Commit Graph

50071 Commits

Author SHA1 Message Date
Alexander Timokhin
724d8111dd [serializer] Add support for AllocationSites without weak_next field
After https://chromium-review.googlesource.com/c/v8/v8/+/1101323 some
AllocationSites can have dropped weak_next field, but this doesn't suported in
serializer/deserializer.

This CL adds support for such AllocationSites.

Change-Id: Ibf495ae4effdf4e127892d906967d8e30eebfc87
Reviewed-on: https://chromium-review.googlesource.com/1183238
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55579}
2018-09-03 07:26:36 +00:00
Simon Zünd
b50fa92a2d Introduce 'kLengthString' in torque code
This CL replaces occurrences of "length" with the CSA macro
LengthStringConstant().

R=jgruber@chromium.org

Bug: v8:8015
Change-Id: Idf095587940f859e4c634865560abae325cd9fb4
Reviewed-on: https://chromium-review.googlesource.com/1201782
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#55578}
2018-09-03 06:36:42 +00:00
Simon Zünd
669bfe4679 [csa] Expose debug_execution_mode to CSA
This CL does two things: It adds a CSA helper to determine whether
the debug_execution_mode is kSideEffects. And it adds a runtime
function that exposes PerformSideEffectCheckForObject.

This will be needed for the Array.p.unshift Torque version.

R=jgruber@chromium.org

Change-Id: Idc1ae077956e0862e613a2c28af3f2cf4d5c3762
Reviewed-on: https://chromium-review.googlesource.com/1196362
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55577}
2018-09-03 06:12:31 +00:00
Simon Zünd
a45a20e446 [array] Move fall-back for Array.p.shift to C++
This CL replaces the JavaScript fall-back for Array.p.shift with a
baseline C++ implementation.

R=jgruber@chromium.org

Bug: v8:7624
Change-Id: Ib55e04e18e4e69089fc541636d3cad7fcb4c7245
Reviewed-on: https://chromium-review.googlesource.com/1186327
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55576}
2018-09-03 06:10:11 +00:00
Yang Guo
274242fe30 [debug] remove postpone interrupt scope where possible
R=jgruber@chromium.org

Change-Id: Ie2024c5425b657ba1779f1cd2108c7cf406ffade
Reviewed-on: https://chromium-review.googlesource.com/1174431
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55575}
2018-09-03 06:00:12 +00:00
Yang Guo
fa4f22642d [sample] use v8_monolith target to simplify hello world sample
New steps would be
- `tools/dev/v8gen.py x64.release.sample`
- `ninja -C out.gn/x64.release.sample v8_monolith`
- `g++ -I. -Iinclude samples/hello-world.cc -o hello_world
     lv8_monolith -Lout.gn/x64.release.sample/obj/ -pthread -std=c++0x`
- `./hello_world` (no more worrying about .bin files)

R=jkummerow@chromium.org, mths@chromium.org

Change-Id: I3bba03b4c3ed34daf242a570f420b90f94ec6de0
Reviewed-on: https://chromium-review.googlesource.com/1179663
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55574}
2018-09-03 05:54:26 +00:00
Yang Guo
d157fe49a5 [node] no longer copy jinja and markupsafe
These are now direct dependencies in Node.js.

R=lushnikov@chromium.org

Change-Id: I01a68394e2e22a1024b6c21b8222ac8b113fc693
Reviewed-on: https://chromium-review.googlesource.com/1179143
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55573}
2018-09-03 05:49:51 +00:00
Yutaka Hirano
b72fe64ee8 Remove Unused params from Compiler::GetFunctionFromEval
Bug: None
Change-Id: I26f136ff20f67b3eebc4374c9ac380d63f720ba9
Reviewed-on: https://chromium-review.googlesource.com/1192802
Commit-Queue: Yutaka Hirano <yhirano@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55572}
2018-09-03 05:04:22 +00:00
Sergiy Byelozyorov
8d2241ca59 [tools] Whitespace CL
TBR=sergiyb@chromium.org

No-Try: true
Bug: chromium:826280
Change-Id: I1ffaa592c686e07f13426d4f8459d50ff59b4d3c
Reviewed-on: https://chromium-review.googlesource.com/1171239
Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55571}
2018-09-02 21:39:54 +00:00
Benedikt Meurer
fa54dff255 [turbofan] Add missing -0 support for NumberMax/NumberMin typing.
The typing rules for NumberMax and NumberMin didn't properly deal with
-0 up until now, leading to suboptimal typing, i.e. for a simple case
like

  Math.max(Math.round(x), 1)

TurboFan was unable to figure out that the result is definitely going
to be a positive integer in the range [1,inf] or NaN (assuming that
NumberOrOddball feedback is used for the value x).

Bug: v8:8015
Change-Id: I06e14a9c9b0b813eb214ace7749fcc6ab36bb66a
Reviewed-on: https://chromium-review.googlesource.com/1199304
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55570}
2018-09-02 20:02:34 +00:00
Benedikt Meurer
a9e3d9c7ec [turbofan] Fix Type::PrintTo() for union and tuple types.
Printing of both union and tuple types was broken such that the first
type was always skipped due to a bug.

Bug: v8:8015
Change-Id: I4bd215a9d8fa5bc7e017dd28e66512f4961228d1
Reviewed-on: https://chromium-review.googlesource.com/1199365
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55569}
2018-09-01 19:26:52 +00:00
v8-ci-autoroll-builder
29bea26b93 Update V8 DEPS.
Rolling v8/build: 1a26c15..6773a0d

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/cd6bcbe..5167fb3

Rolling v8/third_party/depot_tools: e7f9302..e323bd9

Rolling v8/tools/clang: 58f7169..3aa6139

Rolling v8/tools/gyp: d61a939..81286d3

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: Iada5a1194eef2052e0915b7bcf3c6e1576739fa1
Reviewed-on: https://chromium-review.googlesource.com/1199912
Reviewed-by: V8 Autoroller <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: V8 Autoroller <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#55568}
2018-09-01 03:33:41 +00:00
Sathya Gunasekaran
992a4f61ed [Intl] Convert options arg to Object before processing it
This makes us spec compliant.

Bug: chromium:875643
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I489870495fe1d326991c99f0551fe3329268c984
Reviewed-on: https://chromium-review.googlesource.com/1199910
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55567}
2018-08-31 23:56:33 +00:00
Sathya Gunasekaran
e56bf9f45e [Intl] Remove bound function SFIs from context
Instead of creating the SFIs during bootstrapping and storing on the
context, this patch just creates the SFIs on demand.

This patch saves 8 words per context, and several words per bound
function by not storing the SFI.

The created bound JSFunction is cached on the instance anyway, so it's
totally fine to take a small hit when creating the bound JSFunction.

Previously in the JS implementation, the creation of a bound function
was even slower as it was a lazy function that would have to parsed,
compiled and executed. So this is a step up in terms up perf and
memory.

Bug: v8:5751
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: If3b8461d00e5b37567b34b236d44e14576b630ff
Reviewed-on: https://chromium-review.googlesource.com/1200006
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55566}
2018-08-31 23:07:09 +00:00
Frank Tang
81fb59c638 [Intl] expose LegacyUnwrapReceiver on Intl
Bug: v8:7979
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Ie3005cc93e582ea4d8d501a8a4a194d7ae35c129
Reviewed-on: https://chromium-review.googlesource.com/1198682
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55565}
2018-08-31 21:18:04 +00:00
Michael Achenbach
f7df60d561 Revert "Ship globalThis 🎉"
This reverts commit 4dac9872ae.

Reason for revert: Speculative revert for layout test failures:
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8-Blink%20Linux%2064/25970

E.g.:
virtual/service-worker-servicification/http/tests/serviceworker/webexposed/global-interface-listing-service-worker.html

Original change's description:
> Ship globalThis 🎉
> 
> Proposal repository:
> https://github.com/tc39/proposal-global
> 
> Intent to ship:
> https://groups.google.com/d/msg/v8-users/Vkoh0wXRwaM/Yt7MpzhkAgAJ
> 
> Bug: v8:5537
> Change-Id: I60a6c5375165d89548db12fef454a64137d04c27
> Reviewed-on: https://chromium-review.googlesource.com/1195494
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Commit-Queue: Mathias Bynens <mathias@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55543}

TBR=adamk@chromium.org,gsathya@chromium.org,mathias@chromium.org

Change-Id: Iacb484d36ba2c8002336038660450b240006e0ab
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:5537
Reviewed-on: https://chromium-review.googlesource.com/1199743
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55564}
2018-08-31 20:20:42 +00:00
Marijn Kruisselbrink
3cc682ba5a Add AsyncIterator to well-known symbols.
Bug: chromium:872465
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I75eccab304405569b40c5dcc18177354372a02c9
Reviewed-on: https://chromium-review.googlesource.com/1199464
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Marijn Kruisselbrink <mek@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55563}
2018-08-31 19:31:58 +00:00
Wez
750426624f Migrate zx_vmar_*() call-sites to the new API signatures.
Updates zx_vmar_*_old() callers back to the zx_vmar_*() equivalents,
which have a new parameter order.

Change-Id: I1662b4fbb866cef4eedc13e0db3e9389d4375d1e
Reviewed-on: https://chromium-review.googlesource.com/1199903
Commit-Queue: Wez <wez@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55562}
2018-08-31 18:34:04 +00:00
Frank Tang
090902218b [Intl] remove dead code toDateTimeOptions in src/js/intl.js
Bug: v8:7961
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I1d7f0a9e6e44cb34799f074ffa9fe8ca39bcef2b
Reviewed-on: https://chromium-review.googlesource.com/1198766
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55561}
2018-08-31 18:20:41 +00:00
Michael Achenbach
bc1872d9f6 [test] Skip some layout tests on V8 side
TBR=mslekova@chromium.org
NOTRY=true

Bug: chromium:879604
Change-Id: I051837bae866f391ec5f1555b845cd66cc9f777a
Reviewed-on: https://chromium-review.googlesource.com/1199285
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55560}
2018-08-31 16:17:14 +00:00
Sathya Gunasekaran
b00b21b472 [test] Suppress TSAN failure in ICU
Bug: v8:8110
Change-Id: I7531ca961d0a0ed612ea3571c2bbef290b87c035
Reviewed-on: https://chromium-review.googlesource.com/1196689
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55559}
2018-08-31 16:14:27 +00:00
v8-ci-autoroll-builder
41e35167fd Update V8 DEPS.
Rolling v8/build: ed29828..1a26c15

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/d0d714d..cd6bcbe

Rolling v8/third_party/depot_tools: 5cc2afd..e7f9302

Rolling v8/third_party/fuchsia-sdk: 3ec92c8..e0c4613

Rolling v8/third_party/googletest/src: d526632..2e68926

Rolling v8/tools/clang: bb4146f..58f7169

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: I8e0b4d715ddd47e8779c1300422e462b3470b373
Reviewed-on: https://chromium-review.googlesource.com/1199902
Commit-Queue: V8 Autoroller <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Reviewed-by: V8 Autoroller <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#55558}
2018-08-31 16:07:08 +00:00
jgruber
85cd0d87bb Refactor InterpreterPushArgsThenConstruct
This reorders arguments in preparation for removing ebx from its
calling convention (in a follow-up some args will be passed on the
stack).

Drive-by: Improve readability in the code handling different cases
(array,spread,...).

Bug: v8:6666
Change-Id: I0160f8efafd0fd0e841739578e01c32b38adb66e
Reviewed-on: https://chromium-review.googlesource.com/1196884
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55557}
2018-08-31 15:30:43 +00:00
Benedikt Meurer
e034c1ad9c [turbofan] ToNumeric(x) does ToNumber(x) for all non-BigInt primitives.
We can safely lower ToNumeric(x) to ToNumber(x) as long as we can
guarantee that x is any primitive except BigInt (as ToNumeric would
return that unchanged while ToNumber will throw).

Bug: v8:8015
Change-Id: I66573cc204c7c919095ca7598a027fabef7d71a8
Reviewed-on: https://chromium-review.googlesource.com/1199665
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55556}
2018-08-31 15:06:10 +00:00
Michael Achenbach
455718ed3e [build] Fix V8 deps for qemu
This ports https://crrev.com/c/1185020
[Fuchsia] Add Mac build support.

This also rolls v8/build:
9f16b23..ed29828

TBR=yangguo@chromium.org

Bug: chromium:707030
Change-Id: Ib74df070fa4a2b77c4837f82e4e4d8666a3166e5
Reviewed-on: https://chromium-review.googlesource.com/1199404
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55555}
2018-08-31 15:02:39 +00:00
jgruber
fdb3130207 [ia32] Unalias kRootRegister in ApiCallback,InterpreterPushArgsThenCall
In preparation for kRootRegister support on ia32.

For both descriptors we simply shuffle registers around to remove ebx
from the calling convention.

Possible follow-up work: The ApiCallbackDescriptor could be simplified
by passing call_data (and the Undefined constant) on the stack. This
currently happens in the builtin body.

Drive-by: Minor refactoring in InterpreterPushArgsMode to deobfuscate
the different paths (spread/no-spread). Also use
{Push,Pop}ReturnAddress helpers.

Bug: v8:6666
Change-Id: I25fd738501fff71c038a0745cec04363f90df660
Reviewed-on: https://chromium-review.googlesource.com/1196552
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55554}
2018-08-31 14:59:51 +00:00
Benedikt Meurer
b1bd6beb4e [turbofan] Fix typo flushed out by recent CL.
Bug: chromium:879560
Change-Id: Ia2d2699851358641d50f9997875810f8cb1100ff
Reviewed-on: https://chromium-review.googlesource.com/1199742
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55553}
2018-08-31 14:58:25 +00:00
Alexey Kozyatinskiy
3fd1f8a7b4 inspector: do not use SeekForward to move backward
We can use Seek + Advance instead on source stream.

TBR=verwaest@chromium.org

Bug: chromium:879550
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ic6ad12a86105ce68ea404e313b74d11417928cf0
Reviewed-on: https://chromium-review.googlesource.com/1196686
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55552}
2018-08-31 14:24:39 +00:00
Alexey Kozyatinskiy
bd9df9a797 src: support GlobalDictionary in SetHashAndUpdateProperties
GetIdentityHashHelper function can return hash from GlobalDictionary,
but SetHashAndUpdateProperties crashes on DCHECK on attempt to set
this hash (it works when DCHECKs are disabled because SetHash is defined
on base class for NameDictionary and GlobalDictionary).

R=yangguo@chromium.org

Bug: none
Change-Id: I740fa6a3232f7db8e4396b9a5e4664b8ab81969a
Reviewed-on: https://chromium-review.googlesource.com/1198765
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55551}
2018-08-31 14:21:44 +00:00
Alexey Kozyatinskiy
215608f453 debug-evaluate: do not return JSGlobalObject instead of JSGlobalProxy
DebugEvaluate contains code since 2009 that bypasses JSGlobalProxy and
returns JSGlobalObject when result of expression is global proxy.
This behavior may be dangerous:
- JSGlobalObject does not perform security checks,
- some parts of V8 code do not ready for JSGlobalObject, e.g.,
  SetHashAndUpdateProperties function will crash on DCHECK if we will
  try to store JSGlobalObject to map.

At the same time it looks like there is no any valid use case for it.

R=yangguo@chromium.org

Bug: none
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ib0e35d5ae9ef47318c866e44c5c6856e34ed05a5
Reviewed-on: https://chromium-review.googlesource.com/1198764
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55550}
2018-08-31 14:20:39 +00:00
Michael Achenbach
b4904de3a5 Update V8 DEPS.
Rolling v8/build: dd6b994..9f16b23

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/bc2c0a9..d0d714d

Rolling v8/third_party/depot_tools: 2d0e03c..5cc2afd

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: I292ecb01b67446d985dc7070f9f7c453395e7981
Reviewed-on: https://chromium-review.googlesource.com/1192237
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: V8 Autoroller <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#55549}
2018-08-31 14:14:39 +00:00
Mike Stanton
331f6f882b [CSA]: AllocateZeroedFixedDoubleArray used wrong ElementsKind
Change-Id: Ibfddd236dbe8b6a205a457aea1cb9eb00b0a3572
Reviewed-on: https://chromium-review.googlesource.com/1199403
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55548}
2018-08-31 14:04:28 +00:00
Benedikt Meurer
5f27e5c742 [runtime] Merge %KeyedGetProperty into %GetProperty.
As noticed by jkummerow@ there's probably not really a point in
keeping two separate runtime functions that perform the same
operation, but one has a different fast-path (which is not
available to the other). So %KeyedGetProperty is now effectively
%GetProperty and used consistently as fallback from both the ICs
as well as other callers like the GetProperty builtin.

Bug: v8:8015
Change-Id: Ib46b13da739229e2eb820ecf87923ac99c6971d3
Reviewed-on: https://chromium-review.googlesource.com/1199105
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55547}
2018-08-31 12:19:10 +00:00
Simon Zünd
e7ca2b7cfe [array] Fix wrong receiver when copying from the prototype chain
This CL fixes an issue where getters/setters would get called on a
prototype with the wrong receiver. This happens in the pre-processing
for Array.p.sort when values get copied down from the prototype chain.

R=jgruber@chromium.org

Bug: v8:7682
Change-Id: I0d8ff1dc721c33bd721aaca54ffd357b3d2a2096
Reviewed-on: https://chromium-review.googlesource.com/1198767
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#55546}
2018-08-31 11:58:15 +00:00
Camillo Bruni
6ecca1978e Use NumberToStringCache by default for Uint32ToString
Bug: v8:7717, chromium:879304
Change-Id: I524a9cf45f6a69efe0445b4ffaddfffc85c5560d
Reviewed-on: https://chromium-review.googlesource.com/1199282
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55545}
2018-08-31 11:55:24 +00:00
Georg Neis
ef56902851 Revert "[interpreter] Add bytecode for leading array spreads."
This reverts commit 1c48d52bb1.

Reason for revert: Clusterfuzz found something.

Original change's description:
> [interpreter] Add bytecode for leading array spreads.
> 
> This CL improves the performance of creating [...a, b] or [...a].
> If the array literal has a leading spread, this CL emits the bytecode
> [CreateArrayFromIterable] to create the literal. CreateArrayFromIterable
> is implemented by [IterableToListDefault] builtin to create the initial
> array for the leading spread. IterableToListDefault has a fast path to
> clone efficiently if the spread is an actual array.
> 
> The bytecode generated is now shorter. Bytecode generation is refactored
> into to BuildCreateArrayLiteral, which allows VisitCallSuper to benefit
> from this optimization also.
> For now, turbofan also lowers the bytecode to the builtin.
> 
> The idiomatic use of [...a] to clone the array a now performs better
> than a simple for-loop, but still does not match the performance of slice.
> 
> Bug: v8:7980
> 
> Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
> Change-Id: Ibde659c82d3c7aa1b1777a3d2f6426ac8cc15e35
> Reviewed-on: https://chromium-review.googlesource.com/1181024
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Commit-Queue: Hai Dang <dhai@google.com>
> Cr-Commit-Position: refs/heads/master@{#55520}

TBR=rmcilroy@chromium.org,neis@chromium.org,sigurds@chromium.org,gsathya@chromium.org,jgruber@chromium.org,dhai@google.com

Change-Id: I1c86ddcc24274da9f5a8dd3d8bf8d869cbb55cb6
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7980
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/1199303
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55544}
2018-08-31 11:43:33 +00:00
Mathias Bynens
4dac9872ae Ship globalThis 🎉
Proposal repository:
https://github.com/tc39/proposal-global

Intent to ship:
https://groups.google.com/d/msg/v8-users/Vkoh0wXRwaM/Yt7MpzhkAgAJ

Bug: v8:5537
Change-Id: I60a6c5375165d89548db12fef454a64137d04c27
Reviewed-on: https://chromium-review.googlesource.com/1195494
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55543}
2018-08-31 11:38:53 +00:00
Bret Sepulveda
b9cb78a705 profview: View source code of functions with samples inline.
If profiling is done with --log-source-code profview will now display
a "View source" link for each function in the tree view. Clicking this
will show a new source viewer, with sampled lines highlighted. See the
associated bug for screenshots.

This patch also fixes a bug in the profiler where the source info of
only the first code object for each function would be logged, and
includes some refactoring.

Bug: v8:6240
Change-Id: Ib96a9cfc54543d0dc9bef4657cdeb96ce28b223c
Reviewed-on: https://chromium-review.googlesource.com/1194231
Commit-Queue: Bret Sepulveda <bsep@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55542}
2018-08-31 11:32:33 +00:00
Benedikt Meurer
33f2012efd [runtime] Remove unused %GetPrototype.
The %GetPrototype runtime function is not used anymore. Also remove the
cctests that were introduced to guard the Crankshaft optimizations for
the %_GetPrototype intrinsic.

Bug: v8:8015
Change-Id: I4b848f2c8d67209dae002d260a26867299d6b4a5
Reviewed-on: https://chromium-review.googlesource.com/1199106
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55541}
2018-08-31 11:17:47 +00:00
Benedikt Meurer
923127f8e1 [ic] Teach KeyedLoadICGeneric about ToName.
In the KeyedLoadICGeneric case the engine previously immediately fell
back to the %KeyedGetProperty runtime function if the key was not a
Name or a valid array index. This turns out to be really slow if a
program passes for example objects as keys. Since we already have all
the logic in place to convert an arbitrary JavaScript value to a Name,
we can just call into ToName first and then operate on the result of
that, which is significantly faster since C++ usually doesn't need to
call back into JavaScript then to convert a JSReceiver into a Name.

This also changes the ToName builtin to use the existing builtin for
NonPrimitiveToPrimitive, which stays in JavaScript land completely.
Since there's not really a point in inlining ToName into the call
sites, the other uses were also changed to call the builtin instead,
which saves some space and might also help with instruction cache
utilization (especially when the ToName logic is more involved now).

This improves the performance on the microbenchmark

```js
const n = 1e7;
const obj = {};
const key = [1,2];

const start = Date.now();
for (let i = 0; i < n; ++i) {
  if (obj[key] === undefined) obj[key] = key;
}
print(`time: ${Date.now() - start} ms.`);
```

by up to 36%. On the ARES-6 ML benchmark the steady state improves by up
to ~7% and the overall mean for ARES-6 ML improves by up to ~6%. Further
improvements might be possible here if the GetProperty builtin could be
made faster for common prototype lookups like Symbol.toPrimitive and the
"valueOf" and "toString" functions.

Bug: v8:6344, v8:6670
Change-Id: Ic3ac2bc4d4277836ef03039de4eda5c5f66a85da
Reviewed-on: https://chromium-review.googlesource.com/1199022
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55540}
2018-08-31 11:15:47 +00:00
Benedikt Meurer
87199f5234 [es2015] Handle proxies in GetProperty builtin.
Teach the GetProperty builtin how to perform [[Get]] on JSProxy
instances by calling into the dedicated ProxyGetProperty builtin
that we already use for the LOAD_IC / KEYED_LOAD_IC. This is
important when proxies are used in places were GetProperty builtin
is used like for example as iterables in for..of loops or in spreads.

On a simple micro-benchmark like the following

```js
const proxy = new Proxy([1, 2, 3], {
  get(target, property) { return target[property]; }
});
const TESTS = [
    function testForOfProxy() { for (const x of proxy) {} },
    function testSpreadProxy() { return [...proxy]; }
];

function test(fn) {
  var result;
  for (var i = 0; i < 1e6; ++i) result = fn();
  return result;
}
test(x => x);

for (var j = 0; j < TESTS.length; ++j) test(TESTS[j]);
for (var j = 0; j < TESTS.length; ++j) {
  var startTime = Date.now();
  test(TESTS[j]);
  print(TESTS[j].name + ':', (Date.now() - startTime), 'ms.');
}
```

improves from around

  testForOfProxy: 1672.6 ms.
  testSpreadProxy: 1956.6 ms.

to

  testForOfProxy: 408.4 ms.
  testSpreadProxy: 530.8 ms.

on average, which corresponds to a 4-5x performance improvement, even
for small arrays. On the ARES-6 Air benchmark this completely eliminates
all calls to the %GetProperty runtime function, and thereby improves the
steady state mean by 2-3%.

Bug: v8:6344, v8:6557, v8:6559
Change-Id: Ifebdaff8f3ae5899a33ce408ecd54655247f3a02
Reviewed-on: https://chromium-review.googlesource.com/1199023
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55539}
2018-08-31 11:13:16 +00:00
Jao-ke Chin-Lee
0b0f06238b [CQ] Remove deleted builder from experimental set.
chromeos_daisy_chromium_compile_only_ng has been
deleted and was removed from Buildbucket in
https://chromium-review.googlesource.com/c/chromium/src/+/1195731

BUG=v8:8058

Change-Id: I42adaca73f0b04cf553e16f215f92ed2f5a7a010
Reviewed-on: https://chromium-review.googlesource.com/1198242
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55538}
2018-08-31 10:40:24 +00:00
Frank Tang
273c83dbfc Revert "Revert "Reland "[Intl] move Date.prototype.toLocale{,Date,Time}String to C++"""
The expectation is changed in https://chromium-review.googlesource.com/c/chromium/src/+/1196032

revert of https://chromium-review.googlesource.com/c/v8/v8/+/1188143
to reland https://chromium-review.googlesource.com/c/v8/v8/+/1185763

v8:7961

Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng;luci.chromium.try:linux_chromium_rel_ng;luci.v8.try:v8_linux_blink_rel
Change-Id: I461db83b377c31abda72f2ce9c4501fcdd3b2663
Reviewed-on: https://chromium-review.googlesource.com/1195539
Reviewed-by: Jungshik Shin <jshin@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55537}
2018-08-31 01:05:18 +00:00
Adam Klein
88cffb82de Add wez as an owner for platform-fuchsia.cc
Change-Id: I4b810b3684609f19cef3adf295ac104d00b9a4c3
Reviewed-on: https://chromium-review.googlesource.com/1194441
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55536}
2018-08-30 18:12:33 +00:00
Bill Budge
8f42679ada [compiler] Bypass FP register allocation if there are no FP vregs
- Cleans up existing code that tests for representations using a
  bitmask.
- Bypass FP register allocation for sequences without FP vregs.

Change-Id: I5ff32e80e0c33848ba83ee17f786b01e37821aa2
Reviewed-on: https://chromium-review.googlesource.com/1195528
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55535}
2018-08-30 16:23:10 +00:00
Ben L. Titzer
09a717dbb9 [wasm] Fix dispatch table instance update
This CL fixes a bug where the receiving instance was updated improperly
in the dispatch table(s) of an imported table.

BUG=chromium:875322
R=mstarzinger@chromium.org

Change-Id: Ib5af238a0847bf332a12863523e897f59f137c1d
Reviewed-on: https://chromium-review.googlesource.com/1196886
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55534}
2018-08-30 15:54:14 +00:00
Adam Klein
272a9944fd Make my watchlists easier to filter
Tbr: gsathya@chromium.org
Change-Id: I293e5eb686e2ba92386efb908d3437b2afdd152d
Reviewed-on: https://chromium-review.googlesource.com/1196683
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55533}
2018-08-30 15:28:02 +00:00
Peter Marshall
2d62067879 [tools] Add an API that exposes the location of builtins.
We have an API (GetCodeRange) which gives the location of V8 code on the
heap, but builtin code no longer lives on the heap.

The upcoming work on the V8 stack unwinder requires the embedder to
provide the code ranges for both the heap and builtins, so this API will
be used there.

Bug: v8:8116
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I15e900716e68256b9732be0ea1a5cda24878eccf
Reviewed-on: https://chromium-review.googlesource.com/1196551
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55532}
2018-08-30 15:17:17 +00:00
Igor Sheludko
038ce6aa9c [ptr-compr] Introduce RegionAllocator and respective unittests.
This is a naive implementation of a class that manages regions
allocation/deallocation inside given range of addresses.

This code will be used in a follow-up CLs.

Bug: v8:8096
Change-Id: I7bea7051a1525cc7f87ba34d67b85b274c5de18a
Reviewed-on: https://chromium-review.googlesource.com/1127175
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55531}
2018-08-30 14:33:42 +00:00
Benedikt Meurer
c7b15fb7cd [turbofan] Lower to JSToNumeric to JSToNumber if possible.
This addresses a TODO in JSTypedLowering and generally makes the more
easier to follow since the methods deal only with one kind of Node now.

Bug: v8:8015
Change-Id: I8c3521b8d630dbe272264dc01e9ab3a5b0a8f682
Reviewed-on: https://chromium-review.googlesource.com/1196883
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55530}
2018-08-30 14:28:19 +00:00