Commit Graph

54389 Commits

Author SHA1 Message Date
Caitlin Potter
0cd67eb7c5 [esnext] ship "hashbang" syntax
Turns --harmony-hashbang on by default.

Intent to ship: https://groups.google.com/d/msg/v8-dev/hlCVa_XZ3TM/UWjjyOq3FwAJ
ChromeStatus page: https://www.chromestatus.com/feature/5134505706782720

BUG=v8:8523
R=gsathya@chromium.org, mathias@chromium.org, adamk@chromium.org

Change-Id: I821f69e45eb0a63a3f49181e2b88b0bcd091af2c
Reviewed-on: https://chromium-review.googlesource.com/c/1486113
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Cr-Commit-Position: refs/heads/master@{#59847}
2019-02-25 20:56:45 +00:00
Z Duong Nguyen-Huu
5c4dd9f05e gm .check should work in win
currently it cannot call run-tests.py since it use Linux path

Change-Id: I15af9c7e6503e6d473611a24f5f223ff68b1dbbd
Reviewed-on: https://chromium-review.googlesource.com/c/1484110
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#59846}
2019-02-25 20:14:29 +00:00
Frank Tang
2f61777d06 Reland "[Intl] Ship Intl.Locale"
This is a reland of f1b21a1066

Original change's description:
> [Intl] Ship Intl.Locale
> 
> Bug: v8:7684
> Change-Id: I5994c3fc4b97c4322c4e0cf20305da75e66efd5a
> Reviewed-on: https://chromium-review.googlesource.com/c/1478220
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Commit-Queue: Frank Tang <ftang@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59780}

Bug: v8:7684
Change-Id: I4f73205398a9649e2f55a1b090cd3afffade68c4
Reviewed-on: https://chromium-review.googlesource.com/c/1480918
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59845}
2019-02-25 19:04:04 +00:00
Z Duong Nguyen-Huu
4726e82bfd Add more test for non extensible packed object
Bug: v8:6831
Change-Id: I6e9f6fc718928f2f86d3b3c2dd144a6636b05790
Reviewed-on: https://chromium-review.googlesource.com/c/1481895
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59844}
2019-02-25 18:31:44 +00:00
Matt Gardner
32fc0acfef Optimize in operator
This change implements optimizations for the `in` operator for packed array
elements and object properties. It adds a new feedback slot kind and an IC
path similar to KeyedLoadIC for handling the lookups. TurboFan uses the
feedback to optimize based on the maps and keys.

For more details see:
https://docs.google.com/document/d/1tIfzywY8AeNVcy_sen-5Xev21MeZwjcU8QhSdzHvXig

This can provide 10x performance improvements of on loops of the form:

    for (let i = 0; i < ary.length; ++i) {
      if (i in ary) {
        ...
      }
    }


Bug: v8:8733
Change-Id: I766bf865a547a059e5bce5399bb6112e5d9a85c8
Reviewed-on: https://chromium-review.googlesource.com/c/1432598
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Matt Gardner <magardn@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#59843}
2019-02-25 18:11:14 +00:00
Ulan Degenbaev
7fbce1ad4b [heap] Ensure that non-regular chunks are freed before scavenge
This prevents accumulation of non-regular chunks if unmapper tasks
are not making progress.

Bug: chromium:934453
Change-Id: I552bc4f566f4be8877d9e806cca2aa9c284a7f4f
Reviewed-on: https://chromium-review.googlesource.com/c/1483055
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59842}
2019-02-25 17:16:04 +00:00
Mike Stanton
45ed388d3b Reland "[Torque] Port Array.prototype.reduce and reduceRight to Torque"
A custom deoptimization continuation point erroneously cast a parameter
to a number. Tests added.

BUG: v8:7672
Change-Id: I59848aacdedc1de9fd7d83d55045618f37d39fb0
Reviewed-on: https://chromium-review.googlesource.com/c/1485974
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59841}
2019-02-25 17:05:23 +00:00
Michael Lippautz
7b6a7379b6 PersistentValueMapBase: Deprecate outdated marking API
Embedders should use EmbedderHeapTracer::RegisterEmbedderReference
instead.

Bug: chromium:923361
Change-Id: If76c0354475798b09af95bedee0890594b29cd14
Reviewed-on: https://chromium-review.googlesource.com/c/1486472
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59840}
2019-02-25 16:43:33 +00:00
Jakob Gruber
e97c48ec58 [regexp] Again support regexp execution without side effects
This is a quirk needed for the regexp fuzzer, which passes its own
custom RegExpMatchInfo object to RegExpImpl::Exec and expects execution
without side effects.

Bug: chromium:934621
Change-Id: I90286fda06593d7c574d8d4629481ebad2fa5b1d
Reviewed-on: https://chromium-review.googlesource.com/c/1485833
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59839}
2019-02-25 16:18:16 +00:00
Ulan Degenbaev
b6c0c44766 [heap] Start unmapper tasks for freed young large pages
This fixes the case of accumulating large pages after scavenges if
there is no mark-compact GC.

Bug: chromium:934453
Change-Id: Ide57c64ae985cc79ad9f477a759ab729f894c73b
Reviewed-on: https://chromium-review.googlesource.com/c/1482740
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59838}
2019-02-25 16:17:11 +00:00
Junliang Yan
942dc58506 PPC/s390: [objects] Free one bit in the SharedFunctionInfo::flags.
Port 591408cba7

Original Commit Message:

    We'll need one bit in the SharedFunctionInfo::flags to record whether
    it's safe to skip arguments adaptor frames (for v8:8895), so this
    just removes the SharedFunctionInfo::IsDerivedConstructorBit which is
    redundant, since the same information is already available in the
    SharedFunctionInfo::FunctionKindBits, and most places in the code
    use that already, with the exception of the JSConstructStubGeneric
    builtin.

    This changes the JSConstructStubGeneric builtin to just check the
    function kind instead of testing the explicit bit, which also makes
    this more consistent. It seems like there's not much overhead to
    that, doing an additional bitmasking plus two comparisons instead
    of one. This shouldn't really matter since invocation and execution
    of the constructors is going to dominate and optimized code inlines
    all of this anyways. If this turns out to affect performance, we
    can still look into encoding the FunctionKindBits more cleverly.

    the shift when accessing the function kind. This seems logic, since
    for the actual boolean bit fields it doesn't matter where they are
    in the flags, whereas for the function kind this saves one shift.

R=bmeurer@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com, miladfar@ca.ibm.com
BUG=
LOG=N

Change-Id: I4e3ba5a066285bf50e869c32228d79d26d57258f
Reviewed-on: https://chromium-review.googlesource.com/c/1486411
Reviewed-by: Milad Farazmand <miladfar@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#59837}
2019-02-25 15:34:41 +00:00
Pierre Langlois
b152bb75f8 [heap] Relax accessing markbits in ranges.
When calling the `bitmap(chunk)` method of the various *MarkingState accessors
we would receive a raw `Bitmap` pointer which does not tell you if accesses to
markbits should be made atomically or not. As a result, we would default to
doing atomic operation when in fact it may not be necessary.

Here we're introducing a templated `ConcurrentBitmap` class that wraps
operations done on the markbits and allows them to be made non-atomic.

Additionaly, some of the `Bitmap` methods were only used to verify the heap and
in the tests so they do not need atomic implementations. Using them in a
concurrent context should now fail to link to make sure they're not mis-used in
the future.

Change-Id: Ifb55f8522c8bf0c87d65da9227864ee428d21bbd
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel
Reviewed-on: https://chromium-review.googlesource.com/c/1482916
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#59836}
2019-02-25 15:28:41 +00:00
Mike Stanton
bd9ef0f32a [Torque] Reduce code size by combining FixedArray/FixedDoubleArray paths
This CL reduces the instruction size of Array.prototype.every and some
by ~20%. Should performance allow it we could do the same for other
array builtins. We attach a boolean to the FastJSArrayWitness that
remembers if it's dealing with a FixedArray or a FixedDoubleArray.
We have to check this in the loop, but it is likely that reduced
code size more than pays for the extra check, since the loop will
be dominated by the call to the users callback function.

BUG: v8:7672
Change-Id: Id3bab2b163d7ba73424250d8bb194712909cd37e
Reviewed-on: https://chromium-review.googlesource.com/c/1484293
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59835}
2019-02-25 14:49:27 +00:00
Georg Neis
6d640b9b17 [turbofan] Remove MapsParameterInfo
This was a pair of a set of maps and their common instance type (if
any), but the instance type field was only used in a printing function.
Removing the whole class in favor of ZoneHandleSet<Map> means we avoid
looking at the heap to determine the common instance type. Eventually
we can use the broker to do this if we need to.

Bug: v8:7790
Change-Id: If0cadf9b17e3b9e77cffc4f0b69e2585aff7c85c
Reviewed-on: https://chromium-review.googlesource.com/c/1481214
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59834}
2019-02-25 14:40:17 +00:00
Tobias Tebbi
3bd88999b7 [torque] disable warning for mis-alignment beyond kTaggedSize
Since our allocations don't guarantee more than kTaggedSize alignment,
it doesn't make sense to warn about mis-alignment beyond that.

Bug: v8:8863 v8:7793
Change-Id: Ia1c2dd25efdb2c1084968ab4ffe8de25b8654cdb
Reviewed-on: https://chromium-review.googlesource.com/c/1486251
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59833}
2019-02-25 14:33:57 +00:00
Peter Marshall
67f70038b5 [cpu-profiler] Enable CpuProfileDeepStack test
This  has been marked as flaky for a long time but was fixed by
https://chromium-review.googlesource.com/c/v8/v8/+/1480378.

Bug: v8:5193

Change-Id: I5f03f028fd006bcc83407b48ed49289c5573cade
Reviewed-on: https://chromium-review.googlesource.com/c/1476993
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59832}
2019-02-25 14:31:37 +00:00
Ross McIlroy
5c9abc52c0 [Compiler] If bytecode is flushed during code deserialization, fall through to recompile.
With stress bytecode flushing it's possible for the main SFI of a script to have it's
bytecode flushed during deserialization of the script. If this happens, just fall-through
to recompile the SFI.

BUG=v8:8901,v8:8395

Change-Id: I786c1ca93167b76810481892ade525d14ff9168f
Reviewed-on: https://chromium-review.googlesource.com/c/1485837
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59831}
2019-02-25 14:29:18 +00:00
Benedikt Meurer
f8557ef698 [csa] Make FastCheck actually fast :-)
Mark the not_ok case as deferred.

Bug: v8:8834
Change-Id: I17536e45fb6aa309347b8faaf5f25fb3bbfbf6cf
Reviewed-on: https://chromium-review.googlesource.com/c/1485973
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59830}
2019-02-25 14:09:17 +00:00
Benedikt Meurer
b825f43048 [builtins] Also sanity check promise reactions in CSA code.
Add some additional safety net to the CSA code for triggering promise
reactions to make sure we catch security bugs (specifically related
to misuse of the V8 Extras API) on the fast-path.

Bug: chromium:931640, chromium:931949
Change-Id: I76b5dc6653e2404411a29dcd9c54245d7c43d883
Reviewed-on: https://chromium-review.googlesource.com/c/1485972
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59829}
2019-02-25 14:07:57 +00:00
Sigurd Schneider
de0a8c789e Revert "[Torque] Port Array.prototype.reduce and reduceRight to Torque"
This reverts commit b3d8eeb6eb.

Reason for revert: https://ci.chromium.org/p/chromium/builders/luci.chromium.try/win7-rel/25961

Original change's description:
> [Torque] Port Array.prototype.reduce and reduceRight to Torque
> 
> BUG: v8:7672
> Change-Id: I8816ab9051e7900119fd65c239f9e207f5c3d417
> Reviewed-on: https://chromium-review.googlesource.com/c/1478697
> Commit-Queue: Michael Stanton <mvstanton@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59807}

TBR=mvstanton@chromium.org,tebbi@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Change-Id: Ib15bd4499618a22185d8ef173c4df7b7d55f54ce
Reviewed-on: https://chromium-review.googlesource.com/c/1485971
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59828}
2019-02-25 13:30:16 +00:00
Toon Verwaest
f24cee185b [parser] Move Token::NEW parsing into the switch of ParsePrimaryExpression
All uses of ParseMemberExpression go through
ParseMemberWithNewPrefixesExpression, and ParseMemberExpression always starts
with ParsePrimaryExprssion, so we can simply move Token::NEW handling into
ParsePrimaryExpression. That avoids an unnecessary branch on the hot path.

Change-Id: I2bcce8e106c547c6d308ee6b0fce8747c7214886
Reviewed-on: https://chromium-review.googlesource.com/c/1485838
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59827}
2019-02-25 13:14:01 +00:00
Toon Verwaest
792383e3ad [parser] Outline handling of postfix ops
This saves some binary size.

Change-Id: I64d20be63922ba0aab0b664fb30c3e2e023bb860
Reviewed-on: https://chromium-review.googlesource.com/c/1485841
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59826}
2019-02-25 13:12:56 +00:00
Benedikt Meurer
75629d5f9a [turbofan] Skip arguments adaptor when target cannot observe arguments.
When calling a known function from optimized code, where the number of
actual arguments does not match the number of expected arguments,
TurboFan has to call indirectly via the arguments adaptor trampoline,
which creates an argument adaptor frame underneath the activation record
for the callee. This is done so that the callee can still get to the
actual arguments, using either

1. the arguments object, or
2. rest parameters (to get to superfluous arguments), or
3. the non-standard Function.arguments accessor (for sloppy mode
   functions), or
4. direct eval(), where we don't know whether there's a use of the
   arguments object hiding somewhere in the string.

However going through the arguments adaptor trampoline is quite
expensive usually, it seems to be responsible for over 60% of the
call overhead in those cases.

So this adds a fast path for the case of calling strict mode functions
where we have an arguments mismatch, but where we are sure that the
callee cannot observe the actual arguments. We use a bit on the
SharedFunctionInfo to indicate that this is safe, which is controlled
by hints from the Parser which knows whether the callee uses either
arguments object or rest parameters.

In those cases we use a direct call from optimized code, passing the
expected arguments instead of the actual arguments. This improves the
benchmark on the document below by around 60-65%, which is exactly
the overhead of the arguments adaptor trampoline that we save in this
case.

This also adds a runtime flag --fast_calls_with_arguments_mismatches,
which can be used to turn off the new behavior. This might be handy
for checking the performance impact via Finch.

Bug: v8:8895
Change-Id: Idea51dba7ee6cb989e86e0742eaf3516e5afe3c4
Cq-Include-Trybots: luci.chromium.try:linux-blink-rel
Doc: http://bit.ly/v8-faster-calls-with-arguments-mismatch
Reviewed-on: https://chromium-review.googlesource.com/c/1482735
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59825}
2019-02-25 12:47:36 +00:00
Mike Stanton
ad7537ae6a [TurboFan] Use regular arrays instead of vector for checkpoint params
We don't need dynamic allocation for these arrays.

Change-Id: I12095ec0e3b6e9d70be56adfb77aded5c25eb3d5
Reviewed-on: https://chromium-review.googlesource.com/c/908462
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59824}
2019-02-25 12:45:56 +00:00
Maciej Goszczycki
993e452006 Switch RehashBasedOnMap to use ReadOnlyRoots
This means ReadOnlyDeserializer can be made isolate independent. Without
this Isolate is needed for rehashing read-only space.


Bug: v8:7464
Change-Id: Id2c9968a0ecfa2362f499ded6c7e0f7b2be00dfb
Reviewed-on: https://chromium-review.googlesource.com/c/1483054
Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59823}
2019-02-25 12:28:26 +00:00
Sigurd Schneider
257433ecf3 [cleanup] Remove ast.h include in shared-function-info-inl.h
This removes ast.h as include from about ~500 includers of the latter.

Bug: v8:8834
Change-Id: I294026d4bb29b878820d43c117b04a9645a457ae
Reviewed-on: https://chromium-review.googlesource.com/c/1485835
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59822}
2019-02-25 12:03:41 +00:00
Benedikt Meurer
591408cba7 [objects] Free one bit in the SharedFunctionInfo::flags.
We'll need one bit in the SharedFunctionInfo::flags to record whether
it's safe to skip arguments adaptor frames (for v8:8895), so this
just removes the SharedFunctionInfo::IsDerivedConstructorBit which is
redundant, since the same information is already available in the
SharedFunctionInfo::FunctionKindBits, and most places in the code
use that already, with the exception of the JSConstructStubGeneric
builtin.

This changes the JSConstructStubGeneric builtin to just check the
function kind instead of testing the explicit bit, which also makes
this more consistent. It seems like there's not much overhead to
that, doing an additional bitmasking plus two comparisons instead
of one. This shouldn't really matter since invocation and execution
of the constructors is going to dominate and optimized code inlines
all of this anyways. If this turns out to affect performance, we
can still look into encoding the FunctionKindBits more cleverly.

Drive-by-fix: Move the FunctionKindBits first in the flags to avoid
the shift when accessing the function kind. This seems logic, since
for the actual boolean bit fields it doesn't matter where they are
in the flags, whereas for the function kind this saves one shift.

Bug: v8:8834, v8:8895
Change-Id: I184a8f5cc5c140bdc272cf9a5ad546093c457306
Reviewed-on: https://chromium-review.googlesource.com/c/1482915
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59821}
2019-02-25 12:02:36 +00:00
Jakob Gruber
83e88b338d [nojit] Disable field representation tracking in jitless mode
Field representation tracking is only used by TurboFan.

Bug: v8:7777
Change-Id: I0d930f8dc0b68ff030111f12092b183c4c257ac6
Reviewed-on: https://chromium-review.googlesource.com/c/1481218
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59820}
2019-02-25 11:58:56 +00:00
Santiago Aboy Solanes
0969db168a [cleanup] Implement a cached version of LoadMessage and StoreMessage ...
since these operators don't have any variable arguments.

Bug: v8:8183
Change-Id: I602fe65a2137d6ffc6ece702da53d660577eee4a
Reviewed-on: https://chromium-review.googlesource.com/c/1482736
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59819}
2019-02-25 11:36:17 +00:00
Ross McIlroy
ec9aef3d1e [Runtime] Ensure template objects are retained if bytecode is flushed.
Template objects should be cached after they are first created and reused on
subsiquent calls to tag functions. Currently these cached objects are stored
on the feedback vector, which has appropriate lifetime, however with bytecode
flushing the feedback vector could be cleared when the bytecode is flushed,
causing the template object to be dropped.

In order to retain the cached template objects in the face of bytecode flushing,
this CL adds a weakmap for each native context that is (weakly) keyed by
shared function info, and holds a linked list of cached template objects
associated with that shared function info, indexed by feedback vector slot id.
Misses will check this weakmap, and if no entry is found, a new template object
is created and added into this weakmap alongside the feedback vector.

BUG=v8:8799,v8:8799,v8:8395

Change-Id: Ia95d5cfc394ce58dc9fe6a1e49780f05299acc17
Reviewed-on: https://chromium-review.googlesource.com/c/1477746
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59818}
2019-02-25 11:20:06 +00:00
Jon Kunkee
58cefed29c snapshot: add source line stubs for ARM64 Windows
When stubbing out source line information emission for Windows, the
ARM64 Windows branch was missed. This change copies the x86/x64 stubs
as appropriate.

Bug: chromium:893460,v8:8870

R=jgruber@chromium.org

Bug: chromium:893460,v8:8870
Change-Id: I1416b602a4f96a68c37fdeeb816ce1ce33b12407
Reviewed-on: https://chromium-review.googlesource.com/c/1453637
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59817}
2019-02-25 11:16:11 +00:00
Tobias Tebbi
05715e53a0 [build][torque] include src/globals.h in Torque
Bug: v8:8863
Change-Id: I8907b7b0b7dfa53a2e1e607c0bad26939d312f4e
Reviewed-on: https://chromium-review.googlesource.com/c/1485836
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59816}
2019-02-25 11:15:06 +00:00
Jakob Gruber
79e60c9382 Rename ShouldLoadConstantsFromRootList() ...
to IsGeneratingEmbeddedBuiltins() to clarify its meaning.

Bug: v8:6666
Change-Id: I8b282f29775a103a03f502c3e9629b40b4a690bd
Reviewed-on: https://chromium-review.googlesource.com/c/1480380
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59815}
2019-02-25 11:11:26 +00:00
Toon Verwaest
4b0c2b32af [parser] Fix stackoverflow on function expressions
This merges all the possible targets for 'member expressions' previously
parsed in ParseMemberExpression into ParsePrimaryExpression; since that's
not independently used anyway. This will make it faster since we don't
need to go through unnecessary branches before ParsePrimaryExpression on
the fast path, *and* it will make the binary smaller since
ParseMemberExpression is inlined but ParsePrimaryExpression is not. It
saves 4kb. Yay :)

Bug: chromium:913222
Change-Id: Ib92e1c2a128fffff1db85b625bb5f311ec8c24ef
Reviewed-on: https://chromium-review.googlesource.com/c/1480379
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59814}
2019-02-25 10:44:26 +00:00
Toon Verwaest
e14a24d32e [parser] Always return a valid var from DeclareVariableName
That way we can continue running in failure mode.

Bug: chromium:933214
Change-Id: I975901a72f615e2b7ed9955b75ce86bbcad0bbbb
Reviewed-on: https://chromium-review.googlesource.com/c/1481219
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59813}
2019-02-25 10:31:26 +00:00
Anna Henningsen
42a38d2ada [inspector] Do not leak Handles from V8InspectorSession methods
Do not leak handles to the outer scopes from inspector methods.
Add `SealHandleScope`s to the tests and the d8 binding, and
`HandleScope`s in the places in the inspector source where
handles are actually used.

Change-Id: I80b1bb0ccc4778b32e9198513f63d5c0652c8f59
Reviewed-on: https://chromium-review.googlesource.com/c/1484304
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59812}
2019-02-25 10:17:11 +00:00
Jakob Gruber
5bba1e46c3 Fix an early dereference in ReplacementStringBuilder
This fixes an early handle dereference before a potential allocation
in ReplacementStringBuilder.

Bug: chromium:935101
Change-Id: I03cf2b18b577a38af818dcc42f7c430faba23450
Reviewed-on: https://chromium-review.googlesource.com/c/1485831
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59811}
2019-02-25 10:16:06 +00:00
Peter Marshall
6e94676d15 [cpu-profiler] Fix flaky crashes on Windows caused by stack reads
This read can cause a guard page violation on Windows, where the sp is
sometimes incorrect and points far into the future stack space.

Bug: v8:8883, v8:5193
Change-Id: I55c1fcac873a9c43484a5d1c3f2661f3589b1daf
Reviewed-on: https://chromium-review.googlesource.com/c/1480378
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59810}
2019-02-25 10:05:06 +00:00
v8-ci-autoroll-builder
a8a45e4121 Update V8 DEPS.
Rolling v8/build: 93f8c0e..9f11dc3

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/e4abf4c..a4323c9

Rolling v8/third_party/depot_tools: d7f7a3e..95ea36e

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: I14c7bbc2fa38d2fc5d4d6135c73bab8c4b2b3184
Reviewed-on: https://chromium-review.googlesource.com/c/1485240
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#59809}
2019-02-24 03:48:03 +00:00
peterwmwong
6506035360 [typedarray] Port AttachBuffer to Torque.
Change-Id: I96935cd8e16715ce729a9830c00357c740696b3b
Reviewed-on: https://chromium-review.googlesource.com/c/1470445
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59808}
2019-02-24 01:09:52 +00:00
Mike Stanton
b3d8eeb6eb [Torque] Port Array.prototype.reduce and reduceRight to Torque
BUG: v8:7672
Change-Id: I8816ab9051e7900119fd65c239f9e207f5c3d417
Reviewed-on: https://chromium-review.googlesource.com/c/1478697
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59807}
2019-02-23 03:56:32 +00:00
v8-ci-autoroll-builder
e74199d4d8 Update V8 DEPS.
Rolling v8/base/trace_event/common: e31a170..936ba8a

Rolling v8/build: ba245a9..93f8c0e

Rolling v8/test/wasm-js/data: 2e2e3a9..4da0540

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/76fb063..e4abf4c

Rolling v8/third_party/depot_tools: 36974ad..d7f7a3e

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: I5fa05932b8a7a2e9a8e97d00f5be84d2e5d0c2ec
Reviewed-on: https://chromium-review.googlesource.com/c/1485018
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#59806}
2019-02-23 03:49:22 +00:00
Deepti Gandluri
dfdc0e6de0 [wasm] Reserve upto maximum for a shared WebAssembly.Memory
When using a shared WebAssembly.Memory, always try to reserve up to the
maximum to avoid having to move the buffer. If after multiple retries
it is not possible to reserve the maximum, fall back to initial size
reservation.

 - Add new methods to allocate a Shared WebAssemblyMemory.buffer
 - Use these to reserve upto the mazimum for a Shared WebAssembly.Memory
 - Cleanup js-api so actual allocation is done inside the constructor

BUG: v8:8564
Change-Id: I97815c7c94a2b84416cd867fb23b3c815d7f0f12
Reviewed-on: https://chromium-review.googlesource.com/c/1480910
Reviewed-by: Ben Smith <binji@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59805}
2019-02-23 01:59:12 +00:00
Deepti Gandluri
5d0f5bd739 Revert "[wasm] ReturnCall Implementation (interpreter)"
This reverts commit 6a88f0b1e4.

Reason for revert: Fails UBSAN bots - https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux64%20UBSan/4866

Original change's description:
> [wasm] ReturnCall Implementation (interpreter)
> 
> Implement the ReturnCall functionality for the interpreter.
> 
> Note that some tests have had to be deferred to the implementation
> of ReturnCall for TurboFan.
> 
> Bug: v8:7431
> Change-Id: I091528e72f9113ddf1929bd1a5650b490bc8cc0c
> Reviewed-on: https://chromium-review.googlesource.com/c/1467343
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Commit-Queue: Francis McCabe <fgm@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59803}

TBR=adamk@chromium.org,ahaas@chromium.org,clemensh@chromium.org,fgm@chromium.org

Change-Id: Ib2a85e586549e9c36f94d70f04f6e103a8272367
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7431
Reviewed-on: https://chromium-review.googlesource.com/c/1484574
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59804}
2019-02-22 23:31:54 +00:00
Francis McCabe
6a88f0b1e4 [wasm] ReturnCall Implementation (interpreter)
Implement the ReturnCall functionality for the interpreter.

Note that some tests have had to be deferred to the implementation
of ReturnCall for TurboFan.

Bug: v8:7431
Change-Id: I091528e72f9113ddf1929bd1a5650b490bc8cc0c
Reviewed-on: https://chromium-review.googlesource.com/c/1467343
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Francis McCabe <fgm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59803}
2019-02-22 19:27:10 +00:00
Ulan Degenbaev
05de6ac1e7 [heap] Improve work stealing for concurrent marking
This fixes a corner case where the main thread has items in the local
segments but the global pool is empty. In such case concurrent marking
tasks are not posted and marking is performed on the main thread.

Bug: chromium:934453
Change-Id: Ic34cd4ecb59b848021d8d8b086904b415669f5e6
Reviewed-on: https://chromium-review.googlesource.com/c/1482739
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59802}
2019-02-22 19:26:05 +00:00
Deepti Gandluri
dab2fe6f6a Revert "Temporarily unship constant field tracking"
This reverts commit 4950dec761.

Reason for revert: Breaks on stress_background_compile variant https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket.appspot.com/8920804687849034208/+/steps/Mjsunit/0/logs/number-divide/0

Original change's description:
> Temporarily unship constant field tracking
> 
> This is to get better handle on improvements and regressions.
> 
> Bug: v8:8361, chromium:930680
> Change-Id: I2963b55f3480036ada885267a277a95d24a67656
> Reviewed-on: https://chromium-review.googlesource.com/c/1482737
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59800}

TBR=jarin@chromium.org,ishell@chromium.org

Change-Id: Ibf38c9cb2bf0921b7d93972a1e6cdd4c3d57c592
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8361, chromium:930680
Reviewed-on: https://chromium-review.googlesource.com/c/1483610
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59801}
2019-02-22 19:18:16 +00:00
Jaroslav Sevcik
4950dec761 Temporarily unship constant field tracking
This is to get better handle on improvements and regressions.

Bug: v8:8361, chromium:930680
Change-Id: I2963b55f3480036ada885267a277a95d24a67656
Reviewed-on: https://chromium-review.googlesource.com/c/1482737
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59800}
2019-02-22 16:53:05 +00:00
Junliang Yan
dc13819ff4 [wasm] fix wasm atomic wait callback test on BE
Bug: v8:8075
Change-Id: I8547706b56bab28dc11685e73b5fc084c8f1bf69
Reviewed-on: https://chromium-review.googlesource.com/c/1480912
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59799}
2019-02-22 16:02:26 +00:00
Santiago Aboy Solanes
03e13f7a47 [Turbofan] Introduce LoadStackArgument to represent loading arguments from the stack.
This now makes it so TurboFan now uses full pointer loads for arguments values
located on stack.

Bug: v8:8876, v8:7703
Change-Id: Ib82d6f3b0f4c8d33669c7f86ce803381d210c019
Reviewed-on: https://chromium-review.googlesource.com/c/1480382
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59798}
2019-02-22 15:52:06 +00:00