Commit Graph

42955 Commits

Author SHA1 Message Date
Andreas Rossberg
5d3dfc855d [wasm] [multival] Reland: Allow function types as block types
Only change over original: Init sig_index to 0 at
function-body-decoder-impl.h:168, to make MSAN happy on error path.

R=titzer@chromium.org

Change-Id: I9ac17215360523b656b10d2466201001b65992c0
Reviewed-on: https://chromium-review.googlesource.com/712655
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Rossberg <rossberg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48463}
2017-10-11 14:59:49 +00:00
Eric Holk
b0ced92695 Track committed array buffer size rather than allocation length
WebAssembly creates ArrayBuffers with large allocations where only a small
amount is committed. The uncommitted address space should not be counted as used
memory. Doing so can lead to the GC spending unnecessary time collecting memory
when there is not really pressure.

Bug: 
Change-Id: Ife7b84e9858e87faabc360a61f887b2fda6d99db
Reviewed-on: https://chromium-review.googlesource.com/710227
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48462}
2017-10-11 14:50:42 +00:00
Michael Achenbach
1a4d84f447 [build] Check out instrumented libraries via gclient flag
Prepared by:
https://chromium-review.googlesource.com/c/chromium/tools/build/+/712036

Bug: chromium:772804
Change-Id: Ib6ace7510962e5f00008c2f2c5f87f339363d995
Reviewed-on: https://chromium-review.googlesource.com/708258
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48461}
2017-10-11 14:46:45 +00:00
Michael Achenbach
b269c14616 [test] Temporary output for investigation
Currently it's hard to reason about the hung tests on worker processes.
This adds simple output when we're trying to kill a hung process.

Change-Id: Iae5e14dac70a8149c074043dd00cbf10e4d5f3de
Reviewed-on: https://chromium-review.googlesource.com/712455
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48460}
2017-10-11 14:27:19 +00:00
Pierre Langlois
dabd1c0af8 [cctest] Record execution of parallel moves.
This patch is a first step towards target independent tests for the
CodeGenerator's AssembleMove and AssembleSwap methods.

The tests on top of which this builds would only make sure that no assertions
were triggered while generating moves, and that the hardware is happy executing
them. We want to do more and check that the generated code performs correctly.

In a nutshell, this introduces a facility that can do the following:

  - Setup an environment with registers and stack slots initialised with random
    values.
  - Perform a list of randomly generated moves and/or swaps on those.
  - Return the resulting environment.

This is a first step and therefore is lacking a few things which will be
implemented as follow-ups:

  - Support for kSimd128 moves and swaps.
  - Support large offsets for stack moves, as well as positive and negative.
  - Compare the resulting environment against the result of a reference
    simulation.

For more background information, see this design document:
https://docs.google.com/document/d/1KpioxCmtiB_9RaPaRidZPVtKlZ2BaNKGPYUjKFihhK0

Bug: v8:6848
Change-Id: Ie7dc837f4444df010ab58c64b722d40ee5d2af72
Reviewed-on: https://chromium-review.googlesource.com/677398
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#48459}
2017-10-11 14:18:49 +00:00
Ulan Degenbaev
00ba1dca22 [heap] Disable map retaining optimization.
The optimization keeps dying maps alive for several GCs to mitigate
code deoptimization with weak maps.

This patch disables the optimization to see if it still needed.

Bug: 
Change-Id: Ie5717967ad56858e6ae546c90fde73e8d5bcc4ec
Reviewed-on: https://chromium-review.googlesource.com/712598
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48458}
2017-10-11 13:52:39 +00:00
Ben L. Titzer
b54bd06bdb [wasm] Use Handle<WasmInstanceObject> in wasm-module-runner.*
R=clemensh@chromium.org

Bug: 
Change-Id: I54e4d02cd5665d3ba3fd2e91da05599a915c0317
Reviewed-on: https://chromium-review.googlesource.com/712654
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48457}
2017-10-11 13:33:59 +00:00
Michael Lippautz
777ca5eb3b [cctests] Check for stray Isolates in DEBUG builds
Bug: 
Change-Id: Id3373279f2d985f7899cf893c1f63692b97166b7
Reviewed-on: https://chromium-review.googlesource.com/704655
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48456}
2017-10-11 13:02:15 +00:00
Michael Achenbach
a8590f9d6c Revert "[wasm] [multival] Allow function types as block types"
This reverts commit e44fdc7067.

Reason for revert: Breaks msan:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/builds/17482

Original change's description:
> [wasm] [multival] Allow function types as block types
> 
> Changes the binary encoding of multi-return blocks to contain a function type index instead of a vector of value types.
> 
> Cf. https://github.com/WebAssembly/multi-value/blob/master/proposals/multi-value/Overview.md#binary-format
> 
> Bug: v8:6672
> Change-Id: I506d9323bfd6dba1e7a24c8590bcf5a08b68c433
> Reviewed-on: https://chromium-review.googlesource.com/599807
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Commit-Queue: Andreas Rossberg <rossberg@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48453}

TBR=titzer@chromium.org,rossberg@chromium.org

Change-Id: Ia711d16ec6bd1c0731a96d38b8661f05be71f64b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6672
Reviewed-on: https://chromium-review.googlesource.com/712634
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48455}
2017-10-11 12:50:37 +00:00
Ulan Degenbaev
190fea6058 Change FastArrayShift stub to use for-loop instead of memmove for SMIs.
The concurrent marker visits arrays with fast SMI elements because they
have the same visitor id as arrays with tagged elements.

Visiting concurrently with memmove can be unsafe depending on memmove
implementation.

Bug: chromium:694255
Change-Id: Ic6c2cae8761e5b1b042e4274d4f90ac59f32d91f
Reviewed-on: https://chromium-review.googlesource.com/712158
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48454}
2017-10-11 12:27:57 +00:00
Andreas Rossberg
e44fdc7067 [wasm] [multival] Allow function types as block types
Changes the binary encoding of multi-return blocks to contain a function type index instead of a vector of value types.

Cf. https://github.com/WebAssembly/multi-value/blob/master/proposals/multi-value/Overview.md#binary-format

Bug: v8:6672
Change-Id: I506d9323bfd6dba1e7a24c8590bcf5a08b68c433
Reviewed-on: https://chromium-review.googlesource.com/599807
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Rossberg <rossberg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48453}
2017-10-11 12:21:13 +00:00
peterwmwong
183eb36b88 [builtins] Port String.prototype.{search, match} to CSA
- Expose fast paths for RegExpPrototypeMatchBody/RegExpPrototypeSearchBody as TFS builtins
- Add StringPrototypeMatch and StringPrototypeSearch TFJ builtins
  - Add StringMatchSearchAssembler to ensure same search/match behavior
- Remove functionality from string.js

A quick benchmark shows gains of 20-30% for unoptimized code and 0-20% for optimized code.
https://github.com/peterwmwong/v8-perf/blob/master/string-search-match/README.md

Bug: v8:5049
Change-Id: I0fffee6e94e62ecae049c9e5798da52d67ae1823
Reviewed-on: https://chromium-review.googlesource.com/707824
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48452}
2017-10-11 12:05:22 +00:00
Ulan Degenbaev
9d9048db53 [wasm] Disable wasm/streaming-trap-location on GC stress.
NOTREECHECKS=true
NOTRY=true

Bug: chromium:773631
Change-Id: I2ef5636d7ba3f2194ede6a057027bfcacda089c0
Reviewed-on: https://chromium-review.googlesource.com/712155
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48451}
2017-10-11 11:33:28 +00:00
Camillo Bruni
9a3de971dd [builtin] Remove branch in Function.prototype.bind
Change-Id: I3d88cae4d4b74a091c776cb9a822d639ddb1e401
Reviewed-on: https://chromium-review.googlesource.com/712041
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48450}
2017-10-11 11:20:05 +00:00
Martyn Capewell
247bc200d1 Reland "[arm64] Add slot copier to masm and use in builtins"
This is a reland of 7c80f9ce69 with fixed restore
of system stack pointer in the tests.

Original change's description:
> Abstract some stack slot copies through a macro assembler function. This
> eliminates some non-paired stack operations.
>
> This is a reland of 1cc93be0f1 with
> additional tests, originally reviewed on
> https://chromium-review.googlesource.com/685238 and reverted due to an
> unrelated intermittent x64 failure.
>
> Bug: v8:6644
> Change-Id: If22b359dbda4bab1cb83cd8c44a2af5801012c37
> Reviewed-on: https://chromium-review.googlesource.com/707247
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
> Cr-Commit-Position: refs/heads/master@{#48419}

Bug: v8:6644
Change-Id: Ie8b45c73acc13df36c978a9ae4bee77082cb7c8d
Reviewed-on: https://chromium-review.googlesource.com/709515
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/master@{#48449}
2017-10-11 10:38:54 +00:00
Ulan Degenbaev
9941c1e344 [heap] Fix debug mode race in string casting in concurrent marker.
Bug: v8:6915, chromium:694255
Change-Id: I16cd8f13087476a16c7647bec3d03665299ef232
Reviewed-on: https://chromium-review.googlesource.com/712044
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48448}
2017-10-11 10:37:49 +00:00
Michael Lippautz
6e641ea329 [heap] Remove outdated description of marking
Bug: 
Change-Id: Ifc7e6dd429b18793fc6f91ce5f01a534d8437df6
Reviewed-on: https://chromium-review.googlesource.com/711853
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48447}
2017-10-11 10:36:45 +00:00
Leszek Swirski
9fcd80c285 [profiler] Add missing VMStates to EntryForVMState
Bug: chromium:770530
Change-Id: I48f4c6968a34e0dce99f72e56302de81bf0f1991
Reviewed-on: https://chromium-review.googlesource.com/709597
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48446}
2017-10-11 10:35:39 +00:00
Tobias Tebbi
0f1dfae050 [turbofan] avoid constructor inheritance due to compilation issues
Constructor inheritance of a templated constructor is causing compilation issues for node.js:

https: //github.com/nodejs/node/pull/15362#issue-257007421
Change-Id: I7d099ff5a1a2fd5b19c11112ddef8fe824e509f7
Reviewed-on: https://chromium-review.googlesource.com/707008
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48445}
2017-10-11 08:56:26 +00:00
Michal Majewski
28c25b5fb6 Fixed/skipped tests for deoptimization fuzzing.
Skipped the tests that are not suitable for deoptimization fuzzing.
regress/regress-2618 test fixed to check kMaybeDeopted flag.
Minor code style fix in mjsunit.js.

Bug: v8:6900
Change-Id: Icc02a6b99005ae08ee7cb6cf2c1e9137329d79d3
Reviewed-on: https://chromium-review.googlesource.com/708797
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48444}
2017-10-11 08:44:06 +00:00
Michael Achenbach
9dc6dd8621 [build] Add fuchsia sdk download to DEPS
TBR=sergiyb@chromium.org

Bug: chromium:772816
Change-Id: I40014d381637394057b0646740a2487fef5fe8a6
Reviewed-on: https://chromium-review.googlesource.com/711841
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48443}
2017-10-11 08:37:19 +00:00
Ulan Degenbaev
a6cd26ee01 Reland "[heap] Use weak cell in normalized map cache."
This is a reland of f3c8da56e9
Original change's description:
> [heap] Use weak cell in normalized map cache.
> 
> This replaces ad-hoc weakness in normalized map cache with weak cell.
> 
> Bug: chromium:694255
> Change-Id: I6a12301b2176fe3723b56178a65582cfb412f7d2
> Reviewed-on: https://chromium-review.googlesource.com/704834
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48344}

Bug: chromium:694255
Change-Id: I181a9c02cc934373e40455f1be02f1caf140639b
Reviewed-on: https://chromium-review.googlesource.com/709354
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48442}
2017-10-11 08:36:15 +00:00
Michael Achenbach
6dc388543e [test] Run all variants on TSAN bots.
Bug: chromium:773214
Change-Id: I7ebcbea3152a506e3ed569ef975413321c937dc6
Reviewed-on: https://chromium-review.googlesource.com/708755
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48441}
2017-10-11 08:29:45 +00:00
Georg Neis
6ff68255e9 [bigint] Introduce ToNumeric conversion.
This introduces a ToNumeric conversion to the runtime and interpreter.
ToNumeric behaves like ToNumber, except that it also lets BigInts pass.

Bug: v8:6791
Change-Id: Idf9d0b5d283638459fe5893de41cc120356247a7
Reviewed-on: https://chromium-review.googlesource.com/707013
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48440}
2017-10-11 07:49:28 +00:00
Michael Achenbach
dde4cbb0b1 [test] Remove valgrind support
Bug: v8:6566
Change-Id: If48fea99f2b1c8069dd20075bf4d9a6c6282bb7c
Reviewed-on: https://chromium-review.googlesource.com/708757
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48439}
2017-10-11 07:41:33 +00:00
Michael Achenbach
1bc14b831b [build] Add fuchsia FYI bots
Infra side:
https://chromium-review.googlesource.com/c/chromium/tools/build/+/708739

NOTRY=true

Bug: chromium:772816
Change-Id: I256807182f52aad4e56684bad607aea1b7dc6c29
Reviewed-on: https://chromium-review.googlesource.com/708758
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48438}
2017-10-11 07:40:27 +00:00
Jaroslav Sevcik
6aa9f43d8d [profiler] Fix heap iteration to ignore deoptimized code objects.
When starting profiling, we iterate the heap to find all existing code
objects and the associated functions.

The iteration tried to log the function's code if either the closure's
code was optimized-but-not-deoptimized or if the optimized code in its
feedback vector was optimized-but-not-deoptimized.

That caused some trouble if the function's code was deoptimized but
we had a valid optimized code in the feedback vector. In that case
we would log the deoptimized code object from the closure, which 
would later crash when trying to access the deoptimization information
(which we clear on deoptimization).

This CL just fixes the iteration so that we do not crash. A better fix
might be to log the function's code object if not deoptimized *and*
the code object in type feedback vector if not not deoptimized. Or
perhaps iterate optimized code objects and log those that have
deoptimization information.

Bug: chromium:763073
Change-Id: Iddee6a1c8b0fe332186ef7af2f3751c8828434b1
Reviewed-on: https://chromium-review.googlesource.com/709116
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48437}
2017-10-11 06:51:18 +00:00
Michael Achenbach
33d4e2096f Revert "Reland "[wasm] trap handlers: fall back on old signal handler""
This reverts commit cc237d872b.

Reason for revert: breaks win clang:
https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20clang/builds/8538

Original change's description:
> Reland "[wasm] trap handlers: fall back on old signal handler"
> 
> This is a reland of ee4fe8963c
> Original change's description:
> > [wasm] trap handlers: fall back on old signal handler
> > 
> > This is primarily needed to test D8 under ASan. ASan installs a signal handler
> > early in the process startup to show stack traces from crashes. We need to make
> > sure that if V8 does not handle a signal then the existing handler gets a
> > chance.
> > 
> > This change only applies when using V8's default signal handler. When
> > integrating with the embedder's signal handler the behavior is unchanged.
> > 
> > Bug: chromium:771948
> > Change-Id: Ifd560acf9700ec5f714f009530258fa92c83cabe
> > Reviewed-on: https://chromium-review.googlesource.com/705823
> > Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> > Commit-Queue: Eric Holk <eholk@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#48429}
> 
> Bug: chromium:771948
> Change-Id: Ide307091c432fd933c48f89c51851b8dce44dd30
> Reviewed-on: https://chromium-review.googlesource.com/710114
> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> Commit-Queue: Eric Holk <eholk@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48435}

TBR=mseaborn@chromium.org,bradnelson@chromium.org,gdeepti@chromium.org,eholk@chromium.org,mark@chromium.org

Change-Id: If71f61ae186fc6be2006edeb2dffd7e2b6827d91
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:771948
Reviewed-on: https://chromium-review.googlesource.com/711854
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48436}
2017-10-11 06:25:43 +00:00
Eric Holk
cc237d872b Reland "[wasm] trap handlers: fall back on old signal handler"
This is a reland of ee4fe8963c
Original change's description:
> [wasm] trap handlers: fall back on old signal handler
> 
> This is primarily needed to test D8 under ASan. ASan installs a signal handler
> early in the process startup to show stack traces from crashes. We need to make
> sure that if V8 does not handle a signal then the existing handler gets a
> chance.
> 
> This change only applies when using V8's default signal handler. When
> integrating with the embedder's signal handler the behavior is unchanged.
> 
> Bug: chromium:771948
> Change-Id: Ifd560acf9700ec5f714f009530258fa92c83cabe
> Reviewed-on: https://chromium-review.googlesource.com/705823
> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> Commit-Queue: Eric Holk <eholk@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48429}

Bug: chromium:771948
Change-Id: Ide307091c432fd933c48f89c51851b8dce44dd30
Reviewed-on: https://chromium-review.googlesource.com/710114
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48435}
2017-10-11 02:03:17 +00:00
Sathya Gunasekaran
a5565227f2 Revert "[modules] Implement import.meta proposal"
This reverts commit ed6f00fb8e.

Reason for revert: tree is broken

NOTRY=true
NOTREECHECKS=true

Original change's description:
> [modules] Implement import.meta proposal
> 
> Rewrites references to import.meta to a new GetImportMetaObject runtime
> call. Embedders can define a callback for creating the meta object using
> v8::Isolate::SetHostGetImportMetaObjectCallback. If no callback has been
> provided, an empty object with null prototype is created.
> 
> This adds an example implementation to d8 that sets meta.url.
> 
> Bug: v8:6693
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: I6871eec79da45bba81bbbc84b1ffff48534c368d
> Reviewed-on: https://chromium-review.googlesource.com/707902
> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48433}

TBR=adamk@chromium.org,gsathya@chromium.org,jan.krems@groupon.com

Change-Id: I908a508d5db84cc8ae60d4fd4a0446bb570c1492
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6693
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/710760
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48434}
2017-10-11 00:05:13 +00:00
Jan Krems
ed6f00fb8e [modules] Implement import.meta proposal
Rewrites references to import.meta to a new GetImportMetaObject runtime
call. Embedders can define a callback for creating the meta object using
v8::Isolate::SetHostGetImportMetaObjectCallback. If no callback has been
provided, an empty object with null prototype is created.

This adds an example implementation to d8 that sets meta.url.

Bug: v8:6693
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I6871eec79da45bba81bbbc84b1ffff48534c368d
Reviewed-on: https://chromium-review.googlesource.com/707902
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48433}
2017-10-10 23:56:35 +00:00
Ulan Degenbaev
18b8fbb528 [heap] Correctly handle strings in concurrent marking.
String with pointers should use snapshotting protocol because they can
be externalized concurrently.

Sequential strings can be turned into thin strings, so we need to cache
the length and synchronized of markbits.

No-Try: true
Bug: v8:6915, chromium:694255
Change-Id: Ibd1f0ead31544f56aa9de9a177bee7e60fbc2e6a
Reviewed-on: https://chromium-review.googlesource.com/708761
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48432}
2017-10-10 19:37:02 +00:00
Mike Stanton
bdde74cb5a [turbofan] Inline Array.prototype.map for packed double arrays.
Bug: v8:6896
Change-Id: I4c54cc114fd2304de121586f6bcbf19957ae55b8
Reviewed-on: https://chromium-review.googlesource.com/708262
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48431}
2017-10-10 19:11:12 +00:00
Eric Holk
0a97c51f35 Revert "[wasm] trap handlers: fall back on old signal handler"
This reverts commit ee4fe8963c.

Reason for revert: <INSERT REASONING HERE>

Original change's description:
> [wasm] trap handlers: fall back on old signal handler
> 
> This is primarily needed to test D8 under ASan. ASan installs a signal handler
> early in the process startup to show stack traces from crashes. We need to make
> sure that if V8 does not handle a signal then the existing handler gets a
> chance.
> 
> This change only applies when using V8's default signal handler. When
> integrating with the embedder's signal handler the behavior is unchanged.
> 
> Bug: chromium:771948
> Change-Id: Ifd560acf9700ec5f714f009530258fa92c83cabe
> Reviewed-on: https://chromium-review.googlesource.com/705823
> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> Commit-Queue: Eric Holk <eholk@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48429}

TBR=mseaborn@chromium.org,bradnelson@chromium.org,gdeepti@chromium.org,eholk@chromium.org,mark@chromium.org

Change-Id: Ib43b096831b15c312b3b460e59f268d5ea903f21
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:771948
Reviewed-on: https://chromium-review.googlesource.com/710034
Reviewed-by: Eric Holk <eholk@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48430}
2017-10-10 18:11:25 +00:00
Eric Holk
ee4fe8963c [wasm] trap handlers: fall back on old signal handler
This is primarily needed to test D8 under ASan. ASan installs a signal handler
early in the process startup to show stack traces from crashes. We need to make
sure that if V8 does not handle a signal then the existing handler gets a
chance.

This change only applies when using V8's default signal handler. When
integrating with the embedder's signal handler the behavior is unchanged.

Bug: chromium:771948
Change-Id: Ifd560acf9700ec5f714f009530258fa92c83cabe
Reviewed-on: https://chromium-review.googlesource.com/705823
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48429}
2017-10-10 18:03:12 +00:00
Sergiy Byelozyorov
982fed2bde Whitespace CL to test triggered bots
TBR=machenbach@chromium.org

Bug: chromium:769910
No-Try: true
No-Tree-Checks: true
Change-Id: I541d09bc20aa797b8360362eba12bd00c2148bc2
Reviewed-on: https://chromium-review.googlesource.com/708801
Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48428}
2017-10-10 14:13:40 +00:00
jgruber
1d2da203f0 Don't use kScratchRegister in DeserializeLazy
kScratchRegister is not guaranteed to be preserved across calls to
RecordWriteField.

Bug: v8:6844
Change-Id: I65377852807f52be821be4d5911b07886102c5ee
Reviewed-on: https://chromium-review.googlesource.com/709114
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48427}
2017-10-10 13:28:29 +00:00
jgruber
159236ec25 [regexp] Update semantics of GetSubstitution with named captures
The specced semantics of GetSubstitution are expected to change in the
case of malformed named references, or named references to nonexistent
named groups. The former will evaluate to the identity replacement of
'$<', while the latter will result in replacement by the empty string.

See also:
https://github.com/tc39/proposal-regexp-named-groups/issues/29

Bug: v8:5437, v8:6912
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I879288f775774cb0ec563f9d9129a99710efb77c
Reviewed-on: https://chromium-review.googlesource.com/708654
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48426}
2017-10-10 11:37:29 +00:00
Andreas Haas
7a0242003a [wasm] Update spec tests
R=titzer@chromium.org

Change-Id: Ie65c03347b0619a107bc06725ce587e0270fa9a1
Reviewed-on: https://chromium-review.googlesource.com/707102
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48425}
2017-10-10 11:35:50 +00:00
Michael Lippautz
b7e6eb9208 [heap] Introduce on-hold concurrent marking work list
When hitting objects that are allocated in the most recent lienar
allocation area, the concurrent marker currently has to bail out to the
main thread.

However, we only have to delay processing those objects until we are at
a safepoint, e.g. IM::Step(). With this change we flush those
on-hold-objects back to the shared queue upon performing an incremental
marking step.

Bug: chromium:694255
Change-Id: I25647d0fc581a5c4de0346bc394dc51062f65f70
Reviewed-on: https://chromium-review.googlesource.com/707315
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48424}
2017-10-10 11:33:39 +00:00
Caitlin Potter
9f0bdf044f [esnext] fix MaterializeCapturedObjectAt for async generator objects
Previously, JS_ASYNC_GENERATOR_OBJECT_TYPE maps led to an UNREACHABLE
macro, but are now restored like ordinary JSGeneratorObjects.

BUG=chromium:772649, v8:5855
R=adamk@chromium.org, yangguo@chromium.org, verwaest@chromium.org

Change-Id: I02e101565625f8a057d0e5b242a5fe0df263df89
Reviewed-on: https://chromium-review.googlesource.com/706780
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48423}
2017-10-10 11:18:10 +00:00
Yang Guo
343cbe955b Remove FFI prototype.
Bug: v8:6867
TBR=ofrobots@google.com

Change-Id: I0eaebe04863f4cc9152655fedbeb67225a4d8103
Reviewed-on: https://chromium-review.googlesource.com/691722
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48422}
2017-10-10 11:12:59 +00:00
Anna Henningsen
6751db26ac [debug] allow JS execution in ProcessCompileEvent callbacks
In Debug mode, V8 disallows executing JavaScript during
`ScriptCompiler::CompileUnbound()` calls. This restriction
makes sense during compilation, but not really for the post-compile
notification, and currently at least one Node.js test
(`test/inspector/test-contexts.js`) fails because of this in debug mode.

Bug: 
Change-Id: I930b5f06083c0e87f1613414da3dfe2bcdf0f386
Reviewed-on: https://chromium-review.googlesource.com/706943
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48421}
2017-10-10 11:02:50 +00:00
Clemens Hammacher
ce1104cbe8 Revert "[arm64] Add slot copier to masm and use in builtins"
This reverts commit 7c80f9ce69.

Reason for revert: arm64 msan failures: https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/builds/17455/steps/Check/logs/copy_slots_up

Original change's description:
> [arm64] Add slot copier to masm and use in builtins
> 
> Abstract some stack slot copies through a macro assembler function. This
> eliminates some non-paired stack operations.
> 
> This is a reland of 1cc93be0f1 with
> additional tests, originally reviewed on
> https://chromium-review.googlesource.com/685238 and reverted due to an
> unrelated intermittent x64 failure.
> 
> Bug: v8:6644
> Change-Id: If22b359dbda4bab1cb83cd8c44a2af5801012c37
> Reviewed-on: https://chromium-review.googlesource.com/707247
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
> Cr-Commit-Position: refs/heads/master@{#48419}

TBR=rmcilroy@chromium.org,martyn.capewell@arm.com,bmeurer@chromium.org

Change-Id: I8a8aeff89b6995d5fffaab1f2e4e45f478c28bed
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6644
Reviewed-on: https://chromium-review.googlesource.com/708814
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48420}
2017-10-10 10:48:12 +00:00
Martyn Capewell
7c80f9ce69 [arm64] Add slot copier to masm and use in builtins
Abstract some stack slot copies through a macro assembler function. This
eliminates some non-paired stack operations.

This is a reland of 1cc93be0f1 with
additional tests, originally reviewed on
https://chromium-review.googlesource.com/685238 and reverted due to an
unrelated intermittent x64 failure.

Bug: v8:6644
Change-Id: If22b359dbda4bab1cb83cd8c44a2af5801012c37
Reviewed-on: https://chromium-review.googlesource.com/707247
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/master@{#48419}
2017-10-10 10:21:49 +00:00
Camillo Bruni
6ee34530ea [literals] Don't reserve unused FeedbackVectorSlot for the empty object literal
Bug: v8:6211
Change-Id: Ie838cf118679e12483689e2c223e7ecc8335db18
Reviewed-on: https://chromium-review.googlesource.com/662759
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48418}
2017-10-10 10:00:49 +00:00
Georg Neis
0c37062320 [bigint] Add NewBigIntFromInt factory function.
R=jkummerow@chromium.org

Bug: v8:6791
Change-Id: I9bbb4c6b9b387fa0cd29fa24058ae807157f40de
Reviewed-on: https://chromium-review.googlesource.com/707004
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48417}
2017-10-10 09:39:20 +00:00
Michael Lippautz
0c93021877 [heap] Remove dead last top marker
Bug: 
Change-Id: I1bb6c6e3853317851544ca9f4eba1df76a147bfb
Reviewed-on: https://chromium-review.googlesource.com/707317
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48416}
2017-10-10 08:15:57 +00:00
Michael Starzinger
0a7fcd0f28 [deoptimizer] Fix materialization of builtin stub registers.
This makes sure that frames representing builtin stub continuations not
only materialize all stack slots, but also spilled register values. Note
that this also applies when the stub frame is not the top-most frame.

R=jarin@chromium.org
TEST=mjsunit/regress/regress-6907
BUG=v8:6907

Change-Id: I01a2edf5629de6aac61ceea350d1ab5f91dc2dc1
Reviewed-on: https://chromium-review.googlesource.com/707245
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48415}
2017-10-10 07:50:09 +00:00
Michael Achenbach
a5e5384dfd [build] Switch random deopt fuzzer to x64
The new deopt stress is implemented for x64 only.

NOTRY=true
TBR=sergiyb@chromium.org

Bug: v8:6900
Change-Id: I542cb89de643c477875893f6b0b73ced44108b9e
Reviewed-on: https://chromium-review.googlesource.com/708259
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48414}
2017-10-10 07:08:29 +00:00