Commit Graph

17887 Commits

Author SHA1 Message Date
Andreas Haas
c7fb0e0947 [wasm] Remove fine-grained CodeSpaceMemoryModificationScopes
In a recent CL I introduced module-level CodeSpaceMemoryModificationScopes,
which means that the number of CodeSpaceMemoryModificationScopes which
are opened aside from TurboFan compilation is not linear in the number
of functions anymore. In that CL, however, I did not remove scopes which
became obsolete. This CL removes now these obsolete scopes, and
introduces some scopes where shared code was used from outside the
compilation logic.

R=mstarzinger@chromium.org, clemensh@chromium.org

Bug: chromium:787731
Change-Id: I37d514efa3a4b10adb7008986a9c91e4557ce618
Reviewed-on: https://chromium-review.googlesource.com/790490
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49662}
2017-11-28 10:34:39 +00:00
Sathya Gunasekaran
94dfb8a1f4 [class] Add harmony-public-fields flag
Change the existing uses of the harmony-class-fields flag to
harmony-public-fields so that we can stage this separately
from the upcoming harmony-private-fields to get some
clusterfuzz coverage.

Bug: v8:5367
Change-Id: I76cdefa4faf34eae73d3a5f6d6089cf75677732a
Reviewed-on: https://chromium-review.googlesource.com/792940
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49661}
2017-11-28 10:19:29 +00:00
Sathya Gunasekaran
34657ab30b [class] Implement super property access in instance fields
Bug: v8:5367
Change-Id: Ic725c5ef22ab05891764d3ebf9a99c0d383e6d90
Reviewed-on: https://chromium-review.googlesource.com/789939
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49660}
2017-11-28 10:14:19 +00:00
Igor Sheludko
a70344c63a [test] Reduce max depthness of nested objects in JSON-stringify.js test.
Modification of InstanceType enum caused JsonStringifier::Serialize_() function
to consume more stack space (because of a switch statement) in non-optimized
debug build which now causes stack overflow on certain depth of nested objects.
The modification affects neither optimized debug nor release builds.

Change-Id: Ia2925d9abbd1c32c5a4694e14c49b2d0bd119419
Reviewed-on: https://chromium-review.googlesource.com/789074
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49657}
2017-11-28 09:40:49 +00:00
Michael Lippautz
4cb6ef8374 [heap] Move sweeper to separate file
Bug: 
Change-Id: Ie516167f047e48cda47a5dbfb156ea9ae164046c
Reviewed-on: https://chromium-review.googlesource.com/789878
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49656}
2017-11-28 09:22:09 +00:00
Igor Sheludko
888acb2f3c [runtime] Properly deal with prototype setup mode during class literal instantiation.
1) Make sure we don't enable prototype setup mode for parent class and its prototype
objects.
2) Make sure we create builtins and their prototypes with completed setup mode.
3) Drive-by-fix: setup typed array classes in bootstrapper.cc instead of typedarray.js,
and drop %FunctionSetPrototype().

Bug: v8:7115, v8:5902
Change-Id: I58ac091d85647abc3307bd47baf48e378e3695c5
Reviewed-on: https://chromium-review.googlesource.com/790992
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49655}
2017-11-28 09:11:59 +00:00
Tobias Tebbi
904c3a1f09 [turbofan] fix dead code elimination: propagate DeadValue along FrameState inputs
Bug: chromium:788539
Change-Id: I75b6ef7e486b578f123747d79f52c9eb45a0370e
Reviewed-on: https://chromium-review.googlesource.com/792050
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49654}
2017-11-28 09:09:09 +00:00
Georg Neis
aa7d1438df [parsing] Fix bug in rewriter concerning a breakable try-finally.
R=adamk@chromium.org

Bug: chromium:787698
Change-Id: I873debe61b152a9e88ce22d95a69f27eab2d0f55
Reviewed-on: https://chromium-review.googlesource.com/787473
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49653}
2017-11-28 09:07:51 +00:00
Benedikt Meurer
e797f9fb34 [turbofan] Improve typing rule for NumberTrunc.
This extends the typing rule for NumberTrunc to deal with general number
inputs properly, thus addressing a long-standing TODO. We also add test
cases to ensure that the typing rule gets the corner cases for NaN and
-0 right.

Bug: v8:5267, v8:7109
Change-Id: Iedc541a0f4619f37da37ea36940f92472034cdf2
Reviewed-on: https://chromium-review.googlesource.com/792932
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49652}
2017-11-28 08:31:39 +00:00
Benedikt Meurer
71f3ab8e76 [turbofan] Improve typing rule for NumberRound.
This extends the typing rule for NumberRound to deal with general number
inputs properly, thus addressing a long-standing TODO. We also add test
cases to ensure that the typing rule gets the corner cases for NaN and
-0 right.

Bug: v8:5267, v8:7109
Change-Id: Ia865ec1d6f8d96f20641bee96891740a9fc6e627
Reviewed-on: https://chromium-review.googlesource.com/792931
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49651}
2017-11-28 08:22:19 +00:00
Benedikt Meurer
c7742e4953 [turbofan] Improve typing rule for NumberCeil.
This extends the typing rule for NumberCeil to deal with general number
inputs properly, thus addressing a long-standing TODO. We also add test
cases to ensure that the typing rule gets the corner cases for NaN and
-0 right.

Bug: v8:5267, v8:7109
Change-Id: I9154e47e58ad106791613db0030051f2a802a981
Reviewed-on: https://chromium-review.googlesource.com/792930
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49650}
2017-11-28 07:00:59 +00:00
jing.bao
6aaf71d795 [ia32][wasm] Add I8x16 BinOp and CompareOp.
Add/AddSaturateS/Sub/SubSaturateS/AddSaturateU/SubSaturateU
MinS/MaxS/MinU/MaxU
Eq/Ne/GtS/GeS/GtU/GeU

Bug: 
Change-Id: Ib802dcfceac073090602d09a7fb037ec498e493d
Reviewed-on: https://chromium-review.googlesource.com/788595
Commit-Queue: Jing Bao <jing.bao@intel.com>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49649}
2017-11-28 05:44:09 +00:00
Adam Klein
a868f6e3fc [cctest] Add a bit of test coverage for disallowing await in async params
This enforces that we use ParseExpressionCoverGrammar, and not ParseExpression,
for several tricky cases. Also clarify comment on ParserBase::ParseExpression().

Change-Id: I1d1289abdf539c96f4b42f97c79a8adf3c06e728
Reviewed-on: https://chromium-review.googlesource.com/783171
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49647}
2017-11-27 23:35:28 +00:00
Adam Klein
bfa90f7e7c Move function name var initialization to BytecodeGenerator
Besides avoiding the weird hack of inserting a statement at the 0th
index of the function body, we also avoid allocating (and initializing)
the variable if it's unreferenced (which I'd wager is the common case).

Bug: v8:6092
Change-Id: If917d422bb4818cf21e8272aa786ca84d4472802
Reviewed-on: https://chromium-review.googlesource.com/784092
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49646}
2017-11-27 18:37:47 +00:00
Jakob Gruber
dd15e30b25 [typedarray] Widen set fast path for JSTypedArray source arguments
Pull most JSTypedArray source arguments onto the fast path.

Same source & target elements-kinds simply call memmove. Other
combinations call directly into C and reuse ElementsAccessor logic.

Only overlapping source & target args with differing elements-kinds
remain on the slow runtime path.

Bug: v8:7123, v8:3590
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I80284b61478b0e3266b8f16bde8a56bd90f080b0
Reviewed-on: https://chromium-review.googlesource.com/788857
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49643}
2017-11-27 17:32:15 +00:00
Peter Marshall
9d906310e1 [typedarray] Fix a spec violation in the constructor.
Implement the new spec behavior that says construction from a neutered
buffer should throw after the ToIndex call on the length argument.

Bug: v8:6216
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I219a107730b53fca639bc813f68f7ddc27e79017
Reviewed-on: https://chromium-review.googlesource.com/789847
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49639}
2017-11-27 15:37:30 +00:00
Sathya Gunasekaran
5c59fe02e3 [class] Fix preparsed scope data mismatch for computed class fields
Previously we only created synthetic variables in the parser and not
in the preparser, causing mismatch in the preparsed scope data.

This patch creates the variables in both parsers.

Bug: v8:5367
Change-Id: I9c511d0b9212bd36816956b06dc204b0b5920e1c
Reviewed-on: https://chromium-review.googlesource.com/789848
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49637}
2017-11-27 14:18:04 +00:00
Andreas Haas
e21bac5b0b [wasm] Open CodeSpaceMemoryModificationScope after imports got sanitized
Within SanitizeImports it is possible that JavaScript code gets executed
therefore we have to open the CodeSpaceMemoryModificationScope after
SanitizeImports.

R=clemensh@chromium.org

Bug: chromium:788469
Change-Id: Ide9bbd4ee4613b28380979d4a6c66d26e6a9406f
Reviewed-on: https://chromium-review.googlesource.com/789936
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49635}
2017-11-27 13:48:34 +00:00
jgruber
e815149402 [typedarray] Add set fast path for JSArray source arguments
This adds a fast path that avoids the runtime transition for JSArray
source arguments with {packed,holey} {smi,double} elements kinds.

The fast path currently calls straight into C and copies there using
elements accessor logic.

Local tests show a 4x speedup when copying from 1-element JSArrays.
As the source array becomes larger, the time spent copying elements
begins to dominate.

Bug: v8:3590
Change-Id: I05ebe54d7b255d0a76ad46ac11ce7cfd516b8ac8
Reviewed-on: https://chromium-review.googlesource.com/789010
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49634}
2017-11-27 13:11:31 +00:00
Michael Starzinger
4ad9430c39 [objects] Fix flag in {Map::AddMissingTransitions}.
This fixes the computation of the {may_have_interesting_symbols} flag
for the last map computed in {Map::AddMissingTransitions} method. The
last map is allocated ahead of time, but the flag is only correct once
the descriptors are actually installed in the end.

R=bmeurer@chromium.org
TEST=mjsunit/regress/regress-crbug-786020
BUG=chromium:786020

Change-Id: Iff97780609fe596437eb6bea85606a1c3bb2ac4c
Reviewed-on: https://chromium-review.googlesource.com/789839
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49631}
2017-11-27 12:49:01 +00:00
Ivica Bogosavljevic
70dbac4b63 Fix compilation failures with GCC 6.3.0
Bug: 
Change-Id: If2468dab0ce2ef59a1f9cc8e4d8dc57b320f8c5f
Reviewed-on: https://chromium-review.googlesource.com/789041
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49629}
2017-11-27 11:30:11 +00:00
Sathya Gunasekaran
4ca9d843f8 [class] Store class fields initializer on the constructor
Previously, the class fields initializer function was stored on a
synthetic context allocated variable. This approach had sevaral
problems:

- We didn't know that class literal had fields until after we had
completely parsed the class literal. This meant that we had to go back
and fix up the scope of the constructor to have this synthetic
variable. This resulted in mismatch between parser and preparsed scope
data.

- This synthetic variable could potentially resolve to an initializer
of an outer class.

For ex:
class X extends Object {
  c = 1;
  constructor() {
    var t = () => {
      class P extends Object {
        constructor() {
          var t = () => { super(); };
          t();
        }
      }
      super();
    }
    t();
  }
}

In this the inner class P could access the outer class X's initiliazer
function. We would have to maintain extra metadata to make sure this
doesn't happen.

Instead this new approach uses a private symbol to store the
initializer function on the class constructor itself.

For the base constructor case, we can simply check for a bit on the
constructor function literal to see if we need to emit code that loads
and calls this initializer function. Therefore, we don't pay the cost
of loading this function in case there are no class fields.

For the derived constructor case, there are two possiblities:
(a) We are in a super() call directly in the derived constructor:

In this case we can do a check similar to the base constructor check,
we can check for a bit on the derived constructor and emit code for
loading and calling the initializer function.

This is usually the common case and we don't pay any cost for not using
class fields.

(b) We are in a super() call inside an arrow function in the derived
constructor:

In this case, we /always/ emit code to load and call the initializer
function. If the function doesn't exist then we have undefined and we
don't call anything. Otherwise we call the function.

super() can't be called twice so even if we emit code to load and call
the initializer function multiple times, it doesn't matter because it
would have already been an error.

Bug: v8:5367
Change-Id: I7f77cd6493ff84cf0e430a8c1039bc9ac6941a88
Reviewed-on: https://chromium-review.googlesource.com/781660
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49628}
2017-11-27 10:35:11 +00:00
Yang Guo
13a68e6c29 [snapshot] make API external references optional.
In snapshots with several contexts, some contexts may not reference
function or object templates, and therefore would not require external
references for deserialization. However, function and object templates
are deserialized with the isolate as part of the partial snapshot cache,
so we would need these external references even if we only use contexts
that don't need them.

With this patch, we use a fallback in case no external references are
provided. This way, we only run into issues when we actually call native
callbacks.

R=jgruber@chromium.org, peria@chromium.org

Change-Id: I6af8a77f26c92bd73fdab6112474c62da270597f
Reviewed-on: https://chromium-review.googlesource.com/784831
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49615}
2017-11-24 09:46:53 +00:00
Michal Majewski
6056d32b38 [test] Extract expected outcomes. Simpler FAIL_* handling.
Bug: v8:6917
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I864de452bacb9e34fa1bc70722bf4c2fa3de4204
Reviewed-on: https://chromium-review.googlesource.com/782723
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Commit-Queue: Michał Majewski <majeski@google.com>
Cr-Commit-Position: refs/heads/master@{#49614}
2017-11-24 09:23:03 +00:00
jgruber
c1f2966d4c Reland "[coverage] add coverage for binary expressions"
This is a reland of 4d3bc552b5
Original change's description:
> [coverage] add coverage for binary expressions
> 
> Adds block-level coverage tracking for binary && and ||
> expressions. Introduces a BinaryOperation source-range
> for tracking the operations themselves and an Expression
> source-range, used for tracking NaryLogical expressions.
> 
> This builds on work by jgruber@chromium.org in
> the issue.
> 
> TBR=marja@chromium.org
> R=jgruber@chromium.org, rmcilroy@chromium.org
> 
> Bug: v8:6660
> Change-Id: I83a81f13a3514a734c06948b2d3e91138fb00e18
> Reviewed-on: https://chromium-review.googlesource.com/754564
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49304}

Bug: v8:6660
Change-Id: I1c8571660d6c501d526886867bd841c49d5c44fd
Reviewed-on: https://chromium-review.googlesource.com/778288
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49613}
2017-11-24 08:44:23 +00:00
jing.bao
2e8ac7bb86 [ia32][wasm] Add I16x8 CompareOp, I16x8Neg and I8x16Neg.
I16x8 GtS/GeS/GtU/GeU
I16x8Neg, I8x16Neg
Add Psignb, Psignw, Psubb, Psubw macros

Bug: 
Change-Id: Id38f15140727051e185054295722282b77ea889c
Reviewed-on: https://chromium-review.googlesource.com/773831
Commit-Queue: Jing Bao <jing.bao@intel.com>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49610}
2017-11-24 01:29:30 +00:00
Mircea Trofin
f5a5a7785d Fix VirtualMemory::Free in presence of lsan
Adding lsan root unregistration when Free-ing VirtualMemory.

Bug: chromium:787976
Change-Id: I0ef32b4324ff6d7b6192d7e5616081766a0e51a8
Reviewed-on: https://chromium-review.googlesource.com/786995
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49609}
2017-11-23 17:29:53 +00:00
jgruber
5a88950c8f [builtins]: Simple port of %TypedArray%.prototype.set() to CSA TFJ.
- Fast path for same type source typed array
- Move previous CPP implementation into a runtime function "TypedArraySet"
  - Remove parts covered by the TFJ
    - Basic receiver, offset, source checks
    - Handling of same type source typed array

Bug: v8:3590
Change-Id: I0f19d961424c30cc8bbcb8648b623e7e6dfa33f4
Reviewed-on: https://chromium-review.googlesource.com/786414
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49608}
2017-11-23 15:40:41 +00:00
Clemens Hammacher
0bc1b967f2 [wasm] [interpreter] Fix cross-instance indirect calls
The existing access to the signatures is plain wrong. This CL fixes
this.
Note that cross-instance indirect calls are only enabled since a few
days (https://crrev.com/c/778159), which is why this bug was not
detected before.

R=titzer@chromium.org

Bug: chromium:787910
Change-Id: Iaac4d1d85840c921eb8554c5094933ec8d987802
Reviewed-on: https://chromium-review.googlesource.com/787312
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49607}
2017-11-23 12:33:51 +00:00
Georg Neis
74184d5314 [compiler] Make typer deal with conversions that return empty type.
The typer's ToNumber (and thus ToInteger etc.) returns type None when
the input type is BigInt, but we weren't quite ready for that in a few
places.

R=jarin@chromium.org

Bug: v8:7121
Change-Id: Ib12c726338f1ec3dfb9ba5cf54b00cc8d1351a89
Reviewed-on: https://chromium-review.googlesource.com/785130
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49604}
2017-11-23 11:37:09 +00:00
Peter Marshall
fff1012945 [tests] Skip regress-748069 for tsan as well. Reorganize tsan skips.
The tsan skips were getting a bit spread all over the place. Added a
section for them below msan and asan to keep things together, where
the only cause for skipping the test is tsan.

Bug: v8:7093
Change-Id: I606c3ab2f23e4159c12c1e81d28e855412158f15
Reviewed-on: https://chromium-review.googlesource.com/785810
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49599}
2017-11-23 08:08:01 +00:00
Alexey Kozyatinskiy
48c1cb9746 [inspector] introduce way to get full stored async stack
If async stack is longer then max depth, we add externalParent as id,
client can fetch next max depth async stacks by Debugger.getStackTrace.

R=dgozman@chromium.org

Bug: chromium:778796
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I89d461e672251f03fb239f4f16ae3b0374fce766
Reviewed-on: https://chromium-review.googlesource.com/776242
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49595}
2017-11-23 00:22:40 +00:00
Alexey Kozyatinskiy
653a9e2bd3 [inspector] introduced universal Debugger.pauseOnAsyncCall
If protocol client needs to make step-into async call:
- pause before async call using any Debugger agent capabilities,
- call Debugger.stepInto with breakOnAsyncCall flag,
- wait for Debugger.paused event, this event will contain
  asyncCallStackTrace if async call is scheduled,
- call Debugger.pauseOnAsyncCall on each known target,
- resume execution in current debugger by Debugger.resume.

Bug: chromium:778796
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I40c56278e7b1ceafc3bf81608b8ca6716c2b3168
Reviewed-on: https://chromium-review.googlesource.com/773573
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49594}
2017-11-23 00:20:10 +00:00
Mircea Trofin
4341749d3e [wasm] Disable WasmCodeManagerTest when run under lsan
Disabling while investigating referenced bug.

Bug: chromium:787976
Change-Id: I0388d8902f40e3b2f3759542befd3c6c20b6da38
Reviewed-on: https://chromium-review.googlesource.com/786325
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Commit-Queue: Brad Nelson <bradnelson@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49593}
2017-11-22 23:10:50 +00:00
Alexey Kozyatinskiy
885a5669aa Reland [inspector] introduced stackTraceId and externalAsyncTask API
Sometimes we need to capture stack trace on one debugger and use it
later as a parent stack on another debugger (e.g. worker.postMessage).

This CL includes following addition to our protocol and v8-inspector.h:
  - added Runtime.StackTraceId, this id represents stack trace captured
    on debugger with given id,
  - protocol client can fetch Runtime.StackTrace by
    Runtime.StacKTraceId using Debugger.getStackTrace method,
  - externalParent field is added to Debugger.paused event, it may
    contain external parent stack trace,
  - V8Inspector::storeCurrentStackTrace captures current stack trace
    and returns V8StackTraceId for embedder this id can be used as
    argument for V8Inspector::externalAsyncTaskStarted and
    V8Inspector::externalAsyncTaskFinished method. Any async stack
    trace captured between these calls will get passed external stack
    trace as external parent. These methods are designed to be called
    on different debuggers. If async task is scheduled and started on
    one debugger user should continue to use asyncTask* API,
  - Debugger.enable methods returns unique debuggerId.

TBR=dgozman@chromium.org,jgruber@chromium.org

Bug: chromium:778796
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I2c1a2b2e30ed69ccb61d10f08686f4edb09f50e4
Reviewed-on: https://chromium-review.googlesource.com/786274
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49591}
2017-11-22 20:56:10 +00:00
Igor Sheludko
cb46310a79 [runtime] Extend InstanceType to uint16_t range of values.
Bug: v8:5799
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Iff62cf07d85b48975d7a21da388bbf6addeb56f1
Reviewed-on: https://chromium-review.googlesource.com/781633
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49589}
2017-11-22 19:14:09 +00:00
Toon Verwaest
da0af28545 [interpreter] DYNAMIC_GLOBAL needs to walk the context chain starting from current_scope, not closure_scope
The main reason why we currently don't see this fail is that block-scopes always appear to have an extension: the scope info object is stored there.

Bug: 
Change-Id: I38f0c15387e235eeea9a57c95af0d9eb185dad2a
Reviewed-on: https://chromium-review.googlesource.com/785951
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49585}
2017-11-22 17:40:26 +00:00
Clemens Hammacher
4379533ca4 Revert "[inspector] introduced stackTraceId and externalAsyncTask API"
This reverts commit 3a41b697cd.

Reason for revert: Break msvc: https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20msvc/builds/250

Original change's description:
> [inspector] introduced stackTraceId and externalAsyncTask API
> 
> Sometimes we need to capture stack trace on one debugger and use it
> later as a parent stack on another debugger (e.g. worker.postMessage).
> 
> This CL includes following addition to our protocol and v8-inspector.h:
>   - added Runtime.StackTraceId, this id represents stack trace captured
>     on debugger with given id,
>   - protocol client can fetch Runtime.StackTrace by
>     Runtime.StacKTraceId using Debugger.getStackTrace method,
>   - externalParent field is added to Debugger.paused event, it may
>     contain external parent stack trace,
>   - V8Inspector::storeCurrentStackTrace captures current stack trace
>     and returns V8StackTraceId for embedder this id can be used as
>     argument for V8Inspector::externalAsyncTaskStarted and
>     V8Inspector::externalAsyncTaskFinished method. Any async stack
>     trace captured between these calls will get passed external stack
>     trace as external parent. These methods are designed to be called
>     on different debuggers. If async task is scheduled and started on
>     one debugger user should continue to use asyncTask* API,
>   - Debugger.enable methods returns unique debuggerId.
> 
> Bug: chromium:778796
> Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: I16aba0d04bfcea90f3e187e635a0588c92354539
> Reviewed-on: https://chromium-review.googlesource.com/754183
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
> Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49582}

TBR=dgozman@chromium.org,pfeldman@chromium.org,yangguo@chromium.org,kozyatinskiy@chromium.org,jgruber@chromium.org

Change-Id: I9b52354fa0841e5148596cf594317f2e5fe508ea
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:778796
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/786152
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49584}
2017-11-22 17:39:00 +00:00
Igor Sheludko
00a781dbc3 [runtime] Ensure elements transitions don't interfere with field type tracking.
This CL ensures that elements kind transitions don't cause silent
mutable-to-constant or any-to-class-type migrations of in-place
generalizable fields.

Bug: v8:5495, chromium:783132
Change-Id: Ie60224db62bd45d27148ae0469c7af5a3fe944fd
Reviewed-on: https://chromium-review.googlesource.com/785190
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49583}
2017-11-22 16:51:47 +00:00
Alexey Kozyatinskiy
3a41b697cd [inspector] introduced stackTraceId and externalAsyncTask API
Sometimes we need to capture stack trace on one debugger and use it
later as a parent stack on another debugger (e.g. worker.postMessage).

This CL includes following addition to our protocol and v8-inspector.h:
  - added Runtime.StackTraceId, this id represents stack trace captured
    on debugger with given id,
  - protocol client can fetch Runtime.StackTrace by
    Runtime.StacKTraceId using Debugger.getStackTrace method,
  - externalParent field is added to Debugger.paused event, it may
    contain external parent stack trace,
  - V8Inspector::storeCurrentStackTrace captures current stack trace
    and returns V8StackTraceId for embedder this id can be used as
    argument for V8Inspector::externalAsyncTaskStarted and
    V8Inspector::externalAsyncTaskFinished method. Any async stack
    trace captured between these calls will get passed external stack
    trace as external parent. These methods are designed to be called
    on different debuggers. If async task is scheduled and started on
    one debugger user should continue to use asyncTask* API,
  - Debugger.enable methods returns unique debuggerId.

Bug: chromium:778796
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I16aba0d04bfcea90f3e187e635a0588c92354539
Reviewed-on: https://chromium-review.googlesource.com/754183
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49582}
2017-11-22 16:33:06 +00:00
jgruber
3ae2b9ebf0 [mjsunit] Speed up regress-1257
This test used to run 10M loop iterations to trigger OSR. Let's run 5
instead and trigger OSR manually through the runtime.

Bug: v8:7093
Change-Id: Ie0cdb9389ca465bf433e81a17fa60c300edc3e29
Reviewed-on: https://chromium-review.googlesource.com/785693
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49579}
2017-11-22 14:28:09 +00:00
Peter Marshall
9a9fc07661 [tests] Skip regress-748069 for sanitzier builds.
The test is flaky due to huge string allocation.

Bug: v8:7093
Change-Id: I2f17eb8b96b569d84a1f5c9549753fd0ab7fee89
Reviewed-on: https://chromium-review.googlesource.com/785351
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49575}
2017-11-22 14:03:58 +00:00
Michael Starzinger
884a2b25da [test] Reenable test for "future" that no longer fails.
R=machenbach@chromium.org
BUG=v8:7106

Change-Id: I4064368a3452cc9b6b0ce219e67a9825b1092926
Reviewed-on: https://chromium-review.googlesource.com/785391
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49574}
2017-11-22 13:51:15 +00:00
jgruber
368a621e34 [mjsunit] Split up long RegExp tests
These tests can take up to 10 minutes on bots. Split them up to
increase parallelism.

Bug: v8:7093
Change-Id: Iabfd34a7f2476d4add51da807f2e987e8d1153c9
Reviewed-on: https://chromium-review.googlesource.com/785411
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49573}
2017-11-22 13:38:52 +00:00
Daniel Clifford
4d70aa02fd Fix hole handling in fast arguments slice
Bug: chromium:784080
Change-Id: I38c539435d867f6abb80218457e5b5a982e34817
Reviewed-on: https://chromium-review.googlesource.com/785210
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49571}
2017-11-22 12:32:37 +00:00
Andreas Haas
cede838f98 [wasm] Update spec tests
R=titzer@chromium.org

Change-Id: I18a4bcdb002d63c0d5476ce4ff3edd466489b518
Reviewed-on: https://chromium-review.googlesource.com/785092
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49567}
2017-11-22 10:39:01 +00:00
Alexey Kozyatinskiy
ed9b2072a6 [inspector] reworked async instrumentation for promises
Old instrumentation was designed to collect promise creation stack and
promise scheduled stack together. In DevTools for last 6 months we
show only creation stack for promises. We got strong support from users
for new model. Now we can drop support for scheduled stacks and
simplify implementation.

New promise instrumentation is straightforward:
- we send kDebugPromiseThen when promise is created by .then call,
- we send kDebugPromiseCatch when promise is created by .catch call,
- we send kDebugWillHandle before chained callback and kDebugDidHandle
  after chained callback,
- and we send separate kDebugAsyncFunctionPromiseCreated for internal
  promise inside async await function.

Advantages:
- we reduce amount of captured stacks (we do not capture stack for
  promise that constructed not by .then or .catch),
- we can consider async task related to .then and .catch as one shot
  since chained callback is executed once,
- on V8 side we can implement required instrumentation using only
  promise hooks,

Disadvantage:
- see await-promise test, sometimes scheduled stack was useful since we
  add catch handler in native code,

Implementation details:
- on kInit promise hook we need to figure out why promise was created.
  We analyze builtin functions until first user defined function on
  current stack. If there is kAsyncFunctionPromiseCreate function then
  we send kDebugAsyncFunctionPromiseCreated event. If there is
  kPromiseThen or kPromiseCatch then only if this function is bottom
  builtin function we send corresponded event to inspector. We need it
  because Promise.all internally calls .then and in this case we have
  Promise.all and Promise.then on stack at the same time and we do not
  need to report this internally created promise to inspector.

Bug: chromium:778796
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I53f47ce8c5c4a9897655c3396c249ea59529ae47
Reviewed-on: https://chromium-review.googlesource.com/765208
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49553}
2017-11-21 16:56:00 +00:00
Bill Budge
0481b23e25 [Memory] Rewrite platform OS Commit / Uncommit in terms of permissions.
- Eliminates CommitRegion and UncommitRegion methods, replacing them with
  calls to SetPermissions.
- Makes a similar change to the API of VirtualMemory.
- This changes system calls from mmap to mprotect on most POSIX platforms.

Bug: chromium:756050
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ib10f8293c9398c6c1e729cd7d686b7c97e6a5d75
Reviewed-on: https://chromium-review.googlesource.com/769679
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49552}
2017-11-21 16:48:55 +00:00
Michal Majewski
0f2223c894 [test] Refactor getting test outcomes from statusfile.
Filtering by status file split to four parts:
1. Getting outcomes - reads both variant dependent and
independent outcomes, no more need to do it twice.
2. Checking unused rules - has a switch to check only variant
dependent/independent rules.
3. Reading flags - if outcome starts with '--' it is treated as a flag.
4. Actual filtering.

Outcomes removed from the testcase object, can be accessed
by call to its testsuite.

Bug: v8:6917
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I35762f891010ddda926250452b88656047433daa
Reviewed-on: https://chromium-review.googlesource.com/775160
Commit-Queue: Michał Majewski <majeski@google.com>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49547}
2017-11-21 15:00:24 +00:00
Mircea Trofin
bd63de9cc1 [wasm] Ensure serializability of JS_TO_WASM wrappers
On x64, we optimize out EmbeddedReferences, unless we explicitly
indicate serialization is enabled. We serialize js-to-wasm wrappers,
which include such references.

Bug: v8:7083
Change-Id: I976da4af74bf7ee3245e1465b8e47f2c042ec3b4
Reviewed-on: https://chromium-review.googlesource.com/780207
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Eric Holk <eholk@chromium.org>
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49546}
2017-11-21 14:57:44 +00:00
Andreas Haas
09323a6a17 [wasm] Use activations of the interpreter in the fuzzers
Typically the interpreter returns 0xdeadbeef to indicate an exception.
However, for stack overflows a normal exception is used. The interpreter
requires an activation, however, to deal with normal exceptions. With
this CL we start an activation before we execute the fuzzer input in the
interpreter.

R=clemensh@chromium.org

Bug: chromium:781103
Change-Id: I4fc3a18bfc2076aab9ff7d2324a3311fe222954a
Reviewed-on: https://chromium-review.googlesource.com/776835
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49545}
2017-11-21 14:49:55 +00:00
Michael Starzinger
2976d14fa2 [test] Reenable test for "future" that no longer fails.
R=machenbach@chromium.org
BUG=v8:7106

Change-Id: I89ff17393848c88ffd885af3fec8b6703c75d073
Reviewed-on: https://chromium-review.googlesource.com/781942
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49543}
2017-11-21 14:30:35 +00:00
Igor Sheludko
d8c355fcac [runtime] Stop using Map::unused_property_fields() byte.
The unused properties fields number is calculatable via used in-object
properties count and we can drop it now.

Bug: chromium:774644
Change-Id: I7388af7772a8e793593fabc46527886cf2e36095
Reviewed-on: https://chromium-review.googlesource.com/781465
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49542}
2017-11-21 14:07:04 +00:00
Clemens Hammacher
d43c6e59fc Decouple SourcePositionTableBuilder from Zone
Currently the SourcePositionTableBuilder requires a Zone because it
holds a ZoneVector<byte> of the encoded entries. Since ZoneVector is a
suboptimal data structure anyway, and for Liftoff we don't even have a
Zone allocated currently, this CL replaces the ZoneVector by
std::vector.

R=mstarzinger@chromium.org

Bug: v8:6600
Change-Id: I8010143e917e2351664e2b53746753b597f4407a
Reviewed-on: https://chromium-review.googlesource.com/779181
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49534}
2017-11-21 12:56:13 +00:00
Clemens Hammacher
412f1568f2 Reland "[test] Add Liftoff variant"
This is a reland of 712fa67554.

Original change's description:
> [test] Add Liftoff variant
>
> Add a variant for testing the current state of the Liftoff
> implementation.
> This variant will only run on a subset of the bots, just like the
> --future variant.
>
> R=machenbach@chromium.org, hablich@chromium.org
>
> Bug: v8:7088, v8:6600
> Change-Id: If49fad3a8ed579356504b821a787326754f24e78
> Reviewed-on: https://chromium-review.googlesource.com/779420
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49504}

TBR=machenbach@chromium.org
CC=hablich@chromium.org

Bug: v8:7088, v8:6600
Change-Id: Ieb20020f07c70acaa64bb421763a41aa163a261b
Reviewed-on: https://chromium-review.googlesource.com/781499
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49531}
2017-11-21 12:10:53 +00:00
jgruber
71b9018c47 [regexp] Avoid integer overflow in callable @@replace
The integer value denoting the number of captures (and thus the size
of the list of captures created in @@replace [0]) can be controlled by
the user.  This CL ensures we don't overflow and respect
Code::kMaxArguments, but note that it is still possible to trigger
OOMs through large lists.

Bug: chromium:786573
Change-Id: I19c88908c594487818d083b2ba423764ef91eae0
Reviewed-on: https://chromium-review.googlesource.com/779001
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49530}
2017-11-21 12:09:13 +00:00
Andreas Haas
6607bac5f4 [wasm-streaming] Fix function index calculation
The index of a function in the WasmModule data structure is offset by
the number of imported functions in the module. The {DecodeFunctionBody}
function of the module decoder, however, requires the function index
without this offset. The streaming processor mixed up these two ranges
of function indices. This is fixed in this CL.

R=clemensh@chromium.org

Bug: chromium:781507
Change-Id: Ie3e0c4703b06ecb923c98ffb961844915323197c
Reviewed-on: https://chromium-review.googlesource.com/776680
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49523}
2017-11-21 10:51:13 +00:00
Alexei Filippov
8c5e2d758d [cpu-profiler] Deprecate Isolate::GetCpuProfiler and CpuProfiler::CollectSample functions.
BUG=v8:7070

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I92d7c61afa88e0a52c8eed0c2a44a4e49847e83b
Reviewed-on: https://chromium-review.googlesource.com/767618
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49514}
2017-11-21 00:56:56 +00:00
Mircea Trofin
0cd6166c45 Reland "[wasm] Data structures for JIT-ing wasm to native memory."
This is a reland of c71fd20cf9
Original change's description:
> [wasm] Data structures for JIT-ing wasm to native memory.
>
> This CL introduces the structures for JIT-ing wasm on the native heap.
> They are described in detail at go/wasm-on-native-heap-stage-1
>
> Briefly:
> - WasmCodeManager manages memory for modules and offers an interior
> pointer lookup (i.e. PC -> WasmCode)
> - WasmCode represents code, including reloc info. It holds wasm
> specific data, like function index, and runtime information, like trap
> handler info.
> - NativeModule manages memory for one module.
>
> Tests cover the allocation and lookup aspects, following that current
> regression tests cover the JITed code. A separate CL will enable
> JITing using the new data structures.
>
> Bug: v8:6876
> Change-Id: I1731238409001fe97c97eafb7a12fd3922da6a42
> Reviewed-on: https://chromium-review.googlesource.com/767581
> Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49501}

Bug: v8:6876
Change-Id: Ifd1a4c23de8150dbdc75f059cd657e9670b15c9b
Reviewed-on: https://chromium-review.googlesource.com/779680
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49512}
2017-11-20 22:06:46 +00:00
Michael Achenbach
7e2033eb48 [test] Run the future variant on a subset of bots.
TBR=sergiyb@chromium.org

Bug: chromium:786938,v8:7106
Change-Id: Id60354be899187e4c09d53434ad70019c857f9e9
Reviewed-on: https://chromium-review.googlesource.com/779725
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49511}
2017-11-20 21:05:59 +00:00
Michael Achenbach
f93b14b0df [test] Prepare activating future variant on bots
TBR=sergiyb@chromium.org

Bug: v8:7106,chromium:786938
Change-Id: Iddd573013cb9322d1df06038f10f0e49a6497110
Reviewed-on: https://chromium-review.googlesource.com/779721
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49510}
2017-11-20 18:22:21 +00:00
Clemens Hammacher
3380e9a4d9 Reland "[wasm] Unify deoptimization data"
This is a reland of 236298acbf.

Original change's description:
> [wasm] Unify deoptimization data
>
> Add methods to add deoptimization data and use them from all the places
> where we currently add them manually. Also add them to wasm-to-wasm
> wrappers compiled on table set, which was missing before, leading to
> the referenced bug.
>
> R=ahaas@chromium.org
>
> Bug: chromium:779292
> Change-Id: Ib9132d9faeb1092c46e22dd8196d201ce5c0942f
> Reviewed-on: https://chromium-review.googlesource.com/774838
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49452}

Bug: chromium:779292
Change-Id: I8219305fc894c50904db57e51245733f6613dcd3
Reviewed-on: https://chromium-review.googlesource.com/778159
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49508}
2017-11-20 17:37:01 +00:00
Brad Nelson
fa268032fc [wasm] Disallow calling wasm constructors without new.
BUG=chromium:786021
R=titzer@chromium.org

Change-Id: I188ea4d639ef9d5ceeab5052e043ec1c9150bd77
Reviewed-on: https://chromium-review.googlesource.com/778282
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49506}
2017-11-20 17:34:51 +00:00
Mircea Trofin
9e45be0933 Revert "[wasm] Data structures for JIT-ing wasm to native memory."
This reverts commit c71fd20cf9.

Reason for revert: msvc is unhappy (https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20msvc/builds/208)

Original change's description:
> [wasm] Data structures for JIT-ing wasm to native memory.
> 
> This CL introduces the structures for JIT-ing wasm on the native heap.
> They are described in detail at go/wasm-on-native-heap-stage-1
> 
> Briefly:
> - WasmCodeManager manages memory for modules and offers an interior
> pointer lookup (i.e. PC -> WasmCode)
> - WasmCode represents code, including reloc info. It holds wasm
> specific data, like function index, and runtime information, like trap
> handler info.
> - NativeModule manages memory for one module.
> 
> Tests cover the allocation and lookup aspects, following that current
> regression tests cover the JITed code. A separate CL will enable JITing
> using the new data structures.
> 
> Bug: v8:6876
> Change-Id: I1731238409001fe97c97eafb7a12fd3922da6a42
> Reviewed-on: https://chromium-review.googlesource.com/767581
> Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49501}

TBR=bradnelson@chromium.org,ulan@chromium.org,mstarzinger@chromium.org,titzer@chromium.org,mtrofin@chromium.org,mlippautz@chromium.org

Change-Id: Id54deb74782c6f0fd06c61ddcabb727eb7010333
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6876
Reviewed-on: https://chromium-review.googlesource.com/779679
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49503}
2017-11-20 17:29:44 +00:00
Mircea Trofin
c71fd20cf9 [wasm] Data structures for JIT-ing wasm to native memory.
This CL introduces the structures for JIT-ing wasm on the native heap.
They are described in detail at go/wasm-on-native-heap-stage-1

Briefly:
- WasmCodeManager manages memory for modules and offers an interior
pointer lookup (i.e. PC -> WasmCode)
- WasmCode represents code, including reloc info. It holds wasm
specific data, like function index, and runtime information, like trap
handler info.
- NativeModule manages memory for one module.

Tests cover the allocation and lookup aspects, following that current
regression tests cover the JITed code. A separate CL will enable JITing
using the new data structures.

Bug: v8:6876
Change-Id: I1731238409001fe97c97eafb7a12fd3922da6a42
Reviewed-on: https://chromium-review.googlesource.com/767581
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49501}
2017-11-20 16:41:51 +00:00
Andreas Haas
3896e61775 [test] Add TaskRunners to the platform in the compiler dispatcher tests
I just pass a pointer of the platform to the task runner so that the
task runners can put tasks directly into the platform data structures.

R=rmcilroy@chromium.org

Change-Id: I7c1c56c3b9f550c0fe80012abcd31011e69f3d5d
Reviewed-on: https://chromium-review.googlesource.com/771751
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49498}
2017-11-20 15:54:11 +00:00
Michael Lippautz
5cf75a1ad3 Global handles: More test coverage
Bug: 
Change-Id: Ia3e42c8bfc8773fbd160f4200337617afd54d445
Reviewed-on: https://chromium-review.googlesource.com/779196
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49497}
2017-11-20 14:48:04 +00:00
Michal Majewski
657e726a0d [test] Common statusfile flag format for mozilla and test262.
Bug: v8:6917
Change-Id: Ida8594caead9119b7b5dad6209017e2eae9cd3aa
Reviewed-on: https://chromium-review.googlesource.com/776799
Commit-Queue: Michał Majewski <majeski@google.com>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49495}
2017-11-20 14:20:24 +00:00
Andreas Haas
d9b42b7b34 [wasm] Handle modules without code in streaming compilation
Streaming compilation started the compilation of a module at the
beginning of the code section. However, there exist valid modules which
do not contain a code section. In this CL we check for the existence of
a code section when we finish the stream. We do this by checking if the
module compiler in the AsyncCompileJob exists, because the module
compiler gets initialized at the beginning of the code section.

If we detect that compilation has not been started because there was no
code section, then we start compilation when the stream finishes.

R=clemensh@chromium.org

Bug: chromium:771973
Change-Id: I7c95a7a791d02254f086961e7cd81885eec27382
Reviewed-on: https://chromium-review.googlesource.com/778541
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49494}
2017-11-20 13:58:04 +00:00
Michael Lippautz
a9cab08e6c [heap] Re-enable parallel marking
Bug: chromium:750084
Change-Id: I3d449ab76101100866b18db776b9f282154a77d9
Reviewed-on: https://chromium-review.googlesource.com/768679
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49491}
2017-11-20 13:03:03 +00:00
jgruber
2291ab8fb9 [coverage] Include operators in Conditional ranges
When collecting source ranges for conditionals (`a ? b : c`), include
the '?' and ':' tokens in the then- and else ranges, respectively.

Bug: v8:7098
Change-Id: I22315e2040c96c977e0b49e1fafe4228a6558471
Reviewed-on: https://chromium-review.googlesource.com/778321
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49484}
2017-11-20 12:09:30 +00:00
Daniel Clifford
f0ceb9f277 Fix bug in length handling of Array.prototype.slice fast-path
Bug: chromium:785804
Change-Id: I1a65e2007438ac009d961e0e2c0425212216fcf1
Reviewed-on: https://chromium-review.googlesource.com/776696
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49481}
2017-11-20 11:53:13 +00:00
Peter Marshall
365bb5bb4a [regexp] Add a CSA fast path for replace with global regexp.
For simple replacement strings without $ characters, we can do the
replacement in CSA for a global regexp. This is a common case because
this is currently the most widely used way to 'replaceAll' in a string.

This CL speeds up the test case in the linked bug by 13%.

Bug: v8:7053
Change-Id: I0d1d7c25fed07dfd7927191a3ef3138302e10c8f
Reviewed-on: https://chromium-review.googlesource.com/774440
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49472}
2017-11-20 09:50:01 +00:00
Benedikt Meurer
a9a1671345 [cleanup] Rename "array protector" to "no elements protector".
The "array protector" now guards the Object.prototype, the
Array.prototype and the String.prototype, so the name was a
bit misleading nowadays. So the new name "no elements protector"
was chosen.

Bug: v8:6936, v8:7014, v8:7027
Change-Id: I9a9d7caa2caf0ac9e78cc6658de2f0506970dfa2
Reviewed-on: https://chromium-review.googlesource.com/778162
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49471}
2017-11-20 09:43:35 +00:00
Benedikt Meurer
8a91be5b05 [turbofan] Remove the unused ToBooleanHints.
The ToBooleanHints were used to represent the ToBoolean feedback
collected by Fullcodegen. But Ignition doesn't collect this feedback
and also TurboFan doesn't make use of the hints, so we should remove
this for now.

Bug: v8:7101
Change-Id: Ifc97d3ebb7494029b33ad79fc8bafdf3c08fb871
Reviewed-on: https://chromium-review.googlesource.com/778163
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49470}
2017-11-20 09:42:38 +00:00
Yang Guo
aae52f6b0f [snapshot] introduce more maps for rehashing.
R=mstarzinger@chromium.org

Bug: v8:6593
Change-Id: Ica794c7b0d779f04647d2b2c5ce7762a537620ae
Reviewed-on: https://chromium-review.googlesource.com/759793
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49469}
2017-11-19 10:39:16 +00:00
Anna Henningsen
09b53eef4c [api] Make running scripts in AddMessageListener callback work in debug mode
The existance of an `AllowJavascriptExecutionDebugOnly` scope in
`Isolate::ReportPendingMessages()` indicates that the API supports
running arbitrary JS code in a `AddMessageListener` callback.

Currently, this can fail in debug mode: The
`!isolate->external_caught_exception()` condition is checked when
entering API methods inside such a handler. However, if there is
a verbose `TryCatch` active when the exception occurs, this
check fails, and when calling `ToString()` on the exception object
leaves a pending exception itself, the flag is re-set to `true`.

Fix this problem by clearing the flag and the pending exception if
there was one during `ToString()`. This matches the code a few lines
up in `messages.cc`, so the exception state is now consistent
during the callback.

This currently makes a Node.js test fail in debug mode
(`parallel/test-error-reporting`).

Bug: node:7144
Bug: node:17016
Change-Id: I060d00fea3e9a497f4df34c6ff8d6e29ebe96321
Reviewed-on: https://chromium-review.googlesource.com/718096
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49466}
2017-11-18 23:39:29 +00:00
Jakob Kummerow
977da55033 [bigint] Encapsulate internals in MutableBigInt
This CL creates the invariant that the BigInt class treats
BigInt objects as immutable. Writing to new BigInt objects
as part of their construction is done by the MutableBigInt
helper class, which in turn is hidden as an implementation
detail in bigint.cc.
As a side effect, this refactoring enforces right-trimming
checks for all newly created BigInts, and ensures that all
BigInt allocations possibly exceeding kMaxLength check for
this case and throw a RangeError instead of crashing.

Bug: v8:6791
Tbr: mlippautz@chromium.org
Change-Id: Id239746108e6b076b47a03ba37462001eb501507
Reviewed-on: https://chromium-review.googlesource.com/742329
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49462}
2017-11-17 23:06:52 +00:00
Igor Sheludko
cc9e77abe8 Reland^2 "[runtime] Slightly optimize creation of class literals."
This CL also includes fixes for CF issues found while the previous
reland was active.

Bug: v8:5799, chromium:783902, chromium:783926, chromium:783822
Change-Id: I1f7d9b037d90838469c45f5d72771a77444c662e
Reviewed-on: https://chromium-review.googlesource.com/764067
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49457}
2017-11-17 18:15:34 +00:00
Michael Lippautz
71ad48fb8f [api] Mark MarkIndependent as soon deprecated
Persistent handles are always independent these days. Users should mark
weak handles as active using MarkActive if they want to keep weak
handles that are otherwise unreachable alive across scavenges.

Bug: chromium:780749
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I116e984ce14a035d1cef491d49f11a388fa8169d
Reviewed-on: https://chromium-review.googlesource.com/759794
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49456}
2017-11-17 18:14:29 +00:00
Adam Klein
16943d2d71 Revert "[wasm] Unify deoptimization data"
This reverts commit 236298acbf.

Reason for revert: suspected cause of failures on GC stress bots:

https://build.chromium.org/p/client.v8/builders/V8%20Mac%20GC%20Stress/builds/16341
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/16269

Original change's description:
> [wasm] Unify deoptimization data
> 
> Add methods to add deoptimization data and use them from all the places
> where we currently add them manually. Also add them to wasm-to-wasm
> wrappers compiled on table set, which was missing before, leading to
> the referenced bug.
> 
> Drive-by: Disable non-applicable MaybeHandle constructors to allow
> overloading functions with different Handle types.
> 
> R=​ahaas@chromium.org
> 
> Bug: chromium:779292
> Change-Id: Ib9132d9faeb1092c46e22dd8196d201ce5c0942f
> Reviewed-on: https://chromium-review.googlesource.com/774838
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49452}

TBR=ahaas@chromium.org,clemensh@chromium.org

Change-Id: I02fb49d2ece8e04ac5fb26f618bfe6fb2f133d06
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:779292
Reviewed-on: https://chromium-review.googlesource.com/777079
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49455}
2017-11-17 17:27:46 +00:00
Jakob Gruber
9037639eb1 Revert "[coverage] add coverage for binary expressions"
This reverts commit 4d3bc552b5.

Reason for revert: https://crbug.com/785778

Original change's description:
> [coverage] add coverage for binary expressions
> 
> Adds block-level coverage tracking for binary && and ||
> expressions. Introduces a BinaryOperation source-range
> for tracking the operations themselves and an Expression
> source-range, used for tracking NaryLogical expressions.
> 
> This builds on work by jgruber@chromium.org in
> the issue.
> 
> TBR=marja@chromium.org
> R=​jgruber@chromium.org, rmcilroy@chromium.org
> 
> Bug: v8:6660
> Change-Id: I83a81f13a3514a734c06948b2d3e91138fb00e18
> Reviewed-on: https://chromium-review.googlesource.com/754564
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49304}

TBR=rmcilroy@chromium.org,marja@chromium.org,jgruber@chromium.org,ben@npmjs.com

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:6660
Change-Id: Ie017c528604b2e01400f527511413eaea5786198
Reviewed-on: https://chromium-review.googlesource.com/776768
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49454}
2017-11-17 17:05:39 +00:00
Adam Klein
d42534d441 Remove always-on flags for RegExp dotAll and lookbehind
Both of these features were shipped in Chrome 62.

Bug: v8:4545, v8:6172
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: Ie00dcbeded7517a15696d4a78fcfbbf162919923
Reviewed-on: https://chromium-review.googlesource.com/775601
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49453}
2017-11-17 16:47:19 +00:00
Clemens Hammacher
236298acbf [wasm] Unify deoptimization data
Add methods to add deoptimization data and use them from all the places
where we currently add them manually. Also add them to wasm-to-wasm
wrappers compiled on table set, which was missing before, leading to
the referenced bug.

Drive-by: Disable non-applicable MaybeHandle constructors to allow
overloading functions with different Handle types.

R=ahaas@chromium.org

Bug: chromium:779292
Change-Id: Ib9132d9faeb1092c46e22dd8196d201ce5c0942f
Reviewed-on: https://chromium-review.googlesource.com/774838
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49452}
2017-11-17 16:28:38 +00:00
Jakob Gruber
4ad4a8d725 Eager-deserialize in test-debug/BuiltinsExceptionPrediction
This test iterates all builtin objects; explicitly deserialize builtins
when necessary to avoid verifying DeserializeLazy by accident.

Bug: v8:6624
Change-Id: Iab3f708380809b7486ef11a2816e9593ee7e65cd
Reviewed-on: https://chromium-review.googlesource.com/654902
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49451}
2017-11-17 16:11:48 +00:00
Michael Achenbach
c13b62d7db Revert "[log] Properly log all maps creating during bootstrapping"
This reverts commit acfef3ec93.

Reason for revert: Makes logmaps timeout in nosnap mode:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap/builds/18933

Original change's description:
> [log] Properly log all maps creating during bootstrapping
> 
> Logger::LogMaps will print all maps currently present on the heap.
> 
> Note that currently this does not properly log the detailed transitions
> for these maps.
> 
> Change-Id: Ia3218d371549d7634fe3eda9e8e59b0b0bd8bebb
> Reviewed-on: https://chromium-review.googlesource.com/753885
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49444}

TBR=yangguo@chromium.org,cbruni@chromium.org

Change-Id: I264362552cbc2f8f0c1df84412f4dbeea08ef384
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/776815
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49447}
2017-11-17 13:38:54 +00:00
Camillo Bruni
acfef3ec93 [log] Properly log all maps creating during bootstrapping
Logger::LogMaps will print all maps currently present on the heap.

Note that currently this does not properly log the detailed transitions
for these maps.

Change-Id: Ia3218d371549d7634fe3eda9e8e59b0b0bd8bebb
Reviewed-on: https://chromium-review.googlesource.com/753885
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49444}
2017-11-17 12:55:51 +00:00
Predrag Rudic
e6d92f61e7 MIPS[64]: Skip regress-779407 test
This test uses 136GB of memory which is too much for our MIPS boards.

NOTRY=true

Bug: v8:7093
Change-Id: I382bf0832da6ae74241e89a2016c3738f03979fd
Reviewed-on: https://chromium-review.googlesource.com/776765
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49443}
2017-11-17 12:47:12 +00:00
Clemens Hammacher
4c420258d3 Revert "MIPS[64] Implementation of MSA instructions in builtin simulator"
This reverts commit 3e0bf580e8.

Reason for revert: MSVC does not compile any more, see https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20msvc/builds/172

Original change's description:
> MIPS[64] Implementation of MSA instructions in builtin simulator
> 
> This commit is a step toward enabling test-run-wasm-simd tests for MIPS.
> 36 of those were failing in V8 builtin simulator because some instructions
> were not implemented.  Also there are minor fixes to some of the already
> implemented instructions.
> 
> This commit has only 32-bit implementation. After review I will add
> 64-bit version.
> 
> Bug: 
> Change-Id: I25b0cac352db3efb56b922ace64ab2aaef82472d
> Reviewed-on: https://chromium-review.googlesource.com/744008
> Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
> Cr-Commit-Position: refs/heads/master@{#49439}

TBR=jkummerow@chromium.org,mstarzinger@chromium.org,mlippautz@chromium.org,bmeurer@chromium.org,predrag.rudic@mips.com,ivica.bogosavljevic@mips.com,Ilija.Pavlovic@mips.com,sreten.kovacevic@mips.com,Miran.Karic@imgtec.com

Change-Id: Ic0c6339473481fa75908e942bc86de2b5c6349d8
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/776655
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49441}
2017-11-17 11:02:48 +00:00
Predrag Rudic
3e0bf580e8 MIPS[64] Implementation of MSA instructions in builtin simulator
This commit is a step toward enabling test-run-wasm-simd tests for MIPS.
36 of those were failing in V8 builtin simulator because some instructions
were not implemented.  Also there are minor fixes to some of the already
implemented instructions.

This commit has only 32-bit implementation. After review I will add
64-bit version.

Bug: 
Change-Id: I25b0cac352db3efb56b922ace64ab2aaef82472d
Reviewed-on: https://chromium-review.googlesource.com/744008
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#49439}
2017-11-17 10:24:15 +00:00
Adam Klein
6e39c9e1a7 Remove always-on flag --harmony-strict-legacy-accessor-builtins
It was shipped in Chrome 62.

Bug: v8:5070
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I77119540411d1fe15691d40012cb96f4e2e45048
Reviewed-on: https://chromium-review.googlesource.com/776154
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49434}
2017-11-17 04:06:30 +00:00
Jakob Kummerow
b5997de8a9 [bigint] Fix accidental input modification in Divide
"AbsoluteDivSmall" had a shortcut path for abs(divisor) == 1 where
it would simply return the dividend as result. However, its caller
"Divide" was blissfully ignorant of this trick and would therefore
simply set the value's sign as needed, modifying the input.
This CL prevents that, while continuing to avoid the full division
algorithm for abs(divisor) == 1.

Bug: v8:6791
Change-Id: I04cdc93f5ed2a696587c35c754e68f07012dd1a9
Reviewed-on: https://chromium-review.googlesource.com/772332
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49433}
2017-11-17 01:50:50 +00:00
Bill Budge
0df1471ac6 [Memory] Add base::OS::SetPermissions method.
- Adds SetPermissions method which returns bool result.
- Eliminates Guard, SetReadAndWritable, SetReadAndExecutable, and
  SetReadWriteAndExecutable methods.
- Adds some Fuchsia memory allocation implementation.
- Some minor fixes in usage of OS::AllocatePageSize and
  OS::CommitPageSize.
- Adds DCHECKs for sanitizing parameters to OS::Allocate/Free.

Bug: chromium:756050
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I966ec6f029dd0371d70eca20bae197d87956f8b5
Reviewed-on: https://chromium-review.googlesource.com/760657
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49430}
2017-11-16 20:09:12 +00:00
Tobias Tebbi
19ac10e58a Reland^6 "[turbofan] eagerly prune None types and deadness from the graph"
Reland of https://chromium-review.googlesource.com/c/v8/v8/+/727893
The crashes should be fixed by https://chromium-review.googlesource.com/c/v8/v8/+/763531

Original change's description:
> Revert "Reland^5 "[turbofan] eagerly prune None types and deadness from the graph""
> 
> This reverts commit ac0661b358.
> 
> Reason for revert: Clusterfuzz unhappy: chromium:783019 chromium:783035
> 
> Original change's description:
> > Reland^5 "[turbofan] eagerly prune None types and deadness from the graph"
> >
> > This gives up on earlier attempts to interpret DeadValue as a signal of
> > unreachable code. This does not work because free-floating dead value
> > nodes, and even pure branch nodes that use them, can get scheduled so
> > early that they get reachable. Instead, we now eagerly remove branches
> > that use DeadValue in DeadCodeElimination and replace DeadValue inputs
> > to value phi nodes with dummy values.
> >
> > Reland of https://chromium-review.googlesource.com/715716
> >
> > Bug: chromium:741225 chromium:776256
> > Change-Id: I251efd507c967d4a8882ad8fd2fd96c4185781fe
> > Reviewed-on: https://chromium-review.googlesource.com/727893
> > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#49188}
> 
> TBR=jarin@chromium.org,tebbi@chromium.org
> 
> Bug: chromium:741225 chromium:776256 chromium:783019 chromium:783035
> Change-Id: I6a8fa3a08ce2824a858ae01817688e63ed1f442e
> Reviewed-on: https://chromium-review.googlesource.com/758770
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49262}

TBR=jarin@chromium.org,tebbi@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: chromium:741225 chromium:776256 chromium:783019 chromium:783035
Change-Id: I6c02b4beb02997ec34015ed2f6791a93c70f5e36
Reviewed-on: https://chromium-review.googlesource.com/772150
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49429}
2017-11-16 20:01:22 +00:00
Tobias Tebbi
82271defd6 [turbofan] fix typing and lowering of SpeculativeSafeInteger{Add,Subtract}
Bug: 
Change-Id: Ibd7c17b4ace25237c3d35466280aff27c44016f0
Reviewed-on: https://chromium-review.googlesource.com/774461
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49427}
2017-11-16 19:02:27 +00:00
Clemens Hammacher
6802775efc Reland "[wasm] Fix importing wasm-lazy-compile stubs"
This is a reland of 77b0baa649.

Original change's description:
> [wasm] Fix importing wasm-lazy-compile stubs
>
> If two modules use lazy compilation, and one imports a function of
> another, we are unwrapping the js-to-wasm wrapper of the export. This
> was failing so far, because during unwrapping we did not find the wasm
> code.
> This CL fixes this by also recognizing WasmCompileLazy stubs as "wasm
> code".
>
> R=ahaas@chromium.org
>
> Bug: chromium:779569, v8:5991
> Change-Id: If2260c3721e3746a7635b9d0182fd520df2fb773
> Reviewed-on: https://chromium-review.googlesource.com/771672
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49405}

Bug: chromium:779569, v8:5991
Change-Id: I4818e933467bd5a040f1514b8fc18db219a092c7
Reviewed-on: https://chromium-review.googlesource.com/774538
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49426}
2017-11-16 18:50:07 +00:00
Andreas Haas
d9a91da635 [inspector] Dispose the isolate in the inspector tests
At the moment the inspector tests do not dispose the isolate. This is a
problem because the disposal of the isolate is used to stop the
execution of background tasks. The missing disposal of the isolate
caused flaky tests on the bots recently. With this CL the isolates of
the inspector tests get disposed.

The disposal of the isolate requires the following changes: 1) Store the
isolate in a unique_ptr so that it gets disposed when the isolate-data
gets disposed. It is necessary to use the unique_ptr so that the isolate
gets disposed after other members of isolate-data get disposed.  2)
Dispose all sessions. The reason is that the sessions require the
isolate to exist when they get disposed because they own handles.
Sessions, however, are stored in a static map, whereas the isolate is
stored indirectly in a local variable of the main function. Since local
variables get disposed before the static map is cleared, we have to
clear the map before the end of the main function.

R=kozyatinskiy@chromium.org

Change-Id: Icb33184de254638b6cdfb899e940f18e6064cd69
Reviewed-on: https://chromium-review.googlesource.com/774885
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49424}
2017-11-16 17:42:37 +00:00
Clemens Hammacher
1cec66d31b [Liftoff] Don't force unrelated stack slots into registers
When initializing the stack state at a merge point, don't force all
stack slots into registers. Allow constants to stay constants as long
as they are not part of the merge. Otherwise we might break assumptions
of outer blocks which then try to merge a register into a constant and
fail.
Also, add some documentation to {InitMergeStackSlot} to document the
intent of the implementation.

R=titzer@chromium.org

Bug: v8:784050, v8:6600
Change-Id: I3a4c83b446909027be075d3207cb7c748a6b1aad
Reviewed-on: https://chromium-review.googlesource.com/766353
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49423}
2017-11-16 17:34:17 +00:00
Ross McIlroy
72575d3c67 [Compile] Move stepping logic from compilation job to compiler dispatcher.
Now that UnoptimizedCompileJob only has three stages, move the logic for
stepping between these stages out of UnoptimizedCompileJob and back into
CompilerDispatcher.

BUG=v8:5203

Change-Id: I3bb776e14ef9da801dc9792e9e643b8026135060
Reviewed-on: https://chromium-review.googlesource.com/774743
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49422}
2017-11-16 17:20:07 +00:00
Michal Majewski
430e03b3c6 Remove shell info from testcase.
Bug: v8:6917
Change-Id: Ic50ed8aca2ef6b6e60eae194cf46c2264a416657
Reviewed-on: https://chromium-review.googlesource.com/774265
Commit-Queue: Michał Majewski <majeski@google.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49417}
2017-11-16 15:42:26 +00:00
Michal Majewski
0a12eaea45 Remove env field from testcase.
Bug: v8:6917
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I09fb05ac6d4b9b1223118494ce2c89e3ab5de109
Reviewed-on: https://chromium-review.googlesource.com/771870
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michał Majewski <majeski@google.com>
Cr-Commit-Position: refs/heads/master@{#49415}
2017-11-16 15:26:06 +00:00
Michael Starzinger
b8b622c94a [builtins] Set {builtin_index} during code allocation.
This ensures that the {Code::builtin_index} field is only set during
allocation of new {Code} objects, making this field truly immutable.

R=jgruber@chromium.org
BUG=v8:6792

Change-Id: Ic793346976183149e2d077e92cb9da3c925ea865
Reviewed-on: https://chromium-review.googlesource.com/774439
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49414}
2017-11-16 13:56:49 +00:00
Ross McIlroy
8ff0ca1b1c [Compiler] Simplify UnoptimizedCompileJob
Simplifies the unoptimized compile job to have only three steps, the
on-main-thread prepare step, the off-thread compile step and the
on-main-thread finalization step.

As part of this change, the compiler dispatcher no longer supports
functions with outer scopeinfo's, since these need to be analysed on the
main thread.

BUG=v8:5203

Change-Id: Ifb378ef81bd47b6f6d4037a3b8acf88660896c4e
Reviewed-on: https://chromium-review.googlesource.com/774558
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49413}
2017-11-16 13:31:37 +00:00
Hannes Payer
6c431dde20 [heap] Always allocate executable MemoryChunks rw.
This CL also narrows the rw scopes on various call sites.

Bug: chromium:774108,v8:6792
Change-Id: I41a6f5dc4948833baaa441fb998ef40d8a832619
Reviewed-on: https://chromium-review.googlesource.com/758370
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49411}
2017-11-16 12:34:48 +00:00
Daniel Clifford
4002bf96e3 Fix hole escape in dictionary mode Array.prototype.slice()
Bug: chromium:778668
Change-Id: I0d2cc2166aab93bb7cb5dcc6c72cdb0b335a655f
Reviewed-on: https://chromium-review.googlesource.com/774263
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49410}
2017-11-16 12:17:58 +00:00
Clemens Hammacher
0d5d2a1ede Revert "[wasm] Fix importing wasm-lazy-compile stubs"
This reverts commit 77b0baa649.

Reason for revert: Breaks on win64 bot: https://logs.chromium.org/v/?s=chromium%2Fbb%2Fclient.v8%2FV8_Win64_-_debug%2F20172%2F%2B%2Frecipes%2Fsteps%2FCheck%2F0%2Flogs%2Flazy-compilation%2F0

Original change's description:
> [wasm] Fix importing wasm-lazy-compile stubs
> 
> If two modules use lazy compilation, and one imports a function of
> another, we are unwrapping the js-to-wasm wrapper of the export. This
> was failing so far, because during unwrapping we did not find the wasm
> code.
> This CL fixes this by also recognizing WasmCompileLazy stubs as "wasm
> code".
> 
> R=​ahaas@chromium.org
> 
> Bug: chromium:779569, v8:5991
> Change-Id: If2260c3721e3746a7635b9d0182fd520df2fb773
> Reviewed-on: https://chromium-review.googlesource.com/771672
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49405}

TBR=ahaas@chromium.org,clemensh@chromium.org

Change-Id: If5ab7b9de95ef662a65a6a5b919fa1f13aa492cd
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:779569, v8:5991
Reviewed-on: https://chromium-review.googlesource.com/774518
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49409}
2017-11-16 12:07:36 +00:00
Sathya Gunasekaran
3cf3259973 [class] Lazy parse class constructor with class fields
Previously, we had lazy parsing of class constructor disabled when a
class literal had class fields because we were using a reference to
the initializer function variable to load the function and call it.

Instead, in this patch, we use the scope analysis to lookup this
initializer function variable.

Bug: v8:5367
Change-Id: Ib73d7e6abed33c04d1f574e7976bea4869d54757
Reviewed-on: https://chromium-review.googlesource.com/768384
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49406}
2017-11-16 11:18:04 +00:00
Clemens Hammacher
77b0baa649 [wasm] Fix importing wasm-lazy-compile stubs
If two modules use lazy compilation, and one imports a function of
another, we are unwrapping the js-to-wasm wrapper of the export. This
was failing so far, because during unwrapping we did not find the wasm
code.
This CL fixes this by also recognizing WasmCompileLazy stubs as "wasm
code".

R=ahaas@chromium.org

Bug: chromium:779569, v8:5991
Change-Id: If2260c3721e3746a7635b9d0182fd520df2fb773
Reviewed-on: https://chromium-review.googlesource.com/771672
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49405}
2017-11-16 11:16:58 +00:00
Clemens Hammacher
22e4c4613b [wasm] [interpreter] Fix interpreter-to-wasm calls
When calling the CWasmEntry in order to call from the interpreter to a
wasm function, the given buffer must hold the arguments, and must also
have enough space to hold the return values. We were missing the second
part, hence we failed when there are no parameters, but a return.

R=ahaas@chromium.org

Bug: chromium:784125
Change-Id: I08d417cae60eea64fda8a72e898dbed9f3e88148
Reviewed-on: https://chromium-review.googlesource.com/771633
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49402}
2017-11-16 11:13:43 +00:00
peterwmwong
0a66361d7c [js-perf-test] Add Collection constructor and double type microbenchmarks
- Add {Map/Set/WeakMap/WeakSet}-Constructor microbenchmarks
- Add {Map/Set}-Double microbenchmarks (testing heap number keys)

Bug: v8:6604
Change-Id: Icadd5c81bfb59a58a2a65e119663d3f22637165d
Reviewed-on: https://chromium-review.googlesource.com/773595
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49398}
2017-11-16 07:21:05 +00:00
peterwmwong
007203abd0 [collections] Handle holes in collection constructor fast paths
Bug: chromium:784990
Change-Id: I08c10ec706ccaba765edc7322dc92374863b8a7a
Reviewed-on: https://chromium-review.googlesource.com/771387
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49397}
2017-11-16 06:59:25 +00:00
Benedikt Meurer
3dddc2b50f [ic] Properly handle negative indices.
We need to explicitly rule out negative indices for the out-of-bounds
case, otherwise we can end up with a monomorphic KeyedLoadIC that allows
OOB accesses, but doesn't properly check whether there are properties
with negative integer names on the receiver.

Bug: chromium:784835
Change-Id: Ic3ef5438b76094f024de0c6348183fb62b32088c
Reviewed-on: https://chromium-review.googlesource.com/774278
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49396}
2017-11-16 06:56:25 +00:00
jing.bao
69ab034892 [ia32][wasm] Add I16x8 Binop and CompareOp.
Mul/MinS/MaxS/AddSaturateU/SubSaturateU/MinU/MaxU, Eq/Ne

Bug: 
Change-Id: I197712c37dcbc6648be5fd040ca23f2ea777a4f3
Reviewed-on: https://chromium-review.googlesource.com/760156
Commit-Queue: Jing Bao <jing.bao@intel.com>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49395}
2017-11-16 02:40:35 +00:00
Georgia Kouveli
1adce94ab3 [arm64] Add CopyDoubleWordsMode option to CopyDoubleWords.
The option lets us use the function in cases where we cannot use the current
version due to restrictions on src and dst. This will be useful for some arm64
builtins when we pad the stack arguments, where we will need to copy the
existing arguments either one slot up or one slot down in memory.

Bug: v8:6644
Change-Id: I75281cdc9fa6812e3b24bf5756057c93305cbb95
Reviewed-on: https://chromium-review.googlesource.com/771711
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
Cr-Commit-Position: refs/heads/master@{#49394}
2017-11-15 19:03:47 +00:00
Alexey Kozyatinskiy
11e635bd19 [inspector] followup with adding missing entry to JSTests.json
TBR=jgruber@chromium.org

Bug: v8:7078
Change-Id: I032bb6c8a9d1079ac9d8f69f6bef3de32f6e78ca
Reviewed-on: https://chromium-review.googlesource.com/772250
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49393}
2017-11-15 18:52:37 +00:00
Clemens Hammacher
b46cc820ba [wasm] compile fuzzer: Also generate loops
Beside blocks, do also generate loops.
Also, generalize generation of breaks such that they can happen
anywhere, even outside of a block or loop.

R=eholk@chromium.org

Change-Id: Ib2f8c75913e97f331ec105fd87fc882bc5c04864
Reviewed-on: https://chromium-review.googlesource.com/771610
Reviewed-by: Eric Holk <eholk@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49392}
2017-11-15 17:44:05 +00:00
Ross McIlroy
aafdfba899 [Compiler] Remove isolate from CompilationInfo.
Removes Isolate from compilation info and instead threads isolate through
function calls. This ensures that we can't access the isolate from
background thread compilations.

BUG=v8:5203

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I9a4e1cd67c4736e36f609360b996fb55166a1c50
Reviewed-on: https://chromium-review.googlesource.com/751745
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49386}
2017-11-15 15:40:55 +00:00
Andreas Haas
1031b5e75f [platform] Add TaskRunners to the TestPlatform
R=rmcilroy@chromium.org

Change-Id: I8c62ab212d9b741a5413b075ecbebee515161d6f
Reviewed-on: https://chromium-review.googlesource.com/771831
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49385}
2017-11-15 15:04:14 +00:00
Andreas Haas
859af1b734 [wasm] Add task runner to the platform in the streaming compilation cctests
The foreground task runner and the background task runner are the same.
Thereby we can get predictable behavior.

R=clemensh@chromium.org

Change-Id: I18f9c7277a344b7884d6de0c2159cc3f010576b4
Reviewed-on: https://chromium-review.googlesource.com/771833
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49383}
2017-11-15 14:47:24 +00:00
Toon Verwaest
8123f5c3c7 [csa] Type CSA code related to String length accesses
Bug: v8:7065
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I7882b719f72561cd22b874eae239000936fad35c
Reviewed-on: https://chromium-review.googlesource.com/768874
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49381}
2017-11-15 12:59:04 +00:00
Andreas Haas
0ef8da2664 [wasm] Check code section bytes in the streaming decoder
The streaming decoder allocates the whole section buffer of the code
section when it reads the section length of the code section. Therefore
we have to check that the different parts of the code section actually
use all the bytes, and that the different parts of the code section do
not need more bytes than available. The check that all bytes are used
was missing in the case where the code section contained zero functions.

In addition, this CL adds some tracing to the streaming decoder which
may be useful in future debugging.

R=clemensh@chromium.org

Bug: chromium:783595
Change-Id: Icf056c25a3000b4a08a791939dab0ccde9fc3f80
Reviewed-on: https://chromium-review.googlesource.com/768788
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49380}
2017-11-15 12:42:54 +00:00
Andreas Haas
8a1bafaf1a Reland "[platform] Implement TaskRunners in the DefaultPlatform"
There was a data race in the access of the foreground_task_runner_map_.
I protect each access to foreground_task_runner_map_ with a lock now.

Original change's description:
> [platform] Implement TaskRunners in the DefaultPlatform
>
> This CL implements the TaskRunners in the DefaultPlatform which has been
> added recently to the platform API. In addition I changed how task
> posting works on the DefaultPlatform.
>
> With this implementation the DefaultPlatform keeps one
> DefaultForegroundTaskRunner per isolate, plus one
> DefaultBackgroundTaskRunner. The DefaultPlatform owns these TaskRunners
> with a shared_ptr, which is also shared with any caller of
> GetForegroundTaskRunner or GetBackgroundTaskrunner.
>
> This CL moves the task management from the DefaultPlatform to the
> TaskRunners.  The DefaultForegroundTaskRunner owns and manages the the
> task queue, the delayed task  queue, and the idle task queue. The
> DefaultBackgroundTaskRunner owns the WorkerThread pool and the
> background task queue.
>
> In addition changed many Task* to std::unique_ptr<Task> to document task
> ownership.
>
> R=rmcilroy@chromium.org
>
> Change-Id: Ib9a01f1f45e5b48844a37d801f884210ec3f6c27
> Reviewed-on: https://chromium-review.googlesource.com/753583
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49354}

Change-Id: Iddccdb07bde1a799815ec6ed6af37082df4987c7
Reviewed-on: https://chromium-review.googlesource.com/770970
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49379}
2017-11-15 12:35:54 +00:00
Jakob Gruber
271ffdb0f7 [collections] Allocate large collections in large object space
The backing store fixed array for collections needs to be allocated
in LOS if it exceeds the maximum regular heap object size.

Drive-by-fix: Only store fixed array map once as per TODO.

Bug: chromium:784862
Change-Id: I6b4dd2e45153ae107171e21bc7448e0d9b54b0ed
Reviewed-on: https://chromium-review.googlesource.com/771150
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49378}
2017-11-15 12:08:35 +00:00
Tobias Tebbi
9e92289536 [turbofan] Escape analysis no longer introduces Dead nodes in unreachable code.
Bug: chromium:780658
Change-Id: Ie1252a4e4e8ae8621817ab8c058715dcc3cef7d9
Reviewed-on: https://chromium-review.googlesource.com/769507
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49377}
2017-11-15 11:16:01 +00:00
Ross McIlroy
2f5d90a816 [d8] Add a stress-background-compile mode
Adds a stress-background-compile mode which runs compilation on a background
thread at the same time as compiling on the main thread to flush out races.
This is added as one of the variants, removing stress_asm_validation since this
is no longer a useful variant.

BUG=v8:5203

Change-Id: I73dd9f21d9b6da4a4cb39c05061aa24116e6c5ad
Reviewed-on: https://chromium-review.googlesource.com/741746
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49376}
2017-11-15 11:08:21 +00:00
Michael Starzinger
d80d85bfc1 [heap] Introduce {Movability} enum for type safety.
R=mlippautz@chromium.org

Change-Id: Ie5ff0347d7c849e1941f8c8237a0bd56fdb68a4e
Reviewed-on: https://chromium-review.googlesource.com/768672
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49372}
2017-11-15 10:11:26 +00:00
Adam Klein
082009fc3d [parser] RewritableExpressions should keep track of their Scope directly
Previously, the Parser stored a Scope alongside a RewritableExpression
for each potential destructuring assignment. This Scope was later used
during rewriting to set the correct context for the rewriting. But this
approach failed if a new Scope was inserted into the Scope chain between
the time the assignment was parsed and when it was rewritten.

By storing the Scope directly in RewritableExpression,
ReparentExpressionScopes() is able to appropriately re-scope such
expressions prior to their rewriting.

Bug: chromium:779457
Change-Id: Ieb429a3da841f76d5798610af59da4fccb000652
Reviewed-on: https://chromium-review.googlesource.com/767666
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49368}
2017-11-14 20:30:14 +00:00
Alexey Kozyatinskiy
7345bfcc21 [inspector] perf test for inspector async instrumentation
Prior langing massive async instrumentation refactoring let's add a perf
test to track our progress.

R=dgozman@chromium.org

Bug: v8:7078
Change-Id: I11e1ec962a9f384c2c778061c48935ac410fbe53
Reviewed-on: https://chromium-review.googlesource.com/766647
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49365}
2017-11-14 19:06:15 +00:00
Bill Budge
adc52af506 Reland "[Memory] Use OS::Allocate for all OS memory allocations."
This is a reland of 4899bcb66d
This is a reland of b73ee3344a

Original change's description:
> [Memory] Use OS::Allocate for all OS memory allocations.
>
> - Eliminates OS::ReserveRegion and OS::ReserveAlignedRegion.
> - Changes OS::Allocate to take alignment parameter, reorders parameters
>   to match page_allocator.
> - Since the size of memory allocation can be deduced, don't return the
>   amount of memory allocated.
> - Changes reservation of aligned address space. Before we would reserve
>   (size + alignment) rounded up to page size. This is too much, because
>   maximum misalignment is (alignment - page_size).
> - On Windows and Cygwin, we release an oversize allocation and
>   immediately retry at the aligned address in the allocation. If we
>   lose the address due to a race, we just retry.
> - Clean up all the calls to OS::Allocate in codegen and tests by adding
>   helper AllocateSystemPage function (allocation.h) and
>   AllocateAssemblerBuffer (cctest.h).
> - Changes 'assm' to 'masm' in some targets for consistency when using
>   a macro-assembler.
>
> - Eliminates OS::ReleaseRegion, replacing with calls to OS::Free.
> - Adds bool return value to OS::Free.
> - Cleans up types of flags, protection on Windows and Cygwin.

> Bug: chromium:756050
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: I306dbe042cc867670fdc935abca29db074b0da71

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Iad3c025334e8f8d7d647be99a36a11ee449c9087
Reviewed-on: https://chromium-review.googlesource.com/767014
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49363}
2017-11-14 17:21:58 +00:00
Michael Achenbach
c56cff2359 Revert "[platform] Implement TaskRunners in the DefaultPlatform"
This reverts commit 8de2e6db02.

Reason for revert: Suspect for:
https://build.chromium.org/p/client.v8/builders/V8%20Win32%20-%20nosnap%20-%20shared/builds/24237
https://build.chromium.org/p/client.v8/builders/V8%20Win64/builds/20896

Original change's description:
> [platform] Implement TaskRunners in the DefaultPlatform
> 
> This CL implements the TaskRunners in the DefaultPlatform which has been
> added recently to the platform API. In addition I changed how task
> posting works on the DefaultPlatform.
> 
> With this implementation the DefaultPlatform keeps one
> DefaultForegroundTaskRunner per isolate, plus one
> DefaultBackgroundTaskRunner. The DefaultPlatform owns these TaskRunners
> with a shared_ptr, which is also shared with any caller of
> GetForegroundTaskRunner or GetBackgroundTaskrunner.
> 
> This CL moves the task management from the DefaultPlatform to the
> TaskRunners.  The DefaultForegroundTaskRunner owns and manages the the
> task queue, the delayed task  queue, and the idle task queue. The
> DefaultBackgroundTaskRunner owns the WorkerThread pool and the
> background task queue.
> 
> In addition changed many Task* to std::unique_ptr<Task> to document task
> ownership.
> 
> R=​rmcilroy@chromium.org
> 
> Change-Id: Ib9a01f1f45e5b48844a37d801f884210ec3f6c27
> Reviewed-on: https://chromium-review.googlesource.com/753583
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49354}

TBR=rmcilroy@chromium.org,ahaas@chromium.org

Change-Id: I6c381915a2cae8ea1a0d21d6cfa6e797ccd2d947
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/768748
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49357}
2017-11-14 14:51:16 +00:00
Andreas Haas
8de2e6db02 [platform] Implement TaskRunners in the DefaultPlatform
This CL implements the TaskRunners in the DefaultPlatform which has been
added recently to the platform API. In addition I changed how task
posting works on the DefaultPlatform.

With this implementation the DefaultPlatform keeps one
DefaultForegroundTaskRunner per isolate, plus one
DefaultBackgroundTaskRunner. The DefaultPlatform owns these TaskRunners
with a shared_ptr, which is also shared with any caller of
GetForegroundTaskRunner or GetBackgroundTaskrunner.

This CL moves the task management from the DefaultPlatform to the
TaskRunners.  The DefaultForegroundTaskRunner owns and manages the the
task queue, the delayed task  queue, and the idle task queue. The
DefaultBackgroundTaskRunner owns the WorkerThread pool and the
background task queue.

In addition changed many Task* to std::unique_ptr<Task> to document task
ownership.

R=rmcilroy@chromium.org

Change-Id: Ib9a01f1f45e5b48844a37d801f884210ec3f6c27
Reviewed-on: https://chromium-review.googlesource.com/753583
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49354}
2017-11-14 14:11:34 +00:00
Camillo Bruni
e634740bf9 [log] Support --log-function-events in the parser
This partially retires --trace-parse and --trace-preparse which will be fully removed in
a later CL.

Drive-by-fix: make the Parser constructor arguments order more
consistent.

Bug: chromium:757467
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I80a688ce553adfa65ad346718604bd53a9e606a9
Reviewed-on: https://chromium-review.googlesource.com/744046
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49350}
2017-11-14 10:36:58 +00:00
Andreas Haas
ffee558e14 [cleanup] use unique_ptr for the DefaultPlatform
With this CL, {CreateDefaultPlatform} returns a unique_ptr to indicate
that the caller owns the returned memory. We had several memory leaks
where the memory of the DefaultPlatform did not get deallocated.

In addition, the {TracingController} of the {DefaultPlatform} also gets
received as a unique_ptr. Thereby we document that the {DefaultPlatform}
takes ownership of the {TracingController}. Note that the memory of the
{TracingController} was already owned by the {DefaultPlatform}, but it
was not documented in the interface, and it was used incorrectly in
tests.

This CL fixes the asan issues in 
https://chromium-review.googlesource.com/c/v8/v8/+/753583	
([platform] Implement TaskRunners in the DefaultPlatform)

R=rmcilroy@chromium.org

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I0d1a6d3b22bb8289dc050b1977e4f58381cec675
Reviewed-on: https://chromium-review.googlesource.com/755033
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49349}
2017-11-14 09:57:18 +00:00
Camillo Bruni
6526c6dd10 [RCS] Add explicit tests for function callbacks
This CL adds a very crude unittest to check that RuntimeCallStats work
correctly with api callbacks present. This currently doesn't check that
all parent timers (namely FunctionCallback) are handled properly.

Drive-by-Fix:
- Use Microseconds for all RCS timer tests
- Add TestWithContext::SetGlobalProperty helper
- Use explicit v8:: prefix in test-utils.{h,cc}

Change-Id: I054e78abca0b87a3b9e07d3b06cccdad15403bae
Reviewed-on: https://chromium-review.googlesource.com/766429
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49348}
2017-11-14 09:48:08 +00:00
Michael Stanton
ebe6d7a97f Revert "[TurboFan] Diagnostic code to track down bug in representation selection"
This reverts commit f010b28fbe.

Reason for revert: Introduces a clusterfuzz issue and CAnary crash

Original change's description:
> [TurboFan] Diagnostic code to track down bug in representation selection
> 
> We need to characterize the types of dead (IrOpcode::kDead) nodes
> introduced in compilation phases prior to representation selection.
> Normally, a dead node isn't expected at the start of this phase. The
> question is, which phase introduced the dead node and failed to
> deal with it properly?
> 
> Bug: chromium:780658
> Change-Id: Ief5b45480bb7d704a2d09dafd60b5d389e0fd42e
> Reviewed-on: https://chromium-review.googlesource.com/765968
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Commit-Queue: Michael Stanton <mvstanton@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49328}

TBR=mvstanton@chromium.org,mstarzinger@chromium.org

Change-Id: I5d628eb1de630ce4a353b6ef0f80fd74ad740f17
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:780658
Reviewed-on: https://chromium-review.googlesource.com/768747
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49347}
2017-11-14 09:26:51 +00:00
peterwmwong
81931e726b Remove NativeWeakMap
Bug: v8:7016
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I5a509fb91a337eec4a58ab4a13d7104e8ba3ff23
Reviewed-on: https://chromium-review.googlesource.com/760677
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49346}
2017-11-14 09:23:08 +00:00
Camillo Bruni
837ce0f9a3 [test] Adjust empty PropertyArray regression test
Make sure we have at least two elements in the Map, otherwise we don't
perform a proper dictionary lookup.

Bug: chromium:781218
Change-Id: I471e3822b95c15e3a5b2ac54c8ad1f030bd54d40
Reviewed-on: https://chromium-review.googlesource.com/768708
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49345}
2017-11-14 09:14:18 +00:00
peterwmwong
c5c50e1860 [builtins] Port WeakMap/WeakSet constructor to CSA
- Remove weak-collection.js
- Adds TFJ builtins for WeakSet and WeakMap constructors
- Unified helpers and constructor behavior into a BaseCollectionsAssembler
- Fast paths for...
  - unmodified constructor function
  - argument is a fast JS array
  - entries are fast JS arrays, for Map/WeakMap
  - no arguments passed

Quick benchmarks shows significant improvements (1.12x - 5.7x!) for ALL collection constructors (weak and non-weak):
https://github.com/peterwmwong/v8-perf/blob/master/weakcollection-constructor/README.md

More could be done for performance.  Currently we always call out to JS to add entries, if we knew the prototype was unmodified, we could call the builtins directly.

Bug: v8:5049, v8:6604
Change-Id: Id7912c1eed5bcf512df7fd6238f04166a8a5937e
Reviewed-on: https://chromium-review.googlesource.com/760385
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49343}
2017-11-14 08:43:38 +00:00
Mathias Bynens
88a2b1ee98 [test] Fix cctest/test-regexp/ParserWithoutLookbehind
The lookbehind tests weren’t being skipped in the “without
lookbehind” case, resulting in a redundant test.

Bug: v8:4545
Change-Id: Ia004508373ba6ec49fd9de690909467eb0a15361
Reviewed-on: https://chromium-review.googlesource.com/765468
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49339}
2017-11-14 08:11:17 +00:00
Michael Achenbach
45e52d520b Revert "Make intl/overrides/caching.js more 'robust'"
This reverts commit 4091f2b3a8.

Reason for revert: Flaky on the bots:
https://build.chromium.org/p/client.v8/builders/V8%20Linux64/builds/21321
https://build.chromium.org/p/client.v8/builders/V8%20Win64/builds/20879
https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20msvc/builds/101

Original change's description:
> Make intl/overrides/caching.js more 'robust'
> 
> Bug: None
> Test: intl/overrides/caching
> Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
> Change-Id: Iffd0f58f76d6514924badca18a2112df572e53d2
> Reviewed-on: https://chromium-review.googlesource.com/757945
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Commit-Queue: Jungshik Shin <jshin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49334}

TBR=adamk@chromium.org,jshin@chromium.org

Change-Id: Id2fe00089c2bcbc8ecc7958fe13c8a80da733e60
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: None
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/766288
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49336}
2017-11-13 19:13:13 +00:00
Adam Klein
ead5abac9d [bigint] Correct StringToBigInt radix and junk handling
Fix two more places where StringToBigInt differs from parseInt:
  - Binary and octal radix prefixes are supported
  - Trailing non-whitespace junk is not allowed

This is done with a new Behavior enum in BigIntParseIntHelper,
along with a couple of bool configuration flags in StringToIntHelper.

Bug: v8:6791, v8:7038
Change-Id: Ib91bfc5ccb04ad0dd6c99bc81e19c1239264a469
Reviewed-on: https://chromium-review.googlesource.com/764595
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49335}
2017-11-13 18:55:00 +00:00
Jungshik Shin
4091f2b3a8 Make intl/overrides/caching.js more 'robust'
Bug: None
Test: intl/overrides/caching
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: Iffd0f58f76d6514924badca18a2112df572e53d2
Reviewed-on: https://chromium-review.googlesource.com/757945
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Jungshik Shin <jshin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49334}
2017-11-13 18:42:10 +00:00
Michael Achenbach
58b4af1b45 [test] Skip some tests on gc fuzzer
NOTRY=true
TBR=majeski@google.com

Bug: v8:7012
Change-Id: Iaac782596ab3fdb7338f04fe7b3af7474b36fa57
Reviewed-on: https://chromium-review.googlesource.com/766347
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49329}
2017-11-13 15:01:35 +00:00
Mike Stanton
f010b28fbe [TurboFan] Diagnostic code to track down bug in representation selection
We need to characterize the types of dead (IrOpcode::kDead) nodes
introduced in compilation phases prior to representation selection.
Normally, a dead node isn't expected at the start of this phase. The
question is, which phase introduced the dead node and failed to
deal with it properly?

Bug: chromium:780658
Change-Id: Ief5b45480bb7d704a2d09dafd60b5d389e0fd42e
Reviewed-on: https://chromium-review.googlesource.com/765968
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49328}
2017-11-13 15:00:20 +00:00
Michael Starzinger
2bc09c95fb [builtins] Add stack check during generator resumption.
This fixes a corner-case where resuming a suspended generator would not
perform stack overflow checks and hence cause the stack to grow without
bounds.

R=neis@chromium.org
BUG=chromium:781583

Change-Id: Ib04116e489ac6b962cb821263860497abb57bbae
Reviewed-on: https://chromium-review.googlesource.com/765953
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49327}
2017-11-13 14:52:10 +00:00
Camillo Bruni
b4c9e2e716 [unittests] Add TestWithIsolate::RunJS helper method
- Update most callsites to use the new RunJS method
- Update tests to use TestWithNativeContext if possible
- Remove RunJS from test-helpers.cc
- Remove TestWithRandomNumberGenerator from test-utils.h

Change-Id: Ib2a6cc56334dc391ca6a2aeb7780fa324f44f109
Reviewed-on: https://chromium-review.googlesource.com/765373
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49325}
2017-11-13 14:27:51 +00:00
Daniel Clifford
cecbe26bca Fix index bug in splicing dictionary element arrays
Bug: chromium:783119
Change-Id: I617db4f6740fb2cfe036ccf162a12aa2bac28e86
Reviewed-on: https://chromium-review.googlesource.com/763460
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49320}
2017-11-13 11:21:40 +00:00
Michael Achenbach
2662b214f7 [test] Mark slow test on msan
NOTRY=true
TBR=sergiyb@chromium.org

Change-Id: I200c088d3cf1c3c1a16040b1395b534ccd9d9268
Reviewed-on: https://chromium-review.googlesource.com/765471
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49319}
2017-11-13 10:59:03 +00:00
Camillo Bruni
eab2f2e654 Disallow empty PropertyArray as properties backing store
The only empty PropertyArray is the empty_property_array object on the
isolate. Allowing empty PropertyArrays causes the turbofan to ignore the
existing hash when growing the backing store again. We currently only end
up with the empty PropertyArray when following back transitions.

Bug: chromium:781218, chromium:783713
Change-Id: If41dd09b965cdc8d957b9ca50ba3c8a7f4254769
Reviewed-on: https://chromium-review.googlesource.com/763230
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49318}
2017-11-13 10:56:53 +00:00
Jakob Gruber
8122afa726 Revert "Reland "[Memory] Use OS::Allocate for all OS memory allocations.""
Revert this and its follow-up as suspect for current canary OOM crasher.

This reverts commit 4899bcb66d.
This reverts commit b73ee3344a.

TBR=adamk@chromium.org,hpayer@chromium.org

Bug: chromium:783708
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I4c00582e7ab2df22216ad6732e2843e9958db0c0
Reviewed-on: https://chromium-review.googlesource.com/765447
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49315}
2017-11-11 19:49:26 +00:00
Pierre Langlois
85e25df619 [csa] Transform multiplications into left shifts
Turn cases where we are multiplying with a power of two into a left shift. We
hit this optimisation roughly 500 times in the snapshot.

Bug: 
Change-Id: Ibd3104a3dbe49f247a2d84db94891f6e3a897026
Reviewed-on: https://chromium-review.googlesource.com/763229
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#49306}
2017-11-10 18:29:11 +00:00
Bill Budge
b73ee3344a [Memory] Eliminate OS::ReleaseRegion.
- Eliminates OS::ReleaseRegion, replacing with calls to OS::Free.
- Adds bool return value to OS::Free.
- Cleans up types of flags, protection on Windows and Cygwin.

Bug: chromium:756050
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I6a642374e33876966a5552fb0cdf552dc6d79aaa
Reviewed-on: https://chromium-review.googlesource.com/762345
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49305}
2017-11-10 17:43:41 +00:00
Benjamin
4d3bc552b5 [coverage] add coverage for binary expressions
Adds block-level coverage tracking for binary && and ||
expressions. Introduces a BinaryOperation source-range
for tracking the operations themselves and an Expression
source-range, used for tracking NaryLogical expressions.

This builds on work by jgruber@chromium.org in
the issue.

TBR=marja@chromium.org
R=jgruber@chromium.org, rmcilroy@chromium.org

Bug: v8:6660
Change-Id: I83a81f13a3514a734c06948b2d3e91138fb00e18
Reviewed-on: https://chromium-review.googlesource.com/754564
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49304}
2017-11-10 17:41:51 +00:00
Jakob Gruber
e4b394a1f4 Revert "Reland "[runtime] Slightly optimize creation of class literals.""
This reverts commit 22932d6b43.

Reason for revert: TSAN https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20TSAN/builds/18232

Original change's description:
> Reland "[runtime] Slightly optimize creation of class literals."
> 
> Bug: v8:5799
> Change-Id: I782ec131c7194aef20942a19750168a974913c3f
> Reviewed-on: https://chromium-review.googlesource.com/757337
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49291}

TBR=ulan@chromium.org,rmcilroy@chromium.org,jarin@chromium.org,ishell@chromium.org,verwaest@chromium.org

Change-Id: I0742d25b0e2364efc696d19492ba20614a3821fa
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:5799
Reviewed-on: https://chromium-review.googlesource.com/763458
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49303}
2017-11-10 16:00:31 +00:00
Daniel Clifford
d5885ca2b9 Fix splice bug in handling of negative arguments length
Bug: chromium:778668
Change-Id: Ie75f2ecb9e6134b6eb57c7d7fb6ea33cbb2fc2bf
Reviewed-on: https://chromium-review.googlesource.com/753324
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49301}
2017-11-10 15:23:28 +00:00
Ivica Bogosavljevic
1789c6f99d MIPS: Update OWNERS
MIPS team has recently migrated to @mips.com e-mail address.
Dusan Simicic is no longer part of MIPS V8 team, therefore
his name is removed from OWNERS.

TBR=mstarzinger@chromium.org
NOTRY=true

Bug: 
Change-Id: I67fde24a5b9214fa3fca05c0399888b8d18fc699
Reviewed-on: https://chromium-review.googlesource.com/758639
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49299}
2017-11-10 14:33:48 +00:00
Michal Majewski
5faaa2ebc1 Temporary GC fuzzer.
Temporary implementation of GC fuzzer based on the deopt fuzzer.
It will be merged with the deopt fuzzer to create more general numfuzzer.

Webkit test suite updated to ignore trace_incremental_marking flag output.

Bug: v8:6917
Change-Id: I053ae32f3cd3f74ba8b71fc5bdfc7264f54dca11
Reviewed-on: https://chromium-review.googlesource.com/758437
Commit-Queue: Michał Majewski <majeski@google.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49296}
2017-11-10 14:23:38 +00:00
Clemens Hammacher
359e69e183 Reland "[Liftoff] Implement parallel register moves"
This is a reland of 6c6132880a
Original change's description:
> [Liftoff] Implement parallel register moves
> 
> This was not implemented so far, leading to lots of clusterfuzz issues.
> Testing this feature would require complicating the interface a lot and
> exposing more implementation details in the header file, hence we just
> go with regression tests for now.
> 
> R=ahaas@chromium.org, titzer@chromium.org
> 
> Bug: v8:6600, chromium:782280
> Change-Id: I12863f3eb59a8dffdcc7d3bfb8e1f0ae0eec15ee
> Reviewed-on: https://chromium-review.googlesource.com/758772
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49286}

Bug: v8:6600, chromium:782280
Change-Id: I82a75bfeaf83dc63a2917da3ccdc4721c5d689e7
Reviewed-on: https://chromium-review.googlesource.com/763387
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49292}
2017-11-10 12:18:08 +00:00
Igor Sheludko
22932d6b43 Reland "[runtime] Slightly optimize creation of class literals."
Bug: v8:5799
Change-Id: I782ec131c7194aef20942a19750168a974913c3f
Reviewed-on: https://chromium-review.googlesource.com/757337
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49291}
2017-11-10 11:57:18 +00:00
Clemens Hammacher
5a6cc315f8 Revert "[Liftoff] Implement parallel register moves"
This reverts commit 6c6132880a.

Reason for revert: breaks compilation on win64 bot: https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20msvc/builds/69

Original change's description:
> [Liftoff] Implement parallel register moves
> 
> This was not implemented so far, leading to lots of clusterfuzz issues.
> Testing this feature would require complicating the interface a lot and
> exposing more implementation details in the header file, hence we just
> go with regression tests for now.
> 
> R=​ahaas@chromium.org, titzer@chromium.org
> 
> Bug: v8:6600, chromium:782280
> Change-Id: I12863f3eb59a8dffdcc7d3bfb8e1f0ae0eec15ee
> Reviewed-on: https://chromium-review.googlesource.com/758772
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49286}

TBR=titzer@chromium.org,ahaas@chromium.org,clemensh@chromium.org

Change-Id: I386983da7f9f03d54cef2190b01fd2cc5785966e
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6600, chromium:782280
Reviewed-on: https://chromium-review.googlesource.com/763367
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49289}
2017-11-10 10:04:35 +00:00
Michael Starzinger
d6f0db8b7b [heap] Remove dead {MemoryChunk::CommitArea} method.
R=hpayer@chromium.org
BUG=v8:6792

Change-Id: Iba360a83c8c1d929c29c0a4e0c5f32cef8755c85
Reviewed-on: https://chromium-review.googlesource.com/758650
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49287}
2017-11-10 09:53:23 +00:00
Clemens Hammacher
6c6132880a [Liftoff] Implement parallel register moves
This was not implemented so far, leading to lots of clusterfuzz issues.
Testing this feature would require complicating the interface a lot and
exposing more implementation details in the header file, hence we just
go with regression tests for now.

R=ahaas@chromium.org, titzer@chromium.org

Bug: v8:6600, chromium:782280
Change-Id: I12863f3eb59a8dffdcc7d3bfb8e1f0ae0eec15ee
Reviewed-on: https://chromium-review.googlesource.com/758772
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49286}
2017-11-10 09:47:32 +00:00
Camillo Bruni
f3b6b5b587 Enable RCS unittests again
- Implement exchangeable timer clock for RuntimeCallStats for testing
- Rewrite RuntimeCAllStatsTest to overwrite the default RCS timer

This gets rid of the previous flakiness for these tests due to using
the real platform timer.

Bug: v8:5677
Change-Id: Iff312c7f79ab97407ba1c0c2c72fb0b35a5efdf1
Reviewed-on: https://chromium-review.googlesource.com/760416
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49285}
2017-11-10 09:40:23 +00:00
Mathias Bynens
54637463a3 [test] Re-enable all Unicode property tests
The DEPS roll in f3a2e34d updated ICU to a version that includes
a fix for https://ssl.icu-project.org/trac/ticket/13462. As a
result, our Script_Extension data is now correct again.

This patch re-enables the Test262 tests that were failing due to this
ICU data bug.

BUG=v8:4743

Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: If0f08693ed0355c59b9c02aa6d941dab1588431c
Reviewed-on: https://chromium-review.googlesource.com/761616
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49284}
2017-11-10 09:09:20 +00:00
Georg Neis
23496a2f41 [compiler] Really do not call Min/Max on empty type.
There were some places left where that could happen.

Bug: chromium:782754
Change-Id: I1db1f5b361cdf443b730a220c0e569ad48dd298d
Reviewed-on: https://chromium-review.googlesource.com/758841
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49283}
2017-11-10 08:37:06 +00:00
Michael Lippautz
667555c6b8 [heap] Remove independent handles
Removes the handling of the flag independent. The flag will be removed in a followup.

The patch changes handling of V8::PersistentBase that are set to Weak:
- The Scavenger ignores the flag independent.
- The Scavenger keeps alive anything that is marked as Active.
- The Scavenger is free to drop weak handles of non-Active object if they 
  are otherwise dead.

Active:
- Any JSObject will always be marked Active.
- Any JSApiObject will be marked Active if it has been modified (=has elements, properties, etc.)

CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel;master.tryserver.chromium.android:android_optional_gpu_tests_rel

Bug: chromium:780749
Change-Id: If1f547f2419930ad9400bd3b11bdbf609cb57649
Reviewed-on: https://chromium-review.googlesource.com/741801
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49277}
2017-11-09 17:29:11 +00:00
Bill Budge
4899bcb66d Reland "[Memory] Use OS::Allocate for all OS memory allocations."
This is a reland of 7e78506fc2
Original change's description:
> [Memory] Use OS::Allocate for all OS memory allocations.
> 
> - Eliminates OS::ReserveRegion and OS::ReserveAlignedRegion.
> - Changes OS::Allocate to take alignment parameter, reorders parameters
>   to match page_allocator.
> - Since the size of memory allocation can be deduced, don't return the
>   amount of memory allocated.
> - Changes reservation of aligned address space. Before we would reserve
>   (size + alignment) rounded up to page size. This is too much, because
>   maximum misalignment is (alignment - page_size).
> - On Windows and Cygwin, we release an oversize allocation and
>   immediately retry at the aligned address in the allocation. If we
>   lose the address due to a race, we just retry.
> - Clean up all the calls to OS::Allocate in codegen and tests by adding
>   helper AllocateSystemPage function (allocation.h) and
>   AllocateAssemblerBuffer (cctest.h).
> - Changes 'assm' to 'masm' in some targets for consistency when using
>   a macro-assembler.
> 
> Bug: chromium:756050
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: I306dbe042cc867670fdc935abca29db074b0da71
> Reviewed-on: https://chromium-review.googlesource.com/749848
> Commit-Queue: Bill Budge <bbudge@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49235}

Bug: chromium:756050
Change-Id: I333f7a6aea0bcb608d01cafb43e94893a4625b15
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/758509
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49273}
2017-11-09 15:10:01 +00:00
Eric Holk
52b0b901bf [wasm fuzzer] fix i64.store generation error
This was meant to be included in https://crrev.com/c/757129 but got missed
somehow. The fuzzer was generating i64.store instructions with an i32 value
argument instead of i64 like it should be.

Bug: 
Change-Id: I5b5bcdb22b2ac3abe872e7ff0ab0019b5ecb9c98
Reviewed-on: https://chromium-review.googlesource.com/759148
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49270}
2017-11-09 13:20:25 +00:00
jgruber
2d06b834b0 [coverage] Move try-catch-finally logic into builders
Move block coverage logic for TryCatchStatement and TryFinallyStatement
nodes into builder classes.

Bug: v8:6000
Change-Id: I0402ef78a54d6ba1bae62214f16aabfebbd7c581
Reviewed-on: https://chromium-review.googlesource.com/758645
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49268}
2017-11-09 12:54:15 +00:00
Georg Neis
22d4e6e8e3 [compiler] Fix OperationTyper::NumberAbs.
I made a mistake in yesterday's cleanup.

R=jarin@chromium.org

Bug: chromium:783051
Change-Id: Iabd7403096197ce8e54d46e079bc9a70aa98578d
Reviewed-on: https://chromium-review.googlesource.com/758765
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49266}
2017-11-09 12:18:10 +00:00
Andreas Haas
4a7c98e51c [wasm][fuzzer] Clear pending exception unconditionally
Pending exceptions were not cleared when the TurboFan result was not
compared to the Interpreter result, which happens when the result may be
affected by potential nondeterminism. With this CL we always clear
pending exceptions.

R=clemensh@chromium.org

Bug: chromium:782267
Change-Id: Ibe9b33c94810cccb6282c6c8dc49748fb79b07e4
Reviewed-on: https://chromium-review.googlesource.com/758272
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49265}
2017-11-09 12:17:05 +00:00
Jaroslav Sevcik
9eb92da618 [deoptimizer] Make sure property arrays don't contain mutable heap numbers.
Since the deoptimizer generalizes maps for all materialized objects, it
must make sure that none of the object's fields contain mutable heap numbers
(only double fields are allowed to point to mutable heap numbers). With this CL,
we simply change any mutable heap numbers in property arrays to immutable ones.

This could be dangerous if some non-materialized object could point to this
property array, but this cannot happen because interpreter registers cannot
refer to naked property arrays.

Bug: chromium:776309
Change-Id: I897b604fa804de673710cfa3ba0595dbd9f80eeb
Reviewed-on: https://chromium-review.googlesource.com/759781
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49263}
2017-11-09 12:02:47 +00:00
Tobias Tebbi
c899637deb Revert "Reland^5 "[turbofan] eagerly prune None types and deadness from the graph""
This reverts commit ac0661b358.

Reason for revert: Clusterfuzz unhappy: chromium:783019 chromium:783035

Original change's description:
> Reland^5 "[turbofan] eagerly prune None types and deadness from the graph"
>
> This gives up on earlier attempts to interpret DeadValue as a signal of
> unreachable code. This does not work because free-floating dead value
> nodes, and even pure branch nodes that use them, can get scheduled so
> early that they get reachable. Instead, we now eagerly remove branches
> that use DeadValue in DeadCodeElimination and replace DeadValue inputs
> to value phi nodes with dummy values.
>
> Reland of https://chromium-review.googlesource.com/715716
>
> Bug: chromium:741225 chromium:776256
> Change-Id: I251efd507c967d4a8882ad8fd2fd96c4185781fe
> Reviewed-on: https://chromium-review.googlesource.com/727893
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49188}

TBR=jarin@chromium.org,tebbi@chromium.org

Bug: chromium:741225 chromium:776256 chromium:783019 chromium:783035
Change-Id: I6a8fa3a08ce2824a858ae01817688e63ed1f442e
Reviewed-on: https://chromium-review.googlesource.com/758770
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49262}
2017-11-09 11:00:45 +00:00
Michael Starzinger
d1193e3c6c Adapt heap profiler test to changed GC timing.
R=machenbach@chromium.org
BUG=v8:6792
NOTREECHECKS=true
NOTRY=true

Change-Id: I878b11c6bddeca59ff49bfa88031a4ce15507e04
Reviewed-on: https://chromium-review.googlesource.com/759039
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49261}
2017-11-09 10:55:05 +00:00
Mostyn Bramley-Moore
b9c9932202 [jumbo] fix B macro/symbol clashes in arm64 builds
assembler-arm64.h and assembler-arm64-inl.h have a B() function
which conflicts with the B macro in bytecode-utils.h.

Headers that leak macros can be annoying to deal with, in this case
we can't simply undef B at the end of source files that include
bytecode-utils.h because the second source file that includes
bytecode-utils.h won't see the B macro.  Let's just move this macro
into the two unittest files that include this header.

Bug: chromium:746958
Change-Id: I588b73fe81615f882a0e010c92ba187d3bc2bf25
Reviewed-on: https://chromium-review.googlesource.com/758779
Commit-Queue: Mostyn Bramley-Moore <mostynb@vewd.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49258}
2017-11-09 09:33:45 +00:00
Mostyn Bramley-Moore
de65d40211 [jumbo] undef more instances of __ after use
Bug: chromium:746958
Change-Id: I38e19678e57e5769f4eb19b588ab1de1f4c3bb11
Reviewed-on: https://chromium-review.googlesource.com/758777
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Mostyn Bramley-Moore <mostynb@vewd.com>
Cr-Commit-Position: refs/heads/master@{#49252}
2017-11-09 08:51:35 +00:00
Erik
04f7d484db RegExp: Add the ability to switch flags on and off within the regexp.
R=yangguo@chromium.org

This is a reland of
for the no-i18n configuration.

https: //chromium-review.googlesource.com/c/v8/v8/+/571746 with a fix
Bug: 
Change-Id: I3e654791267b20fb3703ad4220404d8078f43440
Reviewed-on: https://chromium-review.googlesource.com/758999
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Erik Corry <erikcorry@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49251}
2017-11-09 08:11:45 +00:00
Mathias Bynens
9237c08dd2 [regexp] Support Regional_Indicator property class
This patch adds support for Regional_Indicator within Unicode property
escapes in regular expressions.

The Regional_Indicator binary property was added in Unicode v10 and is
supported in ICU 60.1.

An `#if` directive is used to prevent breaking Node.js until they
update their ICU.

BUG=v8:4743

Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I7acec13c8ae7552558a0f852937984bba828e738
Reviewed-on: https://chromium-review.googlesource.com/758273
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49250}
2017-11-09 07:52:35 +00:00
jing.bao
ff71747d4e [ia32][wasm] Add I16x8 ShiftOp and Binop.
Shl/ShrS/ShrU
Add/AddSaturateS/Sub/SubSaturateS

Bug: 
Change-Id: I9fbca45a22505ce1cea6b6ee2b57c07b71d31d50
Reviewed-on: https://chromium-review.googlesource.com/737513
Commit-Queue: Jing Bao <jing.bao@intel.com>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49247}
2017-11-09 02:39:04 +00:00
Alexei Filippov
ae5bc7c2f8 Mark StaticCollectSampleAPI test as flaky.
BUG=v8:7054
TBR=adamk@chromium.org,yangguo@chromium.org
NOTRY=true
NOTREECHECKS=true

Change-Id: I69690ac4062c0dcb3c66a7db3ddba6d1078bc389
Reviewed-on: https://chromium-review.googlesource.com/759246
Commit-Queue: Alexei Filippov <alph@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49244}
2017-11-09 01:14:10 +00:00
Karl Schimpf
1719ecb9dc Add capability to handle CSP 'wasm-eval' in V8
Like CSP flag 'unsafe-eval', which communicates if both JS source
files and WASM binary files may be compiled, this CL adds a similar
flag for the compilation of WASM binary files.

That is, a WASM binary file will be compiled only if the new flag is
defined, or the flag for 'unsafe-eval' allows it. These flags are
implemented as callback functions on the isolate. The callbacks get a
(CSP) context, and a string, and returns the corresponding value of
the flag.

Both callbacks are initialized with the nullptr, and is used to
communicate that no CSP policy is defined. This allows this concept to
work, independent of it running in Chrome.

It also does a small clean up in api.cc to use macro CALLER_SETTERS,
instead of explicit code when appropriate.

Bug: v8:7041
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Idb3356574ae2a298057e6b7bccbd3492831952ae
Reviewed-on: https://chromium-review.googlesource.com/759162
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Eric Holk <eholk@chromium.org>
Commit-Queue: Karl Schimpf <kschimpf@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49243}
2017-11-09 00:40:42 +00:00
Bill Budge
1ea3fd2e13 Revert "[Memory] Use OS::Allocate for all OS memory allocations."
This reverts commit 7e78506fc2.

Reason for revert: Broke Android build on Arm64.

Original change's description:
> [Memory] Use OS::Allocate for all OS memory allocations.
> 
> - Eliminates OS::ReserveRegion and OS::ReserveAlignedRegion.
> - Changes OS::Allocate to take alignment parameter, reorders parameters
>   to match page_allocator.
> - Since the size of memory allocation can be deduced, don't return the
>   amount of memory allocated.
> - Changes reservation of aligned address space. Before we would reserve
>   (size + alignment) rounded up to page size. This is too much, because
>   maximum misalignment is (alignment - page_size).
> - On Windows and Cygwin, we release an oversize allocation and
>   immediately retry at the aligned address in the allocation. If we
>   lose the address due to a race, we just retry.
> - Clean up all the calls to OS::Allocate in codegen and tests by adding
>   helper AllocateSystemPage function (allocation.h) and
>   AllocateAssemblerBuffer (cctest.h).
> - Changes 'assm' to 'masm' in some targets for consistency when using
>   a macro-assembler.
> 
> Bug: chromium:756050
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: I306dbe042cc867670fdc935abca29db074b0da71
> Reviewed-on: https://chromium-review.googlesource.com/749848
> Commit-Queue: Bill Budge <bbudge@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49235}

TBR=bbudge@chromium.org,hpayer@chromium.org,mlippautz@chromium.org

Change-Id: Ic09de4d63c19746a62e804b1f889817ffaebc330
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:756050
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/758625
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49242}
2017-11-08 23:08:33 +00:00
Eric Holk
ea08828bb3 [wasm fuzzer] Require AST fuzzer modules to validate
The Wasm AST-based fuzzer is supposed to create valid modules by
construction. This change adds a CHECK to enforce this property.

Additionally, this change exposed several cases where we were not generating
valid modules before:
  * Block types did not match up correctly
  * Memory operations could have invalid alignments
  * Storing an i64 could generate an i32 argument incorrectly.
This CL includes fixes for these issues as well.

Bug: 
Change-Id: I1aef5532bc880367ec46dc6e79b2d4dbacf2f84b
Reviewed-on: https://chromium-review.googlesource.com/757129
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49241}
2017-11-08 21:29:40 +00:00
Junliang Yan
a4d966121c [wasm] Fix expected function to match interpreter's function
b % 32 could produce negative results. Therefore, the result
of the shift could be undefined values.

Bug: 
Change-Id: I6c2f7201df424735695aa01891d46523e3c5bd12
Reviewed-on: https://chromium-review.googlesource.com/759079
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49240}
2017-11-08 20:48:33 +00:00
Sathya Gunasekaran
24b26a0cfc [class] Use CreateDataProperty runtime call
StoreDataPropertyInLiteral doesn't throw (because the previous uses of
this didn't throw), but class fields can throw on defining the
property which means we can't use this. Changing to CreateDataProperty
runtime call instead.

Bug: v8:5367
Change-Id: I1ab45413b121972dd18fe2b35a0cedd8efe0e0bf
Reviewed-on: https://chromium-review.googlesource.com/757824
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49239}
2017-11-08 20:27:00 +00:00
Yang Guo
3c8195d910 [map] Fix map constructor to correctly throw.
We need to throw before rethrowing, otherwise the exception does
not trigger a debugger event and is not reported if uncaught.

R=gsathya@chromium.org, jgruber@chromium.org

Bug: v8:7047
Change-Id: I7ce0253883a21d6059e4e0ed0fc56dc55a0dcba6
Reviewed-on: https://chromium-review.googlesource.com/758372
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49237}
2017-11-08 19:54:20 +00:00
Alexei Filippov
295c9cc643 [cpu-profiler] Add static CollectSample method to the CpuProfiler API.
The method forces all running profilers attached to the provided isolate
to collect a sample with the current stack.

It is going to be used to synchronize trace events generated by embedder with the samples
collected by the profiler.

Also it will finally allow us to break dependency of isolate on CPU profiler.

BUG=chromium:721099

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I81a0f8a463f837b5201bc8edaf2eb4f3761e3ff8
Reviewed-on: https://chromium-review.googlesource.com/750264
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49236}
2017-11-08 19:48:40 +00:00
Bill Budge
7e78506fc2 [Memory] Use OS::Allocate for all OS memory allocations.
- Eliminates OS::ReserveRegion and OS::ReserveAlignedRegion.
- Changes OS::Allocate to take alignment parameter, reorders parameters
  to match page_allocator.
- Since the size of memory allocation can be deduced, don't return the
  amount of memory allocated.
- Changes reservation of aligned address space. Before we would reserve
  (size + alignment) rounded up to page size. This is too much, because
  maximum misalignment is (alignment - page_size).
- On Windows and Cygwin, we release an oversize allocation and
  immediately retry at the aligned address in the allocation. If we
  lose the address due to a race, we just retry.
- Clean up all the calls to OS::Allocate in codegen and tests by adding
  helper AllocateSystemPage function (allocation.h) and
  AllocateAssemblerBuffer (cctest.h).
- Changes 'assm' to 'masm' in some targets for consistency when using
  a macro-assembler.

Bug: chromium:756050
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I306dbe042cc867670fdc935abca29db074b0da71
Reviewed-on: https://chromium-review.googlesource.com/749848
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49235}
2017-11-08 19:39:51 +00:00
Jungshik Shin
494aa2e015 Reenable intl/number-format/format-currency test
Now that ICU 60.1 was autorolled in, reenable
number-format/format-currency test the expected result of which was
adjusted to match the output from ICU 60.1/CLDR 32.

Bug: chromium:766816
Test: intl/number-format/format-currency
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: If58d493821d505b86202e134b9e2061504dd5e6a
Reviewed-on: https://chromium-review.googlesource.com/758027
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Jungshik Shin <jshin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49234}
2017-11-08 19:37:50 +00:00
Clemens Hammacher
d16520127f [wasm] [fuzzer] Omit input hash in error message
For each single bug, the fuzzer might find many very similar inputs
which trigger this bug. All of them are reported as individual bugs
currently, which means lots of noise in bug reports and increased
workload for the clusterfuzz sheriffs.
After this change, all bugs of the same category ("compiles !=
validates", "interpreter != liftoff", ...) will be grouped together.
This requires us to fix them soon after reporting, as they will hide
all other bugs of the same category.

R=ahaas@chromium.org
CC=mmoroz@chromium.org

Change-Id: Ie203eed0c7681e3450df977b10c0d9dbbc402d34
Reviewed-on: https://chromium-review.googlesource.com/758438
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49231}
2017-11-08 17:27:10 +00:00
Mathias Bynens
4cc8e1d9bc [test] Enable passing Unicode property class tests
Instead of disabling the entire RegExp Unicode property escape test
suite, this patch explicitly lists the failing tests and only disables
them.

BUG=v8:4743

Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: If398eb4fcc8d9d96279dc5afb29489e699744d9f
Reviewed-on: https://chromium-review.googlesource.com/758757
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49230}
2017-11-08 17:10:30 +00:00
Mathias Bynens
63536799ac [regexp] Support Emoji_Component property class
This patch adds support for Emoji_Component within Unicode property
escapes in regular expressions.

The Emoji_Component binary property was added in Emoji data v5
and is supported in ICU 60.1.

An `#if` directive is used to prevent breaking Node.js until they
update their ICU.

BUG=v8:4743

Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: If1b49a4c175e88f1840ca5ef8d57829d6d8c3291
Reviewed-on: https://chromium-review.googlesource.com/758261
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49229}
2017-11-08 16:35:50 +00:00
Georg Neis
d98ef522ac [compiler] Replace type->IsInhabited() by !type->IsNone().
They have been meaning the same thing for a while now.

R=jarin@chromium.org

Bug: 
Change-Id: Ie5988e6429b795babfa1e1f79841a9f03b8362dc
Reviewed-on: https://chromium-review.googlesource.com/758268
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49228}
2017-11-08 15:16:17 +00:00
jgruber
7223024658 [factory] Simplify JSFunction creation
There's three common situations in which we need to create JSFunction
objects.  1) from the compiler, 2) from tests, and 3) everything else
(mostly during bootstrapping).

This is an attempt to simplify case 3), which previously relied on
several Factory::NewFunction overloads where it was not clear how the
semantics of each overload differed.

This CL removes all but one overload, and packs arguments into a new
NewFunctionArgs helper class.

It also removes the hacks around
SFI::set_lazy_deserialization_builtin_id by explicitly passing
builtin_id into Factory::NewSharedFunctionInfo.

Drive-by-fix: Properly set is_constructor hint in
SimpleCreateSharedFunctionInfo.

Bug: v8:6624
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ica94d95e72e443055db5e7ff9e8cdf4115201ef1
Reviewed-on: https://chromium-review.googlesource.com/757094
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49224}
2017-11-08 13:52:13 +00:00
Clemens Hammacher
3c483de7df [wasm] Mark C_WASM_ENTRY as no tagged_params
The C_WASM_ENTRY only calls wasm code, so (outgoing) parameters of this
code are always untagged.

R=ahaas@chromium.org

Bug: v8:7049
Change-Id: I989908eea668bd56aa88f3f1744105d218584ef1
Reviewed-on: https://chromium-review.googlesource.com/758245
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49221}
2017-11-08 12:55:17 +00:00
Peter Marshall
17eda5f968 [serializer] Fix serialization of TypedArrays with an offset.
We explicitly serialize the backing store when we see the TypedArray.
We then put the reference in the external_pointer. To recalculate the
backing_store pointer during deserialization, we have to keep track of
each TypedArray and then fix up the pointer by adding the offset again.

Bug: v8:6966
Change-Id: I105d44413cffe5766c23c2a3d32ca2b78b5f22e8
Reviewed-on: https://chromium-review.googlesource.com/751269
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49219}
2017-11-08 12:30:57 +00:00
Clemens Hammacher
54d68665f2 [wasm] [fuzzer] [cleanup] Reuse helper method
We already have a helper method for generating a sequence of values.
Reuse this instead of reimplementing the same thing two more times.

R=ahaas@chromium.org
CC=eholk@chromium.org

Change-Id: Ifbbe1324173951156c1ec9bba84fd1aa4bcb2adb
Reviewed-on: https://chromium-review.googlesource.com/758365
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49216}
2017-11-08 10:57:53 +00:00
Michael Achenbach
731d0fcfa5 [test] Skip flaky test
NOTRY=true
TBR=clemensh@chromium.org

Bug: v8:7049
Change-Id: I08db96d92a14cb048c2287b6c73b150eeb0fe864
Reviewed-on: https://chromium-review.googlesource.com/758367
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49215}
2017-11-08 10:46:33 +00:00
jgruber
55a9807682 [string] Fix regexp fast path in MaybeCallFunctionAtSymbol
The regexp fast path in MaybeCallFunctionAtSymbol had an issue in which
we'd call ToString after checking that the given {object} was a fast
regexp and deciding to take the fast path. This is invalid since
ToString() can call into user-controlled JS and may mutate {object}.

There's no way to place the ToString call correctly in this instance:
1 before BranchIfFastRegExp, it's a spec violation if we end up on the
  slow regexp path;
2 the problem with the current location is already described above;
3 and we can't place it into the fast-path regexp builtin (e.g.
  RegExpReplace) either due to the same reasons as 1.

The solution in this CL is to restrict the fast path to string
arguments only, i.e. cases where ToString would be a nop and can safely
be skipped.

Bug: chromium:782145
Change-Id: Ifd35b3a9a6cf2e77c96cb860a8ec98eaec35aa85
Reviewed-on: https://chromium-review.googlesource.com/758257
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49213}
2017-11-08 09:49:33 +00:00
Sathya Gunasekaran
f9a3a040b9 [class] Implement runtime semantics for instance fields in base class
Creates a new initializer function to instantiate instance class
fields in a base class.

An initializer function (similar to the one created for static fields)
is created during class declaration and assigned to a synthetic
context allocated variable.

This function is loaded from the variable during instantiation (when
the constructor is run) and run.

Bug: v8:5367
Change-Id: Ie11c2183b3001234ae41d7bcc2cb9b02c0764ab5
Reviewed-on: https://chromium-review.googlesource.com/754445
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49207}
2017-11-08 00:40:42 +00:00