Commit Graph

45805 Commits

Author SHA1 Message Date
Z Duong Nguyen-Huu
94b2c12119 Reland of Port ProxyHasProperty to Torque
Refactor CheckHasTrapResult as well.

Spec: https://tc39.github.io/ecma262/#sec-proxy-object-internal-methods-and-internal-slots-hasproperty-p
Bug: v8:6664
Change-Id: Iaa9c1cb46ab4f7c8139dfe1380b3ec807a4719ee
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1610215
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#61546}
2019-05-15 16:03:22 +00:00
Michael Lippautz
735aa493a2 Update src/base/ OWNERS
Bug: v8:9247
Change-Id: Idb67869f3562e8afc7a744a939402db82bdb1bbd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1611806
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61541}
2019-05-15 14:42:26 +00:00
Clemens Hammacher
85efe15737 [cleanup] Remove unused format macros plus header
All macros defined in "format-macros.h" are dead now (after
https://crrev.com/c/1613243). This CL removes this header, and includes
<cinttypes> instead wherever we use format macros for the types defined
in <cstdint>.

Plus some drive-by cleanup of includes.

R=mlippautz@chromium.org

Bug: v8:9183
Change-Id: Ic379759b79edb50e38833defb1577cc3af7c8150
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1611800
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61540}
2019-05-15 14:26:25 +00:00
Toon Verwaest
123fbb7773 [json] Don't internalize json string values longer than 10 chars
Internalizing is useful if we expect the string to reoccur many times.
Internalizing too long strings will cost due to hashing, and the resulting
strings will be kept alive for longer. Drop the limit to 10 to be more
conservative.

Change-Id: I2ac2109ca03ab05dbc5c01d4efe6f912b12f65b7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1611805
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61539}
2019-05-15 14:18:25 +00:00
Toon Verwaest
fdde894576 [json] More feedback-guided json parsing
Use feedback from adjecent array elements to speed up object creation.

Change-Id: Ib5c1b07cc63afb1a4b0cf194144a0ecd31139cb6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1612898
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61538}
2019-05-15 14:05:17 +00:00
Simon Zünd
0a3e0cc690 [torque] Fix crash when no map is passed to extern class constructor
This CL adds a check and a more descriptive error message when no "map"
is passed when constructing an extern class:

extern class Foo extends HeapObject {...}
const f = new Foo {};

R=sigurds@chromium.org

Bug: v8:7793
Change-Id: I0dfa6d5976e98d572bafcf7a87f701ea97cd6a73
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1611804
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61537}
2019-05-15 13:56:05 +00:00
Clemens Hammacher
0fbc34d51b [cleanup] Replace %PRIuS by %zu
The 'z' length modifier for {size_t} in format strings was introduced
with C99, hence it is available in all environments we support.

R=jgruber@chromium.org, mlippautz@chromium.org

Bug: v8:9183
Change-Id: I1bc2abec3f9c7b38186128202fef4719853de7d4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1613243
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61536}
2019-05-15 13:45:59 +00:00
Nico Hartmann
b8c97dd2a8 [torque] Port Boolean constructor to Torque
Add torque implementation of GetDerivedMap

Bug: v8:9240
Change-Id: I9f2203f5c79fad84f67894c9cbaf28e6f7685f58
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609804
Commit-Queue: Nico Hartmann <nicohartmann@google.com>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61535}
2019-05-15 13:44:56 +00:00
Simon Zünd
d6b51cba23 [torque-ls] Support types in document-wide symbol requests
This CL adds support for all kinds of Types to "textDocument/symbol"
requests. While LSP has support for classes and structs, it does not
have support for generic types. Only classes are marked as such,
while all other types are marked as structs in terms of the LSP.

Special care has to be taken with TypeAliases. Generic call sites
introduce a new scope (similar to namespace scopes), where new
TypeAliases are created for Generic type arguments. These TypeAliases
then point to the specialized type inside this call-site specific
scope. To omit the specialized TypeAliaes from the symbols list,
they are marked using the "is_user_defined" flag.

R=sigurds@chromium.org

Bug: v8:8880
Change-Id: I576d1c677a5255d54f7774aa053f431608a4cd0c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1613240
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Auto-Submit: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61534}
2019-05-15 13:41:42 +00:00
Toon Verwaest
4b60b40aa7 [json] Make json parsing iterative
This avoids the need to throw range errors when we run out of stack, limiting
us only by available memory.

The main parser loop is implemented by two subloops.

The first subloop finishes whenever it generates primitive values, empty
arrays, or empty objects. If a non-empty object or array is started, the loop
continues to parse its first member.

The second subloop consumes produced values and either adds them to the parent
array or object, or returns it. The second loop finishes whenever a next value
needs to be produced. When the loop itself produces a finished array or object,
the loop continues.

Exceptions are handled by moving the cursor to end-of-input. Upon end-of-input,
the first loop sets the continuation to "kFail". That causes the second loop to
tear down continuation stack and related handle scopes, resulting in an empty
handle.

The CL additionally buffers all named properties and elements so we can
immediately allocate a correctly shaped object. For object elements we'll take
flat array or dictionary encoding depending on what is more efficient.

This means that element handles are now allocated in their parent HandleScope,
rather than having local handlescopes per-property (of big objects); which is
why I've adjusted the handle-count test to not allocate as many properties. In
the future it would be nice to not have to allocate (as many) handles since
almost everything in the JSON graph will survive JSON parsing...

Bug: chromium:710383
Change-Id: Ia3a7fd0ac260fb1c0e5f929276792b2f8e5fc0ca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609802
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61533}
2019-05-15 13:40:37 +00:00
Yang Guo
c39cabbcbe Move date-related files
R=bmeurer@chromium.org, ishell@chromium.org, jshin@chromium.org, ulan@chromium.org

Bug: v8:9247
Change-Id: I67b591b613dd066f441e63fd61952728f4036636
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1613247
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61532}
2019-05-15 13:39:34 +00:00
Yang Guo
a3187716d3 Move d8 into a dedicated subdirectory
Bug: v8:9247
Change-Id: I404e34a013b95c6a7cf03dd9ec0732d9ad796bdc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1613238
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61531}
2019-05-15 13:38:32 +00:00
Clemens Hammacher
fb36fd22ad Reland "[wasm][gc] Reenable discarding system pages"
This is a reland of 200a594a63.
The failing DCHECK was wrong, which is fixed now.

Original change's description:
> [wasm][gc] Reenable discarding system pages
>
> On windows, the range to be discarded needs to be split by the
> reservations, analogous to committing. This CL reuses the same logic,
> and reenables discarding pages on all platforms.
>
> R=mstarzinger@chromium.org
>
> Bug: v8:8217
> Change-Id: I11716d6381f765bdfe4cf48502b5cdc1f42cf8ab
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1611682
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61526}

Bug: v8:8217
No-Try: true
Change-Id: I293c638a5bc4678591a9c02704770ab54af39bdb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1613248
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61530}
2019-05-15 13:37:27 +00:00
Michael Starzinger
163f3d0906 [wasm] Simplify interpreter {ThreadImpl::DoStackTransfer}.
R=ahaas@chromium.org
BUG=v8:9183

Change-Id: Id8fbe12e6972ba22ee3974ec5bbbcfc1d4cb7458
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1612906
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61528}
2019-05-15 13:20:52 +00:00
Clemens Hammacher
6c03d6bb7a Revert "[wasm][gc] Reenable discarding system pages"
This reverts commit 200a594a63.

Reason for revert: Fails on windows: https://ci.chromium.org/p/v8/builders/ci/V8%20Win32%20-%20debug/20310

Original change's description:
> [wasm][gc] Reenable discarding system pages
> 
> On windows, the range to be discarded needs to be split by the
> reservations, analogous to committing. This CL reuses the same logic,
> and reenables discarding pages on all platforms.
> 
> R=​mstarzinger@chromium.org
> 
> Bug: v8:8217
> Change-Id: I11716d6381f765bdfe4cf48502b5cdc1f42cf8ab
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1611682
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61526}

TBR=mstarzinger@chromium.org,clemensh@chromium.org

Change-Id: I35bfbec222c4ba9e7b5990c02d004f7247b28131
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8217
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1611802
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61527}
2019-05-15 12:57:57 +00:00
Clemens Hammacher
200a594a63 [wasm][gc] Reenable discarding system pages
On windows, the range to be discarded needs to be split by the
reservations, analogous to committing. This CL reuses the same logic,
and reenables discarding pages on all platforms.

R=mstarzinger@chromium.org

Bug: v8:8217
Change-Id: I11716d6381f765bdfe4cf48502b5cdc1f42cf8ab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1611682
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61526}
2019-05-15 12:08:25 +00:00
Yang Guo
c6fdaedbe6 Add OWNERS for src/torque
Bug: v8:9247
Change-Id: I4d2a1f6442b5c187a462f855e4655d9429021d22
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1612908
Reviewed-by: Daniel Clifford <danno@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61525}
2019-05-15 12:07:20 +00:00
Clemens Hammacher
6dcef1d327 [wasm] Refactor splitting ranges by reservations
On windows, when changing permissions for a range of pages, or
committing or discarding a range of pages, we need to split that range
by the reservations and potentially execute several system calls. This
logic is currently implemented for committing memory.
This CL extracts this to a helper function such that we can reuse this
for discarding a range of pages.

R=mstarzinger@chromium.org

Bug: v8:8217
Change-Id: I65673eebe28362975f0165905d20b97ef7947f56
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1611544
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61523}
2019-05-15 11:56:11 +00:00
Tobias Tebbi
a19c3ffb8f Reland: [csa] verify skipped write-barriers in MemoryOptimizer
With very few exceptions, this verifies all skipped write-barriers in
CSA and Torque, showing that the MemoryOptimizer together with some
type information on the stored value are enough to avoid unsafe skipped
write-barriers.

Changes to CSA:
SKIP_WRITE_BARRIER and Store*NoWriteBarrier are verified by the
MemoryOptimizer by default.
Type information about the stored values (TNode<Smi>) is exploited to
safely skip write barriers for stored Smi values.
In some cases, the code is re-structured to make it easier to consume
for the MemoryOptimizer (manual branch and load elimination).

Changes to the MemoryOptimizer:
Improve the MemoryOptimizer to remove write barriers:
- When the store happens to a CSA-generated InnerAllocate, by ignoring
  Bitcasts and additions.
- When the stored value is the HeapConstant of an immortal immovable root.
- When the stored value is a SmiConstant (recognized by BitcastToTaggedSigned).
- Fast C-calls are treated as non-allocating.
- Runtime calls can be white-listed as non-allocating.

Remaining missing cases:
- C++-style iterator loops with inner pointers.
- Inner allocates that are reloaded from a field where they were just stored
  (for example an elements backing store). Load elimination would fix that.
- Safe stored value types that cannot be expressed in CSA (e.g., Smi|Hole).
  We could handle that in Torque.
- Double-aligned allocations, which are not lowered in the MemoryOptimizer
  but in CSA.

Drive-by change: Avoid Smi suffix for StoreFixedArrayElement since this
can be handled by overload resolution (in Torque and C++).

Reland Change: Support pointer compression operands.

R=jarin@chromium.org
TBR=mvstanton@chromium.org

Bug: v8:7793
Change-Id: I84e1831eb6bf9be14f36db3f8b485ee4fab6b22e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1612904
Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61522}
2019-05-15 11:46:30 +00:00
Benedikt Meurer
444f83d937 [turbofan] Fix missing break in EscapeAnalysis.
In the case of LoadElement in EscapeAnalysis we accidentally always set
the object as escaping, even in the case where the index was a constant
(or had a constant type).

This forced us to always allocate array backing stores even in the
trivial cases like swapping, i.e.

```js
function foo(a, b) {
  [a, b] = [b, a];
  return a - b;
}
```

Now with this change we do proper scalar replacement again, even for the
array backing stores.

Bug: v8:9183
Change-Id: I3b2dcade23e47df032087778aca1292c8b0d69d4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1612907
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61521}
2019-05-15 11:28:54 +00:00
Santiago Aboy Solanes
0ff813c57b [cleanup] MachineType 'rep' variables renamed to 'type'
Bug: v8:9183
Change-Id: Idb1910ae30984f548996651e8b2f153531b8cdb0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1605729
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61519}
2019-05-15 11:21:53 +00:00
Yang Guo
078cf26ac1 Clean up infra owners
R=tmrts@chromium.org

Bug: v8:9247
Change-Id: I9b34ee96e03d3cbca165452fc8427679cf6e7582
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1612900
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61518}
2019-05-15 11:18:43 +00:00
Yang Guo
37c8976632 Add OWNERS to src/protobuf
R=petermarshall@chromium.org

Bug: v8:9247
Change-Id: Ia78904788bf7523b1ec5aa0494c79d71ee121030
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609847
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61517}
2019-05-15 11:17:23 +00:00
Ulan Degenbaev
d80100b9f7 [heap] Cap the initial old generation size
Currently the initial old generation size is set to the half of the
maximum old generation size. This is problematic for huge heaps.
This patch introduces an upper bound of 512MB (256MB) for x64 (x32).

Bug: chromium:961272
Change-Id: If4a6b839ebe688e5b0bc41749ac34f7a31849e21
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1605731
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61515}
2019-05-15 10:59:23 +00:00
Mythri A
61b56e19f8 [lite] Don't set bailout reason to NeverOptimize in lite mode
We used to set disable optimization bits in SFI to NeverOptimize in lite
mode to avoid optimizing in tests. Now, tests that need optimization use
intrinsics to force feedback vector allocation. Hence this is no longer
necessary.

Bug: v8:8394
Change-Id: I0aeaeacc34d838cf15698a9227b6964292b97240
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1611545
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61513}
2019-05-15 09:43:13 +00:00
Igor Sheludko
a6dcbc545b [heap][ptr-compr] Use Heap::CopyRange() instead of tight copy loops
Also remove unused Factory::CopyFeedbackVector().

Bug: v8:7703
Change-Id: I75e16a55967e5970e4cbe3babae3a09d2a647313
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1611542
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61512}
2019-05-15 09:26:25 +00:00
Jakob Kummerow
94f9c4afec [wasm-c-api] Faster types handling when calling into Wasm
We don't need the full "types" array, just the number of parameters
and the type of the result. Avoiding unnecessary malloc/free calls
significantly cuts down on overhead.

Change-Id: I738f0ee4c269731cf1ff79a56f910e8f7e97c83e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1601505
Commit-Queue: Yang Guo <yangguo@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61511}
2019-05-15 09:24:35 +00:00
Michael Starzinger
946929f406 [wasm] Make interpreter clear reference stack slots.
This makes sure the interpreter clears any stale references from the
reference stack when they are popped/dropped. Otherwise stale values
would unnecessarily increase lifetime of operand stack slots.

R=ahaas@chromium.org
BUG=v8:7581

Change-Id: I6b8be56a815327229a66ea0c97b3646ac64f6461
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1612905
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61510}
2019-05-15 09:19:14 +00:00
Benedikt Meurer
c7ca8dacd2 [turbofan] Use CheckHeapObject only for StoreField.
Previously we had to use CheckHeapObject in front of every CheckMaps,
CompareMaps and TransitionElementsKind operation. Now these operators
request HeapObject representation themselves (requiring for CompareMaps
and TransitionElementsKind to remove the kNoDeopt property). This means
we only do CheckHeapObject for StoreField to a field that has HeapObject
representation.

This not only leads to smaller graphs in the compiler, but also removes
most uses of the CheckHeapObject operator, which doesn't express a real
semantic property in the compiler frontend.

Bug: v8:9183, v8:9250
Refs: nodejs/node#27667
Change-Id: Ie3d83de69583b1bed6c1c53444bfc97aaef624bb
Cq-Include-Trybots: luci.chromium.try:linux-rel,win7-rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1612902
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61508}
2019-05-15 09:08:55 +00:00
Georg Schmid
376d242fbf Make LoadElimination aware of const fields
Change-Id: I28f2c87ffae32d16bcfb7cb17ec6e607e7fa2285
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1599172
Commit-Queue: Georg Schmid <gsps@google.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61506}
2019-05-15 08:46:16 +00:00
Clemens Hammacher
05c3f23c6e [wasm][gc] Exclude asm.js and small modules from sampling
The histograms currently mostly contain very small modules (having
0 MB generated and 0 MB freed). Many of those are asm.js modules.
Just recording the modules that are actually interesting for wasm
code GC will give us more meaningful data.

R=mstarzinger@chromium.org

Bug: v8:8217
Change-Id: I1d9ba8134c2f3617f896afc42dc9e87c7852c319
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1611679
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61505}
2019-05-15 08:05:44 +00:00
Ujjwal Sharma
e7e512da66 [turbofan] Add fast path for single-character String#startsWith()
This CL adds a fast path to String#startsWith(s) if s is a
single character string.

Bug: v8:8400
Change-Id: Ibd6a9d1e46d98f41c198d2b579208e25003eedb0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1525362
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61504}
2019-05-15 07:33:54 +00:00
Benedikt Meurer
cca9ae3c9a [turbofan] Remove recursion from NeedsCheckHeapObject.
We use the predicate NeedsCheckHeapObject in the compiler frontend to
determine whether we can skip introducing CheckHeapObject nodes. But
this predicate would also walk up the graph in case of Phis, which can
result in really long compilation times (on the main thread). In the
report in https://github.com/nodejs/node/issues/27667, the compiler
frontend alone took around 4-5mins of main thread time for a single
function. With this patch the time goes down to 4-5ms.

Bug: v8:9250
Refs: nodejs/node#27667
Change-Id: I231eb780ff04f949fa1669714f9af6ebfbcade05
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1612897
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61503}
2019-05-15 07:16:44 +00:00
Richard Townsend
d07a30ba64 build: Add V8_EXPORT_PRIVATE to PushPopQueue
Fixes a link error for Windows on Arm component builds.

Change-Id: I848c3aac710b6cbb099011d9c56d7cbc8b5b97fc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1611683
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61502}
2019-05-15 07:01:34 +00:00
Mythri A
d9cff61e56 [future] Enable lazy feedback allocation in 'future' configuration
Bug: v8:8394
Change-Id: I5b4c02f5f36710b3fa15037e1fa1520b759447c4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1611798
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61501}
2019-05-15 06:32:33 +00:00
Z Duong Nguyen-Huu
bfc3e8bc6b Port StringToList to Torque
Bug: v8:8996
Change-Id: I264781f35b7b98cd7c34fc39b9c2451ea6c58ad6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1606544
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#61498}
2019-05-14 22:30:41 +00:00
Z Duong Nguyen-Huu
2dd0db19ba Reland of Port Proxy SetProperty trap builtin to Torque
Reverted CL is in https://chromium-review.googlesource.com/c/v8/v8/+/1585269
This includes fix for ThrowTypeErrorIfStrict and add regression test.

Spec: https://tc39.github.io/ecma262/#sec-proxy-object-internal-methods-and-internal-slots-set-p-v-receiver
Bug: v8:6664, v8:9234
Change-Id: I785df3f12f619e2e0fe7b011b72043758e4083e3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1604071
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#61497}
2019-05-14 18:06:46 +00:00
Sigurd Schneider
4d05884e7f [torque] Introduce @abstract annotation for Torque classes
This annotation indicates that the class itself is not instantiated,
and does not have its own instance type: The instance types that
logically belong to the class are the instance types of the derived
classes.

Currently, we need the indication @dirtyInstantiatedAbstractClass
for several classes that are used as both, abstract base classes
and concrete classes. The prime example is JSObject which is the
base for many other classes, and also serves as the class to allocate
plain JSObjects. The annotation is purposefully ugly because in the
future we should refactor code to make it unnecessary.

Another annotation we introduce is @hasSameInstanceTypeAsParent,
which indicates another design pattern that currently occurs in the
code-base: Some Torque classes have the same instance types as their
parent class, but rename some fields, or possibly have a different map.
In such cases, the parent class is not abstract and the derived classes
can be seen as refinements of this class (that, for example, narrows the
type of a field). In the future, Torque should accomodate this pattern
better, but at moment we are content with just indicating where it is
used.

Bug: v8:7793
Change-Id: I1892dcc7325250df75d80308bf3d767d6d43bcc2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1607761
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61495}
2019-05-14 16:58:53 +00:00
Richard Townsend
b0a2a56753 fix: remove some unnecessary V8_EXPORT_PRIVATE annotations
When building in debug mode for Windows on Arm, Clang reports the
following error without this patch:

  error: attribute 'dllexport' cannot be applied to member of
  'dllexport' class.

Change-Id: Ib3b12fce7daa368f9464b080ac7a7bce1ddd5370
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1611799
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Richard Townsend <richard.townsend@arm.com>
Cr-Commit-Position: refs/heads/master@{#61493}
2019-05-14 16:51:53 +00:00
Sigurd Schneider
bdff71b648 [torque] Add helpers for C++ code generation
Change-Id: I75a4a2af4bbe9d495d583b13fb6d885d8509c2b8
Bug: v8:7793
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1611797
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61491}
2019-05-14 15:02:54 +00:00
Sigurd Schneider
f6f31d154e [torque] Rename ...from-dsl... to ...tq...
This CL introduces the new suffix '-tq' for Torque generated files,
and replaces the infix 'FromDSL' in type names with a prefix
'TorqueGenerated'.

Change-Id: I1e90460cc0c666da6cf5017e8b3cb7c39c6ac668
Bug: v8:7793
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609798
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61490}
2019-05-14 14:49:23 +00:00
Maciej Goszczycki
8dc7f24913 Reland "[heap] Skip read-only space in Heap::Contains"
This is a reland of 2b24cd035a

Original change's description:
> [heap] Skip read-only space in Heap::Contains
> 
> Bug: v8:7464
> Change-Id: I27e82cdf0f8cc56ff68dcfaecab9644fe74916c7
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1559861
> Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
> Reviewed-by: Dan Elphick <delphick@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61350}

Bug: v8:7464
Change-Id: Ic5a9221f62537c1711c70b48fc0069288bfda80f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1601509
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
Cr-Commit-Position: refs/heads/master@{#61489}
2019-05-14 14:06:23 +00:00
Benedikt Meurer
d2ea316f2a [map] Properly share the map for builtin iterator result objects.
Previously we had a special, unshared map on the native context that was
used for results of builtin iterators, which was different from the map
that is created from an object literal like `{value, done}`. This not
only leads to unnecessary polymorphism, but also makes it impossible
for user defined iterators to take the fast-paths that we have in
various places (i.e. in collections or promises).

With this change we now properly share the map for `{value, done}` and
use that for the builtin iterator result objects, as well as the
fast-paths.

Drive-by-fix: Remove the restrictions on map caching and transition
caching during bootstrapping. This no longer makes sense.

Bug: v8:9114, v8:9243
Change-Id: I19eb9071f7ec0ed58f8a6f87eed781bc790174b7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609794
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61488}
2019-05-14 14:02:29 +00:00
Igor Sheludko
f7602bb832 [heap][ptr-compr] Optimize range write barrier
... by combining generational and marking write barriers in one loop.

Bug: v8:7703
Change-Id: I825d530040d3f39143dd2d051dc5a9916e2f2997
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1611541
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61487}
2019-05-14 14:01:22 +00:00
Simon Zünd
a41aaf78e1 [torque-ls] List macros and builtins as document symbols
This CL adds support for macros, builtins, generics and specializations
for the "textDocument/symbol" request. To filter out implicitly
created specializations, the "is_user_defined" flag is hoisted from
Macro to the Declarable super class. As a side-effect, errors thrown
during specialization now have the correct SourcePosition.

Drive-by-change: Using "Goto Definition" on the identifier of the
specialization will jump to the associated generic.

Bug: v8:8880
Change-Id: I0c60571c58107375c1b5d2a8e620cf12a0f0f3fc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609795
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61486}
2019-05-14 13:47:27 +00:00
Benedikt Meurer
f0234f75af [typedarray] Change JSTypedArray::length field to uintptr_t.
This is a mostly mechanical change that updates the JSTypedArray::length
field to have uintptr_t storage. It doesn't change the allowed ranges
for this field yet, that will be done separately later on.

Bug: v8:4153, v8:7881
Change-Id: Ia4b6f5455bd97b82a4b980d77bda0b09cfa845f5
Doc: http://doc/1Z-wM2qwvAuxH46e9ivtkYvKzzwYZg8ymm0x0wJaomow
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1607647
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61485}
2019-05-14 13:40:22 +00:00
Benedikt Meurer
f0e054c2c6 [constant-tracking] Disable delete optimization for constant fields.
When using the fast-properties optimization for `delete` with constant
fields we don't properly invalidate the constness on the original map
and might thereby just follow the same transition again later with the
same object, effectively violating the constness of that field. This
disables the fast-properties optimization for `delete` in case of a
field marked as "const" as a quick-fix. We might still want to change
the logic to properly invalidate the "const" bit later.

Bug: chromium:962588, v8:9233
Change-Id: I1d0a8649d117731a0cd5ebdb4b6d0b22a900f33d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609796
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61484}
2019-05-14 13:36:37 +00:00
Tobias Tebbi
ec2c299c42 [torque] check runtime function signatures properly
The missing check that runtime function parameters have to be tagged
lead to a bug: https://chromium-review.googlesource.com/c/v8/v8/+/1604071

drive-by-fix: Remove obsolete verbose mode. It hasn't been maintained
since the very early Torque versions, and the remaining printf's are
rather useless.

Bug: v8:7793
Change-Id: I59adf4c6c5d92a8838cdc638afb2ab7a41550b55
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609910
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61483}
2019-05-14 13:35:32 +00:00
Tobias Tebbi
4329354ae8 Reland "[turbofan] re-wire Unreachable to the graph end at EffectPhi's"
This is a reland of 2c0b1f6e9d

This fixes two bugs:
- Unreachable might have value uses even after being connected
to Throw, so the solution is to just not replace them with the Dead node
anymore.
- We didn't trigger initial visitation of the new Throw node.
  Re-visiting the changed End node takes care of this.


Original change's description:
> [turbofan] re-wire Unreachable to the graph end at EffectPhi's
>
> This avoids the EffectControlLinearizer stumbling upon unreachable
> code.
>
> Bug: chromium:958718
> Change-Id: I135c17813741e48e878a4624370eee1e06081031
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1605737
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61434}

Bug: chromium:958718 chromium:962475 chromium:962474
Change-Id: I388a59912e6260a221cccc76102e0c4b00bff93e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609791
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61482}
2019-05-14 13:17:11 +00:00
Mythri A
c9a83486f3 [ic] Fix GenericKeyedLoadIC to correctly handle when receiver is null
When receiver is null or undefined we should not look into key. Calling
ToName on key is observable. This cl fixes the GenericKeyedLoadIC to
miss into runtime when the receiver is null or undefined.

Bug: v8:8394
Change-Id: Iaed07cd1b77b63e550284108777e165141af57a0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1605948
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61481}
2019-05-14 13:07:21 +00:00