ResetAfterPreparsing part.

Bug: chromium:888825

Change-Id: I08de99af128b28031df6ed86a725e4dc918078f8
Reviewed-on: https://chromium-review.googlesource.com/1243383
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56218}
2018-09-25 15:28:18 +00:00
Yang Guo
bcb8d49b2c [snapshot] add checksum to startup snapshot
We already had checksumming for code cache data. We now extend
checksumming to the startup snapshot to catch data corruption early.

The performance impact for deserialization is a regression of 1-2%,
which should be acceptable.

Sample output for the included test with --profile-deserialization:

[Verifying snapshot checksum took 0.023 ms]
[Deserializing isolate (134348 bytes) took 1.891 ms]
[Verifying snapshot checksum took 0.024 ms]
[Deserializing isolate (134348 bytes) took 1.654 ms]
[Deserializing context #0 (47208 bytes) took 0.331 ms]
Deserialization will reserve:
    208168 bytes per isolate
    123368 bytes per context #0
Snapshot blob consists of:
    134492 bytes in 6 chunks for startup
    115272 bytes for builtins
     47152 bytes in 31 chunks for context #0
[Verifying snapshot checksum took 0.048 ms]
[Verifying snapshot checksum took 0.043 ms]

R=peria@chromium.org, petermarshall@chromium.org

Bug: chromium:881417
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ibc57520d459c86be8972f731aa35045b5e3751d7
Reviewed-on: https://chromium-review.googlesource.com/1241874
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56217}
2018-09-25 15:26:38 +00:00
Alexey Kozyatinskiy
e439681323 debug: LoadLookupSlot should initialize receiver for modules..
.. otherwise V8 crashes on attempt to use imported function as part
of expression passed to Debugger.evaluateOnCallFrame.

R=neis@chromium.org

Bug: chromium:878029
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I61b837f5c7b84a80d91a9cdaaac0422a24aa1620
Reviewed-on: https://chromium-review.googlesource.com/1241475
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56216}
2018-09-25 14:52:41 +00:00
Ross McIlroy
3a00ba5f1a [Compile] Refactor UnoptimizedCompilationJob to use BackgroundCompilerTask
This CL makes UnoptimizedCompilationJob a simple proxy for
BackgroundCompilerTask. A follow-up CL will remove UnoptimizedCompilationJob
entirely and have CompilerDispatcher deal directly with BackgroundCompilerTasks

BUG=v8:8041, v8:8015

Change-Id: Ia53d05c015c4ca2ee32a4d1c5d0c65edb3caeda8
Reviewed-on: https://chromium-review.googlesource.com/1236257
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56212}
2018-09-25 14:23:54 +00:00
Creddy
eccf186749 [interpreter] Separate bytecodes for one-shot property loads and stores
Create LdaNamedPropertyNoFeedback and StaNamedPropertyNoFeedback
for one-shot property loads and stores. This CL replaces the runtime
calls with new bytecodes for named property load stores in one-shot code.
the runtime calls needed extra set of consecutive registers and
additional move instructions. This increased the size of
bytecode-array and possibly extended the life time of objects.
By replacing them with NoFeedback bytecodes we avoid these issues.

Bug: v8:8072
Change-Id: I20a38a5ce9940026171d870d354787fe0b7c5a6f
Reviewed-on: https://chromium-review.googlesource.com/1196725
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Chandan Reddy <chandanreddy@google.com>
Cr-Commit-Position: refs/heads/master@{#56211}
2018-09-25 13:53:53 +00:00
Ben L. Titzer
7f7545cf55 [wasm] Introduce WasmImportCallKind enum
The WASM engine compiles per-import wrappers for callables imported
into a WASM instance that have one of a number of different shapes,
depending on the type of the imported function and whether there is
a signature match. This CL introduces an enum with a value for each
case in preparation for introducing a per-kind cache.

R=mstarzinger@chromium.org
CC=clemensh@chromium.org

Change-Id: If9b7355ff7c57a329c096f93f3624bc3d6c74e3f
Reviewed-on: https://chromium-review.googlesource.com/1243045
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56210}
2018-09-25 13:52:12 +00:00
Georg Neis
74b40e34d5 [turbofan] Remove redundant isolate argument from typers.
This is just a cleanup.

Bug: v8:7790
Change-Id: Ic0114451159b8c504f527f3cf3bdaed6a8cc8741
Reviewed-on: https://chromium-review.googlesource.com/1243103
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56206}
2018-09-25 13:00:05 +00:00
Georg Neis
78dd1d0c69 [turbofan] Move typer into the background.
... if FLAG_concurrent_compiler_frontend is enabled.

Bug: v8:7790
Change-Id: I448560b21d54c8907e8cbf68bdaf8bbdf2b034df
Reviewed-on: https://chromium-review.googlesource.com/1241959
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56205}
2018-09-25 12:40:50 +00:00
Clemens Hammacher
19bad28dac [wasm][gc] Link Isolates from WasmEngine
First step towards GC of wasm code: Introduce a link to all Isolates
that use a WasmEngine.

R=mstarzinger@chromium.org

Bug: v8:8217
Change-Id: Ib7f4495e7c7e5cc9ad58293518c65738f23d664c
Reviewed-on: https://chromium-review.googlesource.com/1240335
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56204}
2018-09-25 12:16:00 +00:00
Ross McIlroy
dc204cc6e7 Reland "[Compile] Refactor BackgroundCompileTask to enable its use by CompilerDispatcher"
This is a reland of 31228a69c3

TBR=yangguo@chromium.org,verwaest@chromium.org

Original change's description:
> [Compile] Refactor BackgroundCompileTask to enable its use by CompilerDispatcher
>
> Splits background compilation data out of ScriptStreamingData and into
> BackgroundCompileTask. Also makes BackgroundCompileTask no longer a sub-class
> of ScriptStreamingTask, and instead have ScriptStreamingTask delegate to a
> BackgroundCompileTask.
>
> As part of this change, we now create the CharacterStream on the main thread,
> and therefore have to set the (thread-local) runtime_call_stats on the already
> created CharacterStream when the BackgroundCompileTask is run on the background
> thread. As such, changes to CharacterStream were needed to feed the
> runtime_call_stats through appropriately.
>
> Deprecates Source::GetCachedData and StreamedSource::GetCachedData since they are
> no longer used, and the streamed source never has cached data (streaming is
> suppressed if cached data is available). Also removes Utf8ChunkedStream which
> is dead code.
>
> BUG=v8:8041, v8:8015
> TBR=yangguo@chromium.org
>
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
> Change-Id: Ifcc723ebf930a1dc01135fcb70929d6168471cb3
> Reviewed-on: https://chromium-review.googlesource.com/1236353
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#56182}

Bug: v8:8041, v8:8015
Change-Id: Ied5132c537d4c25c6e355f289c2a9cc1f8ff98e9
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/1242097
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56201}
2018-09-25 11:24:14 +00:00
Peter Marshall
19253b3795 [cpu-profiler] Always skip flaky cpu profiler test
This is a regression test for a really specific issue that is flaky.
We should just disable it for all configurations rather than wait for
extra flakes which we then have to diagnose.

Bug: v8:8209
Change-Id: I976f2d7cdd92f3ce5c7eb9fd28976201d1d6612f
Reviewed-on: https://chromium-review.googlesource.com/1240120
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56189}
2018-09-25 08:43:42 +00:00
Andreas Haas
8210d664d3 [wasm] Update spec tests
R=titzer@chromium.org

Change-Id: I6eabacf07e3dd95d1bec68f1980ec6aae5220c97
Reviewed-on: https://chromium-review.googlesource.com/1238926
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56188}
2018-09-25 08:36:32 +00:00
Maya Lekova
875480d2c9 Revert "[Compile] Refactor BackgroundCompileTask to enable its use by CompilerDispatcher"
This reverts commit 31228a69c3.

Reason for revert: Introduces new pretty consistent flakes on Linux sanitizers, one of which block LKGR. Please see https://crbug.com/v8/8219

Original change's description:
> [Compile] Refactor BackgroundCompileTask to enable its use by CompilerDispatcher
> 
> Splits background compilation data out of ScriptStreamingData and into
> BackgroundCompileTask. Also makes BackgroundCompileTask no longer a sub-class
> of ScriptStreamingTask, and instead have ScriptStreamingTask delegate to a
> BackgroundCompileTask.
> 
> As part of this change, we now create the CharacterStream on the main thread,
> and therefore have to set the (thread-local) runtime_call_stats on the already
> created CharacterStream when the BackgroundCompileTask is run on the background
> thread. As such, changes to CharacterStream were needed to feed the
> runtime_call_stats through appropriately.
> 
> Deprecates Source::GetCachedData and StreamedSource::GetCachedData since they are
> no longer used, and the streamed source never has cached data (streaming is
> suppressed if cached data is available). Also removes Utf8ChunkedStream which
> is dead code.
> 
> BUG=v8:8041, v8:8015
> TBR=yangguo@chromium.org
> 
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
> Change-Id: Ifcc723ebf930a1dc01135fcb70929d6168471cb3
> Reviewed-on: https://chromium-review.googlesource.com/1236353
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#56182}

TBR=rmcilroy@chromium.org,yangguo@chromium.org,verwaest@chromium.org

Change-Id: Ib05bcbde2e9a588bd4008d2155f75cdac5cc47f5
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8041, v8:8015
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/1241958
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56187}
2018-09-25 07:49:34 +00:00
Ross McIlroy
31228a69c3 [Compile] Refactor BackgroundCompileTask to enable its use by CompilerDispatcher
Splits background compilation data out of ScriptStreamingData and into
BackgroundCompileTask. Also makes BackgroundCompileTask no longer a sub-class
of ScriptStreamingTask, and instead have ScriptStreamingTask delegate to a
BackgroundCompileTask.

As part of this change, we now create the CharacterStream on the main thread,
and therefore have to set the (thread-local) runtime_call_stats on the already
created CharacterStream when the BackgroundCompileTask is run on the background
thread. As such, changes to CharacterStream were needed to feed the
runtime_call_stats through appropriately.

Deprecates Source::GetCachedData and StreamedSource::GetCachedData since they are
no longer used, and the streamed source never has cached data (streaming is
suppressed if cached data is available). Also removes Utf8ChunkedStream which
is dead code.

BUG=v8:8041, v8:8015
TBR=yangguo@chromium.org

Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ifcc723ebf930a1dc01135fcb70929d6168471cb3
Reviewed-on: https://chromium-review.googlesource.com/1236353
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56182}
2018-09-24 20:15:50 +00:00
Sergiy Byelozyorov
c4cfafc354 Update V8 DEPS.
Rolling v8/third_party/icu: 7ca3ffa..c52a2a2

This includes fixes from https://crrev.com/c/1240414.

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I2afd319dbb244356a9bb057eb80c5fb0310b8686
Reviewed-on: https://chromium-review.googlesource.com/1240106
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56181}
2018-09-24 18:34:31 +00:00
Clemens Hammacher
141dd66713 [wasm][cleanup] Use AddressRange instead of std::pair
In the wasm code manager unittest, use the more specific AddressRange
class instead of a generic std::pair.
Also, rename the two {CheckLooksLike} methods to capture what they
actually check ({CheckPool} and {CheckRange}).

R=ahaas@chromium.org

Bug: v8:8015
Change-Id: Ia02523eabb1ddd8a3e8a255cc3987017b8338721
Reviewed-on: https://chromium-review.googlesource.com/1240135
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56176}
2018-09-24 14:46:15 +00:00
Peter Marshall
a0c48e1daa [API] Rename GetBuiltinsCodeRange to GetEmbeddedCodeRange.
This is more generic as it doesn't restrict embedded code to just
builtins. Also, some builtins are still on-heap so the name was not
totally accurate.

Bug: v8:8116
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I44cd24d6baf2bce0e5d914d36a2bae98e77bdc6d
Reviewed-on: https://chromium-review.googlesource.com/1238919
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56170}
2018-09-24 14:05:46 +00:00
Igor Sheludko
c9e4a21c16 [cleanup] Ensure [READ_ONLY|MUTABLE]_ROOT_LIST contain ALL RO/mutable entries
... so that it is no longer needed to iterate over other lists.
This CL also moves data handler maps to the RO roots list (because they are RO).

Bug: v8:8015
Change-Id: If21fe5bac5a6ac1e44a47783ad930df5fcecda9a
Reviewed-on: https://chromium-review.googlesource.com/1240134
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56169}
2018-09-24 14:04:41 +00:00
Dan Elphick
d235f550ab [deprecation] Deprecate ToBoolean(Local<Context>)
ToBoolean and BooleanValue cannot throw exceptions so the Maybe versions
of the functions don't make sense. As such this deprecates the Maybe
versions and undeprecates ToBoolean(Isolate*). It also adds
BooleanValue(Isolate*).

Fix up all of the v8 code to not use the deprecated functions.

Bug: v8:7279, v8:8015
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I50e7474d205c75baa153f0dea7f02dcf60232d1d
Reviewed-on: https://chromium-review.googlesource.com/1238476
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56163}
2018-09-24 12:02:09 +00:00
Igor Sheludko
7528a7e6a9 [cleanup] Introduce ACCESSOR_INFO_ROOT_LIST
... containing ROOT_LIST-compatible entries.

Bug: v8:8015
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ia7a2620e2b6c9b2238cc0c2a6ead6bf7e6a46c00
Reviewed-on: https://chromium-review.googlesource.com/1238724
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56161}
2018-09-24 11:03:26 +00:00
Igor Sheludko
8ef91e123d [cleanup] Convert more list macros to ROOT_LIST-compatible ones
INTERNALIZED_STRING_ROOT_LIST, [PRIVATE|PUBLIC|WELL_KNOWN]_SYMBOL_ROOT_LIST

Bug: v8:8015
Change-Id: I6f271fa8bfbe5e994ebcef191e6750fa3ff6dd7f
Reviewed-on: https://chromium-review.googlesource.com/1238567
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56160}
2018-09-24 10:52:46 +00:00
Ben L. Titzer
14595004ea [wasm] Refactor WASM wrapper creation calls
Neither the native module nor the trap handler flag are needed to
compile JS to WASM wrappers.

R=clemensh@chromium.org

Change-Id: I46770d26e4063a6efbcaef55bebab5e1a131a0e8
Reviewed-on: https://chromium-review.googlesource.com/1238506
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56159}
2018-09-24 10:31:08 +00:00
Daniel Clifford
f088840abf [torque] Improve formatting in format-torque
Issues/problems addressed:

- Fix line-wrapping and indenting for long declarations including strings,
  e.g. generates and constexpr clauses.
- Implement proper formatting for typeswitch statements
- Fix formatting of operator declarations
- Fix formatting of constexpr if-clauses (the constexpr is now included on the
  same line as the if and it doesn't mess up the formatting that
- Fix formatting of label declarations on callables, the "label" keyword now
  always starts a new line with indentation.
- Remove space after identifier name in generic parameter declarations, e.g.
  "<a : T>" is now "<a: T>" which is consistent with type specification
  formatting elsewhere.
- Indent "otherwise" clauses that have been pushed to the next line.

Also ran the formatter over all existing .tq files.

Bug: v8:7793
Change-Id: I5adbb2ffa3d573deed062f9a5c1da57348c8fc71
Reviewed-on: https://chromium-review.googlesource.com/1238580
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56158}
2018-09-24 10:08:00 +00:00
Aseem Garg
cc4bd49117 [wasm] fix name section errors
This CL ignores multiple name sections in wasm modules instead throwing an error.
This is in line with the spec with regards to custom sections.

BUG=v8:8186
R=clemensh@chromium.org,adamk@chromium.org

Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I8c6610afe389d8f8d03f9fca164bd46cb5fb030d
Reviewed-on: https://chromium-review.googlesource.com/1232676
Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56152}
2018-09-21 20:35:25 +00:00
Alexey Kozyatinskiy
0cec56a409 inspector: allow es6 module liveedit
After total liveedit rewrite, liveedit works with module, we can remove
the guard.

R=dgozman@chromium.org

Bug: chromium:806261
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ide15eca2ab6d8ba7df4e7fae541c4a65794eeea8
Reviewed-on: https://chromium-review.googlesource.com/1238914
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56151}
2018-09-21 19:49:16 +00:00
Igor Sheludko
4d6a01c15d [cleanup] Introduce STRUCT_MAPS_LIST generated from STRUCT_LIST.
In order to workaround MSVC compilation issue this CL explicitly adds _TYPE
suffixes to struct instance type names in STRUCT_LIST.

Bug: v8:8015
Change-Id: If71a26e4cbd41bc7372bf127bd050159d0d324ce
Reviewed-on: https://chromium-review.googlesource.com/1238496
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56149}
2018-09-21 16:10:34 +00:00
Mathias Bynens
a11e05be3a [esnext] Implement well-formed JSON.stringify
The proposal is currently at Stage 2 of the TC39 process.

Repository: https://github.com/tc39/proposal-well-formed-stringify

Bug: v8:7782
Change-Id: I7383f0df5b330aa71e3d80b50b7e52d474f153a3
Reviewed-on: https://chromium-review.googlesource.com/1238475
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56145}
2018-09-21 14:23:49 +00:00
Igor Sheludko
2eba67c869 [cleanup] Introduce ALLOCATION_SITE_MAPS_LIST and DATA_HANDLER_MAPS_LIST
... which are generated from ALLOCATION_SITE_LIST and DATA_HANDLER_LIST respectively.

Bug: v8:8015
Change-Id: Ib729628e6b65ad98ff50234572f8edf2854f83ad
Reviewed-on: https://chromium-review.googlesource.com/1238517
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56143}
2018-09-21 13:52:44 +00:00
Michael Starzinger
9ce331f22f [wasm] Cleanup and document {NativeModule} mutex.
This also makes the {AddCodeCopy} method more specific to only apply to
import wrappers, otherwise the use of {set_code} would be unprotected.

R=clemensh@chromium.org
BUG=v8:8015

Change-Id: I62561560f57e4cc235a338c0e769e50ff55ec42d
Reviewed-on: https://chromium-review.googlesource.com/1238477
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56137}
2018-09-21 12:58:29 +00:00
Georg Neis
64b0c30713 [turbofan] Fix descriptor array serialization.
This did unnecessarily much work, part of it even didn't make sense
due to my misunderstanding of the different ownership notions.

Bug: v8:7790
Change-Id: I8f630b544d2fa9d583ceb7e496e88b9a655385a7
Reviewed-on: https://chromium-review.googlesource.com/1236955
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56135}
2018-09-21 12:27:01 +00:00
Benedikt Meurer
129f770148 [es2015] Setup JSTypedArray after allocating the JSArrayBuffer.
When constructing a TypedArray by length, only actually setup the
JSTypedArray instance once the buffer is allocated, as only at that
time it's known whether the byte length is fine. Otherwise we confuse
the heap verifier.

Bug: chromium:887891
Change-Id: I407ff9a2a053dd11ef764e4e32f482abb27eb0a8
Reviewed-on: https://chromium-review.googlesource.com/1238494
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56131}
2018-09-21 12:02:12 +00:00
Florian Sattler
cdd8e54cb8 [cleanup] Fix leftover clang-tidy warnings.
Fixing clang-tidy warning.
Replace 0 with nullptr.
Add NOLINT for special cases.
Add default/override to methods.

Bug: v8:8015
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Iff483356ace471d816051c6dd06ca08809ae1c09
Reviewed-on: https://chromium-review.googlesource.com/1238333
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Florian Sattler <sattlerf@google.com>
Cr-Commit-Position: refs/heads/master@{#56129}
2018-09-21 11:12:13 +00:00
Benedikt Meurer
74adec5b3b [cleanup] Remove obsolete runtime functions.
Remove %ToPrimitive, %ToPrimitive_Number, %SameValue and %SameValueZero,
as these runtime functions were only used from tests. For the %SameValue
we use Object.is() to test the internal algorithm (the actual one even),
and for %SameValueZero we use Set#has() - this was already the case for
most uses anyways.

Also drop %IsDate and %ValueOf, which didn't have uses at all.

Bug: v8:8015
Change-Id: Ice26d25e68aed4d5d8adac0547c56aedf9826b13
Reviewed-on: https://chromium-review.googlesource.com/1237677
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56127}
2018-09-21 10:59:12 +00:00
Benedikt Meurer
3978bb02f7 [turbofan] Remove unused JSToInteger operator.
The JSToInteger operator is not used anywhere in TurboFan nowadays, so
no point in keeping the dead code in the tree.

Bug: v8:8015
Change-Id: If03ba63c4b932ba0aac60b9bbc89fee3909a93c6
Reviewed-on: https://chromium-review.googlesource.com/1238238
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56126}
2018-09-21 10:54:07 +00:00
Benedikt Meurer
08aec7d721 [es2015] Fix ToPrimitive conversions in relational comparisons.
The order in which ToNumber(left) and ToPrimitive(right,hint Number)
is called when performing an abstract relational comparison is
observable, and we need to make sure to trigger the conversions in
the correct order.

Bug: chromium:687063
Change-Id: Idc9edb99643c4cf1774b89dcdc319ed5dc7cdc8a
Reviewed-on: https://chromium-review.googlesource.com/1236557
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56125}
2018-09-21 10:53:06 +00:00
Leszek Swirski
4456b384a7 [cpu-profiler] Skip Issue1398 test on TSAN
This test is currently flaky on TSAN and blocks the roll.

Bug: v8:8209
Change-Id: I0ca32d39f5570b458d56801b9a72ff3c428678d5
Reviewed-on: https://chromium-review.googlesource.com/1237676
Reviewed-by: Michael Hablich <hablich@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56122}
2018-09-21 10:20:07 +00:00
Benedikt Meurer
9c0ef860eb [turbofan] Add missing test coverage for JSTypedLowering optimizations.
Properly test the abstract equality - both JSEqual and JSNotEqual - for
the case of symbols. Also add tests for the corner cases of the
JSObjectIsArray operator, which is used to implement Array.isArray()
builtin.

Bug: v8:8015
Change-Id: Ib008e85553d04527a5992a904ec77774761f872e
Reviewed-on: https://chromium-review.googlesource.com/1238237
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56121}
2018-09-21 10:05:15 +00:00
Jakob Gruber
c63cbbdd98 Remove --lazy-handler-deserialization flag
Handlers were recently moved to the builtins table, and we never added
full support for this flag. It doesn't add much value and lazy
deserialization is scheduled for mid-term removal anyways, so let's
just delete it.

--lazy-deserialization now controls both builtin- and
handler-deserialization behavior.

Bug: v8:6624
Change-Id: Iffb7286a00157966abf99158ba629ce4765536d6
Reviewed-on: https://chromium-review.googlesource.com/1238235
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56117}
2018-09-21 09:15:23 +00:00
Benedikt Meurer
ce7ec6ef0a [turbofan] Refactor the CheckedInt32Div/CheckedUint32Div lowering.
Improve the lowering of CheckedInt32Div and CheckedUint32Div for the
case that the right hand side is a known (positive) power of two, as
in that case it's sufficient to just check the relevant bits on the
left hand side and then shift by the appropriate amount of bits.

This is significantly faster than what TurboFan is able to generate
from the general lowering, even with all the MachineOperatorReducer
magic (it even shows as a steady ~1.5% overall improvement on the
Kraken crypto ccm benchmark).

Also turn the general CheckedInt32Div lowering into readable code again,
and make sure that all the bailout cases are properly covered by mjsunit
tests (i.e. the "division by zero" bailout was not covered properly).

Bug: v8:8015
Change-Id: Ibfdd367a6ee5d70dcaa48801858042c5029b7004
Reviewed-on: https://chromium-review.googlesource.com/1236954
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56115}
2018-09-21 09:05:48 +00:00
Benedikt Meurer
1f3956389a [turbofan] Add missing test coverage for ObjectIsSafeInteger.
The previous tests didn't cover the case Number.isSafeInteger(x)
where TurboFan was unable to tell that `x` is always a Number and
thus had to use the ObjectIsSafeInteger operator instead.

Bug: v8:8015
Change-Id: I9bdbfa602fe0bf8c5fb2bc6c160ace7ab0bc0aaa
Reviewed-on: https://chromium-review.googlesource.com/1238234
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56114}
2018-09-21 08:40:26 +00:00
Benedikt Meurer
8c1a7c5ec5 [turbofan] Decide lowering for NumberDivide based on feedback.
Again in the spirit of https://chromium-review.googlesource.com/1226033
we can simplify the handling of NumberDivide and decide the lowering
based on the feedback type.

Drive-by-fix: Add test coverage for the relevant corner cases of the
NumberDivide handling in SimplifiedLowering.

Bug: v8:8015
Change-Id: I0edaca0fddb31d64d2c269268e87a32a687a0b26
Reviewed-on: https://chromium-review.googlesource.com/1236262
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56113}
2018-09-21 08:36:55 +00:00
Benedikt Meurer
b57a87749f [cleanup] Add missing test coverage for ObjectIsArrayBuffer operator.
The ObjectIsArrayBuffer simplified operator, which is used to implement
the ArrayBuffer.isView() builtin, didn't have any test coverage.

Bug: v8:8015
Change-Id: Ia15e35bc4ae61627137f7a89976560a8d3db771f
Reviewed-on: https://chromium-review.googlesource.com/1238215
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56112}
2018-09-21 08:30:35 +00:00
Sam Clegg
2968553785 Export mjsunit.formatFailureText which is needed by test-async.js
Without this the call to `formatFailureText` in `test-async.js`
fails but goes unnoticed since the promise change is rejects
which is not handled.  And d8 silently ignores the the unhandled
rejections.

Once `formatFailureText` was added it reveals a but where several
tests were expecting `.equal` to be a deepEquals.  Specifically:

test/mjsunit/es6/promise-all.js
test/mjsunit/harmony/async-generators-resume-return.js
test/mjsunit/harmony/async-generators-return.js
test/mjsunit/harmony/async-generators-yield.js

Making equals call `deepEquals` fixed that issue.

Change-Id: I350c7d916147eaa7cf873bdaf273aebbaaa833c5
Reviewed-on: https://chromium-review.googlesource.com/1236852
Commit-Queue: Sam Clegg <sbc@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56107}
2018-09-21 01:37:14 +00:00
Jakob Kummerow
9ed4b96578 Fix building with GCC 7.x and 8.x
GCC 7.x doesn't like it (-Werror=subobject-linkage) when a class
either derives from a class or has a member field of a type that
was declared in an anonymous namespace.
It is also opposed (-Werror=attributes) to visibility attributes
being defined at explicit template instantiations.
GCC 8.x further has reservations (-Werror=class-memaccess) about
letting memset/memcpy modify areas within non-POD objects.

Change-Id: Ic5107bb5ee3af6233e3741e3ef78d03a0a84005a
Reviewed-on: https://chromium-review.googlesource.com/1208306
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56106}
2018-09-21 01:12:25 +00:00
Sathya Gunasekaran
81c9e3936b [Atomics] Add use counter for Atomics.{wake, notify}
Previously, Atomics.notify was just an alias to Atomics.wake, which
doesn't quite let us add a use counter for these individual builtins.

This patch refactors the existing Atomics.wake into a separate
function that is called from two separate builtins.

Bug: v8:7883
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: If54c8f769b7949d88d327cfb2f70db394f32a0b7
Reviewed-on: https://chromium-review.googlesource.com/1234581
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56105}
2018-09-20 21:31:33 +00:00
Ross McIlroy
07a35d28f2 Merge UnoptimizedCompileJobTest::CompileFailureToFinalize and UnoptimizedCompileJobTest::CompileFailureToAnalyse
They both do the same thing, and UnoptimizedCompileJobTest.CompileFailureToFinalize was
failing on arm due to stack size parameters.

BUG=v8:8041

No-Presubmit: true
No-Tree-Checks: true
No-Try: true

Change-Id: I2506aed026420c2634d5cd41b0dc268debb512eb
Reviewed-on: https://chromium-review.googlesource.com/1236814
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56099}
2018-09-20 16:28:05 +00:00
Sreten Kovacevic
3ac4ac581c [mips] Port [turbofan] Implement constant folding of string concatenations
Port fef047a4a5

Original commit message:
`This CL implements the following design doc:
https://docs.google.com/document/d/1h5kdfemMQMpUd15PSKW1lqikJW5hsGwrmOvoqhGFRts/edit?ts=5b978756#heading=h.urs7r34mx9p `

Change-Id: Ib34a2e18c56bc7ccf3cbfa0f1baa07dcc8ed0cd4
Reviewed-on: https://chromium-review.googlesource.com/1235974
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Sreten Kovacevic <skovacevic@wavecomp.com>
Cr-Commit-Position: refs/heads/master@{#56097}
2018-09-20 15:15:12 +00:00
Alexey Kozyatinskiy
d9fbfeb894 inspector: return [[StableObjectId]] as internal property
This property might be useful for fast '===' check.

R=dgozman@chromium.org,yangguo@chromium.org

Bug: none
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Iabc3555ce1ec2c14cf0ccd40b7d964ae144e7352
Reviewed-on: https://chromium-review.googlesource.com/1226411
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56095}
2018-09-20 15:03:52 +00:00
Benedikt Meurer
48854a23d9 [turbofan] Unify NumberModulus handling in SimplifiedLowering.
In the spirit of https://chromium-review.googlesource.com/1226033 we can
also unify the handling of NumberModulus based on feedback types.

Drive-by-fix: Add appropriate tests for the corner cases of the
NumberModules with (surrounding) feedback integration.

Bug: v8:8015
Change-Id: I5e3207d2f6e72f9ea1d7658014b7272075088d63
Reviewed-on: https://chromium-review.googlesource.com/1236260
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56094}
2018-09-20 15:00:43 +00:00
Benedikt Meurer
96605878ac [turbofan] Add test cover for SpeculativeNumberModulus corner cases.
The coverage bot figured out that there's missing test coverage
for the SpeculativeNumberModulus corner cases inside of the
SimplifiedLowering logic.

Bug: v8:8015
Change-Id: Id32aa545dc43adae5e67c66574ccea5f2b3db846
Reviewed-on: https://chromium-review.googlesource.com/1236259
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56093}
2018-09-20 14:50:35 +00:00
Benedikt Meurer
2c40c5250b [turbofan] Test coverage for SpeculativeNumberAdd/Subtract in SimplifiedLowering.
This adds missing test coverage for corner cases of SpeculativeNumberAdd
and SpeculativeNumberSubtract inside of SimplifiedLowering. This was
discovered to be untested by the coverage bot.

Bug: v8:8015
Change-Id: I7355b1b840a76bc12bd911adb6c2d88f05d816c5
Reviewed-on: https://chromium-review.googlesource.com/1236256
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56090}
2018-09-20 14:23:34 +00:00
Ross McIlroy
80195fc58d [Compile] Refactor CompilerDispatcher for inner function compilation jobs
Refactors the CompilerDispatcher to be able to enqueue eager inner functions
for off-thread compilation during top-level compilation of a script.

Unoptimized compile jobs are simplified to only have two phases - compile
and finalization. Only finalization requires heap access (and therefore
needs to be run on the main thread). The change also introduces a requirement
to register a SFI with a given compile job after that job is posted, this
is due to the fact that an SFI won't necessarily exist at the point the job
is posted, but is created later when top-level compile is being finalized.
Logic in the compile dispatcher is update to deal with the fact that a job
may not be able to progress if it doesn't yet have an associated SFI
registered with it.

BUG=v8:8041

Change-Id: I66cccd626136738304a7cab0e501fc65cf342514
Reviewed-on: https://chromium-review.googlesource.com/1215782
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56088}
2018-09-20 14:06:39 +00:00
Benedikt Meurer
a50baa246e [turbofan] Reduce DataView access code duplication.
Part of https://chromium-review.googlesource.com/1231994 that landed
earlier, but was reverted due to breakage. Landing this cleanup
separately instead.

Drive-by-fix: Also add test coverage for the cases that weren't covered
properly (according to the test coverage bot).

Bug: chromium:225811, v8:8015
Change-Id: I9c13ed5fcf0ba9e6b190489e15df86970eafdc13
Reviewed-on: https://chromium-review.googlesource.com/1236213
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56087}
2018-09-20 14:05:25 +00:00
Mathias Bynens
1b7abc42be [regexp] Expand test coverage for sequence properties
Port the remaining tests from:
https://chromium-review.googlesource.com/c/v8/v8/+/1227974/1/test/mjsunit/harmony/regexp-property-emoji-flag-sequence-generated.js#9

Bug: v8:7467
Change-Id: Ib187c93cb38befbbba31bdf93a0f5d8f1bee3d13
Reviewed-on: https://chromium-review.googlesource.com/1230098
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56083}
2018-09-20 13:00:35 +00:00
Benedikt Meurer
65276678d0 [turbofan] Add (missing) test coverage for Math.imul().
According to the coverage bot, there's some lack of test coverage for
corner cases of Math.imul(). Add the missing test coverage and also
add some coverage for the generally interesting cases.

Bug: v8:8015
Change-Id: I2a917283b4777510fb5db421a039ff0de9b2a25f
Reviewed-on: https://chromium-review.googlesource.com/1235577
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56077}
2018-09-20 12:54:05 +00:00
Benedikt Meurer
44c24bf827 [cleanup] Remove a lot of dead intrinsics/runtime functions.
The following runtime functions (and their intrinsic counter parts) are
completely unused/obsolete by now

  - %ToInteger
  - %GeneratorGetInputOrDebugPos

and in addition the intrinsics for %_ToNumber and %_IsJSProxy are also
dead (according to code coverage and manual verification), so drop them
as well (their runtime function counterparts are still somewhat used).

Bug: v8:8015
Change-Id: I60d53762dd9717fb43de38cb490b46676c467212
Reviewed-on: https://chromium-review.googlesource.com/1235923
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56076}
2018-09-20 12:48:57 +00:00
Benedikt Meurer
3a9466a89c [turbofan] Unify RedundancyElimination for speculative number operations.
Remove the NumberConstant right hand side limitation for the speculative
number operation optimization, and extend the logic to also deal with
SpeculativeToNumber, which is common when dealing with postfix increment
and array operations.

Also add appropriate tests for all the relevant cases, specifically we
mjsunit tests to increase the general coverage for the various cases
here (in addition to dedicated unittests).

Bug: v8:8015
Change-Id: I8c92f98490c63b07eb19686efd404322979e57c4
Reviewed-on: https://chromium-review.googlesource.com/1235919
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56072}
2018-09-20 12:08:55 +00:00
Michael Achenbach
a1052fd0cd [test] Add missing resource for test on Android
This is for fixing:
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Android%20Arm64%20-%20N5X/871

TBR=sbc@chromium.org
NOTRY=true

Bug: v8:8020
Change-Id: I48180f3e24fbabfbc673890252a1067ef63d82a2
Reviewed-on: https://chromium-review.googlesource.com/1235578
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56070}
2018-09-20 11:58:46 +00:00
Yang Guo
3833fef573 Refactor integer hashing function names
We now clearly differentiate between:
- unseeded hash for 32-bit integers
- unseeded hash for 64-bit integers
- seeded hash for 32-bit integers
- seeded hash for strings


R=bmeurer@chromium.org

Bug: chromium:680662
Change-Id: I7459958c4158ee3501c962943dff8f33258bb5ce
Reviewed-on: https://chromium-review.googlesource.com/1235973
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56068}
2018-09-20 11:43:13 +00:00
Igor Sheludko
2fde54330a [cleanup] Move enum Heap::RootListIndex to enum class RootIndex
and introduce RootsTable - a V8 heap roots storage.

So, the renaming part looks like this:
  Heap::RootListIndex -> RootIndex
  Heap::kBlahBlahRootIndex -> RootIndex::kBlahBlah

Bug: v8:8015, v8:8182
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I38e1f3e3f6813ef35e37b0bed35e9ae14a62134f
Reviewed-on: https://chromium-review.googlesource.com/1234613
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56067}
2018-09-20 11:16:05 +00:00
Clemens Hammacher
884b396907 [wasm] Skip atomic tests on arm
R=ahaas@chromium.org
CC=​machenbach@chromium.org

Bug: v8:8201
Change-Id: I50f38a3c0f6c8d52cf6913557f26e38cd3cfd1c7
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/1235914
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56064}
2018-09-20 10:12:25 +00:00
Dan Elphick
daa296b564 [interpreter] Always put bytecode handlers in builtins table
This always creates the bytecode handlers as part of the builtins table
regardless of the V8_EMBEDDED_BYTECODE_HANDLERS definition.

Lazy deserialization of bytecode handlers is enabled for this flow by
moving the three lazy bytecode deserializers from the strong roots into
the builtins table (ensuring that they not marked lazy themselves).

To simplify lazy deserialization, the illegal bytecode handler is made
non-lazy so that GetAndMaybeDeserializeBytecodeHandler doesn't to know
about it.

Since the bytecode handlers are now always part of the builtins table,
many bytecode specific methods are removed, including logging and in
BuiltinsSerializer and BuiltinsDeserializer.

Removes setup-interpreter.h, setup-interpreter-internal.cc and
builtin-snapshot-utils.*.

Change-Id: Ie421aa897a04f7b3bcb964c476eb7ab149388d53
Reviewed-on: https://chromium-review.googlesource.com/1220046
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56063}
2018-09-20 09:58:15 +00:00
Florian Sattler
c7c3571956 [cleanup] Refactor base, compiler, and wasm classes to use bools instead of converting ints.
Fixing clang-tidy warning.

Bug: v8:8015
Change-Id: I5686fa0c1ed73b17f592a012b00c08c575ae5387
Reviewed-on: https://chromium-review.googlesource.com/1234234
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Florian Sattler <sattlerf@google.com>
Cr-Commit-Position: refs/heads/master@{#56062}
2018-09-20 09:14:25 +00:00
Sam Clegg
505cccb9e9 [d8] Update new Worker API to match the Web API
Previously we only supported strings and not filenames.  This
changes the default to filename and adds a new `type: string` which can
be passed `options` to allow for strings to be passed in test code.

See: https://developer.mozilla.org/en-US/docs/Web/API/Worker/Worker

Bug: v8:8020
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Ie8818885c5c5c071b6614852322cb45aeb01a647
Reviewed-on: https://chromium-review.googlesource.com/1185980
Commit-Queue: Sam Clegg <sbc@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56056}
2018-09-20 00:10:28 +00:00
Creddy
b603513eef Disable one-shot for LogAll cctest
The LogAll test is flaky on windows build, disable one-shot optimization
to check if the issue is related to one-shot or not.

Change-Id: Ia963faf4158277d8d5e8bcbd3cf6ce99b69a4d39
Reviewed-on: https://chromium-review.googlesource.com/1234416
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Chandan Reddy <chandanreddy@google.com>
Cr-Commit-Position: refs/heads/master@{#56053}
2018-09-19 18:05:39 +00:00
Clemens Hammacher
5e94b2083a Reland "[wasm] Introduce a soft limit on reserved memory"
This is a reland of 3bb5cb63da

Original change's description:
> [wasm] Introduce a soft limit on reserved memory
> 
> Currently, wasm memory and wasm code use a shared limit for the total
> size of reservations. This can cause wasm code reservations to fail
> because wasm memories used all available reservation space.
> This CL introduces a soft limit which is used when allocating wasm
> memory with full guards. If this limit is reached and the respective
> flag is set, we fall back to allocation without full guards and check
> against the hard limit. Code reservations always check against the hard
> limit.
> 
> R=ahaas@chromium.org
> 
> Bug: v8:8196
> Change-Id: I3fcbaeaa6f72c972d408d291af5d6b788d43151d
> Reviewed-on: https://chromium-review.googlesource.com/1233614
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#56028}

Bug: v8:8196
Change-Id: If8baf429b02e23b344346f7335bc911b99ae5579
Reviewed-on: https://chromium-review.googlesource.com/1233756
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56044}
2018-09-19 15:12:18 +00:00
Michael Lippautz
fe566be004 [heap] Concurrently process wrapper objects
Concurrently process objects and only read embedder fields on the main
thread.

Also prepares the concurrent marking infrastructure to plug this
processing into different types.

Bug: chromium:885125, chromium:843903
Change-Id: I23b7f778c16cff118dec93e11e2bbd02aaf11a78
Reviewed-on: https://chromium-review.googlesource.com/1231175
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56043}
2018-09-19 14:14:06 +00:00
Michael Achenbach
72ee72aa61 [test] Skip flaky test on Android
Failed once here:
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Android%20Arm64%20-%20N5X/852

Test allocates a lot of memory. The output suggests that OS killed it.

NOTRY=true
TBR=rmcilroy@chromium.org

Change-Id: Id177d381133a2671a5c4e3f0cac2cc3ea6cd6ee7
Reviewed-on: https://chromium-review.googlesource.com/1233759
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56036}
2018-09-19 13:33:38 +00:00
Benedikt Meurer
4491072507 [turbofan] Fix RedundancyElimination and add more test coverage.
Make the RedundancyElimination handle all simplified operators that are
listed in the SIMPLIFIED_CHECKED_OP_LIST, and fix a couple of bugs and
oversights in the code. This also adds a lot of test coverage for all
the cases that we care about in RedundancyElimination (with respect to
Check/Checked simplified operators).

Bug: v8:8015
Change-Id: I57d29113389841b09abcd013313bf5dd1c67735f
Reviewed-on: https://chromium-review.googlesource.com/1233655
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56032}
2018-09-19 13:08:12 +00:00
Leszek Swirski
196874aa08 Revert "[wasm] Introduce a soft limit on reserved memory"
This reverts commit 3bb5cb63da.

Reason for revert: Breaks Win64 bot https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Win64/26418

Original change's description:
> [wasm] Introduce a soft limit on reserved memory
> 
> Currently, wasm memory and wasm code use a shared limit for the total
> size of reservations. This can cause wasm code reservations to fail
> because wasm memories used all available reservation space.
> This CL introduces a soft limit which is used when allocating wasm
> memory with full guards. If this limit is reached and the respective
> flag is set, we fall back to allocation without full guards and check
> against the hard limit. Code reservations always check against the hard
> limit.
> 
> R=​ahaas@chromium.org
> 
> Bug: v8:8196
> Change-Id: I3fcbaeaa6f72c972d408d291af5d6b788d43151d
> Reviewed-on: https://chromium-review.googlesource.com/1233614
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#56028}

TBR=ahaas@chromium.org,clemensh@chromium.org

Change-Id: If645e738b4a5800eceabd993738ac2285f4a63bc
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8196
Reviewed-on: https://chromium-review.googlesource.com/1233834
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56031}
2018-09-19 13:07:09 +00:00
Georg Neis
3f6612583e [turbofan] Don't create handle in JSHeapBroker::native_context.
Instead, remember the canonical handle during SerializeStandardObjects.

Bug: v8:7790
Change-Id: Id57d861e92088fbc64c05fbee1612376000c06c9
Reviewed-on: https://chromium-review.googlesource.com/1233494
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56029}
2018-09-19 12:47:20 +00:00
Clemens Hammacher
3bb5cb63da [wasm] Introduce a soft limit on reserved memory
Currently, wasm memory and wasm code use a shared limit for the total
size of reservations. This can cause wasm code reservations to fail
because wasm memories used all available reservation space.
This CL introduces a soft limit which is used when allocating wasm
memory with full guards. If this limit is reached and the respective
flag is set, we fall back to allocation without full guards and check
against the hard limit. Code reservations always check against the hard
limit.

R=ahaas@chromium.org

Bug: v8:8196
Change-Id: I3fcbaeaa6f72c972d408d291af5d6b788d43151d
Reviewed-on: https://chromium-review.googlesource.com/1233614
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56028}
2018-09-19 12:19:46 +00:00
Michael Achenbach
49ae2db3cf [test] Update bug on skipped test
TBR=sathya@chromium.org
NOTRY=true

Bug: v8:8197
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I3bb3f8e551e34ba3a1b5d05703121989ecfe4e3c
Reviewed-on: https://chromium-review.googlesource.com/1233734
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56027}
2018-09-19 11:58:01 +00:00
Creddy
b2ed47b958 [interpreter] Restrict one-shot optimizations to only top-level IIFEs
IIFE`s within a function are not guaranteed to be executed only once.
They can be called multiple times and compiler can inline them.
Do the one-shot optimizations only for IIFE`s from top-level code.

Bug: v8:8072, chromium:886580
Change-Id: I02370681cc3eab270edcc75ee120ca7ad768ed52
Reviewed-on: https://chromium-review.googlesource.com/1231174
Commit-Queue: Chandan Reddy <chandanreddy@google.com>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56024}
2018-09-19 10:15:13 +00:00
Benedikt Meurer
bb5724283f [turbofan] Word64 conversions are lossless for Int64/Uint64 values.
Teach TurboFan about representation changes from Float64 to Word64 where
the input value is already known to be within the Int64 or Uint64 range.
While not all of these values have representations in Float64, those
that do can be converted to Word64 without loss of precision.

Same is true for Tagged to Word64 conversions, although here we don't
(currently) need the case for Uint64 ranges, so we can skip adding an
operator for that until it becomes necessary (there's a hard check in
the code so it'll not silently cause trouble).

Bug: v8:8178
Change-Id: Ie99b0bc9af096bd927f63b26b0a61e66454bc4ae
Reviewed-on: https://chromium-review.googlesource.com/1231593
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56022}
2018-09-19 09:50:13 +00:00
Maya Lekova
fef047a4a5 [turbofan] Implement constant folding of string concatenations
This CL implements the following design doc:
https://docs.google.com/document/d/1h5kdfemMQMpUd15PSKW1lqikJW5hsGwrmOvoqhGFRts/edit?ts=5b978756#heading=h.urs7r34mx9p

Bug: v8:7790
Change-Id: I5f758c6d906ea9275c30b28f339063c64a2dc8d8
Reviewed-on: https://chromium-review.googlesource.com/1221807
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56021}
2018-09-19 09:47:23 +00:00
Benedikt Meurer
984048e8c7 [es2015] Clear JSTypedArray raw fields in the constructor.
The JSTypedArray instance is created early on in the TypedArray
constructors, using EmitFastNewObject, which puts Undefined into
all slots. But the code might still produce an exception afterwards
leaving the JSTypedArray in a weird state. It's not a security issue
since the object doesn't escape, but it confuses the heap verifier.

Bug: chromium:885404, v8:4153, v8:7881, v8:8171
Change-Id: I5fb8131fcae69edf4a92602ed477dca305c3d6c7
Reviewed-on: https://chromium-review.googlesource.com/1233257
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56019}
2018-09-19 09:28:11 +00:00
Michael Lippautz
44e77f8d93 [heap] Remove marking finalization flag
The flag was not used anymore and any CollectGarbage call will finalize
marking.

Change-Id: I29ee60b187c9038acc4b42b8334546498f54f117
Reviewed-on: https://chromium-review.googlesource.com/1228013
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56018}
2018-09-19 09:08:35 +00:00
Yang Guo
c8bfbed921 Reland "[regexp] implement regexp property sequence proposal"
This is a reland of f4c14fd971

TBR=jgruber@chromium.org

Original change's description:
> [regexp] implement regexp property sequence proposal
>
> Also-By: mathias@chromium.org
> Bug: v8:7467
> Change-Id: I9fd6e61f4da1097c2375f671b4801e9730f792c4
> Reviewed-on: https://chromium-review.googlesource.com/1227974
> Commit-Queue: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Mathias Bynens <mathias@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55991}

Bug: v8:7467
Change-Id: If07137dea5a8ea42dbff1d749d997eb4ae055d80
Reviewed-on: https://chromium-review.googlesource.com/1232634
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56017}
2018-09-19 08:39:22 +00:00
Clemens Hammacher
7b43c4022b [wasm] Skip failing test on native arm/mips
The test allocates a code object of maximum size. This was recently
increased to 1GB. This makes the test run OOM on some native arm and
mips devices.

TBR=ahaas@chromium.org

No-Try: true
Change-Id: Ie6cc50e92493c341c3205e9a6efa547d3d489275
Reviewed-on: https://chromium-review.googlesource.com/1233333
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56013}
2018-09-19 06:06:58 +00:00
tzik
8a7adb0bc1 Use MicrotaskQueue class as the default microtask storage
This CL introduces the global default microtask queue as the replacement
of Heap::microtask_queue and Isolate::pending_microtask_count.

Bug: v8:8124
Change-Id: I0a6a7618a1a6ca7ceaf370dc15917a6b3690542c
Reviewed-on: https://chromium-review.googlesource.com/1226760
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56012}
2018-09-19 05:20:36 +00:00
Michael Lippautz
1f3802a1e7 [heap] Remove obsolete AbortTracing calls and deprecate interface
V8 does not abort incremental marking anymore.

Bug: chromium:843903
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Id39e9cf8ef2afc388bab2bbad1d458ee2649f8e8
Reviewed-on: https://chromium-review.googlesource.com/1226889
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56009}
2018-09-19 05:17:21 +00:00
Benedikt Meurer
5cfe1a6b12 [es2015] Change JSArrayBufferView::byte_length/byte_offset to uintptr_t.
This is the next step to support large array buffers. On 64-bit archs
the full safe integer range is available (up to 2^53-1 bytes in theory).
On 32-bit platforms the full Unsigned31 range is allowed, so that we can
continue to use CheckBounds for typed arrays and data views in the
optimizing compiler (it's generally unlikely that the kernel will give
you more than 1GiB of contiguous memory anyways).

Drive-by-fix: This introduces proper chokepoints for the byte_offset
and byte_length accesses in the CSA code, and also does some renaming
for consistency.

Bug: v8:4153, v8:7881, v8:8171
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I92a767638532ca9f86084398ce72556c5180cc6e
Reviewed-on: https://chromium-review.googlesource.com/1228377
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56008}
2018-09-18 18:47:44 +00:00
Deepti Gandluri
11245b263a [compiler] Fix use of projection nodes for I64Atomic ops
Handle the case when one or both of the output nodes of an I64Atomic op
are optimized, for code-gen instructions that use a set of fixed
registers, use temp registers to ensure the registers are not
clobbered.

BUG:v8:6532


Change-Id: I52763c48d615cdf3ae8d754402b11da2df31a4a1
Reviewed-on: https://chromium-review.googlesource.com/1195910
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56004}
2018-09-18 16:42:10 +00:00
Clemens Hammacher
c8fe898dd8 [wasm] Track code reservations in the WasmMemoryTracker
The WasmMemoryTracker keeps track of reserved memory in order to avoid
running out of virtual address space. So far, we were only tracking
reservations for wasm memory, and not for code. This CL changes that to
also include code reservations.

Drive-by: Some cleanup around the allocation of the WasmCodeManager.

R=titzer@chromium.org

Bug: chromium:883639
Change-Id: I0c2586a742022ae00752132e048346d54e2a1a7c
Reviewed-on: https://chromium-review.googlesource.com/1230134
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56001}
2018-09-18 16:07:45 +00:00
Leszek Swirski
be271454c4 Revert "[regexp] implement regexp property sequence proposal"
This reverts commit f4c14fd971.

Reason for revert: Breaks noi18n build

Original change's description:
> [regexp] implement regexp property sequence proposal
> 
> Also-By: mathias@chromium.org
> Bug: v8:7467
> Change-Id: I9fd6e61f4da1097c2375f671b4801e9730f792c4
> Reviewed-on: https://chromium-review.googlesource.com/1227974
> Commit-Queue: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Mathias Bynens <mathias@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55991}

TBR=yangguo@chromium.org,jgruber@chromium.org,mathias@chromium.org

Change-Id: I10c67ad3ade35af920d32a7eea8ae0297677fa07
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7467
Reviewed-on: https://chromium-review.googlesource.com/1230137
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55996}
2018-09-18 13:48:58 +00:00
Michael Achenbach
7f5d299649 [test] Skip test suspected for timeout on Android
TBR=leszeks@chromium.org
NOTRY=true

Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ic993310653d7e9351383253f8a1a65193d925b89
Reviewed-on: https://chromium-review.googlesource.com/1230101
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55993}
2018-09-18 13:21:51 +00:00
Yang Guo
f4c14fd971 [regexp] implement regexp property sequence proposal
Also-By: mathias@chromium.org
Bug: v8:7467
Change-Id: I9fd6e61f4da1097c2375f671b4801e9730f792c4
Reviewed-on: https://chromium-review.googlesource.com/1227974
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55991}
2018-09-18 12:20:54 +00:00
Ross McIlroy
5e16d3ba02 Fix Arm64 assembler on Android.
BUG=v8:8157

Change-Id: I66bac3897eaad640b5723cdd0ec900e40cce1214
Reviewed-on: https://chromium-review.googlesource.com/1226917
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Rodolph Perfetta <rodolph.perfetta@arm.com>
Cr-Commit-Position: refs/heads/master@{#55988}
2018-09-18 09:43:05 +00:00
Jaroslav Sevcik
b6bdd7415c [turbofan] Fix dead value insertion in simplified lowering.
If type checks in simplified lowering produced dead value (i.e., of
type Type::None()), we have only propagated deadness along value
edges. With this CL, we also insert an Unreachable node after every
effectful node that produces dead value.

This is more consistent with dead code elimination, which also inserts
unreachable nodes after effectful nodes with value output None.

Bug: chromium:884052
Change-Id: Idcb168461f05f1811b2c9c16ab8ff179b259fbd3
Reviewed-on: https://chromium-review.googlesource.com/1228125
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55987}
2018-09-18 09:30:26 +00:00
Florian Sattler
6bcbb8f3fc [cleanup] Refactor debug to use default members.
Fixing clang-tidy warning.

Bug: v8:8015
Change-Id: I1fdd9210d92725701f413ff410e3a39d96bccf66
Reviewed-on: https://chromium-review.googlesource.com/1224111
Commit-Queue: Florian Sattler <sattlerf@google.com>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55986}
2018-09-18 09:22:19 +00:00
Florian Sattler
9c702f4d3d [cleanup] Refactor inspector to use default members.
Fixing clang-tidy warning.

Bug: v8:8015
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I78bdf30b54a75fd96de0ca3d9243e1b55e9988ef
Reviewed-on: https://chromium-review.googlesource.com/1224090
Commit-Queue: Florian Sattler <sattlerf@google.com>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55984}
2018-09-18 09:13:59 +00:00
Benedikt Meurer
1210d0c1df [turbofan] Add missing Word8/16 -> Word64 representation changes.
Word8 and Word16 representation is treated like Word32 for the sake of
TurboFan's representation selection, but this was missing from the
Word64 conversions.

Bug: chromium:884933, v8:4153, v8:7881, v8:8171, v8:8178
Change-Id: If7b69cdd02b12546d87bba0643e9ee9cb35cb299
Reviewed-on: https://chromium-review.googlesource.com/1229953
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55983}
2018-09-18 08:51:27 +00:00
Florian Sattler
f85f9e6505 [cleanup] Mark inspector methods in subclasses with override.
Fixing clang-tidy warning.

Bug: v8:8015
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I82a169545724fca7757b2fce6b64b56d1b6264ba
Reviewed-on: https://chromium-review.googlesource.com/1225794
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Florian Sattler <sattlerf@google.com>
Cr-Commit-Position: refs/heads/master@{#55980}
2018-09-18 08:09:17 +00:00
Sathya Gunasekaran
1908872dcd [class] Make class field initializers breakable in the debugger
Add tests.

Bug: v8:5367
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I2a4215a87ba1dae98c4b25547494165f534b4a66
Reviewed-on: https://chromium-review.googlesource.com/1218046
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55974}
2018-09-17 22:25:44 +00:00
Creddy
62b4e8e6db Disable one shot optimization for debug-evaluate-no-side-effect-builtins-2
Temporarily disable one-shot optimization for
debug-evaluate-no-side-effect-builtins-2 to fix the gc stress test.
This issue will be fixed in the future CL
(https://chromium-review.googlesource.com/c/v8/v8/+/1196725)
that adds new bytecodes for loads and stores and one-shot optimizations
will be enabled again.

Change-Id: I6475557778da4553b5b6cbba1fda14c52d3dd91b
Reviewed-on: https://chromium-review.googlesource.com/1228063
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Chandan Reddy <chandanreddy@google.com>
Cr-Commit-Position: refs/heads/master@{#55969}
2018-09-17 18:05:31 +00:00
Florian Sattler
6df4c37779 [cleanup] Mark heap/ methods in subclasses with override.
Fixing clang-tidy warning.

Bug: v8:8015
Change-Id: Ibdb4b81e1ba764d73bac6592eeef5783097076fc
Reviewed-on: https://chromium-review.googlesource.com/1225896
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Florian Sattler <sattlerf@google.com>
Cr-Commit-Position: refs/heads/master@{#55965}
2018-09-17 15:32:31 +00:00
Adam Klein
83db8c3698 [iwyu] Don't include microtask-queue-inl.h from objects-inl.h
Instead include it in the files that need to use it.

Change-Id: I2321f423ddcc1c0e779332c2e7d1a372bfb4ebbb
Reviewed-on: https://chromium-review.googlesource.com/1227305
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55964}
2018-09-17 15:29:51 +00:00
Clemens Hammacher
31be4b4504 [wasm] Reenable tests on n5x device
R=ahaas@chromium.org

Bug: v8:8158
Change-Id: Ifb00cd7b106f1ac5614acfb5ff7c2e8c0a9b0170
Reviewed-on: https://chromium-review.googlesource.com/1228055
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55963}
2018-09-17 15:08:07 +00:00
Clemens Hammacher
279cbe86da [wasm] Remove unneeded js-to-wasm parameter
js-to-wasm wrappers check whether trap handlers are enabled
process-wide, but are independent of their actual usage in the current
instance. Thus remove this unneeded parameter.

R=mstarzinger@chromium.org

Bug: chromium:862123
Change-Id: I3793213864568b4e26eb3414239033491e4539f5
Reviewed-on: https://chromium-review.googlesource.com/1226974
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55961}
2018-09-17 14:01:30 +00:00
Michael Starzinger
0074125486 Reland "[wasm] Implement handling of exported/imported exceptions."
This is a reland of a4105a437d

Original change's description:
> [wasm] Implement handling of exported/imported exceptions.
> 
> This implements the proper semantics for matching exported/imported
> exceptions by using the notion of an "exception tag" that is global to
> the system. It can be used to match exceptions in one module against
> exceptions declared and/or thrown in another module (or instance).
> 
> R=clemensh@chromium.org
> TEST=mjsunit/wasm/exceptions-shared
> BUG=v8:8091
> 
> Change-Id: I37586d7be5d5e6169b3418dfbc415b26dd4750dd
> Reviewed-on: https://chromium-review.googlesource.com/1226976
> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55940}

Bug: v8:8091
Change-Id: Ib85f099b26a8323a8a00299b5aaeb05aaff3c3c6
Reviewed-on: https://chromium-review.googlesource.com/1227975
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55959}
2018-09-17 13:15:22 +00:00
Igor Sheludko
69621ef0c1 [cleanup] Introduce base::AddressRegion helper class
Bug: v8:8015
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I2ce078b662e3dd93e0fac310b0d73c4cadbaccb3
Reviewed-on: https://chromium-review.googlesource.com/1226640
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55957}
2018-09-17 13:02:54 +00:00
Florian Sattler
2c97e1458f [cleanup] Refactor compiler to use default members.
Fixing clang-tidy warning.

Bug: v8:8015
Change-Id: I7d885f0e2ba3cdf97de190166dc4cdd24dc0c11e
Reviewed-on: https://chromium-review.googlesource.com/1224091
Commit-Queue: Florian Sattler <sattlerf@google.com>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55956}
2018-09-17 12:12:21 +00:00
Michael Starzinger
fe0361211f [wasm] Brush up mjsunit/wasm/exceptions test.
R=clemensh@chromium.org
TEST=mjsunit/wasm/exceptions
BUG=v8:8091

Change-Id: I93227c29bb3591983f1901577afdf305637beb70
Reviewed-on: https://chromium-review.googlesource.com/1226803
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55954}
2018-09-17 11:57:10 +00:00
Creddy
aaab2907cc [Interpreter] Create and use CallNoFeedback bytecode for one-shot code
We do not have to collect feedback for function calls in one-shot code.
This CL avoids allocating CallICslots for each function call by
emitting CallNoFeedback bytecodes. We save one CallICSlot (two entries
in feedback vector) per function call in One-shot.

Bug: v8:8072
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ic2580e5972acd5124c2e71d540985736ce797fe8
Reviewed-on: https://chromium-review.googlesource.com/1178051
Commit-Queue: Chandan Reddy <chandanreddy@google.com>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55951}
2018-09-17 11:28:25 +00:00
Michael Lippautz
34c8119d49 [heap] Remove support for aborting incremental marking
Abort incremental marking pulls in the requirement to also be able to abort on
the embedder side. In practice, aborting is never really needed and the GC
should just finalize the existing collection and do an atomic followup if exact
marking information is required.

Bug: chromium:843903
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ic471332d01b0c4be26b71a06248af03255c61a9d
Reviewed-on: https://chromium-review.googlesource.com/1225705
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55949}
2018-09-17 10:44:52 +00:00
Clemens Hammacher
55a8ad0cbe Clean up VirtualMemory allocation
VirtualMemory objects can be moved since https://crrev.com/c/1213062,
so there is no need any more to return them via pointer argument. This
also makes the {AllocVirtualMemory} and {AlignedAllocVirtualMemory}
functions superfluous.

R=ishell@chromium.org, titzer@chromium.org

Bug: v8:8015
Change-Id: Id72921e1c66a6c10be6647194603b8283e010e24
Reviewed-on: https://chromium-review.googlesource.com/1226972
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55947}
2018-09-17 10:16:38 +00:00
Georg Neis
f5274a0381 [turbofan] Serialize PropertyCell fields.
Bug: v8:7790
Change-Id: I993d04e6ca6b8986749bb3782113ef928952995b
Reviewed-on: https://chromium-review.googlesource.com/1226975
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55945}
2018-09-17 09:41:26 +00:00
Florian Sattler
756d12c172 [cleanup] Mark wasm methods in subclasses with override.
Fixing clang-tidy warning.

Bug: v8:8015
Change-Id: If115a71b1c57eecdec7c57d3613a4f0bd90f2e66
Reviewed-on: https://chromium-review.googlesource.com/1226791
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Florian Sattler <sattlerf@google.com>
Cr-Commit-Position: refs/heads/master@{#55944}
2018-09-17 09:38:05 +00:00
Benedikt Meurer
9edad5d549 [turbofan] Decide lowering for NumberAdd/Subtract/Multiply based on feedback.
For NumberAdd/Subtract/Multiply we currently onlt consult the upper
bound to decide whether to compute using Int32 or Float64 operations,
whereas for NumberModulus, NumberEqual, etc. we do decide based on
the feedback types, where the only significant difference is that we
cannot promise Word32 truncations on the inputs.

This change unifies the handling for NumberAdd/Subtract/Multiply as
well, which triggers surprisingly often in our core benchmark suites..

Bug: v8:8015
Change-Id: If8ec1bc82d1e1b71285c829262a0d343a4eb2af7
Reviewed-on: https://chromium-review.googlesource.com/1226033
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55943}
2018-09-17 09:36:49 +00:00
Leszek Swirski
00f8592d6b Revert "[wasm] Implement handling of exported/imported exceptions."
This reverts commit a4105a437d.

Reason for revert: GC stress failures (https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Mac64%20GC%20Stress/3097)

Original change's description:
> [wasm] Implement handling of exported/imported exceptions.
> 
> This implements the proper semantics for matching exported/imported
> exceptions by using the notion of an "exception tag" that is global to
> the system. It can be used to match exceptions in one module against
> exceptions declared and/or thrown in another module (or instance).
> 
> R=​clemensh@chromium.org
> TEST=mjsunit/wasm/exceptions-shared
> BUG=v8:8091
> 
> Change-Id: I37586d7be5d5e6169b3418dfbc415b26dd4750dd
> Reviewed-on: https://chromium-review.googlesource.com/1226976
> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55940}

TBR=mstarzinger@chromium.org,clemensh@chromium.org

Change-Id: I5ef19ea3b67f470f2d7807810110d75415ba9ed6
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8091
Reviewed-on: https://chromium-review.googlesource.com/1227933
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55942}
2018-09-17 09:35:43 +00:00
Michael Starzinger
a4105a437d [wasm] Implement handling of exported/imported exceptions.
This implements the proper semantics for matching exported/imported
exceptions by using the notion of an "exception tag" that is global to
the system. It can be used to match exceptions in one module against
exceptions declared and/or thrown in another module (or instance).

R=clemensh@chromium.org
TEST=mjsunit/wasm/exceptions-shared
BUG=v8:8091

Change-Id: I37586d7be5d5e6169b3418dfbc415b26dd4750dd
Reviewed-on: https://chromium-review.googlesource.com/1226976
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55940}
2018-09-17 09:02:28 +00:00
Georg Neis
ec55c1ff3d [turbofan] Serialize more Map fields.
... as well as ScopeInfo::ContextLength.

Bug: v8:7790
Change-Id: I3ca8b6f252d96b21d0990f8fc08e076eeeea4176
Reviewed-on: https://chromium-review.googlesource.com/1226973
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55939}
2018-09-17 09:00:19 +00:00
Florian Sattler
0c789aa57f [cleanup] Mark compiler methods in subclasses with override.
Fixing clang-tidy warning.

Bug: v8:8015
Change-Id: I5164899da0994a855182ed203572c5984ab87449
Reviewed-on: https://chromium-review.googlesource.com/1227070
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Florian Sattler <sattlerf@google.com>
Cr-Commit-Position: refs/heads/master@{#55938}
2018-09-17 08:51:47 +00:00
Benedikt Meurer
0c296cb229 [turbofan] Initial support to compute NumberAdd/NumberSubtract in Word64.
This change introduces the necessary conversion operators to convert
from Word64 to other representations (Tagged, Word32, Float64, etc.),
and plugs in the Word64 representation for NumberAdd/NumberSubtract,
such that TurboFan will go to Int64Add/Sub on 64-bit architectures
when the inputs and the output of the operation is in safe integer
range. This includes the necessary changes to the Deoptimizer to be
able to rematerialize Int64 values as Smi/HeapNumber when going back
to Ignition later.

This change might affect performance, although measurements indicate
that there should be no noticable performance impact.

The goal is to have TurboFan support Word64 representation to a degree
that changing the TypedArray length to an uint64_t (for 64-bit archs)
becomes viable and doesn't have any negative performance implications.
Independent of that we might get performance improvements in other areas
such as for crypto code later.

Bug: v8:4153, v8:7881, v8:8171, v8:8178
Design-Document: bit.ly/turbofan-word64
Change-Id: I29d56e2a31c1bae61d04a89d29ea73f21fd49c59
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel
Reviewed-on: https://chromium-review.googlesource.com/1225709
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55937}
2018-09-17 08:32:04 +00:00
Benedikt Meurer
b8e554d53c [turbofan] Properly constant-fold Float64 comparisons.
While investigating crbug.com/878742 I found that somehow the
MachineOperatorReducer lacks the ability to constant-fold
comparisons of Float64 constants, which obviously leads to
pretty weird code.

Bug: v8:8015
Change-Id: I7e18ce10e9d5c87f131fb083ccd3e1e336189dae
Reviewed-on: https://chromium-review.googlesource.com/1226132
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55935}
2018-09-17 08:29:54 +00:00
Marja Hölttä
c696376e0b Reland [in-place weak refs] Fix MaybeObject function names
E.g., "ToWeakHeapObject" was misleading, since it didn't convert to a weak heap
object, instead returned a weakly pointed heap object. Change the function names
(in this case, to "GetHeapObjectIfWeak") to reflect this.

Also make casts explicit, if a MaybeObject is an Object, we can call cast<Object>().

Previous version: https://chromium-review.googlesource.com/1219025

BUG=v8:7308
TBR=ishell@chromium.org, ulan@chromium.org, ahaas@chromium.org, yangguo@chromium.org, tebbi@chromium.org

Change-Id: I503d4a2a3a68f85e9e02e1c2f9fc1c4187c8e9a1
Reviewed-on: https://chromium-review.googlesource.com/1226800
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55934}
2018-09-17 08:27:59 +00:00
Florian Sattler
df5263b0c0 [cleanup] Mark test/ methods in subclasses with override.
Fixing clang-tidy warning.

Bug: v8:8015
Change-Id: I6bd8e0c8c1965f22a3429fda12bc70ae454c39c2
Reviewed-on: https://chromium-review.googlesource.com/1226978
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Florian Sattler <sattlerf@google.com>
Cr-Commit-Position: refs/heads/master@{#55930}
2018-09-17 07:40:00 +00:00
Igor Sheludko
37d87f610f [ptr-compr] Introduce BoundedPageAllocator and use it instead of CodeRange.
This is a reland of 16816e53be

Bug: v8:8096
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I257fc391931a0a4bf01f2e8136183aaed044231c
Reviewed-on: https://chromium-review.googlesource.com/1226915
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55928}
2018-09-15 22:25:40 +00:00
tzik
24a232e242 Reland "Implement v8::internal::MicrotaskQueue::EnqueueMicrotask"
This is a reland of 836773c0e3

Original change's description:
> Implement v8::internal::MicrotaskQueue::EnqueueMicrotask
> 
> This adds `queue` and `pending_microtask_count` as members of
> v8::internal::MicrotaskQueue, and implements its EnqueueMicrotask.
> The implementation itself is similar to Isolate::EnqueueMicrotask.
> 
> Bug: v8:8124
> Change-Id: Idb5c50b2add96b72cbe9e36aeec7cb568072f0cb
> Reviewed-on: https://chromium-review.googlesource.com/1205430
> Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55884}

Bug: v8:8124
Change-Id: Ibd32aec28c8fd9eab88904e62ba97a715295765d
Reviewed-on: https://chromium-review.googlesource.com/1226577
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55924}
2018-09-14 17:42:56 +00:00
Ben Smith
0de680bd21 [d8] Fix DCHECK when transferring ArrayBuffer twice
Bug: chromium:883492
Change-Id: I69e76eb51c635d092918a3cb9a8fa94a86f58f2a
Reviewed-on: https://chromium-review.googlesource.com/1226410
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55923}
2018-09-14 17:33:19 +00:00
PhistucK
53de7345bd [Intl] Rename dayperiod to dayPeriod
Previously, DateTimeFormat.prototype.formatToParts returned an object
with the property key 'dayperiod' which is incorrect as per the spec.
This patch updates the property key to say 'dayPeriod', making this spec
compliant.

R=cira@chromium.org

Bug: chromium:865351
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I37f50797387bc69d5e29d7c2911bc5cc0fad37ac
Reviewed-on: https://chromium-review.googlesource.com/1145304
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: PhistucK <phistuck@gmail.com>
Cr-Commit-Position: refs/heads/master@{#55922}
2018-09-14 17:04:03 +00:00
Florian Sattler
0390eef826 [cleanup] Refactor interpreter to use default members.
Fixing clang-tidy warning.

Bug: v8:8015
Change-Id: I6cd63aa164af2e3b4a846933899a9a1baa54b1ef
Reviewed-on: https://chromium-review.googlesource.com/1224032
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Florian Sattler <sattlerf@google.com>
Cr-Commit-Position: refs/heads/master@{#55921}
2018-09-14 16:50:34 +00:00
Florian Sattler
6a8c74cbf1 [cleanup] Mark libplatform methods in subclasses with override.
Fixing clang-tidy warning.

Bug: v8:8015
Change-Id: I85fc4ba0e4188d60d15e389e4682541c65324b55
Reviewed-on: https://chromium-review.googlesource.com/1227071
Commit-Queue: Florian Sattler <sattlerf@google.com>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55920}
2018-09-14 16:43:37 +00:00
Florian Sattler
654a7cb375 [cleanup] Replace 0 and NULL with nullptr for compiler files.
Fixing clang-tidy warning.

Bug: v8:8015
Change-Id: I20fd23b5370d15dddc913f6bdb05e649d71c2059
Reviewed-on: https://chromium-review.googlesource.com/1224373
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Florian Sattler <sattlerf@google.com>
Cr-Commit-Position: refs/heads/master@{#55919}
2018-09-14 16:20:29 +00:00
Marja Hölttä
3a79fe2363 Revert "[in-place weak refs] Fix MaybeObject function names"
This reverts commit ad72d19516.

Reason for revert: Build failures on *san

Original change's description:
> [in-place weak refs] Fix MaybeObject function names
> 
> E.g., "ToWeakHeapObject" was misleading, since it didn't convert to a weak heap
> object, instead returned a weakly pointed heap object. Change the function names
> (in this case, to "GetHeapObjectIfWeak") to reflect this.
> 
> Also make casts explicit, if a MaybeObject is an Object, we can call cast<Object>().
> 
> BUG=v8:7308
> 
> Change-Id: I4ef078572b4f4415afe7e2e706d3bd684e16e47d
> Reviewed-on: https://chromium-review.googlesource.com/1219025
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Marja Hölttä <marja@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55906}

TBR=ulan@chromium.org,marja@chromium.org,yangguo@chromium.org,ahaas@chromium.org,tebbi@chromium.org,ishell@chromium.org

Change-Id: I054b578518e3f6fd7dbcddf0b56cc018726c1e7a
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7308
Reviewed-on: https://chromium-review.googlesource.com/1226874
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55918}
2018-09-14 15:30:05 +00:00
Florian Sattler
3c9549a337 [cleanup] Refactor compiler-dispatcher profiler to use default members.
Fixing clang-tidy warning.

Bug: v8:8015
Change-Id: I41b3d7c41ee9f8ff12f70feddcf38f2c9efc5049
Reviewed-on: https://chromium-review.googlesource.com/1224056
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Florian Sattler <sattlerf@google.com>
Cr-Commit-Position: refs/heads/master@{#55917}
2018-09-14 15:27:37 +00:00
Florian Sattler
b13825d1cc [cleanup] Refactor parser to use default members.
Fixing clang-tidy warning.

Bug: v8:8015
Change-Id: I56b730814539df7fdc2e1e5fb06c8b2b104b5fc8
Reviewed-on: https://chromium-review.googlesource.com/1223830
Commit-Queue: Florian Sattler <sattlerf@google.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55915}
2018-09-14 14:47:47 +00:00
Florian Sattler
017b0df77e [cleanup] Refactor base to use default members.
Fixing clang-tidy warning.

Bug: v8:8015
Change-Id: Ifb940f40d4145a6074702a3d870242aeca625d96
Reviewed-on: https://chromium-review.googlesource.com/1224092
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Florian Sattler <sattlerf@google.com>
Cr-Commit-Position: refs/heads/master@{#55913}
2018-09-14 14:42:47 +00:00
Florian Sattler
1edbf16697 [cleanup] Refactor general tests to use default members.
Fixing clang-tidy warning.

Bug: v8:8015
Change-Id: I4236a2cf85a414f9d7d1fbdaaaaf1c72a84f02e3
Reviewed-on: https://chromium-review.googlesource.com/1224093
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Florian Sattler <sattlerf@google.com>
Cr-Commit-Position: refs/heads/master@{#55912}
2018-09-14 14:40:47 +00:00
Yang Guo
ac1660c660 [debug] fix scaling prefix patching for debug evaluate
R=jgruber@chromium.org

Bug: chromium:882664
Change-Id: I12248de9a01839433daa40e8273a18a15a9867bb
Reviewed-on: https://chromium-review.googlesource.com/1221547
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55910}
2018-09-14 14:33:07 +00:00
Florian Sattler
a81bd4c05c [cleanup] Refactor code to use boolean literals instead of 0/1.
Fixing clang-tidy warning.

Bug: v8:8015
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ib48ead467519354715e3bc0e3f718cbdda28f989
Reviewed-on: https://chromium-review.googlesource.com/1225704
Commit-Queue: Florian Sattler <sattlerf@google.com>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55907}
2018-09-14 14:00:40 +00:00
Marja Hölttä
ad72d19516 [in-place weak refs] Fix MaybeObject function names
E.g., "ToWeakHeapObject" was misleading, since it didn't convert to a weak heap
object, instead returned a weakly pointed heap object. Change the function names
(in this case, to "GetHeapObjectIfWeak") to reflect this.

Also make casts explicit, if a MaybeObject is an Object, we can call cast<Object>().

BUG=v8:7308

Change-Id: I4ef078572b4f4415afe7e2e706d3bd684e16e47d
Reviewed-on: https://chromium-review.googlesource.com/1219025
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55906}
2018-09-14 13:58:06 +00:00
Florian Sattler
b2dac95379 [cleanup] Replace 0 and NULL with nullptr for test files.
Fixing clang-tidy warning.

Bug: v8:8015
Change-Id: I2a7a8c8447d2835205f7a506f04efe4d1801b934
Reviewed-on: https://chromium-review.googlesource.com/1224316
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Florian Sattler <sattlerf@google.com>
Cr-Commit-Position: refs/heads/master@{#55903}
2018-09-14 12:56:00 +00:00
Clemens Hammacher
2d6e0be103 Reenable wasm regress-827806 test
This test was disabled because of flakes. This should be fixed now.

R=ahaas@chromium.org

Bug: v8:7872
Change-Id: I288f3776ca7f946caf20a66f1cdf5d37bd6ba245
Reviewed-on: https://chromium-review.googlesource.com/1224376
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55900}
2018-09-14 11:19:24 +00:00
Michael Achenbach
bfc0927fec [test] Rename debugger test
The test debug-live-edit-recursion flakily fails predictable testing and should
match the status file rule debug-liveedit-* that skips the other ~10 liveedit
tests.

Bug: v8:8147
Change-Id: I9d88b44d97daa09914e0fa46fb204e85c1e7344c
Reviewed-on: https://chromium-review.googlesource.com/1224430
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55899}
2018-09-14 11:17:04 +00:00
Jakob Gruber
74320a1b92 Revert "[builtins] Add FastCallFunction builtin that elides some checks"
This reverts commit 99e13e587e.

Reason for revert: Reverting in favor of a general mechanism for this in Torque.

Original change's description:
> [builtins] Add FastCallFunction builtin that elides some checks
> 
> This CL adds a new "Call" stub that can be used by builtins that will
> call the same JS call-back function often (e.g. compare function in
> Array.p.sort). The checks have to be done upfront once, but can then
> be omitted.
> 
> R=​jgruber@chromium.org
> 
> Bug: v8:7861
> Change-Id: Id6e4ca27c3d488a7b1f708cbcb4cbe6cc382513e
> Reviewed-on: https://chromium-review.googlesource.com/1208574
> Commit-Queue: Simon Zünd <szuend@google.com>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55769}

TBR=cbruni@chromium.org,jgruber@chromium.org,szuend@google.com

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:7861
Change-Id: I47260993ef2a16bd5348bb0b46da4d34d33ea10b
Reviewed-on: https://chromium-review.googlesource.com/1226871
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55897}
2018-09-14 11:09:08 +00:00
Clemens Hammacher
0a059c3c72 [wasm][interpreter] Store code entry as raw pointer
We are currently wrapping the pointer to the instruction start in a
Foreign. The argument buffer, which is also a raw pointer, is passed
directly though.
This CL changes this to also pass the code entry as a raw pointer.

R=mstarzinger@chromium.org

Change-Id: Id7344efa589a5297339ec01c3cfa7688bcc706b3
Reviewed-on: https://chromium-review.googlesource.com/1226970
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55895}
2018-09-14 10:52:33 +00:00
Creddy
a67342a68a Reland "Enable OneShot optimizations by default"
This reland of the commit e938b7a3e5.


Original change's description:
> Enable OneShot optimizations by default
>
> BUG=v8:8072
>
> Change-Id: I2068d66644628fe1de7a6be30b8d43ecfae04e93
> Reviewed-on: https://chromium-review.googlesource.com/1220047
> Commit-Queue: Chandan Reddy <chandanreddy@google.com>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55875}

TBR=cbruni@chromium.org,chandanreddy@google.com

Change-Id: I2152d4f3886913ef7ffabf8611c3448299560d2b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8072
Reviewed-on: https://chromium-review.googlesource.com/1224933
Commit-Queue: Chandan Reddy <chandanreddy@google.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55893}
2018-09-14 10:34:42 +00:00
Michael Achenbach
5d01d7d29c Revert "Implement v8::internal::MicrotaskQueue::EnqueueMicrotask"
This reverts commit 836773c0e3.

Reason for revert: Breaks full-debug support:
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20full%20debug/5493

Original change's description:
> Implement v8::internal::MicrotaskQueue::EnqueueMicrotask
> 
> This adds `queue` and `pending_microtask_count` as members of
> v8::internal::MicrotaskQueue, and implements its EnqueueMicrotask.
> The implementation itself is similar to Isolate::EnqueueMicrotask.
> 
> Bug: v8:8124
> Change-Id: Idb5c50b2add96b72cbe9e36aeec7cb568072f0cb
> Reviewed-on: https://chromium-review.googlesource.com/1205430
> Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55884}

TBR=ulan@chromium.org,adamk@chromium.org,hpayer@chromium.org,tzik@chromium.org

Change-Id: I299884eb6b41fcbff7c486cad636ab7b9821dfe3
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8124
Reviewed-on: https://chromium-review.googlesource.com/1225752
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55888}
2018-09-14 08:17:12 +00:00
Stephan Herhut
7273a012a0 [wasm] Reduce number of workers in compare-exchange test
Reduce the number of workers in the atomic compare-exchange test to
make it run faster on systems with few cores.

Bug: v8:8164
Change-Id: I4de22863e1f2a44d9da4416161d08f5acfcece22
Reviewed-on: https://chromium-review.googlesource.com/1224771
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55887}
2018-09-14 08:16:08 +00:00
Benedikt Meurer
6346cdb649 [turbofan] Initial Word64 support in representation selection.
This adds support to TurboFan's representation selection for the Word64
representation, and makes use of that to handle indices for memory access
and allocation instructions (i.e. LoadElement, StoreElement, Allocate,
etc.). These instructions had previously used Word32 as representation
for the indices / sizes, and then internally converted it to the correct
representation (aka Word64 on 64-bit architectures) later on, but that
was kind of brittle, and sometimes led to weird generated code.

The change thus only adds support to convert integer values in the safe
integer range from all kinds of representations to Word64 (on 64-bit
architectures). We don't yet handle the opposite direction and none of
the representation selection heuristics for the numeric operations were
changed so far. This will be done in follow-up CLs.

This CL itself is supposed to be neutral wrt. functionality, and only
serves as a starting point, and a cleanup for the (weird) implicit
Word64 index/size handling.

Bug: v8:7881, v8:8015, v8:8171
Design-Document: http://bit.ly/turbofan-word64
Change-Id: I3c6961a0e96cbc3fb8ac9d3e1be8f2e5c89bfd25
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel
Reviewed-on: https://chromium-review.googlesource.com/1224932
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55886}
2018-09-14 08:15:02 +00:00
tzik
836773c0e3 Implement v8::internal::MicrotaskQueue::EnqueueMicrotask
This adds `queue` and `pending_microtask_count` as members of
v8::internal::MicrotaskQueue, and implements its EnqueueMicrotask.
The implementation itself is similar to Isolate::EnqueueMicrotask.

Bug: v8:8124
Change-Id: Idb5c50b2add96b72cbe9e36aeec7cb568072f0cb
Reviewed-on: https://chromium-review.googlesource.com/1205430
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55884}
2018-09-14 07:07:03 +00:00
Michael Achenbach
65e17f6ce8 [test] Skip slow test in stress mode
TBR=herhut@chromium.org
NOTRY=true

Bug: v8:8164
Change-Id: Ifcf4b7bce70b8dd1c4aba129a9061dfb6056474e
Reviewed-on: https://chromium-review.googlesource.com/1226612
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55882}
2018-09-14 06:40:10 +00:00
Adam Klein
506dc92422 [intl] Bind NumberFormat.prototype.format to the proper receiver
Also fix type-check to check receiver for JSReceiver, not JSObject,
and add a test for DateTimeFormat verifying that it already
has the proper behavior.

Bug: chromium:881023
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I950c86094dfb9634e0b7e49bcbbb022fa81a71f7
Reviewed-on: https://chromium-review.googlesource.com/1225612
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55880}
2018-09-13 22:41:04 +00:00
Aseem Garg
63ad3d451c [wasm] add source map support for WebAssembly
This CL enables source maps support for wasm. Devtools should
be able to pick up source_mapping_url parsed here and load the
corresponding source maps.

R=kozyatinskiy@chromium.org,clemensh@chromium.org,titzer@chromium.org,yangguo@chromium.org
BUG=v8:8081

Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I1db0ff597d229e7db8d383fe9ee081c7fa4e7648
Reviewed-on: https://chromium-review.googlesource.com/1185973
Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55878}
2018-09-13 20:16:14 +00:00
Benedikt Meurer
24675533fd [objects] Change JSArrayBuffer::byte_length to uintptr_t.
Previously the [[ArrayBufferByteLength]] internal field was represented
as a boxed number (i.e. either Smi or HeapNumber) in safe integer range.
This is the first step to change the representation of all the array
buffer and array buffer view length/offset fields to unboxed integers,
to eventually support the full range of 4GiB (and potentially even more)
for typed arrays and array buffers. This will allow WebAssembly memories
with 4GiB to be usable.

Tbr: yangguo@chromium.org
Bug: v8:7881, v8:8015, v8:8171
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ic6c6c8fe087afee898254cd903e82a55bfc173a9
Reviewed-on: https://chromium-review.googlesource.com/1222309
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55877}
2018-09-13 18:31:40 +00:00
Deepti Gandluri
afb0f81e8e Revert "Enable OneShot optimizations by default"
This reverts commit e938b7a3e5.

Reason for revert: Reverting because of gc-stress failures - https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20gc%20stress/18299

Original change's description:
> Enable OneShot optimizations by default
> 
> BUG=v8:8072
> 
> Change-Id: I2068d66644628fe1de7a6be30b8d43ecfae04e93
> Reviewed-on: https://chromium-review.googlesource.com/1220047
> Commit-Queue: Chandan Reddy <chandanreddy@google.com>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55875}

TBR=cbruni@chromium.org,chandanreddy@google.com

Change-Id: If3bfb5e142a873f534f831da413d26e78d2e3716
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8072
Reviewed-on: https://chromium-review.googlesource.com/1224481
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55876}
2018-09-13 18:29:51 +00:00
Creddy
e938b7a3e5 Enable OneShot optimizations by default
BUG=v8:8072

Change-Id: I2068d66644628fe1de7a6be30b8d43ecfae04e93
Reviewed-on: https://chromium-review.googlesource.com/1220047
Commit-Queue: Chandan Reddy <chandanreddy@google.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55875}
2018-09-13 16:55:35 +00:00
Yuki Shiino
726e279387 Fix Isolate::GetIncumbentContext().
It turned out that the original implementation was broken
from the beginning. This patch fixes the API to return
the correct one.

GetIncumbentContext was implemented at
https://chromium-review.googlesource.com/c/v8/v8/+/536728

Change-Id: Iba29171bac10ed82575a8079396768a9d5af3b13
Bug: chromium:883036
Reviewed-on: https://chromium-review.googlesource.com/1219368
Commit-Queue: Yuki Shiino <yukishiino@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55874}
2018-09-13 16:31:37 +00:00
Camillo Bruni
ec348ef152 [keys] Fix for-in with only non-enumerable properties in dictionary mode
Bug: v8:8163
Change-Id: I2aacbb13dc16772b173d56051a84399b8c34d4f2
Reviewed-on: https://chromium-review.googlesource.com/1224417
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55872}
2018-09-13 14:55:34 +00:00
Florian Sattler
50f1d6c9e8 [cleanup] Replace old c-style casts with c++ casts.
Fixing clang-tidy warning.

Bug: v8:8015
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I3a09bb6936853bca448f425d4266365deb6671d4
Reviewed-on: https://chromium-review.googlesource.com/1220146
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Florian Sattler <sattlerf@google.com>
Cr-Commit-Position: refs/heads/master@{#55871}
2018-09-13 14:48:25 +00:00
Florian Sattler
cbb400a7d3 [cleanup] Refactor wasm to use default members.
Fixing clang-tidy warning.

Bug: v8:8015
Change-Id: Ib3b6bdeb404ed6fe9c69107b4683a99c96dd8352
Reviewed-on: https://chromium-review.googlesource.com/1224053
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Florian Sattler <sattlerf@google.com>
Cr-Commit-Position: refs/heads/master@{#55866}
2018-09-13 13:37:46 +00:00
Florian Sattler
49d1c8663e [cleanup] Refactor heap classes to use default members.
Fixing clang-tidy warning.

Bug: v8:8015
Change-Id: Ibe5906fa96f2d7327bce1eff70637a2d00f99668
Reviewed-on: https://chromium-review.googlesource.com/1224030
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Florian Sattler <sattlerf@google.com>
Cr-Commit-Position: refs/heads/master@{#55865}
2018-09-13 13:35:56 +00:00
Michael Lippautz
820626b7bf Always skip mjsunit/external-backing-store-gc
No-try: true
Tbr: machenbach@chromium.org
Bug: v8:8169
Change-Id: I973494d9e714c22d255435caa1f35a359a5dd2d1
Reviewed-on: https://chromium-review.googlesource.com/1224437
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55862}
2018-09-13 13:19:51 +00:00
Ben L. Titzer
ca894e093a [wasm] Nerf regression test size
This verifies that asm.js over the internal parameter count limit
does not crash. The internal limit is 1000 parameters, and the test
was using >3000 parameters. Reduce this down to 1005, and also
introduce a test which does not dynamically construct the string
and eval it, because the construction of this string takes time.
Mark the old test as slow in debug mode.

R=machenbach@chromium.org
BUG=v8:8165

Change-Id: Ib6ef5e1e58d3f37a71720fb59afa19464e7f2ff7
Reviewed-on: https://chromium-review.googlesource.com/1224057
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55860}
2018-09-13 12:46:20 +00:00
jgruber
18380a3c15 [api] introduce PrepareStackTraceCallback
Adds a new stack trace API which overrides Error.prepareStackTrace.

Bug: v8:7637,v8:6974
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ie09e74485d81264359c264b2f4a05e9bfd76b2d9
Reviewed-on: https://chromium-review.googlesource.com/1119768
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55858}
2018-09-13 11:47:03 +00:00
Michael Achenbach
c9049b78b3 [test] Skip test on Android
TBR=rmcilroy@chromium.org
NOTRY=true

Bug: v8:8161
Change-Id: I2583b374d14ba4cfda4ab7c6a164794661c56f2a
Reviewed-on: https://chromium-review.googlesource.com/1224411
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55857}
2018-09-13 11:43:03 +00:00
Georg Neis
ec532ac280 [turbofan] Remove ObjectRef::TypeOf.
It turns out that this function didn't make much sense since
ReduceTypeOf already dispatches on the type of the input.

Bug: v8:7790
Change-Id: Ib02149db78e507500bbe79e16380ea7de8c4abfe
Reviewed-on: https://chromium-review.googlesource.com/1219329
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55854}
2018-09-13 10:33:16 +00:00
Sreten Kovacevic
750ce1e730 [mips64] Deprecate use of J and JAL instructions
Since trampolines and long branches are now PIC, these instructions
are not used anymore. Hence 256 MB alignment requirement can be
removed.

Change-Id: Ibdc51631a8c5efc97f058f09b809d3dc13a9f933
Reviewed-on: https://chromium-review.googlesource.com/1219022
Commit-Queue: Sreten Kovacevic <skovacevic@wavecomp.com>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ivica Bogosavljevic <ibogosavljevic@wavecomp.com>
Cr-Commit-Position: refs/heads/master@{#55852}
2018-09-13 09:39:21 +00:00
Georg Neis
4a75168479 Reland "[typedarray] Properly convert hole to undefined in TypedArray.from"
This is an unmodified reland of ece86adc6b.

Original change's description:
> [typedarray] Properly convert hole to undefined in TypedArray.from
>
> It used to call the old IterableToList, which had the wrong
> semantics for holes.
>
> Bug: v8:8133
> Change-Id: Idd5acd55a155bc43df7552135a44151bb2db38e9
> Reviewed-on: https://chromium-review.googlesource.com/1213204
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55745}

Tbr: petermarshall@chromium.org
Bug: v8:8133
Change-Id: I91c1eaf61cbcc29116e3a6cc3415f29cfba3561e
Reviewed-on: https://chromium-review.googlesource.com/1223007
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55846}
2018-09-13 08:34:21 +00:00
Ujjwal Sharma
6020cd5b54 [intl] Port pluralrules#select to C++
Bug: v8:5751
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I7c8aab3f0420e5a7e64aa78c642320bec4142d03
Reviewed-on: https://chromium-review.googlesource.com/1208653
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55842}
2018-09-13 02:32:45 +00:00
Florian Sattler
d970749152 Reland "[preparser] Refactor VariableProxies to use ThreadedLists interface"
This is a reland of 78f8ff9568

Original change's description:
> [preparser] Refactor VariableProxies to use ThreadedLists interface
>
> Bug: v8:7926
> Change-Id: Idfc520b67696c8a838a0ee297ea392d416dd899e
> Reviewed-on: https://chromium-review.googlesource.com/1206292
> Commit-Queue: Florian Sattler <sattlerf@google.com>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55801}

Bug: v8:7926, chromium:883059
Change-Id: Icaa496be1b4df8306fe6d623e5825909d7b0c9c5
Reviewed-on: https://chromium-review.googlesource.com/1221529
Commit-Queue: Florian Sattler <sattlerf@google.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55833}
2018-09-12 15:13:29 +00:00
Stephan Herhut
d6b5ac8daf [wasm] Use wasm-function#%d consistently as debug name.
This also fixes a use where it should be a public name. For public
names, we use what is defined in the module or wasm-function[%d] as per
the wasm names spec.

Bug: v8:8015
Change-Id: Ie102db4e1114b20caeb4a990cb9e07cacf0666bc
Reviewed-on: https://chromium-review.googlesource.com/1215627
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55827}
2018-09-12 13:47:21 +00:00
Michael Achenbach
93cbdab31e [test] Skip some slow tests on arm64_sim
NOTRY=true
TBR=sigurds@chromium.org

Bug: v8:7783
Change-Id: I3c4c8222b121856a58f371e3563474e17c2075fd
Reviewed-on: https://chromium-review.googlesource.com/1221189
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55823}
2018-09-12 11:27:35 +00:00
Michael Lippautz
dd3ac3c9d2 Skip backing-store GC test on Windows
No-try: true
Bug: v8:8169
Change-Id: I2ba158d3a2886c18fc4897e5172f32a2211f1a57
Reviewed-on: https://chromium-review.googlesource.com/1221286
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55821}
2018-09-12 10:20:22 +00:00
Florian Sattler
daf1a349dc Revert "[preparser] Refactor VariableProxies to use ThreadedLists interface"
This reverts commit 78f8ff9568.

Reason for revert: Causing failures on ClusterFuzz and flakes on the waterfall.
BUG: v8:8166, chromium:883042, chromium:883054, chromium:883119, chromium:883110

Original change's description:
> [preparser] Refactor VariableProxies to use ThreadedLists interface
>
> Bug: v8:7926,
> Change-Id: Idfc520b67696c8a838a0ee297ea392d416dd899e
> Reviewed-on: https://chromium-review.googlesource.com/1206292
> Commit-Queue: Florian Sattler <sattlerf@google.com>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55801}

TBR=marja@chromium.org,cbruni@chromium.org,ishell@chromium.org,verwaest@chromium.org,sattlerf@google.com

Change-Id: Ibebff76b5ae69b9790b73c6bd1d53beff5d53673
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7926
Reviewed-on: https://chromium-review.googlesource.com/1221227
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55819}
2018-09-12 09:10:05 +00:00
Michael Achenbach
0005c2de36 Revert multiple commits
Revert "[ptr-compr] Introduce BoundedPageAllocator and use it instead of CodeRange."

This reverts commit 16816e53be.

Revert "[cleanup] Introduce LsanPageAllocator decorator"

This reverts commit 0606bf91ed.

Revert "[ptr-compr][heap] Fix TODOs about always using proper page allocator"

This reverts commit b0edf8e66a.

The fist CL in the list is suspected to block the roll:
https://chromium-review.googlesource.com/c/chromium/src/+/1216022

Pseudo bisect points to that CL:
https://chromium-review.googlesource.com/c/chromium/src/+/1219612

TBR=ishell@chromium.org

Bug: v8:8096
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I9fafedd3810e14cdfc2068df7727cf90fc0cc85a
Reviewed-on: https://chromium-review.googlesource.com/1219695
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55818}
2018-09-12 08:34:10 +00:00
Clemens Hammacher
a39fcbd288 Reland^2 "[Liftoff] Implement f32.copysign and f64.copysign"
This is a reland of 6afe7d1815.
The reason for the revert is fixed in https://crrev.com/c/1219633.

Original change's description:
> [Liftoff] Implement f32.copysign and f64.copysign
>
> These are two of the few missing instructions. This CL implements them
> for ia32 and x64, and bails out on other platforms.
> On x64, we are using the BTR instruction since we cannot have 64-bit
> immediates.
>
> Drive-by: Fix naming of existing bt/bts instructions on x64.
>
> R=titzer@chromium.org
>
> Bug: v8:6600
> Change-Id: Ib8532ca811160cd61f4ba7c06b04ce093861c872
> Reviewed-on: https://chromium-review.googlesource.com/1174383
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55780}

Bug: v8:6600
Change-Id: Ie14ba3a14848ba8e67f97e66d3379178f35dea40

TBR=titzer@chromium.org

Change-Id: Ie14ba3a14848ba8e67f97e66d3379178f35dea40
Reviewed-on: https://chromium-review.googlesource.com/1219693
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55817}
2018-09-12 08:33:24 +00:00
Florian Sattler
a8c2ad368d [cleanup] Refactor TestCaseData to use delete
Fixing clang-tidy warning.

Bug: v8:8015
Change-Id: I2ac8b12c040af2ad6122ce14eef8b4f8375e46ac
Reviewed-on: https://chromium-review.googlesource.com/1219708
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Florian Sattler <sattlerf@google.com>
Cr-Commit-Position: refs/heads/master@{#55814}
2018-09-12 07:54:35 +00:00
Clemens Hammacher
1c860ca4a9 Revert "Reland "[Liftoff] Implement f32.copysign and f64.copysign""
This reverts commit f0f5f8778c.

Reason for revert: Merge conflict (does not compile).

Original change's description:
> Reland "[Liftoff] Implement f32.copysign and f64.copysign"
> 
> This is a reland of 6afe7d1815.
> The reason for the revert is fixed in https://crrev.com/c/1219633.
> 
> Original change's description:
> > [Liftoff] Implement f32.copysign and f64.copysign
> >
> > These are two of the few missing instructions. This CL implements them
> > for ia32 and x64, and bails out on other platforms.
> > On x64, we are using the BTR instruction since we cannot have 64-bit
> > immediates.
> >
> > Drive-by: Fix naming of existing bt/bts instructions on x64.
> >
> > R=titzer@chromium.org
> >
> > Bug: v8:6600
> > Change-Id: Ib8532ca811160cd61f4ba7c06b04ce093861c872
> > Reviewed-on: https://chromium-review.googlesource.com/1174383
> > Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> > Reviewed-by: Ben Titzer <titzer@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#55780}
> 
> Bug: v8:6600
> Change-Id: I4baeec6b02b17450988cfa7fedd5037f9cfe1638
> Reviewed-on: https://chromium-review.googlesource.com/1219508
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55812}

TBR=titzer@chromium.org,clemensh@chromium.org

Change-Id: Iae075a8f5225f1678691698bf3a304faa5ae2aab
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6600
Reviewed-on: https://chromium-review.googlesource.com/1220747
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55813}
2018-09-12 07:23:55 +00:00
Clemens Hammacher
f0f5f8778c Reland "[Liftoff] Implement f32.copysign and f64.copysign"
This is a reland of 6afe7d1815.
The reason for the revert is fixed in https://crrev.com/c/1219633.

Original change's description:
> [Liftoff] Implement f32.copysign and f64.copysign
>
> These are two of the few missing instructions. This CL implements them
> for ia32 and x64, and bails out on other platforms.
> On x64, we are using the BTR instruction since we cannot have 64-bit
> immediates.
>
> Drive-by: Fix naming of existing bt/bts instructions on x64.
>
> R=titzer@chromium.org
>
> Bug: v8:6600
> Change-Id: Ib8532ca811160cd61f4ba7c06b04ce093861c872
> Reviewed-on: https://chromium-review.googlesource.com/1174383
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55780}

Bug: v8:6600
Change-Id: I4baeec6b02b17450988cfa7fedd5037f9cfe1638
Reviewed-on: https://chromium-review.googlesource.com/1219508
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55812}
2018-09-12 07:19:03 +00:00
Michael Achenbach
da4fb5eda4 [test] Mark slow test
NOTRY=true
TBR=herhut@chromium.org

Bug: v8:8164
Change-Id: I6748a6fc58c9910855f018cccc1d93a40d8c32ad
Reviewed-on: https://chromium-review.googlesource.com/1219692
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55811}
2018-09-12 06:51:25 +00:00
Caitlin Potter
fbcf0221fa [CloneObjectIC] add CSA implementation of slow case
The CSA implementation is a separate handler so that TF has the
opportunity to reduce to a direct call, skipping some of the dispatching
in the CloneObjectIC stub.

This patch moves the looping over a source object's keys and values into the
base CodeStubAssembler, so that it can be shared between ObjectAssignFast
and CloneObjectIC_Slow.

During each step of the loop, storing is delegated to a new SetPropertyInLiteral
helper in KeyedStoreGenericGenerator, which performs a store without consulting
the prototype chain, and automatically reconfigures accessors into data
properties regardless of their attributes.

BUG=v8:8067, v8:7611
R=ishell@chromium.org, jkummerow@chromium.org

Change-Id: I06ae89f37e9b4265aab67389cf68a96529f90578
Reviewed-on: https://chromium-review.googlesource.com/1182122
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55806}
2018-09-11 20:43:53 +00:00
Ujjwal Sharma
30af54c499 [intl] Port numberformat#resolvedOptions to C++
Bug: v8:5751
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I91a7305d82423d3a7b1d2fc44282b6116c4c746c
Reviewed-on: https://chromium-review.googlesource.com/1208652
Commit-Queue: Ujjwal Sharma <usharma1998@gmail.com>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55805}
2018-09-11 20:01:37 +00:00
Camillo Bruni
93fea34338 [parser] Use more range checks to reduce branches
- Introduce Token::IsLiteral helper
- Introduce Token::IsStrictReservedWord helper


Drive-by-fix:
- Use "token" instead of "tok" as variable name
- Keep enum order consistent accross files

Change-Id: Ie3b30a62dfbea761a31c32465c0afa681d326710
Reviewed-on: https://chromium-review.googlesource.com/1203952
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55804}
2018-09-11 19:56:10 +00:00
Benedikt Meurer
a15ad0d310 [turbofan] Reduce overhead of megamorphic property accesses.
We had an optimization in Crankshaft where we would call into the
megamorphic handler stub directly if an inline cache was already
found to be megamorphic when it hit the optimizing compiler. This
way we could avoid the dispatch overhead when we know that there's
no point in checking for the other states anyways. However we somehow
missed to port this optimization to TurboFan.

Now this change introduces support to call into LoadIC_Megamorphic and
KeyedLoadIC_Megamorphic directly (plus the trampoline versions), which
saves quite a lot of overhead for the cases where the map/name pair is
found in the megamorphic stub cache, and it's quite a simple change. We
can later extend this to also handle the StoreIC and KeyedStoreIC cases
if that turns out to be beneficial.

This improves the score on the Octane/TypeScript test by around ~2%
and the TypeScript test in the web-tooling-benchmark by around ~4%. On
the ARES-6 Air test the steady state mean improves by 2-4%, and on the
ARES-6 ML test the steady state mean seems to also improve by 1-2%, but
that might be within noise.

On a micro-benchmark that just runs `o.x` in a hot loop on a set of 9
different objects, which all have `x` as the first property and are
all in fast mode, we improve by around ~30%, and are now almost on par
with JavaScriptCore.

Bug: v8:6344, v8:6936
Change-Id: Iaa4c6e34c37e78da217ee75f32f6acc95a834250
Reviewed-on: https://chromium-review.googlesource.com/1215623
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55803}
2018-09-11 18:04:01 +00:00
Deepti Gandluri
0fb2d2b0b6 Revert "[typedarray] Properly convert hole to undefined in TypedArray.from"
This reverts commit ece86adc6b.

Reason for revert: Potential cause of auto-roller breakage https://ci.chromium.org/p/chromium/builders/luci.chromium.try/win10_chromium_x64_rel_ng/91864

Original change's description:
> [typedarray] Properly convert hole to undefined in TypedArray.from
> 
> It used to call the old IterableToList, which had the wrong
> semantics for holes.
> 
> Bug: v8:8133
> Change-Id: Idd5acd55a155bc43df7552135a44151bb2db38e9
> Reviewed-on: https://chromium-review.googlesource.com/1213204
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55745}

TBR=neis@chromium.org,petermarshall@chromium.org,dhai@google.com

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:8133
Change-Id: I09b108e7844c598253fbbe02d705699c21308637
Reviewed-on: https://chromium-review.googlesource.com/1220286
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55802}
2018-09-11 17:49:16 +00:00
Florian Sattler
78f8ff9568 [preparser] Refactor VariableProxies to use ThreadedLists interface
Bug: v8:7926
Change-Id: Idfc520b67696c8a838a0ee297ea392d416dd899e
Reviewed-on: https://chromium-review.googlesource.com/1206292
Commit-Queue: Florian Sattler <sattlerf@google.com>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55801}
2018-09-11 16:14:00 +00:00
Clemens Hammacher
ae9a577c47 [test] Also print hex representation of floats/doubles
In the CHECK_FLOAT_EQ and CHECK_DOUBLE_EQ wrappers, do also print hex
representations on failure. Otherwise, single bit flips might not be
visible in the output, like here:
Check failed: DoubleWrapper(x) == y (-2e+66 vs. -2e+66).

R=titzer@chromium.org

Change-Id: I2521706aedc6ff81c0dbb25259230f8e29ce9a3e
Reviewed-on: https://chromium-review.googlesource.com/1219630
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55799}
2018-09-11 16:05:33 +00:00
Michael Achenbach
565c83f843 [test] Add missing resource for test on Android
TBR=neis@chromium.org
NOTRY=true

Bug: chromium:866862
Change-Id: I7c143eb67edcb54ab1fe260d1d7da6eedb44bfc2
Reviewed-on: https://chromium-review.googlesource.com/1219635
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55795}
2018-09-11 14:13:15 +00:00
Simon Zünd
31eca73d34 [torque] Fix all current lint errors in Torque code
To make the changes in base.tq work, there were 2 changes needed on
the C++ side:
  - calls to "FromConstexpr" are generated by the compiler for
    implicit conversions.
  - type switch is desugared and uses "Cast"

R=jgruber@chromium.org, tebbi@chromium.org

Change-Id: I085f1a393f93e501e6bbcaeacb0d6568259a4714
Reviewed-on: https://chromium-review.googlesource.com/1219629
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55794}
2018-09-11 14:11:05 +00:00
Creddy
f79caee25f [Runtime] Use Runtime_SetNamedProperty for property stores in one-shot code.
- Rename Runtime_SetProperty to Runtime_SetKeyedProperty
- Create Runtime_SetNamedProperty and use it for SetNamed property
  in one-shot code.
- Rename Object::StoreFromKeyed enum to StoreOrigin

Bug: v8:8072, chromium:876839
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I22132380ca4b6ce1e0a14a38cca849814559cdcf
Reviewed-on: https://chromium-review.googlesource.com/1207870
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Chandan Reddy <chandanreddy@google.com>
Cr-Commit-Position: refs/heads/master@{#55790}
2018-09-11 13:42:25 +00:00
Michael Starzinger
515fef86c3 [wasm] Perform signature check on exception import.
This checks the type signature during import against the expected
signature. For this the {WasmExceptionObject} now contains a serialized
version of the signature.

R=clemensh@chromium.org
TEST=mjsunit/wasm/exceptions-import
BUG=v8:8091

Change-Id: I5a34ef87eccf4d2ed3a784620796ec009623fd90
Reviewed-on: https://chromium-review.googlesource.com/1219509
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55789}
2018-09-11 13:40:03 +00:00
Andreas Haas
cecd2ed5b7 [wasm] Return immediately if code generation is not allowed
There was a bug in WebAssembly.instantiate in the case where a CSP
disallows WebAssembly compilation. In this case the promise returned by
WebAssembly.instantiate was rejected immediately because of the CSP,
but then compilation was started anyways, and the promise was resolved
after compilation for a second time, which caused the crash. With this
CL we do not start compilation if CSP disallows WebAssembly compilation.

R=clemensh@chromium.org

Bug: chromium:881978
Change-Id: Iffdb3e02c3006eb7f86211ab197f81cf20438f0e
Reviewed-on: https://chromium-review.googlesource.com/1219706
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55788}
2018-09-11 13:15:20 +00:00
Michael Achenbach
0d1b00b8c2 [test] Add non-d8 test suites to Android testing
This enables cctest, unittests, fuzzer and inspector on Android.
The cctest suite requires extra resource-fetching logic for the
bytecode-generator expectation files.

Bug: chromium:866862
Cq-Include-Trybots: luci.v8.try:v8_android_arm64_n5x_rel_ng
Change-Id: If3da853a62c047388476a7f38e32e64e2859f186
Reviewed-on: https://chromium-review.googlesource.com/1213208
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55784}
2018-09-11 11:12:21 +00:00
Clemens Hammacher
86dd4af02c Revert "[Liftoff] Implement f32.copysign and f64.copysign"
This reverts commit 6afe7d1815.

Reason for revert: Failures (-2e+66 vs. -2e+66): https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20debug/22148

Original change's description:
> [Liftoff] Implement f32.copysign and f64.copysign
> 
> These are two of the few missing instructions. This CL implements them
> for ia32 and x64, and bails out on other platforms.
> On x64, we are using the BTR instruction since we cannot have 64-bit
> immediates.
> 
> Drive-by: Fix naming of existing bt/bts instructions on x64.
> 
> R=​titzer@chromium.org
> 
> Bug: v8:6600
> Change-Id: Ib8532ca811160cd61f4ba7c06b04ce093861c872
> Reviewed-on: https://chromium-review.googlesource.com/1174383
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55780}

TBR=titzer@chromium.org,clemensh@chromium.org

Change-Id: I4377c13346b42b65e8db04cbd15fc2f906113f65
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6600
Reviewed-on: https://chromium-review.googlesource.com/1219446
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55783}
2018-09-11 10:59:33 +00:00
Frank Tang
6e5e3b2c9e [Intl] fix formatToPart generate unit in plural if pass in plural as unit.
Bug: v8:8150
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: If2157d486ac164fcfd0efdc5469357fbad72e0de
Reviewed-on: https://chromium-review.googlesource.com/1215271
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55782}
2018-09-11 10:02:04 +00:00
Michael Starzinger
a64e6b5062 [wasm][test] Add additional module builder checks.
R=clemensh@chromium.org

Change-Id: I9734259c9f41378ac216d5a222f0f7c71fcb5fa6
Reviewed-on: https://chromium-review.googlesource.com/1219023
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55781}
2018-09-11 09:56:44 +00:00
Clemens Hammacher
6afe7d1815 [Liftoff] Implement f32.copysign and f64.copysign
These are two of the few missing instructions. This CL implements them
for ia32 and x64, and bails out on other platforms.
On x64, we are using the BTR instruction since we cannot have 64-bit
immediates.

Drive-by: Fix naming of existing bt/bts instructions on x64.

R=titzer@chromium.org

Bug: v8:6600
Change-Id: Ib8532ca811160cd61f4ba7c06b04ce093861c872
Reviewed-on: https://chromium-review.googlesource.com/1174383
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55780}
2018-09-11 09:39:57 +00:00
Michael Starzinger
8238a9b245 [wasm] Add preliminary support for imported exceptions.
This adds the ability to import exception into a module at instantiation
time. Only a {WasmExceptionObject} that has been exported by another
module instance can be imported, all other values are rejected.

Note that currently there is no signature check being performed to make
sure the imported exception matches the expected type. Also the identity
of imported exceptions is not yet preserved.

Furthermore the engine does not yet match thrown exception objects on a
global level across modules. Hence imported exceptions will (wrongly)
behave as completely new types within the module.

R=clemensh@chromium.org
TEST=mjsunit/wasm/exceptions-import,unittests/WasmModuleVerifyTest
BUG=v8:8091

Change-Id: If247762b949a1ba4a87d13bc3e790a45dbc67815
Reviewed-on: https://chromium-review.googlesource.com/1216402
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55777}
2018-09-11 09:25:18 +00:00
Frank Tang
d048600ce9 [Intl] mv code from builtins/builtins-intl.cc to objects/js-number-format.*
Bug: v8:5751
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I334a6eca81c02bdb90b2054f085bf57dec5f9a9d
Reviewed-on: https://chromium-review.googlesource.com/1215645
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55775}
2018-09-11 09:12:23 +00:00
Frank Tang
eec50fa3cf [Intl] Remove quarter hack after cherrypick icu fix.
Manually roll ICU to 7ca3ffa to pick up an upstream fix for quarter handling.

Remove the hack that prevent unexpected behavior in ICU
and remove the skip of failing tests.

Bug: v8:8151,v8:7869
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Ic9a56679bf1eb9dc18c739161838d518fd664d6f
Reviewed-on: https://chromium-review.googlesource.com/1214522
Reviewed-by: Jungshik Shin <jshin@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55774}
2018-09-11 09:11:18 +00:00
Frank Tang
5609e27ec6 [Intl] fix Intl.Locale toStringTag bugs
Bug: v8:7684
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I48490187d4cb967b3567ff12306aad094698d0ee
Reviewed-on: https://chromium-review.googlesource.com/1218062
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55773}
2018-09-11 09:09:08 +00:00
Simon Zünd
99e13e587e [builtins] Add FastCallFunction builtin that elides some checks
This CL adds a new "Call" stub that can be used by builtins that will
call the same JS call-back function often (e.g. compare function in
Array.p.sort). The checks have to be done upfront once, but can then
be omitted.

R=jgruber@chromium.org

Bug: v8:7861
Change-Id: Id6e4ca27c3d488a7b1f708cbcb4cbe6cc382513e
Reviewed-on: https://chromium-review.googlesource.com/1208574
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55769}
2018-09-11 07:31:32 +00:00
Frank Tang
d830602839 [Intl] Call uloc_forLanguageTag before morphing a language tag
The ICU API for maximizing and minimizing a locale ID takes ICU format locale id as an input
so that a BCP 47 language tag must be converted to the corresponding ICU locale id.

Bug: v8:7982
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I1cb1dacbf057bbc8bb8beb9b62d1ec4becd82624
Reviewed-on: https://chromium-review.googlesource.com/1150934
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Jungshik Shin <jshin@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55768}
2018-09-11 06:45:12 +00:00
Michael Lippautz
22b2b34c26 [heap] Refactor HeapController
Split off from
  https://chromium-review.googlesource.com/c/v8/v8/+/1196484

Bug: chromium:879045
Change-Id: I58b1a2ad10729f54c9a452dcfecd7511660460f6
Reviewed-on: https://chromium-review.googlesource.com/1216285
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55764}
2018-09-10 19:47:15 +00:00
Dan Elphick
5a9f05560e [embedded handlers] Store the handlers without gaps
Previously the builtins table had a value for every single
OperandScale/Bytecode combination regardless of whether it was valid.
This change makes it so that only valid bytecode handlers are stored in
the builtins table. This prevents placeholders being serialized into the
snapshot (and embedded into the binary) saving 9KB in
CODE_SPACE/OLD_SPACE and 2.5KB in the embedded data as well as 66
entries in the builtins table.

To do this, it generates a new header file bytecodes-builtins-list.h
which is created from the BYTECODE_LIST and OPERAND_SCALE_LIST macros.
Since list macros cannot be used to conditionally generate elements in
the C-preprocessor, this is done by generator executable, compiled from
interpreter/generate-flat-headers.cc.

Additionally the generator creates the flat bytecode list so that it is
transposed from the previous result, i.e. the results are grouped by
bytecode and then operand scale rather than operand scale then bytecode.
This should give better locality for commonly used bytecodes and may
allow less commonly used ExtraWide bytecodes to never be mapped into
memory at all.

The cost to storing the handlers densely is that looking up a handler
now requires a binary search through the builtins table, but this should
only happen during debugging. It is also fixable at least for non-wide
handlers and could be improved for wide ones if the need arises.

Bug: v8:8068
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Iaad22a952e2858f508030c5ddc082f91bf59f667
Reviewed-on: https://chromium-review.googlesource.com/1209304
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55757}
2018-09-10 14:42:02 +00:00
Georg Neis
9ed348e65f [turbofan] Serialize descriptor arrays.
- Provide MapData::SerializeDescriptors method for serializing the whole
  descriptor array.
- Trigger this in JSObjectData::SerializeAsBoilerplate.
- Further make things more consistent across the broker.

Bug: v8:7790
Change-Id: Ie6499da8857f7c6561f7c44922aeffcea4876be7
Reviewed-on: https://chromium-review.googlesource.com/1199102
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55756}
2018-09-10 14:23:03 +00:00
Sreten Kovacevic
1c8ea8f63b [mips] Enable mjsunit/regress/wasm/regress-864509 on big-endian
Issues that caused failure of this test have been resolved with commit
https://chromium-review.googlesource.com/c/v8/v8/+/1213183, so it can
be re-enabled.

Change-Id: I441998e5e63fce7a7e718b593c8e58a71841b78e
Reviewed-on: https://chromium-review.googlesource.com/1215168
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Sreten Kovacevic <skovacevic@wavecomp.com>
Cr-Commit-Position: refs/heads/master@{#55754}
2018-09-10 13:56:27 +00:00
Michael Starzinger
4e71b6ba36 [wasm] Introduce WASM_EXCEPTION_OBJECT instance type.
This new instance type will be used for wrapper objects representing
exported exceptions. Currently the objects are empty and only serve as
an identity for exported exceptions. Eventually they will also need to
reference the signature underlying the exception to perform a signature
check upon import.

R=clemensh@chromium.org
TEST=mjsunit/wasm/exceptions-import
BUG=v8:8091

Change-Id: Ifdd561fc000090f4a985aeb45549fd7110849646
Reviewed-on: https://chromium-review.googlesource.com/1215166
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55752}
2018-09-10 11:26:25 +00:00
Sreten Kovacevic
c98b50fb43 [mips][Liftoff]: Enable BE tests on Liftoff
* Enable Liftoff wasm cctests on BE for mips and mips64
* Fix issues that were introduced with these tests and that are
linked with Load/Store instructions
* Change endianness on GetGlobal and SetGlobal, as done in TF
* Skip I32Binop tests that fail with OOM error and seem to not be
related directly to this task

Bug: v8:6600
Change-Id: Ib62ca5e3c681326d28e70a5157d8646e0c8d0b51
Reviewed-on: https://chromium-review.googlesource.com/1213183
Commit-Queue: Sreten Kovacevic <skovacevic@wavecomp.com>
Reviewed-by: Ivica Bogosavljevic <ibogosavljevic@wavecomp.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55751}
2018-09-10 11:21:31 +00:00
Tobias Tebbi
e569438b0a [torque] disallow using logical operators in value contexts
This CL makes sure, that logical operators (||, &&) always have return
type never. Together with a check that never is never passed as a
function argument, this prevents faulty evaluation as in !(x || y).

Before, the logical operators had a behavior similar to
(bool labels Taken, NotTaken), with a fast exit if the left-hand side
allowed shor-circuit evaluation, but returning the right-hand side
otherwise. Since we want to allow existing (a || b || c) patterns in
the codebase, this requires weakening the restriction that the left-
and right-hand side need to have the same type. Now the possibilites
are:
bool, never
never, bool
never, never
bool, bool
constexpr bool, constexpr bool

Bug: v8:8137
Change-Id: I9576b337dc4008ac58b4625e77fef4e73bcdd6e3
Reviewed-on: https://chromium-review.googlesource.com/1215162
Reviewed-by: Daniel Clifford <danno@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55750}
2018-09-10 11:14:15 +00:00
Simon Zünd
e365bc2dcb [array] Consistently throw TypeError for zero-length arrays
This CL fixes a bug that allowed calls to Array.p.shift on
zero-length arrays where the 'length' is read-only without throwing
a TypeError.

R=bmeurer@chromium.org, jgruber@chromium.org

Bug: chromium:882233
Change-Id: Ib129ab4c4f4f233e7bb553effa77539badfbe26e
Reviewed-on: https://chromium-review.googlesource.com/1215164
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#55746}
2018-09-10 09:50:52 +00:00
Georg Neis
ece86adc6b [typedarray] Properly convert hole to undefined in TypedArray.from
It used to call the old IterableToList, which had the wrong
semantics for holes.

Bug: v8:8133
Change-Id: Idd5acd55a155bc43df7552135a44151bb2db38e9
Reviewed-on: https://chromium-review.googlesource.com/1213204
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55745}
2018-09-10 09:31:55 +00:00
Igor Sheludko
16816e53be [ptr-compr] Introduce BoundedPageAllocator and use it instead of CodeRange.
Bug: v8:8096
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: If44c1a9a76c517fe329485d385f445b2be9f5ec2
Reviewed-on: https://chromium-review.googlesource.com/1213186
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55744}
2018-09-10 09:30:50 +00:00
Benedikt Meurer
7e5a287853 [turbofan] Add missing test coverage for JSStrictEqual with symbols.
Bug: v8:6344, v8:8015
Change-Id: I6d96f039b47980f9df8d06c4097b70012fce3c82
Reviewed-on: https://chromium-review.googlesource.com/1215163
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55741}
2018-09-10 07:44:24 +00:00
Sathya Gunasekaran
c830799d68 [class] Give a name to initializer functions
Makes for a nicer stack trace

Bug: v8:5367
Change-Id: I6d77907e08c2c4efc7a1b25016c7e83841c7c574
Reviewed-on: https://chromium-review.googlesource.com/1211444
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55736}
2018-09-07 19:26:34 +00:00
Michael Achenbach
1742e57501 [test] Skip some tests on gc fuzzer
NOTRY=true
TBR=yangguo@chromium.org

Change-Id: Ic5e8ea11035ad77d4a47e600283f83941ca5af43
Reviewed-on: https://chromium-review.googlesource.com/1213213
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55735}
2018-09-07 18:35:52 +00:00
Michael Achenbach
3b4bfdb909 [test] Mark tests slow with isolates testing
The isolates step times out due to some very slow tests. Marking as slow
changes the test order and increases throughput.

NOTRY=true
TBR=yangguo@chromium.org

Change-Id: Iaaf6fe93e7f0e17266923d1ab6f0fe7b09abea9e
Reviewed-on: https://chromium-review.googlesource.com/1213212
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55734}
2018-09-07 18:12:25 +00:00
Mathias Bynens
b4b2dafc03 Reland "Ship globalThis 🎉"
This is a reland of 4dac9872ae

Original change's description:
> Ship globalThis 🎉
>
> Proposal repository:
> https://github.com/tc39/proposal-global
>
> Intent to ship:
> https://groups.google.com/d/msg/v8-users/Vkoh0wXRwaM/Yt7MpzhkAgAJ
>
> Bug: v8:5537
> Change-Id: I60a6c5375165d89548db12fef454a64137d04c27
> Reviewed-on: https://chromium-review.googlesource.com/1195494
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Commit-Queue: Mathias Bynens <mathias@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55543}

TBR=adamk@chromium.org,machenbach@chromium.org,gsathya@chromium.org,mathias@chromium.org

No-Presubmit: true
Bug: v8:5537
Change-Id: I1e20d606bb027d7afca713ffde87e183b6f610bd
Reviewed-on: https://chromium-review.googlesource.com/1208633
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55732}
2018-09-07 15:18:00 +00:00
Michael Achenbach
c3dce78c1f [test] Skip more debugger tests on predicable mode
Seems like most lifeedit tests are not predicable.

NOTRY=true
TBR=yangguo@chromium.org

Bug: v8:8147
Change-Id: Ia0a3871112f5a6f4b5821ee401bfdfd26dd8f9e5
Reviewed-on: https://chromium-review.googlesource.com/1213211
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55730}
2018-09-07 14:54:47 +00:00
Michael Achenbach
a5dc30a6c1 [test] Skip debugger tests failing predictable testing
NOTRY=true
TBR=yangguo@chromium.org

Bug: v8:8147
Change-Id: I596d9a798440c50bc43b5250bd4f09a3392934a9
Reviewed-on: https://chromium-review.googlesource.com/1213022
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55727}
2018-09-07 13:11:08 +00:00
Benedikt Meurer
e56b6d241f [turbofan] Introduce a pure StringConcat operator.
This replaces the previous CheckStringAdd operator which deopts in case
the combined length overflows with a dedicated pure StringConcat operator.
This operator is similar to NewConsString in that it takes the resulting
length plus the two input strings. The operator relies on the length
being checked explicitly by the surrounding code instead of baking the
check into the operator itself. This way TurboFan can eliminate
redundant/unnecessary StringConcat operations, since they are pure now.

This also unifies the treatment of string addition in JSTypedLowering,
and generalizes the StringLength constant-folding to apply to more cases
not just the JSAdd cases inside JSTypedLowering.

Bug: v8:7902, v8:8015
Change-Id: I987ec39815a9464fd5fd9c4f7b26b709f94f2b3f
Reviewed-on: https://chromium-review.googlesource.com/1213205
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55725}
2018-09-07 13:06:09 +00:00
Stephan Herhut
47837cfc23 [wasm] Add d8 stress test for kExprI32AtomicCompareExchange
Add a test that runs multiple workers that concurrently try to advance
along a random sequence of numbers, using AtomicCompareExchange to
update the shared current position.

Change-Id: Ie073bbdce6fd6766ef1f73f996dd592b90b8b3c2
Reviewed-on: https://chromium-review.googlesource.com/1198769
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55722}
2018-09-07 12:07:57 +00:00
Ross McIlroy
83dee31e42 [Parser] Split building logic out of ProducedPreParserScopeData.
Splits PreParsedScopeDataBuilder out of ProducedPreParserScopeData to make the split between
building PreParsedScopeData and using already build PreParserScopeData more explicit.

BUG=v8:8041

Change-Id: Iab42cab84c247152c14ac39f3136f985753160ec
Reviewed-on: https://chromium-review.googlesource.com/1202104
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55718}
2018-09-07 11:39:58 +00:00
jgruber
ce5893626a Fix two issues in FuzzAssembleSwap test
The first: we allocated within the argument list of a function call on
a handlified receiver. The allocation may trigger GC which leaves us
with a stale receiver reference.

The second: in generated code we triggered further allocations while
an uninitialized fixed array was live.

Bug: v8:8145
Change-Id: If59cab6274277534b2ff6463daa5863b8feae22c
Reviewed-on: https://chromium-review.googlesource.com/1213162
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55717}
2018-09-07 11:08:47 +00:00
Ross McIlroy
8da9dbbb54 [Parser] Add support for Zone allocated ConsumedPreParsingScopeData.
Adds support for zone allocated (off-heap) ConsumedPreParsingScopeData to
enable worker-thread access to PreParsingScopeData during parallel IIFE
compile tasks.

In order to avoid code-duplication, a templated
BaseConsumedPreParsingScopeData is added which implements the logic for
decoding the bytestream into scope data. Two implementations of this
base class are instantiated for each of the underlying serialized scope date:
  - ZoneConsumedPreParsedScopeData for exposing ZonePreParsedScopeData
  - OnHeapConsumedPreParsedScopeData for exposing on-heap PreParsedScopeData
The interface for each of these classes is the ConsumedPreParsingScopeData,
which exposes the methods required by the parser to deserialize the required
data.

As a side-cleanup, moved Ucs2CharLength and Utf8LengthHelper implementations
to cc file so that we don't get a linker error if one of them are unused by
the cc file including the header.


BUG=v8:8041

Change-Id: Id502312d32fe4a9ddb6f5d2d9d3e3a9d30b9b27d
Reviewed-on: https://chromium-review.googlesource.com/1199462
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55711}
2018-09-07 10:28:40 +00:00
Michael Achenbach
c8d833a422 [test] Add more test suites to Android testing
NOTRY=true
TBR=sergiyb@chromium.org

Bug: chromium:866862
Change-Id: Ifcce9fced4fb96d0ec36335802549f146f0af751
Reviewed-on: https://chromium-review.googlesource.com/1209345
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55705}
2018-09-07 09:53:15 +00:00
Igor Sheludko
3d76e88f13 [ptr-compr] Explicitly specify page allocator instance for VirtualMemory.
The provided page allocator will serve all the memory requests done by the virtual
memory object.
This is a necessary cleanup before introducing BoundedPageAllocator.

Bug: v8:8096
Change-Id: I95477d67e5f532013322a991db3ee1a1f2e821e6
Reviewed-on: https://chromium-review.googlesource.com/1210122
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55703}
2018-09-07 09:39:28 +00:00
Michael Achenbach
0dba4b907b Reland "[test] Increase coverage of d8_default test suites"
This is a reland of 8ac91f6c6a

Skips failing tests on gc stress and fixes predictable testing.

Original change's description:
> [test] Increase coverage of d8_default test suites
>
> NOTRY=true
>
> Bug: v8:7285,v8:8140
> Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
> Change-Id: I9cb216de302bc787189f8f12f5b254909b0f5773
> Reviewed-on: https://chromium-review.googlesource.com/1208496
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55682}

Bug: v8:7285, v8:8140, v8:8141
Change-Id: Ia7a437b874d5c8712f6def30382404e527145610
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_android_arm64_n5x_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux_optional_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux_gc_stress_dbg
Cq-Include-Trybots: luci.v8.try:v8_mac64_gc_stress_dbg
Reviewed-on: https://chromium-review.googlesource.com/1209762
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55701}
2018-09-07 07:53:29 +00:00
Igor Sheludko
bc69c82c4b Fix compilation issue on native arm64 build.
... broken in https://chromium-review.googlesource.com/c/v8/v8/+/1209343

Change-Id: If2d630276530dc8d85de7d17e561f703937f4988
Reviewed-on: https://chromium-review.googlesource.com/1210922
Reviewed-by: Stephan Herhut <herhut@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55697}
2018-09-06 17:33:30 +00:00
Bill Budge
079fab7489 [cleanup] Remove TODO now that wasm-linkage is fixed
- Removes workarounds in test-run-native_calls for ARM and
  adds ARM 32-bit aliasing-aware register allocation.
- Uses wasm::LinkageAllocator instead of custom allocator to avoid
  duplication of this logic.
- Fixes a problem in wasm::LinkageAllocator with high 16 VFP regs,
  and makes member variable naming consistent.

Bug: v8:8015
Change-Id: Ie8bb8bad06bebce2cef3da0f6ad5c59d5f3b3b36
Reviewed-on: https://chromium-review.googlesource.com/1199907
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55696}
2018-09-06 17:24:00 +00:00
Michael Lippautz
ad832c4145 [heap, api] Keep lower limit when adjusting external memory
Previously explicit calls to external memory adjustment could yield in lowering
the limit below the initial default limit. The consequence is repeated useless
garbage collections when e.g. passing around ArrayBuffers.

Bug: chromium:880036
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I429f5adcd9ae523e5ac7621cf7976686b0dec71b
Reviewed-on: https://chromium-review.googlesource.com/1209784
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55694}
2018-09-06 15:44:37 +00:00
Igor Sheludko
51224eab41 [ptr-compr] Explicitly pass v8::PageAllocator instance to helper functions.
... like AllocatePage[s](), FreePages() and SetPermissions().
This CL also changes base::PageAllocator to cache AllocatePageSize and CommitPageSize
values returned by the OS.
This is a necessary cleanup before introducing BoundedPageAllocator.

Bug: v8:8096
Change-Id: Ifb7cdd2caa6a1b029ce0fca6545c61df9d281be2
Reviewed-on: https://chromium-review.googlesource.com/1209343
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55690}
2018-09-06 14:45:58 +00:00
Sathya Gunasekaran
fff26af94a [class] Add stack trace tests for public class fields
Bug: v8:5367
Change-Id: I681dbe1bc115f284994d9ecdb0d2061aed1dbb5e
Reviewed-on: https://chromium-review.googlesource.com/1208514
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55688}
2018-09-06 13:45:01 +00:00
Sathya Gunasekaran
9d2cfd3917 [class] Fix code coverage and add tests for public class fields
Bug: v8:5367
Change-Id: Id3c2075e3c0a8f9b81a9c6b5f0578b6ecfa58001
Reviewed-on: https://chromium-review.googlesource.com/1205834
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55687}
2018-09-06 13:26:12 +00:00
Michael Achenbach
6a41625000 Revert "[test] Increase coverage of d8_default test suites"
This reverts commit 8ac91f6c6a.

Reason for revert:
Some actual failures on Mac and debugger:
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Mac64%20GC%20Stress/2914

Failing message tests need to be skipped for predictable testing:
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20predictable/18967

Original change's description:
> [test] Increase coverage of d8_default test suites
> 
> NOTRY=true
> 
> Bug: v8:7285,v8:8140
> Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
> Change-Id: I9cb216de302bc787189f8f12f5b254909b0f5773
> Reviewed-on: https://chromium-review.googlesource.com/1208496
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55682}

TBR=rmcilroy@chromium.org,machenbach@chromium.org,sergiyb@chromium.org

Change-Id: I701abe28317028acbf65769674f15517020d3496
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7285, v8:8140
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/1209347
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55683}
2018-09-06 12:00:54 +00:00
Michael Achenbach
8ac91f6c6a [test] Increase coverage of d8_default test suites
NOTRY=true

Bug: v8:7285,v8:8140
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I9cb216de302bc787189f8f12f5b254909b0f5773
Reviewed-on: https://chromium-review.googlesource.com/1208496
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55682}
2018-09-06 11:36:13 +00:00
Michael Stanton
6da8e1f993 Revert "[Builtins] Array.prototype.forEach perf regression on dictionaries."
This reverts commit 34625fdb5a.

Reason for revert: Test caused timeout, investigating.

Original change's description:
> [Builtins] Array.prototype.forEach perf regression on dictionaries.
> 
> An unnecessary call to ToString() on the array index caused trips to
> the runtime. The fix also includes performance micro-benchmarks so
> we'll have a harder time regressing this case in future.
> 
> Bug: v8:8112
> Change-Id: Iada5bd2e3c6d2246fb1225e7094f3d9c66ddafbd
> Reviewed-on: https://chromium-review.googlesource.com/1206355
> Commit-Queue: Michael Stanton <mvstanton@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55653}

TBR=mvstanton@chromium.org,tebbi@chromium.org

Change-Id: I21de9b9b33edf03f2173f579c4ba0fc3dfd8ff88
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8112
Reviewed-on: https://chromium-review.googlesource.com/1209288
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55681}
2018-09-06 11:00:15 +00:00
Michael Achenbach
ea5ffdfd10 [test] Skip flaky test on ODROIDs in stress mode
NOTRY=true
TBR=yangguo@chromium.org,mvstanton@chromium.org

Change-Id: I8e558509dc324aa5efe1ccb09cb9959eaabc5720
Reviewed-on: https://chromium-review.googlesource.com/1209303
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55680}
2018-09-06 09:26:04 +00:00
Michael Starzinger
c0a9f50c88 [wasm] Add preliminary support for exported exceptions.
This adds the ability to add exception types to the export section of a
module and reference them via the local exception index. Currently the
export object then just contains the local index as a number, which is
only temporary until we have proper export wrappers for exceptions.

Also note that this tightens the restriction for the modules exception
section to be located in between the import and the export section.

R=clemensh@chromium.org
TEST=mjsunit/wasm/exceptions-export
BUG=v8:8091

Change-Id: Ie26081c3f94e71cb576057db7e45ec5bd0e112f9
Reviewed-on: https://chromium-review.googlesource.com/1206873
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55679}
2018-09-06 09:18:26 +00:00
Yutaka Hirano
c4bffcd56d Use ScriptOriginOptions with IsSharedCrossOrigin set for empty script
Currently, neither IsSharedCrossOrigin nor IsOpaque is set for an empty
script. Hence an exception thrown from it (e.g., an exception thrown
from native promise implementation) is treated as an error with
blink::kNotSharableCrossOrigin. On the other hand, as the script is
empty, there is no meaningful URL attached, which means the
ExecutionContext's URL is used as the script's name in
blink::SourceLocation::FromMessage. In other words, it works virtually
as same as blink::kSharableCrossOrigin corresponding to
ScriptOriginOptions with IsSharedCrossOrigin set and IsOpaque unset.

With this CL, a ScriptOriginOptions with IsSharedCrossOrigin is set
and IsOpaque is not set is attached to the empty script, as a
preliminary step to deprecate kNotSharableCrossOrigin.

Bug: chromium:875153,chromium:876248
Change-Id: I39279a43994337329b8bd9d28b6ca29f0ac30d9c
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/1201689
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Yutaka Hirano <yhirano@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55673}
2018-09-06 07:12:20 +00:00
Sathya Gunasekaran
d2a85d1032 [Intl] Fix subclassing of V8BreakIterator
Bug: v8:5751, chromium:881021
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I22514ceb5fb0953b728e67ba5266926e912ce9c1
Reviewed-on: https://chromium-review.googlesource.com/1208516
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55671}
2018-09-06 07:10:10 +00:00
Simon Zünd
cfe7115690 [array] Move Array.p.unshift fall-back to Torque
This CL implements a generic baseline version of Array.p.unshift
in Torque, enabling us to remove the JS fall-back.

The elements-accessor fast-path is still used, but the check whether
to use it is also moved to Torque.

Support for sparse JSArrays is removed.

Drive-by change: Small refactoring in builtins-array that will
get extended to other array builtins in a follow-up CL.

R=cbruni@chromium.org, jgruber@chromium.org

Bug: v8:7624
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I7b23ce15e7b922eb333f61a408050dedec77c95a
Reviewed-on: https://chromium-review.googlesource.com/1189902
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55670}
2018-09-06 07:09:05 +00:00