Commit Graph

56983 Commits

Author SHA1 Message Date
Maya Lekova
36eedb6315 [turbofan] Serialize API calls for property access
Bug: v8:7790
Change-Id: I5c98af1745ed765ec060b2fd70006a3bd57d523a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1645317
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62341}
2019-06-24 16:07:51 +00:00
Peter Marshall
8daf1e6df6 [tracing] Fix perfetto build caused by invalid sources
There is a generated file config.descriptor which is an output file
for a particular target. When we try to add this to sources, it breaks
as GN no longer silently accepts files with invalid types as sources.

This breakage was due to recently-rolled changes to fix crbug.com/gn/77

Similar fixes have been used here: crbug.com/964411

Change-Id: Ica9272647c6d1ed31780a6319cf098a083a3cc57
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1674032
Auto-Submit: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62340}
2019-06-24 15:03:31 +00:00
Mathias Bynens
8bd292132b Remove always-true --harmony-object-from-entries runtime flag
It shipped in Chrome 73.

Bug: v8:8021
Change-Id: I72a4e7fd3cd9ae8f960471a97100054d761d926b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593461
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Auto-Submit: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62339}
2019-06-24 15:01:01 +00:00
Jaroslav Sevcik
191f7ed9d1 [turbofan,x64] Replace Int32Sub(x,0) with EmitIdentity
Address a TODO: Use EmitIdentity instead of kArchNop.

Bug: v8:7947
Change-Id: Idd7de1bcffaf56f7eaf5d65be4dae3257d085ea8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1674031
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62338}
2019-06-24 13:58:22 +00:00
Mathias Bynens
e428dfd773 [objects] Rename JSValue to JSPrimitiveWrapper
We currently use the class name “JSValue” for JSObjects that wrap
primitive values. This name is a common source of confusion. This patch
switches to a name that’s more clear.

In addition to manual tweaks, the patch applies the following mechanical
global replacements:

before                          | after
--------------------------------|--------------------------------------
if_valueisnotvalue              | if_valueisnotwrapper
if_valueisvalue                 | if_valueiswrapper
js_value                        | js_primitive_wrapper
JS_VALUE_TYPE                   | JS_PRIMITIVE_WRAPPER_TYPE
JSPrimitiveWrapperType          | JSPrimitiveWrapper type
jsvalue                         | js_primitive_wrapper
JSValue                         | JSPrimitiveWrapper
_GENERATED_JSVALUE_FIELDS       | _GENERATED_JSPRIMITIVE_WRAPPER_FIELDS

Change-Id: I9d9edea784eab6067b013e1f781e4db2070f807c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1672942
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62337}
2019-06-24 13:54:38 +00:00
Clemens Hammacher
cc21e58d30 [owners] Remove redundant OWNERS files in test/
We have a global test/OWNERS that has "file://COMMON_OWNERS".
This CL removes redundant OWNERS files in test/ subdirectories and
removes redundant entries from OWNERS files we need to keep for
special per-file entries.

R=yangguo@chromium.org, machenbach@chromium.org
CC=​​jkummerow@chromium.org

Bug: v8:9247
Change-Id: Ic2e8cbe8e379d7d23c86c6164305e65807f28ed3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1674024
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62336}
2019-06-24 12:44:32 +00:00
Igor Sheludko
719fdae25f [ptr-compr] Adding [Heap]Object::IsXXX(Isolate* isolate) predicates
... in addition to existing [Heap]Object::IsXXX().

The idea is to use these getters in hot C++ code since passing isolate
explicitly makes it trivial to compute isolate root value and reduces
the C++ code size.

For full-pointer mode the unused isolate argument will be optimized
away by the compiler, so full-pointer mode should not be affected
in any sense.

Bug: v8:9353
Change-Id: I405cd54e8895b58f60f797fdb1c1b5654acb56f3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664337
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62335}
2019-06-24 11:34:33 +00:00
Igor Sheludko
6d5731d596 [cleanup] Remove NeverReadOnlySpaceObject class
... as its existence gives us nothing.

Bug: v8:9183
Change-Id: I80234e4ca8b0c9f596a7a3ff79a926d0dda98db8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1672937
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62334}
2019-06-24 11:28:03 +00:00
Georg Neis
f21537a2e8 [turbofan] Fix call of ReduceElementAccessOnString
We tried to pass the load mode even for stores.

Bug: chromium:977670
Change-Id: I2527a5ca755dba343b75f54383d17e22be0a20a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1672940
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62333}
2019-06-24 11:17:33 +00:00
Dan Elphick
1a6123bc90 Fix BytecodeArray printing constant pool twice
Pass correct stream to the print for the constant_pool so the debug
print doesn't go the stdout.

Change-Id: I12952e5fa52e4890beaa490601f053128fd2b89a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1672938
Auto-Submit: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62332}
2019-06-24 11:05:03 +00:00
Igor Sheludko
0f0b31744f [cleanup] Move GetIsolateFromHeapObject() and friends to src/execution
Bug: v8:9183
Change-Id: Ib17445fe22da683c5be4c3f0249a31502040c2dd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1672935
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62331}
2019-06-24 10:53:42 +00:00
Michael Lippautz
518ae54d17 [heap] Enable global memory scheduling flag
The default values ensure that the controller doesn't change scheduling if no
values are reported from the embedder.

This allows for switching the flag on the embedder side.

Bug: chromium:948807
Change-Id: Ib478adc1185ed5e56d06ba4404d6cafb196cff78
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1672930
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62330}
2019-06-24 10:52:11 +00:00
Leszek Swirski
88d2349620 [map] Ignore migration target bit when normalizing
Bug: chromium:976939
Bug: chromium:977089
Change-Id: I93153dcf8c38e8b0b202597f5b27ce736c0552ec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1672936
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62329}
2019-06-24 10:44:11 +00:00
Sigurd Schneider
b6607eecb0 [arm] Share embedded object constant pool entries
This change reduces accumulated constant pool size on
Octane2.1 from 296kb (74170 32bit words) to 125 kb (31311
32bit words), a 57.7% reduction.

Bug: v8:8054

Change-Id: I7d6f24dadf9e11b49d028df10970fd0bc6229ad6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1672932
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62328}
2019-06-24 10:33:21 +00:00
Stephen Kyle
6ddbb54fc2 compiler/arm64: change nops to use EmitIdentity
This affects VisitChangeUint32ToUint64 and VisitTruncateInt64ToInt32.

The geometric mean of changes across octane, ares6-1.0.1, jetstream2,
and web-tooling-0.5.3, was an improvement of 1.2% when running on a
Cortex-A53.

Change-Id: Ib551641fb78ce4060100129e12f23cd02b0b3b27
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1669690
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62327}
2019-06-24 10:26:51 +00:00
v8-ci-autoroll-builder
7e5d6304cd Update V8 DEPS.
Rolling v8/build: 538dcba..074e5c6

TBR=machenbach@chromium.org,sergiyb@chromium.org,tmrts@chromium.org

Change-Id: Ide7d847764834995c17483b79b9ac0d180435321
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1673668
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#62326}
2019-06-24 08:53:06 +00:00
v8-ci-autoroll-builder
489d0df7b2 Update V8 DEPS.
Rolling v8/build: baf52dc..538dcba

TBR=machenbach@chromium.org,sergiyb@chromium.org,tmrts@chromium.org

Change-Id: I7bed7749675df466b9a229be43d91339a9a32695
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1673601
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#62325}
2019-06-24 03:31:33 +00:00
Sigurd Schneider
24886f2d1c [arm64,x64] Deduplicate entries in constant pools on arm64 and x64
This CL deduplicates entries in constant pools based on handle
location. This works well because we already use CanonicalHandleScope
in the right places.

The CL gives a ~2% speed-up on octane for arm64. The code size is
reduced significantly as well: Before the change all generated code
spend on constant pools during an Octane run on arm64 was 723kb
(90398 64bit words) before this change, and after this change only
spend 189kb (23615 64bit words) were spend on constant pools. This
is a 73.8% reduction.


Change-Id: If0bb83453a45c0df0d1b0fee591c04c621341af1
Bug: v8:8054, v8:8977, v8:7703
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1672924
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62324}
2019-06-23 08:47:09 +00:00
v8-ci-autoroll-builder
b1638b08f3 Update V8 DEPS.
Rolling v8/build: 6ccf6a3..baf52dc

Rolling v8/buildtools: 6f3775a..8c2657f

Rolling v8/buildtools/linux64: git_revision:81ee1967d3fcbc829bac1c005c3da59739c88df9..git_revision:8c7f49102234f4f4b9349dcb258554675475e596

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/94c77e7..566ad95

Rolling v8/third_party/depot_tools: 125f7cc..dd2737e

Rolling v8/tools/clang: a8fe285..fb60bb4

TBR=machenbach@chromium.org,sergiyb@chromium.org,tmrts@chromium.org

Change-Id: I1e73c86275dcc3c5fda64fd932edccc52d367dd9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1673186
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#62323}
2019-06-23 03:39:29 +00:00
Frank Tang
942f3e1130 Better GetAvilableLocales check resources
1. Check resources and not solely depend on res_index.res file
2. Performance is +2-3% for Collator, DateTimeFormat, Locale,
   -2-3% for PluralRules, RelativeTimeFormat, ListFormat, NumberFormat
   Consider we improve the performance x3 not long ago, these perf
   regression could be ignored.

Bug: v8:9340
Change-Id: Iab7cd64a77a55a03aae40f4d477523c37b3bcd3d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1655978
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jungshik Shin <jshin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62322}
2019-06-21 23:04:09 +00:00
Ross McIlroy
15396549e3 [SFI] Fix initialization of SFI::function_literal_id.
BUG=chromium:965833
TBR=leszeks@chromium.org

Change-Id: I7997841e7af59f7d36854a71cb9f967b91b123d5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662573
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62321}
2019-06-21 21:20:49 +00:00
Irina Yatsenko
5ad5f0ac38 Reland "Add Crash Keys support"
This is a reland of 02103b276b

Fix for the original build break: build android with noop crashkeys for now

Original change's description:
> Add Crash Keys support
>
> This adds crash keys containing the isolate address and addresses of
> the read_only, map, and code spaces to crash report minidumps.
> When not compiling V8 with Chrome, a noop implementation is used.
>
> Bug: v8:9323
> Change-Id: I8523630e7a4ff792855163c06bf76dab35b1b9e5
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1641326
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Irina Yatsenko <irinayat@microsoft.com>
> Cr-Commit-Position: refs/heads/master@{#62059}

Bug: v8:9323
Change-Id: I6bb115ad14b2ce5865f4d8fb255245c38fb0cd14
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1658505
Commit-Queue: Irina Yatsenko <irinayat@microsoft.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62320}
2019-06-21 17:19:08 +00:00
Ross McIlroy
f92d7196b9 [SFI] Always store function_literal_id in SFI.
Calling FindIndexInScript performs a linear search on the script functions and can
take considerable time. With Bytecode flushing we will lose the function_literal_id
and have to call FindIndexInScript if we ever recompile the flushed function. This
can take a significant proportion of the recompilation time and has caused regressions
in rendering times for some web applications (e.g, 395ms in FindIndexInScript for 132ms
spent lazily re-compiling code).

To avoid this, add function_literal_id back into the SFI and remove it from
UnoptimizedCompileInfo. This will slightly regress memory usage (particularly
in cases where many of the SFIs are compiled), however it means we can remove
the FindIndexInScript function and avoid these long-tail regressions when
bytecode is flushed.

BUG=chromium:965833

Change-Id: Ia31e82eb6c871a6d698a518326a8555822a7a1d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1669700
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62319}
2019-06-21 16:23:27 +00:00
Daniel Clark
3f2df833bb Torquify SourceTextModuleRecord
Convert the new class SourceTextModuleRecord to use Torque
to define its fields.

Bug: v8:9292
Change-Id: Iddad3b266dd0dc122aee510cc41c69be27988c4a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1668011
Commit-Queue: Dan Clark <daniec@microsoft.com>
Reviewed-by: Georg Neis <neis@chromium.org>
Auto-Submit: Dan Clark <daniec@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#62318}
2019-06-21 16:12:58 +00:00
Sigurd Schneider
76c1e829e3 [torque] Support 'real' internal classes
Rework the implementation of non-external Torque classes to use
Struct machinery rather than FixedArray machinery. This allows
Torque-only defined 'internal' classes to the automatically generate
class verifiers and printers.

As part of this change, generate C++ boilerplate accessors for
internal Torque classes, since this is a pre-requisite for the
verifiers, printers and other Struct-based functionality.

Moreover, augment the header-generating functionality in Torque
to create separate header files for field offset definitions,
internal class C++ definitions and instance types.

Bug: v8:7793
Change-Id: I47d5f1570040c2b44d378f23b6cf95d3d132dacc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1607645
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62317}
2019-06-21 16:09:28 +00:00
Irina Yatsenko
4965a34e0f Added !mem and !where extensions to windbg.js
The extensions require isolate address to be set but don't rely on calling
any runtime functions, which makes them viable for post-mortem debugging,
if the corresponding memory is included into the dump

!set_iso(isolate_address)
    call this function before using !mem or other heap routines

!mem or !mem(\"space1[ space2 ...]\")
    prints memory chunks from the 'space' owned by the heap in the
    isolate set by !set_iso; valid values for 'space' are:
    new, old, map, code, lo [large], nlo [newlarge], ro [readonly]
    if no 'space' specified prints memory chunks for all spaces,
    e.g. !mem(\"code\"), !mem(\"ro new old\")

!where(address)
    prints name of the space and address of the MemoryChunk the
    'address' is from, e.g. !where(0x235cb869f9)


Output from !mem would look something like this:

0:000> !mem("old")
Heap at 0x210652b8838
Im   address:	 object area start - end (size)
OldSpace (allocating at: 0x1703dae7a20):
*    0x33d9a8c0000:	 0x33d9a8c0138 - 0x33d9a8f1000 (0x31000)
     0x1703dac0000:	 0x1703dac0138 - 0x1703db00000 (0x40000)

Change-Id: Iae1a217bbc5c5a88e2cf742db88ead9bb6fc904c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1669744
Commit-Queue: Irina Yatsenko <irinayat@microsoft.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Sergiy Belozorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62316}
2019-06-21 16:03:38 +00:00
Andreas Haas
21719af9ae [wasm] Support table.copy for anyref tables
The table.copy instruction used the indirect_function_table_size field
of the instance for bounds-checks. However, when Table 0 is of type
anyref, this field is not set. Now we use the actual size of the table
instead.

R=clemensh@chromium.org

Bug: chromium:977101
Change-Id: Idda9cfe228141877747ed9a824936a1232f58cf8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1669695
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62315}
2019-06-21 14:29:37 +00:00
Andreas Haas
62a2a6efbc [wasm] Only Table 0 can be the indirect-function-table
The {indirect_function_table_size} field of the instance was initialized
with the size of the first anyfunc table. However, this field should
only be set if Table 0 is of type anyfunc.

R=clemensh@chromium.org

Bug: chromium:977101
Change-Id: I4729feb6b67387ccda53d17179a34d719347efed
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1669697
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62314}
2019-06-21 14:08:57 +00:00
Sigurd Schneider
c4233951ee Fix pointer compression after moving v8memory.h to base/memory.h
TBR=ishell@chromium.org

Change-Id: Iba69e556519a76334b9a3a1a0ece9a67f7f69cf2
Bug: v8:8855
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1669696
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62313}
2019-06-21 13:51:37 +00:00
Clemens Hammacher
3ea51d4692 [wasm][gc] Deregister foreground task in destructor
The platform is allowed to remove the foreground task without ever
executing it if the isolate is shutting down. This can happen
immediately when spawning the task. This would leave a stale pointer to
the deleted task in the engine, and can lead to UAF.
Thus deregister the task also from the destructor. At that point, we do
not need to report back any live code for that isolate.

R=ahaas@chromium.org

Bug: v8:8217, chromium:971293
Change-Id: I7081efde8f306649d08956e758254a8875db8271
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1669694
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62312}
2019-06-21 13:43:38 +00:00
Milad Farazmand
85e6d4c2c2 AIX/s390: [torque] check TNode return types of CSA macros
Port 20d29a3617

Original Commit Message:

    This disallows using CSA macros from Torque that have a Node* return
    type instead of TNode<>. By enforcing CSA types at the boundary between
    CSA and Torque, we can ensure that the Torque types and the CSA types
    match.

    As a drive-by, this CL adds a bit more of CSA typing where it made sense.

R=tebbi@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: I531531e9029875b7685a9d775410ec9f924f8b69
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1669827
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#62311}
2019-06-21 12:17:28 +00:00
Georg Neis
02892ad221 [turbofan] Remove most remaining heap accesses from property loads
A few are still left and made explicit with Allow* scopes.

Bug: v8:7790
Change-Id: I85e78949730d046d3449e0cee70997e60a043825
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1622108
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62310}
2019-06-21 12:10:28 +00:00
Sigurd Schneider
dd65ef6a9a [base] Move v8memory.h to base/memory.h
v8memory.h does not have V8 specific definitions, and having it in base
makes it clear that every component may include the file. It also
ensures that including it does not create spurious dependencies on
v8_base.

Change-Id: I565f63b25f33a9ada19d7b2ac5990863ab17f4a7
Bug: v8:9183, v8:8855
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1657923
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62309}
2019-06-21 11:44:18 +00:00
Stephen Kyle
a1ba0a85e5 [ptr-compr][ic] Compress references in StubCache
The stub cache doubles in size when switching to 64-bit. The references
stored in it are not currently compressed even with ptr-compr enabled.

This patch compresses those references so the table is the same size on
32- and 64-bit architectures, which is beneficial on benchmarks which
utilise the stub cache heavily.

Reducing the stub cache size has lead to an improvement of 0.7% in
runs/minute being observed on Speedometer on a Pixel device, and 0.4% on
a Pixel3 device.

Also add constructors to [Strong]TaggedValue to support compression.

Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Change-Id: I3b643d674356deaa129588189df7adfc91d15db4
Bug: v8:7703
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1635694
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62308}
2019-06-21 10:42:58 +00:00
Dan Elphick
e05256a825 Move Bytecode function out of objects.cc
Moves Bytecode::IsBytecodeEqual from objects.cc to code.cc.

Bug: v8:9183
Change-Id: I1f6ff1cc388c5f22de951bc75514dd08c25e500a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1667420
Auto-Submit: Dan Elphick <delphick@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62307}
2019-06-21 10:05:48 +00:00
Sigurd Schneider
7617d1a1e7 [ptr-compr][arm64] Use ldr_w to load on 32 bits for CompressedHeapConstants
Adds basic support for CompressedHeapConstants to Arm64 by moving to a ldr_w
instruction and passing COMPRESSED_EMBEDDED_OBJECT as the RelocInfo. However,
we still haven't made the COMPRESSED_EMBEDDED_OBJECT be actually compressed
in the code-stream (they still take up a full 64-bits). Support for this will
be added next.

Adding a test on macro assembler that checks that the
RelocInfo::COMPRESSED_EMBEDDED_OBJECT is flowing through.

Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:8977, v8:7703, v8:9298
Change-Id: Ibc64cdfdd85d5cdfa060ed6227b10bb47eae3a8a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1635692
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62306}
2019-06-21 07:37:04 +00:00
Daniel Bratell
e446f182f8 Clarifying another Regexp namespace
Right now there is both a v8::internal::RegExp class and a
v8::RegExp class so when code says just "RegExp" the name lookup
depends on what the compiler knows. In some jumbo builds the
compiler suddenly knew about v8::internal::RegExp which made
the symbol lookup choose that class instead of v8::RegExp.

Bug: v8:9359
Change-Id: Ic226d187a397ef2ed4e1e7b415c4f68ba72aa0e6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1669688
Auto-Submit: Daniel Bratell <bratell@opera.com>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62305}
2019-06-21 05:17:54 +00:00
v8-ci-autoroll-builder
4e49c087ee Update V8 DEPS.
Rolling v8/build: 7f6e669..6ccf6a3

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/26377fc..94c77e7

Rolling v8/third_party/depot_tools: b1a3e41..125f7cc

Rolling v8/tools/clang: 3937806..a8fe285

TBR=machenbach@chromium.org,sergiyb@chromium.org,tmrts@chromium.org

Change-Id: I91d4427a4e7b3befa189144d95330ca30d602fbd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1670608
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#62304}
2019-06-21 03:44:54 +00:00
Dan Elphick
fc68d1e51a [interpreter] Fix order of bytecode generated for adding getters/setters
Makes the order of the generated calls to the Runtime function
DefineAccessorPropertyUnchecked fixed regardless of hashseed so that
recompilation for lazy source positions always generates the same
result.

Moves AccessorTable from src/ast/ast.h to bytecode-generator.cc since
that's the only place that uses it.

Bug: v8:9383, v8:8510
Change-Id: I89e0aad1683a793714bfb48eca1b00abe20cad0a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1669689
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62303}
2019-06-20 18:41:42 +00:00
Maciej Goszczycki
a5e7c03bc6 Reland "[roheap] Check that ro-heap is always passed the same read-only snapshot"
This is a reland of a5fa211f30

des_checksum and call_once_run were undefined and unused respectively when
shared read-only heap was enabled. Fixed with a copious amounts of USE.

Original change's description:
> [roheap] Check that ro-heap is always passed the same read-only snapshot
>
> Previously the ReadOnlyHeap simply discarded all but the first
> ReadOnlyDeseralizer. ClearSharedHeapForTest should be called if using a
> new ReadOnlyDeserializer (this might change in the future).
>
> Remove an obsolete 'StartupSerializerRootMapDependencies' test. It used
> to test Map::WeakCellForMap which doesn't exist anymore and was
> difficult to adapt to a shared read-only heap.
>
> Bug: v8:7464
> Change-Id: I64b8e953b0e3466e003541ec8a9321e439a01d33
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1660612
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Dan Elphick <delphick@chromium.org>
> Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
> Cr-Commit-Position: refs/heads/master@{#62250}

TBR: yangguo@chromium.org
Bug: v8:7464
Change-Id: Id66e781be890c5ed03d066f8c62de703d5cb435e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1667415
Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62302}
2019-06-20 13:05:26 +00:00
Yu Yin
82622c52f5 [mips][lite] Allocate feedback vectors lazily
Port: 7629afd https://crrev.com/c/1520719

Original Commit Message:

    Allocate feedback vectors lazily when the function's interrupt budget has
    reached a specified threshold. This cl introduces a new field in the
    ClosureFeedbackCellArray to track the interrupt budget for allocating
    feedback vectors. Using the interrupt budget on the bytecode array could
    cause problems when there are closures across native contexts and we may
    delay allocating feedback vectors in one of them causing unexpected
    performance cliffs. In the long term we may want to remove interrupt budget
    from bytecode array and use context specific budget for tiering up decisions
    as well.

Change-Id: Icddceec22df3dad7861a30f0190397db130db10d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1669116
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Yu Yin <xwafish@gmail.com>
Cr-Commit-Position: refs/heads/master@{#62301}
2019-06-20 10:35:52 +00:00
v8-ci-autoroll-builder
696eae3fc2 Update wasm-spec.
Rolling v8/test/wasm-js/data: 7940fa4..b568df7

[test] More inconsistent lengths (#1029) (Wanming Lin)
https://chromium.googlesource.com/external/github.com/WebAssembly/spec/+/b568df7

[interpreter] Fix broken link (#1035) (Rikard Hjort)
https://chromium.googlesource.com/external/github.com/WebAssembly/spec/+/8c8f5f1

TBR=ahaas@chromium.org,clemensh@chromium.org

Change-Id: I66b322850497c17474a179c793e3aa834e2df1d3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1668769
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#62300}
2019-06-20 04:52:22 +00:00
v8-ci-autoroll-builder
4bc72b88cf Update V8 DEPS.
Rolling v8/build: be684b6..7f6e669

Rolling v8/third_party/depot_tools: 764ec87..b1a3e41

TBR=machenbach@chromium.org,sergiyb@chromium.org,tmrts@chromium.org

Change-Id: Ibbd0ce6b24afb23aef2d487e252ac2c841d14c0a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1668445
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#62299}
2019-06-20 03:43:42 +00:00
Ng Zhi An
d353d61857 Fix macro to generate SIMD instructions for test
Bug: v8:6020
Change-Id: Ic33f698973edd8b6bcb8725cc86b4431374fb7b8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1666450
Auto-Submit: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62298}
2019-06-19 20:44:52 +00:00
Ben Smith
b7a7e2fb89 [wasm] Call OnAfterCompile when cloning Module
The debugger should be notified whenever a new Module is created so it
displayed properly. Without this change, the Module is only displayed once,
regardless of the number of times it is referenced (by other Workers, say).
That is potentially reasonable behavior, but it doesn't match the way
JavaScript does it.

With this change, the debugger will display the sources like this:

```
▼ top
  ▶ localhost
  ▼ wasm
    ▼ wasm-82570336
        wasm-82570336-0

▼ worker.js
  ▶ localhost
  ▼ wasm
    ▶ wasm-82570336
```

Change-Id: I61177e8a07e36ea8e2234aa25e75b1489c9da95f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1666616
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62297}
2019-06-19 18:51:41 +00:00
Daniel Clark
8d8215504b [modules] Introduce SourceTextModule class
Introduce SourceTextModule as a subclass of Module.  Move all the
JavaScript-module-specific code down from Module to
SourceTextModule, with all code applicable to other future
module types remaining in Module.

With this change, Module is roughly equivalent to the spec's
Abstract Module Record and SourceTextModule is roughly equivalent
to Source Text Module Record.

Bug: v8:9292
Change-Id: I6e9cd3ece9d0c1da57e52f8af8ed5848d87dd22d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1633154
Commit-Queue: Dan Clark <daniec@microsoft.com>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62296}
2019-06-19 17:54:52 +00:00
Adam Klein
abacacddd7 Revert "[csa] add hint to CAST error message to break in mksnapshot"
This reverts commit 93b6c866f3.

Reason for revert: Breaks on nosnap debug:
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20nosnap%20-%20debug/24470

Original change's description:
> [csa] add hint to CAST error message to break in mksnapshot
> 
> Change-Id: I51a22de5d6367c38056ea91eface4f69f6651993
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664069
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Michael Stanton <mvstanton@chromium.org>
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62274}

TBR=ulan@chromium.org,mvstanton@chromium.org,tebbi@chromium.org

Change-Id: I778b3a2c79776575efc8de43cf25e19ae301fca9
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1667484
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62295}
2019-06-19 17:14:45 +00:00
Dan Elphick
96577220d7 Revert "Reland "Enable lazy source positions by default""
This reverts commit ccf0d80261.

Reason for revert: Breaks https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20debug/26472

Original change's description:
> Reland "Enable lazy source positions by default"
> 
> This is a reland of 69fafb5fe3
> after fixing the in crash with
> https://chromium-review.googlesource.com/c/v8/v8/+/1664334
> 
> Original change's description:
> > Enable lazy source positions by default
> >
> > Also adds a compile time flag which allows the default to be configured
> > so node can disable it since it hangs the node cpu profiler tests.
> >
> > Bug: v8:8510
> > Change-Id: Idf4785036dc6242769410091518a67ac9179b718
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1491491
> > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> > Commit-Queue: Dan Elphick <delphick@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#62089}
> 
> Bug: v8:8510
> Change-Id: I81b36dbba3cc7b9a99dc5cc4ea72040fabfec97e
> Cq-Include-Trybots: luci.v8.try:v8_linux_gc_stress_dbg,v8_linux64_gc_stress_custom_snapshot_dbg_ng
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1660484
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Auto-Submit: Dan Elphick <delphick@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62288}

TBR=rmcilroy@chromium.org,delphick@chromium.org

Change-Id: Icbe93550850f79d1c29bed3e8084676c453cdf06
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8510
Cq-Include-Trybots: luci.v8.try:v8_linux_gc_stress_dbg, v8_linux64_gc_stress_custom_snapshot_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1667419
Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62294}
2019-06-19 15:54:34 +00:00
Tobias Tebbi
20d29a3617 [torque] check TNode return types of CSA macros
This disallows using CSA macros from Torque that have a Node* return
type instead of TNode<>. By enforcing CSA types at the boundary between
CSA and Torque, we can ensure that the Torque types and the CSA types
match.

As a drive-by, this CL adds a bit more of CSA typing where it made sense.

Bug: v8:7793, v8:6949

Change-Id: I12ea0337c628105ea3c420be747ae50d3a172547
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1660481
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62293}
2019-06-19 15:50:11 +00:00
Joyee Cheung
31a951d875 [class] implement access of private methods
This patch implements the access of private methods:

- When building property loads, check whether it requires
  a brand check. If so, build the brand check and load the
  property (the method) from the context instead.
- Throw type errors when there is an attempted write to private
  methods.

Design: https://docs.google.com/document/d/1T-Ql6HOIH2U_8YjWkwK2rTfywwb7b3Qe8d3jkz72KwA/edit#

Bug: v8:8330
Change-Id: Ic917d2a0030196c1940b0c0ba65a340af736c769
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1610383
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62292}
2019-06-19 15:38:21 +00:00