Commit Graph

54612 Commits

Author SHA1 Message Date
Jakob Gruber
82fdb91505 [regexp-builtins-fuzzer] Print generated source in verbose mode
My standard procedure for debugging regexp builtin fuzzer finds is to
turn on verbose mode and run the repro. This extends verbose output to
include the generated script which contains e.g. the regexp pattern,
the subject string, and the actual function call.

Tbr: yangguo@chromium.org
Bug: v8:8968
Change-Id: I0c7e930f4cbd34014f2781ca280919c5b002b049
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1511276
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60120}
2019-03-08 11:40:41 +00:00
Sigurd Schneider
7a6e829b72 [heap] Add VisitEphemeron method
This modifies the ObjectVisitor to provide a dedicated VisitEphemeron
method invoked when visiting a EphemeronHashTable. This is pre-work
for further changes to how ephemerons are handled during scavenging.

Bug: v8:8557
Change-Id: Ia423b10667ec222cbe5f44d8a931ea33314625f4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1508673
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60119}
2019-03-08 11:34:51 +00:00
Mike Stanton
d6465298b6 [Torque] Port Array.prototype.shift to Torque
Optimizations to use fast memmove to move elements are preserved, as
well as heuristics for bailout to the runtime if left or right
trimming is desired.

Bug: v8:7672
Change-Id: I01ffc1143b63d705d99a40eab3a7e873596d0aa4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1499495
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60118}
2019-03-08 11:26:12 +00:00
Clemens Hammacher
8161d6b40c [compiler] Remove SpeculationFence
It's not being used, and causes compile errors on windows because of a
name clash (see referenced bugs).

R=mstarzinger@chromium.org
CC=tebbi@chromium.org, jarin@chromium.org

Bug: v8:8953
Change-Id: I22dcdbcbe92f92c390a2f2cdd289dda7f7dc4eb1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1505794
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60117}
2019-03-08 11:11:21 +00:00
Michael Starzinger
bff8621397 [gcmole] Modernize gcmole bootstrap script.
This updates the existing bootstrap.sh script for gcmole to work against
LLVM and Clang version 8.0 releases. This is a follow-up to a previous
change which adapted the gcmole plugin to compile against those same
versions.

R=mslekova@chromium.org
BUG=v8:8813

Change-Id: Id6052fb9a7ec8a63d205eab2d4e233e2121c733d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1511275
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60116}
2019-03-08 11:08:51 +00:00
Andreas Haas
275402260c [wasm] Construct WasmExportedFunctions for table elements lazily
We have to create WasmExportedFunction objects for any WebAssembly
function which may escape a WebAssembly instance. Up until now we
created these WasmExportedFunction objects eagerly during instantiation
time: for any exported function, and any element in an exported table we
create such an object.

With the anyref proposal, the table.get instruction can allow any
function in a table to escape its instance. Therefore we would have to
create a WasmExportedFunction object for any function which is put into
a table.

With this CL we create WasmExportedFunctions for table entries lazily.
We initialize tables with placeholders consisting of the instance and
the function index. If we encounter a placeholder in table.get, we
create the WasmExportedFunction for the expected function to return it.

R=mstarzinger@chromium.org
CC=titzer@chromium.org

Bug: v8:7581
Change-Id: I4f32bd7433285d0b04a22c0fb70b736bac55b3f1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1505575
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60115}
2019-03-08 10:40:41 +00:00
Pavel Medvedev
03ce1d147d Use inherited ctors for MacroAssembler and TurboAssembler
instead of forwarding template constructors for these classes introduced in
edab9a2021 commit.

TurboAssemblerBase constructors were declared as public to make the inherited
TurboAssembler, and MacroAssembler ctors also public.

This fixes Visual C++ 2017 compile error, when the template ctor in
TurboAssemblerBase class matches deleted copy ctor.

Bug: v8:8935
Change-Id: I1144a7025830c3a0ab86acaa8ea81def02d293b1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1496977
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60114}
2019-03-08 09:31:30 +00:00
Junliang Yan
29633efa54 PPC/s390: enable a few tests
Change-Id: I7d71c8cf4f7c0d1b833dc560b0d7418b1739e81a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1508595
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Auto-Submit: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60113}
2019-03-08 08:55:49 +00:00
Jakob Kummerow
34b467e1cd [ubsan] Fix two more UBSan issues
RotateRight32 needs a "number of bits" operand in the range 0..31.
Thankfully that's how x86 shift instructions behave anyway, and
how the bitwise shift operators in JavaScript are spec'ed, so this
fix is unobservable in non-UBSan builds.

RemoveArrayHolesGeneric can be used for length values anywhere in
the uint32_t range, so it must not implicitly cast those to int.
That actually caused an observable bug where a proxy's traps would
not get called at all, but only for huge "length" properties, where
the entire operation would also be painfully slow.

Bug: chromium:935133, chromium:937652
Change-Id: I13f74ca27eae6b2b089d58217842b699b2574509
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1510272
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60112}
2019-03-08 08:26:30 +00:00
Bill Budge
43a197f13b [wasm simd] Refactor tests to check results in C++ code.
- Converts most integer vector tests to use globals (except Select)
  so results can be checked in C++ code.
- Remove integer vector result checking macros.
- Add specializations of test CompareOps for floats, so we can use
  BinOps for integer vector compare opcodes.
- Remove Run#format#CompareOpTests helper functions for integer vector
  types. Use Run#BinOpTests helper function instead.

Bug: v8:6020
Change-Id: I968a71c874b028a750e1118cf51f6678cae90091
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1496281
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60111}
2019-03-08 06:18:40 +00:00
v8-ci-autoroll-builder
1185401218 Update V8 DEPS.
Rolling v8/build: 37fdf54..ba214bf

Rolling v8/test/wasm-js/data: 44dfa15..b552862

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/ccc2908..a07cd8f

Rolling v8/third_party/depot_tools: ffb1ffb..2f3c820

Rolling v8/tools/clang: 8d60039..60462ac

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: I687a2ab71f8b6484d864a86db2579d55ded3882e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1510578
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#60110}
2019-03-08 04:13:10 +00:00
Bill Budge
bd15e18905 Reland "[wasm simd] Fix F32x4 Min and Max"
This is a reland of 821bc64951

Original change's description:
> [wasm simd] Fix F32x4 Min and Max
> 
> - Fix F32x4 tests to save results in globals, so they can be checked
>   in C++ code. Perform correct checks in case of NaNs.
> - Fix ia32, x64 implementations of F32x4Min, F32x4Max to correctly
>   deal with NaNs.
> - Enable tests for all float values on all platforms, except skip
>   denormalized results on ARM, and skip extreme values for reciprocal,
>   reciprocal square root approximation opcodes.
> - Disable Min, Max test for interpreter (see v8:8425) since it doesn't
>   handle NaNs correctly.
> - Fix vmin, vmax implementations in ARM simulator.
> 
> Bug: v8:8639
> Change-Id: I87e188e3cb078f09fdacfd9955f426c20a11bf64
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1495897
> Commit-Queue: Bill Budge <bbudge@chromium.org>
> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60021}

Bug: v8:8639
Change-Id: Ic557aa1d323693eabf5885ff5eddc15e3174079b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1501279
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60109}
2019-03-08 00:38:43 +00:00
Frank Tang
2cf79d12e8 [Intl] Fix special case timezone
Antarctica/DumontDUrville has special casing.

Bug: chromium:928068
Change-Id: I8aea2fafc2c14d6fbfee8a95910df7e8d7d1ff37
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1507329
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60108}
2019-03-07 23:33:22 +00:00
Frank Tang
6b0896abf7 [Intl] Fix Intl.getCanonicalLocales("mo")
Fix 'intl402/Intl/getCanonicalLocales/non-iana-canon'
Add "mo" to IsDeprecatedLanguage list.

Bug: v8:8849
Change-Id: I414f2a86fd18719ddcce07e9cbcb20caa6459acd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1504772
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60107}
2019-03-07 23:28:32 +00:00
Ben Smith
1f5ece9ba2 [wasm] Implement memory.{copy,fill} explicitly
V8's MemMove and libc's memset do not specify how the memory is filled,
but wasm requires the direction to be backward only when the regions are
overlapping and the source address is less than the destination address.

Bug: v8:8950
Change-Id: If392967b51b33ad65fe145660f44b857559e34b1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1507316
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60106}
2019-03-07 21:33:03 +00:00
Junliang Yan
a510ceaf1a [s390] fix tmll overflow on IsSafeToSkipArgumentsAdaptorBit::kMask
Change-Id: I71a347673f656ba7cdb33d5094277f8cac6f4a7c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1508820
Auto-Submit: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Milad Farazmand <miladfar@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#60105}
2019-03-07 20:41:47 +00:00
Igor Sheludko
01779869cf [tsan] Move the xxx_stats status flags out of command line flags
... because the latter are not meant to be modified from non-main thread
and especially after V8 isolate is set up while the former are modified
cuncurrently by tracing API.

Tbr: verwaest@chromium.org
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel
Bug: v8:8929, v8:8834
Change-Id: I44d3da2f388bb8bb8d0365ac6354e761bf92b936
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1505581
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60104}
2019-03-07 20:29:33 +00:00
Francis McCabe
d735882d2d [wasm] ReturnCall Implementation (TurboFan)
Implement ReturnCall functionality for TurboFan compiler.

Bug: v8:7431
Change-Id: I1e20473a9b3eba9ee48c0c11f89029356dd9b9eb
Cq-Include-Trybots: luci.v8.try:v8_linux64_ubsan_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1467344
Commit-Queue: Francis McCabe <fgm@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60103}
2019-03-07 19:36:29 +00:00
Igor Sheludko
afbfd7563d [ptr-compr] Fix ptr-compr broken by 4e6a1a75
(https://chromium-review.googlesource.com/c/v8/v8/+/1467182)

Bug: v8:7703
Change-Id: Ia6b74b985735af67bde56b30e4a709247eb591be
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1508674
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60102}
2019-03-07 18:41:05 +00:00
Sigurd Schneider
4e6a1a75cd [heap] Clean-up some weak map entries in scavenger
This change enables clean-up of weak map entries in the
scavenger of the weak map is in the young generation.
With this change, the scavenger treats keys in ephemerons as
weak instead of strong, but does not implement full ephemeron
semantics: Values are treated always as strong, independently
of whether the key is live or not.

This approach ensures that no value is cleaned up accidentally.
After scavenging, all entries with dead keys are removed from
weak maps. After that, some values that are not referenced anywhere
anymore might still be in the heap, and those can be cleaned up
in the next scavenge.

What the scavenger does, amounts to one iteration of the
fixed-point algorithm required to implement ephemeron semantics.
We hope that this is a reasonable trade-off between time spent
tracing and cleaned-up entries.

This change does not affect weak maps that reside in old space.

Bug: v8:8557
Change-Id: Ic5618b3b863ad8c314c87449571150e756fecbf0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1467182
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60101}
2019-03-07 17:14:26 +00:00
Igor Sheludko
676014b36f [ptr-compr] Fix MSVC build
... which complained about truncating uintptr_t constant to uint32_t.

Bug: v8:7703
Change-Id: I6fae2bf1e5de79e6131479b84a8d8aa5b9de909f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1508672
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60100}
2019-03-07 15:40:42 +00:00
Maya Lekova
45ae9e0ae9 Update gcmole to work with llvm 8 and the new Object design
After introducing the new pointer-containing Object class in V8 (see
https://docs.google.com/document/d/1_w49sakC1XM1OptjTurBDqO86NE16FH8LwbeUAtrbCo/edit),
gcmole stopped finding errorneous usage of raw pointers in functions that could
trigger GC. This CL modifies the heuristics of the tool to classify Object and
MaybeObject instances as raw pointers, thus giving back the missing warnings.

Updated the gcmole implementation to support modern llvm (tested with llvm 8.0)
for which additional support for MaterializeTemporaryExpr, ExprWithCleanups and
UnaryExprOrTypeTraitExpr was needed.

Basic tests are added to make it harder to introduce such errors without
noticing in the future.

This version gives a lot of false positives when ran on the whole project, see
https://docs.google.com/document/d/1K7eJ0f6m9QX6FZIjZnt_GFtUsjEOC_LpiAwZbcAA3f8/edit

R=jkummerow@chromium.org,mstarzinger@chromium.org

Bug: v8:8813
Change-Id: Ic0190a4bc2642eda8880d9f7b30b5145a76a7d89
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1494754
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60099}
2019-03-07 15:22:22 +00:00
Clemens Hammacher
6e98fa925e Rename FormatMessage method
Some windows toolchains contain a macro name 'FormatMessage', making
compilation fail, see e.g.
https://ci.chromium.org/p/v8/builders/try/v8_win64_msvc_compile_rel/b8919741418899023808.

Hence rename {MessageFormatter::FormatMessage} to
{MessageFormatter::Format}.

R=sigurds@chromium.org

Change-Id: I51bd444838be2449bbe848aa0f7f85d73a0a713b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1505456
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60098}
2019-03-07 15:20:22 +00:00
Junliang Yan
14f07a8b30 [ptr-compr] Define kTaggedPayloadOffset correctly on Big Endian
smi size is sill 8 bytes when V8_COMPRESS_POINTERS is undefined.

Bug: v8:7703
Change-Id: I0d1e757e42e8b1e6b10960420135245e24553175
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1508572
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Auto-Submit: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60097}
2019-03-07 15:01:48 +00:00
Clemens Hammacher
41aa8a6082 [wasm] Speed up WasmModuleBuilder
Emitting bytes to the Uint8Array directly speeds up generation of
binaries enormously.
On the limits-any.js spec test (which creates huge modules), the
execution time of an optdebug build reduces from 286 seconds to 61
seconds.

R=titzer@chromium.org
CC=​ahaas@chromium.org, ssauleau@igalia.com

Change-Id: I5b473b7dc7b0853e54d2406f3db3658bb2abed40
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1508352
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60096}
2019-03-07 14:51:52 +00:00
Takuto Ikuta
e762b7db23 [inspector] inspector should have v8_libbase in public_deps
Because string-util.h includes src/base/logging.h

Bug: chromium:931596
Change-Id: Ia6f49ec4629471e8a4a20578c6073b47eab8c4df
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1507000
Auto-Submit: Takuto Ikuta <tikuta@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60095}
2019-03-07 14:22:00 +00:00
Peter Marshall
290cd81651 [serializer] Serialize empty embedder fields by default
When running mksnapshot standalone, no callback is registered to
serialize embedder fields. In this case they are most probably empty as
there is no embedder to set them, so provide a default serialization
that keeps them as nullptr.

Bug: v8:8822
Change-Id: I9219f2755488aa1473959c3ee75e9d4f47202359
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1507677
Auto-Submit: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60094}
2019-03-07 14:20:55 +00:00
Maciej Goszczycki
5ed3c81ed9 [log] Use uninitialized tests in test-log
Most test-log tests create their own isolates, so initializing the cctest
isolate is not necessary.

Bug: v8:7464
Change-Id: Icc3cd9d5053c4070833709cbe28e5bde2cee9708
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1507719
Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
Cr-Commit-Position: refs/heads/master@{#60093}
2019-03-07 13:54:18 +00:00
Michael Starzinger
c7436e3031 [wasm] Fix exceptions in {WasmModuleObject::DeserializeOrCompile}.
This makes sure an exception raised while compiling a module via the
embedder API is properly returned as a "scheduled exception" and hence
propagates to surrounding {v8::TryCatch} scopes.

R=clemensh@chromium.org
TEST=cctest/test-api/WasmModuleObjectCompileFailure
BUG=v8:8908

Change-Id: I52b21fbe5a4548aa346fd6c9b5bac061613db487
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1507673
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60092}
2019-03-07 13:14:40 +00:00
Ujjwal Sharma
acadb20271 [turbofan] add fast path for String.p.startsWith
Add a fast path for String.p.startsWith(str) when length of str is 1.

Bug: v8:8400
Change-Id: I65e657549902dc3ad064a213d815dd098ce6455f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1491872
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60091}
2019-03-07 12:37:39 +00:00
Hannes Payer
96e4068227 Change the allocator interface from Space to Generation.
Bug: v8:8945
Change-Id: I0e1b0d6751efdb468e603df21af4d36972b8b90b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1505455
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60090}
2019-03-07 12:31:00 +00:00
Ulan Degenbaev
99676c0ad0 Avoid implicit narrowing std::string::operator= in AsmJsScanner
Change-Id: Ic11e2c6a7b08b7f470f8f1649f37c48cc53eeee6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1507675
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60089}
2019-03-07 12:26:29 +00:00
Michael Hablich
5b4ec1b550 Update V8 version to 7.5
NOTRY=true
TBR=machenbach@chromium.org

Change-Id: I0b8b93276e7724ef103924d17646599aef7b2ab4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1508212
Reviewed-by: Michael Hablich <hablich@chromium.org>
Commit-Queue: Michael Hablich <hablich@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60088}
2019-03-07 12:24:49 +00:00
Michael Achenbach
d6ef6263fc [build] Temporarily remove goma from gcov builder
This umblocks switching this builder to Xenial. The corresponding gcc
version is not yet supported by goma.

NOTRY=true

Bug: chromium:933093
Change-Id: Ib00d191c229bb598b209dcaf447321b874571e62
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1505577
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60087}
2019-03-07 12:18:19 +00:00
Dan Elphick
803fdb8f20 [docs] Change links from old wiki to v8.dev
Updates a bunch of links from https://github.com/v8/v8/wiki pages to the
appropriate v8.dev page that it redirected to anyway.

Bug: v8:8834
Change-Id: I5b37996900eb779753d97e487d16e1489f54d391
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1503473
Auto-Submit: Dan Elphick <delphick@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60086}
2019-03-07 12:13:30 +00:00
Vadim Gorbachev (bmsdave)
a82b4c4071 Python 3 compatibility errors in third-party libraries
These changes fix Python 3 compatibility errors in third-party libraries
I'm not sure if these problems can be fixed this way.
But! (1) In deps/inspector_protocol no file roll.py
it looks like the repository v8 it shouldn't be, either.
(2) I have not found a separate repository for binutils.


Bug: chromium:935197
Change-Id: Ied2bb83e0539aa392f8fc7c3aeef662612f37d06
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1484302
Reviewed-by: Sergiy Belozorov <sergiyb@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Sergiy Belozorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60085}
2019-03-07 11:29:33 +00:00
Michael Achenbach
e2bbc1cd52 [test] Deprecate endurance fuzzing step
NOTRY=true

Bug: v8:8959
Change-Id: I3493487268aa945aab690ee4561678e61b09aace
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1507676
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Tamer Tas <tmrts@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60084}
2019-03-07 10:42:39 +00:00
v8-ci-autoroll-builder
2a30f632ec Update V8 DEPS.
Rolling v8/build: 80892bf..37fdf54

Rolling v8/buildtools: 3e50219..a9db5de

Rolling v8/buildtools/third_party/libc++/trunk: 22d3f6d..9ae8fb4

Rolling v8/third_party/depot_tools: cf661ac..ffb1ffb

Rolling v8/tools/clang: 257c91c..8d60039

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: I3fd7ecfbcb998097e5cfe062e4f20933244da918
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1507793
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#60083}
2019-03-07 10:38:49 +00:00
Clemens Hammacher
30fac0de61 [wasm] Fix UAF in AsyncCompileJob callbacks
Execute foreground tasks triggered by the {CompilationStateCallback}
via the {CompileStep} mechanism of {AsyncCompileJob} such that they get
cancelled when the AsyncCompileJob dies.

R=ahaas@chromium.org

Bug: chromium:938311
Change-Id: I2082f93f47988c014c8dee3ddf3e9b2940f6f531
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1507674
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60082}
2019-03-07 10:24:39 +00:00
Michael Achenbach
4047f810ac [build] Fix deps path of dsymutil
TBR=yangguo@chromium.org

Change-Id: Ieb6f9da0cd15c65ed0537ecbc3a3c032ac6bbbf7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1507672
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60081}
2019-03-07 09:45:39 +00:00
Michael Starzinger
b60d5674a2 [asm.js] Fix undefined behavior with float32 constants.
R=jkummerow@chromium.org
TEST=mjsunit/asm/regress-937650
BUG=chromium:937650

Change-Id: I9a46fcce68cf1b5c424539aad2f78fbcd30cf9b1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1505458
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60080}
2019-03-07 08:56:37 +00:00
Michael Achenbach
a59ca7358c [test] Make test runner use shell
Bug: v8:8889
Change-Id: If0a8e71dca2ae5660481ba78bf79eb311d60c9e4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1495557
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Sergiy Belozorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60079}
2019-03-07 08:16:27 +00:00
Simon Zünd
7f24389388 Revert "Update V8 DEPS."
This reverts commit 0738c63a42.

Reason for revert: Closes tree

Original change's description:
> Update V8 DEPS.
> 
> Rolling v8/build: 80892bf..2cef311
> 
> Rolling v8/buildtools: 3e50219..a9db5de
> 
> Rolling v8/buildtools/third_party/libc++/trunk: 22d3f6d..9ae8fb4
> 
> Rolling v8/third_party/depot_tools: cf661ac..48f640f
> 
> TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org
> 
> Change-Id: Ibe4c24ac7d8a576c21306a915b0d68222eb4477b
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1507318
> Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
> Cr-Commit-Position: refs/heads/master@{#60077}

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org,v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com

Change-Id: I84832aa42e94f79b6c55f083d574e15c8c2d9353
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1505583
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60078}
2019-03-07 06:29:09 +00:00
v8-ci-autoroll-builder
0738c63a42 Update V8 DEPS.
Rolling v8/build: 80892bf..2cef311

Rolling v8/buildtools: 3e50219..a9db5de

Rolling v8/buildtools/third_party/libc++/trunk: 22d3f6d..9ae8fb4

Rolling v8/third_party/depot_tools: cf661ac..48f640f

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: Ibe4c24ac7d8a576c21306a915b0d68222eb4477b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1507318
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#60077}
2019-03-07 06:05:47 +00:00
tzik
5b0510db7c Give the implementation of v8::MicrotaskQueue::New
This adds the entrypoint to MicrotaskQueue, which used to miss the
implementation.

Bug: v8:8124
Change-Id: I114fb69d975ee75c86b19349ca76789e425ea910
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1505232
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60076}
2019-03-07 04:40:37 +00:00
Jakob Kummerow
91f0cd0082 [ubsan] Fix various ClusterFuzz-found issues
Fixing a few float and int overflows.
Drive-by fix: with --experimental-wasm-bigint, Number values
may not be used to initialize i64-typed globals. The existing
code for doing that relied on UB; since it's a spec violation
the fix is to throw instead.

No regression test for 933103 because it will OOM anyway.
No regression test for 932896 because it would be extremely slow.

Bug: chromium:927894, chromium:927996, chromium:930086, chromium:932679, chromium:932896, chromium:933103, chromium:933134
Change-Id: Iae1c1ff1038af4512a52d3e56b8c4b75f2233314
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1495911
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60075}
2019-03-07 00:09:20 +00:00
Igor Sheludko
ad49f12908 [cleanup] Move Compressed[XXX]Slot definitions to separate header
... and fix header includes to please the respective bot.

Drive-by-fix: decompression implementation is now MSVC friendly.

Bug: v8:7703, v8:8834
Change-Id: Iaf589138e5bafb32b0d9feab5cf074b71f241a3c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1505579
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60074}
2019-03-06 19:41:21 +00:00
Matt Gardner
1297c928d5 [turbofan] Use load_mode feedback for HasProperty access
ReduceJSHasProperty was always passing STANDARD_LOAD instead of using the load mode from
the feedback verctor. This was causing deopt loops when checking for out-of-bounds
indices.

chromium: 937734
Change-Id: I6de29f2c6a80bcc171cf027d47a2d1af1414b76c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1501975
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Matt Gardner <magardn@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#60073}
2019-03-06 19:27:31 +00:00
Georg Neis
73401b1192 Eliminate some object casts
...mainly by giving a more precise type to global_proxy getters.

Change-Id: If4aef6b25baa2c641a45b177c59690e3ebfc3985
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1505578
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60072}
2019-03-06 19:09:41 +00:00
Deepti Gandluri
365b637cc0 Reland "[wasm] Lazy update instances on a shared Memory.Grow"
This is a reland of 80f06d6fb3

Original change's description:
> [wasm] Lazy update instances on a shared Memory.Grow
> 
>  - Introduce a GROW_SHARED_MEMORY interrupt, and handler
>  - Memory objects for isolates are updated on a stack check, add
>    tracking for isolates that hit the stack check
>  - When enough memory is not reserved ahead of time, fail to grow
>  - Add tracking for externalized buffers in the MemoryTracker so
>    that the MemoryTracker will know when backing_stores can be freed.
>  - For shared buffer, do not always allocate a new buffer when
>    growing an externalized buffer
> 
> 
> Change-Id: I9cf1be19f2f165fa6ea4096869f7d6365304c8c4
> Bug: v8:8564
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1472430
> Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
> Reviewed-by: Ben Smith <binji@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60064}

Bug: v8:8564
Change-Id: Id0cf8e42a9d54ac702dba351e248a1b92713c98a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1506357
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60071}
2019-03-06 18:41:19 +00:00