Commit Graph

51806 Commits

Author SHA1 Message Date
Sigurd Schneider
949dffc9ed [turbolizer] Display highest node id in phase selection drop-down
Notry: true
Change-Id: Ia3cb4872703a6d1e5f6d0007a5e59afcd743907d
Bug: v8:7327
Reviewed-on: https://chromium-review.googlesource.com/c/1309754
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57164}
2018-10-31 10:59:14 +00:00
Sigurd Schneider
b14a2a5032 [turbolizer] Add dev server
You can now serve the page locally by running

npm i
npm run-script build
npm run-script dev-server

Notry: true
Change-Id: Iefe8459a8c53445570ecfed4cc843a4e8ed9c42d
Bug: v8:7327
Reviewed-on: https://chromium-review.googlesource.com/c/1309753
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57163}
2018-10-31 10:45:54 +00:00
Toon Verwaest
e10607a3ff [parser] Annotate ReportMessage with NOINLINE and Expect with V8_UNLIKELY
This allows the compiler to generate slightly better code and actually reduces
binary size a little.

Bug: v8:7926
Change-Id: Ib43ff1508ab85b5ffabfa4338d4f0ebacb7eac0c
Reviewed-on: https://chromium-review.googlesource.com/c/1309637
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57162}
2018-10-31 10:32:04 +00:00
Toon Verwaest
8097107a23 [parser] Remove RETURN_IF* part 14
Bug: v8:8363, v8:7926
Change-Id: Ibecb5c8df0703249207c1541ae42e60dd9f50d80
Reviewed-on: https://chromium-review.googlesource.com/c/1309635
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57161}
2018-10-31 10:26:31 +00:00
Jakob Gruber
4ef0e79cba [snapshot] Remove the builtins snapshot
Now that lazy deserialization has been removed, we can roll back all
the mechanisms we introduced to support lazy single-builtin
deserialization.

This CL moves serialized builtin code objects (i.e.
off-heap-trampolines in most cases) back into the startup snapshot.
Support classes for builtin serialization and deserialization, as well
as the builtins snapshot itself are removed. Templatization on the
allocator class is removed as well.

Tbr: delphick@chromium.org
Bug: v8:6666, v8:7990
Change-Id: I2a910f8d3278b7e27b5f18ad408361ebd18871cc
Reviewed-on: https://chromium-review.googlesource.com/c/1304539
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57160}
2018-10-31 10:18:28 +00:00
Jakob Gruber
c2f9da8246 [array] Remove invalid assertion in Array.p.reverse
Obvious in hindsight. The problem wasn't that a signaling nan snuck
into the array, but that equality comparisons always return false if
either operand is a nan.

Bug: chromium:900133
Change-Id: I9cf82afd1ad1fcc3bf7138b612f615b1bd51b98a
Reviewed-on: https://chromium-review.googlesource.com/c/1309634
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57159}
2018-10-31 09:11:59 +00:00
Toon Verwaest
bdd4a88fd9 [parser] Restore RETURN_IF after export default var decl
Bug: chromium:900383, v8:8363, v8:7926
Change-Id: I6e3e38ee4cc986757926ef745d2e35865ba797a1
Reviewed-on: https://chromium-review.googlesource.com/c/1309633
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57158}
2018-10-31 09:10:55 +00:00
Sigurd Schneider
4dff27edfc [instruction-selector-x64] Add missing CanCover check
CanCover is not transitive. The counter example are Nodes A,B,C such
that CanCover(A, B) and CanCover(B,C) and B is pure. In this case the
effect level of A and B might differ.

This CL adds a missing CanCover check to a case of shift reduction where
we assumed transitivity.

Change-Id: I9f368ffa6907d2af21bbc87b3e6570d0d422e125
Bug: v8:8384
Reviewed-on: https://chromium-review.googlesource.com/c/1307419
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57157}
2018-10-31 08:08:40 +00:00
Mathias Bynens
591c92acac [js-perf-test] Add Array#{indexOf,includes} micro-benchmark
This patch adds a micro-benchmark comparing Array#indexOf,
Array#includes, and a roughly equivalent `for` loop.

The benchmark can be used to measure any Array#{indexOf,includes}
optimizations we implement in the future.

Test:

    tools/run_perf.py --binary-override-path=out/x64.release/d8 \
      --filter=JSTests/ArrayIndexOfIncludesPolymorphic \
      --extra-flags=--trace-turbo test/js-perf-test/JSTests.json

Bug: v8:8388
Change-Id: I9150d3e56e9d4cb2ffe6baa50ee8cddf8df0ac74
Reviewed-on: https://chromium-review.googlesource.com/c/1307430
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57156}
2018-10-31 07:55:24 +00:00
Yang Guo
b32ee7b0f2 [d8] pass --no-arguments to omit top-level arguments
TBR=petermarshall@chromium.org

Bug: v8:8385
Change-Id: Iba13004e0fd03a82cb65ed497d4bd2b4d006b424
Reviewed-on: https://chromium-review.googlesource.com/c/1307417
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57155}
2018-10-31 07:42:22 +00:00
Jakob Kummerow
5cce694d60 [ubsan] More Object** replacements
mostly in HandleScopeImplementer and related classes.

Bug: v8:3770
Change-Id: I9da757c60be99434b711fe74a5f5d296a0f08b22
Reviewed-on: https://chromium-review.googlesource.com/c/1300854
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57154}
2018-10-31 05:17:16 +00:00
Jakob Kummerow
9392727982 [ubsan] Replace Object** in GlobalHandles
as part of the continuing quest to get rid of Object*/Object** entirely.
Since it fits nicely, this CL as a bonus includes the planned change to
make Handle::location() return an Address*, in the process dropping the
temporarily needed duplicate Handle::location_as_address_ptr().

Bug: v8:3770
Change-Id: I87480289ce2a62ea1ae503e73d179256b7108c5c
Reviewed-on: https://chromium-review.googlesource.com/c/1298389
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57153}
2018-10-31 00:28:40 +00:00
Junliang Yan
3d60549e73 PPC/s390: [turbofan] Add support for huge DataViews.
Port 15c31fe461

Original Commit Message:

    This introduces Word64 support for the CheckBounds operator, which now
    lowers to either CheckedUint32Bounds or CheckedUint64Bounds after the
    representation selection. The right hand side of CheckBounds can now
    be any positive safe integer on 64-bit architectures, whereas it remains
    Unsigned31 for 32-bit architectures. We only use the extended Word64
    support when the right hand side is outside the Unsigned31 range, so
    for everything except DataViews this means that the performance should
    remain the same. The typing rule for the CheckBounds operator was
    updated to reflect this new behavior.

    The CheckBounds with a right hand side outside the Unsigned31 range will
    pass a new Signed64 feedback kind, which is handled with newly introduced
    CheckedFloat64ToInt64 and CheckedTaggedToInt64 operators in representation
    selection.

    The JSCallReducer lowering for DataView getType()/setType() methods was
    updated to not smi-check the [[ByteLength]] and [[ByteOffset]] anymore,
    but instead just use the raw uintptr_t values and operate on any value
    (for 64-bit architectures these fields can hold any positive safe
    integer, for 32-bit architectures it's limited to Unsigned31 range as
    before). This means that V8 can now handle huge DataViews fully, without
    falling off a performance cliff.

    This refactoring even gave us some performance improvements, on a simple
    micro-benchmark just exercising different DataView accesses we go from

      testDataViewGetUint8: 796 ms.
      testDataViewGetUint16: 997 ms.
      testDataViewGetInt32: 994 ms.
      testDataViewGetFloat64: 997 ms.

    to

      testDataViewGetUint8: 895 ms.
      testDataViewGetUint16: 889 ms.
      testDataViewGetInt32: 888 ms.
      testDataViewGetFloat64: 890 ms.

    meaning we lost around 10% on the single byte case, but gained 10% across
    the board for all the other element sizes.

R=bmeurer@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: Ia86089ca9ccc75405aa13600b031c72bac0279dd
Reviewed-on: https://chromium-review.googlesource.com/c/1305035
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#57152}
2018-10-30 23:45:13 +00:00
Frank Tang
38e046df6e Roll Test262
Bug: v8:7834
Change-Id: I2016b8d5e561546ec2f9b81d24c75bff0b950367
Reviewed-on: https://chromium-review.googlesource.com/c/1306896
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57151}
2018-10-30 23:42:52 +00:00
Alexey Kozyatinskiy
7e079c660b inspector: move injected script source to native
- introduced ValueMirror interface, this interface contains methods to generate
  different protocol entities,
- introduced DebugPropertyIterator, this iterator iterates through object properties
  in the following order: exotic indices, enumerable strings, all other properties,
- removed all injected script infra, e.g. closure compiler,

R=dgozman@chromium.org
TBR=yangguo@chromium.org

Bug: chromium:595206
Change-Id: Idcfc04489ee52e015ad1d1d191c3474cc65e63f2
Reviewed-on: https://chromium-review.googlesource.com/c/1308353
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57150}
2018-10-30 21:30:55 +00:00
Michael Lippautz
2995df7d30 [api] Fix AdjustAmountOfExternalAllocatedMemory memory reducer
The reduer should only fire on increasing memory.

R=ulan@chromium.org

Change-Id: I4abd956ea14730b223724a01af819be574b1aa3a
Reviewed-on: https://chromium-review.googlesource.com/c/1308354
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57149}
2018-10-30 20:51:37 +00:00
v8-ci-autoroll-builder
81ee4aa934 Update V8 DEPS.
Rolling v8/build: c55a0b9..49671d3

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/985e130..36a23a7

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: I2aeb099485078312a09866964253ba87fa714447
Reviewed-on: https://chromium-review.googlesource.com/c/1306904
Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#57148}
2018-10-30 18:29:08 +00:00
Sergiy Byelozyorov
cd3f9f8d8b [tools] Remove tools/presubmit.py and move unittests/PRESUBMIT.py into its place
R=machenbach@chromium.org

No-Try: true
Bug: chromium:899028
Change-Id: I1de1f393989a63d165209e78f19284053c73ba08
Reviewed-on: https://chromium-review.googlesource.com/c/1307423
Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57147}
2018-10-30 17:12:35 +00:00
Toon Verwaest
3a9668abab [parser] Remove invalid DCHECK, we can hit a stack overflow
Even though we know we're simply parsing a string as statement, we can still
hit a stack overflow on the way there.

Bug: v8:8392
Change-Id: I2471cf8273789aa33239f5c137cc2f54454acb32
Reviewed-on: https://chromium-review.googlesource.com/c/1307429
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57146}
2018-10-30 17:07:27 +00:00
Georg Neis
a1d7dc4059 Array.prototype.indexOf: Don't exclude length 2**32-1 from fast path.
I see no reason why it was excluded.

Bug: v8:8386
Change-Id: I291b12444b890db1636b00dec1837e1634b23b35
Reviewed-on: https://chromium-review.googlesource.com/c/1307428
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57145}
2018-10-30 17:06:23 +00:00
Clemens Hammacher
192bee6bac Revert "inspector: move injected script source to native"
This reverts commit 34686abe40.

Reason for revert: Compile errors on several bots, e.g. https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20debug%20builder/33299

Original change's description:
> inspector: move injected script source to native
> 
> - introduced ValueMirror interface, this interface contains methods to generate
>   different protocol entities,
> - introduced DebugPropertyIterator, this iterator iterates through object properties
>   in the following order: exotic indices, enumerable strings, all other properties,
> - removed all injected script infra, e.g. closure compiler,
> 
> R=​dgozman@chromium.org
> TBR=yangguo@chromium.org
> 
> Bug: chromium:595206
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
> Change-Id: I077c1879622aa0d9900d719b80d2ef5ba4221a22
> Reviewed-on: https://chromium-review.googlesource.com/c/1295550
> Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#57142}

TBR=dgozman@chromium.org,yangguo@chromium.org,kozyatinskiy@chromium.org

Change-Id: I6e4ccaf1d6b151fbc0ffe4f26daa584433321c77
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:595206
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Reviewed-on: https://chromium-review.googlesource.com/c/1307432
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57144}
2018-10-30 17:04:54 +00:00
Michael Lippautz
3a85e0c602 [heap] Remove custom Scavenger trace events
Those trace events are too fine grained and heavily impact metrics
computation.

No-try: true
Change-Id: Ica07bfdf8e695689795abb1d6b215c329413ba3b
Reviewed-on: https://chromium-review.googlesource.com/c/1307431
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57143}
2018-10-30 16:48:23 +00:00
Alexey Kozyatinskiy
34686abe40 inspector: move injected script source to native
- introduced ValueMirror interface, this interface contains methods to generate
  different protocol entities,
- introduced DebugPropertyIterator, this iterator iterates through object properties
  in the following order: exotic indices, enumerable strings, all other properties,
- removed all injected script infra, e.g. closure compiler,

R=dgozman@chromium.org
TBR=yangguo@chromium.org

Bug: chromium:595206
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I077c1879622aa0d9900d719b80d2ef5ba4221a22
Reviewed-on: https://chromium-review.googlesource.com/c/1295550
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57142}
2018-10-30 16:43:55 +00:00
Sathya Gunasekaran
c65dbd5153 [class] Rewrite destructuring assignment in class field initializers
Bug: v8:5751, chromium:899537
Change-Id: I4c072727dffc9381a81eb8711c4114220345914d
Reviewed-on: https://chromium-review.googlesource.com/c/1304538
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57141}
2018-10-30 16:34:04 +00:00
Frank Tang
78c053a5c1 [Intl] Hide Intl["SegmentIterator"]
Fix the code incorrctly exposed Intl["SegmentIterator"] that caused
Unreachable code in builtins-internal.cc

Bug: chromium:900013
Change-Id: I50d457a9f065d597b3bbb77a7a45011335c959da
Reviewed-on: https://chromium-review.googlesource.com/c/1306906
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57140}
2018-10-30 16:32:54 +00:00
Toon Verwaest
f72c118d88 [ast] Drop Statement::IsEmpty
Change-Id: I45e004a64c03f31253cbbca2976894c63b0d515e
Reviewed-on: https://chromium-review.googlesource.com/c/1307427
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57139}
2018-10-30 16:24:42 +00:00
Ivica Bogosavljevic
93169821d4 MIPS: Implement AtomicPairCompareExchange through runtime
MIPS32r2 doesn't have load-linked/store-conditional instructions
that work with 64-bit values and these are now implemented through
runtime.

TEST=mjsunit/wasm/compare-exchange64-stress

Change-Id: I70d8a454dcbbdac6f30e30ec3ac0eb4d429ef62e
Reviewed-on: https://chromium-review.googlesource.com/c/1296211
Commit-Queue: Ivica Bogosavljevic <ibogosavljevic@wavecomp.com>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57138}
2018-10-30 15:55:43 +00:00
Peter Marshall
bd39d92272 [typedarrays] Fix invalid optimization in From for detached arrays
We didn't check if the input typed array was neutered before going to
the fast path, so we hit a CHECK in this case.

Fix this by just checking if the buffer was neutered and then going to
the 'check iterator' case if it is. This will cause a TypeError via
IterableToList, which was the same as the behavior before the
optmization was landed.

Bug: chromium:899519
Change-Id: I09e6389ea2ab1e3bef01e616721b48a9b66c1b2a
Reviewed-on: https://chromium-review.googlesource.com/c/1307422
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57137}
2018-10-30 15:53:04 +00:00
Toon Verwaest
e5e468586a [parser] Cache EmptyStatement and always kNoSourcePosition
Change-Id: I27e2e0529281008b8350e1dd219c0d38bdcb66f5
Reviewed-on: https://chromium-review.googlesource.com/c/1307424
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57136}
2018-10-30 15:22:51 +00:00
Clemens Hammacher
fd56473742 [wasm] Abort compilation from background tasks
This removes another liability of the finisher: to abort compilation
and publish errors once an error state has been set by a background
compile unit.
This CL makes background threads set the error state directly and
schedule a foreground task to actually publish the error (e.g. via the
promise).

R=mstarzinger@chromium.org

Bug: v8:7921
Change-Id: I7a6a7ca4f235c2ad374b6ffc434eb6ac7d5f54ae
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/1307425
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57135}
2018-10-30 15:16:00 +00:00
Sergiy Byelozyorov
af120db4af [tools] Correctly identify and report test crashes and infra failures
We define a TestFailedError exception and raise it when we can reliably detect
that a test has crashed. All other exceptions are treated as infra failures and
are captured by the try-catch clause in MainWrapper function.

This also fixes all tests in run_perf_test.py, run_tests_test.py and makes sure
that both are run on any changes in tools directory.

R=machenbach@chromium.org

Bug: chromium:899028
Change-Id: I283bc87b31c814be476bebe9fdda414975494183
Reviewed-on: https://chromium-review.googlesource.com/c/1303293
Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57134}
2018-10-30 15:05:40 +00:00
Toon Verwaest
6d9c30cd94 [parser] Remove RETURN_IF* part 13
Bug: v8:8363, v8:7926
Change-Id: Id892a084d3c1097d8faf3cca379300f791dd942b
Reviewed-on: https://chromium-review.googlesource.com/c/1307426
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57133}
2018-10-30 14:59:08 +00:00
Alexey Kozyatinskiy
5502a8510b inspector: liveedit: update all constant pools in new_script
Change-Id: I3605ecf593c32743f5401b5e8a2d57e877ebcc7c
Reviewed-on: https://chromium-review.googlesource.com/c/1306898
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57132}
2018-10-30 14:47:57 +00:00
Igor Sheludko
2e2604b967 [ptr-compr] Introduce IsolateAllocator
to control how the memory for Isolate object is allocated.
This is the support for pointer-compression friendly heap layout.

Bug: v8:8182
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ida36b81ee22bd865005c394748b62d4c0897d746
Reviewed-on: https://chromium-review.googlesource.com/c/1251548
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57131}
2018-10-30 14:38:07 +00:00
Michael Lippautz
f46456a35c [heap] Add timeout to Scavenger barrier
Speculatively mitigation for renderer hangs in Scavenger
while waiting in a barrier.

Bug: 
Change-Id: I48520e0ffd99123dbe352d2012c911186c187e4b
Reviewed-on: https://chromium-review.googlesource.com/c/1296463
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57130}
2018-10-30 14:28:49 +00:00
Toon Verwaest
9f75c14878 [parser] Simplify StatementList parsing by splitting out directive parsing
Change-Id: I233a3f6d8b19b945cfc3572d72237ec5619d8cbc
Reviewed-on: https://chromium-review.googlesource.com/c/1307414
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57129}
2018-10-30 14:21:37 +00:00
Ivica Bogosavljevic
503cf13b76 MIPS64: Port [turbofan] Add support for huge DataViews.
Port 15c31fe461

Change-Id: Ia611585f862196d97e701b5e15560044e42b1a12
Reviewed-on: https://chromium-review.googlesource.com/c/1306439
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Ivica Bogosavljevic <ibogosavljevic@wavecomp.com>
Cr-Commit-Position: refs/heads/master@{#57128}
2018-10-30 14:02:49 +00:00
Clemens Hammacher
fac176d813 [wasm] Fix memory limit checks
For memory limit checks, we should use the minimum of the
--wasm-max-mem-pages flag and kV8MaxWasmMemoryPages. The former is a
limit set by the user, the latter is the maximum we can handle
internally.

R=titzer@chromium.org

Bug: chromium:898677
Change-Id: I3c549f4e90dd016b5d07475d9353f30134f76dcc
Reviewed-on: https://chromium-review.googlesource.com/c/1305274
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57127}
2018-10-30 13:44:48 +00:00
Clemens Hammacher
1ff8045530 Reland "[wasm] Store compile errors in CompilationState"
This is a reland of bf3d7b9ae3

Original change's description:
> [wasm] Store compile errors in CompilationState
> 
> We are currently storing compilation errors in the individual
> compilation units and pass it to the ErrorThrower during finishing.
> This CL changes that to store errors on the CompilationState directly.
> From there, it is propagated to the ErrorThrower in the compilation
> state callback.
> This removes more work from the finisher task and slims down the
> WasmCompilationUnits.
> 
> R=mstarzinger@chromium.org
> 
> Bug: v8:8343, v8:7921
> Change-Id: Id332add43d4219d2a30fee653ed4e53a9b2698d9
> Reviewed-on: https://chromium-review.googlesource.com/c/1303720
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#57091}

Bug: v8:8343, v8:7921
Change-Id: Iaa5c89d224cb2bcfca2d12eba305413a9ad95618
Reviewed-on: https://chromium-review.googlesource.com/c/1304547
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57126}
2018-10-30 13:35:00 +00:00
Hai Dang
c5c6b8bc03 Fix typing of binary operators on BigInt.
BinaryNumberOpTyper was not monotonic: if one input changes
from Number to Numeric, while the other input stays BigInt,
the result would change from Number to BigInt.

We have some fuzzing tests for monotonicity but unfortunately
they never generated the inputs required for triggering this bug.
We'll look into improving our tests.

Bug: v8:8380
Change-Id: I7320d9ae4b89ad8798bf9e97cc272edba2162a77
Reviewed-on: https://chromium-review.googlesource.com/c/1307418
Commit-Queue: Hai Dang <dhai@google.com>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57125}
2018-10-30 13:33:55 +00:00
Jakob Gruber
9eca2d3c37 [array] Keep large array allocations on the fast path
Until this CL, CSA array allocation methods only handled arrays that
could fit into new space. This behavior was preserved in a bunch
of related builtins (e.g. Array.p.map), which completely bailed out to
the slow path if larger allocations were required.

This CL adds large object space handling to array allocation functions,
which means that callers can use the more permissive kMaxFastArrayLength
boundary instead of kInitialMaxFastElementsArray.

Bug: chromium:890599
Change-Id: Idabb0ef232c2896cd453e2ae10b479bf24cbb1c1
Reviewed-on: https://chromium-review.googlesource.com/c/1301483
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57124}
2018-10-30 13:30:56 +00:00
Michael Starzinger
cc91a10249 [cleanup] Remove dead Enter/LeaveBuiltinFrame methods.
R=jgruber@chromium.org

Change-Id: Ic9ef3cd231c2180563c3520ab58895f2ccce5408
Reviewed-on: https://chromium-review.googlesource.com/c/1307421
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57123}
2018-10-30 13:16:40 +00:00
Toon Verwaest
b98ca114e8 [parser] Remove RETURN_IF* part 12
Bug: v8:8363, v8:7926
Change-Id: I60df70bcd1bc12b0cffe760532d92fa3e1fe7da2
Reviewed-on: https://chromium-review.googlesource.com/c/1307420
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57122}
2018-10-30 13:04:41 +00:00
Stephan Herhut
108b20d127 [cleanup] Use iterators for queue management in register allocator
The register allocator uses std::find to search for an element to be
removed from the active/inactive queues repeatedly. As we already know
the exact position of the element to remove, it is better to use an
iterator right away.

Change-Id: I2cd318a5960113d18b3749b2010f8028fe66158d
Reviewed-on: https://chromium-review.googlesource.com/c/1304542
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57121}
2018-10-30 12:28:26 +00:00
Michael Achenbach
c8445bfd8c [test] Bump shards on slow bot
NOTRY=true
TBR=sergiyb@chromium.org

Change-Id: I3751c64f86855d260e4fccd2f86e8958b7a8d9b3
Reviewed-on: https://chromium-review.googlesource.com/c/1307413
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57120}
2018-10-30 11:11:27 +00:00
Michael Starzinger
087847d970 [wasm] Properly terminate throwing control edges.
This merges all control edges that are known to unconditionally throw
directly into the graph end node. This applies to the "Throw" as well as
the "Rethrow" operation, and reduces their code size.

R=clemensh@chromium.org
BUG=v8:8091

Change-Id: Idd4918ab084bcc697d5798d512ccc695ca943b00
Reviewed-on: https://chromium-review.googlesource.com/c/1305273
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57119}
2018-10-30 11:02:07 +00:00
Benedikt Meurer
59c324a02d [cleanup] Minor cleanups to JSCallReducer::ReduceArrayPrototypeSlice().
Bug: v8:1956, v8:8238
Change-Id: I5efc9ab7171cd35a4fcf2074f76dc9c90d521cc7
Reviewed-on: https://chromium-review.googlesource.com/c/1306440
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57118}
2018-10-30 10:38:50 +00:00
Andreas Haas
a600594d5a [wasm] Implement trap handler on Windows
This is the V8 side of the implementation. You can take a look at a
prototype of the Chrome side changes in https://crrev.com/c/1273043.
Chrome could also use V8's default implementation of the trap handler,
see https://crrev.com/c/1290952.

Bug: v8:6743
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I9bb3e717db17a4f30bbb8acfd80a1f6510d463ff
Reviewed-on: https://chromium-review.googlesource.com/c/1283111
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57117}
2018-10-30 10:25:37 +00:00
Toon Verwaest
e0c6671f37 [parser] Restore RETURN_IF_PARSE_ERROR in for/await
Bug: chromium:900085, v8:8363, v8:7926
Change-Id: I033bd4d95cdd85eee635279357c3c5d3fbe912c8
Reviewed-on: https://chromium-review.googlesource.com/c/1306438
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57116}
2018-10-30 10:11:00 +00:00
Marja Hölttä
b839ed4f24 [js weak refs] Disable incremental marking for harmony/weakrefs tests
These tests rely on dropping references to objects either explicitly ("o =
null;") or implicitly ("o goes out of scope") and then doing gc. It's essential
that we haven't already marked the WeakCell pointing to o and marked it alive
before dropping the reference.

BUG=v8:8179

Change-Id: Ie0b73f05c4baa937cf6f28325454ff9087a71a2c
Reviewed-on: https://chromium-review.googlesource.com/c/1306437
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57115}
2018-10-30 10:03:56 +00:00