Commit Graph

57434 Commits

Author SHA1 Message Date
Simon Zünd
48da24bb48 Change how start and end addresses of young strings are retrieved
This CL changes how the start and end address for the iteration are
retrieved from an std::vector that won't cause a failed assertion.

There are some std::vector implementations that contain bounds checks.
The string table iteration code uses an access like
{&young_strings_[young_strings_.size()]} to retrieve the end address
for an iteration. This results in a out of bounds exception on such a
std::vector implementation even though the "element" itself is not actually
accessed.

Change-Id: I31db8994a7ff613897ad9deac953a1ee91f322b3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1704097
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62742}
2019-07-16 13:22:24 +00:00
Thibaud Michaud
fac5898d2b Revert "reland [wasm] Compile JS to WASM wrappers asynchronously"
This reverts commit 117ddc8f6d.

Reason for revert: The isolate is needed for accessing builtins, and can die during async compilation.

Original change's description:
> reland [wasm] Compile JS to WASM wrappers asynchronously
> 
> The context was not set during streaming compilation.
> The initial upload is the original CL and patch set 1 is the fix.
> 
> Original CL:
> 
> > [wasm] Compile JS to WASM wrappers asynchronously
> >
> > R=mstarzinger@chromium.org, ahaas@chromium.org
> >
> > Bug: v8:9231
> > Change-Id: I9e18073bbe25bf8c9c5f9ace102316e6209d0459
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1669699
> > Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> > Reviewed-by: Andreas Haas <ahaas@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#62672}
> 
> R=​mstarzinger@chromium.org, ahaas@chromium.org
> 
> Cq-Include-Trybots: luci.v8.try:v8_linux_blink_rel
> Bug: v8:9231
> Change-Id: I61fc11a6de54cc6e93f3600487a89fa5d2350f0e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1701850
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
> Auto-Submit: Thibaud Michaud <thibaudm@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62721}

TBR=mstarzinger@chromium.org,ahaas@chromium.org,thibaudm@chromium.org

Change-Id: Ie258317f04a944e8e08993dbffb524f722cceddc
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9231
Cq-Include-Trybots: luci.v8.try:v8_linux_blink_rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1704094
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62741}
2019-07-16 11:39:53 +00:00
Milad Farazmand
55f7b1bbbe PPC/s390: [wasm] Split jump table and lazy compile table
Port 56eaec9d49

Original Commit Message:

    We had both jump slots and lazy compile slots in the same table. This
    increases the space per slot to the maximum of the two, even though we
    often do not use lazy compilation and could have smaller jump slots.
    This CL splits the two into two separate tables. The lazy compile table
    will only be created on demand, and will never be patched.
    The jump table now only contains jumps, and is more compact (which
    might improve performance because of improved locality).

R=clemensh@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: I7bece77c02f8075da54d664215989339f2958ccd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1702126
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#62740}
2019-07-16 11:37:30 +00:00
Santiago Aboy Solanes
c85afa2668 [cleanup][turbofan] Remove empty else if in RegisterAllocator.
Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:9396
Change-Id: Ie00cb7de1b16525553baf9b555b3f84e8d86d073
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1702617
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62739}
2019-07-16 11:35:30 +00:00
Sigurd Schneider
47e077a28a [deoptimizer] Check whether output frames fit into stack space
Change-Id: I7af0fe843f73b702b03ffa50ecca19aabd7583b8
Bug: chromium:983850
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1701858
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62738}
2019-07-16 11:14:10 +00:00
Simon Zünd
8ae4143a24 [wasm] Fix alloc/dealloc size mismatch for WasmInstructionBuffer
On newer compilers the {operator delete} with explicit {size_t}
argument would be instantiated for {WasmInstructionBuffer} and used
in the destructor of {std::unique_ptr<WasmInstructionBuffer>}. The
{size_t} argument is wrong though, since the pointer actually points
to a {WasmInstructionBufferImpl} object.
The solution is to explicitly provide a {operator delete}, preventing
an implicitly generated {size_t} operator.

R=clemensh@chromium.org

Change-Id: I2cc22078d03a523121309bae94f5b612cb98e112
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1702613
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62737}
2019-07-16 10:00:20 +00:00
Clemens Hammacher
ee45ce9c09 Revert "[wasm] Update spec tests"
This reverts commit ee2b5a567c.

Reason for revert: wasm-spec-tests\tests\conversions.js fails on win32-debug: https://ci.chromium.org/p/v8/builders/ci/V8%20Win32%20-%20debug/21210

Original change's description:
> [wasm] Update spec tests
> 
> R=​clemensh@chromium.org
> 
> Change-Id: Ia4c70327861d5025f4a09513a02bc6176e7b8f18
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1702606
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62733}

TBR=ahaas@chromium.org,clemensh@chromium.org

Change-Id: I16382ab16681660ef2042027ce0cb87d5b4af3ee
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1702614
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62736}
2019-07-16 09:45:44 +00:00
Tamer Tas
d270056f25 [perf] mask timeout failures if they succeed after retries
perfrunner returns a failure if the build timeouts at any point even if it's
successful after retries. It tries to surface up the timeout issue. Due to this,
some bots stay red consistently, and confuses the sheriffs.

This CL masks the timeouts if the suite succeeds in the end.

TBR=verwaest@chromium.org,sergiyb@chromium.org

Bug: v8:9494
Change-Id: I8e107e80dfaa51095501bb2e855d9fbbe4023da9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1702612
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Auto-Submit: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Tamer Tas <tmrts@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62735}
2019-07-16 09:38:40 +00:00
Ng Zhi An
4334e2b85f Fix ubsan errors in tests
See https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20UBSan/7102

Change-Id: I2c6577be06dbcafe11f7911cc6b3ec4b7bea5c5a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1703764
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62734}
2019-07-16 09:18:40 +00:00
Andreas Haas
ee2b5a567c [wasm] Update spec tests
R=clemensh@chromium.org

Change-Id: Ia4c70327861d5025f4a09513a02bc6176e7b8f18
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1702606
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62733}
2019-07-16 08:47:09 +00:00
Maya Lekova
27debb8ce2 Reland "Temporarily remove --concurrent-inlining from --future"
This reverts commit 6805395d9b.

Reason for revert: Breaks Speedometer, blocking the roll. See attached bug.

Original change's description:
> Revert "Temporarily remove --concurrent-inlining from --future"
> 
> This reverts commit 060b9ec4a8, as the
> issue has been resolved.
> 
> Bug: v8:7790
> Change-Id: Id8a56ad50a508eacd191f2777cc5afc0b838364f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1700078
> Commit-Queue: Georg Neis <neis@chromium.org>
> Commit-Queue: Michael Stanton <mvstanton@chromium.org>
> Reviewed-by: Michael Stanton <mvstanton@chromium.org>
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Auto-Submit: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62713}

TBR=mvstanton@chromium.org,neis@chromium.org,mslekova@chromium.org

Change-Id: If952cc8c8b6017c4d41e92df56acc4b80670e2c5
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7790, v8:9491
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1702607
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62732}
2019-07-16 08:07:22 +00:00
Darius Mercadier
bcd00b2ad6 [heap] Add FreeListMany stragety (--gc-freelist-strategy=2)
This CL adds a new FreeList strategy, that can be turned on by using
flag `--gc-freelist-strategy=2`. It uses a lot (about 50)
FreeListCategories instead of the 6 ones used in FreeListLegacy.
Allocation is done using a best-fit strategy. However, FreeListMany
could be subclassed in order to change the allocation strategy while
still using the same freelists.

Using this strategy is expected to reduce memory usage but to also
reduce allocation performances.

Bug: v8:9329
Change-Id: I201be863270a3287701fefdd9e14ba7849a8a551
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1698392
Commit-Queue: Darius Mercadier <dmercadier@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62731}
2019-07-16 08:02:29 +00:00
Shawn Presser
23d485508b Update v8 to run on iPhone
iOS uses 16kb memory pages. This change modifies OS::GetRandomMmapAddr()
to return a 16kb-aligned address on apple ARM64.

The mrs instruction is invalid on iOS. This change modifies
CacheLineSizes::CacheLineSizes() so that mrs is not executed.

Change-Id: I13fcc8498e715c03432c7a652ee723660f746069
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1701127
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62730}
2019-07-16 07:31:39 +00:00
Frank Tang
4babedaeeb Roll test262
https://chromium.googlesource.com/external/github.com/tc39/test262/+log/6cb0a5..26a2268

Bug: v8:7834
Change-Id: Iaf99fd0a8f53554fbe36f66c2e9c2527ab2001f8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1702634
Auto-Submit: Frank Tang <ftang@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62729}
2019-07-16 07:05:59 +00:00
Ng Zhi An
57406c3d46 [wasm simd] Implement F64x2 Gt Ge Lt Le on x64
Bug: v8:8460
Change-Id: I98ae0b9cf90201ddf61488104f4c49df4e73b8dc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1690201
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62728}
2019-07-16 05:13:19 +00:00
Ng Zhi An
40d7e1a624 [wasm simd] Implement I64x2Mul
Bug: v8:8460
Change-Id: Ie7df93babd3b3345166890d57e341b5f8ddac01b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1687776
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62727}
2019-07-16 04:58:19 +00:00
v8-ci-autoroll-builder
81b289a0c5 Update V8 DEPS.
Rolling v8/build: 0998f8c..71a5c6e

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/982e952..43959e2

Rolling v8/third_party/depot_tools: d3af699..2c92208

Rolling v8/third_party/instrumented_libraries: 523c0fd..27b2da1

TBR=machenbach@chromium.org,sergiyb@chromium.org,tmrts@chromium.org

Change-Id: I76ac00d67537b1e8cf8a09a27f732638bb4b5b80
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1701923
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#62726}
2019-07-16 03:34:59 +00:00
Ng Zhi An
0860288c5e [wasm simd] Implement F64x2Eq and F64x2Ne on x64
Bug: v8:8460
Change-Id: Iae23899d74b563d9f0e7c65aeceee723d0e1d098
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1690200
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62725}
2019-07-16 03:30:29 +00:00
Ng Zhi An
30663c88ac [wasm simd] Implement I64x2AllTrue and I64x2AnyTrue on x64
Bug: v8:8460
Change-Id: I003972a804df3589ce953dbb294c44b97ab65d88
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1686512
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62724}
2019-07-16 03:28:09 +00:00
Ng Zhi An
4edb56afb7 [wasm simd] Implement F64x2ExtractLane F64x2ReplaceLane for x64
Bug: v8:8460
Change-Id: Icd1d047c319450f73f1e728db0ca74fdd70b994d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1690709
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62723}
2019-07-16 02:42:09 +00:00
Sathya Gunasekaran
889be09d84 [test262] Remove tests that are already skipped
Private getters and setters are not implemented in v8 and are skipped
already.

Bug: v8:9430
Change-Id: Id59c0757d90ab94b828e5fc7c254d6f209796eea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1702242
Auto-Submit: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62722}
2019-07-15 22:22:35 +00:00
Thibaud Michaud
117ddc8f6d reland [wasm] Compile JS to WASM wrappers asynchronously
The context was not set during streaming compilation.
The initial upload is the original CL and patch set 1 is the fix.

Original CL:

> [wasm] Compile JS to WASM wrappers asynchronously
>
> R=mstarzinger@chromium.org, ahaas@chromium.org
>
> Bug: v8:9231
> Change-Id: I9e18073bbe25bf8c9c5f9ace102316e6209d0459
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1669699
> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62672}

R=mstarzinger@chromium.org, ahaas@chromium.org

Cq-Include-Trybots: luci.v8.try:v8_linux_blink_rel
Bug: v8:9231
Change-Id: I61fc11a6de54cc6e93f3600487a89fa5d2350f0e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1701850
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Auto-Submit: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62721}
2019-07-15 16:07:03 +00:00
Sathya Gunasekaran
b8a0418d3d [Promise] Close iterator if constructor.resolve throws
If the lookup of the resolve property on the constructor throws, we
need to call IteratroClose before rejecting the promise.

Bug: v8:9431
Change-Id: Idb33ffe09d339723ef0cd2469335598ab27b49bf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1701857
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62720}
2019-07-15 15:57:23 +00:00
Seth Brenith
14274bb16a [torque] Use @generateCppClass in some simple cases
This change is mostly mechanical, but it's worth mentioning a few
slightly interesting cases:
- A couple of field definitions didn't match the signedness of their
  corresponding accessors.
- The generated accessors for Smi data use Smi values directly, but
  usually we want C++ accessors to use ints instead. I added a macro
  that hides the generated Smi accessors and exposes int accessors,
  but we might consider generating int accessors directly.
- The data held in some fields is described in comments next to the
  accessor definition for those fields. With automatically generated
  accessors, those comments need a new home. In this change I put them
  in the Torque object definition, but I'm open to other suggestions.
- gen-postmortem-metadata couldn't find updated class definitions after
  they got split across multiple lines, so I changed its matching
  logic. (Ideally debug-support.cc should be a Torque compiler output
  rather than something that involves parsing C++ with regexes, but
  this makes it correctly report subclass relationships for now.)
- The end offsets generated by Torque were off by one from the values
  that would be generated by DEFINE_FIELD_OFFSET_CONSTANTS.

Change-Id: I3df4fcd27997b46c41ca879065b9d97f6c939f07
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1692192
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#62719}
2019-07-15 15:29:08 +00:00
Nico Hartmann
ab2ebc296e [turbofan] Fix representation changing for bigints
RepresentationChanger::GetTaggedPointerRepresentation did not handle
kCompressed cases correctly for BigInts. This led to a crash of BigInt
benchmarks in js-perf-test.

Bug: v8:9407
Change-Id: Id1d60a81afc528c8d4180bd5de9d237f2f0abd0a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1701848
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62718}
2019-07-15 15:25:58 +00:00
Michael Starzinger
fd1a211c37 [wasm] Rename "except_ref" to "exnref" throughout the code.
Also see: https://github.com/WebAssembly/exception-handling/pull/84

R=ahaas@chromium.org
BUG=v8:8091

Change-Id: Ibcf9a2bba019cbd634884cb217e1507231a5bcf8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1700077
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62717}
2019-07-15 15:09:28 +00:00
Clemens Hammacher
9f8d52df20 [wasm] Fix non-const references in Liftoff
R=ahaas@chromium.org

Bug: v8:9429, v8:9396
Change-Id: I06657a7e339ed2f2c93f560bfcd3413761ad0733
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1701844
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62716}
2019-07-15 14:32:48 +00:00
Georg Neis
01a80fe30b Reland "Disabe FLAG_turbo_control_flow_aware_allocation again"
This is a reland of a6eabacfee. We
decided that this feature needs more work.

Bug: v8:9088
Change-Id: I937f722e9356be5eca72cdf1edd552d132ee25be
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1701855
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62715}
2019-07-15 14:25:57 +00:00
Jakob Gruber
b67ecd1d2d Add --trace-protector-invalidation flag
This is a convenience flag to trace and debug invalidations. The
assumption used to be that protectors are rarely invalidated, but this
may happen more frequently than expected in practice.

Bug: v8:9463,v8:9466
Change-Id: Ice051593bda647070bc48d535edd03ba96c7dfcd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1695469
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62714}
2019-07-15 13:35:17 +00:00
Georg Neis
6805395d9b Revert "Temporarily remove --concurrent-inlining from --future"
This reverts commit 060b9ec4a8, as the
issue has been resolved.

Bug: v8:7790
Change-Id: Id8a56ad50a508eacd191f2777cc5afc0b838364f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1700078
Commit-Queue: Georg Neis <neis@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62713}
2019-07-15 12:59:20 +00:00
Georg Neis
e5678a6536 [turbofan] Make serializer properly handle resume targets
The bytecode graph builder may insert additional jumps for the
SwitchOnGeneratorState bytecode and for loop headers. This plays into
what the graph builder considers dead/alive. We want the serializer to
process all the bytecodes that the graph builder will process, so the
serializer needs to do something similar.

Bug: v8:7790
Change-Id: I1f1d51f4a8951149e365b3c998cef7f613bb4953
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1647694
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62712}
2019-07-15 12:48:07 +00:00
Georg Neis
b58298803a [turbofan] Move bytecode analysis to the serializer
When --concurrent-inlining is on, run bytecode analysis for all relevant
functions at serialization time, and store the results in the broker.

Change bytecode analysis such that running it for OSR produces information
that subsumes the non-OSR case. This lets us avoid doing and storing two
analyses for the top-level function in case we do OSR and the function
gets inlined into itself.

Bug: v8:7790
Change-Id: I7d5df0b2652e6e5c758c85578e51b4f8d041b0d9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1690959
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62711}
2019-07-15 12:41:57 +00:00
Yang Guo
4ee7697cd2 Remove unused Scope::force_context_allocation_
R=verwaest@chromium.org

Change-Id: Ibbf382ec1f7200142ebccc8eed6fe5dd1c2804bd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1701846
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62710}
2019-07-15 12:39:27 +00:00
Benedikt Meurer
2aa9474986 [dx] Support some cross-context async stack traces.
When passing promises from other contexts to an `await`, the
--harmony-await-optimization doesn't kick in, and as such the
promise will be wrapped in a "native promise" (from this context).
That means the promises aren't chained immediately, but delayed
via a PromiseResolveThenableJob, which chains these promises on
the next turn of this contexts' microtask queue.

If there's anything happening on the macro task queue in between
this and the point when an exception is raised, the chaining will
have happened and we actually find our way back via the promise
chains. And this CL adds support for exactly that case. For other
cases, it's currently impossible to reconstruct the async stack
unfortunately, but we hope that this will help with the major
use cases, where the developer awaits on I/O.

Bug: v8:7522, v8:8673, v8:9487
Ref: nodejs/node#28680
Change-Id: Icc06c7df12644c2d8d43b6c7580ee06bb8f1024a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1701847
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62709}
2019-07-15 11:57:32 +00:00
Toon Verwaest
8109b4795e [ptr-compr] Remove unnecessary decompression in kArchStoreWithWriteBarrier
The object itself is already decompressed, and we're simply re-decompressing by
nuking the upper bits through sign extension.

Additionally this CL changes the branchless decompression sequence on x64 to be
cmov-based since that's shorter and faster. It's still slower than branchful
though, so we likely won't use it.

Change-Id: Ie6f9d38fb390b7300a236bf85d0db58d1ee959b0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1701842
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62708}
2019-07-15 11:52:32 +00:00
Clemens Hammacher
56eaec9d49 [wasm] Split jump table and lazy compile table
We had both jump slots and lazy compile slots in the same table. This
increases the space per slot to the maximum of the two, even though we
often do not use lazy compilation and could have smaller jump slots.
This CL splits the two into two separate tables. The lazy compile table
will only be created on demand, and will never be patched.
The jump table now only contains jumps, and is more compact (which
might improve performance because of improved locality).

R=mstarzinger@chromium.org

Bug: v8:9477
Change-Id: Ie182873a1ec612f71d1b54447021a9a8f8ca59db
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1698393
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62707}
2019-07-15 10:37:02 +00:00
Benedikt Meurer
62c34970b7 [objects] Fix debug printing of JSAsyncFunctionObject and JSAsyncGeneratorObject.
Bug: v8:9487
Change-Id: I38e38195c803d048b858acca577ba43fc5c61ac5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1701841
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62706}
2019-07-15 10:33:02 +00:00
Georg Neis
db5969cb5f [turbofan] Avoid some non-const reference arguments
... by making them const or converting them to pointers.

Bug: v8:9429
Change-Id: If4a7832944f5dc35cec04c11087499a552a7469a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1700073
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62705}
2019-07-15 10:25:22 +00:00
Peter Marshall
29e70b40d7 [cleanup] Remove parsing for ignored options in D8 TraceConfig
We never call GetTraceRecordMode() on the TraceConfig produced in D8
but instead always create the default ring buffer.

That means we ignore the "record_mode" argument supplied in config json
file.

Given we never use this we can remove the parsing code. The same thing
is true for enable_systrace and enable_argument_filter. All of these
are never used in V8 (they were copied from Chrome) but are part of the
public API so this CL just removes our parsing code for them but leaves
them in the API for now.

Bug: v8:8339
Change-Id: Iab5169536e20c19a784a55d013765125dd701773
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1698397
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62704}
2019-07-15 10:17:32 +00:00
Clemens Hammacher
2d277529b0 [utils] Fix Malloced implementation
According to the specification, class-specific {operator new} and
{operator delete} should be static methods. Interestingly, if the
{static} keyword is missing, the methods are implicitly static anyway.
This is confusing, so this CL adds the {static} keywords explicitly.
It also removes the redundant {Malloced::New} and {Malloced::Delete}
methods.

R=mlippautz@chromium.org

Bug: v8:9396
Change-Id: I1db7c87b816567cc1a9153d0b18e3dd4ae81dd6f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1700080
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62703}
2019-07-15 09:59:22 +00:00
Georg Neis
87896ff13e Unskip a test in 'future' configuration
This test no longer fails with concurrent inlining.
(Concurrent inlining is actually disabled in 'future' at the moment
but will be turned on again soon.)

Bug: v8:9094
Change-Id: I4d3f8021a7accff8cd670f3fef95a7995f1a9ba7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1700076
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62702}
2019-07-15 09:58:03 +00:00
Georg Neis
46b1a52ea2 [turbofan] Make a non-const reference argument const
Bug: v8:9429
Change-Id: I4274206875edd61f36ac51c05d53158b6c1e17fd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1700072
Auto-Submit: Georg Neis <neis@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62701}
2019-07-15 09:33:07 +00:00
Georg Neis
52e7020aa7 [turbofan] Eliminate a non-const reference argument in scheduler
Bug: v8:9429
Change-Id: I48ae73fbd32b0ea4694bea738c42e34bd921c3c6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1700074
Auto-Submit: Georg Neis <neis@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62700}
2019-07-15 09:31:47 +00:00
Nico Hartmann
91154b3706 [turbofan] Non-speculative BigInt operators
This CL introduces new non-speculative operators BigIntAdd
and BigIntNegate. Instead of keeping speculative operators
until effect-control-linearization phase, they are now lowered
to non-speculative variants in the simplified lowering and
surrounded by the necessary checks. This adapts BigInt operators
to the common style of other operators (like Numbers).

Bug: v8:9407
Change-Id: I89ea7aef0d78c67b103971f8f63525b196ad3c0c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1695467
Commit-Queue: Nico Hartmann <nicohartmann@google.com>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62699}
2019-07-15 08:27:47 +00:00
v8-ci-autoroll-builder
5664228a64 Update V8 DEPS.
Rolling v8/build: 3454c48..0998f8c

TBR=machenbach@chromium.org,sergiyb@chromium.org,tmrts@chromium.org

Change-Id: I821c7151d57d8b67daa49b1ed35198692c292fc1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1698440
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#62698}
2019-07-15 03:34:01 +00:00
jiepan
6bc61c598a [wasm] Fix printing of wasm prefixed opcode
Problem description:
For prefixed WASM opcode, opcode prefix is printed as Unknown, not the opcode itself.

Take v128.load as an example:
before fix                  ->  after fix
Unknown, 0x00, 0x04, 0x00,  ->  kExprS128LoadMem, 0x04, 0x00,

Change-Id: Id0cc5c723d19f60ad4f4f6c6ca338b5658c98c7e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1694613
Commit-Queue: Jie Pan <jie.pan@intel.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62697}
2019-07-15 03:22:11 +00:00
v8-ci-autoroll-builder
76ad2c6e2e Update V8 DEPS.
Rolling v8/build: 2c98e63..3454c48

TBR=machenbach@chromium.org,sergiyb@chromium.org,tmrts@chromium.org

Change-Id: Iae143d41177d135ca2d0b4a49bd83ef8563a72b4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1698427
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#62696}
2019-07-14 03:34:06 +00:00
v8-ci-autoroll-builder
30ebdb7ec2 Update V8 DEPS.
Rolling v8/build: c989268..2c98e63

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/1abe66f..982e952

Rolling v8/third_party/depot_tools: 78dec04..d3af699

Rolling v8/tools/clang: 7cefad2..efd0971

TBR=machenbach@chromium.org,sergiyb@chromium.org,tmrts@chromium.org

Change-Id: If8b78b71bc89c03f3b87e87868e363eed85eb63f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1698815
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#62695}
2019-07-13 08:32:45 +00:00
Leszek Swirski
e9ff38bbdd Revert "fix: move V8_EXPORT_PRIVATE marks to prevent unresolvable references"
This reverts commit 13a04abacd.

Reason for revert: Breaks v8 roll (https://chromium-review.googlesource.com/c/chromium/src/+/1698024)

Original change's description:
> fix: move V8_EXPORT_PRIVATE marks to prevent unresolvable references
> 
> This change fixes missing symbol errors in the Windows 10 on ARM build
> of Node.js.
> 
> When a whole class is marked for export, all of its members are marked
> as well. This can be a problem when inline members call undefined yet
> inline members of other classes: the exported function will contain a
> reference to the undefined inline function that should be satisfied at
> link time, but because the other function is inline no symbol will be
> produced that will satisfy that reference.
> 
> Clang gets around this by masking inlined class members from export
> using /Fc:dllexportInlines-. This is why b0a2a567 worked.
> 
> Node.js' Windows builds use MSVC and so do not have access to this
> flag. This results in unresolved symbols at link time.
> 
> Bug: v8:9465
> Change-Id: Ief9c7ab6ba35d22f995939eb62a64d6f1992ed85
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1696771
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62660}

TBR=sigurds@chromium.org,jgruber@chromium.org,ishell@chromium.org,jkunkee@microsoft.com

Change-Id: Ief2ccb35fc19b00975e78a63791a558525d49ee9
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9465
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1700069
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62694}
2019-07-13 06:38:36 +00:00
Deepti Gandluri
9182f9d7dd [cleanup] Merge DefineAsConstant functions
Change-Id: I9e9cc357cdadf81e8689b54626cff5ccdda2aa41
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1700437
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62693}
2019-07-13 01:11:31 +00:00