Commit Graph

51485 Commits

Author SHA1 Message Date
Hai Dang
7bd9eb7e1e Add fast paths to Array.from.
This reuses the fast path from IterableToList for Array.from. The fast
paths are taken when .from is called with the receiver Array and the only
argument is the iterable (no mapping function or thisArg).

Bug: v8:7980
Change-Id: I975b0c5e3f838262d7b71ad4dec5111fb031d746
Reviewed-on: https://chromium-review.googlesource.com/c/1297322
Commit-Queue: Hai Dang <dhai@google.com>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56993}
2018-10-25 14:47:21 +00:00
Clemens Hammacher
695466925c [wasm] Store WasmEngine in NativeModule
The {CompilationState} currently stores the {WasmEngine}, while the
{NativeModule} only stores the {WasmCodeManager}. From a high-level
view, this does not make much sense. The {NativeModule} belongs to
exactly one {WasmEngine}, so that link should be stored there. We can
then get to the {WasmCodeManager} from the {WasmEngine}.

This change requires a refactoring of the {WasmCodeManagerTest} which
created {WasmCodeManager}s independent of the {Isolate} and the
{WasmEngine}. This is not supported any more.
Note that in production, each {WasmEngine} owns exactly one
{WasmCodeManager} and one {WasmMemoryTracker}, so testing that a
{WasmMemoryTracker} can be shared by several {WasmCodeManager}s didn't
make sense in the first place.

R=mstarzinger@chromium.org

Bug: v8:8217
Change-Id: I582e698be35f97dbd38bf6e12eb7f8ee4fc1f0f2
Reviewed-on: https://chromium-review.googlesource.com/c/1297960
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56992}
2018-10-25 14:18:01 +00:00
Georg Neis
5ed7e71f5c Make --future imply --concurrent-inlining.
This gives us better test coverage.

Also enable --strict-heap-broker by default. I think this
flag is no longer necessary and can be removed soon.

Bug: v8:7790
Change-Id: I55d43dea45ff99bb753189b0d019f945b61752ac
Reviewed-on: https://chromium-review.googlesource.com/c/1298898
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56991}
2018-10-25 14:16:56 +00:00
Jakob Gruber
640fd567bc [ia32] Remove embedded builtin ifdefs in macro assembler
This removes the last V8_EMBEDDED_BUILTIN ifdefs from the ia32 macro
assembler. It also enables root-relative accesses in a few more spots
where they are cheap.

Bug: v8:6666
Change-Id: I10c8e69d8a76fccd3d0753dad020cced4d92a4a2
Reviewed-on: https://chromium-review.googlesource.com/c/1299018
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56990}
2018-10-25 14:11:58 +00:00
Hai Dang
ff9ba741db [CSA] Skip write barriers when copying Smi-only FixedArrays.
This CL allows ExtractFixedArray to know if the JSArray has only Smi
elements. In that case ExtractFixedArray will always skip write barriers
when copying the Smi-only backing store. In the case that the copying
is not possibly conflicting with the concurrent marker, CopyElements will
efficiently use memcpy for further performance.

This improves the performance of ExtractFastJSArray and CloneFastJSArray.
As a result, performance of copying Smi arrays by slice() and spreading is
improved, except for spreading Smi holey arrays.

Bug: v8:7980
Change-Id: Ie39f8abf3b5039cc12a8ca7ece81352375e0e9da
Reviewed-on: https://chromium-review.googlesource.com/c/1286340
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Hai Dang <dhai@google.com>
Cr-Commit-Position: refs/heads/master@{#56989}
2018-10-25 13:44:01 +00:00
Toon Verwaest
9df7ee392d [parser] Remove RETURN_IF* from ParseNewTarget
Bug: v8:8363, v8:7926
Change-Id: I45df1db051c69b05e0b84e432a072fd6bbdcf6d4
Reviewed-on: https://chromium-review.googlesource.com/c/1299083
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56988}
2018-10-25 13:39:29 +00:00
Toon Verwaest
d5370d150d [parser] Remove RETURN_IF* from ParseFormalParameter
Bug: v8:8363, v8:7926
Change-Id: I956bdd92688d4dddedca4a6ca844344072bad3f7
Reviewed-on: https://chromium-review.googlesource.com/c/1299085
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56987}
2018-10-25 13:08:35 +00:00
Toon Verwaest
5d1b7c37e1 [parser] Remove RETURN_IF* from ExpectMetaProperty
Bug: v8:8363, v8:7926
Change-Id: Ib4e39c9b23cf0733c189480ba8fbe1df27c85395
Reviewed-on: https://chromium-review.googlesource.com/c/1299084
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56986}
2018-10-25 12:56:37 +00:00
Toon Verwaest
e08d944b2c [parser] Remove unnecessary RETURN_IF* from ParseMember*
Since tokens turn illegal automatically upon failure, we can delay checking in
places where we'll return upon illegal token anyway. We still need checks
before uses of a possible invalid expression (nullptr in parser), so keep those
checks for now; possibly pushing a previously higher check to right before the
dereference.

Bug: v8:8363 ,v8:7926

Change-Id: Ia402fc83c15f4c3258a335614b9213f8211a3c53
Reviewed-on: https://chromium-review.googlesource.com/c/1299081
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56985}
2018-10-25 12:53:45 +00:00
Jakob Gruber
ff6138ad08 Reland "[ia32] Remove poisoning logic on ia32"
This is a reland of a31a623047

Original change's description:
> [ia32] Remove poisoning logic on ia32
>
> Poisoning has been disabled by default on ia32 a while ago. This CL
> removes its logic from ia32 code generation, which will let us move
> towards fuller (and unconditional) root register support.
>
> Bug: chromium:860429, v8:8254
> Change-Id: I8f672cf48a6ffc7bf21e7794c1b7463d7f8b9594
> Reviewed-on: https://chromium-review.googlesource.com/c/1296131
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#56978}

Tbr: mstarzinger@chromium.org,jarin@chromium.org
Bug: chromium:860429, v8:8254
Change-Id: Ia65ac57fdc6b9a0f59cc64455d6a000005e9be3b
Reviewed-on: https://chromium-review.googlesource.com/c/1299080
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56984}
2018-10-25 12:45:55 +00:00
Clemens Hammacher
e725ebb1c2 [wasm] Untangle AsyncCompileJob and AsyncStreamingProcessor
This CL extracts some functionality out of the {PrepareAndStartCompile}
step, in order to reuse that from the {AsyncStreamingProcessor}. We
currently schedule a {PrepareAndStartCompile} task to get the same
effect, and rely on the internal implementation to do the right thing.

R=ahaas@chromium.org

Bug: v8:8238
Change-Id: I43135fe488a5f72c09307ac955381c69b7987ec1
Reviewed-on: https://chromium-review.googlesource.com/c/1297321
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56983}
2018-10-25 12:32:54 +00:00
Jakob Gruber
0855fb151b [array] Ensure PrepareElementsForSort returns a legal value
PrepareElementsForSort must return a number less than or equal the array
length.

Bug: chromium:897512, v8:7382
Change-Id: If5f9c4d052e623ab9f3300b8534603abbee859fa
Reviewed-on: https://chromium-review.googlesource.com/c/1297958
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56982}
2018-10-25 12:02:47 +00:00
Georg Neis
3f0a307b00 Remove on-by-default flag --concurrent-typed-lowering.
Bug: v8:7790
Change-Id: I842615412368b37a1be4a5dfff7ba37f781f7906
Reviewed-on: https://chromium-review.googlesource.com/c/1297965
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56981}
2018-10-25 11:37:07 +00:00
Michael Achenbach
17f47d7402 Revert "[ia32] Remove poisoning logic on ia32"
This reverts commit a31a623047.

Reason for revert:
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20nosnap%20-%20debug/21332

Original change's description:
> [ia32] Remove poisoning logic on ia32
> 
> Poisoning has been disabled by default on ia32 a while ago. This CL
> removes its logic from ia32 code generation, which will let us move
> towards fuller (and unconditional) root register support.
> 
> Bug: chromium:860429, v8:8254
> Change-Id: I8f672cf48a6ffc7bf21e7794c1b7463d7f8b9594
> Reviewed-on: https://chromium-review.googlesource.com/c/1296131
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#56978}

TBR=mstarzinger@chromium.org,jarin@chromium.org,jgruber@chromium.org

Change-Id: I305e9e1719fb4b3f8ef267c232723db9b52966e9
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:860429, v8:8254
Reviewed-on: https://chromium-review.googlesource.com/c/1299015
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56980}
2018-10-25 11:15:56 +00:00
Ross McIlroy
9cde880856 [Compile] Ensure we don't access the native context during bytecode finalization.
Resets the isolate's context to nullptr in debug builds during bytecode finalization
to ensure that we don't rely on the native context during context independent
unoptimized compilation.

BUG=chromium:898076, v8:8041

Change-Id: Ifaa5006a7a3d31d7fbd535ebb63f8889c75526c4
Reviewed-on: https://chromium-review.googlesource.com/c/1297961
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56979}
2018-10-25 11:03:33 +00:00
Jakob Gruber
a31a623047 [ia32] Remove poisoning logic on ia32
Poisoning has been disabled by default on ia32 a while ago. This CL
removes its logic from ia32 code generation, which will let us move
towards fuller (and unconditional) root register support.

Bug: chromium:860429, v8:8254
Change-Id: I8f672cf48a6ffc7bf21e7794c1b7463d7f8b9594
Reviewed-on: https://chromium-review.googlesource.com/c/1296131
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56978}
2018-10-25 10:46:27 +00:00
Clemens Hammacher
51a931949e [wasm] Remove redundant tiering_completed_ flag
The flag was only there to tell whether the {AsyncCompileJob} needs to
be kept alive. We already have this information in all the other fields
of the {AsyncCompileJob}, thus remove it.

R=ahaas@chromium.org

Bug: v8:8238
Change-Id: I8d1d76ba8d622d1816c240e7a824ecf31c3b1ce5
Reviewed-on: https://chromium-review.googlesource.com/c/1297957
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56977}
2018-10-25 10:28:16 +00:00
Peter Marshall
3767ab39e1 Reland "[cpu-profiler] Fix a bug which caused a pure virtual function call"
This is a reland of c92a1dda41

Original change's description:
> [cpu-profiler] Fix a bug which caused a pure virtual function call
>
> We need to remove each Sampler from the SamplerManager before we call
> the Sampler destructor. This is because the signal handler can interrupt
> the destructor, and call DoSampler(), which calls sampler->SampleStack()
> on the sampler being destructed, causing general unhappiness and
> "Pure virtual function called!" crashes.
>
> Bug: v8:8346, v8:5193
> Change-Id: Iaa595a196eab33fb1af31584e9a68fd1ce0a18f6
> Reviewed-on: https://chromium-review.googlesource.com/c/1293949
> Commit-Queue: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Alexei Filippov <alph@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#56882}

TBR=yangguo@chromium.org

Bug: v8:8346, v8:5193
Change-Id: I9878f65c868ff1aed6f3a587cba688c4241bad8c
Reviewed-on: https://chromium-review.googlesource.com/c/1298893
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56976}
2018-10-25 09:58:21 +00:00
Sergiy Byelozyorov
919841a839 Use CIPD to checkout luci-go binaries
R=machenbach@chromium.org

Bug: chromium:865541
Change-Id: I98f21c278099bd2c90b4a1ff9b7dddb74d263e34
Reviewed-on: https://chromium-review.googlesource.com/c/1144923
Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56975}
2018-10-25 09:25:34 +00:00
Toon Verwaest
125dfb2a4e [parser] Use std::vector and cache top in State in FuncNameInferrer
It's unnecessary to buffer in the zone, and using a deque is more expensive
than an std::vector as a stack since we reuse areas very frequently. The
top-of-stack that the State keeps track of is now simply tracked in the state,
with a scope_depth_ counter to figure out if the fni_ is "open" (has an active
state).

Change-Id: I29ad3db7520340b8fe035feed400178bd50785bc
Reviewed-on: https://chromium-review.googlesource.com/c/1298894
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56974}
2018-10-25 09:01:08 +00:00
Igor Sheludko
0e09760881 [ptr-compr] Make IsolateData be the bottleneck for root-relative accesses
Bug: v8:8182
Change-Id: I4dadd9cab071ecd4314c370be5f444e36acb708e
Reviewed-on: https://chromium-review.googlesource.com/c/1297317
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56973}
2018-10-25 08:46:58 +00:00
Florian Sattler
339bb225c8 [parser] Remove explicit ok status tracking.
Replace the explicit ok tracing by setting the scanner to fail, allowing us to
return automatically. RETURN_IF_PARSE_ERROR is now used instead of CHECK_OK to
verify if the parser failed.

In a follow-up CL we'll merge RETURN_IF_PARSE_ERROR after Expect* into an
EXPECT* macro. We'll keep (for now) RETURN_IF_PARSE_ERROR that guard uses of
possible NullExpression (e.g., impl()->IsIdentifier(...)). All other RETURN_IF*
will be removed. Uses after failure can likely later be fixed too by introducing
a FailureExpression.

Bug: v8:8363 ,v8:7926

Change-Id: I9896449eb9be476c453da4417a0bfd17c169ff38
Reviewed-on: https://chromium-review.googlesource.com/c/1294649
Commit-Queue: Florian Sattler <sattlerf@google.com>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56972}
2018-10-25 07:51:46 +00:00
Michael Achenbach
9929a238ab Update V8 DEPS.
Rolling v8/build: 6455acf..5a371bc

Rolling v8/test/wasm-js/data: 7e3c46a..b0e7838

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/b026043..ed6fe0f

Rolling v8/third_party/depot_tools: 98f1e59..2b71832

Rolling v8/third_party/fuchsia-sdk: bac0433..29de0c2

Rolling v8/tools/clang: a245b95..3041f30

Rolling v8/tools/luci-go: 445d7c4..86c09e8

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: Ieb48aa2ff019267e3be8d3f70e60829d545d34c3
Reviewed-on: https://chromium-review.googlesource.com/c/1298391
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56971}
2018-10-25 07:28:05 +00:00
Kai Ninomiya
87ba4e5a12 [wasm] fix crash using devtools pause button in wasm
Check for is_javascript in Debug::AllFramesOnStackAreBlackboxed,
instead of assuming all frames are javascript frames.

Fix is thanks to dgozman: https://crbug.com/896093#c3

Bug: chromium:896093
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I6b735d904c3fd036d4589d65f10673b81b8f326c
Reviewed-on: https://chromium-review.googlesource.com/c/1295552
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Commit-Queue: Kai Ninomiya <kainino@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56970}
2018-10-25 07:16:45 +00:00
Junliang Yan
a2415d540b PPC: Cleanup Atomic64 Ops
R=joransiu@ca.ibm.com

Change-Id: I154b3cac455d44a84f7d6363758841310010d749
Reviewed-on: https://chromium-review.googlesource.com/c/1296683
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#56969}
2018-10-24 23:51:39 +00:00
Junliang Yan
9352171ec9 PPC: fix input reg clobbering on atomic64
R=joransiu@ca.ibm.com

Change-Id: Ic9a6a9055e3f05ef64723d995228673ee48eb994
Reviewed-on: https://chromium-review.googlesource.com/c/1296682
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#56968}
2018-10-24 21:23:24 +00:00
Peter Marshall
f16c5f8dd1 [arm] Don't allow use of SP as a scratch register
This would allow SP to be a nonsense value, which would confuse the CPU
profiler when the signal handler read the SP before it was restored.

Bug: v8:8355
Change-Id: If108c8cf00467904fe0f4f26fddc2e3122afcd93
Reviewed-on: https://chromium-review.googlesource.com/c/1298032
Reviewed-by: Martyn Capewell <martyn.capewell@arm.com>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56967}
2018-10-24 20:43:32 +00:00
Toon Verwaest
840242f4c4 [parser] Use std::vector as pointer-buffer for ScopedPtrList
This allows us to use one underlying buffer rather than 3, and allows memory to
be freed as we're growing the vector.

Change-Id: I45c178a31e8f6d3ee44d3319ce8bca2db2460d33
Reviewed-on: https://chromium-review.googlesource.com/c/1297328
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56966}
2018-10-24 20:19:17 +00:00
Tom Tan
a6423cca4a Reland "Add Windows ARM64 ABI support to V8"
This is a reland of fcbb023b0e

Original change's description:
> Add Windows ARM64 ABI support to V8
>
> This change added Windows ARM64 ABI support, major things are:
> 1. Excluding x18 register from any usage because it is reserved as
>    platform register. Preserve alignment after the change.
> 2. Fix the assumption of LP64 in arm64 backend. Windows ARM64 is
>    still LLP64.
> 3. Stack guard page probe for large allocation on stack.
>
> Reference:
> Windows ARM64 ABI:
> https://docs.microsoft.com/en-us/cpp/build/arm64-windows-abi-conventions?view=vs-2017
>
> Bug: chromium:893460
> Change-Id: I325884ac8dab719154a0047141e18a9fcb8dff7e
> Reviewed-on: https://chromium-review.googlesource.com/c/1285129
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#56881}

CQ_INCLUDE_TRYBOTS=luci.chromium.try:android_arm64_dbg_recipe
TBR=mlippautz@chromium.org

Bug: chromium:893460
Change-Id: Icc45fd091c33f7df805842a70236b79b14756f52
Reviewed-on: https://chromium-review.googlesource.com/c/1297300
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56965}
2018-10-24 19:46:36 +00:00
Jakob Kummerow
76968a2ff3 [ubsan] Introduce ObjectPtr and port PropertyArray
This CL gives a first look at the new way to represent tagged object
pointers in C++.
It adds infrastructure in Handles and the garbage collector to deal
with the new object type, and ports a first class to the new world.

Design overview: https://goo.gl/Ph4CGz

Bug: v8:3770
Change-Id: I3e37fbf399612f95540cb386710a595069fb9d55
Reviewed-on: https://chromium-review.googlesource.com/c/1292673
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56964}
2018-10-24 18:27:31 +00:00
Frank Tang
e76e44f088 [Intl] Add "position" to the return of next()
Add position to the return of %SegmentIterator%.next()
which newly added to the spec in
https://github.com/tc39/proposal-intl-segmenter/pull/42

Bug: v8:8305
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I8de7102acb670a6c529ab3e35601c78a8dc7703c
Reviewed-on: https://chromium-review.googlesource.com/c/1278636
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56963}
2018-10-24 18:25:41 +00:00
Georg Neis
5d90d70a3d [turbofan] Brokerize some more in JSCallReducer.
Bug: v8:7790
Change-Id: I14bac46ef7457ea142f79f96fc5a2018d429dcc8
Reviewed-on: https://chromium-review.googlesource.com/c/1297323
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56962}
2018-10-24 18:24:01 +00:00
Frank Tang
6899cd2b10 [Intl] Clean up TODO(ftang)
Remove TODO that is already done
Uncomment two working tests.

Bug: v8:5751
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Icb28d84e92812996c2928e90961d75508ba4c401
Reviewed-on: https://chromium-review.googlesource.com/c/1296933
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56961}
2018-10-24 18:17:58 +00:00
Dan Elphick
b0bf37528f [heap] Move hash_seed into RO_SPACE
Creates the hash_seed byte array in RO_SPACE and moves the root from
STRONG_MUTABLE_IMMOVABLE_ROOT_LIST to STRONG_READ_ONLY_ROOT_LIST.

Bug: v8:8191
Change-Id: I3b044fbb3e51eb5d21ac2e68a54076623865b9d2
Reviewed-on: https://chromium-review.googlesource.com/c/1297959
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56960}
2018-10-24 17:02:43 +00:00
Aseem Garg
6bc73a287f [wasm] remove raw mode from wasm translation
R=clemensh@chromium.org,kozyatinskiy@chromium.org

Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ic6c7e2eaa4463d945d00eb1e1123d7d1731b34db
Reviewed-on: https://chromium-review.googlesource.com/c/1297671
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56959}
2018-10-24 16:23:20 +00:00
Ross McIlroy
f6a8576897 [Compile] Remove unecessary class_function_descriptors access.
BuildClassBoilerplate accessed the native context to get the
class_function_descriptors. Baseline compilation should be native context
independent, so we shouldn't access the native context at all. As it happens,
class_function_descriptors wasn't used so can just be removed.

BUG=chromium:898076, v8:8041

Change-Id: If9c0edf3dfde68c76ea87820f9d4b080aac6d60e
Reviewed-on: https://chromium-review.googlesource.com/c/1298033
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56958}
2018-10-24 16:19:20 +00:00
Caitlin Potter
ac3f98d58e [builtins] put SetPropertyInLiteral in a code-stub
There are several core changes in this stub:

1) add a version of KeyedStoreGenericGenerator::SetPropertyInLiteral()
which supports indexed properties directly, witthout KeyedStore

2) add a code stub for SetPropertyInLiteral which uses the version
supporting indexed properties

3) Use the code stub in CloneObjectIC, rather than using the smaller
special-cased version which does not handle Names.

Item 1) involves a refactoring which adds a nice way to reuse code in
KeyedStoreGenericAssembler, which allows deleting a bunch of copy/pasted
code. This makes it easy to reuse the index handling in
KeyedStoreGeneric() without adding adding a bunch more duplicated
handling. Because of this, I consider this to be somewhat of a cleanup,
though if the copied code is preferred, I'm happy to revert to that.

Item 2) is needed for Object.fromEntries(), as it's better to not
require falling back to the slow path if a key happens to be an Smi ---
but this is also optional.

Item 3) benefits the codebase by allowing Object.fromEntries() to use
this fast path without calling into the runtime, and without duplicating
code which is also used by CloneObjectIC.

I am skeptical that this should affect performance significantly. I've
run ObjectLiteralSpread tests, and the mean of scores over 100 runs is
somewhat surprising: CloneObjectIC --- the only user of this code,
has an increased average score, while the polyfill cases score slightly
worse --- However, the overall changes are small and likely flukes.
The complete processed test output is below:

```
// Mean of 100 runs of each benchmark

Babel-ObjectLiteralSpread:
-----+---------------------------+---------------------------+-------
     | With patch                | Without patch             | diff
Mean | 11530.87                  | 12142.92                  | -5.04%
-----+---------------------------+---------------------------+-------

BabelAndOverwrite-ObjectLiteralSpread:
-----+---------------------------+---------------------------+-------
     | With patch                | Without patch             | diff
Mean | 10881.41                  | 11260.81                  | -3.37%
-----+---------------------------+---------------------------+-------

ObjectAssign-ObjectLiteralSpread:
-----+---------------------------+---------------------------+-------
     | With patch                | Without patch             | diff
Mean | 6188.92                   | 6358.55                   | -2.67%
-----+---------------------------+---------------------------+-------

ObjectAssignAndOverwrite-ObjectLiteralSpread:
-----+---------------------------+---------------------------+-------
     | With patch                | Without patch             | diff
Mean | 6112.80                   | 6275.54                   | -1.61%
-----+---------------------------+---------------------------+-------

ObjectSpread-ObjectLiteralSpread:
-----+---------------------------+---------------------------+-------
     | With patch                | Without patch             | diff
Mean | 51942.93                  | 50713.17                  | +3.46%
-----+---------------------------+---------------------------+-------

ObjectSpreadAndOverwrite-ObjectLiteralSpread:
-----+---------------------------+---------------------------+-------
     | With patch                | Without patch             | diff
Mean | 51375.23                  | 50833.29                  | +2.09%
-----+---------------------------+---------------------------+-------
```

BUG=v8:8238, v8:8021
R=ishell@chromium.org, jkummerow@chromium.org

Change-Id: I43e102fc461ffd389b5d6810a73f86e5012d7dee
Reviewed-on: https://chromium-review.googlesource.com/c/1277751
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56957}
2018-10-24 15:47:33 +00:00
Toon Verwaest
395078d717 [tick-processor] Deal with missing arguments object
Bug: v8:8365

Change-Id: Ie938073551bf1af6fb59ac1c395e7fabbcfdebd7
Reviewed-on: https://chromium-review.googlesource.com/c/1298034
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56956}
2018-10-24 15:36:57 +00:00
Michael Starzinger
68f7c3a776 [builtins][ia32] Bring back register for record write stub.
This adds back another register to the record write stub to have one
additional register on top of the parameter register as allocation
general purpose register. It has only been recently reduced to just four
registers due to embedded builtins. This is needed to be able to tail
call a record write stub.

R=ulan@chromium.org
CC=jgruber@chromium.org
BUG=v8:8341

Change-Id: Id16f9e96d611a871fbe1180581eaf14275a7332e
Reviewed-on: https://chromium-review.googlesource.com/c/1297955
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56955}
2018-10-24 15:14:15 +00:00
Sathya Gunasekaran
b5b0f6a1df [heap-stats] Fix typo
Change-Id: I8ce540dcd1dd5384f96d1c47c9784fdfb0933c1e
Reviewed-on: https://chromium-review.googlesource.com/c/1298029
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56954}
2018-10-24 14:37:00 +00:00
Lei Zhang
cbf58f4df0 Remove torque_generated_core target.
GN should understand action outputs, so the header generated by the
run_torque action do not need to be separately listed in another
source_set.

Change-Id: I309e8c012eb0a0597a247806d36658c1d6e5d97b
Reviewed-on: https://chromium-review.googlesource.com/c/1297680
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56953}
2018-10-24 14:20:10 +00:00
Hai Dang
b483cc12d0 Extend Array.from micro-benchmarks.
Bug: v8:7980
Change-Id: Ic4c72b02c196b296105a6ddf9c3af9fb699ef8c5
Reviewed-on: https://chromium-review.googlesource.com/c/1297327
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Hai Dang <dhai@google.com>
Cr-Commit-Position: refs/heads/master@{#56952}
2018-10-24 14:17:51 +00:00
Michael Starzinger
d634f7a636 [turbofan] Remove dead code in {OutOfLineRecordWrite}.
R=ulan@chromium.org
BUG=v8:8238

Change-Id: Idf6b3d4035b392dd1b20ff3e4cbdb60cdaada054
Reviewed-on: https://chromium-review.googlesource.com/c/1297325
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56951}
2018-10-24 14:01:07 +00:00
Jaroslav Sevcik
ccb48e95d5 [constant-tracking] Fix compilation dependencies to account for constness.
Bug: v8:5495, v8:8361
Change-Id: I7a03c7a4897b15112b978d232754076ad8753c4e
Reviewed-on: https://chromium-review.googlesource.com/c/1297311
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56950}
2018-10-24 13:55:08 +00:00
Sergiy Byelozyorov
961125b7d0 [tools] Move path-specific try-builders to the CQ config
R=machenbach@chromium.org

No-Try: true
No-Tree-Checks: true
Bug: chromium:892433
Change-Id: Id323739be44ea55d73c712059520d7f5e684c97e
Reviewed-on: https://chromium-review.googlesource.com/c/1280304
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56949}
2018-10-24 13:52:21 +00:00
Benedikt Meurer
f19c4a594f [turbofan] ReceiverOrNullOrUndefined feedback for JSEqual.
This changes the ReceiverOrOddball feedback on JSStrictEqual to
ReceiverOrNullOrUndefined feedback, which can also safely be
consumed by JSEqual (we cannot generally accept any oddball here
since booleans trigger implicit conversions, unfortunately).
Thus we replace the previously introduced CheckReceiverOrOddball
with CheckReceiverOrNullOrUndefined, and drop CheckOddball, since
we will no longer collect Oddball feedback separately.

TurboFan will then turn a JSEqual[ReceiverOrNullOrUndefined] into
a sequence like this:

```
left = CheckReceiverOrNullOrUndefined(left);
right = CheckReceiverOrNullOrUndefined(right);
result = if ObjectIsUndetectable(left) then
           ObjectIsUndetectable(right)
         else
           ReferenceEqual(left, right);
```

This significantly improves the peak performance of abstract equality
with Receiver, Null or Undefined inputs. On the test case outlined in
http://crbug.com/v8/8356 we go from

  naive: 2946 ms.
  tenary: 2134 ms.

to

  naive: 2230 ms.
  tenary: 2250 ms.

which corresponds to a 25% improvement on the abstract equality case.
For regular code this will probably yield more performance, since we
get rid of the JSEqual operator, which might have arbitrary side
effects and thus blocks all kinds of TurboFan optimizations. The
JSStrictEqual case is slightly slower now, since it has to rule out
booleans as well (even though that's not strictly necessary, but
consistency is key here).

This way developers can safely use `a == b` instead of doing a dance
like `a == null ? b == null : a === b` (which is what dart2js does
right now) when both `a` and `b` are known to be Receiver, Null or
Undefined. The abstract equality is not only faster to parse than
the tenary, but also generates a shorter bytecode sequence. In the
test case referenced in http://crbug.com/v8/8356 the bytecode for
`naive` is

```
StackCheck
Ldar a1
TestEqual a0, [0]
JumpIfFalse [5]
LdaSmi [1]
Return
LdaSmi [2]
Return
```

which is 14 bytes, whereas the `tenary` function generates

```
StackCheck
Ldar a0
TestUndetectable
JumpIfFalse [7]
Ldar a1
TestUndetectable
Jump [7]
Ldar a1
TestEqualStrict a0, [0]
JumpIfToBooleanFalse [5]
LdaSmi [1]
Return
LdaSmi [2]
Return
```

which is 24 bytes. So the `naive` version is 40% smaller and requires
fewer bytecode dispatches.

Bug: chromium:898455, v8:8356
Change-Id: If3961b2518b4438700706b3bd6071d546305e233
Reviewed-on: https://chromium-review.googlesource.com/c/1297315
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56948}
2018-10-24 13:45:22 +00:00
Michael Achenbach
9b939128db [test] Migrate last test configs
Also use low experiment percentage on CQ, since the builder's output is unused.

NOTRY=true
TBR=sergiyb@chromium.org

Bug: chromium:830557
Change-Id: Id024ab16e2944ec5e94b0209672ed6b77ae322a8
Reviewed-on: https://chromium-review.googlesource.com/c/1296466
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56947}
2018-10-24 13:44:12 +00:00
peterwmwong
4e12baa62b Reland "[builtins] Fix Array.p.join length overflow and invalid string length handling"
This is a reland of ec969ea3b1

Temporarily removes high memory usage test.

Original change's description:
> [builtins] Fix Array.p.join length overflow and invalid string length handling
>
> - Fixes and simplify allocating the temporary fixed array for ToString-ed elements.
>   - When the array size is greater than representable by an intptr, it overflowed into a negative value causing a non-negative assert to fail.
>   - Simplify fallback behavior by always allocating a conservatively sized temporary fixed array. Previously, if the array had dictionary elements, the temporary fixed array was sized based on %GetNumberDictionaryNumberOfElements() and then resized when entering the fallback.
>
> - Fixes related invalid string length handling. When the running total of the resulting string length overflowed or exceeded String::kMaxLength, a RangeError is thrown. Previously, this thrown RangeError bypassed JoinStackPop and left the receiver on the stack.
>
> Bug: chromium:897404
> Change-Id: I157b71ef04ab06125a5b1c3454e5ed3713bdb591
> Reviewed-on: https://chromium-review.googlesource.com/c/1293070
> Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#56907}

Bug: chromium:897404
Change-Id: I4995893f6f9724b26c231d05619ad65dbccc7223
Reviewed-on: https://chromium-review.googlesource.com/c/1297675
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Cr-Commit-Position: refs/heads/master@{#56946}
2018-10-24 13:35:38 +00:00
Daniel Clifford
ce00ea8085 Fix formatting of Torque unions
TBR=tebbi@chromium.org
NOTRY=true

Change-Id: I2c5a1fc18efbbef7fd407000fa560bb75e5dc145
Reviewed-on: https://chromium-review.googlesource.com/c/1297324
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56945}
2018-10-24 13:31:53 +00:00
Hai Dang
902d21dd66 Fix StringToList to set right length of the new array.
Previously StringToList use the length of the original string, which is
not the right value: we expect the length of the new array to be the
number of characters (codepoints).

Bug: v8:7980
Change-Id: I2efca5715323c4399cb45c53871ae349207f3458
Reviewed-on: https://chromium-review.googlesource.com/c/1297320
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56944}
2018-10-24 13:30:51 +00:00