Commit Graph

41508 Commits

Author SHA1 Message Date
Michael Achenbach
dbfe008b43 [test] Add test isolation and parameters for ubsan
This adds a missing swarming config to the ubsan builders to fix
test isolation.

This also adds ubsan_vptr to the inferred options from build metadata.

For ubsan_vptr builds, the test runner makes sure to set up the
required options.

TBR=ishell@chromium.org

Bug: chromium:726584
Change-Id: I9667ba2b6d9d0f363f7cc94d23308e09da002d99
Reviewed-on: https://chromium-review.googlesource.com/577689
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46866}
2017-07-25 11:42:01 +00:00
Michael Hablich
4f2e6e9ddd Revert "[inspector] support for cases when embedder doesn't call contextDestroyed"
This reverts commit 87aae715df.

Reason for revert: Speculative revert because of ASAN leaks in https://chromium-review.googlesource.com/584488

Original change's description:
> [inspector] support for cases when embedder doesn't call contextDestroyed
> 
> Node.js doesn't have good place to call contextDestroyed.
> We need to cleanup everything on our side to allow clients to not call
> contextDestroyed method.
> 
> R=​dgozman@chromium.org,eostroukhov@google.com
> 
> Bug: none
> Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: I6bfd4d6039f53eb994a2d20ecbca650744564e29
> Reviewed-on: https://chromium-review.googlesource.com/575519
> Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
> Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#46849}

TBR=dgozman@chromium.org,kozyatinskiy@chromium.org,eostroukhov@google.com,eostroukhov@chromium.org

Change-Id: Ic3c2764159f809536670f73ab0cd5ea37317d400
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: none
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/584767
Reviewed-by: Michael Hablich <hablich@chromium.org>
Commit-Queue: Michael Hablich <hablich@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46865}
2017-07-25 11:07:51 +00:00
Ulan Degenbaev
6e3d7ee6cb Revert "[heap] Remove clearing of caches and counter of shared function info in"
This reverts commit 8580529302.

Reason for revert: increased memory usage on benchmarks.

BUG=chromium:747806

Original change's description:
> [heap] Remove clearing of caches and counter of shared function info in
> marking visitors.
> 
> This makes incremental and concurrent visitors of share function infos
> side-effect free.
> 
> BUG=chromium:694255
> 
> Change-Id: I85ee7bac17f17bdbc101ef64ecfb46020b5b3458
> Reviewed-on: https://chromium-review.googlesource.com/574851
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#46796}

TBR=ulan@chromium.org,mlippautz@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: chromium:694255
Change-Id: Id28551ce8378820b0272721b7efb388727c442d4
Reviewed-on: https://chromium-review.googlesource.com/584288
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46864}
2017-07-25 10:42:56 +00:00
Ross McIlroy
796566093c [asmjs] Implement AsmJsCompilationJob.
Moves AsmJs compilation into an AsmJs compilation job. This enables it
to be treated like other unoptimized compilations and avoids some
special-casing in compiler.cc.

BUG=v8:5203

Change-Id: I71ad27e3f72815b4c4074634fff0d168a9c89102
Reviewed-on: https://chromium-review.googlesource.com/581487
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46863}
2017-07-25 10:38:36 +00:00
Ross McIlroy
3cbceb215f [Compiler] Split ScopeInfo allocation out of DeclarationScope::Analyse.
Move ScopeInfo allocation out of DeclarationScope::Analyse and do it later
in the compile when finalizing unoptimized code generation. This is to enable
scope analysis to be done without heap allocation so it could run off-thread.

BUG=v8:5203

Change-Id: I954aacd4353925bbbd5a940d979027de2c52e1fd
Reviewed-on: https://chromium-review.googlesource.com/581108
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46862}
2017-07-25 09:35:44 +00:00
Yang Guo
89ef9556d7 Reland: Introduce HASH_TABLE_TYPE instance type.
This is so that we can distinguish hash tables by instance type. We can
then introduce maps for each kind of hash tables to further distinguish.

R=mstarzinger@chromium.org

Bug: v8:6593
Change-Id: Ice9e6bb7b85d825207ac489b6930ac9020d60db8
Reviewed-on: https://chromium-review.googlesource.com/582814
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46861}
2017-07-25 09:19:46 +00:00
Clemens Hammacher
072d0e3eb6 [wasm] Allow for arbitrarily long error messages
We currently have a fixed limit of 256 characters for error messages
generated in the decoder. However, we sometimes embed names in it,
which makes it easy to generate a crash by using long names (e.g. for
exports) in invalid wasm modules.
This CL fixes this by switching to a stream based interface, allowing
to pass arbitrary objects to be printed. With this interface, we can
easily limit the length of output later.

R=titzer@chromium.org

Bug: chromium:740023
Change-Id: I2848c31c63a015157e2a3a9458b54e523060cd69
Reviewed-on: https://chromium-review.googlesource.com/565282
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46860}
2017-07-25 09:17:15 +00:00
Clemens Hammacher
620b544ddf [ostreams] Extend AsHex and add AsHexBytes
Add a third parameter to {AsHex} which specifies whether the prefix
"0x" should be printed. Also, add the {AsHexBytes} helper which
outputs the hex number as individual bytes separated by a whitespace.
Also add unit tests for both helpers.

Both helper will be used in an upcoming refactoring of wasm error
messages:
https://chromium-review.googlesource.com/c/565282

R=titzer@chromium.org

Change-Id: I42d5ace9841ffb918cb4d6803b6347229e446097
Reviewed-on: https://chromium-review.googlesource.com/583448
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46859}
2017-07-25 08:37:46 +00:00
Clemens Hammacher
d8ac28e9ae [wasm] Test more error messages
Extend the errors.js mjsunit test to also check for the message in the
generated errors. This will help catch bugs later, e.g. when
refactoring the way we output errors:
https://chromium-review.googlesource.com/c/565282

Drive-by 1: Fix a superfluous period in one error message.
Drive-by 2: Fix a weird exception catching construct in the test.

R=titzer@chromium.org

Change-Id: I1c2e92fb2c34a481cbf8802153f8502452d45348
Reviewed-on: https://chromium-review.googlesource.com/582960
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46858}
2017-07-25 08:29:13 +00:00
Yang Guo
7924985f9f [regexp] Throw for patterns like /[\p{...}-\p{...}]/u.
Bug: v8:4743
Change-Id: Iacb7681e679faa1ece77c577a2585363f6ef87a2
Reviewed-on: https://chromium-review.googlesource.com/582010
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46857}
2017-07-25 08:25:43 +00:00
jgruber
dc778a3dc5 Fix arguments.js test
The second f1 function would overwrite the first, breaking all tests
that were intended to use the first f1 definition.

Bug: 
Change-Id: I79dd1ae344ebf3cf08991d550983f1b01274b352
Reviewed-on: https://chromium-review.googlesource.com/581528
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46856}
2017-07-25 07:58:13 +00:00
Michael Achenbach
aad9d2cd36 Update V8 DEPS.
Rolling v8/build: d9a25a7..9ce44b9

Rolling v8/tools/clang: 34762ec..7185692

This also ports https://chromium-review.googlesource.com/c/582976

TBR=machenbach@chromium.org,hablich@chromium.org

Change-Id: I6436dd50b7cee016d1cc2d5f48d2d27e9025276d
Reviewed-on: https://chromium-review.googlesource.com/584171
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46855}
2017-07-25 07:10:46 +00:00
Igor Sheludko
c558369af2 [runtime] Don't create "class" field types for arrays' fields.
... when reconfiguring const fields to mutable fields.

Bug: chromium:747979, chromium:738763, chromium:745844
Change-Id: Ibfac1b875a1da8234966ac10658260f1cc718fe5
Reviewed-on: https://chromium-review.googlesource.com/583647
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46854}
2017-07-25 06:54:46 +00:00
Benedikt Meurer
851e8057e6 [cleanup] Remove unused InternalPackedArray.
Inside of V8 there's no use of InternalPackedArray left, so no need to
keep that around.

R=yangguo@chromium.org

Change-Id: I819fc400ef46353339596dec98b70df2d442ed47
Reviewed-on: https://chromium-review.googlesource.com/583653
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46853}
2017-07-25 05:40:16 +00:00
Mike Stanton
d9b98f3d05 [TurboFan] Array.prototype.map inlining error
A Phi is necessary to carry the ElementsKind forward in case transitions
are taken.

Bug: chromium:747075
Change-Id: I9d9d66b0219fe3f67d08536f4d478ee300c76acb
Reviewed-on: https://chromium-review.googlesource.com/583090
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46852}
2017-07-25 04:05:56 +00:00
Erik Luo
46d815e737 inspector: add lengths for binary data descriptions
This CL adds support for ArrayBuffer and SharedArrayBuffer subtypes for injected
script source. It also adds the byteLength/size to the description of these
objects and for the upcoming "blob" subtype when appropriate.

This is dependent on a DevTools frontend patch to accept these new subtypes:
https://chromium-review.googlesource.com/c/582427/

Bug: chromium:653620
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: If8f612b54e82e6fd2f056545bd521868ba7349fd
Reviewed-on: https://chromium-review.googlesource.com/582233
Commit-Queue: Erik Luo <luoe@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46851}
2017-07-25 00:19:55 +00:00
Sathya Gunasekaran
fe18ad6580 Reland "[runtime] Load only 10 bits as PropertyArray length"
This is a reland of b2bf43d529
Original change's description:
> [runtime] Load only 10 bits as PropertyArray length
> 
> Bug: v8:6404
> Change-Id: I187f20006c14aab4a36e2bfef31ca68ebb249e43
> Reviewed-on: https://chromium-review.googlesource.com/576516
> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#46822}

TBR=ulan@chromium.org,mstarzinger@chromium.org,cbruni@chromium.org

Bug: v8:6404
Change-Id: Ia0d8bf276fcfc7bfce704d68ba3427d7ba941ba9
Reviewed-on: https://chromium-review.googlesource.com/583708
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46850}
2017-07-24 22:20:06 +00:00
Alexey Kozyatinskiy
87aae715df [inspector] support for cases when embedder doesn't call contextDestroyed
Node.js doesn't have good place to call contextDestroyed.
We need to cleanup everything on our side to allow clients to not call
contextDestroyed method.

R=dgozman@chromium.org,eostroukhov@google.com

Bug: none
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I6bfd4d6039f53eb994a2d20ecbca650744564e29
Reviewed-on: https://chromium-review.googlesource.com/575519
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46849}
2017-07-24 21:22:06 +00:00
titzer
1bbbc8cc61 [wasm] More extensive indirect dispatch signature mismatch tests.
BUG=chromium:747995

Review-Url: https://codereview.chromium.org/2981883002
Cr-Commit-Position: refs/heads/master@{#46848}
2017-07-24 19:21:28 +00:00
Ulan Degenbaev
ec1c5009fe Revert "[heap] Use AdjustAmountOfExternalMemory to account freed array buffers."
This reverts commit 5ea58bde1c.

Reason for revert: potential perf regression.

BUG=chromium:748100

Original change's description:
> [heap] Use AdjustAmountOfExternalMemory to account freed array buffers.
> 
> Currently GC decrements the external memory counter directly bypassing
> the AdjustAmountOfExternalMemory. This is inconsistent with array
> buffer allocation, which actually uses the API to increment the counter.
> 
> Change-Id: I401087872213fdd60f1a40c99c8f459c14dc0608
> Reviewed-on: https://chromium-review.googlesource.com/582008
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#46835}

TBR=ulan@chromium.org,mlippautz@chromium.org

Change-Id: Ibde2acb9ae2e4274946124fc4606321b95c80758
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/583453
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46847}
2017-07-24 17:29:23 +00:00
Jaroslav Sevcik
3d5f2e08bf [builtins] Port Set.prototype.(add|delete) to CSA.
Bug: v8:5717
Change-Id: Iac82b4960cc3ed89820c49b091d6860136839300
Reviewed-on: https://chromium-review.googlesource.com/583147
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46846}
2017-07-24 16:55:00 +00:00
Jaideep Bajwa
fab6fe09df PPC/s390: Don't dereference handles in (macro-)assembler functions used by TF (reland)
Port 9b3174b295

Original Commit Message:

    Remove all IsHeapObject/IsSmi checks from assembler and also from
    the macro-assembler functions that Turbofan code generation uses.

    Note for porters: In case it's unclear which macro-assembler
    functions need to be modified, it may be best to wait until I
    split MacroAssembler in a followup-CL, which will make that clear.

R=neis@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=v8:6048
LOG=N

Change-Id: Ic24c7145fa9c3d44d0359e93583eb5ddf0bcf5a8
Reviewed-on: https://chromium-review.googlesource.com/581796
Commit-Queue: Jaideep Bajwa <bjaideep@ca.ibm.com>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46845}
2017-07-24 15:52:10 +00:00
Michael Starzinger
4e207a429a Switch JSFunction::code to be a tagged value.
This switches the "code entry" field on JSFunction to no longer be an
inner pointer into a Code object (i.e. to the start of the instruction
stream), but a properly tagged pointer instead.

Motivation behind this is the ability to treat this field regularly as
part of escape analysis in the optimizing compiler. Also simplifies the
object visitation for JSFunction objects.

R=bmeurer@chromium.org

Change-Id: Ib53a3fc5f3d783a6fed06dbcab319f5568632acc
Reviewed-on: https://chromium-review.googlesource.com/577890
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46844}
2017-07-24 15:42:30 +00:00
Jaideep Bajwa
46344edaac PPC/s390: [compiler] Delay generation of code stubs.
Port 040fa06fb3
Port 659e8f7b5c

R=neis@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=v8:6048
LOG=N

Change-Id: Id3030a64d462344eb8612f8009b0c8e15a5edcb9
Reviewed-on: https://chromium-review.googlesource.com/581744
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jaideep Bajwa <bjaideep@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#46843}
2017-07-24 15:05:10 +00:00
Michael Lippautz
486e641c11 [heap] Fix Barrier used in Scavenger
The barrier assumed that the number of tasks is fixed. However, we
cannot rely on that because other tasks might take up threads. In the
ein thend this would result in the Scavenge task being (rightfully)
cancelled.

The barrier now assumes no tasks in the beginning and relies on the fact
that reaching the barrier means that no global work is left. Tasks that
lag behing will just observe the barrier being in its end state.

Bug: chromium:738865
Change-Id: I4d47e8ec4b9cf7c615b3d9585e4a6bb9d271d409
Reviewed-on: https://chromium-review.googlesource.com/582947
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46842}
2017-07-24 14:27:28 +00:00
Igor Sheludko
134cc94eb0 Revert "[runtime] Make JSFunction::prototype_or_initial_map field optional."
This reverts commit 3d023952f2.

Reason for revert: breaks gcc build

Original change's description:
> [runtime] Make JSFunction::prototype_or_initial_map field optional.
> 
> Functions that don't have prototype need to store neither prototype nor
> initial map, so the |prototype_or_initial_map| field is not required for
> such maps.
> 
> Bug: v8:6459
> Change-Id: I4b3066bd6a4fed42c19f217bae82a8bce552bdca
> Reviewed-on: https://chromium-review.googlesource.com/570250
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#46840}

TBR=jkummerow@chromium.org,jarin@chromium.org,ishell@chromium.org

Change-Id: Ie9951c87b15c8bd365ed187d7f719b8f08dd0bb5
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6459
Reviewed-on: https://chromium-review.googlesource.com/583088
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46841}
2017-07-24 14:13:10 +00:00
Igor Sheludko
3d023952f2 [runtime] Make JSFunction::prototype_or_initial_map field optional.
Functions that don't have prototype need to store neither prototype nor
initial map, so the |prototype_or_initial_map| field is not required for
such maps.

Bug: v8:6459
Change-Id: I4b3066bd6a4fed42c19f217bae82a8bce552bdca
Reviewed-on: https://chromium-review.googlesource.com/570250
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46840}
2017-07-24 13:44:43 +00:00
Jaroslav Sevcik
b955d84289 [builtins] Port Map.p.delete to CSA.
Bug: v8:5717
Change-Id: Iff5b71b9e27b3e4a790118cbd4877b4460d07b1d
Reviewed-on: https://chromium-review.googlesource.com/582810
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46839}
2017-07-24 12:13:43 +00:00
Peter Marshall
e8c9649e25 [builtins] Increase the maximum string length on 64-bit platforms.
Increase from 2^28 - 16 to 2^30 - 25 for 64-bit platforms.

Bug: v8:6148
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I3529d7ed757a7ab49a001af8641cf888db171cdb
Reviewed-on: https://chromium-review.googlesource.com/570047
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46838}
2017-07-24 10:38:55 +00:00
jgruber
d8e147752c [regexp] Teach deoptimizer to materialize JSRegExp objects
Now that literal allocation is inlined, it is possible to optimize out regexp
literal allocation completely. If a lazy deopt is triggered in that situation,
the deoptimizer needs to know how to materialize regexp objects.

Bug: v8:6605,v8:6556,chromium:747825
Change-Id: Id491053f8e64fec16540efbfdc6c7c524da3e080
Reviewed-on: https://chromium-review.googlesource.com/582609
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46837}
2017-07-24 10:36:25 +00:00
Michael Lippautz
d70be3fa7d [heap] Switch global pool in Worklist to inlined list
- Avoids allocations when adding entries to the global pool
- Avoids taking the lock when not working on the global pool

Bug: 
Change-Id: I380b91d8fed2cab95fd84c4a3f4144cc8d6de86d
Reviewed-on: https://chromium-review.googlesource.com/582691
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46836}
2017-07-24 09:49:05 +00:00
Ulan Degenbaev
5ea58bde1c [heap] Use AdjustAmountOfExternalMemory to account freed array buffers.
Currently GC decrements the external memory counter directly bypassing
the AdjustAmountOfExternalMemory. This is inconsistent with array
buffer allocation, which actually uses the API to increment the counter.

Change-Id: I401087872213fdd60f1a40c99c8f459c14dc0608
Reviewed-on: https://chromium-review.googlesource.com/582008
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46835}
2017-07-24 09:23:20 +00:00
Michael Starzinger
d07365f9de [turbofan] Handle exceptional edges in ReduceArrayForEach.
This adds handling for exceptional control projections when lowering
calls to {Array.prototype.forEach} in the call reducer.

R=jarin@chromium.org
TEST=mjsunit/optimized-foreach
BUG=v8:1956

Change-Id: I282048b203814cbc1c90df983879578b210f92fb
Reviewed-on: https://chromium-review.googlesource.com/574542
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46834}
2017-07-24 09:04:11 +00:00
Yang Guo
f4867154c4 Revert "Introduce HASH_TABLE_TYPE instance type."
This reverts commit 990dd947bc.

Reason for revert: <INSERT REASONING HERE>

Original change's description:
> Introduce HASH_TABLE_TYPE instance type.
> 
> This is so that we can distinguish hash tables by instance type. We can
> then introduce maps for each kind of hash tables to further distinguish.
> 
> R=​mstarzinger@chromium.org
> 
> Bug: v8:6593
> Change-Id: I1a532884758e571abdfe2e2743fc5ea611d12f7e
> Reviewed-on: https://chromium-review.googlesource.com/581009
> Commit-Queue: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#46828}

TBR=yangguo@chromium.org,mstarzinger@chromium.org

Change-Id: Ia47d408e5cf47983940227b4cc445a704d7f8d19
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6593
Reviewed-on: https://chromium-review.googlesource.com/581493
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46833}
2017-07-24 07:33:52 +00:00
Benedikt Meurer
5ee1b7ad5a [turbofan] Add IC support for Call/ConstructWithSpread.
Properly hook up the (existing) IC slots for the CallWithSpread and
ConstructWithSpread bytecodes, and change the interpreter to collect
feedback (call counts and regular target function feedback) for those.
There's no integration with the Array constructor yet, since that
requires some yak shaving to thread through the AllocationSite to the
Array constructor stub. Once we have a solution for that, we can also
remove the current code duplication in the Call/Construct IC logic.

Also properly hook up the newly available feedback in TurboFan. This
will fix not only the missing target feedback, but more importantly
the tear-up decisions for optimization are correct now in the presence
of spread calls, and even more importantly the inlining heurstic has
proper call frequencies for those.

Some follow-up changes will be necessary to make sure we use the
feedback even for corner cases that aren't handled properly yet. Also
we should consider collecting feedback about the map of the spread
at some point to be able to always inline the spread calls.

Bug: v8:6399, v8:6527, v8:6630
Change-Id: I818dbcb411fd3951d8e9d31f5d7e794f8d60fa00
Reviewed-on: https://chromium-review.googlesource.com/582647
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46832}
2017-07-24 07:11:50 +00:00
jgruber
e0e3049e6e [interpreter] Print handler sizes on --print-builtin-size
Bytecode handlers are technically not builtins, but very similar to CSA
builtins in most respects (CSA-generated code, currently included in the
snapshot and deserialized for every isolate). This prints bytecode
handler sizes (in addition to standard CSA builtin sizes) when
--print-builtin-size is passed.

Bug: 
Change-Id: Ibd78422c5138b77ccf298f97c7c1fc1b73a3a09b
Reviewed-on: https://chromium-review.googlesource.com/581191
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46831}
2017-07-24 07:00:10 +00:00
Igor Sheludko
21e7f08385 [runtime] Don't track "class" field types for arrays with properties.
... in order to avoid the need to update field types through elements
kind transitions.

Bug: chromium:738763, chromium:745844
Change-Id: I9f0e7f321e7f44ab5b36c06dd4c5633611370807
Reviewed-on: https://chromium-review.googlesource.com/581647
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46830}
2017-07-24 06:34:12 +00:00
Jaroslav Sevcik
f641b7e6a4 [turbofan] Fix truncation query names.
Change-Id: I8a1e53d1836f4c68f571d397c35dd6f091e68076
Reviewed-on: https://chromium-review.googlesource.com/577537
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46829}
2017-07-24 06:27:12 +00:00
Yang Guo
990dd947bc Introduce HASH_TABLE_TYPE instance type.
This is so that we can distinguish hash tables by instance type. We can
then introduce maps for each kind of hash tables to further distinguish.

R=mstarzinger@chromium.org

Bug: v8:6593
Change-Id: I1a532884758e571abdfe2e2743fc5ea611d12f7e
Reviewed-on: https://chromium-review.googlesource.com/581009
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46828}
2017-07-24 06:04:29 +00:00
Jaroslav Sevcik
8b57281f27 [builtins] Port Map.prototype.set to CSA.
Bug: v8:5717
Change-Id: I2c3304070529272e84060bd625bf52a1a91203b5
Reviewed-on: https://chromium-review.googlesource.com/581490
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46827}
2017-07-24 05:59:49 +00:00
Igor Sheludko
5520cae3fd Revert "Reland "[runtime] Add shortcuts for elements kinds transitions.""
This reverts commit 6e27386d68.

Reason for revert: There will be another much simpler and
back-mergeable fix.

Original change's description:
> Reland "[runtime] Add shortcuts for elements kinds transitions."
> 
> This is a reland of b90e83f5da
> Original change's description:
> > [runtime] Add shortcuts for elements kinds transitions.
> >
> > The shortcuts ensure that field type generalization is properly
> > propagated in the transition graph.
> >
> > Bug: chromium:738763
> > Change-Id: Id701a6f95ed6ea093c707fbe0bac228f1f856e9f
> > Reviewed-on: https://chromium-review.googlesource.com/567992
> > Commit-Queue: Igor Sheludko <ishell@chromium.org>
> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#46622}
> 
> Bug: chromium:738763, chromium:742346, chromium:742381, chromium:745844
> Change-Id: I93974e3906b2c7710bd525f15037a2dd97f263ad
> Reviewed-on: https://chromium-review.googlesource.com/575227
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#46759}

TBR=ulan@chromium.org,jkummerow@chromium.org,ishell@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: chromium:738763, chromium:742346, chromium:742381, chromium:745844
Change-Id: I203dc748c47db554e0a86d61f0e2b7b8b96f2370
Reviewed-on: https://chromium-review.googlesource.com/581547
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46826}
2017-07-24 05:31:29 +00:00
v8-autoroll
b1f0e653f4 Update V8 DEPS.
Rolling v8/build: 277effe..d9a25a7

TBR=machenbach@chromium.org,hablich@chromium.org

Change-Id: I34d9dab2d4ae63e589b7a4af78438fce4d8e71f3
Reviewed-on: https://chromium-review.googlesource.com/581890
Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46825}
2017-07-24 03:42:18 +00:00
v8-autoroll
972a9f6cd2 Update V8 DEPS.
Rolling v8/build: 995d759..277effe

Rolling v8/third_party/catapult: d8bc21b..b5d2ffa

Rolling v8/tools/gyp: eb296f6..d61a939

TBR=machenbach@chromium.org,hablich@chromium.org

Change-Id: Ied3febaf622d126652b35249010b7b5785352cf8
Reviewed-on: https://chromium-review.googlesource.com/581710
Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46824}
2017-07-22 10:50:12 +00:00
Michael Achenbach
bb728e182b Revert "[runtime] Load only 10 bits as PropertyArray length"
This reverts commit b2bf43d529.

Reason for revert: 
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap%20-%20debug/builds/14149

Original change's description:
> [runtime] Load only 10 bits as PropertyArray length
> 
> Bug: v8:6404
> Change-Id: I187f20006c14aab4a36e2bfef31ca68ebb249e43
> Reviewed-on: https://chromium-review.googlesource.com/576516
> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#46822}

TBR=ulan@chromium.org,jkummerow@chromium.org,mstarzinger@chromium.org,cbruni@chromium.org,gsathya@chromium.org

Change-Id: If55b65f040a5a541726e39c35c12e3a5731aa744
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6404
Reviewed-on: https://chromium-review.googlesource.com/582607
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46823}
2017-07-22 10:46:05 +00:00
Sathya Gunasekaran
b2bf43d529 [runtime] Load only 10 bits as PropertyArray length
Bug: v8:6404
Change-Id: I187f20006c14aab4a36e2bfef31ca68ebb249e43
Reviewed-on: https://chromium-review.googlesource.com/576516
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46822}
2017-07-21 23:26:53 +00:00
Mircea Trofin
d77e98e8df [wasm] Use async compilation in streaming API
This change gets the streaming compile APIs closer to their final shape,
by moving to a promise-based design.

Bug: chromium:747396
Bug: v8:6619
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ifd22ff83c79391a0f2a8ec2e5af39f71df1ea1c2
Reviewed-on: https://chromium-review.googlesource.com/581412
Commit-Queue: Brad Nelson <bradnelson@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46821}
2017-07-21 18:03:27 +00:00
Caitlin Potter
00681326a3 [interpreter] refactor BuildGeneratorSuspend/Resume into BuildSuspendPoint
Simplify the model for generating Awaits, because the resume point is
always immediately following the suspend point, and registers used are
always the same for both operations.

Includes a minor refactoring of BytecodeGenerator::VisitYield() to
perform iterator result creation before the SuspendGenerator bytecode,
rather than between SuspendGenerator and Return. This adds a small
number of bytecodes for each yield.

BUG=v8:2355, v8:5855

Change-Id: I4868b89a6bc1b251f887d2a45890c8fa19f7b089
Reviewed-on: https://chromium-review.googlesource.com/576286
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Cr-Commit-Position: refs/heads/master@{#46820}
2017-07-21 16:48:57 +00:00
Ulan Degenbaev
d8846ffd5f Reland "[heap, runtime] Fix data race in prototype map transition during"
This reverts commit a9428d527e.

Original change's description:
 > [heap, runtime] Fix data race in prototype map transition during
 > concurrent marking.
 >
 > BUG=chromium:694255
 >
 > Change-Id: I172167623e9deab692fb506d7d4211d210b09a80
 > Reviewed-on: https://chromium-review.googlesource.com/579092
 > Reviewed-by: Igor Sheludko <ishell@chromium.org>
 > Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
 > Cr-Commit-Position: refs/heads/master@{#46813}

Change-Id: Ib4b4b989620800ce8a4f4247e4dae2a88c186be9
Reviewed-on: https://chromium-review.googlesource.com/581194
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46819}
2017-07-21 13:20:13 +00:00
jgruber
99248f4d86 [interpreter] Add ConditionalControlFlowBuilder
This refactors logic for handling IfStatement and Conditional nodes (including
block-coverage related slot and counter creation) into a new control-flow
builder.

Bug: v8:6000
Change-Id: Ib5b1724bdf8571fb55d310be79cc60dcf5473b81
Reviewed-on: https://chromium-review.googlesource.com/579509
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46818}
2017-07-21 13:15:43 +00:00
Ross McIlroy
5d0a4327c7 Revert "[Turbofan] Merged the OSR phase into the graph building phase."
This reverts commit 69c8f16da7.

Reason for revert: Causing crashes on Clusterfuzz - http://crbug.com/747154

BUG=chromium:747154

Original change's description:
> [Turbofan] Merged the OSR phase into the graph building phase.
> 
> Now the OSR phase is only used when OSRing from the ast graph builder.
> When OSRing from Turbofan, the implementation is now in the graph
> building phase, at the beginning of the VisitBytecode function.
> We are no longer generating any OSRLoopEntry or OSRNormalEntry nodes,
> nor nodes for the possible code of the OSRed function which is before
> the OSRed loops.
> 
> The trimming and reducing of the OSR phase is not done either. This
> change in the way the way the OSR is done enabled to remove the
> workaround to the bug mentioned below.
> 
> Bug: v8:6112
> Bug: v8:6518
> Change-Id: I1c9231810b923486d55ea618d550d981d695d797
> Reviewed-on: https://chromium-review.googlesource.com/543042
> Commit-Queue: Alexandre Talon <alexandret@google.com>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#46801}

TBR=rmcilroy@chromium.org,mstarzinger@chromium.org,leszeks@chromium.org,alexandret@google.com

Change-Id: Ifa9bf5d86e888a47cad7fb10446b36fda5029604
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6112, v8:6518
Reviewed-on: https://chromium-review.googlesource.com/581288
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46817}
2017-07-21 11:12:51 +00:00