Commit Graph

39653 Commits

Author SHA1 Message Date
Clemens Hammacher
612471c8bc [wasm] Assert that lazy compilation does not fail
Since the wasm module is verified before starting execution with lazy
compilation, the compilation of individual functions should not fail
later.
This CL changes the implementation to check this condition earlier
and removes unused error paths.

R=ahaas@chromium.org, mstarzinger@chromium.org
BUG=chromium:719286

Change-Id: If4bab457a47f214b457b2e2bc8570cba8c8bbcfd
Reviewed-on: https://chromium-review.googlesource.com/497755
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45161}
2017-05-08 14:40:08 +00:00
Clemens Hammacher
da172451c6 [wasm] Fix memory management for Result types
Make ModuleResult and FunctionResult return Result<std::unique_ptr<X>>.
This makes memory ownership and transfer of ownership more clear and
avoids a lot of manual releases of the referenced native heap object.

R=ahaas@chromium.org

Change-Id: I7a3f5bd7761b6ae1ebdc7d17ff1b96a8df599871
Reviewed-on: https://chromium-review.googlesource.com/498352
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45160}
2017-05-08 14:26:57 +00:00
mlippautz
efcdd33a31 [heap] Minor MC: Flush concurrent external memory counter
BUG=chromium:651354

Review-Url: https://codereview.chromium.org/2871543002
Cr-Commit-Position: refs/heads/master@{#45159}
2017-05-08 13:45:18 +00:00
Clemens Hammacher
4e7c416dc4 [wasm] Fix for perfect forwarding
We don't currently depend on this, but it might improve performance by
avoiding intermediate copies. The functions are already set up for
perfect forwarding, but without declaring the parameters as forwarding
references, this does not work as expected.

R=ahaas@chromium.org

Change-Id: I2c4d96ea1108b3f884d3e581e74c20aafd232934
Reviewed-on: https://chromium-review.googlesource.com/497409
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45158}
2017-05-08 12:48:44 +00:00
Clemens Hammacher
d958ecf448 [wasm] Remove redundant allocation of CompilationHelper
Inside the CompilationHelper, we were creating another compilation
helper to execute sequential or parallel compilation.
I don't see the reason to do so.

R=ahaas@chromium.org

Change-Id: Ib2c4486296a8f923e7e38620879c02963fff7d60
Reviewed-on: https://chromium-review.googlesource.com/497754
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45157}
2017-05-08 12:30:13 +00:00
Andreas Haas
eb64b26f8f [cleanup][wasm][fuzzer] Share code among the different fuzzers.
With this CL we share code among the wasm fuzzers which construct a
module and run it in the interpreter and as compiled code.The fuzzers
themselves only contain the code now which creates the module and the
parameters.

BUG=v8:6325
R=eholk@chromium.org

Change-Id: I1c2d8b013531c86cb27837f1b8ec89d2688c536b
Reviewed-on: https://chromium-review.googlesource.com/490048
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45156}
2017-05-08 09:58:26 +00:00
jkummerow
d2ba280d47 [ic] Restore Function.prototype fast path for LoadIC_Uninitialized
It was replaced by more generic handling  in 1320666798, which
is functionally fine, but for performance it makes sense to keep
the fast path.

Review-Url: https://codereview.chromium.org/2864463004
Cr-Commit-Position: refs/heads/master@{#45155}
2017-05-08 09:27:29 +00:00
Jochen Eisinger
918c23643b Replace more ENTER_V8 invocations
Also make the macro name more scary, so people don't add new calls

BUG=v8:5830
R=jgruber@chromium.org

Change-Id: I06760110b7f0429d7775345b414c75c8df5e503a
Reviewed-on: https://chromium-review.googlesource.com/497451
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jochen Eisinger <jochen@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45154}
2017-05-08 09:12:57 +00:00
Clemens Hammacher
5c40f75123 [wasm] Fix redundant reify of error
In its destructor, the ErrorThrower already reifies exceptions and
throws them if an error has been set.

R=mtrofin@chromium.org

Change-Id: I17d7a6d300fe4a5860431f214746d053eaf9f104
Reviewed-on: https://chromium-review.googlesource.com/497467
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45153}
2017-05-08 08:59:51 +00:00
Michael Achenbach
f918103365 Whitespace change to capture perf changes
TBR=tebbi@chromium.org

Bug: v8:6346
Change-Id: Iea45ebaff908eb8a12ee51e220b0554241c049be
Reviewed-on: https://chromium-review.googlesource.com/497753
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45152}
2017-05-08 08:50:53 +00:00
Loo Rong Jie
7ddc8245af Remove unused %GetV8Version
Bug:v8:5510
R=yangguo@chromium.org,jgruber@chromium.org

Change-Id: Ieb355110bd858efe2495a6271ffeda67d41af129
Reviewed-on: https://chromium-review.googlesource.com/497153
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Loo Rong Jie <loorongjie@gmail.com>
Cr-Commit-Position: refs/heads/master@{#45151}
2017-05-08 07:06:35 +00:00
v8-autoroll
d381d1f14c Update V8 DEPS.
Rolling v8/build: 99d7dc3..ab75dcc

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Change-Id: I280f5a79a9a44e856212acd93def75ad28b077d5
Reviewed-on: https://chromium-review.googlesource.com/498389
Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45150}
2017-05-08 07:02:41 +00:00
v8-autoroll
3446366c9b Update V8 DEPS.
Rolling v8/build: 225def8..99d7dc3

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Change-Id: If91d8fc6564ceb72f9bbe62be86d51d0913bf5df
Reviewed-on: https://chromium-review.googlesource.com/497952
Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45149}
2017-05-07 03:25:44 +00:00
kschimpf
3d0535065d Don't report array buffer allocations less than 1 Mb.
History has shown that 99.93% (or more) of all memory allocations are less
than 1 megabyte, and they all appear in the same UMA stat entry.

To give perspective, the entry for <= 1Mb is about 20,000 times larger
than any other entry in the table. This makes the distribution in the
table hard to see.

And, for allocation failures at this size, the percentage of failures
(when compared to number of requests) is soo small (millions to one)
that little data can be gleamed from the <= 1Mb entry.

Note: requires CL https://codereview.chromium.org/2867483002

BUG=chrome:704922
R=bradnelson@chromium.org, bbudge@chromium.org, isherman@chromium.org

Review-Url: https://codereview.chromium.org/2856663002
Cr-Commit-Position: refs/heads/master@{#45148}
2017-05-06 19:57:22 +00:00
v8-autoroll
47a8e354c7 Update V8 DEPS.
Rolling v8/build: 0fffbdf..225def8

Rolling v8/third_party/catapult: d9a6925..ada8f7c

Rolling v8/third_party/icu: b34251f..4b06aad

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Change-Id: I526c70a04bf757705c94096591756023d4b432d9
Reviewed-on: https://chromium-review.googlesource.com/497595
Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45147}
2017-05-06 18:50:09 +00:00
jkummerow
ceba405f28 [runtime] MigrateFastToFast: fix check for unboxed inobject doubles
After the recent fast-property deletion changes, there can be a
non-empty out-of-object backing store (that previously held properties)
even though the next double property will be stored in-object.

BUG=chromium:718779

Review-Url: https://codereview.chromium.org/2861093004
Cr-Commit-Position: refs/heads/master@{#45146}
2017-05-05 22:23:04 +00:00
mvstanton
c3f0e2a5b0 [ignition] Optimize JSGenerator creation
As a first step towards improving generator creation, create a builtin
that can do it without a call to the runtime. Thread that builtin
into the interpreter via an intrinsic.

BUG=v8:6352
R=bmeurer@chromium.org

Review-Url: https://codereview.chromium.org/2861983002
Cr-Commit-Position: refs/heads/master@{#45145}
2017-05-05 18:33:00 +00:00
ulan
1b064d9cd0 [heap] Reland "Use shared markbits in the concurrent marker."
The concurrent marker now colors objects grey and black using
the atomic markbit operations.

The heap visitor is changed in two ways:
1) It iterates the map pointer of each object.
2) It guards object visitation with a predicate, which is overridden
in the concurrent marker with the result of GreyToBlack transition.

BUG=chromium:694255
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_rel_ng

Review-Url: https://codereview.chromium.org/2866473003
Cr-Commit-Position: refs/heads/master@{#45144}
2017-05-05 17:41:44 +00:00
jgruber
2fd1afc0c8 [regexp] Avoid runtime call on OOB lastIndex values
At this point, last_index is definitely a canonicalized non-negative
number, which implies that any non-Smi last_index is greater than
the maximal string length. That in turn means that the matcher will
definitely fail, and we can avoid the expensive runtime call.

BUG=v8:6365,v8:6344

Review-Url: https://codereview.chromium.org/2863643004
Cr-Commit-Position: refs/heads/master@{#45143}
2017-05-05 16:44:45 +00:00
ochang
3f4536894a d8: Make in process stack dumping optional
Adds a flag (--disable-in-process-stack-traces) to not install
signal handlers so that e.g. ASan signal handlers will work.

This flag mirrors chromium's one.

R=jochen@chromium.org
BUG=chromium:716235

Review-Url: https://codereview.chromium.org/2854173002
Cr-Commit-Position: refs/heads/master@{#45142}
2017-05-05 16:00:27 +00:00
jgruber
f0e95769db [string] Move String.p.toLowerCase to CSA
This CL migrates the CPP builtin to CSA with fast paths for strings
that can be unpacked to direct one-byte strings. Short strings are
handled directly in CSA, others need to call into C for conversion.

Microbenchmarks for "abcd".toLowerCase() show speedups of 2.5x.

BUG=v8:6353,v8:6344

Review-Url: https://codereview.chromium.org/2859203002
Cr-Commit-Position: refs/heads/master@{#45141}
2017-05-05 15:59:08 +00:00
jkummerow
1cda1732a7 [js-perf-tests] Fix PropertyQueries test for fast-delete
Forcing an object into dictionary mode now requires deleting
a property that's not the last property.

BUG=chromium:718816
NOTRY=true

Review-Url: https://codereview.chromium.org/2860403002
Cr-Commit-Position: refs/heads/master@{#45140}
2017-05-05 15:57:36 +00:00
ulan
02a7c020bd [heap] Reland "Prepare IncrementalMarking::VisitObject for concurrent marking."
Currently the VisitObject function iterates the object and then colors
it black. This does not work well with concurrent marking. The function
should instead first try to mark the object black and iterate its body
only if the color transition succeeds.

BUG=chromium:694255
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_rel_ng

Review-Url: https://codereview.chromium.org/2863933002
Cr-Commit-Position: refs/heads/master@{#45139}
2017-05-05 14:56:12 +00:00
ulan
b1d96fa1d4 [heap] Reland Use atomic marking operations in incremental marking if
concurrent marking is enabled.

This patch adds kAtomicity flag to IncrementalMarking that is set
depending on the concurrent marking compile time flag.

BUG=chromium:694255
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_rel_ng

Review-Url: https://codereview.chromium.org/2858343003
Cr-Commit-Position: refs/heads/master@{#45138}
2017-05-05 13:59:32 +00:00
Ilija.Pavlovic
b9cebf8c9e Fix tracing in escape-analysis.cc.
With this adaptation build V8 in Debug mode will be finished without
error messages.

TEST=
BUG=

Review-Url: https://codereview.chromium.org/2861143002
Cr-Commit-Position: refs/heads/master@{#45137}
2017-05-05 13:19:41 +00:00
ulan
db13d8014f [heap] Reland "Make non-atomic markbit operations consistent with atomic ones."
Now non-atomic color transition operations return a boolean indicating
whether the transition succeeded or not.

This allows to replace color check and transition operations with a
single transition operation. For example:

if (IsWhite(object)) {
  WhiteToBlack(object);
  Foo();
}

becomes

if (WhiteToBlack(object)) {
  Foo();
}

BUG=chromium:694255
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_rel_ng

Review-Url: https://codereview.chromium.org/2863703004
Cr-Commit-Position: refs/heads/master@{#45136}
2017-05-05 13:14:02 +00:00
Mythri
919530ac54 Remove a jump in StrictEqual stub when type feedback is not required.
CodeStubAssembler::StrictEqual is modified to collect type feedback when
requested (https://chromium-review.googlesource.com/c/483399/). There 
are a couple of Gotos introduced in that cl, which are only necessary
when collecting type feedback. Changed it to generate these Gotos only
whencollecting type feedback.

Bug: v8:4280
Change-Id: I322a6065efcfb601bd9f5dc25be6e6bb00b2d1c0
Reviewed-on: https://chromium-review.googlesource.com/496268
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45135}
2017-05-05 13:11:12 +00:00
Michael Starzinger
2ed278f04a [asm.js] Fix checking of "fround" in parameter annotation.
R=clemensh@chromium.org
TEST=mjsunit/asm/regress-718745
BUG=chromium:718745

Change-Id: I4d31e90d7a2bbb1d07ce946682a95582f63c7e27
Reviewed-on: https://chromium-review.googlesource.com/497469
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45134}
2017-05-05 12:45:53 +00:00
Toon Verwaest
642478bb42 [csa] Add Array.prototype.pop fast path
Bug: v8:6364,v8:6344
Change-Id: I13bf1ec89a17c64b38b757694ee8b7df30d4f45f
Reviewed-on: https://chromium-review.googlesource.com/497428
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45133}
2017-05-05 12:44:48 +00:00
Wiktor Garbacz
9a572e1d5f [parse tasks] Fix arrow function parameters handling.
Formal parameters of an arrow function are parsed even if the function
itself is preparsed. It is because we don't know if it is an arrow
function parameter list or just comma separated expression list.
When we parse:
 (a, b = (function c() { return a; })())
call to function c may be just part of an assignment in an expression
list, but if it's followed by:
 => { return b; }
It is an arrow function and the call to c is a default parameter.
Before we see the arrow we might have already created a parse task
to parse function c.

BUG=v8:6093

Change-Id: I59a59acfdbbfd808dab1518060748be2addcd54a
Reviewed-on: https://chromium-review.googlesource.com/493347
Commit-Queue: Wiktor Garbacz <wiktorg@google.com>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45132}
2017-05-05 12:14:22 +00:00
Tobias Tebbi
fbd7754947 [turbofan] escape analysis: delete broken function ProcessLoadFromPhi
Bug: 
Change-Id: I4fbdb402ecc0403edafaba8ae910e28f3808d3f8
Reviewed-on: https://chromium-review.googlesource.com/497470
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45131}
2017-05-05 12:13:17 +00:00
Clemens Hammacher
3d76d2a2dc [cctest] Refactor CallHelper to use variadic templates
Instead of explicitly instantiating six copies of each function for
zero to five arguments, define them as variadic template.
This avoids the arbitrary limit to five arguments, and avoids lots of
code duplication.

Drive-by fix: [iwyu] Add missing include.

R=mstarzinger@chromium.org

Change-Id: Id7edde3611ddfade16c7afbbf4b9000cedd76468
Reviewed-on: https://chromium-review.googlesource.com/496247
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45130}
2017-05-05 12:05:45 +00:00
Michael Starzinger
d380c7da6d [asm.js] Fix validation failure in module variable import.
R=clemensh@chromium.org
TEST=message/asm-import-wrong-object
BUG=chromium:718653

Change-Id: Ib903d7041ffb6a67c1b3c7be3e0f9455229acd90
Reviewed-on: https://chromium-review.googlesource.com/497747
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45129}
2017-05-05 11:39:06 +00:00
hpayer
8833af23e9 [heap] Memory reducer calls GC with kGCCallbackFlagCollectAllExternalMemory flag.
BUG=chromium:718484

Review-Url: https://codereview.chromium.org/2863943002
Cr-Commit-Position: refs/heads/master@{#45128}
2017-05-05 11:24:02 +00:00
ulan
b7b3781b87 Revert of [heap] Reland "Make non-atomic markbit operations consistent with atomic ones." (patchset #2 id:20001 of https://codereview.chromium.org/2860323003/ )
Reason for revert:
box2d failures on buildbot

Original issue's description:
> [heap] Reland "Make non-atomic markbit operations consistent with atomic ones."
>
> Now non-atomic color transition operations return a boolean indicating
> whether the transition succeeded or not.
>
> This allows to replace color check and transition operations with a
> single transition operation. For example:
>
> if (IsWhite(object)) {
>   WhiteToBlack(object);
>   Foo();
> }
>
> becomes
>
> if (WhiteToBlack(object)) {
>   Foo();
> }
>
> BUG=chromium:694255
>
> CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_rel_ng
>
> Review-Url: https://codereview.chromium.org/2860323003
> Cr-Commit-Position: refs/heads/master@{#45123}
> Committed: c0a65cd295

TBR=mlippautz@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:694255

Review-Url: https://codereview.chromium.org/2863953002
Cr-Commit-Position: refs/heads/master@{#45127}
2017-05-05 11:17:15 +00:00
Ilija.Pavlovic
d7f7c32424 Enable build with shared libraries.
This adaptation will allow build v8 when the component is defined as
shared library. Without this, at linking phase of the unittests will be
displayed error messages for undefined references.

TEST=
BUG=

Review-Url: https://codereview.chromium.org/2853483002
Cr-Commit-Position: refs/heads/master@{#45126}
2017-05-05 10:59:39 +00:00
Michael Starzinger
25959abf79 [asm.js] Ensure proper encapsulation of "asmjs" component.
This makes sure that only the "asm-js.h" header is exposed to outside
the directory holding the asm.js validator. It ensures that internals
don't leak out of that component, unless they are explicitly exposed
through the defined interface.

R=clemensh@chromium.org
BUG=v8:6127

Change-Id: I7c41782254cfce102af8edf4356205cfca904e60
Reviewed-on: https://chromium-review.googlesource.com/496147
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45125}
2017-05-05 10:36:26 +00:00
bmeurer
516d8438ad [js] Avoid %_ClassOf for collection builtins.
The collection builtins (Map, Set, WeakMap, WeakSet) are still written
in JavaScript and make heavy use of %_ClassOf, which is kind of
expensive compared to a simple instance type check. Change that to use
simple instance type checks instead.

R=jarin@chromium.org
BUG=v8:6261,v8:6278,v8:6344

Review-Url: https://codereview.chromium.org/2814773005
Cr-Original-Commit-Position: refs/heads/master@{#45106}
Committed: 28170099fd
Review-Url: https://codereview.chromium.org/2814773005
Cr-Commit-Position: refs/heads/master@{#45124}
2017-05-05 10:22:17 +00:00
ulan
c0a65cd295 [heap] Reland "Make non-atomic markbit operations consistent with atomic ones."
Now non-atomic color transition operations return a boolean indicating
whether the transition succeeded or not.

This allows to replace color check and transition operations with a
single transition operation. For example:

if (IsWhite(object)) {
  WhiteToBlack(object);
  Foo();
}

becomes

if (WhiteToBlack(object)) {
  Foo();
}

BUG=chromium:694255

CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_rel_ng

Review-Url: https://codereview.chromium.org/2860323003
Cr-Commit-Position: refs/heads/master@{#45123}
2017-05-05 10:16:01 +00:00
Michael Achenbach
56352067f2 [test] Skip more flaky tests
TBR=alph@chromium.org
NOTRY=true

Bug: v8:5193
Change-Id: Ie3d4e67314c80cd1806ba97ac1700b9a95918f73
Reviewed-on: https://chromium-review.googlesource.com/497748
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45122}
2017-05-05 10:08:10 +00:00
Peter Marshall
4d611d1dc3 [builtins] Use the byte_length for byte length, not byte_offset.
length != offset.

Bug: chromium:718285
Change-Id: I150af1473cb5180c242f3817b940fa1cf1c49cea
Reviewed-on: https://chromium-review.googlesource.com/497727
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45121}
2017-05-05 09:57:17 +00:00
Tobias Tebbi
d871c5ba80 [turbofan] fix escape analysis divergence on Air benchmark
When a virtual object passes by a store node that updates a field to the existing value, then the object and its state were not copied, which lead to the original object being passed on. 
If then later the store actually modifies and copies the virtual object, this new copy is not passed down the effect chain, so subsequent nodes still refer to the original virtual object and try to update it once new information flows in.
This conflicts with updates on the node that originally created the virtual object, leading to divergence.

Bug: v8:6345
Change-Id: Iab1ce98a60b48478b343eae765c80bdfcb8ba390
Reviewed-on: https://chromium-review.googlesource.com/496267
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45120}
2017-05-05 09:33:17 +00:00
Michael Starzinger
2238a16c69 [asm.js] Remove AST-based asm.js validator implementation.
R=clemensh@chromium.org
BUG=v8:6127

Change-Id: I6a098151fef14c0c76c1762d99316a3ae7d12a8e
Reviewed-on: https://chromium-review.googlesource.com/496266
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45119}
2017-05-05 08:57:35 +00:00
Michael Achenbach
0c590f45a8 Revert https://codereview.chromium.org/2857713002 and dependencies
Revert "[heap] Make non-atomic markbit operations consistent with atomic ones."

This reverts commit dd37366fb5

Revert "[heap] Use atomic marking operations in incremental marking if"

This reverts commit 1f2c3596e9

Revert "[heap] Prepare IncrementalMarking::VisitObject for concurrent marking."

This reverts commit 00d1e2cf76

Revert "[heap] Use shared markbits in the concurrent marker."

This reverts commit b0db0541ee

https://codereview.chromium.org/2857713002 blocks the current roll:
https://codereview.chromium.org/2857423002/

Doesn't revert cleanly.

NOTRY=true
TBR=ulan@chromium.org

Bug: chromium:694255
Change-Id: Iada35af5c2529cd9e604802700604b16cc30aa2d
Reviewed-on: https://chromium-review.googlesource.com/497387
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45118}
2017-05-05 06:57:45 +00:00
v8-autoroll
d21326d5c4 Update V8 DEPS.
Rolling v8/build: cef928f..0fffbdf

Rolling v8/third_party/catapult: 0d00147..d9a6925

Rolling v8/tools/clang: dc087f5..ae881aa

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Change-Id: I0b4fc50a1ad132b27b2fc484c75ab70995b73a38
Reviewed-on: https://chromium-review.googlesource.com/497286
Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45117}
2017-05-05 03:30:38 +00:00
Daniel Ehrenberg
c299fee21c [parser] Fix parse errors for async arrow function edge cases
New test262 tests bring up a couple cases with async arrow functions
that V8 didn't seem to handle properly; this patch makes those cases
errors:
- async (...x,) => y -- Rest parameter must be last formal parameter
- async (...x = z) => y -- No default value for rest parameter
- async (...x, y) => z -- Rest parameter must be last formal parameter

Bug: v8:4483, v8:5051
Change-Id: I024d9ba0c854e8e5e75283df2ee53127b1be090d
Reviewed-on: https://chromium-review.googlesource.com/496057
Commit-Queue: Daniel Ehrenberg <littledan@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Caitlin Potter <caitp@igalia.com>
Cr-Commit-Position: refs/heads/master@{#45116}
2017-05-04 22:43:42 +00:00
Jungshik Shin
6545911f30 Handle private / grandfathered tags gracefully for case-conversion
Bug=v8:6083
Test=intl/general/case-mapping.js

Change-Id: I254c54520262298d6843948654d1dc4583b0c245
Reviewed-on: https://chromium-review.googlesource.com/496886
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Jungshik Shin <jshin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45115}
2017-05-04 22:40:42 +00:00
Jungshik Shin
2bb21e169a resolvedTimezone for Etc/UTC should be UTC per Ecma 402
http://unicode.org/cldr/trac/ticket/9943 added a new separate timezone
ID (Etc/UTC) distinct from "Etc/GMT" even though their behavior is
identical. This CLDR change led v8 to violate Ecma 402 requirement that
resolvedOptions().timeZone for DateTimeFormat be "UTC" for "Etc/UTC"
, "Etc/GMT", "GMT" and "UTC".

This CL made v8 compliant to Ecma 402 again.

Bug=v8:6252
TEST=intl/date-format/timezone
Change-Id: Ibe5d3a2a09680ae00de0d73d123a389710c15af0

Change-Id: Ibe5d3a2a09680ae00de0d73d123a389710c15af0
Reviewed-on: https://chromium-review.googlesource.com/496406
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Commit-Queue: Jungshik Shin <jshin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45114}
2017-05-04 21:17:39 +00:00
jarin
f47572f3a7 [turbofan] Avoid creating singleton state-values for the accumulator.
This saves about 5% of memory and node count consumed by graph building
on the TypeScript benchmark. High watermark goes down by 3-4%.

BUG=v8:5267

Review-Url: https://codereview.chromium.org/2829093002
Cr-Commit-Position: refs/heads/master@{#45113}
2017-05-04 19:35:13 +00:00
Mircea Trofin
f5ff422b83 [wasm] Ensure sync (forward) tasks execute in a context.
We need the job_'s context to reify errors, for example.
Some tasks already managed their context, so centralized
that logic in a SyncCompileTask all sync tasks derive from.

Bug: 
Change-Id: I90f462476b47bb8d5777db93d8dfb5c72fbd885b
Reviewed-on: https://chromium-review.googlesource.com/495392
Commit-Queue: Mircea Trofin <mtrofin@google.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45112}
2017-05-04 19:10:18 +00:00