Commit Graph

55637 Commits

Author SHA1 Message Date
Clemens Hammacher
3adcbaebfd [wasm][gc] Zap code of unused WasmCode objects
This is the next step to test the GC better: We zap the code region of
{WasmCode} objects which are detected to be unused. This is tested in
the future variant, so ClusterFuzz has a chance to catch missing
references.

R=titzer@chromium.org

Bug: v8:8217
Change-Id: I75a63384a2a8e2ed68b9447e6ee4faa24037da93
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1571622
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60945}
2019-04-23 12:30:11 +00:00
Sergiy Belozorov
64d7300d8d [tools] Refactor code to use Output objects instead of stdout in most places
This is part of the refactoring to allow exporting more information about
test execution to the recipes and upload this information to ChromePerf.

R=machenbach@chromium.org,tmrts@chromium.org

No-Try: true
No-Tree-Checks: true
Bug: chromium:841700
Change-Id: Iab400e8922231d8eac91a6fa22ce8f45053f7ac6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1569442
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Sergiy Belozorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60944}
2019-04-23 12:27:31 +00:00
Michael Starzinger
6957e23b54 [asm.js] Exported functions diverge from wasm js-api spec.
The WebAssembly JavaScript Interface specifies[1] that exported
functions are not constructors, hence do not have the "prototype"
property. This is not true for asm.js exported functions which are
expected to look like normal functions (or constructors).

[1] https://webassembly.github.io/spec/js-api/index.html#exported-function-exotic-objects

R=clemensh@chromium.org
TEST=mjsunit/regress/regress-crbug-935800
BUG=chromium:935800

Change-Id: Idecacfb7f5d4668540589af95fd59872334c21a3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1578499
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60943}
2019-04-23 11:54:01 +00:00
Simon Zünd
f663bb6e95 [torque-ls] Send compilation errors to the client
This CL implements the first set of diagnostic notifications.
When Torque compilation fails, the language server translates the
Torque error into a diagnostics notification and pushes it to the
client.

Note that per specification, the server is responsible to manage the
state of all published diagnostics. This means that the server is
also responsible for clearing out previous notifications if they
become stale.

Bug: v8:8880
Change-Id: Ief46dc1d94d1e5b7fa3e0048df494bfc05974031
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1569434
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60942}
2019-04-23 10:42:57 +00:00
Michael Achenbach
72b28e658a [test] Dump processes when test driver hangs
This prints the current v8-specific processes on linux whenever the
test driver emits a heart beat (i.e. no output for 30 seconds).

This is to investigate the cause of currently hanging tests on linux.

Bug: v8:9145
Change-Id: I857bb6d1c5f0b0917c64cdc0aa6076c6633f9dd6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1578438
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Sergiy Belozorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60941}
2019-04-23 10:21:31 +00:00
Clemens Hammacher
06d750b59c Disallow copy and assign of EmbeddedVector
EmbeddedVector lives on the stack only, and should not be implicitly
copied or assigned.
This also removes remaining uses of the removed Vector::set_start
method.

R=sigurds@chromium.org

Bug: v8:9142
Change-Id: I829e6ffad6b1a30baa6c874265e92d615dd0c981
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1578458
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60940}
2019-04-23 10:07:47 +00:00
Georg Neis
99b8521cb1 Remove unhelpful message from disassembly
Before:
0x352ac49c2eb4    f4  4d898df0f10600 REX.W movq [r13+0x6f1f0] (WAAT??? What are we accessing here???),r9

After:
0x352ac49c2eb4    f4  4d898df0f10600 REX.W movq [r13+0x6f1f0],r9

Change-Id: I5f9af797de3c84117fd123204d9094251d18d07b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1571618
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60939}
2019-04-23 08:55:35 +00:00
Michael Achenbach
d6d170b463 [test] Skip flaky test
NOTRY=true
TBR=sigurds@chromium.org

Bug: v8:8963
Change-Id: Idf19be92f7f039a14838c87695666d5f6963e6a1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1575585
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60938}
2019-04-23 08:00:44 +00:00
Matheus Marchini
d915b8d668 [snapshot] Fix copy-IET integration with Code Cache
R=bmeurer@chromium.org, jgruber@chromium.org, yangguo@chromium.org

Bug: v8:9122
Change-Id: I6336d2fc0249269a749d99dcae7c172b2ccaac75
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1570582
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60937}
2019-04-23 07:34:44 +00:00
v8-ci-autoroll-builder
2d00edf7a0 Update V8 DEPS.
Rolling v8/build: b5c9a27..7dae72d

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/d8ce959..fb33e51

Rolling v8/third_party/depot_tools: 8dfc0bc..6d9913a

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: I94dc1ff83c0c6bbbe46ee83065895810b19f6dc8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1578278
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#60936}
2019-04-23 04:22:35 +00:00
v8-ci-autoroll-builder
8964ef9f9f Update wasm-spec.
Rolling v8/test/wasm-js/data: f20b8e9..c46d4fa

[spec] Work around Sphinx/Latex issue (#1004) (Andreas Rossberg)
https://chromium.googlesource.com/external/github.com/WebAssembly/spec/+/c46d4fa

TBR=ahaas@chromium.org,clemensh@chromium.org

Change-Id: Id928f05d1ccec2f24d8bbe6eaca6bc646c58f6fc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1576818
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#60935}
2019-04-21 04:37:09 +00:00
v8-ci-autoroll-builder
e8824cce25 Update V8 DEPS.
Rolling v8/build: c0da152..b5c9a27

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/9f474a8..d8ce959

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: Ifaea2c06ec5dd338d0ab6d9775a6cce30647d40d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1575828
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#60934}
2019-04-20 03:59:48 +00:00
v8-ci-autoroll-builder
0e44fef478 Update wasm-spec.
Rolling v8/test/wasm-js/data: d14d538..f20b8e9

[spec] Pre/post-conditions and some renamings in embedding interface (#1003) (Andreas Rossberg)
https://chromium.googlesource.com/external/github.com/WebAssembly/spec/+/f20b8e9

TBR=ahaas@chromium.org,clemensh@chromium.org

Change-Id: I08aa77e87d5c66b6cfde86d439c2dad4bf9b5aba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1574374
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#60933}
2019-04-19 05:13:06 +00:00
v8-ci-autoroll-builder
d8a6ac64c2 Update V8 DEPS.
Rolling v8/build: cc63a88..c0da152

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/4e967e7..9f474a8

Rolling v8/third_party/depot_tools: 1e2cb15..8dfc0bc

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: I5e5ee21a818c6496cd8a3220ffa52d84b1e6c9f9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1574710
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#60932}
2019-04-19 04:18:46 +00:00
tzik
b5baf76f77 Cancel EnqueueMicrotask of FinalizationGroup on detached contexts
MicrotaskQueue associated to Context may be null after DetachGlobal,
and triggering FinalizationGroup clean up on the detached context
causes a crash.
This CL fixes the crash by cancelling the clean up on such a context.

Bug: chromium:937784
Change-Id: I57883ae0caf6c6bb35e482e441b6e09e921d9def
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1552500
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60931}
2019-04-19 04:02:06 +00:00
Frank Tang
8034b0568b [Intl] Implement Intl.DateTimeFormat.prototype.formatRangeToParts
Design Doc: https://goo.gl/PGUQ1d

Use template to share code between formatRange and formatRangeToParts
Lazy crate DateIntervalFormat inside formatRange/formatRangeToParts to
reduce performance impact.

Bug: v8:7729
Change-Id: I130748a5ff7ca11235e6608195d365e58d440580
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1556573
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60930}
2019-04-19 01:58:36 +00:00
Frank Tang
a8c73a4865 [Intl] Ship BigInt toLocaleString support.
Bug: v8:8699
Change-Id: I4e1f82132c3e48c21295ea7b0f3bcd24d5bd3c54
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1575019
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60929}
2019-04-19 00:21:50 +00:00
Frank Tang
4467bb3c79 Add regression test for v8:8604
Bug: v8:8604
Change-Id: Ieab15e55ed392019cc94de80d8e9c1a33f4d599a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1573038
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60928}
2019-04-18 20:48:10 +00:00
Z Duong Nguyen-Huu
1377cd37ab Put sealed, frozen elements kind behind flag
Per suggestion, we put this behind runtime flag in the mean time.
Refactor some codes.

Bug: v8:6831
Change-Id: Ibeb2a62b2a132971f8bc51c045bf0d2594eec198
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1566238
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60927}
2019-04-18 20:39:00 +00:00
Frank Tang
875046c7a8 [Intl] Ship intl dateStyle timeStyle
Bug: v8:8702
Change-Id: I0d483be11fbb19b6555900f3f953eae531d3e8cb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1574618
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60926}
2019-04-18 20:32:00 +00:00
George Burgess IV
f90456ba3f mksnapshot: introduce a V8_TARGET_OS_CHROMEOS define
We had one use of OS_CHROMEOS in mksnapshot. OS_CHROMEOS is defined if
gn's `is_chromeos` is true, which checks `current_os`. `current_os !=
target_os` can happen if we're building with a non-default toolchain,
which happens often on CrOS, since `mksnapshot` is a host binary.

Tested by manually verifying that .text.hot.embedded now shows up on
arm32/aarch64 builds of embedded.S.

Bug: v8:9103
Change-Id: I038b56f4c18c7dd9a651ce676a977697dad14ae6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1573041
Commit-Queue: George Burgess <gbiv@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60925}
2019-04-18 19:47:00 +00:00
Santiago Aboy Solanes
b00074ca5f [Turbofan][ptr-compr] Change native context specialisation for CompressedPointer
This CL adds the representation changes from/to CompressedPointer to the other
data types (excluding Tagged, which was done in a previous CL).

Also adding missing write barriers for compressed values (WriteBarrierKindFor).

Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:8977, v8:7703
Change-Id: Ieb4e6dd72371e858ba1da551f765e42581a51f90
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1571616
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60924}
2019-04-18 16:12:12 +00:00
Maya Lekova
c8763dd1b9 [test] Fix a regressed DCHECK in JSInliner
Bug: chromium:951400
Change-Id: Ib5454541e7c661649ccdb9771298ff90b3e9db5d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1571614
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60923}
2019-04-18 16:06:12 +00:00
Clemens Hammacher
241294fe18 [wasm] Try to avoid LTO bug on arm
There seems to be an issue where LTO inlines the icache flushing method
but removes the save and restore of the r7 register which is clobbered
for the icache flush syscall.
This CL tries to avoid the bug. It's purely speculative, as we cannot
reproduce the exact bug locally.

R=jkummerow@chromium.org

Bug: chromium:952759
Change-Id: I634fc4de3e8c4d1cb649384542c381d925b07a42
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1571619
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60922}
2019-04-18 14:13:33 +00:00
Frederik Gossen
28705dfbad [wasm-hints] Lazy Validation Flag
Add lazy validation for lazily compiled functions. The code is validated
only on first use. This applies to functions that are lazily compiled by
compilation hint as well as to entirely lazy modules.

Bug: v8:9003
Change-Id: If6a640db4bf4b846ac5e3805c138b8ac0a493cf9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1569427
Commit-Queue: Frederik Gossen <frgossen@google.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60921}
2019-04-18 12:43:52 +00:00
Jakob Gruber
47a690501d [coverage] Fix SFI::IsInlineable for block binary coverage
Block binary coverage currently also relies on invocation counts on
the feedback vector, which are not maintained in optimized code. This
fixes the SFI::IsInlineable predicate to also prevent inlining
functions when 1. binary coverage is enabled and 2. the function has
no reported binary coverage.

Drive-by: Add new predicates for binary/count modes.

Bug: v8:6000
Change-Id: I0039e43ebae880e3552e8349d20a144fe941ef3b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1571615
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60920}
2019-04-18 12:33:52 +00:00
Georg Neis
f434acc458 Revert recent ConsString-related changes
We see crashes in the wild that we suspect are caused by these changes.
This is a manual revert because of conflicts.

Revert "[turbofan] Fix incorrect CheckNonEmptyString lowering."
This reverts commit b3b7011867.

Revert "[turbofan] Fix incorrect lowering of CheckNonEmptyString."
This reverts commit 5758209026.

Revert "[turbofan] Significantly improve ConsString creation performance."
This reverts commit d6a60a0ee1.

Bug: v8:9147
Change-Id: I262c21e5406a9c4c8ad0e0f995582c5802f0fa1e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1571613
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60919}
2019-04-18 12:24:53 +00:00
Michael Starzinger
86f877de51 Simplify encoding of handler table by removing size.
R=jgruber@chromium.org
BUG=v8:8758

Change-Id: Iba62ca0f9010cd68b47966ad8d04c1a4149efe70
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1571415
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60918}
2019-04-18 11:49:12 +00:00
Jaroslav Sevcik
2c5f11fba2 [turbofan] Use the right comparison for constant field store.
This uses the same comparison as the ICs to make sure that ICs learn
after deoptimization (see
https://chromium-review.googlesource.com/c/v8/v8/+/1561319 for the IC
fix).

Bug: v8:9139
Change-Id: I67a361d85ee0c8a4ad4a6abc2d33ac4ca5fa22bc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1569438
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60917}
2019-04-18 11:29:22 +00:00
Frederik Gossen
45a6503ca6 [wasm-hints] Add Tests for Compilation Hints
Add tests for tiering and lazy compilation with compilation hints. The
tests build modules and verify the {WasmCode}'s tier internally. The
module builder now supports compilation hints in CCTests.

Bug: v8:9003
Change-Id: I18d926c3b1ef3508835a51a9d1d86bfadcb5216e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1566522
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Frederik Gossen <frgossen@google.com>
Cr-Commit-Position: refs/heads/master@{#60916}
2019-04-18 10:34:42 +00:00
Santiago Aboy Solanes
f354653026 [ptr-compr][csa] Storing CompressedXXX (with Change node) instead of TaggedXXX
We translate stores with TaggedXXX (XXX in {"", "Signed", "Pointer"})
representation in CSA into stores of CompressedXXX with a
ChangeTaggedXXXToCompressedXXX in the raw-machine-assembler.

This way, CSA doesn't need to know about Compressed values since we
are introducing an explicit "compress" node.

Also, on ARM64, removed CheckPageFlagSet and CheckPageFlagClear since
CheckPageFlag can be used for both cases.

Moved CheckPageFlag to the TurboAssembler (from MacroAssembler) since it
was needed on code-generator-arm64.cc.

Bug: v8:8977, v8:7703
Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Change-Id: Ia3a41b09a4d715588a36461620be0432ed064d13
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1566517
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60915}
2019-04-18 09:17:32 +00:00
Michael Hablich
0d988491b6 Update master version to 7.6.
TBR=machenbach@chromium.org
NOTRY=true

Change-Id: Iecc4c113a175a6acacc8d90b30c341762f9c7cb4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1571612
Reviewed-by: Michael Hablich <hablich@chromium.org>
Commit-Queue: Michael Hablich <hablich@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60914}
2019-04-18 08:14:42 +00:00
v8-ci-autoroll-builder
8becc16257 Update V8 DEPS.
Rolling v8/build: a0b2e3b..cc63a88

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/acbf095..4e967e7

Rolling v8/third_party/depot_tools: 7e7523b..1e2cb15

Rolling v8/third_party/fuchsia-sdk: a42c2f6..ae68779

Rolling v8/third_party/googletest/src: b617b27..9f893b9

Rolling v8/tools/clang: edee5c0..396602c

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: I2964b7bb215b5981338eef6f46076e05d79a86e5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1572680
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#60913}
2019-04-18 03:36:59 +00:00
Yu Yin
948813143c [mips32][heap] Clean-up keys of oldspace weakmaps during scavenge
port https://crrev.com/c/1541476

Original Commit Message:

     This CL adds handling for cleaning up weakmap (EphemeronHashTable)
     keys during scavenge, even if the weakmap resides in oldspace.

Change-Id: If6e06ea8621fd6aff374c04247c3168b2cbb361a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1568712
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Yu Yin <xwafish@gmail.com>
Cr-Commit-Position: refs/heads/master@{#60912}
2019-04-18 00:53:59 +00:00
Jakob Kummerow
912b3912b4 [wasm-c-api] Add upstream examples as tests
Plus a script to compile/link/run them.

Change-Id: Iac8ffcda3a73902261c07a7b4e5d967a19414c75
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1564058
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60911}
2019-04-17 18:04:16 +00:00
Jakob Kummerow
f80bfeaf07 [wasm] Draft version of C/C++ Wasm API
Imported from https://github.com/WebAssembly/wasm-c-api/ and
updated to work inside V8.
Tests will be added in an upcoming CL.

This is experimental; it is not yet recommended to rely on it.

Change-Id: I05914f4b63298bf7c848c4d4c8811f0f6eb882e3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1516478
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60910}
2019-04-17 16:00:26 +00:00
Clemens Hammacher
bfc8afdbd1 [wasm][gc] Add code ref scope for fuzzers
A testing method was missing a code ref scope, making fuzzers fail.

R=mstarzinger@chromium.org

Bug: chromium:952759
Change-Id: Ib9d485fad85f66ca358a769a4e52777f68367991
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1571605
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60909}
2019-04-17 15:43:46 +00:00
Irina Yatsenko
92d239b808 Make EnumCache derive directly from Struct and add a new instance type for it.
Bug: v8:9136
Change-Id: I9c0b4b662c2d061a13ee22df728fbee5df01b89e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1568106
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Irina Yatsenko <irinayat@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#60908}
2019-04-17 15:42:16 +00:00
Clemens Hammacher
d1068b4f91 Revert "[Interpreter] Ensure Test*Handler don't allocate a frame for fast-path."
This reverts commit d6121fd1a3.

Reason for revert: Fails cctest/test-cpu-profiler/Inlining2 on arm64-sim: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim/17702

Original change's description:
> [Interpreter] Ensure Test*Handler don't allocate a frame for fast-path.
> 
> Avoids allocating a frame for the fast-path in TestEqual, TestEqualStrict and
> TestLess/GreaterThan bytecode handlers. Also changes how feedback is tracked
> to try and avoid needing to keep feedback to "combine" with if it's unecessary
> which reduces the liveranges of the registers holding this data.
> 
> This reduces the time needed for a tight loop in Ignition (e.g.,
> while (i < 1000000000) ++i;) from 12.8s to 10.8s.
> 
> BUG=v8:9133
> 
> Change-Id: I686b9da89541d15d233635db3276de3dad2fa282
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1570020
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60906}

TBR=rmcilroy@chromium.org,jgruber@chromium.org

Change-Id: I5e53138929bf1fae9f57f9dd023d258bb7d557ac
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9133
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1571418
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60907}
2019-04-17 13:48:47 +00:00
Ross McIlroy
d6121fd1a3 [Interpreter] Ensure Test*Handler don't allocate a frame for fast-path.
Avoids allocating a frame for the fast-path in TestEqual, TestEqualStrict and
TestLess/GreaterThan bytecode handlers. Also changes how feedback is tracked
to try and avoid needing to keep feedback to "combine" with if it's unecessary
which reduces the liveranges of the registers holding this data.

This reduces the time needed for a tight loop in Ignition (e.g.,
while (i < 1000000000) ++i;) from 12.8s to 10.8s.

BUG=v8:9133

Change-Id: I686b9da89541d15d233635db3276de3dad2fa282
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1570020
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60906}
2019-04-17 13:00:16 +00:00
Peter Marshall
f528509be9 [cleanup] Don't cast ScopeInfo twice in inferred_name()
Change-Id: Id34b9dbe07871fc8e25bcb73d908b5b155a9f4e9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1571407
Auto-Submit: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60905}
2019-04-17 12:00:16 +00:00
Clemens Hammacher
c2835df621 [wasm] Remove trap handler fallback
The trap handler fallback is flaky, and was never enabled since it
never worked reliably. This CL removes
a) the --wasm-trap-handler-fallback flag,
b) the distinction between soft and hard address space limit,
c) methods to check whether memory has guard regions (it will always
  have them on 64 bit architectures),
d) associated runtime functions,
e) the trap handler fallback tests,
f) recompilation logic for the fallback.

R=titzer@chromium.org

Bug: v8:8746
Change-Id: I7f4682b8cd5470906dd8579ff1fdc9b1a3c0f0e7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1570023
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60904}
2019-04-17 11:55:36 +00:00
Santiago Aboy Solanes
dd29683f53 [Turbofan][ptr-compr] Change native context specialisation for CompressedSigned
This CL adds the representation changes from/to CompressedSigned to the other
data types (excluding Tagged, which was done in a previous CL).

Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:8977, v8:7703
Change-Id: If967a1a0fc669c45a2764cf950cf02d8c06b08b1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1547859
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60903}
2019-04-17 11:51:45 +00:00
Clemens Hammacher
75e2bea3a8 [wasm] Remove code to be logged when native module dies
We have very few tests for this currently, and it's hard to test
this, since code logging happens soon after scheduling the task and
stack guard. If the timing is just right, it can happen though that a
{NativeModule} dies while {WasmCode} objects of that {NativeModule} are
still part of the {code_to_log} vector. In that case, we need to remove
those code objects from the vector to avoid use after free.

R=mstarzinger@chromium.org

Change-Id: I16c7098bf11c54700cc650dad965106af2e39157
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1566519
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60902}
2019-04-17 11:14:26 +00:00
Jakob Gruber
104a030f15 [build] Include trap handler files in iOS simulator builds
iOS simulator builds have x64 as the target architecture. This extends
BUILD.gn to properly include trap handler files in this case.

Bug: v8:9140
Change-Id: If6e90a720effdebe8b1f4e4e37eb8b3a3dbae20e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1570022
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60901}
2019-04-17 11:02:56 +00:00
Michael Starzinger
76f09525ce [wasm][x64] Improve jump table slot sequence.
R=clemensh@chromium.org

Change-Id: I367bb962d422e570b51c82bc7b3ebbd3fbedfd2b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1570018
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60900}
2019-04-17 10:44:56 +00:00
Clemens Hammacher
4863551111 Reland "[wasm] Add stack guard for logging code"
This is a reland of 067ba2a0c6.
Unchanged reland, hence TBR.

Original change's description:
> [wasm] Add stack guard for logging code
>
> Benchmarks or worker threads might never return to the event queue,
> hence they will never execute the scheduled foreground task to log
> compiled and published wasm code.
> This CL adds a stack guard to log the code, to ensure that we also log
> it for wasm code that never returns to the event queue.
>
> R=mstarzinger@chromium.org
>
> Bug: v8:9104
> Change-Id: I176959cadb4ab3a60153d0717530c032272ad3e8
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1561073
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60879}

TBR=mstarzinger@chromium.org

Bug: v8:9104
Change-Id: I105b37ef8429d16ef5b983919ba8bca615e347c0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1570017
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60899}
2019-04-17 10:10:25 +00:00
Jakob Gruber
5a6953fe07 [libsampler] Add iOS support in libsampler
This adds support for iOS builds in libsampler. Both iOS simulator
builds (target architecture x64) and iOS device builds (arm64) are
supported.

Note that this is mostly untested since we neither have iOS bots nor
an iOS test runner. This CL was thus only tested by compiling V8 for
both iOS simulator & device targets.

Bug: v8:9140
Change-Id: Ib618bf793771f4be84d1979a968d2b3ef9f6ff86
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1569436
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60898}
2019-04-17 08:56:05 +00:00
Jakob Gruber
5de852c989 [build] Add iOS detection
Add OS detection for iOS builds. If we are building for an iOS target,
the following V8 OS defines will be set:

V8_OS_BSD
V8_OS_MACOSX
V8_OS_POSIX
V8_OS_IOS  // This one is new.

The detection code is taken from Chromium's build_config.h file.

Bug: v8:9140
Change-Id: I435a8931dc0ae0eefdb893bc838a04470bcc57db
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1569435
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60897}
2019-04-17 08:53:35 +00:00
tzik
f41f6d7416 Fix D8 Realm.navigate after Realm.detachGlobal
Realm.navigate hits a UAF when it's called after Realm.detachGlobal, and
that's hit a clusterfuzz test.

Bug: chromium:952749
Change-Id: Icf0f0d0b845bc5a2d1ddd80ab52756dae97b982f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1567583
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60896}
2019-04-17 08:11:19 +00:00