Commit Graph

42560 Commits

Author SHA1 Message Date
Caitlin Potter
88a4cf736e [esnext] ship --harmony-async-iteration
Enable --harmony-async-iteration (Symbol.asyncIterator, async generator
syntax, and for-await-of syntax) by default, as discussed in
https://groups.google.com/forum/#!topic/v8-users/SlLEsgNv4JY

BUG=v8:5855
R=adamk@chromium.org, gsathya@chromium.org

Change-Id: I77a77124a68813431daceca1b0cbaec5af271fee
Reviewed-on: https://chromium-review.googlesource.com/668877
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48068}
2017-09-18 15:15:07 +00:00
Scott Graham
afbdd1dd49 Reland "fuchsia: Set up for 3-sided roll to convert Magenta->Zircon"
This is a reland of aabb893a32
Original change's description:
> fuchsia: Set up for 3-sided roll to convert Magenta->Zircon
> 
> Fuchsia changed their kernel name from Magenta to Zircon and all the
> functions and defines along with it. In order to be able to roll the SDK
> in Chromium, we first need to land with this define added in v8, so that
> can roll in to Chromium, then roll the Fuchsia SDK with this magic
> define set (CHROMIUM_ROLLING_MAGENTA_TO_ZIRCON), then actually update v8
> to reference zx_ instead of mx_ and roll that again.
> 
> Chromium-side for reference: https://chromium-review.googlesource.com/c/chromium/src/+/669139
> 
> Bug: chromium:765754, chromium:707030
> Change-Id: I4ed5027f455d2346f431e7c700e87693348d5b79
> Reviewed-on: https://chromium-review.googlesource.com/668751
> Reviewed-by: Bill Budge <bbudge@chromium.org>
> Commit-Queue: Scott Graham <scottmg@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48047}

TBR=bbudge@chromium.org

Bug: chromium:765754, chromium:707030
Change-Id: Ib6e99ca418af527014622614d07d295b6110f9d5
Reviewed-on: https://chromium-review.googlesource.com/670944
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48067}
2017-09-18 15:00:47 +00:00
Marja Hölttä
68310c9f69 [scanner] UTF-8 handling fix (errors near chunk end).
The bug occurred when we detected an erroneous char late, and put the last
character in a chunk into the "incomplete char" buffer. It was not correctly
retrieved when seeking.

BUG=v8:6836

Change-Id: I8ca946dfdb39244c5ca0bdcebe047047010b3a07
Reviewed-on: https://chromium-review.googlesource.com/670729
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48066}
2017-09-18 14:13:26 +00:00
Mythri
5114f14cc1 [TurboFan] Remove SetForceInline
SetForceInline flag is no longer used. This flag was added for
inlining some of the javascript builtins. They are now ported to
TurboFan builtins. This cl removes SetForceInline runtime function
and the corresponding bits in the SharedFunctionInfo. Also update
inlining heuristics to not look for this bit.

Bug: v8:6682
Change-Id: Ie8df9648332b765a556e24609c38b4e55b810527
Reviewed-on: https://chromium-review.googlesource.com/668436
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48065}
2017-09-18 13:36:16 +00:00
Jaroslav Sevcik
d6ff08223b Revert "[turbofan] Temporarily turn off escape analysis."
This reverts commit 2b15425b0c.

Reason for revert: Re-enabling escape analysis after merging the flag change to 6.1.

Original change's description:
> [turbofan] Temporarily turn off escape analysis.
> 
> Bug: chromium:765433
> Change-Id: Iecc9540f6305bc24a0a5210c149b55403b9ce09d
> Reviewed-on: https://chromium-review.googlesource.com/667106
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48032}

TBR=mstarzinger@chromium.org,jarin@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: chromium:765433
Change-Id: Icac44fd76e2965df1e143700941b628ea7a69166
Reviewed-on: https://chromium-review.googlesource.com/670864
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48064}
2017-09-18 12:16:36 +00:00
Peter Marshall
b6849fc898 [build] Remove unused runtime flag for typed array size threshold.
This is now implemented as a build-time flag.

Change-Id: I10db18725ca6837ae04032725582717233b2c2e5
Reviewed-on: https://chromium-review.googlesource.com/670728
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48063}
2017-09-18 12:03:56 +00:00
Michael Hablich
4fc43530a7 Revert "[Memory] Move VirtualMemory out of base:: platform."
This reverts commit 4dd293d922.

Reason for revert: Blocks roll: https://chromium-review.googlesource.com/c/chromium/src/+/669785

Original change's description:
> [Memory] Move VirtualMemory out of base:: platform.
> 
> - Moves base::VirtualMemory to v8::internal::VirtualMemory.
> - Makes VirtualMemory platform-independent by moving internals to new
>   OS:: static methods, for each platform.
> 
> This will make it easier to delegate memory management in VirtualMemory
> to V8::Platform, so that embedders like Blink can override it. We can't
> depend on V8::Platform in base/platform.
> 
> Bug: chromium:756050
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: Iadfe230b6850bd917727a373f277afded9883adf
> Reviewed-on: https://chromium-review.googlesource.com/653214
> Commit-Queue: Bill Budge <bbudge@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48048}

TBR=bbudge@chromium.org,ulan@chromium.org,hpayer@chromium.org,mlippautz@chromium.org,scottmg@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: chromium:756050
Change-Id: Ice2618ef72950e1b64c31434a239c626aa5e5970
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/670843
Reviewed-by: Michael Hablich <hablich@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Hablich <hablich@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48062}
2017-09-18 10:13:26 +00:00
Ulan Degenbaev
75877ddb7b [heap] Do not unmap large pages before evacuation.
See https://bugs.chromium.org/p/chromium/issues/detail?id=762677#c12 for
the description of the bug.

Bug: chromium:762677
TBR: mlippautz@chromium.org
Change-Id: If5c4c2c15f2403d336edf34d10679521397db75c
Reviewed-on: https://chromium-review.googlesource.com/670823
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48061}
2017-09-18 09:39:16 +00:00
Juliana Franco
596d55adf6 Deoptimization and multithreading.
When using Lockers and Unlockers it is possible to create a
scenario where multiple threads point to the same optimized
code object. When that happens, if one of the threads triggers
deoptimization, then the stack replacement needs to happen in
the stacks of all threads.
With this CL, the deoptimizer visits all threads to do so.
The CL also adds three tests where V8 used to crash due to this
issue.

Bug: v8:6563
Change-Id: I74e9af472d4833aa8d13e579df45133791f6a503
Reviewed-on: https://chromium-review.googlesource.com/670783
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Juliana Patricia Vicente Franco <jupvfranco@google.com>
Cr-Commit-Position: refs/heads/master@{#48060}
2017-09-18 09:23:16 +00:00
Michael Hablich
8c89502008 Revert "fuchsia: Set up for 3-sided roll to convert Magenta->Zircon"
This reverts commit aabb893a32.

Reason for revert: blocks roll https://chromium-review.googlesource.com/c/chromium/src/+/669540; Fix has not landed yet: https://chromium-review.googlesource.com/c/v8/v8/+/670280

Original change's description:
> fuchsia: Set up for 3-sided roll to convert Magenta->Zircon
> 
> Fuchsia changed their kernel name from Magenta to Zircon and all the
> functions and defines along with it. In order to be able to roll the SDK
> in Chromium, we first need to land with this define added in v8, so that
> can roll in to Chromium, then roll the Fuchsia SDK with this magic
> define set (CHROMIUM_ROLLING_MAGENTA_TO_ZIRCON), then actually update v8
> to reference zx_ instead of mx_ and roll that again.
> 
> Chromium-side for reference: https://chromium-review.googlesource.com/c/chromium/src/+/669139
> 
> Bug: chromium:765754, chromium:707030
> Change-Id: I4ed5027f455d2346f431e7c700e87693348d5b79
> Reviewed-on: https://chromium-review.googlesource.com/668751
> Reviewed-by: Bill Budge <bbudge@chromium.org>
> Commit-Queue: Scott Graham <scottmg@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48047}

TBR=bbudge@chromium.org,scottmg@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: chromium:765754, chromium:707030
Change-Id: Ic1563b10a69372a0946ee9eacc8a2d21eb3ee302
Reviewed-on: https://chromium-review.googlesource.com/670619
Reviewed-by: Michael Hablich <hablich@chromium.org>
Commit-Queue: Michael Hablich <hablich@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48059}
2017-09-18 07:58:14 +00:00
Sathya Gunasekaran
9de3fe2ebf [ESnext] Ship Promise.prototype.finally
Bug: v8:5967
Change-Id: I7fe03ea6270434e2c798ee8faec8d7170607ceea
Reviewed-on: https://chromium-review.googlesource.com/670419
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48058}
2017-09-18 07:26:24 +00:00
Daniel Bevenius
70efab1b65 Make CurrentContext return Handle<Context>::null
I noticed that ScopeIterator::CurrentContext returns an empty Handle
whereas functions like ScopeIterator::CurrentScopeInfo call
Handle<Context>::null() instead. This commit suggests changing this for
consistency.

Bug: 
Change-Id: I8735d655a8c0affeb6a18e74efe0d33bf6d5e899
Reviewed-on: https://chromium-review.googlesource.com/668440
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48057}
2017-09-17 18:55:49 +00:00
peterwmwong
8dfdeae0f1 [builtins] Convert String HTML functions (ex. anchor, big, bold) to CSA
- Added TFJ builtins for S.p.{anchor, big, blink, bold, fontcolor,
      fontsize, fixed, italics, link, small, strike, sub, sup}
  - Removed functionality from string.js

Bug: v8:5049
Change-Id: I3a91b52eaceef5c47bb55ed62780d72ef1e802e9
Reviewed-on: https://chromium-review.googlesource.com/666487
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48056}
2017-09-16 07:18:32 +00:00
Mircea Trofin
3d046986f0 Revert "Revert "[wasm] A simple allocator datastructure for off-the heap""
This reverts commit ee5c31f335.

Reason for revert: Fixed compiler failure

Original change's description:
> Revert "[wasm] A simple allocator datastructure for off-the heap"
> 
> This reverts commit 110d9ab005.
> 
> Reason for revert: https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20-%20debug%20builder/builds/26607
> 
> Surprising we're seeing a failure on Linux 64 *after* CQ. Is the compiler there different?
> 
> Original change's description:
> > [wasm] A simple allocator datastructure for off-the heap
> > 
> > We'll use this allocator in a follow-up CL to:
> > - allocate speculative sizes of memory for a module that's being
> > compiled (e.g. 2*size of wasm code).
> > - each module will own such a sub-pool, and then use it to allocate
> > contiguous chunks of memory for code.
> > 
> > The underlying assumptions for the chosen allocation strategy is that:
> > - the allocation granularity for pools is 1 page, so that no one page
> > is owned by more than one wasm module
> > - typical pool sizes (given module sizes) are multiple pages.
> > - modules and module instances are typically few and long lived. Typically,
> > we expect one module and one instance. 
> > 
> > This means we shouldn't expect fragmentations that lead to code being
> > non-allocatable, or prohibitively many ranges.
> > 
> > The data structure just manages ranges of addresses. Virtual memory management
> > will be separate, as part of the responsibility of a "WasmHeap"
> > that will be introduced in the future. So will concurrency control.
> > 
> > Bug: 
> > Change-Id: Id99f46d10c25553b013054d994760f3c2a737c39
> > Reviewed-on: https://chromium-review.googlesource.com/669296
> > Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
> > Reviewed-by: Eric Holk <eholk@chromium.org>
> > Reviewed-by: Brad Nelson <bradnelson@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#48053}
> 
> TBR=bradnelson@chromium.org,mtrofin@chromium.org,eholk@chromium.org
> 
> Change-Id: Id82fa341b77624e4971f24c4757a9a666a65930c
> No-Presubmit: true
> No-Tree-Checks: true
> No-Try: true
> Reviewed-on: https://chromium-review.googlesource.com/670141
> Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
> Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48054}

TBR=bradnelson@chromium.org,mtrofin@chromium.org,eholk@chromium.org

Change-Id: Ib6a7a3e6098d2689e60cdca85ec77e57e5295e48
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/670142
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48055}
2017-09-16 05:23:35 +00:00
Mircea Trofin
ee5c31f335 Revert "[wasm] A simple allocator datastructure for off-the heap"
This reverts commit 110d9ab005.

Reason for revert: https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20-%20debug%20builder/builds/26607

Surprising we're seeing a failure on Linux 64 *after* CQ. Is the compiler there different?

Original change's description:
> [wasm] A simple allocator datastructure for off-the heap
> 
> We'll use this allocator in a follow-up CL to:
> - allocate speculative sizes of memory for a module that's being
> compiled (e.g. 2*size of wasm code).
> - each module will own such a sub-pool, and then use it to allocate
> contiguous chunks of memory for code.
> 
> The underlying assumptions for the chosen allocation strategy is that:
> - the allocation granularity for pools is 1 page, so that no one page
> is owned by more than one wasm module
> - typical pool sizes (given module sizes) are multiple pages.
> - modules and module instances are typically few and long lived. Typically,
> we expect one module and one instance. 
> 
> This means we shouldn't expect fragmentations that lead to code being
> non-allocatable, or prohibitively many ranges.
> 
> The data structure just manages ranges of addresses. Virtual memory management
> will be separate, as part of the responsibility of a "WasmHeap"
> that will be introduced in the future. So will concurrency control.
> 
> Bug: 
> Change-Id: Id99f46d10c25553b013054d994760f3c2a737c39
> Reviewed-on: https://chromium-review.googlesource.com/669296
> Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
> Reviewed-by: Eric Holk <eholk@chromium.org>
> Reviewed-by: Brad Nelson <bradnelson@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48053}

TBR=bradnelson@chromium.org,mtrofin@chromium.org,eholk@chromium.org

Change-Id: Id82fa341b77624e4971f24c4757a9a666a65930c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/670141
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48054}
2017-09-16 05:11:24 +00:00
Mircea Trofin
110d9ab005 [wasm] A simple allocator datastructure for off-the heap
We'll use this allocator in a follow-up CL to:
- allocate speculative sizes of memory for a module that's being
compiled (e.g. 2*size of wasm code).
- each module will own such a sub-pool, and then use it to allocate
contiguous chunks of memory for code.

The underlying assumptions for the chosen allocation strategy is that:
- the allocation granularity for pools is 1 page, so that no one page
is owned by more than one wasm module
- typical pool sizes (given module sizes) are multiple pages.
- modules and module instances are typically few and long lived. Typically,
we expect one module and one instance. 

This means we shouldn't expect fragmentations that lead to code being
non-allocatable, or prohibitively many ranges.

The data structure just manages ranges of addresses. Virtual memory management
will be separate, as part of the responsibility of a "WasmHeap"
that will be introduced in the future. So will concurrency control.

Bug: 
Change-Id: Id99f46d10c25553b013054d994760f3c2a737c39
Reviewed-on: https://chromium-review.googlesource.com/669296
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Reviewed-by: Eric Holk <eholk@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48053}
2017-09-16 04:53:11 +00:00
Ali Ijaz Sheikh
258f270f15 Revert "[profiler] proper observation of old space inline allocations"
This reverts commit 672a41c3ca.

Reason for revert: Linux64 TSAN bot failures

Original change's description:
> [profiler] proper observation of old space inline allocations
> 
> Bug: chromium:633920
> Change-Id: I9a2f4a89f6b9c0f63cb3b166b06a88a12f0a203c
> Reviewed-on: https://chromium-review.googlesource.com/631696
> Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48043}

TBR=ulan@chromium.org,mlippautz@chromium.org,ofrobots@google.com

Change-Id: Ib71baf69b29b067fa0ba76027170054b8faa78d3
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:633920
Reviewed-on: https://chromium-review.googlesource.com/669559
Reviewed-by: Ali Ijaz Sheikh <ofrobots@google.com>
Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
Cr-Commit-Position: refs/heads/master@{#48052}
2017-09-15 20:38:18 +00:00
Ali Ijaz Sheikh
2b25227506 Revert "[heap] minor cleanup in allocation observer code"
This reverts commit 86da38fd58.

Reason for revert: Linux64 TSAN bot failures

Original change's description:
> [heap] minor cleanup in allocation observer code
> 
> Change-Id: If0bec38d41a415e9fbfff57ac891de0461bac13b
> Reviewed-on: https://chromium-review.googlesource.com/668836
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
> Cr-Commit-Position: refs/heads/master@{#48046}

TBR=ulan@chromium.org,ofrobots@google.com

Change-Id: Idf03622c4e0f785c8a0d8e4015765a0849a99c47
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/668917
Reviewed-by: Ali Ijaz Sheikh <ofrobots@google.com>
Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
Cr-Commit-Position: refs/heads/master@{#48051}
2017-09-15 20:37:11 +00:00
Camillo Bruni
28620d1929 Revert "Add capability of throwing values in WASM"
This reverts commit 7b5a40222e.

Reason for revert: GC stress-test failures exposed by 7742e534a8
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/15110/steps/Mjsunit/logs/exceptions


Original change's description:
> Add capability of throwing values in WASM
> 
> Extends the current implementation of WASM exceptions to be able to
> throw exceptions with values (not just tags).
> 
> An JS typed array (uint_16) is used to hold thrown values, so that the
> thrown values can be inspected in JS.
> 
> Bug: v8:6577
> Change-Id: I1007e79ceaffd64386b62562919cfbb920fc10c5
> Reviewed-on: https://chromium-review.googlesource.com/633866
> Commit-Queue: Karl Schimpf <kschimpf@chromium.org>
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Eric Holk <eholk@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48001}

TBR=bbudge@chromium.org,mtrofin@chromium.org,eholk@chromium.org,clemensh@chromium.org,kschimpf@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:6577
Change-Id: I8f545183c2d2abb1bf4a0b3ee23379f3754ffd55
Reviewed-on: https://chromium-review.googlesource.com/667019
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48050}
2017-09-15 20:27:39 +00:00
Bill Budge
483e353d6b Revert "Deoptimization and multithreading. "
This reverts commit c87f8954cc.

Reason for revert: LazyDeoptimizationMultithread failing.

https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20TSAN%20-%20concurrent%20marking/builds/1876/steps/Bisect%20c87f8954.Retry/logs/LazyDeoptimizationMul..

Original change's description:
> Deoptimization and multithreading. 
> 
> When using Lockers and Unlockers it is possible to create a 
> scenario where multiple threads point to the same optimized 
> code object. When that happens, if one of the threads triggers
> deoptimization, then the stack replacement needs to happen in 
> the stacks of all threads.
> With this CL, the deoptimizer visits all threads to do so.
> The CL also adds three tests where V8 used to crash.
> 
> Bug: v8:6563
> Change-Id: Iea88f47af2f31181c0ef06d898faccde9ad14432
> Reviewed-on: https://chromium-review.googlesource.com/657423
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Juliana Patricia Vicente Franco <jupvfranco@google.com>
> Cr-Commit-Position: refs/heads/master@{#48033}

TBR=mstarzinger@chromium.org,jarin@chromium.org,bmeurer@chromium.org,jupvfranco@google.com

Change-Id: I290c9e339c367f68c0d1b6f7c0780cdbbbdf3f8a
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6563
Reviewed-on: https://chromium-review.googlesource.com/669399
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48049}
2017-09-15 20:04:00 +00:00
Bill Budge
4dd293d922 [Memory] Move VirtualMemory out of base:: platform.
- Moves base::VirtualMemory to v8::internal::VirtualMemory.
- Makes VirtualMemory platform-independent by moving internals to new
  OS:: static methods, for each platform.

This will make it easier to delegate memory management in VirtualMemory
to V8::Platform, so that embedders like Blink can override it. We can't
depend on V8::Platform in base/platform.

Bug: chromium:756050
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Iadfe230b6850bd917727a373f277afded9883adf
Reviewed-on: https://chromium-review.googlesource.com/653214
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48048}
2017-09-15 19:48:28 +00:00
Scott Graham
aabb893a32 fuchsia: Set up for 3-sided roll to convert Magenta->Zircon
Fuchsia changed their kernel name from Magenta to Zircon and all the
functions and defines along with it. In order to be able to roll the SDK
in Chromium, we first need to land with this define added in v8, so that
can roll in to Chromium, then roll the Fuchsia SDK with this magic
define set (CHROMIUM_ROLLING_MAGENTA_TO_ZIRCON), then actually update v8
to reference zx_ instead of mx_ and roll that again.

Chromium-side for reference: https://chromium-review.googlesource.com/c/chromium/src/+/669139

Bug: chromium:765754, chromium:707030
Change-Id: I4ed5027f455d2346f431e7c700e87693348d5b79
Reviewed-on: https://chromium-review.googlesource.com/668751
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Scott Graham <scottmg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48047}
2017-09-15 19:23:39 +00:00
Ali Ijaz Sheikh
86da38fd58 [heap] minor cleanup in allocation observer code
Change-Id: If0bec38d41a415e9fbfff57ac891de0461bac13b
Reviewed-on: https://chromium-review.googlesource.com/668836
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
Cr-Commit-Position: refs/heads/master@{#48046}
2017-09-15 17:37:08 +00:00
Albert Mingkun Yang
91034f42f6 Reland "[heap] Turn on v8_enable_csa_write_barrier"
This is a reland of dbfdd4f9e9
Original change's description:
> [heap] Turn on v8_enable_csa_write_barrier
> 
> With this commit, write barrier is switched to use CodeStubAssembler.
> 
> Bug: chromium:749486
> Change-Id: I7e0914bee971e4f3a3257740ae7c83b31f791bd9
> Reviewed-on: https://chromium-review.googlesource.com/598088
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Albert Mingkun Yang <albertnetymk@google.com>
> Cr-Commit-Position: refs/heads/master@{#48006}

Bug: chromium:749486
Change-Id: I00933d989568c82b5fbaf6203bb146c65f8e4282
Reviewed-on: https://chromium-review.googlesource.com/668636
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Albert Mingkun Yang <albertnetymk@google.com>
Cr-Commit-Position: refs/heads/master@{#48045}
2017-09-15 17:07:58 +00:00
Albert Mingkun Yang
8557eb03f9 Deserialize RecordWrite stub eagerly
Since DeserializeLazy uses write barrier, deserializing write barrier
lazily would cause cyclic dependency. This commit changes RecordWrite to
be deserializd eagerly.

Bug: chromium:765301 chromium:749486
Change-Id: I363692baf9b742289c0443afac634662f0026922
Reviewed-on: https://chromium-review.googlesource.com/668454
Commit-Queue: Albert Mingkun Yang <albertnetymk@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48044}
2017-09-15 15:01:56 +00:00
Ali Ijaz Sheikh
672a41c3ca [profiler] proper observation of old space inline allocations
Bug: chromium:633920
Change-Id: I9a2f4a89f6b9c0f63cb3b166b06a88a12f0a203c
Reviewed-on: https://chromium-review.googlesource.com/631696
Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48043}
2017-09-15 14:11:46 +00:00
Anna Henningsen
5719ca6eea [wasm] avoid handle leak in AsyncCompileJob::CompileTask
The `SaveContext` operation in `AsyncCompileJob::CompileTask` allocates
a handle. However, the platform implementation may not be able
to provide a `HandleScope`, since it cannot tell whether the isolate
is disposed (and the task canceled) at the time it runs the task;
so it is an API requirement of `CancelableTask` is that `RunInternal()`
does not leak any handles into outside scopes.

Change-Id: I86db36ddc71f774a31d5bc13b7399ef961374d6f
Reviewed-on: https://chromium-review.googlesource.com/668397
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48042}
2017-09-15 14:08:46 +00:00
Ulan Degenbaev
163d3604a6 [heap] Fix memory leak in the remembered set.
Empty slot set buckets can leak in the following scenarios.

Scenario 1 (large object space):
1) A large array is allocated in the large object space.
2) The array is filled with old->new references, which allocates new
   slot set buckets.
3) The references are overwritten with smis or old space pointers, which
   make the slots set buckets empty.
4) Garbage collection (scavenge or mark-compact) iterates the slots set
   of the array and pre-frees the empty buckets.
5) Steps 2-4 repeated many times and leak arbitary many empty buckets.
The fix to free empty buckets for large object space in mark-compact. 

Scenario 2 (no mark-compact):
1) A small array is allocated in the old space.
2) The array is filled with old->new references, which allocates new
   slot set buckets.
3) The references are overwritten with smis or old space pointers, which
   make the slots set buckets empty.
4) Scavenge iterates the slots set of the array and pre-frees the empty
   buckets.
5) Steps 2-4 repeated many times and leak arbitary many empty buckets.
The fix to free empty buckets for swept pages in scavenger.

Bug: v8:6800
TBR: mlippautz@chromium.org
Change-Id: I48d94870f5acf4f6208858271886911c895a9126
Reviewed-on: https://chromium-review.googlesource.com/668442
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48041}
2017-09-15 13:24:16 +00:00
Mike Stanton
37aa13fe3b [Turbofan] Array.prototype.filter inlining.
Support inlining of Array.prototype.filter in TurboFan.

Bug: v8:1956
Change-Id: Iba4d683aaa86c6104e8a1cf4d0f549a0c516576a
Reviewed-on: https://chromium-review.googlesource.com/657021
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48040}
2017-09-15 13:22:46 +00:00
Camillo Bruni
7742e534a8 [runtime] Remove unecessary ToString conversion for Array.prototype.forEach
Given that the index we use is checked to be in array index range there is no
need for a costly ToString conversion. All involved helpers for lookup up
properties directly support Smi/HeapNumber indices directly.

Cleanup: Rename GotoUnlessNumberLessThan => GotoIfNumberGreaterThanOrEqual

Change-Id: Iaddc4940f5d984572aa218d568ca71bf694cee74
Reviewed-on: https://chromium-review.googlesource.com/640388
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48039}
2017-09-15 12:39:56 +00:00
Sigurdur Asgeirsson
a787c3f9e1 Allow overriding DCHECK handling and make it non-fatal.
Bug: chromium:763010
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I7d479f8abb16ffd7ffc19d3a6b58da01f5feddd0
Reviewed-on: https://chromium-review.googlesource.com/661054
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Sigurður Ásgeirsson <siggi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48038}
2017-09-15 11:48:16 +00:00
Mike Stanton
c5295b0d71 Make JavaScriptFrame pure virtual.
Bug: v8:6409
Change-Id: I23b5c20022dcda5f46489596b3de4fb69be7e568
Reviewed-on: https://chromium-review.googlesource.com/660539
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48037}
2017-09-15 11:40:06 +00:00
Albert Mingkun Yang
eeebbbcf7f Revert "[heap] Turn on v8_enable_csa_write_barrier"
This reverts commit dbfdd4f9e9.

Reason for revert: https://clusterfuzz.com/v2/testcase-detail/5493096547876864?noredirect=1

Original change's description:
> [heap] Turn on v8_enable_csa_write_barrier
> 
> With this commit, write barrier is switched to use CodeStubAssembler.
> 
> Bug: chromium:749486
> Change-Id: I7e0914bee971e4f3a3257740ae7c83b31f791bd9
> Reviewed-on: https://chromium-review.googlesource.com/598088
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Albert Mingkun Yang <albertnetymk@google.com>
> Cr-Commit-Position: refs/heads/master@{#48006}

TBR=ulan@chromium.org,albertnetymk@google.com

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: chromium:749486
Change-Id: I8cf6a3f1d2ea607a0160b37b797d743b88b004b5
Reviewed-on: https://chromium-review.googlesource.com/667018
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Albert Mingkun Yang <albertnetymk@google.com>
Cr-Commit-Position: refs/heads/master@{#48036}
2017-09-15 11:25:36 +00:00
Toon Verwaest
dbd3d58ffc [ic] Move tuple3 elements transition handler creation to ic-configuration
Bug: 
Change-Id: I7ac2f30c70c76ea7c3156750b53ad34baeb046cb
Reviewed-on: https://chromium-review.googlesource.com/667113
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48035}
2017-09-15 11:14:36 +00:00
Ulan Degenbaev
8d1ad4b8aa [heap] Remove adhoc weakness in TransitionArray.
Currently transition array targets have conditional weakness depending
on the type of the target. Map targets are weak and all other targets
are strong. This patch wraps maps in transitions arrays in weak cells,
which allows us to treat all elements of transition arrays strongly.

Conditional weakness is unsafe for concurrent marking because the
condition can change during marking.

Bug: chromium:694255
Change-Id: I64e5d0699698fc7c1758f3fbc52da43014c247af
Reviewed-on: https://chromium-review.googlesource.com/641271
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48034}
2017-09-15 11:08:16 +00:00
Juliana Franco
c87f8954cc Deoptimization and multithreading.
When using Lockers and Unlockers it is possible to create a 
scenario where multiple threads point to the same optimized 
code object. When that happens, if one of the threads triggers
deoptimization, then the stack replacement needs to happen in 
the stacks of all threads.
With this CL, the deoptimizer visits all threads to do so.
The CL also adds three tests where V8 used to crash.

Bug: v8:6563
Change-Id: Iea88f47af2f31181c0ef06d898faccde9ad14432
Reviewed-on: https://chromium-review.googlesource.com/657423
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Juliana Patricia Vicente Franco <jupvfranco@google.com>
Cr-Commit-Position: refs/heads/master@{#48033}
2017-09-15 11:01:46 +00:00
Jaroslav Sevcik
2b15425b0c [turbofan] Temporarily turn off escape analysis.
Bug: chromium:765433
Change-Id: Iecc9540f6305bc24a0a5210c149b55403b9ce09d
Reviewed-on: https://chromium-review.googlesource.com/667106
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48032}
2017-09-15 10:59:26 +00:00
Jaideep Bajwa
34bc3cb4af [cctest] fix CustomSnapshotDataBlobSharedArrayBuffer on Big Endian
When accessing the buffer in 1 byte increments, the order should
be reversed for BE.

R=petermarshall@chromium.org, yangguo@chromium.org
BUG=
LOG=N

Change-Id: I27a57e12479d1c00488546a92428b9183d87f8bf
Reviewed-on: https://chromium-review.googlesource.com/667902
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jaideep Bajwa <bjaideep@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#48031}
2017-09-15 10:56:12 +00:00
sreten.kovacevic
aada6a3a29 MIPS[64]: Fixed issue with atomics test
Fixed issue with UseScratchRegisterScope that made test fail on r1
and wrong register usage on all arch variants.

Bug: 
Change-Id: Id89ff84046d012dd0767b9031b2719f9a95a08b8
Reviewed-on: https://chromium-review.googlesource.com/667139
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@imgtec.com>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@imgtec.com>
Cr-Commit-Position: refs/heads/master@{#48030}
2017-09-15 10:54:56 +00:00
Michael Starzinger
c886dfd311 [wasm] Fix build failure in tracing code.
R=ahaas@chromium.org

Change-Id: Ifadde080f27e6cf37e1b72d656e3ff91d5f2ba15
Reviewed-on: https://chromium-review.googlesource.com/668359
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48029}
2017-09-15 10:24:06 +00:00
Mathias Bynens
a10e4a179e [js] Check comparefn in (Typed)Array#sort
This patch ensures a `TypeError` is thrown when the argument passed to
`Array.prototype.sort` or `%TypedArray%.prototype.sort` is neither a
function nor `undefined`.

Every other major JavaScript engine already threw in this case. Making
V8’s behavior match increases interoperability.

https://github.com/tc39/ecma262/pull/785

BUG=v8:6542

Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I412a59810abdd118217c8d8361389ec6c2f640bd
Reviewed-on: https://chromium-review.googlesource.com/668356
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48028}
2017-09-15 10:08:06 +00:00
Jakob Gruber
01dcb1ef26 [bootstrapper] Mark helper functions V8_NOINLINE
Don't inline these functions to avoid regressions in APK size.

Bug: chromium:763185
Change-Id: I0a1ca16661a460728e56b67a7109be943397cbf5
Reviewed-on: https://chromium-review.googlesource.com/667109
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48027}
2017-09-15 09:43:16 +00:00
Peter Marshall
3a4f9b10f1 [build] Change Typed Array threshold to an actual build time flag.
This was supposedly a runtime flag, but we baked it into the snapshot
anyway.

Change-Id: I09d43183c4c2d59336c1077089119d6cb65dfd87
Reviewed-on: https://chromium-review.googlesource.com/664721
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48026}
2017-09-15 08:55:06 +00:00
Michael Starzinger
79a35ebca0 [parser] Remove obsolete "asm_function_scope".
R=marja@chromium.org

Change-Id: I91da3f653cda2ca428be578b4cf9a37e784c70d8
Reviewed-on: https://chromium-review.googlesource.com/667108
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48025}
2017-09-15 08:46:36 +00:00
Jakob Gruber
1420e44db0 [coverage] Correctly free DebugInfo in the absence of breakpoints
It's quite possible for DebugInfos to exist without the presence of a
bytecode array, since DebugInfos are created for all functions for which
we have a CoverageInfo. Free such objects properly.

Also move the corresponding deletion of CoverageInfos on unload up
before the early exit.

Bug: v8:6000
Change-Id: Idde45b222290aa8b6828b61ff2251918b8ed2aed
Reviewed-on: https://chromium-review.googlesource.com/664811
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48024}
2017-09-15 07:29:26 +00:00
peterwmwong
78446a8afd [builtins] Port String.prototype.repeat to CSA
- Removes S.p.repeat from string.js
  - Adds StringPrototypeRepeat TFJ

Bug: v8:5049
Change-Id: I0b2d512bffd97dfc2c3ba6783e2e41c4db6c8faa
Reviewed-on: https://chromium-review.googlesource.com/659097
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48023}
2017-09-15 06:51:56 +00:00
Andreas Haas
549692cbc0 [wasm] Streaming compilation for WebAssembly.
In this CL I implement streaming compilation for WebAssembly,
as described in the design doc I have sent out already.

In this implementation the decoding of sections other than the
code section is done immediately on the foreground thread.
Eventually all decoding should happen in the background. I
think it is acceptable to do the decoding on the foreground
thread for now because I have finished it already, and
decoding in the background would add even more complexity to
this CL.

Bug:v8:6785

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I285e1e5e1a5a243113c92571b25ee9bae551d0ed
Reviewed-on: https://chromium-review.googlesource.com/631721
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48022}
2017-09-15 06:36:25 +00:00
cjihrig
2c6641edf8 Add postmortem metadata for Node.js on TurboFan.
See: https://github.com/nodejs/llnode/pull/130
Change-Id: Ibce294f7620cd6ab0db4408a8c2b457c3a5aebcd
Reviewed-on: https://chromium-review.googlesource.com/650746
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48021}
2017-09-15 05:05:10 +00:00
Jakob Kummerow
a12f05e8fc [bigint] Implement .toString for power-of-2 radixes
Other radixes require Divide/Remainder to be implemented first.

Bug: v8:6791
Change-Id: I95f1fad39a0a4df556a194094805ed93bd46d0db
Reviewed-on: https://chromium-review.googlesource.com/664037
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48020}
2017-09-14 21:25:41 +00:00
Deepti Gandluri
0202a040c9 [wasm] Module bytes can set shared attribute on memory
- Validate that atomic ops can only be called when shared memory is declared
- Throw Compile/Link erros on mismatch between declared, imported memory
- Test harness helpers for setting shared memory, tests

BUG=v8:6532

R=binji@chromium.org, bradnelson@chromium.org

Change-Id: I43fe3d04bb7e3e0a2cecca0528578f98844d2608
Reviewed-on: https://chromium-review.googlesource.com/665379
Commit-Queue: Brad Nelson <bradnelson@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48019}
2017-09-14 18:16:31 +00:00