Commit Graph

56671 Commits

Author SHA1 Message Date
Maciej Goszczycki
8a437788b9 [roheap] Set owner_ to nullptr for read-only chunks
As it stands most of ReadOnlySpace class's method are unusable once it
has been sealed, since all of its pages are read-only. Set owner_ to null
to ensure nothing unintentionally uses it.

This also helps with separating the ReadOnlySpace from the Heap class in
the future as ReadOnlySpace might not inherit from Space.

Bug: v8:7464
Change-Id: I3b24f20c644d6f5e23647bc1de4d256a20a0eb19
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1637800
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
Cr-Commit-Position: refs/heads/master@{#61979}
2019-06-04 12:06:12 +00:00
Georg Neis
780c869981 [turbofan] Include dead serializer environments in trace
It's very helpful to know when they die.

Bug: v8:7790
Change-Id: I08a369da7eb19d46ecdc02b404b0085d6410ab4d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1643168
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61978}
2019-06-04 11:39:12 +00:00
Georg Schmid
021ce3b5d9 Disable double const store check to see impact on canary
R=tebbi@chromium.org

Bug: chromium:964833
Change-Id: I798f7c38eacaa16011ab7cc9ac4dea066078fbb5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1643170
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Georg Schmid <gsps@google.com>
Cr-Commit-Position: refs/heads/master@{#61977}
2019-06-04 08:57:55 +00:00
Gopesh Kumar Chaudhary
9c3546889c PPC/AIX : skip regex test case
Regex test cases fails on AIX debug due to stack-overflow.

R=miladfar@ca.ibm.com, joransiu@ca.ibm.com, jyan@ca.ibm.com

Bug: 
Change-Id: I217ad3d61fa8d7572cc0c7e25efa63065552f99a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1625836
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61976}
2019-06-04 07:20:08 +00:00
v8-ci-autoroll-builder
fffb8c54be Update V8 DEPS.
Rolling v8/build: a3b6390..c66b31d

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/5b31e69..fd813d1

Rolling v8/third_party/depot_tools: c38806b..0183a1f

TBR=machenbach@chromium.org,sergiyb@chromium.org,tmrts@chromium.org

Change-Id: I2d3652b0533a0ba4c0b22a58c1fd23dc367ae814
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1640830
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#61975}
2019-06-04 03:28:38 +00:00
Johannes Henkel
33d6e65618 Remove unused method parseProtocolMessage in string-util.h.
Change-Id: I05d69c8971352276c2d399f458f8f7ae6c2689c2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1639575
Auto-Submit: Johannes Henkel <johannes@chromium.org>
Commit-Queue: Johannes Henkel <johannes@chromium.org>
Commit-Queue: Alexei Filippov <alph@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61974}
2019-06-03 23:07:48 +00:00
Johannes Henkel
4d5dd3dbf0 In inspector session, convert incoming messages to cbor and
serialize outgoing messages via cbor to json if needed.

Change-Id: I6d0300ddc27e365b16671d19922f467e09adcc54
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1636681
Reviewed-by: Alexei Filippov <alph@chromium.org>
Commit-Queue: Johannes Henkel <johannes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61973}
2019-06-03 21:12:39 +00:00
Simon Zünd
8dcf591ffc [torque] Remove VSCode Torque extension from tools/
The extension moved to a separate Github repository found at:
https://github.com/v8/vscode-torque

The extension is best installed via the VSCode Marketplace:
https://marketplace.visualstudio.com/items?itemName=v8-torque.vscode-torque

R=tebbi@chromium.org

Bug: v8:8880
Change-Id: I38e1bc7c912002b37d367beac10fb57c58763844
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1640198
Auto-Submit: Simon Zünd <szuend@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61972}
2019-06-03 21:10:39 +00:00
Bill Budge
f953ee1aeb [api.cc] Eliminate multiple calls to Utils::OpenHandle in functions
- Changes functions that call OpenHandle multiple times to assign a
  local and use it the second time.

Change-Id: Ibc7e881158dc6aec489e3f30690da8982014d52a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1636459
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61971}
2019-06-03 18:13:05 +00:00
Seth Brenith
29ec00872e [torque] Remove some uses of @noVerifier
Implemented verifiers for the following classes:
- ExternalString
- FixedArrayBase
- JSCollection
- JSCollectionIterator
- JSWeakCollection
- Name
- SeqString
- Struct

Removed the following class definitions from Torque, because they're
just JSObject instances with particular starting maps, as discussed in
https://crrev.com/c/v8/v8/+/1619146/6/src/builtins/base.tq#459 :
- JSAccessorPropertyDescriptor
- JSDataPropertyDescriptor
- JSIteratorResult

Following similar logic, removed the Torque definition of
WasmExceptionPackage because it's just an error object that happens to
have a couple of private-symbol properties.

The following classes should not be defined in Torque because they're
just a starting state for JSObject, but I'm leaving them for now because
existing Torque code requires them:
- JSArgumentsObjectWithLength
- JSProxyRevocableResult

Bug: v8:9311
Change-Id: I0336b6be7d02e48e4a8a0f660e24d2c2fa5f5e34
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1637448
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61970}
2019-06-03 17:56:25 +00:00
Z Nguyen-Huu
877257a8ac add micro-benchmark for Proxy with isExtensible trap
Bug: v8:6664
Change-Id: Ie320264cfba8c33c90405bb009f584b8e2b3d8ce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1637660
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#61969}
2019-06-03 16:54:16 +00:00
Frank Tang
9a52cc116b Refactor to remove dup code.
Bug: v8:9300
Change-Id: I8eee82f41e19858f1688c64e6bc6800e26db6050
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1638257
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61968}
2019-06-03 16:04:33 +00:00
Maciej Goszczycki
a642ba6f10 [cleanup] Remove unused LocalArrayBufferTracker::space
Bug: v8:9183
Change-Id: I583915848435b6ad3f42c320b72b7bb1a4eb2444
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1640207
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
Cr-Commit-Position: refs/heads/master@{#61967}
2019-06-03 14:23:36 +00:00
Michael Achenbach
d757e4744c [build] Add header-includes check to gcc builders
Bug: v8:9290
Change-Id: I0f1558231cdb71e3d84b123f9663be66f9101c6c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1637464
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61966}
2019-06-03 13:49:04 +00:00
Clemens Hammacher
f535163125 [iwyu] Add missing forward declaration
The missing forward declaration made include header checks fail on gcc:
https://crrev.com/c/1637464

R=ishell@chromium.org

Bug: v8:9290,  v8:7490,  v8:9183
Change-Id: I7e513c04297982e403783e7ea7341b271c4fef72
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1640214
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61965}
2019-06-03 13:32:24 +00:00
Clemens Hammacher
1cf2b4662d Revert "[roheap] Enable shared ro-heap by default if ptr compression is disabled"
This reverts commit 81abe8f7b6.

Reason for revert: Fails several bots, e.g. https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/26780

Original change's description:
> [roheap] Enable shared ro-heap by default if ptr compression is disabled
> 
> Shared read-only heap is currently incompatible with pointer compression.
> Enable sharing only if pointer compression is disabled.
> 
> Bug: v8:7464
> Change-Id: I0866ac288a34eb92fc227e8beba57f4d72a69ef0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1635509
> Reviewed-by: Dan Elphick <delphick@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
> Cr-Commit-Position: refs/heads/master@{#61963}

TBR=rmcilroy@chromium.org,delphick@chromium.org,goszczycki@google.com

Change-Id: If450c8a7530763e69eaddb53583f890a467f4724
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7464
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1640216
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61964}
2019-06-03 13:00:58 +00:00
Maciej Goszczycki
81abe8f7b6 [roheap] Enable shared ro-heap by default if ptr compression is disabled
Shared read-only heap is currently incompatible with pointer compression.
Enable sharing only if pointer compression is disabled.

Bug: v8:7464
Change-Id: I0866ac288a34eb92fc227e8beba57f4d72a69ef0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1635509
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
Cr-Commit-Position: refs/heads/master@{#61963}
2019-06-03 12:35:47 +00:00
Santiago Aboy Solanes
d938123934 [ptr-compr][CSA] Removing tests that used explicit (De)Compress functions
Following up on https://chromium-review.googlesource.com/c/v8/v8/+/1637879,
this CL removes the tests that used explicit Compress/Decompress functions
in CSA

Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:7703
Change-Id: I063678a732545eb505fa752612242ceeb42be823
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1640206
Auto-Submit: Santiago Aboy Solanes <solanes@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61962}
2019-06-03 11:58:27 +00:00
Sigurd Schneider
cf1c581534 [torque] Refactor naming convention error handling
Change-Id: I99eb206d6c8ea206bc5451b97c5e59a28d9b75a7
Bug: v8:7793
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1640205
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Auto-Submit: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61961}
2019-06-03 11:44:27 +00:00
Yang Guo
8f4845117b Remove 'set noparent' from OWNERS files where reasonable
R=rmcilroy@chromium.org
NOPRESUBMIT=true

Bug: v8:9247
Change-Id: I355ac92c323ab34e1898c0764856ebadc3357dcc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1635691
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61960}
2019-06-03 10:18:22 +00:00
Yang Guo
7da5cc3f18 Remove COMMON_OWNERS from top-level OWNERS
Bug: v8:9247
Change-Id: Ieae700aa01261c712e3ac22967fe3c59988c25c6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1635892
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61959}
2019-06-03 09:43:05 +00:00
Simon Zünd
d121475bd6 [refactoring] Make Torque LS unittests more robust
This CL changes "MessageWriter" type to std::function instead of a
plain function pointer. This allows capturing lambdas, which in turn
are used to make unittests more robust.

R=sigurds@chromium.org

Bug: v8:8880
Change-Id: I9d71ddcac173af36e5b62852f2a9ec6dcfac9f78
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1640201
Commit-Queue: Simon Zünd <szuend@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Auto-Submit: Simon Zünd <szuend@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61958}
2019-06-03 09:37:01 +00:00
Clemens Hammacher
3410d14204 [wasm] Postpone trap handler registration until publish
Trap handler registration happens under a spin lock, which causes lots
of wasted cycles. With 48 background compilation threads, half of the
wall-clock time is being spent on that spin lock.
Moving this registration inside {PublishCodeLocked} avoids any lock
contention (if a single module is being compiled), since we already
sequentialize code publication. This speeds up background compilation
for large numbers of background tasks, and has no measurable effect for
small numbers.

R=ahaas@chromium.org

Bug: v8:8916
Change-Id: I572b53b9b581e4d5f6e441f6685350017d08d0be
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1634928
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61957}
2019-06-03 08:55:55 +00:00
Ulan Degenbaev
27ca3b3ddd [heap] Fix a DCHECK after b09807
Change-Id: I839de4a0c96347728abc5a0a9f7e2c4f9678133b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1640200
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61956}
2019-06-03 08:42:14 +00:00
Ross McIlroy
fa4df2411f [ptr-compr] Remove explicit Compress/Decompress functions for CSA.
Code stub assembler does implicit compression / decompression when loading values from
the heap. As a result, we shouldn't expose explicit compress / decompress operators.

BUG=v8:7703

Change-Id: I72b7b862b48f19e918db0e283d1be065a2651b44
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1637879
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61955}
2019-06-03 08:18:35 +00:00
Jun Lim
777bed9697 [arm64] Set min jumpable size to 4 for Switch
This CL avoid lowering Switch to jumptable if the case count is small enough(4).

Change-Id: Ida632807558c7403171e803947e7484908e0e028
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1605357
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Martyn Capewell <martyn.capewell@arm.com>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61954}
2019-06-03 08:11:15 +00:00
v8-ci-autoroll-builder
48483df07d Update V8 DEPS.
Rolling v8/build: 355210a..a3b6390

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/b8451b7..5b31e69

Rolling v8/third_party/depot_tools: bad01ad..c38806b

Rolling v8/third_party/icu: 64e5d7d..9f0f47b

Rolling v8/tools/clang: 1f646a8..7ee072e

TBR=machenbach@chromium.org,sergiyb@chromium.org,tmrts@chromium.org

Change-Id: Iea3df2d17dc375327cec3fbfe86e0cd2274a05c9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1640689
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#61953}
2019-06-03 03:38:06 +00:00
Frank Tang
6e558e9e09 [Intl] Add test cases for %%ALIAS locales
Bug: v8:9312, chromium:968269
Change-Id: I0e3d134cd4341c30277df62fead6386e344be0bf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1636179
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61952}
2019-05-31 21:37:08 +00:00
Michael Achenbach
8f2f9797d9 Whitespace change to trigger builders
Change-Id: If2610987b66324a4b77531628c5058c3b31b8718
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1637463
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61951}
2019-05-31 15:36:37 +00:00
Santiago Aboy Solanes
a31b36e0a1 [ptr-compr][turbofan][CSA] Adding the CompressedHeapConstant node
CompressedHeapConstant is used in the DecompressionElimination Reducer to
create compressed HeapConstant values. It won't appear in the graph
up until that point.

This CL enables back the disabled tests in DecompressionElimination, as
well as generating the CompressedHeapConstant in that reducer.

The RelocInfo has already been added for x64 but not for arm64. Therefore,
the x64 version is now doing the mov on 32 bits. The support for ARM will
come in a following CL, and for now it is doing the mov in 64 bits.

Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:8977, v8:7703, v8:9298
Change-Id: If0ca4f937cfa60501679e66f6fd5ded2df38f605
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1632236
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61950}
2019-05-31 15:11:20 +00:00
Mythri A
3e90eee96b [turbofan] Allow polymorphic inlining for Array push / pop / shift
Array push / pop / shift were inlined if the elements kind of the
receiver maps is the same. This cl extends it by inlining these
builtins even when the receiver maps have different elements kinds.
It still limits it to only fast elements kinds. This is required to
prevent regressions in deltablue when lazy feedback allocation is
enabled. With lazy feedback allocation we may see polymorphic
feedback more often, since we don't have allocation site feedback
till the feedback vectors are allocated.

Bug: v8:9078
Change-Id: Id4a7b84be6305b125913b6ce0fb4f3eb3e3b15ec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1632239
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61949}
2019-05-31 14:35:08 +00:00
Benedikt Meurer
40c6892643 [feedback-vector] Don't go MEGAMORPHIC due to dying handlers.
This fixes a problem where ICs for transitioning stores go MEGAMORPHIC
if the transition target map dies in between invocations of the IC,
which is totally possible, since we only hold on weakly to these
transition targets (both from the FeedbackVectors and also from the
TransitonArrays).

The root problem here was an inconsistency in how the maps and handlers
are being reported by the FeedbackVector. On the on hand side the method
FeedbackVector::ExtractMaps() will report all receiver maps that are
still present (i.e. which haven't died themselves), but then the other
method FeedbackVector::FindHandlers() will only report handlers that are
still alive (i.e. which in case of transition target maps being used as
handlers haven't died yet). If the length of these lists don't match the
IC chickens out and goes MEGAMORPHIC. But this is exactly the case with
the transitioning stores, where there's no handler anymore, i.e. as can
be seen in this simple example:

```
// Flags: --expose-gc
function C() { this.x = 1; }
new C();
new C();
gc();     // map with the `C.x` property dies
new C();  // now the STORE_IC in C goes MEGAMORPHIC
```

So the problem is that we have these two methods that don't agree with
each other. Now FeedbackVector::ExtractMaps() is also used by TurboFan
and it even reports receiver maps for PREMONOMORPHIC state, which is
different from the use case that the ICs need. So I replaced the
FeedbackVector::FindHandlers() with a completely new method
FeedbackVector::ExtractMapsAndHandlers(), which returns both the maps
and handlers, exactly as the ICs need it. And only returns pairs for
which both the receiver map and the handler are still alive.

This fixes the odd problem that sometimes STORE_ICs going MEGAMORPHIC
for no apparent reason. Due to the weakness of the transition target
maps, they can still die and cause deoptimizations, but at least
TurboFan will now be able to reoptimize again later with the new maps
and still generate proper code.

Bug: v8:9316
Cq-Include-Trybots: luci.chromium.try:linux-rel,win7-rel
Change-Id: I74c8b60f792f310dc813f997e69efe9ad434296a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1637878
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61948}
2019-05-31 13:51:29 +00:00
Ulan Degenbaev
b098074891 [heap] Simplify computation of max semi-space size.
The size is now computed as a fraction of the old space size:
- for low memory devices (<512MB) the fraction is 1 / 256.
- for all other devices the fraction is 1 / 128.

The values were chosen to minimize the difference between the new
and the old heuristics.

Bug: v8:9306

Change-Id: I3246fe2d6fc589af6220e2566e3f10fb13470b82
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1632158
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61947}
2019-05-31 13:33:28 +00:00
Maciej Goszczycki
b5a0e7d942 [heap] Update HeapIterator and space iterator APIs to match other iterators
This makes the API more consistent and reduces the cognitive load of
switching between 'next' and 'Next'.

Bug: v8:9183
Change-Id: Ia81b874374626887d6af8c90f8ac185812f0573f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1635689
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
Cr-Commit-Position: refs/heads/master@{#61946}
2019-05-31 12:59:07 +00:00
Milad Farazmand
5d2bebfed8 PPC/s390: [Liftoff] Add histogram for bailout reasons
Port c354fb9cda

Original Commit Message:

    This CL adds a new enum {LiftoffBailoutReason}, and tracks this reason
    for each bailout. This will give us data to prioritize extensions of
    Liftoff for new proposals or last missing instructions. Since we also
    track the {kSuccess} case, we will also see what percentage of
    functions can be compiled with Liftoff overall.

R=clemensh@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: Iaf93d59780f62f03ccdcd5368ce4331e8b496f52
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1638004
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#61945}
2019-05-31 12:55:37 +00:00
Michael Achenbach
9c3f9ef350 [test] Switch off detect_stack_use_after_return on windows asan
Bug: chromium:967663
Change-Id: I1f2176dfeb435d10cc5c24cbba77119575315f03
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1635893
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61944}
2019-05-31 12:27:27 +00:00
Maciej Goszczycki
ad6bc4852d [cleanup] Remove unreachable code in PagedSpaces
counter_ could never be RO_SPACE. Make sure RO_SPACE and OLD_SPACE are
marked as unreachable.

Added tests for PagedSpaces and SpaceIterator.

Bug: v8:9183
Change-Id: I97bc2b4e0e5af37363a1c628ca7d69d2790a97b4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1635696
Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61943}
2019-05-31 11:31:17 +00:00
Maciej Goszczycki
f993a9c9cc [roheap] Inform lsan of leaked objects during read-only space set up
Without this, asan (rightfully) complains about read-only space leaking.

Because pages are manually allocated using mmap, a few objects within
them need to be explicitly ignored in addition to the read-only heap
itself.

This change re-adds lsan.h, with tweaks to make the type checking a bit
more lenient.

Bug: v8:7464
Change-Id: I0e2809930f3674e3f891e755b568ebb5194da461
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1622121
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
Cr-Commit-Position: refs/heads/master@{#61942}
2019-05-31 11:14:17 +00:00
Maciej Goszczycki
17f741181c [cleanup] Remove unused 'executable' argument from InitializePage
Bug: v8:9183
Change-Id: I53ad134b6dc8611ba439b78f27bfc8e56a82169e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1635697
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
Cr-Commit-Position: refs/heads/master@{#61941}
2019-05-31 10:13:00 +00:00
Maciej Goszczycki
0086810381 [roheap] Switch to ReadOnlyHeap::Contains everywhere
ReadOnlySpace::Contains uses owner() which will eventually be set to
nullptr. Use ReadOnlyHeap::Contains instead.

Bug: v8:7464
Change-Id: I2b33c40b937768ff06536fb17be8d57727a8dd22
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1635695
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
Cr-Commit-Position: refs/heads/master@{#61940}
2019-05-31 10:11:50 +00:00
Clemens Hammacher
c354fb9cda [Liftoff] Add histogram for bailout reasons
This CL adds a new enum {LiftoffBailoutReason}, and tracks this reason
for each bailout. This will give us data to prioritize extensions of
Liftoff for new proposals or last missing instructions. Since we also
track the {kSuccess} case, we will also see what percentage of
functions can be compiled with Liftoff overall.

R=mstarzinger@chromium.org
CC=jwd@chromium.org

Change-Id: I42b6a14c5a298ddda7053c195e8b650dc1fe66dc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1634910
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61939}
2019-05-31 09:22:50 +00:00
Benedikt Meurer
2f37999438 [map] Remove Map::has_hidden_prototype().
The `FunctionTemplate::SetHiddenPrototype()` API was removed in a
previous CL, after being deprecated since beginning of the year. This
removes all the logic behind it, leaving us with just the special case
of the JSGlobalProxy which has the JSGlobalObject as its hidden prototype.

This gives us back one bit in `Map::bit_field2` and removes quite a bit
of complexity from the code base (especially due to previous work from
verwaest@ in this area).

Bug: v8:9267
Change-Id: Id04b59686212fe35a63c9451aa3e045f0766b9cc
Cq-Include-Trybots: luci.chromium.try:linux-rel,win7-rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619752
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61938}
2019-05-31 09:01:00 +00:00
Jaroslav Sevcik
8839d8f6e3 [turbofan] Rename Float64 truncation to OddballAndBigIntToNumber.
Truncation::Float64 is confusing; in reality, we mean that oddballs
and big-ints are identified with their ToNumber counterparts.

Bug: v8:9183
Change-Id: Ibcce990327ac7e01e36a2237ad39c374ac9922aa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1632224
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61937}
2019-05-31 08:20:20 +00:00
Yang Guo
088eda6235 Add missing owners files
R=rmcilroy@chromium.org

Bug: v8:9247
Change-Id: I2644436fd44ecf0e206a81cf28071cccb49793df
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1635690
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61936}
2019-05-31 07:21:01 +00:00
v8-ci-autoroll-builder
dc152a7386 Update wasm-spec.
Rolling v8/test/wasm-js/data: bc7d300..41747be

Remove extraneous copyright from bikeshed document (#1030) (Ben Smith)
https://chromium.googlesource.com/external/github.com/WebAssembly/spec/+/41747be

[test/interpreter] Rounding edge cases for float literals (#1025) (Andreas Rossberg)
https://chromium.googlesource.com/external/github.com/WebAssembly/spec/+/4bf74f6

Editorial: Remove links from Number, Object when checking types (Daniel Ehrenberg)
https://chromium.googlesource.com/external/github.com/WebAssembly/spec/+/b8faae7

[interpreter] Fix edge cases for f32_convert_i64 (#1021) (Andreas Rossberg)
https://chromium.googlesource.com/external/github.com/WebAssembly/spec/+/356886f

[spec] Address feedback on section 4 (#1022) (Andreas Rossberg)
https://chromium.googlesource.com/external/github.com/WebAssembly/spec/+/9fd0547

[spec] Tweak wording (#966) (Andreas Rossberg)
https://chromium.googlesource.com/external/github.com/WebAssembly/spec/+/a0e1a7e

[spec][js-api] Fix some links (#1020) (Ben Smith)
https://chromium.googlesource.com/external/github.com/WebAssembly/spec/+/39646d1

TBR=ahaas@chromium.org,clemensh@chromium.org

Change-Id: I543114a3147fac367f9e03962b7cbbad172c9fd8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1638223
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#61935}
2019-05-31 04:38:40 +00:00
v8-ci-autoroll-builder
7a0b4b9f34 Update V8 DEPS.
Rolling v8/build: 19aa2f3..355210a

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/7760fd2..b8451b7

Rolling v8/third_party/depot_tools: 9779b14..bad01ad

Rolling v8/tools/clang: 65e8ecf..1f646a8

TBR=machenbach@chromium.org,sergiyb@chromium.org,tmrts@chromium.org

Change-Id: I5cf09857950c36a67630c3ed6e0cdf37202b4141
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1638222
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#61934}
2019-05-31 03:36:50 +00:00
Yu Yin
e8ec743bf7 [mips][wasm-c-api] New call descriptor and stackframe kind.
port https://crrev.com/c/1632235 (65f3861) to mips.
Original Commit Message:
    So far, calls to Wasm C/C++ API functions reused the call descriptors
    of WasmImportWrappers, and the stack frame type of regular Wasm
    functions. This CL cleans that up by introducing separate implementations
    for both. No change in functionality or performance is expected.

Change-Id: I1d068e9baab403d714ddb31c26f97fa4e5becb41
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1635275
Commit-Queue: Yu Yin <xwafish@gmail.com>
Auto-Submit: Yu Yin <xwafish@gmail.com>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61933}
2019-05-31 02:05:49 +00:00
Irina Yatsenko
73ad21b139 (Reland) Torquefy a few more types
WeakFixedArray, WeakArrayList, JSFinalizationGroup, JSFinalizationGroupCleanupIterator, WeakCell, JSWeakRef, BytecodeArray, SourcePositionWithFrameCache

Note: SourcePositionTableWithFrameCache doesn't derive from Tuple2 anymore.
Bug: v8:8952

Original CL: https://chromium-review.googlesource.com/c/v8/v8/+/1504433

Change-Id: I13f102b445c9ff3e1ebabe0cdf013c62bb6d771d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1559212
Commit-Queue: Irina Yatsenko <irinayat@microsoft.com>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61932}
2019-05-30 20:35:22 +00:00
Suraj Sharma
d0cfb9d175 [torque] Derive CallHandlerInfo directly from Struct.
Bug: v8:8952
Change-Id: I37410feab6fb24b306ba8712013267ba1ff5bc5d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1618341
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Suraj Sharma <surshar@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#61931}
2019-05-30 18:15:25 +00:00
Johannes Henkel
cb027fdb3e [DevTools] Use the encoding library in third_party/inspector_protocol directly.
This makes it so that v8 stops using the copy of the
endoding library in the template - that is,
third_party/inspector_protocol/lib/encoding_{h,cpp}.template -
and uses the C++ library directly instead. This is done
by having third_party/inspector_protocol/lib/Values_cpp.template
include it, which is configured in the
inspector_protocol_config.json.

Change-Id: I1f8f2541ac2ed588ca35249e383b4c569434022b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1635598
Reviewed-by: Alexei Filippov <alph@chromium.org>
Commit-Queue: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61930}
2019-05-30 17:47:50 +00:00