Commit Graph

43187 Commits

Author SHA1 Message Date
Toon Verwaest
6cfc2d36c5 [builtins] Remove smi-tagged argc support in CheckStackOverflow
Bug: v8:6921
Change-Id: I370b1c3f8fbf3f5478ac7779205083e05710ea15
Reviewed-on: https://chromium-review.googlesource.com/726081
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48695}
2017-10-18 15:54:05 +00:00
Clemens Hammacher
9db8f82176 Generalize V8_INFINITY and make it constexpr
Since we don't support gcc 2.96-4.0 any more, we can generalize the
V8_INFINITY macro to always use std::numeric_limits<double>::infinity().
This also makes value constexpr on all systems.

R=tebbi@chromium.org

Change-Id: Ifa97dd2ee6d2c1e179c45f60a82d1ea8481e0590
Reviewed-on: https://chromium-review.googlesource.com/725733
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48694}
2017-10-18 14:55:05 +00:00
Ulan Degenbaev
27a75926cd Disable stress-incremental-marking flag for tests using a lot of memory.
These tests are currently failing on TSAN bot with OOM when running
with the stress-incremental-marking flag.

Bug: v8:6924
Change-Id: I50b9a7142b2e8759f4bc327516f8c06ce1779777
Reviewed-on: https://chromium-review.googlesource.com/723427
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48693}
2017-10-18 14:20:07 +00:00
Ross McIlroy
1340d4ecf7 [asm_wasm] Avoid allocating feedback vector for asm_wasm code.
A followup CL will move feedback slot allocation to the bytecode generator,
which means it won't be done for asm_wasm code and the function will have an
incorrect vector spec. Since asm_wasm doesn't use a feedback vector, just
prevent it from being allocated for this code.

BUG=v8:6921

Change-Id: I65a06f60bd75b54e5ef0df323184aad841e26177
Reviewed-on: https://chromium-review.googlesource.com/725703
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48692}
2017-10-18 14:19:02 +00:00
Clemens Hammacher
ab639e4ac8 Revert "[test] Avoid unnecessary std::vector allocations"
This reverts commit e737b4ce0d.

Reason for revert: On windows, V8_INFINITY is not constexpr

Original change's description:
> [test] Avoid unnecessary std::vector allocations
> 
> Instead of copying an array of fixed values into an std::vector for
> each usage of the FOR_INPUTS macro, just iterate the constant data
> directly.
> This also makes the <type>_vector() functions return {constexpr Vector}
> instead of {std::vector}.
> 
> R=​tebbi@chromium.org
> 
> Change-Id: Ifc3e5509b2fbf5e383c967c2f46acf2b07f7b5b4
> Reviewed-on: https://chromium-review.googlesource.com/725427
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48688}

TBR=clemensh@chromium.org,tebbi@chromium.org

Change-Id: Iccb52941d4efe71b49b41572c3d922a5d78bdfd2
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/725899
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48691}
2017-10-18 13:55:33 +00:00
Mike Stanton
5f846240db [TurboFan] Broken effect chain in IsInstanceType reduction
We didn't correctly maintain the effect chain between the load of
the map and the load of the instance type from the map.

Bug: v8:6929
Change-Id: I970709fe74483c5cdef3d0cea36bb9e1dc98b40e
Reviewed-on: https://chromium-review.googlesource.com/725424
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48690}
2017-10-18 13:50:41 +00:00
Andreas Haas
50ecc42cc7 [wasm] Change the memory access offset to pointer size
TurboFan expects the offset input of a Load or Store node to be a
pointer-size input, i.e. an int32 input on 32-bit platforms, and int64
on 64-bit platforms. In WebAssembly we always provided 32-bit offset
though, which caused problems when the high word of the register which
contained the offset was not empty.

With this CL we change the offset input to int64 on 64-bit platforms.
In addition we also change the type of the memory_size_ node to int64,
so that that we do not have to adjust the type of the memory size at
every memory load.

This CL will cause performance regressions but is necessary for
correctness and to avoid crashes.

R=titzer@chromium.org

Bug: chromium:766666
Change-Id: I5301e108d05e125258d2a06d500c1b75e91697b8
Reviewed-on: https://chromium-review.googlesource.com/723379
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48689}
2017-10-18 13:41:04 +00:00
Clemens Hammacher
e737b4ce0d [test] Avoid unnecessary std::vector allocations
Instead of copying an array of fixed values into an std::vector for
each usage of the FOR_INPUTS macro, just iterate the constant data
directly.
This also makes the <type>_vector() functions return {constexpr Vector}
instead of {std::vector}.

R=tebbi@chromium.org

Change-Id: Ifc3e5509b2fbf5e383c967c2f46acf2b07f7b5b4
Reviewed-on: https://chromium-review.googlesource.com/725427
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48688}
2017-10-18 13:20:21 +00:00
Ulan Degenbaev
7f35aa6786 Fix flaky test-inobject-slack-tracking cctest.
The test does not take into account that Turbofan can force completion
of in-object slack tracking.

Bug: 
Change-Id: Ic7404e8395858acaf707e65ca4b17e6b7f776594
Reviewed-on: https://chromium-review.googlesource.com/723464
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48687}
2017-10-18 13:06:35 +00:00
Peter Marshall
a26b0782c6 [cleanup] Properly order the fields and accessors in JSArrayBuffer.
kByteLengthOffset is actually at the start of the object, so to avoid
confusion, put the accessor declarations in the same order as the
actual fields.

Change-Id: Ic92e597911235ccf126cf934151a0886e5d2a6f6
Reviewed-on: https://chromium-review.googlesource.com/725325
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48686}
2017-10-18 13:03:55 +00:00
Martyn Capewell
42df746d65 [arm64] Add SlotAddress and merge more stack accesses
Add a SlotAddress macro assembler function to abstract obtaining the address of
an sp-relative double word slot. Then, merge some stack accesses in builtins,
generally changing from push to claim and poke.

Bug: v8:6644
Change-Id: Id7a9f6e276a038fbffd8e2bbaa21f51855f057f1
Reviewed-on: https://chromium-review.googlesource.com/723465
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48685}
2017-10-18 12:39:39 +00:00
Michael Starzinger
855a6b5d0c [objects] Rename DeoptimizationInputData.
Now that {DeoptimizationOutputData} does not exists anymore we can
rename {DeoptimizationInputData} to just {DeoptimizationData}.

R=jarin@chromium.org

Change-Id: Ib67967539d33714cc15e5d5b6dde522a9ede64b2
Reviewed-on: https://chromium-review.googlesource.com/725349
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48684}
2017-10-18 12:36:10 +00:00
Franziska Hinkelmann
37a3a15c3e [api] Intercept DefineProperty after Descriptor query
Analog to other interceptors, intercept the DefineProperty
call only after obtaining the property descriptor.

This behavior allows us to mirror calls on a sandboxed object
as it is needed in Node. See for example
https://github.com/nodejs/node/pull/13265

Bug: 
Change-Id: I73b8f8908d13473939b37fb6727858d0bee6bda3
Reviewed-on: https://chromium-review.googlesource.com/725295
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Franziska Hinkelmann <franzih@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48683}
2017-10-18 12:26:59 +00:00
jgruber
8016f309e7 [regexp] Fix a bug causing early aborts from AddCaseEquivalents
A while ago, CharacterRange::AddCaseEquivalents used to operate on a
single range (the `this` value) and add case equivalents for that to
`ranges`.

This was changed in a2baaaac to use `ranges` as a list of incoming
operands instead. When we now determine that the current range does not
have case equivalents, we need to `continue` instead of `return` to
avoid skipping the remaining ranges in the list.

Bug: v8:6940
Change-Id: I9face88a2ef8b9408f177e503f3399a25e688e06
Reviewed-on: https://chromium-review.googlesource.com/725430
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48682}
2017-10-18 12:18:59 +00:00
Peter Marshall
c7d1c7b798 [runtime] Remove extra pointer from JSTypedArray layout.
We never read this pointer, and it could cause crashes when the GC
inspects it.

Bug: v8:6956
Change-Id: Ib493c2f0418de3e89975fd1f5a7e86cc66868ec7
Reviewed-on: https://chromium-review.googlesource.com/725331
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48681}
2017-10-18 12:14:21 +00:00
Michael Starzinger
2d80e84153 [turbofan] Properly restrict {JSCreate} to constructors.
This makes sure that the lowering of {JSCreate} operator during create
lowering is only applied to operations where both target and new.target
are known to be constructors.

R=jarin@chromium.org
TEST=mjsunit/regress/regress-crbug-768080
BUG=chromium:774780,chromium:768080

Change-Id: I55a582a3453bba7e14655b594b7714a3940eeaae
Reviewed-on: https://chromium-review.googlesource.com/725332
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48680}
2017-10-18 12:02:44 +00:00
Jaroslav Sevcik
713da2d5f3 [turbofan] Use CompareMaps/MapGuard to build polymorphic map check for element access.
Bug: v8:5267
Change-Id: I52d208d3520ad9c06c7e33378e2308631c598e33
Reviewed-on: https://chromium-review.googlesource.com/725386
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48679}
2017-10-18 11:46:55 +00:00
Michael Achenbach
d9357fff7a [CQ] Move fuchsia trybots to LUCI
NOTRY=true

Bug: chromium:772816
Change-Id: Iff1f2aeb79ead4782fe8fffc2c32b6f406c31539
Reviewed-on: https://chromium-review.googlesource.com/725380
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48678}
2017-10-18 11:36:34 +00:00
Michael Starzinger
03b543ab51 [runtime] Allocate HandlerTable before Code objects.
This allocates and populates potential exception handler tables before
the underlying {Code} objects is allocated. It essentially makes the
field holding said table immutable after allocation.

R=verwaest@chromium.org
BUG=v8:6792

Change-Id: I52ca374d40e3a72a4de022aca10faead6422db79
Reviewed-on: https://chromium-review.googlesource.com/723299
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48677}
2017-10-18 11:34:25 +00:00
Michal Majewski
f5c6daf186 Deprecate multiple arch/mode options in the testrunner
Bug: v8:6917
Change-Id: I45a3a683388341d61989473ebd0b761a1ad8a9e3
Reviewed-on: https://chromium-review.googlesource.com/721659
Commit-Queue: Michał Majewski <majeski@google.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48676}
2017-10-18 10:58:36 +00:00
Clemens Hammacher
098b50152c [wasm] Remove reachability check in graph building
The interface will now only be called for reachable code, hence the
check in the graph builder is not needed any more. We DCHECK instead.

R=titzer@chromium.org

Change-Id: I24ef96d62d6a5cda18d9efefcbd089d5f324f624
Reviewed-on: https://chromium-review.googlesource.com/716176
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48675}
2017-10-18 10:57:31 +00:00
Mike Stanton
86243235a3 [Turbofan] Missing effect in ForIn typed lowering
All effectful nodes should be wired into the effect chain.

Bug: v8:6929
Change-Id: I8a0b4148bb65628657df8019434a33a85127e92a
Reviewed-on: https://chromium-review.googlesource.com/723359
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48674}
2017-10-18 10:55:11 +00:00
Jaroslav Sevcik
54f7cd63d2 [disassembler] Handle the case of optimized code object with unlinked deopt data.
Bug: v8:6906
Change-Id: I8e9ef0fe6314cac34396c9690db993f09e67c806
Reviewed-on: https://chromium-review.googlesource.com/725343
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48673}
2017-10-18 10:46:01 +00:00
Clemens Hammacher
b41b493bb5 [arm] [simulator] Fix implementation of vabs and vneg
They did not preserve the bit pattern of nans before. Now they do.
Also, add some tests for these instructions.

R=ahaas@chromium.org, rodolph.perfetta@arm.com

Bug: v8:6947
Change-Id: I189720cd47e1768194567a41371fc9586b414c45
Reviewed-on: https://chromium-review.googlesource.com/722979
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Rodolph Perfetta <rodolph.perfetta@arm.com>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48672}
2017-10-18 10:28:11 +00:00
Pierre Langlois
9f4f3c28ec Simplify DoubleToI stub.
The DoubleToI stub is no longer called outside of TurboFan, and always in the
same way:

  - The parameter is on top of the stack.
  - The stub is always called in a slow path.
  - It truncates.

Therefore, we can simplify it to only support this case and remove dead
code.

On top of this, since the stub is always considered to be on a slow path for all
backends, this patch takes the opportunity to remove the `skip_fastpath`
optimisation. This would generate a stub which does not handle all inputs,
assuming that the backend already handled some of the inputs in a fast
path. Removing this allows the stub to have the same behaviour on all targets.

On Arm, this patch reworks the stub a little. We could use ip instead of saving
and restoring a register on the stack. Also, comments would mention that we
assume the exponent to be greater than 31 when the it can be 30 or higher. As
done for Arm64, let's check this at runtime in debug mode.

On Arm64, we can also implement the stub without pushing and poping off the
stack. It needs 2 general purpose and a double scratch registers which we have
reserved already (ip0, ip1 and d30). This removes the need to check that the
stack pointer is always 16-bytes aligned.

Finally, this also fixes a potential bug on Arm64, in the
`GetAllocatableRegisterThatIsNotOneOf` method which is now removed. We were
picking an allocatable double register when we meant to pick a general one.

Bug: v8:6644
Change-Id: I88d4597f377c9fc05432d5922a0d7129b6d19b47
Reviewed-on: https://chromium-review.googlesource.com/720963
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#48671}
2017-10-18 10:23:21 +00:00
Clemens Hammacher
5f6510825a [cleanup] Fix remaining (D)CHECK macro usages
This CL fixes all occurences that don't require special OWNER reviews,
or can be reviewed by Michi.

After this one, we should be able to reenable the readability/check
cpplint check.

R=mstarzinger@chromium.org

Bug: v8:6837, v8:6921
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng;master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: Ic81d68d5534eaa795b7197fed5c41ed158361d62
Reviewed-on: https://chromium-review.googlesource.com/721120
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48670}
2017-10-18 10:12:31 +00:00
Georgia Kouveli
9f1eceee43 [arm64] Prepare for pushing arguments to runtime with padding.
Also updates TurboAssembler::DropArguments to simplify dropping the receiver
and the arguments.

Bug: v8:6644
Change-Id: Ief3b529ffc574c213816a533948c7b1f5d014bd7
Reviewed-on: https://chromium-review.googlesource.com/723466
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
Cr-Commit-Position: refs/heads/master@{#48669}
2017-10-18 09:29:31 +00:00
Michael Lippautz
d433928987 Fix CompactionPartiallyAbortedPageWithStoreBufferEntries
The test was reading from undefined stack addresses instead of creating
a string filled with characters that look like a new space pointer.

Bug: v8:6953
Change-Id: I2c0a9034076012746bd70325a4f21c63f4c264fa
Reviewed-on: https://chromium-review.googlesource.com/725322
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48668}
2017-10-18 09:27:11 +00:00
Leszek Swirski
ac0fe8ec8a [interpreter] Remove TryInstallOptimizedCode
Removes the interrupt check and runtime call to TryInstallOptimizedCode
from the optimization marker checks (i.e. CompileLazy and
InterpreterEntryTrampoline). Instead, we rely on the other interrupt
sources (in particular stack checks at function entries and loop
headers) to install optimized code for us.

This will hopefully not cause regressions, as we have plenty of other
interrupt checks, but it may delay optimized code execution for
some function by one function call.

Bug: v8:6933
Change-Id: Ieadfff7ae2078d2a84085294158ad9a706eb9c64
Reviewed-on: https://chromium-review.googlesource.com/723475
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48667}
2017-10-18 09:05:15 +00:00
Jakob Gruber
4104fd90b7 Reland "Reland "[snapshot] Add BuiltinDeserializerAllocator""
This is a reland of 526c31d07b
Original change's description:
> Reland "[snapshot] Add BuiltinDeserializerAllocator"
> 
> This is a reland of 2b9a6d8908
> Original change's description:
> > [snapshot] Add BuiltinDeserializerAllocator
> > 
> > Encapsulates special reservation / allocation behavior for builtin
> > deserialization.
> > 
> > Bug: v8:6624
> > Change-Id: Ic784ed43b607c881b356c6e535c9dbe185e1d4cd
> > Reviewed-on: https://chromium-review.googlesource.com/716229
> > Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> > Reviewed-by: Yang Guo <yangguo@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#48638}
> 
> TBR=yangguo@chromium.org
> 
> Bug: v8:6624
> Change-Id: I07c49263b4ef128dfe9b97d364e9a279b343aa24
> Reviewed-on: https://chromium-review.googlesource.com/723520
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48647}

TBR=yangguo@chromium.org

Bug: v8:6624
Change-Id: I4186fcf89b9fce3433a02fc864346a300b90ffb5
Reviewed-on: https://chromium-review.googlesource.com/725439
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48666}
2017-10-18 09:04:10 +00:00
Jaroslav Sevcik
57c6c97904 [deoptimizer] Remove incorrect cast for materialized property array.
Bug: chromium:774824
Change-Id: Id3d0af0bb55c0985393fe3b139308b6b706e7bc0
Reviewed-on: https://chromium-review.googlesource.com/725339
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48665}
2017-10-18 08:13:51 +00:00
Jaroslav Sevcik
8f752a5c5c [tests] Create canonicalized handle scope for Turbofan.
Change-Id: I76a792638b58f0bdc0a6a04c912d816ebf04718c
Reviewed-on: https://chromium-review.googlesource.com/725320
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48664}
2017-10-18 07:41:43 +00:00
Michael Achenbach
4e8d24e3bd [CQ] Add fuchsia trybots to CQ experiment
TBR=sergiyb@chromium.org
NOTRY=true

Bug: chromium:772816
Change-Id: I532e2c05360547686844f73c56d021abcbeb46bf
Reviewed-on: https://chromium-review.googlesource.com/725280
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48663}
2017-10-18 07:38:33 +00:00
Michael Achenbach
49bdec3470 Revert "Revert "[test] Fix win-asan symbolizer path""
This reverts commit 4054cf278f.

Reason for revert: Just exposes existing issues.

Original change's description:
> Revert "[test] Fix win-asan symbolizer path"
> 
> This reverts commit 135576ffb6.
> 
> Reason for revert: V8 Win32 ASAN failures: https://build.chromium.org/p/client.v8/builders/V8%20Win32%20ASAN/builds/73
> 
> It appears these failures were lurking there already, but were hidden because of the bug this CL fixed. Opened https://crbug.com/v8/6953 about these issues.
> 
> Original change's description:
> > [test] Fix win-asan symbolizer path
> > 
> > This makes the symbolizer path relative, as the absolute paths contain
> > a drive letter + colon on windows. The colon is confused by the
> > sanitizer as an option separator.
> > 
> > The test driver changes the cwd to the V8 root dir in each
> > invocation.
> > 
> > Bug: chromium:726584
> > Change-Id: Icf4e5a55bba5dec8e59a3dfe3eccdf7224e65c33
> > Reviewed-on: https://chromium-review.googlesource.com/721124
> > Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
> > Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#48652}
> 
> TBR=glider@chromium.org,rnk@chromium.org,machenbach@chromium.org,sergiyb@chromium.org,etienneb@chromium.org
> 
> Change-Id: Ic78527950f6a239a03658e042d7244c9781d05db
> No-Presubmit: true
> No-Tree-Checks: true
> No-Try: true
> Bug: chromium:726584
> Reviewed-on: https://chromium-review.googlesource.com/723825
> Reviewed-by: Eric Holk <eholk@chromium.org>
> Commit-Queue: Eric Holk <eholk@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48653}

TBR=glider@chromium.org,rnk@chromium.org,machenbach@chromium.org,eholk@chromium.org,sergiyb@chromium.org,etienneb@chromium.org

Change-Id: I8ea3b1d74ece09bed4758522f51cbee56a7792e1
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:726584
Reviewed-on: https://chromium-review.googlesource.com/725319
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48662}
2017-10-18 06:54:46 +00:00
peterwmwong
bee98aecc7 Remove SubString intrinsic and convert SubString code stub to CSA.
Bug: v8:5049
Change-Id: Ia4f5729be64794e9080eb0e644b86cd5d8c88a11
Reviewed-on: https://chromium-review.googlesource.com/722168
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48661}
2017-10-18 05:52:47 +00:00
Tobias Tebbi
1cee0e012e Reland^4 "[turbofan] eagerly prune None types and deadness from the graph"
This fixes https://bugs.chromium.org/p/chromium/issues/detail?id=773954.
The issue was that in the EffectControlLinearizer, the effect input of an
{Unreachable} node was not updated, leaving a {Checkpoint} behind.

This is a reland of 4cf476458f
Original change's description:
> Reland^3 "[turbofan] eagerly prune None types and deadness from the graph"
> 
> This fixes the issues 
> https://bugs.chromium.org/p/chromium/issues/detail?id=772873 
> and https://bugs.chromium.org/p/chromium/issues/detail?id=772872.
> 
> One problem was that mutating an effect node into Unreachable confused 
> the LoadElimination sidetables, so I just always create a new node now.
> 
> The other problem was that UpdateBlockControl() was executed after 
> UpdateEffectPhi() in the lazy case. This reverted the update to the Merge input.
> So now I make sure that UpdateEffectPhi() is always executed last.
> 
> This is a reland of 6ddb5e7da7
> Original change's description:
> > Reland^2 "[turbofan] eagerly prune None types and deadness from the graph"
> > 
> > Now, the EffectControlLinearizer connects all occurrences of Unreachable to the 
> > graph end. This fixes issues with later phases running DeadCodeElimination and
> > introducing new DeadValue nodes when processing uses of Unreachable.
> > 
> > This is a reland of 3c4bc27f13
> > Original change's description:
> > > Reland "[turbofan] eagerly prune None types and deadness from the graph"
> > > 
> > > This is a reland of e1cdda2512
> > > Original change's description:
> > > > [turbofan] eagerly prune None types and deadness from the graph
> > > > 
> > > > In addition to using the {Dead} node to prune dead control nodes and nodes that 
> > > > depend on them, we introduce a {DeadValue} node representing an impossible value 
> > > > that can occur at any position in the graph. The extended {DeadCodeElimination}
> > > > prunes {DeadValue} and its uses, inserting a crashing {Unreachable} node into
> > > > the effect chain when possible. The remaining uses of {DeadValue} are handled
> > > > in {EffectControlLinearizer}, where we always have access to the effect chain.
> > > > In addition to explicitly introduced {DeadValue} nodes, we consider any value use
> > > > of a node with type {None} as dead.
> > > > 
> > > > Bug: chromium:741225
> > > > Change-Id: Icc4b636d1d018c452ba1a2fa7cd3e00e522f1655
> > > > Reviewed-on: https://chromium-review.googlesource.com/641250
> > > > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > > > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > > > Cr-Commit-Position: refs/heads/master@{#48208}
> > > 
> > > Bug: chromium:741225
> > > Change-Id: I21316913dae02864f7a6d7c9269405a79f054138
> > > Reviewed-on: https://chromium-review.googlesource.com/692034
> > > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > > Cr-Commit-Position: refs/heads/master@{#48232}
> > 
> > Bug: chromium:741225
> > Change-Id: I5702ec34856c075717162153adc765774453c45f
> > Reviewed-on: https://chromium-review.googlesource.com/702264
> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#48366}
> 
> Bug: chromium:741225
> Change-Id: I4054a694d2521c2e1f0c4a3ad0f3cf100b5c536f
> Reviewed-on: https://chromium-review.googlesource.com/709214
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48469}

Bug: chromium:741225
Change-Id: Id9d4f3a3ae36cb3e38f80edcdba88efa7922ca24
Reviewed-on: https://chromium-review.googlesource.com/715716
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48660}
2017-10-18 05:24:17 +00:00
v8-autoroll
7e952c23da Update V8 DEPS.
Rolling v8/base/trace_event/common: abcc415..0e9a47d

Rolling v8/build: b6fbb0d..8a3ae28

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/733ecb1..7525730

Rolling v8/tools/clang: af65d54..dce4014

TBR=machenbach@chromium.org,hablich@chromium.org

Change-Id: I9b3ac4e257fe17b402d96e7817a47dda1f50144f
Reviewed-on: https://chromium-review.googlesource.com/724980
Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48659}
2017-10-18 03:52:36 +00:00
Sathya Gunasekaran
4903cc409a [intl] Set NumberFormat.prototype.formatToParts.length to 1
Bug: v8:5244
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I3528b6786be4a820ecb7570df83164fcce80ec5c
Reviewed-on: https://chromium-review.googlesource.com/724209
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48658}
2017-10-17 22:59:33 +00:00
Sathya Gunasekaran
6e420382ca [test] test262 roll
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I9603fd12ef979586a0718269e51497ec52352a5c
Reviewed-on: https://chromium-review.googlesource.com/721565
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48657}
2017-10-17 22:43:33 +00:00
Pierre Langlois
71dbefee7a [cctest] Compare results of parallel moves with a simulation.
Introduce new `SimulateMoves` and `SimulateSwaps` methods which take an initial
"state" as a FixedArray and perform a given list of moves on it. They give us
what the result of testing the CodeGenerator's AssembleMove and AssembleSwap
should be.

This way, we can now compare the results of running parallel moves with a
reference simulation.

Bug: v8:6848
Change-Id: I228f4310f32d2a82e0744afaff183e2c7ac08cb7
Reviewed-on: https://chromium-review.googlesource.com/723222
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48656}
2017-10-17 19:46:03 +00:00
Ulan Degenbaev
fcee0a973f [heap] Avoid concurrently marking through JS API objects.
They can have unboxed double fields and embedder fields.

Bug: chromium:775055
Change-Id: Idff67c776cb4209d78006b8f3f8ebc07aa509c42
Reviewed-on: https://chromium-review.googlesource.com/723425
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48655}
2017-10-17 19:44:58 +00:00
Alexei Filippov
fe5963c6e4 [runtime-call-stats] Do not piggyback onto main thread's RCS in the background parser.
BUG=chromium:760649

Change-Id: If108830a1869238102e1c3475fe99e1ffb78d48d
Reviewed-on: https://chromium-review.googlesource.com/706140
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48654}
2017-10-17 19:43:50 +00:00
Eric Holk
4054cf278f Revert "[test] Fix win-asan symbolizer path"
This reverts commit 135576ffb6.

Reason for revert: V8 Win32 ASAN failures: https://build.chromium.org/p/client.v8/builders/V8%20Win32%20ASAN/builds/73

It appears these failures were lurking there already, but were hidden because of the bug this CL fixed. Opened https://crbug.com/v8/6953 about these issues.

Original change's description:
> [test] Fix win-asan symbolizer path
> 
> This makes the symbolizer path relative, as the absolute paths contain
> a drive letter + colon on windows. The colon is confused by the
> sanitizer as an option separator.
> 
> The test driver changes the cwd to the V8 root dir in each
> invocation.
> 
> Bug: chromium:726584
> Change-Id: Icf4e5a55bba5dec8e59a3dfe3eccdf7224e65c33
> Reviewed-on: https://chromium-review.googlesource.com/721124
> Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48652}

TBR=glider@chromium.org,rnk@chromium.org,machenbach@chromium.org,sergiyb@chromium.org,etienneb@chromium.org

Change-Id: Ic78527950f6a239a03658e042d7244c9781d05db
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:726584
Reviewed-on: https://chromium-review.googlesource.com/723825
Reviewed-by: Eric Holk <eholk@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48653}
2017-10-17 19:42:12 +00:00
Michael Achenbach
135576ffb6 [test] Fix win-asan symbolizer path
This makes the symbolizer path relative, as the absolute paths contain
a drive letter + colon on windows. The colon is confused by the
sanitizer as an option separator.

The test driver changes the cwd to the V8 root dir in each
invocation.

Bug: chromium:726584
Change-Id: Icf4e5a55bba5dec8e59a3dfe3eccdf7224e65c33
Reviewed-on: https://chromium-review.googlesource.com/721124
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48652}
2017-10-17 18:01:14 +00:00
Bruce Dawson
82d8b3ac81 Change stray NULL to nullptr
While change crrev.com/c/718338 was changing NULL to nullptr, change
crrev.com/c/711334 was adding another NULL. I noticed this (eventually)
because I was simultaneously trying to write a change which was very
dependent on the precise value being used for null pointers.

BUG=v8:6928,v8:6921

Change-Id: Ib42cccf90c91c050032cc9e34e44c99fd14ff1bb
Reviewed-on: https://chromium-review.googlesource.com/722619
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48651}
2017-10-17 17:34:22 +00:00
Michael Achenbach
cec3496fdf Revert "Reland "[snapshot] Add BuiltinDeserializerAllocator""
This reverts commit 526c31d07b.

Reason for revert: cfi still unhappy:
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20-%20cfi/builds/11905

Original change's description:
> Reland "[snapshot] Add BuiltinDeserializerAllocator"
> 
> This is a reland of 2b9a6d8908
> Original change's description:
> > [snapshot] Add BuiltinDeserializerAllocator
> > 
> > Encapsulates special reservation / allocation behavior for builtin
> > deserialization.
> > 
> > Bug: v8:6624
> > Change-Id: Ic784ed43b607c881b356c6e535c9dbe185e1d4cd
> > Reviewed-on: https://chromium-review.googlesource.com/716229
> > Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> > Reviewed-by: Yang Guo <yangguo@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#48638}
> 
> TBR=yangguo@chromium.org
> 
> Bug: v8:6624
> Change-Id: I07c49263b4ef128dfe9b97d364e9a279b343aa24
> Reviewed-on: https://chromium-review.googlesource.com/723520
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48647}

TBR=yangguo@chromium.org,jgruber@chromium.org

Change-Id: I2a0534505d646a3ba90523f06f726b5059b90e35
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6624
Reviewed-on: https://chromium-review.googlesource.com/723521
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48650}
2017-10-17 17:32:46 +00:00
Ross McIlroy
3118f47395 [TurboFan] Fix type checks for lowering SpeculativeNumberBinop.
Ensure we only lower SpeculativeNumberBinops to a pure operator for
non-string plain primitives. Previously we could lower if a value might be
the-hole, however this would fail a CHECK in ConvertInputsToNumber which
expects a plain primitive.

BUG=chromium:772420

Change-Id: I0c755d10db7afd9cabfb638eca5662d70dfc8d51
Reviewed-on: https://chromium-review.googlesource.com/715717
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48649}
2017-10-17 16:12:49 +00:00
Clemens Hammacher
269b35a359 [arm] [simulator] Box floats and doubles
This prepares fixes in the implementations of vabs and vneg (potentially
more). In order to implement them correctly, we need to preserve the
exact bit pattern.

R=ahaas@chromium.org, rodolph.perfetta@arm.com

Bug: v8:6947
Change-Id: I7194a60371a6e3c9ffba32981c90090ffafaa610
Reviewed-on: https://chromium-review.googlesource.com/722941
Reviewed-by: Rodolph Perfetta <rodolph.perfetta@arm.com>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48648}
2017-10-17 16:02:14 +00:00
Jakob Gruber
526c31d07b Reland "[snapshot] Add BuiltinDeserializerAllocator"
This is a reland of 2b9a6d8908
Original change's description:
> [snapshot] Add BuiltinDeserializerAllocator
> 
> Encapsulates special reservation / allocation behavior for builtin
> deserialization.
> 
> Bug: v8:6624
> Change-Id: Ic784ed43b607c881b356c6e535c9dbe185e1d4cd
> Reviewed-on: https://chromium-review.googlesource.com/716229
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48638}

TBR=yangguo@chromium.org

Bug: v8:6624
Change-Id: I07c49263b4ef128dfe9b97d364e9a279b343aa24
Reviewed-on: https://chromium-review.googlesource.com/723520
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48647}
2017-10-17 15:56:34 +00:00
Ben L. Titzer
24459dff25 [wasm] Disable trap handlers also in d8.
This feature is turned off in flag-definitions but reenabled in a non-standard
way in d8. Given that the situations in which the trap handler are disabled are
more limited now due to integration problems, disabling this feature for now, since
we lack enough coverage to have confidence to turn it on by default.

We should probably introduce a proper test variant for this feature so that it
can be handled in a more standard way.

R=eholk@chromium.org
CC=​mlippautz@chromium.org,hablich@chromium.org,mstarzinger@chromium.org

Bug: 
Change-Id: Ic2e13181036ace8802736be847ae16ff889e3cea
Reviewed-on: https://chromium-review.googlesource.com/723221
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48646}
2017-10-17 15:34:34 +00:00