Commit Graph

52294 Commits

Author SHA1 Message Date
v8-ci-autoroll-builder
5b928e40e7 Update V8 DEPS.
Rolling v8/build: cd7b727..fa87ce6

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/4ed4737..17079a5

Rolling v8/third_party/depot_tools: 25c4fce..6c18a1a

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: I2b67323a005e4dea8f3fe5bd36dd5b94c4d4f744
Reviewed-on: https://chromium-review.googlesource.com/c/1349732
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#57802}
2018-11-24 03:30:57 +00:00
Jakob Kummerow
32c7ab30b9 [ubsan] Port FixedDoubleArray and FixedTypedArray*
to the new design.

Bug: v8:3770
Change-Id: I3cd0a66eefefedc98a641494302fc79d897a153a
Reviewed-on: https://chromium-review.googlesource.com/c/1345910
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57801}
2018-11-24 03:18:53 +00:00
Jakob Kummerow
1e04936701 [ubsan] Port remaining FixedArray subclasses to new design
Bug: v8:3770
Change-Id: I06f7fb1b2915d1c87162cb464d0ed34d08516e24
Reviewed-on: https://chromium-review.googlesource.com/c/1345909
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57800}
2018-11-24 02:05:20 +00:00
Jakob Kummerow
2ad4a36c2f [ubsan] Port OrderedHashTable and subclasses to the new design
Bug: v8:3770
Change-Id: I0bac3cc2a0a2c7e6c1cf18e7db00bdffd2d9f7a1
Reviewed-on: https://chromium-review.googlesource.com/c/1345328
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57799}
2018-11-24 01:03:03 +00:00
Caitlin Potter
8a9cbdacad Reland "[builtins] Implement Object.fromEntries"
This is a reland of a5336471f2

Original change's description:
> [builtins] Implement Object.fromEntries
> 
> Adds the Object.fromEntries() method behind
> --harmony-object-from-entries.
> 
> 
> Includes an initial implementation of the new experimental builtin
> Object.fromEntries implemented by Daniel Clifford, and
> has been modified by Caitlin Potter to support a fast case to skip
> the iterator protocol when it can be done unobservably in common cases.
> 
> There are some incidental changes: A number of CSA macros have been
> updated to use TNodes, and some Context arguments have been
> re-arranged to be implicit in Torque.
> 
> 
> There are also a number of mjsunit tests written mirroring and
> expanding on the test262 tests.
> 
> BUG=v8:8021
> 
> Change-Id: I1c12bee8a2f98c6297b77d5d723910a5e3b630cc
> Co-authored-by: Daniel Clifford <danno@chromium.org>
> Co-authored-by: Caitlin Potter <caitp@igalia.com>
> Reviewed-on: https://chromium-review.googlesource.com/c/1337585
> Commit-Queue: Daniel Clifford <danno@chromium.org>
> Reviewed-by: Daniel Clifford <danno@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#57667}

Bug: v8:8021
Change-Id: I706e2d87bfc2f688e833c1b7d40ca82f5d80f5a2
Reviewed-on: https://chromium-review.googlesource.com/c/1346630
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Cr-Commit-Position: refs/heads/master@{#57798}
2018-11-23 23:43:44 +00:00
Toon Verwaest
2418d22a37 Revert "[zone] Keep one page when we Zone::Reset for reuse"
This reverts commit 8c359f64e2.

Reason for revert: Tentative revert for ASAN breakage

Original change's description:
> [zone] Keep one page when we Zone::Reset for reuse
> 
> Change-Id: I50c6124d3da5b35d4156c066f38d10d2dc966567
> Reviewed-on: https://chromium-review.googlesource.com/c/1349246
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#57793}

TBR=ishell@chromium.org,verwaest@chromium.org

Change-Id: Iff319b5f0ad1a65b1171d219a02a4a75d33910bd
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/1349248
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57797}
2018-11-23 20:44:15 +00:00
Toon Verwaest
4ae9ae50cc [parser] Inline ParseAndClassifyIdentifier, it's smaller
Change-Id: I78dfc1ae0ec7bc47c14d2d525d2f20516e13effa
Reviewed-on: https://chromium-review.googlesource.com/c/1349247
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57796}
2018-11-23 18:00:26 +00:00
Michael Lippautz
ce02d86bf2 [heap] Cleanup embedder tracing APIs
Provide processing scope that makes it impossible to maintain locally
cached wrappers that could get invalidated in Blink and yield in
crashers.

Bug: chromium:843903, v8:8238
Change-Id: I7ba1905f6c77a97bcc61ac42f921dcac4772471f
Reviewed-on: https://chromium-review.googlesource.com/c/1349276
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57795}
2018-11-23 17:40:39 +00:00
Toon Verwaest
b792240658 [parser] Move recording of strict eval arguments to clients
Change-Id: Icbda182a894ce6508efbfa3bdb17ba3adce360c7
Reviewed-on: https://chromium-review.googlesource.com/c/1349573
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57794}
2018-11-23 17:28:28 +00:00
Toon Verwaest
8c359f64e2 [zone] Keep one page when we Zone::Reset for reuse
Change-Id: I50c6124d3da5b35d4156c066f38d10d2dc966567
Reviewed-on: https://chromium-review.googlesource.com/c/1349246
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57793}
2018-11-23 17:20:58 +00:00
Toon Verwaest
e167ad823e [parser] Reduce reliance on ExpressionClassifier to detect pattern errors
Rather check expressions used as patterns directly. Check parentheses by
tagging parenthesized expressions as parenthesized.

This allows us to drop UnexpectedPatternToken and makes it clear why a specific
token is unexpected (because it's invalid in a binding pattern).

This also more uniformly restores messages like "Invalid destructuring
assignment target".

Change-Id: Idd98e9116c85de4c2304cf1fef1baa097b67149d
Reviewed-on: https://chromium-review.googlesource.com/c/1349572
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57792}
2018-11-23 16:59:47 +00:00
Hannes Payer
8a659d3859 Derive kMaximumSlots in ConstructorBuiltins from kMaxRegularHeapObjectSize.
Bug: chromium:852420
Change-Id: I348dbf52bc43078861e40e8377257c8f9a2bc920
Reviewed-on: https://chromium-review.googlesource.com/c/1349242
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57791}
2018-11-23 15:37:42 +00:00
Leszek Swirski
ca086a497c [parser] Perfect hash for keywords
Use gperf to generate a perfect hash table for keyword lookup. Adds a
python script which munges the output of gperf and adds additional
cleanup and optimisations.

Change-Id: I3656a7287dbd0688917893de3a671faef9e4578a
Reviewed-on: https://chromium-review.googlesource.com/c/1349240
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57790}
2018-11-23 14:55:57 +00:00
Peter Marshall
1e85444372 [cleanup] Add a helper explicitly for BuiltinId functions in bootstrapper
- Remove the InstallFunction variant which just passed its arguments
  straight to JSObject::AddProperty
- Change InstallFunction to accept a String rather than a Symbol as all
  symbol installation goes through InstallFunctionAtSymbol now. This way
  we can avoid the call to Name::ToFunctionName as well
- Add an explicit helper InstallFunctionWithBuiltinId for installing
  functions which have a builtin ID. These are always installed with
  DONT_ENUM PropertyAttributes so we can remove that parameter, too.
- Remove PropertyAttributes from InstallFunction because it is always
  DONT_ENUM.

Bug: v8:8238
Change-Id: I7af3d6d833d50065c20e198e21a72ef4a539c1ca
Reviewed-on: https://chromium-review.googlesource.com/c/1349284
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57789}
2018-11-23 14:47:07 +00:00
Andreas Haas
26b145ab12 [api] Deprecate ExternalStringResourceBase::IsCompressible
R=yangguo@chromium.org

Bug: v8:8238
Change-Id: Ia59aefc54c2e9f4fa3348c42fb45e7fadab8ee76
Reviewed-on: https://chromium-review.googlesource.com/c/1349231
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57788}
2018-11-23 13:43:48 +00:00
Andreas Haas
a921d89e5f [api] Promote RegisterDefaultSignalHandler to DEPRECATED
R=yangguo@chromium.org

Bug: v8:8238
Change-Id: I657ec92031ffe8241eaac67ba207bddc989c73a7
Reviewed-on: https://chromium-review.googlesource.com/c/1349234
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57787}
2018-11-23 13:42:42 +00:00
Marja Hölttä
6fa8283d0e Reland "[objects.h splitting] Move AsyncGeneratorRequest"
This is a reland of 8175648018

Original change's description:
> [objects.h splitting] Move AsyncGeneratorRequest
>
> BUG=v8:5402,v8:8238
>
> Change-Id: I988b1e0b7a958d06690820632bc533d9e5338535
> Reviewed-on: https://chromium-review.googlesource.com/c/1349190
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Marja Hölttä <marja@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#57776}

TBR=clemensh@chromium.org,ulan@chromium.org

Bug: v8:5402, v8:8238
Change-Id: I9f4b6b761313be586612df7e7753b97f99c4d1e9
Reviewed-on: https://chromium-review.googlesource.com/c/1349283
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57786}
2018-11-23 13:12:45 +00:00
Yang Guo
886cd71e69 Revert "[Compiler] Ensure unoptimized code generation is context independent."
This reverts commit 38cd61d0e0.

Reason for revert: Layout test http/tests/asmjs/asm-warnings.html fails due to missing context.

See https://ci.chromium.org/p/chromium/builders/luci.chromium.try/linux_chromium_rel_ng/238991


crash log for renderer (pid <unknown>):
STDOUT: <empty>
STDERR: [1:1:1123/024436.020348:FATAL:script_state.h(140)] Check failed: !context.IsEmpty(). 
STDERR: #0 0x5556817298df base::debug::StackTrace::StackTrace()
STDERR: #1 0x55568167b5fb logging::LogMessage::~LogMessage()
STDERR: #2 0x55568154ed45 blink::ScriptState::From()
STDERR: #3 0x555683047aa9 blink::V8Initializer::MessageHandlerInMainThread()
STDERR: #4 0x5556801793c8 v8::internal::MessageHandler::ReportMessageNoExceptions()
STDERR: #5 0x555680178652 v8::internal::MessageHandler::ReportMessage()
STDERR: #6 0x5556802c2563 v8::internal::PendingCompilationErrorHandler::ReportWarnings()
STDERR: #7 0x55567fc8bcd3 v8::internal::(anonymous namespace)::FinalizeUnoptimizedCode()
STDERR: #8 0x55567fc8b668 v8::internal::Compiler::Compile()
STDERR: #9 0x55567fc8be6b v8::internal::Compiler::Compile()
STDERR: #10 0x55568033a36f v8::internal::__RT_impl_Runtime_CompileLazy()
STDERR: #11 0x5556808f2492 <unknown>
STDERR: 
STDERR: [25209:25254:1123/024436.075700:WARNING:crash_handler_host_linux.cc(341)] Could not translate tid, attempt = 1 retry ...


The issue seems to be that we do require the context for when we report a compile error when finalizing the compilation.

Original change's description:
> [Compiler] Ensure unoptimized code generation is context independent.
> 
> Now that Asm.js code is also context independent, move code to ensure context independence
> from BytecodeGenerator to FinalizeUnoptimizedCode.
> 
> Change-Id: I7738eb3b347ea82764ecd3b5548dc82cb06d2f4e
> Reviewed-on: https://chromium-review.googlesource.com/c/1347483
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#57730}

TBR=rmcilroy@chromium.org,mstarzinger@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Change-Id: Iaa15e608b35a3396ba51a03f996c6de1330f0016
Reviewed-on: https://chromium-review.googlesource.com/c/1349236
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57785}
2018-11-23 13:01:12 +00:00
Andreas Haas
63960f7b1c [api] Promote ExternalOneByteStringResourceImpl to DEPRECATED
R=yangguo@chromium.org

Bug: v8:8238
Change-Id: I37acbc2b7f14d16a57a27cc235769f8a7c18e3a1
Reviewed-on: https://chromium-review.googlesource.com/c/1349232
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57784}
2018-11-23 12:56:24 +00:00
Andreas Haas
1624b5c679 [api][wasm] Mark all streaming compilation callback as DEPRECATE_SOON
The callback set with this function is already not used anymore.

R=yangguo@chromium.org

Bug: chromium:860637, v8:8238
Change-Id: I26f4528720e936dcc9b7b244dff7db97a4b43273
Reviewed-on: https://chromium-review.googlesource.com/c/1345989
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57783}
2018-11-23 12:51:02 +00:00
Toon Verwaest
8860eb44e2 [parser] Cleanup pattern error related code
- Reuse CheckDestructuringElement for object rest destructuring,
- don't duplicate eval/arguments detection in object patterns,
- don't unnecessarily locally validate expression when async(...) is a call,
- don't classify pattern error for Property since it's only invalid as a binding pattern.

Change-Id: I0eaf6abff39a563c2d6dc07dfbb17071c0f76caf
Reviewed-on: https://chromium-review.googlesource.com/c/1349282
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57782}
2018-11-23 12:49:52 +00:00
Clemens Hammacher
49a79c9087 [Liftoff] Compile validation method only for SLOW_DCHECK
This method is only used in a slow dcheck, thus omit it completely
otherwise.

R=ahaas@chromium.org

Bug: v8:8238
Change-Id: Ic23d0ff10a1dfe9f383237c99a365c2d3ee93e51
Reviewed-on: https://chromium-review.googlesource.com/c/1349233
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57781}
2018-11-23 12:44:36 +00:00
Igor Sheludko
f3fd0b3c31 [ptr-compr] Make Code serialization pointer compression friendly
Bug: v8:7703
Change-Id: I47e6971bc99186cb6861164ec2a246ebcd770219
Reviewed-on: https://chromium-review.googlesource.com/c/1349230
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57780}
2018-11-23 12:43:30 +00:00
George Wort
82f9933129 [liftoff][arm] Implement Sign Extension
This implements sign extension for the arm32 port of Liftoff.

Bug: v8:6600
Change-Id: Ib9fb56835b92fa96af013fd3504395d24a27e10e
Reviewed-on: https://chromium-review.googlesource.com/c/1348429
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57779}
2018-11-23 12:24:37 +00:00
George Wort
7aad32cda1 [liftoff][arm] Implement type conversion
This implements type conversion for the arm32 port of Liftoff.

Bug: v8:6600
Change-Id: Id100df92dc5e9f9df1b7b26158e35bb36b742f10
Reviewed-on: https://chromium-review.googlesource.com/c/1348409
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57778}
2018-11-23 12:13:37 +00:00
Clemens Hammacher
9aa861c4bc Revert "[objects.h splitting] Move AsyncGeneratorRequest"
This reverts commit 8175648018.

Reason for revert: Breaks several builders, e.g. https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20builder/37808

Original change's description:
> [objects.h splitting] Move AsyncGeneratorRequest
> 
> BUG=v8:5402,v8:8238
> 
> Change-Id: I988b1e0b7a958d06690820632bc533d9e5338535
> Reviewed-on: https://chromium-review.googlesource.com/c/1349190
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Marja Hölttä <marja@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#57776}

TBR=marja@chromium.org,clemensh@chromium.org,tebbi@chromium.org

Change-Id: I5b654f5eed5764af764ed6e96e308da75cd28fe0
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:5402, v8:8238
Reviewed-on: https://chromium-review.googlesource.com/c/1349235
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57777}
2018-11-23 12:11:38 +00:00
Marja Hölttä
8175648018 [objects.h splitting] Move AsyncGeneratorRequest
BUG=v8:5402,v8:8238

Change-Id: I988b1e0b7a958d06690820632bc533d9e5338535
Reviewed-on: https://chromium-review.googlesource.com/c/1349190
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57776}
2018-11-23 12:01:14 +00:00
Marja Hölttä
cfb1da53fb [iwyu] context-inl.h iwyu
+ fixing other files which were depending on context-inl.h pulling in the
missing includes.

BUG=v8:7490,v8:8238

Change-Id: I90d37599bdfb69ac8fd7e62b8fb78d9d77c77234
Reviewed-on: https://chromium-review.googlesource.com/c/1349277
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57775}
2018-11-23 11:52:31 +00:00
Toon Verwaest
2e0523324c [parser] Cleanup pattern classification
This changes the split from AssignmentPattern and BindingPattern to Pattern and
BindingPattern. Pattern collects all errors that are invalid in both assignment
and binding pattern contexts. Binding pattern additionally collects errors for
binding pattern contexts (property access isn't a valid target). The
distinction is piggybacked on to distinguish assignment vs binding pattern
errors since binding pattern verification will first throw the binding pattern
error.

Since we don't throw pattern error as binding pattern as well, this can mean
that a later binding pattern syntax error will show up before an early pattern
error. Since that just changes the message to another syntax violation, I think
that's fine.

Change-Id: Ib6a22c8d11c49eacc6667ae8ee5e98bababadd43
Reviewed-on: https://chromium-review.googlesource.com/c/1349273
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57774}
2018-11-23 11:33:21 +00:00
Peter Marshall
f69dd4bf1b [cleanup] Use InstallFunctionAtSymbol everywhere in the bootstrapper
This helper cleans up the callsites of the Symbol.toPrimitive
installations. As a bonus, we can remove an unused CreateFunction
variant now.

Bug: v8:8238
Change-Id: I017acc9464d6179e8bf53767f8bbc953272b46ed
Reviewed-on: https://chromium-review.googlesource.com/c/1349275
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57773}
2018-11-23 11:28:21 +00:00
Daniel Clifford
ec8285799a [torque] fix bugs found by using implicit params in generics at scale
Bug: v8:7793
Change-Id: I2d5154eabd549c0518ca41dae6ef7bd047f3e1ef
Reviewed-on: https://chromium-review.googlesource.com/c/1348072
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57772}
2018-11-23 11:14:31 +00:00
Jakob Kummerow
56e161e811 [ubsan] Port Context to the new design
Bug: v8:3770
Change-Id: I07f48b1ee8814a006e6787ad8261fa8388b4298d
Reviewed-on: https://chromium-review.googlesource.com/c/1345327
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57771}
2018-11-23 11:03:54 +00:00
Michael Lippautz
81b5f713c8 Reland "[heap] Improve embedder tracing during incremental marking"
Add a path into embedder tracing on allocation. This is safe as as Blink
is not allowed to call into V8 during object construction.

This is a reland of caed2cc033.

Bug: chromium:843903
Change-Id: I7faa8413966f6b4d37f19b235d46bb09e4d47235
Bug: chromium:843903
Reviewed-on: https://chromium-review.googlesource.com/c/1349330
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57770}
2018-11-23 10:54:52 +00:00
Peter Marshall
c65712e1c8 [cleanup] Clean up InstallFunction variants in the bootstrapper
- Remove an unused param from InstallFunction
- Remove an InstallFunction variant which just rearranges the order of
  the arguments
- Consistently use const char* string literals as property names rather
  than e.g. factory->return_string() just write "return" because it is
  easier for humans to read. All the strings are internalized anyway and
  this happens at mksnapshot time, so there is no performance penalty.
- Remove the maybe_prototype arguments to CreateFunction. We always know
  at the callsite whether we have a prototype or not, so just call the
  variant that takes a prototype or the new CreateFunction variant which
  takes a Builtin::name.
- Rename a SimpleInstallFunction variant which was only used for symbols
  to InstallFunctionAtSymbol. This also makes it clear that this is the
  only case where property_name and function_name differ.

Bug: v8:8238
Change-Id: I2400de90ebe837694e777cff1419858037ee51cc
Reviewed-on: https://chromium-review.googlesource.com/c/1349271
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57769}
2018-11-23 10:44:10 +00:00
Yang Guo
ac85ab0a3d Revert "Reland "[turbofan] Use feedback when reducing global loads/stores.""
This reverts commit e64f7c0ae0.

Reason for revert: this breaks chromedriver_py_test on Mac and Windows. This blocks the roll.

Details:

- DEPS roll with V8 pointing to this commit fails: https://chromium-review.googlesource.com/c/chromium/src/+/1349251
- DEPS roll with V8 pointing to the parent of this commit succeeds: https://chromium-review.googlesource.com/c/chromium/src/+/1349214

Original change's description:
> Reland "[turbofan] Use feedback when reducing global loads/stores."
> 
> This is a reland of 9c91b6877a after
> fixing undefined behavior in numeric conversion that caused trouble
> on arm32.
> 
> Original change's description:
> > [turbofan] Use feedback when reducing global loads/stores.
> >
> > We already record the script context location or the property cell
> > as feedback of the global load/store IC, so Turbofan doesn't need
> > to do the lookups again.
> >
> > Change-Id: I6cbd2937de344729cd8e146b4ff85ddf3de6a56e
> > Reviewed-on: https://chromium-review.googlesource.com/c/1335691
> > Commit-Queue: Georg Neis <neis@chromium.org>
> > Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#57555}
> 
> Change-Id: Ic2d09025de02f92199755ac860bb9e91fa08f4ec
> Reviewed-on: https://chromium-review.googlesource.com/c/1340043
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#57649}

TBR=neis@chromium.org,bmeurer@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Change-Id: I7c9364d6a0bea6681fe9e25b28206cfc2c8557a7
Reviewed-on: https://chromium-review.googlesource.com/c/1349272
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57768}
2018-11-23 10:28:43 +00:00
George Wort
15ca25a446 [liftoff][arm] Implement AssertUnreachable
This implements AssertUnreachable for the arm32 port of Liftoff.

Bug: v8:6600
Change-Id: I9aa5083dc1be175fc5f2f386d8aace021bab3b03
Reviewed-on: https://chromium-review.googlesource.com/c/1346335
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57767}
2018-11-23 10:24:32 +00:00
George Wort
940d6f33ee [liftoff][arm] Implement complex i32 functionality
This implements popcnt, division and remainder on i32 for the arm32 port of Liftoff.

Bug: v8:6600
Change-Id: I2aac78596ef9799bf8fcfc791c0e946a8388f62f
Reviewed-on: https://chromium-review.googlesource.com/c/1346497
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57766}
2018-11-23 10:11:12 +00:00
George Wort
8239c344fe [liftoff][arm] Implement basic i32 functionality
This implements arithmetic operations on i32, comparisons, and conditional
jumps for the arm32 port of Liftoff.

Bug: v8:6600
Change-Id: Ib8d6e4dd99c725d9c5bff06d31c64e7ba4639297
Reviewed-on: https://chromium-review.googlesource.com/c/1346334
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57765}
2018-11-23 10:01:22 +00:00
Jakob Kummerow
a1c88a4451 [ubsan] Port HashTableBase and subclasses to the new design
Bug: v8:3770
Change-Id: I9a3f289ac6236b88476167150565e8183d6f5461
Reviewed-on: https://chromium-review.googlesource.com/c/1345326
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57764}
2018-11-23 09:34:18 +00:00
Yang Guo
33713b5b61 Revert "[heap] Release dead young generation large objects in the Scavenger."
This reverts commit 40b448eadd.

Reason for revert: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Win64/27711

Original change's description:
> [heap] Release dead young generation large objects in the Scavenger.
> 
> Bug: chromium:852420
> Change-Id: Ieefbee7bfd625d62e9104950bdfa8e46d5f4270a
> Reviewed-on: https://chromium-review.googlesource.com/c/1348081
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Hannes Payer <hpayer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#57761}

TBR=ulan@chromium.org,hpayer@chromium.org

Change-Id: I6b57dd8ed92d85b5ce012da754611278ceaefe20
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:852420
Reviewed-on: https://chromium-review.googlesource.com/c/1349270
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57763}
2018-11-23 09:15:33 +00:00
Yang Guo
5fc7356c50 Update WATCHLIST wrt yangguo
R=jgruber@chromium.org

Change-Id: I49c08217d0c8e452afe84ad76ae6d60367802e82
Reviewed-on: https://chromium-review.googlesource.com/c/1348075
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57762}
2018-11-23 08:29:12 +00:00
Hannes Payer
40b448eadd [heap] Release dead young generation large objects in the Scavenger.
Bug: chromium:852420
Change-Id: Ieefbee7bfd625d62e9104950bdfa8e46d5f4270a
Reviewed-on: https://chromium-review.googlesource.com/c/1348081
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57761}
2018-11-23 08:04:49 +00:00
Dan Elphick
83fb2f8dd7 Reland "[cleanup] Move methods to V8_DEPRECATED"
This is a reland of a6e3cdd9b5

Now only changes ObjectTemplate::NewInstance.

Original change's description:
> [cleanup] Move methods to V8_DEPRECATED
>
> Updates ObjectTemplate::NewInstance and FunctionTemplate::GetFunction
> from V8_DEPRECATED_SOON to V8_DEPRECATED, now that they're unused in
> chrome.
>
> Bug: v8:7294, v8:7295, v8:8238
> Change-Id: Ic7cb2c410ff812f73cfd108551f2a1a20722df07
> Reviewed-on: https://chromium-review.googlesource.com/c/1344151
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#57657}

Bug: v8:7294, v8:7295, v8:8238
Change-Id: I52ec021bc92600f67cf27791d5b2df2a4342a4d5
Reviewed-on: https://chromium-review.googlesource.com/c/1348079
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57760}
2018-11-23 07:46:50 +00:00
Yang Guo
cb93a308fc Revert "[heap] Improve embedder tracing during incremental marking"
This reverts commit caed2cc033.

Reason for revert: Breaks layout tests, e.g.

https://test-results.appspot.com/data/layout_results/V8-Blink_Linux_64__dbg_/14924/webkit_layout_tests%20%28with%20patch%29/layout-test-results/results.html

crash log for renderer (pid <unknown>):
STDOUT: <empty>
STDERR: 
STDERR: 
STDERR: #
STDERR: # Fatal error in ../../v8/src/base/platform/elapsed-timer.h, line 24
STDERR: # Debug check failed: !IsStarted().
STDERR: #
STDERR: #
STDERR: #
STDERR: #FailureMessage Object: 0x7ffc46707640#0 0x565409263b6f base::debug::StackTrace::StackTrace()
STDERR: #1 0x56540a8a32fb gin::(anonymous namespace)::PrintStackTrace()
STDERR: #2 0x56540a8980d8 V8_Fatal()
STDERR: #3 0x56540a897e35 v8::base::(anonymous namespace)::DefaultDcheckHandler()
STDERR: #4 0x565407971f02 v8::base::ElapsedTimer::Start()
STDERR: #5 0x565407d08edf v8::internal::TimedHistogram::Start()
STDERR: #6 0x565407e500d5 v8::internal::IncrementalMarking::AdvanceIncrementalMarkingOnAllocation()
STDERR: #7 0x565407e4f977 v8::internal::IncrementalMarking::Observer::Step()
STDERR: #8 0x565407e48092 v8::internal::AllocationObserver::AllocationStep()
STDERR: #9 0x565407eb0751 v8::internal::SpaceWithLinearArea::InlineAllocationStep()
STDERR: #10 0x565407eb3e44 v8::internal::NewSpace::EnsureAllocation()
STDERR: #11 0x565407e258ff v8::internal::NewSpace::AllocateRaw()
STDERR: #12 0x565407e06b2d v8::internal::Heap::AllocateRaw()
STDERR: #13 0x565407e432ef v8::internal::Heap::AllocateRawWithLightRetry()
STDERR: #14 0x565407e433cf v8::internal::Heap::AllocateRawWithRetryOrFail()
STDERR: #15 0x565407e04d48 v8::internal::Factory::NewFixedArrayWithFiller()
STDERR: #16 0x565407fd6339 v8::internal::HashTable<>::New()
STDERR: #17 0x565407fd7be8 v8::internal::HashTable<>::EnsureCapacity()
STDERR: #18 0x565407fc7e95 v8::internal::Dictionary<>::Add()
STDERR: #19 0x565407fcf453 v8::internal::BaseNameDictionary<>::Add()
STDERR: #20 0x565407f89ee4 v8::internal::LookupIterator::ApplyTransitionToDataProperty()
STDERR: #21 0x5654080036e2 v8::internal::Object::AddDataProperty()
STDERR: #22 0x56540793061f v8::internal::(anonymous namespace)::DefineDataProperty()
STDERR: #23 0x56540792da59 v8::internal::(anonymous namespace)::InstantiateObject()
STDERR: #24 0x56540792b75a v8::internal::(anonymous namespace)::InstantiateFunction()
STDERR: #25 0x56540792b4db v8::internal::ApiNatives::InstantiateFunction()
STDERR: #26 0x5654079594bf v8::FunctionTemplate::GetFunction()
STDERR: #27 0x56540a7af74e blink::V8ObjectConstructor::CreateInterfaceObject()
STDERR: #28 0x56540a7afe01 blink::V8PerContextData::ConstructorForTypeSlowCase()
STDERR: #29 0x56540a7afdd6 blink::V8PerContextData::ConstructorForTypeSlowCase()
STDERR: #30 0x56540a7afdd6 blink::V8PerContextData::ConstructorForTypeSlowCase()
STDERR: #31 0x56540a7afcb4 blink::V8PerContextData::CreateWrapperFromCacheSlowCase()
STDERR: #32 0x56540a7aef73 blink::V8DOMWrapper::CreateWrapper()
STDERR: #33 0x56540a7abf6b blink::ScriptWrappable::Wrap()
STDERR: #34 0x56540a677199 blink::V8Document::documentElementAttributeGetterCallback()
STDERR: #35 0x565407a0aec3 v8::internal::FunctionCallbackArguments::Call()
STDERR: #36 0x565407a097be v8::internal::(anonymous namespace)::HandleApiCallHelper<>()
STDERR: #37 0x565407a0877b v8::internal::Builtins::InvokeApiFunction()
STDERR: #38 0x565407fe785a v8::internal::Object::GetPropertyWithAccessor()
STDERR: #39 0x565407fe697e v8::internal::Object::GetProperty()
STDERR: #40 0x565407ec8c71 v8::internal::LoadIC::Load()
STDERR: #41 0x565407ed6401 v8::internal::__RT_impl_Runtime_LoadIC_Miss()
STDERR: #42 0x5654087593f2 <unknown>
STDERR: [16162:16185:1122/143518.356897:WARNING:crash_handler_host_linux.cc(341)] Could not translate tid, attempt = 1 retry ...


Original change's description:
> [heap] Improve embedder tracing during incremental marking
> 
> Add a path into embedder tracing on allocation. This is safe as as Blink
> is not allowed to call into V8 during object construction.
> 
> Bug: chromium:843903
> Change-Id: I5af053c3169f5a33778ebce5d7c5c43e4efb1aa4
> Reviewed-on: https://chromium-review.googlesource.com/c/1348749
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#57757}

TBR=ulan@chromium.org,mlippautz@chromium.org

Change-Id: Ide2c0b284b52bee17573adcc89f14be4e40dab91
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:843903
Reviewed-on: https://chromium-review.googlesource.com/c/1349189
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57759}
2018-11-23 07:45:46 +00:00
v8-ci-autoroll-builder
c1b527f8f7 Update V8 DEPS.
Rolling v8/build: 05ea63b..cd7b727

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/aa21a92..4ed4737

Rolling v8/third_party/depot_tools: d66dad7..25c4fce

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: Id8608976646cb19b61698a6bc824977c5d55357a
Reviewed-on: https://chromium-review.googlesource.com/c/1349110
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#57758}
2018-11-23 03:44:51 +00:00
Michael Lippautz
caed2cc033 [heap] Improve embedder tracing during incremental marking
Add a path into embedder tracing on allocation. This is safe as as Blink
is not allowed to call into V8 during object construction.

Bug: chromium:843903
Change-Id: I5af053c3169f5a33778ebce5d7c5c43e4efb1aa4
Reviewed-on: https://chromium-review.googlesource.com/c/1348749
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57757}
2018-11-22 21:26:02 +00:00
Igor Sheludko
78ca705f47 [cleanup] Fix kPointerSize usages in src/objects/, part 2
Bug: v8:8477, v8:8238
Tbr: bmeurer@chromium.org
Change-Id: I03e6e83bc805c6880318161e00b367df0a3b4003
Reviewed-on: https://chromium-review.googlesource.com/c/1348434
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57756}
2018-11-22 19:36:09 +00:00
Hannes Payer
be77c3ef75 [heap] Handle young generation large objects by MC.
Bug: chromium:852420
Change-Id: Ice7548bf9993bc5dd57b301c410c019eb956daa5
Reviewed-on: https://chromium-review.googlesource.com/c/1348077
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57755}
2018-11-22 17:48:43 +00:00
Leszek Swirski
cd78a04587 [parser] Tighten CanBeKeywordCharacter
Use the list of keywords to tighten the CannotBeKeyword scan flag to
also exclude lower case letters which are not present in any of the
keywords.

Change-Id: I6a00b5f5ee8f47088539806f15890a7489441fea
Reviewed-on: https://chromium-review.googlesource.com/c/1347475
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57754}
2018-11-22 17:46:23 +00:00
Toon Verwaest
b03ae1870c [parser] Track duplicate formals through FormalParametersT
This simplifies the ExpressionClassifier a bit again, making it a little more
understandable.

Change-Id: I57bdd871b10409ea04b33748609160f2b40a498a
Reviewed-on: https://chromium-review.googlesource.com/c/1348431
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57753}
2018-11-22 17:32:08 +00:00