Commit Graph

16848 Commits

Author SHA1 Message Date
Adam Klein
1385f95fed Revert "[api] Use query interceptor in Object.keys()."
It caused crashes in the extension process on Canary.

This reverts commit b6059a67ca.

Also revert followup test CL:

  "[api] Add test for EnumeratorCallback and for...in."

as it depends on the logic in the reverted change.

This reverts commit 56772de7f9.

Bug: chromium:757371, v8:6627
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Id110128e6dc858a5a60ffc0175e8bb927b90bfc5
Reviewed-on: https://chromium-review.googlesource.com/626720
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47522}
2017-08-22 18:42:17 +00:00
Michael Starzinger
6dd1251e4e Handlify FrameFunctionIterator to allow for GCs.
R=tebbi@chromium.org
TEST=mjsunit/regress/regress-crbug-755044
BUG=chromium:755044

Change-Id: I909eeeccaf4e4e9757a2f952c00f557ee6c495ee
Reviewed-on: https://chromium-review.googlesource.com/625878
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47510}
2017-08-22 15:00:03 +00:00
Ross McIlroy
42d3d36bc3 Revert "[Compiler] Remove code aging support."
This reverts commit a205117c6e.

Reason for revert: breaks Arm64

Original change's description:
> [Compiler] Remove code aging support.
> 
> Code aging is no longer supported by any remaining compilers now
> that full codegen has been removed. This CL removes all vestiges of
> code aging.
> 
> BUG=v8:6409
> 
> Change-Id: I945ebcc20c7c55120550c8ee36188bfa042ea65e
> Reviewed-on: https://chromium-review.googlesource.com/619153
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47501}

TBR=ulan@chromium.org,rmcilroy@chromium.org,marja@chromium.org,yangguo@chromium.org,mstarzinger@chromium.org,rodolph.perfetta@arm.com

Change-Id: I9d8b2985e2d472697908270d93a35eb7ef9c88a8
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6409
Reviewed-on: https://chromium-review.googlesource.com/625998
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47506}
2017-08-22 12:27:03 +00:00
Ross McIlroy
a205117c6e [Compiler] Remove code aging support.
Code aging is no longer supported by any remaining compilers now
that full codegen has been removed. This CL removes all vestiges of
code aging.

BUG=v8:6409

Change-Id: I945ebcc20c7c55120550c8ee36188bfa042ea65e
Reviewed-on: https://chromium-review.googlesource.com/619153
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47501}
2017-08-22 11:33:19 +00:00
Ross McIlroy
b7a124e369 [asm-js] Use existing character-stream to re-parse asm.js modules.
Instead of creating a new character stream to re-parse the asm.js module,
use the existing stream which was used by the parser.  By doing this, we
avoid accessing the heap if the original character stream is a streaming
source or an external string, which will enable asm.js verification to run
off-thread in those situations.

BUG=v8:5203

Change-Id: I5dbf83c993512eb2f3dd709120e152e3f9900bdf
Reviewed-on: https://chromium-review.googlesource.com/616723
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47500}
2017-08-22 11:22:39 +00:00
Marja Hölttä
7dda7e8003 [parser] Skipping inner funcs: allow handle deref when restoring the data.
This stopped working because of r47337 (
https://chromium-review.googlesource.com/c/v8/v8/+/605949/8/src/compiler.cc#418
).

Also enhanced the test so that it would've caught this.

BUG=v8:5516

Change-Id: I933a8b5d787c3eb8b2cc230e2b35df1f25b500e7
Reviewed-on: https://chromium-review.googlesource.com/625618
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47498}
2017-08-22 10:43:39 +00:00
Michael Starzinger
313f8d3fcb [asm.js] Fix heap access validation of shift expressions.
This makes sure that shift expressions (not wrapped in parentheses) can
appear as part of the index in a valid heap access expression. Only the
last operand of a sequence of shift expressions is taken into account
when validating the heap access.

R=jarin@chromium.org
TEST=mjsunit/regress/regress-6700
BUG=v8:6700,chromium:754751

Change-Id: Icc7a71bd64461da4d3daea41b995964e3dfc6dc6
Reviewed-on: https://chromium-review.googlesource.com/623811
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47497}
2017-08-22 08:50:26 +00:00
jgruber
1b5df68365 [csa] Fix two cases where allocations could go into LO space
If the elements fixed array is large enough, it must be allocated in
large-object space. This fixes two cases in which we'd incorrectly
assume elements fits into new space.

There are potentially quite a few other spots affected by a similar
issue, and we should find a more robust solution. See also:
crbug.com/636391.

Bug: v8:6716
Change-Id: I91f09355ac6b7cf399e13cc21d34113a506e58fb
Reviewed-on: https://chromium-review.googlesource.com/623808
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47495}
2017-08-22 08:20:54 +00:00
Sathya Gunasekaran
fce31787b8 [runtime] Make GetHash and GetOrCreateHash member functions
There's no need for these to be static.

Bug: v8:5717
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ia704cdcb9ee9666c7724b78d58c56217cd5876ae
Reviewed-on: https://chromium-review.googlesource.com/624869
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47490}
2017-08-22 00:35:31 +00:00
Sathya Gunasekaran
f3d43c80bb [runtime] Unhandlify GetOrCreateHash
This no longer causes allocation, so it's safe to unhandlify.

This will allow us to use directly call into C++ (via CallCFunction)
to calculate the hash instead of going through the runtime (via
%GenericHash).

Bug: v8:5717
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ia561efb4d89d7a3d10c28913537b45b3ce477bb3
Reviewed-on: https://chromium-review.googlesource.com/624519
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47489}
2017-08-22 00:31:01 +00:00
Josh Wolfe
99e896368c [intl] Implement Intl.PluralRules behind --harmony-plural-rules
This feature is a stage 3 proposal implemented as a
wrapper around ICU that categorizes singular/plural/etc
grammatical forms based on a number and locale.

Based on littledan's work started here:
https://codereview.chromium.org/2736543002/

Bug: v8:5601
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I4107cd28be72413ec43aa1ff0f4fe6e181a290f4
Reviewed-on: https://chromium-review.googlesource.com/562298
Commit-Queue: Josh Wolfe <jwolfe@igalia.com>
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47485}
2017-08-21 22:23:59 +00:00
Alexey Kozyatinskiy
f160520394 [inspector] added queryObjects command line API
This API generates inspectRequested call with hints.queryObjects flag.

It's not possible to expose this method by itself since command line
API methods can leak.

R=pfeldman@chromium.org

Bug: v8:6732
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I3c582186f65d84a25eed910925a1b6ab36966a72
Reviewed-on: https://chromium-review.googlesource.com/622370
Reviewed-by: Pavel Feldman <pfeldman@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47480}
2017-08-21 18:25:05 +00:00
Albert Mingkun Yang
e58ae53132 [turbofan] Add CallCFunctionWithCallerSavedRegisters node in turbofan compiler
The new node behave the same as its counterpart, CallCFunction, with the
additional saving and restoring caller saved registers before and after
the function call.

Bug: chromium:749486
Change-Id: I0a1dfb2e4e55f7720541a00e6d16fd20220f39ed
Reviewed-on: https://chromium-review.googlesource.com/620709
Commit-Queue: Albert Mingkun Yang <albertnetymk@google.com>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47479}
2017-08-21 16:35:05 +00:00
Alexey Kozyatinskiy
f546ec1a5d [inspector] added Runtime.queryObjects
Runtime.queryObjects method:
1. force gc,
2. iterate through heap and get all objects with passed constructorName
   or with passed constructor name in prototype chain,
3. return these objects as JSArray.

Main use case is regression tests for memory leaks.

R=pfeldman@chromium.org,alph@chromium.org,ulan@chromium.org

Bug: v8:6732
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I52f0803366f14bb24376653615d870a4f21f83e7
Reviewed-on: https://chromium-review.googlesource.com/619594
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Pavel Feldman <pfeldman@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47478}
2017-08-21 15:48:05 +00:00
Ross McIlroy
1bc0195231 [Parsing] Always pass a valid character-stream into the parser
Changes the contract of the parser to have a valid character stream passed
in the ParseInfo rather than the current situation where either:
 - it is passed explicitly (e.g., for streaming scripts)
 - a Script is passed and a character stream is created for this
 - or a source and encoding is passed in ParseInfo and the character stream
   is created from this.

The parse info also now owns the character stream (in a unique_ptr). It
can be destroyed using a new ResetCharacterStream() function. This will
enable the character stream to be kept live if any functions are asm.js
modules which were parsed, in order to be reused by the asm.js parser.

BUG=v8:5203

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ifda167391b2eadb38ebf9fcb2f565d2ed9ea3c6f
Reviewed-on: https://chromium-review.googlesource.com/616767
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47474}
2017-08-21 13:02:03 +00:00
Michael Starzinger
7c061ba04a [ast] Remove obsolete Scope::IsAsmFunction predicate.
R=jarin@chromium.org
BUG=v8:5653,v8:6409

Change-Id: I3a7e7173afbcba9bb0bb7b1baafe9e78e22bb696
Reviewed-on: https://chromium-review.googlesource.com/612174
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47473}
2017-08-21 12:48:49 +00:00
Ulan Degenbaev
880c4c7b25 Reland "[heap] Handle bytecode arrays in concurrent marker."
This reverts commit a241576fa1.

Bytecode array visitor has a side-effect of incrementing the age counter.

This patch makes the increment atomic and thus safe for the concurrent
marker.

Bug: chromium:694255
Change-Id: Ibe1d75714a5911385b06e52ed50b5f152ec6b73d
Reviewed-on: https://chromium-review.googlesource.com/622432
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47472}
2017-08-21 12:44:18 +00:00
Camillo Bruni
7daf8cf3ee [literals] Add CreateEmptyObjectLiteral bytecode
The quite common empty object literal doesn't need an AllocationSite
since it starts off with the general ElementsKind. By using a separate 
bytecode we can directly instantiate the empty object without jumping
to the runtime first.

Note: this experimentally disables pretenuring for empty object
      literals. Depending on the outcome of our benchmarks pretenuring
      will be enabled again or fully removed for empty object literals.

Bug: v8:6211
Change-Id: I2fee81cbefc70865fc436dbd3bc5fc8de04db91c
Reviewed-on: https://chromium-review.googlesource.com/577555
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47467}
2017-08-21 10:01:16 +00:00
Enrico Bacis
5c47d99e30 [wasm] Add tests for grow_memory in loops
This CL introduces 4 tests that verify that the effects of a grow_memory
instruction executed inside a loop are visible also when the loop is over.

The tests verify the output of the current_memory instruction and the
result of loading a variable stored in the grown memory inside the
loop in the following cases:

 * the memory is grown inside the loop (no memory operation outside);

 * the memory is grown both inside and outside the loop;

R=ahaas@chromium.org,clemensh@chromium.org,gdeepti@chromium.org

Change-Id: I1670aa4d8274f6c54dced98cced7b51534552c36
Reviewed-on: https://chromium-review.googlesource.com/619207
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Enrico Bacis <enricobacis@google.com>
Cr-Commit-Position: refs/heads/master@{#47466}
2017-08-21 09:42:34 +00:00
Ulan Degenbaev
f8a08f385c [heap] Remove live byte adjustments from mutator.
The effect of array/string trimming on space size is postponed until sweeping
completes. This simplifies runtime code and fixes live byte update race with
the concurrent marker.

This patch restores monotonicity of PromotedSinceLastGC by notify the heap
when sweeper discovers more free space than estimated.

Bug: chromium:694255
Change-Id: I7a8c24f2c3398bc0c8a43ffd1d35ace68010cd65
Reviewed-on: https://chromium-review.googlesource.com/621326
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47464}
2017-08-21 09:03:03 +00:00
Marja Hölttä
e49accd97a [parser] Allow yield in for-in var initializer.
As specified in Annex B.3.6., initializers are allowed in sloppy mode var
declarations in for-in loops.

As a consequence, "in" is one of the tokens that can follow an
AssignmentExpression - this was not recognized before.

BUG=v8:6715

Change-Id: Idbf79bda39beef4e568d630e0b5e239a34397952
Reviewed-on: https://chromium-review.googlesource.com/620728
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47463}
2017-08-21 08:39:31 +00:00
Sathya Gunasekaran
01c82f9cab Reland "[runtime] Store hash code in length field"
This is a reland of decf5750c6

This patch fixes the hash code migration in the backing store
transition case from Smi to PropertyArray in the IC system and
Turbofan. Also, adds tests.

Bug: v8:6413, v8:6404

Original change's description:
> [runtime] Store hash code in length field
>
> Store the hash code in 21 bits of the length field.
>
> Change the GetIdentityHash API to be unhandlified, since there's no
> property lookup anymore.
>
> Update js/ and test/ to match new API and expections.
>
> Bug:
> Change-Id: I8dc75de4021f59e79b45f3f38ec997c3b3687b24
> Reviewed-on: https://chromium-review.googlesource.com/589688
> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47259}

Change-Id: I69289113c4b7978c46f6f9373cc972086ecb6822
Bug: 
Reviewed-on: https://chromium-review.googlesource.com/614903
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47459}
2017-08-21 05:30:01 +00:00
Mircea Trofin
b22fb03a49 Revert "Revert "[wasm] Reference indirect tables as addresses of global handles""
This reverts commit af37f6b970.

Reason for revert: Reverted dependency fixed.

Original change's description:
> Revert "[wasm] Reference indirect tables as addresses of global handles"
> 
> This reverts commit 186099d49f.
> 
> Reason for revert: Need to revert:
> https://chromium-review.googlesource.com/c/613880
> 
> Original change's description:
> > [wasm] Reference indirect tables as addresses of global handles
> > 
> > This sets us up for getting the wasm code generation off the GC heap.
> > We reference tables as global handles, which have a stable address. This
> > requires an extra instruction when attempting to make an indirect call,
> > per table (i.e. one for the signature table and one for the function
> > table).
> > 
> > Bug: 
> > Change-Id: I83743ba0f1dfdeba9aee5d27232f8823981288f8
> > Reviewed-on: https://chromium-review.googlesource.com/612322
> > Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
> > Reviewed-by: Brad Nelson <bradnelson@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#47444}
> 
> TBR=bradnelson@chromium.org,titzer@chromium.org,mtrofin@chromium.org
> 
> Change-Id: Ic3dff87410a51a2072ddc16cfc83a230526d4c56
> No-Presubmit: true
> No-Tree-Checks: true
> No-Try: true
> Reviewed-on: https://chromium-review.googlesource.com/622568
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47450}

TBR=bradnelson@chromium.org,machenbach@chromium.org,titzer@chromium.org,mtrofin@chromium.org

Change-Id: I3dc5dc8be26b5462703edac954cbedbb8f504c1e
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/622035
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47455}
2017-08-19 16:35:34 +00:00
Mircea Trofin
5eb1aa488e Revert "Revert "[wasm] Rename TestingModule to TestingModuleBuilder.""
This reverts commit 3913bde188.

Reason for revert: Reason for revert fixed.

Original change's description:
> Revert "[wasm] Rename TestingModule to TestingModuleBuilder."
> 
> This reverts commit ed06fc9127.
> 
> Reason for revert: Need to revert previous CL
> 
> Original change's description:
> > [wasm] Rename TestingModule to TestingModuleBuilder.
> > 
> > This is a followup to moving the ModuleEnv to the compiler directory and
> > making it immutable.
> > 
> > R=​mtrofin@chromium.org, ahaas@chromium.org
> > 
> > Bug: 
> > Change-Id: I0f5ec1b697bdcfad0b4dc2bca577cc0f40de8dc0
> > Reviewed-on: https://chromium-review.googlesource.com/616762
> > Commit-Queue: Ben Titzer <titzer@chromium.org>
> > Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
> > Reviewed-by: Andreas Haas <ahaas@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#47419}
> 
> TBR=titzer@chromium.org,mtrofin@chromium.org,ahaas@chromium.org
> 
> Change-Id: I9b3b379e89f523c2fcf205a1d268aa294bbc44ff
> No-Presubmit: true
> No-Tree-Checks: true
> No-Try: true
> Reviewed-on: https://chromium-review.googlesource.com/622567
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47448}

TBR=machenbach@chromium.org,titzer@chromium.org,mtrofin@chromium.org,ahaas@chromium.org

Change-Id: Idce6f1ca8ed0ea80edb50292e9b6e2d7712f29cf
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/622034
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47454}
2017-08-19 16:34:27 +00:00
Mircea Trofin
72dd5738a6 Revert "Revert "[wasm] Move the ModuleEnv to compiler and make it immutable.""
This reverts commit e79d4f06fd.

Reason for revert: Fixed compile error

Original change's description:
> Revert "[wasm] Move the ModuleEnv to compiler and make it immutable."
> 
> This reverts commit d04660db3f.
> 
> Reason for revert: Suspect for blocking the roll:
> https://chromium-review.googlesource.com/c/621191
> 
> See:
> https://build.chromium.org/p/tryserver.chromium.win/builders/win_optional_gpu_tests_rel/builds/13583
> 
> Original change's description:
> > [wasm] Move the ModuleEnv to compiler and make it immutable.
> > 
> > This CL (finally) makes the contract between the compiler and the module
> > environment clear. In order to compile a function, the caller must provide
> > an instance of the compiler::ModuleEnv struct, which contains references
> > to code, function and signature tables, memory start, etc.
> > 
> > R=​mtrofin@chromium.org,ahaas@chromium.org
> > 
> > Bug: 
> > Change-Id: I68e44d5da2c5ad44dad402029c2e57f2d5d25b4f
> > Reviewed-on: https://chromium-review.googlesource.com/613880
> > Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
> > Reviewed-by: Andreas Haas <ahaas@chromium.org>
> > Commit-Queue: Ben Titzer <titzer@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#47418}
> 
> TBR=titzer@chromium.org,mtrofin@chromium.org,ahaas@chromium.org
> 
> Change-Id: I60a369a43121720fbb13ea6c2ec6ca948d60a20b
> No-Presubmit: true
> No-Tree-Checks: true
> No-Try: true
> Reviewed-on: https://chromium-review.googlesource.com/622547
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47451}

TBR=machenbach@chromium.org,titzer@chromium.org,mtrofin@chromium.org,ahaas@chromium.org

Change-Id: Ie0efa6204c41b2cb672586a7ac0a622ca13ce5fe
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/622033
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47453}
2017-08-19 16:33:17 +00:00
Enrico Bacis
fe4d0686c9 [wasm] Add tests for grow_memory in conditional branches
This CL introduces 8 tests that verify that the effects of a grow_memory
instruction executed inside a conditional branch are visible also when
the branch is merged.

The tests verify the output of the current_memory instruction and the
result of loading a variable stored in the grown memory inside the
branch in the following cases:

 * the memory is grown inside the if branch (with no else branch);

 * the memory is grown inside the if branch (when an else branch exists);

 * the memory is grown inside the else branch;

 * the memory is grown by different amount of pages inside both the if
 and else branches.

R=ahaas@chromium.org,clemensh@chromium.org,gdeepti@chromium.org

Change-Id: I8127ebdf959eed5b7b5ca5aa6033a7ea41465f32
Reviewed-on: https://chromium-review.googlesource.com/617222
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Enrico Bacis <enricobacis@google.com>
Cr-Commit-Position: refs/heads/master@{#47452}
2017-08-19 10:33:11 +00:00
Michael Achenbach
e79d4f06fd Revert "[wasm] Move the ModuleEnv to compiler and make it immutable."
This reverts commit d04660db3f.

Reason for revert: Suspect for blocking the roll:
https://chromium-review.googlesource.com/c/621191

See:
https://build.chromium.org/p/tryserver.chromium.win/builders/win_optional_gpu_tests_rel/builds/13583

Original change's description:
> [wasm] Move the ModuleEnv to compiler and make it immutable.
> 
> This CL (finally) makes the contract between the compiler and the module
> environment clear. In order to compile a function, the caller must provide
> an instance of the compiler::ModuleEnv struct, which contains references
> to code, function and signature tables, memory start, etc.
> 
> R=​mtrofin@chromium.org,ahaas@chromium.org
> 
> Bug: 
> Change-Id: I68e44d5da2c5ad44dad402029c2e57f2d5d25b4f
> Reviewed-on: https://chromium-review.googlesource.com/613880
> Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Ben Titzer <titzer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47418}

TBR=titzer@chromium.org,mtrofin@chromium.org,ahaas@chromium.org

Change-Id: I60a369a43121720fbb13ea6c2ec6ca948d60a20b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/622547
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47451}
2017-08-19 07:26:17 +00:00
Michael Achenbach
af37f6b970 Revert "[wasm] Reference indirect tables as addresses of global handles"
This reverts commit 186099d49f.

Reason for revert: Need to revert:
https://chromium-review.googlesource.com/c/613880

Original change's description:
> [wasm] Reference indirect tables as addresses of global handles
> 
> This sets us up for getting the wasm code generation off the GC heap.
> We reference tables as global handles, which have a stable address. This
> requires an extra instruction when attempting to make an indirect call,
> per table (i.e. one for the signature table and one for the function
> table).
> 
> Bug: 
> Change-Id: I83743ba0f1dfdeba9aee5d27232f8823981288f8
> Reviewed-on: https://chromium-review.googlesource.com/612322
> Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
> Reviewed-by: Brad Nelson <bradnelson@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47444}

TBR=bradnelson@chromium.org,titzer@chromium.org,mtrofin@chromium.org

Change-Id: Ic3dff87410a51a2072ddc16cfc83a230526d4c56
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/622568
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47450}
2017-08-19 07:25:12 +00:00
Michael Achenbach
3913bde188 Revert "[wasm] Rename TestingModule to TestingModuleBuilder."
This reverts commit ed06fc9127.

Reason for revert: Need to revert previous CL

Original change's description:
> [wasm] Rename TestingModule to TestingModuleBuilder.
> 
> This is a followup to moving the ModuleEnv to the compiler directory and
> making it immutable.
> 
> R=​mtrofin@chromium.org, ahaas@chromium.org
> 
> Bug: 
> Change-Id: I0f5ec1b697bdcfad0b4dc2bca577cc0f40de8dc0
> Reviewed-on: https://chromium-review.googlesource.com/616762
> Commit-Queue: Ben Titzer <titzer@chromium.org>
> Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47419}

TBR=titzer@chromium.org,mtrofin@chromium.org,ahaas@chromium.org

Change-Id: I9b3b379e89f523c2fcf205a1d268aa294bbc44ff
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/622567
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47448}
2017-08-19 07:13:07 +00:00
Ross McIlroy
ef8baffa6c [Parsing] Remove parse-task support.
Parse tasks are not currently used, and will need to be changed significantly
for background compilation, so we remove them for now.

BUG=v8:6093,v8:5203

Change-Id: I44559a94ecca85668f0117629d35aaa5f4075745
Reviewed-on: https://chromium-review.googlesource.com/617140
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47446}
2017-08-18 21:09:30 +00:00
Franziska Hinkelmann
56772de7f9 [api] Add test for EnumeratorCallback and for...in.
If a QueryCallback is present, it is used to
filter the result from the EnumeratorCallback for
enumerable properties. This tests assures that
for...in loops work correctly with these interceptors.

Bug: v8:6627
Change-Id: I1e568beac1e138a330034492b87bd49c22e0c804
Reviewed-on: https://chromium-review.googlesource.com/609982
Commit-Queue: Franziska Hinkelmann <franzih@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47445}
2017-08-18 19:07:57 +00:00
Mircea Trofin
186099d49f [wasm] Reference indirect tables as addresses of global handles
This sets us up for getting the wasm code generation off the GC heap.
We reference tables as global handles, which have a stable address. This
requires an extra instruction when attempting to make an indirect call,
per table (i.e. one for the signature table and one for the function
table).

Bug: 
Change-Id: I83743ba0f1dfdeba9aee5d27232f8823981288f8
Reviewed-on: https://chromium-review.googlesource.com/612322
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47444}
2017-08-18 18:50:27 +00:00
Franziska Hinkelmann
96cd1cfb79 [es2015] Fix error for wrong offset in TypedArray
%TypedArray%.prototype.set should throw a range error for invalid offset.

Bug: v8:6729
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I2b2b64a82657ecabf136ec8f13b41e95a62b8f38
Reviewed-on: https://chromium-review.googlesource.com/620569
Commit-Queue: Franziska Hinkelmann <franzih@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47443}
2017-08-18 18:41:57 +00:00
Franziska Hinkelmann
b6059a67ca [api] Use query interceptor in Object.keys().
The V8 API provides interceptors. They are not part of the
EcmaScript specification. But their behavior should be consistent.
For example, when an EnumeratorInterceptor is defined, Object.keys(),
Object.entries(), and Object.values() should all have the
same number of entries.

This CL creates consistent behavior among these
functions. If a QueryCallback is present, it is used to
filter the result from the EnumeratorCallback for
enumerable properties.

Bug: v8:6627
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ie51e69bb77099d9fafc4b1ea02671eced610edba
Reviewed-on: https://chromium-review.googlesource.com/609068
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Franziska Hinkelmann <franzih@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47442}
2017-08-18 17:56:44 +00:00
Adam Klein
69b165db00 [ast] Save one pointer in most Function and Variable declaration node
Currently, Declaration stores a Scope pointer to whichever Scope the
declaration appeared in. This is used to disallow var declarations
being hoisted over lexical declarations. For example:

  {
    let x;
    { var x; }
  }

But in fact this is the only sort of case where storing the scope
is required: for lexical declarations (including function declarations
appearing in blocks), Declaration::scope() was always identical to
Declaration::proxy()->var()->scope(). That is, only var declarations
end up "nested" in this way.

This patch adds a subclass of VariableDeclaration to store the Scope.
Since the only thing that cares about that data is Scope analysis,
this isn't treated as a distinct AstNode::NodeType from VariableDeclaration,
leaving all AstVisitors untouched in the process.

Also reworked the logic in Scope::CheckConflictingVarDeclarations() for
clarity after making changes to accomodate the new code.

Change-Id: I6ee4298700508ab9e28a76ddb8504bae68bc473f
Reviewed-on: https://chromium-review.googlesource.com/619595
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47441}
2017-08-18 17:55:04 +00:00
Ulan Degenbaev
1518b1e349 [heap] Refactor page initialization.
This fixes layering between page and its owner, so that the page does
not update the owner state.

Bug: chromium:694255
Change-Id: Ic4f594340bed42d4f2c13d0a30f451317cbc9f50
Reviewed-on: https://chromium-review.googlesource.com/620732
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47437}
2017-08-18 16:28:34 +00:00
Adam Klein
cec289ea57 [pattern-rewriter] Handle already-rewritten RewritableExpressions as before
Before 983eec8979, RewritableExpressions
which had been queued for destructuring assignment rewriting but which
turned out to be part of a binding pattern in arrow function parameters
would be silently ignored by the PatternRewriter. After that CL, they
failed with a DCHECK.

This patch reverts to the previous behavior, with a TODO to handle this
in a better way by dequeuing RewritableExpressions that turned out
to be part of an inner arrow function.

Bug: chromium:756332
Change-Id: I0a9bf51499940c944034d9a8128e89950de38059
Reviewed-on: https://chromium-review.googlesource.com/619506
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47435}
2017-08-18 16:16:24 +00:00
Jakob Kummerow
a3ef2489f2 Cache fewer StoreIC-Transition handlers
Many handlers are not used again, so we can improve the cache hit rate
by caching fewer handlers. Specifically, in this CL, when a StoreIC
miss causes a new map transition to be created, then the handler is not
cached right away yet (it will be cached next time, when the transition
exists already).

Also, fix an embarrassing bug where growing a TransitionArray dropped
cached handlers. That further improves the cache hit rate. ;-)

Bug: chromium:752867, chromium:753819
Change-Id: Id8db5ca1e780a5fe8fc61db7f20996e61c65a90e
Reviewed-on: https://chromium-review.googlesource.com/619851
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47433}
2017-08-18 16:06:44 +00:00
Choongwoo Han
5e0db7df73 [runtime] Do not set zero-length source in TA.p.set
(source_length - 1) can be overflowed, and cause OOB access when source_length
is zero. Thus, just do not operate setting if source_length is zero when
starting TypedArraySetFromOverlapping.

Bug: v8:6704
Change-Id: I5da60590c9a197eae96625a12720f6818b8c598a
Reviewed-on: https://chromium-review.googlesource.com/620452
Commit-Queue: Franziska Hinkelmann <franzih@chromium.org>
Reviewed-by: Franziska Hinkelmann <franzih@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47430}
2017-08-18 14:40:08 +00:00
Maya Lekova
03285ec968 [builtins] Fix crash in ProxyHasProperty stub
The crash used to happen when trap is a Smi.

Bug: chromium:756608
Change-Id: I0a6f0328afc64d8e521b5b370a291f9aef6b08d0
Reviewed-on: https://chromium-review.googlesource.com/620647
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Maya Lekova <mslekova@google.com>
Cr-Commit-Position: refs/heads/master@{#47429}
2017-08-18 13:56:18 +00:00
Albert Mingkun Yang
e143a4e7e5 Add bound checking to RegisterConfiguration accessors function.
Fix MaxIndex in test-gap-resolver.cc so that the above check doesn't
fire.

Change-Id: I6588800281d797f3f8b33ced4c1b03315196fe44
Reviewed-on: https://chromium-review.googlesource.com/618809
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Albert Mingkun Yang <albertnetymk@google.com>
Cr-Commit-Position: refs/heads/master@{#47421}
2017-08-18 09:24:31 +00:00
Ben L. Titzer
ed06fc9127 [wasm] Rename TestingModule to TestingModuleBuilder.
This is a followup to moving the ModuleEnv to the compiler directory and
making it immutable.

R=mtrofin@chromium.org, ahaas@chromium.org

Bug: 
Change-Id: I0f5ec1b697bdcfad0b4dc2bca577cc0f40de8dc0
Reviewed-on: https://chromium-review.googlesource.com/616762
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47419}
2017-08-18 09:01:22 +00:00
Ben L. Titzer
d04660db3f [wasm] Move the ModuleEnv to compiler and make it immutable.
This CL (finally) makes the contract between the compiler and the module
environment clear. In order to compile a function, the caller must provide
an instance of the compiler::ModuleEnv struct, which contains references
to code, function and signature tables, memory start, etc.

R=mtrofin@chromium.org,ahaas@chromium.org

Bug: 
Change-Id: I68e44d5da2c5ad44dad402029c2e57f2d5d25b4f
Reviewed-on: https://chromium-review.googlesource.com/613880
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47418}
2017-08-18 08:08:40 +00:00
Ulan Degenbaev
dfc6b4ddaa [heap] New live byte tracking.
This patch changes how space size and capacity are updated in GC:
- space capacity changes only when a page added/removed from the space.
- space size is reset to zero before sweeping and incremented by
  page->live_bytes_count_ for each to-be-swept page.
- space size is refined after sweeping using the accurate
  page->allocated_bytes counter produces by the sweeper.

Invariants:
1. space.capacity = sum [page.size | for page in space].
2. After marking, before sweeping:
   a) space.size = sum [page.live_bytes_count | for page in space].
3. After sweeping, before marking ends:
   a) space.size = sum [page.allocated_bytes | for page in space].
   b) page.allocated_bytes >= (sum [object.size | for object in page] +
         page.linear_allocation_area).
   c) page.area_size = (page.allocated_bytes + page.wasted_memory +
         sum [free_list_entry.size | for free_list_entry in page].

3.b becomes equality if the mutator is not doing array trimming,
object slack tracking during sweeping.

Bug: chromium:694255
Change-Id: Ic8d16a8171187a113fee2df8bf3c2a4c5e77bc08
Reviewed-on: https://chromium-review.googlesource.com/618889
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47409}
2017-08-17 18:16:33 +00:00
Marja Hölttä
fe44df32f8 [parser] Fix: forbid await as class name in async arrow function formal params.
The bug was that we didn't track using await as a class name inside
arrow function formal parameters, and hence didn't recognize the error
in this case:

async(x = class await {}) => {}

BUG=v8:6714

Change-Id: Iabe6c947a4f621fb72361671d77f4765ba1a9578
Reviewed-on: https://chromium-review.googlesource.com/616776
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47407}
2017-08-17 17:32:12 +00:00
Caitlin Potter
fbb46475c8 [ignition] desugar AsyncGenerator yield* in BytecodeGenerator
Move the desugaring into BytecodeGenerator per TODOs.

BUG=v8:6472
R=tebbi@chromium.org, rmcilroy@chromium.org, jgruber@chromium.org

Change-Id: Ic482bee18d6e6fe73de4c5f9abaf4feda7be2dd5
Reviewed-on: https://chromium-review.googlesource.com/550396
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Cr-Commit-Position: refs/heads/master@{#47403}
2017-08-17 16:04:28 +00:00
Albert Mingkun Yang
bbcc4998f9 Rename Bit() to bit() in Register for arm64
Make it consistent so that registers in all architecture have a member
function called `bit()`.

Bug: 
Change-Id: Ie6323f81d4ecab1557259a43a30100d8da8b35f1
Reviewed-on: https://chromium-review.googlesource.com/618872
Commit-Queue: Albert Mingkun Yang <albertnetymk@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47401}
2017-08-17 14:14:44 +00:00
Ross McIlroy
73ec55982c Reland "[Compiler] Remove CompileDebugCode and EnsureBytecode and replace with Compile"
This is a reland of 21da12a983
Original change's description:
> [Compiler] Remove CompileDebugCode and EnsureBytecode and replace with Compile
> 
> Removes the Compiler::CompileDebugCode and Compiler::EnsureBytecode functions
> and replaces them with a Compiler::Compile(Handle<SharedFunctionInfo> shared)
> function. The code in compiler.cc is refactored to use this function to compile
> the SharedFunctionInfo when compiling a JSFunction.
> 
> Also does some other cleanup:
>  - Removes CompileUnoptimizedFunction and inlines into new Compiler function
>  - Moves code to create top level SharedFunctionInfo into CompilerTopLevel and
>    out of FinalizeUnoptimizedCompile.
> 
> BUG=v8:6409
> 
> Change-Id: Ic54afcd8eb005c17f3ae6b2355060846e3091ca3
> Reviewed-on: https://chromium-review.googlesource.com/613760
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47394}

TBR=yangguo@chromium.org
TBR=jarin@chromium.org

Bug: v8:6409
Change-Id: If2eae66a85f129e746a5ca5c04935540f3f86b04
Reviewed-on: https://chromium-review.googlesource.com/618886
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47399}
2017-08-17 13:21:44 +00:00
Enrico Bacis
d74ec7efa8 [wasm] Add tests for grow_memory inside functions
This CL introduces 6 tests that verify that the effects of a grow_memory
instruction executed inside a function are visible also from the caller of
the function.

The tests verify that:

 * the current_memory instruction returns the correct value after
 returning from a function that grew memory;

 * accessing a memory page that has been created inside a function does
 not trap in the caller;

 * when a function grows the memory and then store something in the grown
 memory, the caller always reads from the grown memory. This checks that
 the memory start address gets updated in the caller (the memory buffer
 could in fact be relocated by the grow_memory instruction).

These tests are implemented for direct and indirect function calls.

R=ahaas@chromium.org,clemensh@chromium.org

Change-Id: Iac8db0fa7a6dd6f530e090af5423fc165d87e863
Reviewed-on: https://chromium-review.googlesource.com/616150
Commit-Queue: Enrico Bacis <enricobacis@google.com>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47398}
2017-08-17 12:35:51 +00:00
Ross McIlroy
0f40415b6b Revert "[Compiler] Remove CompileDebugCode and EnsureBytecode and replace with Compile"
This reverts commit 21da12a983.

Reason for revert: Failing on arm64 simulator

Original change's description:
> [Compiler] Remove CompileDebugCode and EnsureBytecode and replace with Compile
> 
> Removes the Compiler::CompileDebugCode and Compiler::EnsureBytecode functions
> and replaces them with a Compiler::Compile(Handle<SharedFunctionInfo> shared)
> function. The code in compiler.cc is refactored to use this function to compile
> the SharedFunctionInfo when compiling a JSFunction.
> 
> Also does some other cleanup:
>  - Removes CompileUnoptimizedFunction and inlines into new Compiler function
>  - Moves code to create top level SharedFunctionInfo into CompilerTopLevel and
>    out of FinalizeUnoptimizedCompile.
> 
> BUG=v8:6409
> 
> Change-Id: Ic54afcd8eb005c17f3ae6b2355060846e3091ca3
> Reviewed-on: https://chromium-review.googlesource.com/613760
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47394}

TBR=rmcilroy@chromium.org,yangguo@chromium.org,jarin@chromium.org,leszeks@chromium.org

Change-Id: I4ba63e82417a185f1528ff2633eb6c8872fbbfe5
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6409
Reviewed-on: https://chromium-review.googlesource.com/618687
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47397}
2017-08-17 11:00:15 +00:00
Ivica Bogosavljevic
89ac7fcdb4 MIPS[64]: Add support for atomic binary operations in turbo fan
Bug: 
Change-Id: I5b5477b55f42cdfa7978bbe6b8610302f0ec41fb
Reviewed-on: https://chromium-review.googlesource.com/612085
Reviewed-by: Miran Karić <Miran.Karic@imgtec.com>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@imgtec.com>
Cr-Commit-Position: refs/heads/master@{#47396}
2017-08-17 10:08:53 +00:00
Enrico Bacis
8ee068388e [wasm] Fix grow-memory on exported memory
The WASM spec maximum memory size is higher than internal V8 maximum object
size. When a memory object grows above this limit (and only in that case), we
should signal an error.

This worked for not-exported memory; however when growing exported memory, the
code was comparing the V8 memory limit with the maximum number of pages defined
in the module, instead of the current number of pages + the number of new
required pages. This lead to signaling errors even when growing exported memory
below the V8 limit if the maximum number of pages specified in the module was
higher than the V8 limit.

GrowMemoryBuffer already checks that we do not grow a memory buffer past the
maximum size specified as parameter, so we can pass it the minimum between the
the V8 limit and the maximum number of pages specified in the module.

This CL introduces a test in test/mjsunit/wasm/import-memory.js that triggers
the problematic path and a patch to fix it.

R=ahaas@chromium.org,clemensh@chromium.org,gdeepti@chromium.org

Change-Id: I5a8da420418b394d61e1ba3cdf4408c3c09e61b6
Reviewed-on: https://chromium-review.googlesource.com/600217
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Enrico Bacis <enricobacis@google.com>
Cr-Commit-Position: refs/heads/master@{#47395}
2017-08-17 10:01:53 +00:00
Ross McIlroy
21da12a983 [Compiler] Remove CompileDebugCode and EnsureBytecode and replace with Compile
Removes the Compiler::CompileDebugCode and Compiler::EnsureBytecode functions
and replaces them with a Compiler::Compile(Handle<SharedFunctionInfo> shared)
function. The code in compiler.cc is refactored to use this function to compile
the SharedFunctionInfo when compiling a JSFunction.

Also does some other cleanup:
 - Removes CompileUnoptimizedFunction and inlines into new Compiler function
 - Moves code to create top level SharedFunctionInfo into CompilerTopLevel and
   out of FinalizeUnoptimizedCompile.

BUG=v8:6409

Change-Id: Ic54afcd8eb005c17f3ae6b2355060846e3091ca3
Reviewed-on: https://chromium-review.googlesource.com/613760
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47394}
2017-08-17 09:47:57 +00:00
Igor Sheludko
d5a398e8c9 Fix spec violation in Function.prototype.bind.
'9. Let targetName be ? Get(Target, "name").' didn't produce required
side effects.

Bug: v8:6712
Change-Id: Iebf007b4e93ebbf9c6c85c9729d972a8c1a7b129
Reviewed-on: https://chromium-review.googlesource.com/616727
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47393}
2017-08-17 08:42:03 +00:00
Yang Guo
31a3710c01 [bootstrapper] fix transferring double properties.
R=cbruni@chromium.org

Bug: v8:6726
Change-Id: If56ce1a0b00b98ede2bb101cb9697ec516d19e81
Reviewed-on: https://chromium-review.googlesource.com/616641
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47392}
2017-08-17 07:52:13 +00:00
Leszek Swirski
1a3027303b [turbofan] Never generate loop exit phis for the accumulator
The accumulator should never be alive when jumping back to a loop
header, or jumping out of a loop. This means that as far as far as
TurboFan is concerned, we never need to create Phis or LoopExitValues
for the accumulator, as its value should not escape the loop.

For safety, this also augments the IsLivenessValid DCHECK in the
liveness analysis to check that the accumulator is not live in these
cases, and amends the bytecode analysis tests to kill the accumulator
where necessary to ensure this.

As a drive-by, added some comments to the more complex bytecode analysis
tests, since figuring out what they were for and how to fix them took a
non-trivial amount of time.

Change-Id: Idecf76a36681d724134c59768650c23cc6b0e9ef
Reviewed-on: https://chromium-review.googlesource.com/615168
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47388}
2017-08-17 05:09:31 +00:00
Yang Guo
845c27cd5a [interpreter] remove self-healing for LiveEdit.
R=rmcilroy@chromium.org

Bug: v8:6409
Change-Id: I8205ca3e9587f4cb1d35d7edc1aa320814020ac4
Reviewed-on: https://chromium-review.googlesource.com/616665
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47387}
2017-08-17 04:24:08 +00:00
jing.bao
f464961b2c [ia32][wasm] Add I32x4Neg and I32x4 CompareOp
I32x4 Neg, Eq/Ne/GtS/GeS/GtU/GeU
Reconstruct ro/RRO macro instructions with AVX_OP3_WITH_TYPE

Bug: 
Change-Id: I3e391f489717db3456b884c6df0b1756497a1846
Reviewed-on: https://chromium-review.googlesource.com/616463
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jing Bao <jing.bao@intel.com>
Cr-Commit-Position: refs/heads/master@{#47385}
2017-08-17 02:46:32 +00:00
Ulan Degenbaev
8f1bc55817 [base] Add tests for base::AsAtomicWord::SetBits.
TBR: mlippautz@chromium.org
Change-Id: I1d0c3c84e4483287aa599c7d3a0c0d1c5a4d154a
Reviewed-on: https://chromium-review.googlesource.com/612177
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47379}
2017-08-16 15:13:02 +00:00
Adam Klein
f9733fd32f [parser] Reduce for-of desugaring dependency on Scope structure
This removes brittle Scope walking in FinalizeForOfStatement()
by making ParserBase call InitializeForEachStatement() while
in the proper Scope.

Bug: v8:6724
Change-Id: I6e828ccb3a5e4d98633a95a2bfb8d255ad0fc0eb
Reviewed-on: https://chromium-review.googlesource.com/614654
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47376}
2017-08-16 14:47:12 +00:00
Maya Lekova
221e54ddbc [builtins] Port Proxy has trap to CSA
Bug: v8:6664, v8:6557
Change-Id: Ib2180e38c8b07cda102ccb160dfd44197d828be0
Reviewed-on: https://chromium-review.googlesource.com/602229
Commit-Queue: Maya Lekova <mslekova@google.com>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47372}
2017-08-16 13:05:45 +00:00
Yang Guo
f782f74b6a [snapshot] do not skip nullptr embedder fields.
R=petermarshall@chromium.org

Bug: chromium:617892
Change-Id: I4077ae567297d18edd6c6748f9f64bbdafb34896
Reviewed-on: https://chromium-review.googlesource.com/616561
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47368}
2017-08-16 11:23:59 +00:00
Marja Hölttä
c3cf3d0661 [parser] Skipping inner funcs: drop "experimental" from flag name.
Makes ClusterFuzz start fuzzing with the flag on.

BUG=v8:5516

Change-Id: Ia80f7d22f12fe25efb226102a896e8b0e3537947
Reviewed-on: https://chromium-review.googlesource.com/610000
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47366}
2017-08-16 08:49:27 +00:00
Yang Guo
491d94dc33 [debug] remove support for full-codegen.
This removes:
- CodeBreakIterator for FCG code.
- RelocModes for debug breaks.
- Code generator for debug break slots.
- GC support for debug break slots.
- Code flag to indicate code with debug break slots.
- Builtin type DBG.
- Mechanisms to replace FCG code in the debugger and LiveEdit.
- Runtime entry to the debugger from debug break slots.

R=bmeurer@chromium.org, rmcilroy@chromium.org, ulan@chromium.org

Bug: v8:6409
Change-Id: I5662c8800e3ef1b1584ad107bfe0aae26c9d8abb
Reviewed-on: https://chromium-review.googlesource.com/613263
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47364}
2017-08-16 06:18:26 +00:00
Alexey Kozyatinskiy
6ceee53698 [inspector] aligned Runtime.evaluate(awaitPromise: true) with await semantic
This one allows us to support custom promises implementation.
With awaitPromise flag Runtime.evaluate awaits
Promise.resolve(<expression result>).
This also allows to await for any non-Promise value, similar to await
expression, which is more convenient for most protocol users.

R=dgozman@chromium.org

Bug: chromium:755104
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Iee798b33b6fb7de7d393372e164c0481d1bbf7eb
Reviewed-on: https://chromium-review.googlesource.com/614308
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47354}
2017-08-15 01:35:29 +00:00
Deepti Gandluri
3a30f60d05 [wasm] Refactor mjsunit atomics tests into smaller tests
Tests were monolithic, with large loops, and slow on ARM64. Refactor to
small tests so they can be sharded better, reduce page size to 1 to
keep the loops small.

BUG=v8:6532

Change-Id: I712551564d4a70fc12acdf114922feb614aeb271
Reviewed-on: https://chromium-review.googlesource.com/611614
Reviewed-by: Ben Smith <binji@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47353}
2017-08-14 23:46:10 +00:00
Sathya Gunasekaran
f6e20fcbba [modules] Fix dynamic import in eval
In the case of a function constructor or eval, we create a new script
object which doesn't have a script name. In this case, we traverse
upwards on the list of SFI's through script->eval_from_shared() to get
the outermost script that was not an eval script and get the script
name from that script.

Bug: chromium:746909, v8:6683, v8:5785
Change-Id: I430459f632a0e3b18fc3111a5cf1c00cedb9f520
Reviewed-on: https://chromium-review.googlesource.com/606701
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47352}
2017-08-14 23:21:49 +00:00
Mostyn Bramley-Moore
cddbe282c6 Start preparing test/cctest for jumbo compilation
* Avoid "using namespace" statements, which trigger clang's -Wheader-hygiene
  warnings in jumbo builds.
* Undefine created macros at the end of source files.

BUG=chromium:746958

Change-Id: I5d25432c314437f607b0e1be22765a6764267ba6
Reviewed-on: https://chromium-review.googlesource.com/610962
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Mostyn Bramley-Moore <mostynb@opera.com>
Cr-Commit-Position: refs/heads/master@{#47347}
2017-08-14 20:58:10 +00:00
Karl Schimpf
4c503b65d9 Throw a WasmErrorObject rather than an integer.
Fixes the implementation of wasm exceptions to use a WasmRuntimeError
object, and set the exception tag value as a property of the
object. This guarantees that an uncaught wasm exception is treated
like all other runtime errors.

Bug: v8:6577
Change-Id: I0ab0130444e745178e86c23b3bc9fc9f385c8d05
Reviewed-on: https://chromium-review.googlesource.com/611124
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Eric Holk <eholk@chromium.org>
Commit-Queue: Karl Schimpf <kschimpf@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47346}
2017-08-14 20:52:50 +00:00
Franziska Hinkelmann
1c9b1635a2 Add benchmark for TypedArray.prototype.set from array-like
Add benchmark for TypedArray.prototype.set from
a regular array.

Bug: v8:6704
Change-Id: I350960dec530c06e7cad62eec1f977d8fda97347
Reviewed-on: https://chromium-review.googlesource.com/613163
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Franziska Hinkelmann <franzih@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47345}
2017-08-14 19:45:49 +00:00
Franziska Hinkelmann
0b799e6664 Add benchmark for TypedArray.prototype.set for different types
Add a benchmark for TypedArray.prototype.set when
setting from another TypedArray with a different type.

Bug: v8:6704
Change-Id: Iad5585fe7d3a28b5b1a1b1f85ec81be659959239
Reviewed-on: https://chromium-review.googlesource.com/613267
Commit-Queue: Franziska Hinkelmann <franzih@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47343}
2017-08-14 19:17:39 +00:00
Franziska Hinkelmann
ae0a6f4b0c Add benchmark for TypedArray.prototype.set
Add benchmark for TypedArray.prototype.set when
setting from another TypedArray with the same type.

Bug: v8:6704
Change-Id: Ibde60b17aa32fb9c8237b2ab766d2b2913e256d7
Reviewed-on: https://chromium-review.googlesource.com/613264
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Franziska Hinkelmann <franzih@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47342}
2017-08-14 19:06:29 +00:00
Ulan Degenbaev
19ae2fc1af [heap] Refactor object marking state (part 2).
This follows up 4af9cfcc by separating incremental marking state
from the full MC marking state. Runtime and tests now use only
the incremental marking state. The full MC marking state used
by MC during atomic pause.

This separation decouples atomicity of markbit accesses
during incremental marking and during full MC.

Bug: chromium:694255
TBR: mlippautz@chromium.org
Change-Id: Ia409ab06515cd0d1403a272a016633295c0d6692
Reviewed-on: https://chromium-review.googlesource.com/612350
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47336}
2017-08-14 12:18:37 +00:00
Michael Achenbach
5c156de3e4 Revert "[Memory] Improve OOM callback tests."
This reverts commit 01cae9efe4.

Reason for revert: Seeing several flaky crashes on windows associated to this change:
https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20debug/builds/18407
https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20debug/builds/18408

Original change's description:
> [Memory] Improve OOM callback tests.
> 
> - Changes OOM tests to keep allocating more and more, starting from a
>   large amount, until we exhaust address space and get a failure.
> 
> Bug: v8:6635
> Change-Id: I007927c5f639ed395d90198272c93b6ee0e58249
> Reviewed-on: https://chromium-review.googlesource.com/609264
> Commit-Queue: Bill Budge <bbudge@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47328}

TBR=bbudge@chromium.org,mlippautz@chromium.org

Change-Id: Ibe49f99040e1a3c595ed836d1d40dbd0c7247d1c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6635
Reviewed-on: https://chromium-review.googlesource.com/612288
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47332}
2017-08-14 09:20:38 +00:00
Bill Budge
01cae9efe4 [Memory] Improve OOM callback tests.
- Changes OOM tests to keep allocating more and more, starting from a
  large amount, until we exhaust address space and get a failure.

Bug: v8:6635
Change-Id: I007927c5f639ed395d90198272c93b6ee0e58249
Reviewed-on: https://chromium-review.googlesource.com/609264
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47328}
2017-08-14 03:16:46 +00:00
Marja Hölttä
70f6913159 [parser] Skipping inner funcs: remove untrue DCHECK.
- See bug for the reduced test case.

- Not adding a regression test here: I don't want to assert that PreParser
  doesn't detect the redeclaration error, OTOH I don't want to make it detect
  the error either (in order to not couple detecting the error with
  FLAG_experimental_preparser_analysis).

BUG=chromium:753896, v8:5516

Change-Id: I0f1beffe30e5cb48d6dbec35181980864e6df153
Reviewed-on: https://chromium-review.googlesource.com/608976
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47326}
2017-08-12 16:43:40 +00:00
Marja Hölttä
d50b196246 [parser] Skipping inner funcs: add more tests.
These now pass because of https://chromium-review.googlesource.com/603787.

BUG=v8:5516

Change-Id: Ifcb576056c3cba523e56c5c9c563724efe096012
Reviewed-on: https://chromium-review.googlesource.com/608972
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47325}
2017-08-12 16:42:35 +00:00
Benedikt Meurer
94830f4b1b [turbofan] Remove obsolete LoadBuffer and StoreBuffer operators.
These operators were only used by the old asm.js pipeline (with
fullcodegen and the AstGraphBuilder). When going through the new
pipeline, accesses to TypedArrays are handled by the native
context specialization during inlining.

Bug: v8:6409
Change-Id: Ib9b888c0b96f297a335580ee42dfa951bde566be
Reviewed-on: https://chromium-review.googlesource.com/612347
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47322}
2017-08-11 19:17:37 +00:00
Alexey Kozyatinskiy
438a845c52 [inspector] check callback before calling on promise collected
R=dgozman@chromium.org

Bug: chromium:754560
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I3c0d5c4eebc3e8dbfa6663210046d6a86b1226b5
Reviewed-on: https://chromium-review.googlesource.com/612452
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47321}
2017-08-11 18:21:57 +00:00
Ross McIlroy
c820b89bc5 [Interpreter] Remove new.target from fixed frame slot.
Removes the new.target slot from the interpreter's fixed frame. Instead
adds a field to BytecodeArray to get the bytecode's incoming
new.target or generator object register. The InterpreterEntryTrampoline
then sets this register with the incoming new.target (or generator object)
when the function is called. This register can be directly the new.target
or generator object variable if they are LOCAL location, otherwise it is a
temporary register which is then moved to the variable's location during the
function prologue.

This fixes a hack in the deoptimizer where we would set the new.target fixed
slot to undefined in order to avoid extending it's lifetime through the
optimized code - now it's just a standard register and can be optimized away
as normal.

Bug=v8:6644

Change-Id: Ieb8cc34cccefd9fb6634a90cbc77c6002a54f2ae
Reviewed-on: https://chromium-review.googlesource.com/608966
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47320}
2017-08-11 17:04:08 +00:00
Ulan Degenbaev
a241576fa1 Revert "[heap] Handle bytecode arrays in concurrent marker."
This reverts commit a7c7e8f64e.

Reason for revert: TSAN failures.

Original change's description:
> [heap] Handle bytecode arrays in concurrent marker.
> 
> Bytecode array visitor has a side-effect of incrementing the age counter.
> 
> This patch makes the increment atomic and thus safe for the concurrent
> marker.
> 
> Bug: chromium:694255
> Change-Id: I36c65b02ace8d366206bd8295e72aaa19742ed56
> Reviewed-on: https://chromium-review.googlesource.com/610001
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#47317}

TBR=ulan@chromium.org,rmcilroy@chromium.org

Change-Id: Iceff1e5925bb6ad7c03f858aa2f1fa62240f6909
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:694255
Reviewed-on: https://chromium-review.googlesource.com/612069
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47319}
2017-08-11 16:50:39 +00:00
Alexey Kozyatinskiy
6cd471faf5 [inspector] allow negative line and column in Location
As long as we have scripts with negative source offset (see inline event listeners) we should not crash a browser when get negative offset.

R=jgruber@chromium.org

Bug: chromium:750592
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ic3138e7c61ec0a5133c56de9970acdffa5536d8e
Reviewed-on: https://chromium-review.googlesource.com/611613
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47318}
2017-08-11 16:07:17 +00:00
Ulan Degenbaev
a7c7e8f64e [heap] Handle bytecode arrays in concurrent marker.
Bytecode array visitor has a side-effect of incrementing the age counter.

This patch makes the increment atomic and thus safe for the concurrent
marker.

Bug: chromium:694255
Change-Id: I36c65b02ace8d366206bd8295e72aaa19742ed56
Reviewed-on: https://chromium-review.googlesource.com/610001
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47317}
2017-08-11 15:32:35 +00:00
Jakob Kummerow
89e5792d60 [tests] Make %NeverOptimizeFunction ClusterFuzz safe
It expected its argument to be a JSFunction, but fuzzer tests can
pass anything. Non-JSFunction arguments should just silently be
ignored, just like similar CF-whitelisted runtime functions do.

Bug: chromium:754177
Change-Id: I41b29528bbe72f24b3d84f021b22602160769d26
Reviewed-on: https://chromium-review.googlesource.com/610706
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47316}
2017-08-11 14:56:45 +00:00
Ulan Degenbaev
470e8024de [base] Introduce AsAtomic8 helper class.
This class provides byte level CAS operation using word level CAS.

Bug: chromium:694255
Change-Id: I39e661ee8d11e3f61fd5cb64c36f8f5ee94d1244
Reviewed-on: https://chromium-review.googlesource.com/612170
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47311}
2017-08-11 12:47:35 +00:00
Michael Starzinger
7840db4609 [test] Improve cctest/test-api/ReceiverSignature coverage.
R=bmeurer@chromium.org
TEST=cctest/test-api/ReceiverSignature

Change-Id: I4f58d7a1ce15aa02b1fec5c0317733d3f3b1f4ef
Reviewed-on: https://chromium-review.googlesource.com/611990
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47308}
2017-08-11 12:05:04 +00:00
Ross McIlroy
1458e8b01a [fullcodegen] Delete FullCodegen.
Deletes the now unused Full-codegen compiler. Also removes some macro
assembler instructions which are no longer used.

Note: there is still additional cleanup work to do after this lands
(e.g., remove support for FCG frames support and FCG
debugger support, etc.), but this will be done in followup CLs to keep
this patch managable.

BUG=v8:6409

Change-Id: I8d828fe7a64d29f2c1252d5fda968a630a2e9ef2
Reviewed-on: https://chromium-review.googlesource.com/584773
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47307}
2017-08-11 11:50:05 +00:00
Michael Lippautz
1092155c16 [heap] Cleanup cctests
- Move into v8::internal::heap namespace
- Remove card marking ifdefs

Bug: 
Change-Id: Ifd5e5d96c6ab0fea85a3646e5b307583eb13e2c3
Reviewed-on: https://chromium-review.googlesource.com/612066
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47305}
2017-08-11 10:40:49 +00:00
Michael Lippautz
f3d48f56a8 Remove unused atomic utils
The removed building blocks have either been completely unused or have
already been replaced.

Bug: 
Change-Id: I68a4d5d42b7f1cc3c5f8d0e7ea7146c5a0f59048
Reviewed-on: https://chromium-review.googlesource.com/612163
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47304}
2017-08-11 09:50:40 +00:00
Ulan Degenbaev
d9a036317c [heap] Track transition arrays using worklists.
This allows handling transitions arrays in concurrent marking

Bug: chromium:694255
Change-Id: I28196fccbf03bfba7d7dada1884813be372ddb54
Reviewed-on: https://chromium-review.googlesource.com/610961
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47303}
2017-08-11 09:11:20 +00:00
Benedikt Meurer
622852e5a6 [turbofan] Collect and use SignedSmall input feedback for Divide.
For Divide operations like

  r = a / b

where r has only truncated uses (i.e. only used in bitwise operations),
we used to generate a Float64Div unless we statically knew something
about a and b, even if a and b have always been integers so far.
Crankshaft was able to generate an integer division here, because
Fullcodegen collected feedback independently for inputs and outputs of
binary operations.

This adds new BinaryOperationFeedback::kSignedSmallInputs, which is used
specifically for Divide to state that we have seen only SignedSmall
inputs thus far, but the outputs weren't always in the SignedSmall
range.

The issue was discovered in a WebGL Triangulation library and reported
via https://twitter.com/mourner/status/895708603117518848 after Node
8.3.0 was released with I+TF.

R=jarin@chromium.org

Bug: v8:6698
Change-Id: I830e421a3bf91fc8fa3665cbb706bc13675a6d2b
Reviewed-on: https://chromium-review.googlesource.com/612063
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47302}
2017-08-11 08:50:00 +00:00
Michael Starzinger
f984eb1bbb [test] Rebaseline inspector test.
This changes the baseline of an inspector test setting breakpoints
within an asm.js module while the module is being executed. With the
validator it is not supported to switch from active WebAssembly code
back to debuggable interpreter code. Hence some previously expected
breakpoints no longer fire, the behavior is consistent across all
configurations now though.

R=yangguo@chromium.org
TEST=inspector/debugger/asm-js-breakpoint-during-exec
BUG=v8:6166

Change-Id: Ie1bb62fa6df28b10336b4cb5d381d2141eec356c
Reviewed-on: https://chromium-review.googlesource.com/608977
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47301}
2017-08-11 08:28:30 +00:00
Maya Lekova
0410e7e850 Reland ^4 "[builtins] Port getting property from Proxy to CSA"
This is a reland of edc4ae14c8

With fixes for crbug.com/752846, crbug.com/752712, crbug.com/752850

Previously landed as: 47a97aa53b / 47113
Previously landed as: 15ef03cbf3 / 47159
Previously landed as: e86c066b77 / 47235
Previously landed as: edc4ae14c8 / 47245

TBR=jkummerow@chromium.org, franzih@chromium.org, bmeurer@chromium.org,
jgruber@chromium.org, mstarzinger@chromium.org

Bug: v8:6559, v8:6557
Change-Id: I956486e90aab36ba95676bd4ec2febebed509fc1
Reviewed-on: https://chromium-review.googlesource.com/609781
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Franziska Hinkelmann <franzih@chromium.org>
Commit-Queue: Maya Lekova <mslekova@google.com>
Cr-Commit-Position: refs/heads/master@{#47299}
2017-08-11 07:17:35 +00:00
Eric Holk
f315b32267 Add eholk to Wasm-related OWNERS files
Bug: 
Change-Id: I1ab93d5b2d02d9a4851c2e67d33968a7cafaedd3
Reviewed-on: https://chromium-review.googlesource.com/610892
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Commit-Queue: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47294}
2017-08-10 18:58:00 +00:00
Maya Lekova
753d987a51 Add micro-benchmark for Proxy set property
Add additional tests for Proxy get and has property.

Bug: v8:6560, v8:6557
Change-Id: I56360c230b03a16425f4068d8023f90b3164eebb
Reviewed-on: https://chromium-review.googlesource.com/607889
Commit-Queue: Maya Lekova <mslekova@google.com>
Reviewed-by: Franziska Hinkelmann <franzih@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47290}
2017-08-10 18:11:50 +00:00
Ulan Degenbaev
4af9cfccf6 [heap] Refactor object marking state.
This patch merges ObjectMarking and MarkingState. The new marking state
encapsulates object marking, live byte tracking, and access atomicity.

The old ObjectMarking calls are now replaced with calls to marking
state. For example:
ObjectMarking::WhiteToGrey<kAtomicity>(obj, marking_state(obj)
becomes
marking_state()->WhiteToGrey(obj)

This simplifies custom handling of live bytes and allows to chose
atomicity of markbit accesses depending on collector's state.

This also decouples marking bitmap from the marking code, which will
allows in future to use different data-structure for mark-bits.

Bug: chromium:694255
Change-Id: Ifb4bc0144187bac1c08f6bc74a9d5c618fe77740
Reviewed-on: https://chromium-review.googlesource.com/602132
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47288}
2017-08-10 17:28:03 +00:00
Mircea Trofin
d9b54ff988 [wasm] Rename an internal wasm cctest member.
Bug: 
Change-Id: Ia8fd50cad1c7d0dd82eeadb22807e301246423a8
Reviewed-on: https://chromium-review.googlesource.com/610309
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47286}
2017-08-10 15:59:21 +00:00
Ross McIlroy
493a7d6475 [TurboFan] Delete AstGraphBuilder.
Deletes AstGraphBuilder and associated classes now that it is
unreachable. The following classes are also removed:
 - ControlBuilders
 - JSFrameSpecialization
 - AstLoopAssignmentAnalysis

Also removes flags from compilation-info which are no longer used, and removes
the no-deoptimization paths from TypedOptimization, JsTypedLowering,
JSIntrinsicLowering and JSBuiltinLowering.

BUG=v8:6409

Change-Id: I63986e8e3497bf63c4a27ea8ae827b8a633d4a26
Reviewed-on: https://chromium-review.googlesource.com/583652
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47284}
2017-08-10 15:56:21 +00:00
Ben L. Titzer
c35c54bb20 [wasm] Naming consistency for min/max pages and sizes in wasm-module.h
This is a pure renaming CL; no functionality changes.

R=mtrofin@chromium.org

Bug: 
Change-Id: I2f8262bdb17b9256d5b66fad56a7e51063f6f0d9
Reviewed-on: https://chromium-review.googlesource.com/610007
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47282}
2017-08-10 15:43:10 +00:00
Alexey Kozyatinskiy
cf4adddbfa [inspector] forEachSession iterates in predictable order
protocol::HashMap(std::unordered_map)::iterator doesn't provide any
guarantees about iteration order. At least Visual C++ from vS 2015 and
clang compile for loop inside forEachSession differently.
For tests we need stable order of iteration, so let's use std::map
instead.

R=dgozman@chromium.org

Bug: none
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I329cb24cd182baa86c0ea4a526257856718f32b1
Reviewed-on: https://chromium-review.googlesource.com/609489
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47281}
2017-08-10 15:39:06 +00:00