Commit Graph

45832 Commits

Author SHA1 Message Date
Bill Budge
95e39b0623 [API] Don't use VM methods of v8::ArrayBuffer::Allocator.
- Replaces calls to Allocator Reserve, Free, and SetPermissions
  with equivalent page allocator calls (allocation.h).
- Un-implements these methods to catch usage, in preparation for
  removing these.

Bug: chromium:799573
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Id233b7a9cfc8e332c64e514f6359e8b670c2d75e
Reviewed-on: https://chromium-review.googlesource.com/911883
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Eric Holk <eholk@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51340}
2018-02-16 22:51:17 +00:00
Mathias Bynens
fd9251dbec Ship JSON ⊂ ECMAScript
Intent to ship:
https://groups.google.com/d/msg/v8-users/YZnlGa8ZMoc/_w7H3x_BAgAJ

Bug: v8:7418
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I9e80dd98fa7b04fee3be591282e455f5576eeed2
Reviewed-on: https://chromium-review.googlesource.com/923728
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51339}
2018-02-16 22:21:45 +00:00
Bill Budge
018f119223 [memory] Add a test for RX page permission.
Bug: chromium:799573
Change-Id: I467c74b5b26bc6f1e1a35c1104df12b77f072bac
Reviewed-on: https://chromium-review.googlesource.com/923430
Reviewed-by: Eric Holk <eholk@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51338}
2018-02-16 21:52:44 +00:00
Alexey Kozyatinskiy
6db8a9c079 [inspector] cleanup old failed to parse anonymous scripts
We already cleanup these scripts on frontend side. It is crucial to
cleanup them on backend side as well, since some web applications use
following logic: get some data from network, add this data to buffer,
try to parse buffer using JSON.parse. On each unsuccessfull JSON.parse
we get another scriptFailedToParse event.

Frontend logic of discarding scripts: https://goo.gl/FDtaWK

Some idea of smarter logic here: track what script ids are reported
using protocol and cleanup only script ids which reported not only as
part of scriptFailedToParse event.

R=alph@chromium.org

Bug: chromium:810812
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ifd67764c232e4abc7dc6e8e69a651bf9ac0e381b
Reviewed-on: https://chromium-review.googlesource.com/919834
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51337}
2018-02-16 20:55:24 +00:00
Michael Achenbach
667173aab8 [test] Add thread-pool-size numfuzzer
NOTRY=true

Bug: v8:7455
Change-Id: Icb82e8196bc16b4c8b0eebb3c5820e6b3d581735
Reviewed-on: https://chromium-review.googlesource.com/924309
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51336}
2018-02-16 20:49:17 +00:00
Michael Achenbach
93bfaa172d [test] Enable passing the thread-pool size to d8
This will enable some fuzzers to alter the thread-pool size.

Bug: v8:7455
Change-Id: Ic9c9600cdb3dc50e860dbda8432a23bb20f1dd44
Reviewed-on: https://chromium-review.googlesource.com/924273
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51335}
2018-02-16 20:44:30 +00:00
Benedikt Meurer
a840f1f8f7 [async-await] Eliminate throwaway promise in async functions.
The ES2017 specification contains a so-called "throwaway" promise that
is used to specify the behavior of await in terms of PerformPromiseThen,
but it's actually not necessary and never exposed to user code. In
addition to that, hooking up the promise in await required a context (to
refer to the generator object) and two closures for the reject/fulfill
handling, which would resume the generator corresponding to the async
function. That meant, we had to allocate 4 additional objects for every
await.

Instead of using a JSPromise plus the callbacks, this CL adds logic to
allow PromiseReaction and PromiseReactionJobTask to carry arbitrary
payloads and Code handlers. We use this for await to avoid the
additional 4 objects mentioned above, and instead just have simple Code
handlers that resume the generator (for the async function), either by
throwing (in case of a rejection) or by resuming normally (in case of
fulfillment).

For this to work properly the JSGeneratorObject has to have a link to
the outer promise returned by the async function, so that the catch
prediction can still figure out what to do in case of promise rejection.
This is done by adding a new generator_outer_promise_symbol when the
debugger is active, which refers from the generator to the outer
promise.

With this change the doxbee-async-es2017-native test goes from around
100.54ms to around 82.45ms, which corresponds to a ~18% reduction in
execution time.

Bug: v8:7253
Change-Id: Iae25b3300bac351c3417be5ae687eff469b0e61f
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/924069
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51334}
2018-02-16 20:05:00 +00:00
Erik Luo
bcbdcea734 Set RuntimeAgent evaluate to use DebugEvaluate::Global
Bug: chromium:810176
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I330fa0bdf81d0bb926cf6db794736e89c069f8f2
Reviewed-on: https://chromium-review.googlesource.com/907707
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Commit-Queue: Erik Luo <luoe@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51333}
2018-02-16 19:56:20 +00:00
Benedikt Meurer
13ca9a0fd1 [turbofan] Properly optimize calls to promise extras.
Add TurboFan inlining support for the following V8 Extras:

 - v8.createPromise
 - v8.rejectPromise
 - v8.resolvePromise

These are used by the streams implementation in Chrome currently, and
were previously not inlined into TurboFan, although TurboFan already
had all the necessary functionality (namely the JSCreatePromise,
JSRejectPromise and JSResolvePromise operators). We might eventually
want to use these functions in Node core as well (at least short-term
for Node 10), to replace the C++ internal API functions with the same
name that are currently being used by parts of Node core.

For this to work, the rejectPromise and resolvePromise builtins had
to be moved back to CSA, as for JavaScript builtins we still have the
policy that the optimizing compiler must not inline them. But that's
straight-forward since the CSA has all the necessary functionality
available anyways.

Bug: v8:7253
Change-Id: I39ab015c379956cd58ace866e17f8ec23b2257b2
Reviewed-on: https://chromium-review.googlesource.com/924146
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51332}
2018-02-16 19:46:30 +00:00
Sergiy Byelozyorov
0405a54127 Whitespace CL
TBR=sergiyb@chromium.org

No-Try: true
Bug: chromium:616879
Change-Id: Id0de15718308b3ed5d5c47be6959513b9a95dc34
Reviewed-on: https://chromium-review.googlesource.com/916762
Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51331}
2018-02-16 17:57:00 +00:00
Andreas Haas
85c93e79ea [wasm] Add FLAG_wasm_write_protect_code_memory
This flag is the WebAssembly native heap equivalent to
FLAG_write_protect_code_memory.

R=mstarzinger@chromium.org

Bug: v8:7454
Change-Id: Id4f671af2e8676d08599c8c30ce03b00e9d33780
Reviewed-on: https://chromium-review.googlesource.com/924071
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51330}
2018-02-16 17:27:19 +00:00
Camillo Bruni
d0d85832c5 [printing] Use colon as separator
Drive-by-fixes:
- brief print prototype

Bug: v8:7310
Change-Id: I4df82bd76c05ff48a5860bd14cf7711140c0b062
Reviewed-on: https://chromium-review.googlesource.com/923737
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51329}
2018-02-16 16:41:59 +00:00
Camillo Bruni
c6b0ccc54b [printing] Fix ScopeInfo printing
Bug: v8:7310
Change-Id: I13cc97aa138ad95248e1d366bd0d326cbe1a090e
Reviewed-on: https://chromium-review.googlesource.com/923736
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51328}
2018-02-16 15:01:35 +00:00
Peter Marshall
33e0ded0c7 [cleanup] Only accept TNodes in CSA StringToNumber.
Change-Id: Idf3a38c0750071263c6450a17d311cbab632523c
Reviewed-on: https://chromium-review.googlesource.com/924141
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51327}
2018-02-16 14:53:55 +00:00
jgruber
e249dd878f Add pretenure argument to NewUninitializedFixedArray
Will be needed in a follow-up (the constants cache builder needs to
grow arrays in old space).

Bug: v8:6666
Change-Id: Ibd911ffd30e2b0f43881e649b5601111d23e4509
Reviewed-on: https://chromium-review.googlesource.com/924068
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51326}
2018-02-16 14:11:35 +00:00
jgruber
b88db2588e [builtins] Add v8_enable_embedded_builtins gn flag
This flag will be used to toggle things for isolate-independent
builtins during development.

Bug: v8:6666
Change-Id: I8a97f08b3d677a01a2a55a4c6445e71e74471f51
Reviewed-on: https://chromium-review.googlesource.com/924067
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51325}
2018-02-16 13:52:25 +00:00
Camillo Bruni
8255eeb936 [runtime] Add SCOPE_INFO_TYPE InstanceType
Bug: v8:7310
Change-Id: I82e7ada4c0f7e415887a859719eb01bb45fd3012
Reviewed-on: https://chromium-review.googlesource.com/921742
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51324}
2018-02-16 13:42:05 +00:00
Peter Marshall
c140e29b6e [cleanup] Make NewJSPromiseWithoutHook private in factory.
Change-Id: I2f2b688b50d8f3b6d5aeb17bb0ed88148660b490
Reviewed-on: https://chromium-review.googlesource.com/924066
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51323}
2018-02-16 13:38:05 +00:00
Jakob Kummerow
8ac70e8663 Work on -Wimplicit-fallthrough for v8
This doesn't enable the warning yet, but adds V8_FALLTHROUGH annotations
in enough places so that v8 can build with the warning on on my linux box.

Found one real bug
(in effect-control-linearizer.cc,
https://chromium-review.googlesource.com/c/v8/v8/+/850392/3/src/compiler/effect-control-linearizer.cc#825
).

Bug: chromium:812686
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I3542550b9c24b545641d0f0fc43f28f2780b0ab3
Reviewed-on: https://chromium-review.googlesource.com/911731
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Nico Weber <thakis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51322}
2018-02-16 13:32:25 +00:00
Clemens Hammacher
ba1b51a2b9 [wasm] Avoid redundant checks of br_table targets
When decoding a br_table instruction, check each br target only once,
even if it appears several times in the break table.
Also, only mark the merge points as reached after calling the interface
method. This is consistent with the behaviour for br and br_if, and is
needed for implementing Liftoff correctly.

Drive-by: Remove {BreakTo} method which hides trivial functionality
behind a non-trivial method name.
Drive-by^2: Remove redundant reachability tests.

R=titzer@chromium.org

Bug: v8:6600
Change-Id: I3f2678c0a6b801b94065dc3e0d452bc2ff82dd50
Reviewed-on: https://chromium-review.googlesource.com/921581
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51321}
2018-02-16 11:58:05 +00:00
v8-autoroll
095eb47b23 Update V8 DEPS.
Rolling v8/build: 89fa02a..c5c828a

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: I5c2b4120f994f8354f92df5d00d36874c6215cc1
Reviewed-on: https://chromium-review.googlesource.com/923522
Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51320}
2018-02-16 04:46:05 +00:00
Michael Achenbach
245ca17759 Whitespace change to trigger bots
Change-Id: I9420be73a48db83b622e40f1c2b0dc4364a8d5d0
Reviewed-on: https://chromium-review.googlesource.com/923120
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51319}
2018-02-16 00:10:00 +00:00
Adam Klein
fe55db0c4a [cleanup] Remove unused array iterator private symbols
R=gsathya@chromium.org

Change-Id: Ia03ec888617a492720c78b6c105323182fec351e
Reviewed-on: https://chromium-review.googlesource.com/922784
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51318}
2018-02-15 23:50:43 +00:00
Adam Klein
5aad943dfe Remove mtrofin and rossberg from OWNERS
Tbr: jarin@chromium.org
Change-Id: I17477e2c82398b228a366a3d1fd8eb521dd51eae
Reviewed-on: https://chromium-review.googlesource.com/922270
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51317}
2018-02-15 23:48:43 +00:00
Michael Achenbach
967a2d4762 Whitespace change to trigger bots
TBR=easterbunny

Change-Id: I22f05b717ecdf4e480d6edc09937f2a69544d9f9
Reviewed-on: https://chromium-review.googlesource.com/922901
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51316}
2018-02-15 23:42:43 +00:00
Adam Klein
1de6157f0a [api] Make all one-arg constructors explicit
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I5fc71633f2412c2bec3a4363a40da9920a3e25e2
Reviewed-on: https://chromium-review.googlesource.com/922386
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51315}
2018-02-15 19:32:35 +00:00
Jakob Kummerow
a46ffa0dca [bigint] Fix: toLocaleString does not take arguments
Bug: v8:6791
Change-Id: I43c43d217f00720ab666ff9908555fcd0fffe3b5
Reviewed-on: https://chromium-review.googlesource.com/919566
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51314}
2018-02-15 19:24:15 +00:00
Mathias Bynens
9d3002fd76 [esnext] Make ECMAScript a syntactic superset of JSON
This patch makes ECMAScript a syntactic superset of JSON by allowing
U+2028 and U+2029 in string literals.

Proposal repo: https://github.com/tc39/proposal-json-superset

Bug: v8:7418
Change-Id: I7ef4ae6d85854ebc44a66e0eaf789814576832b7
Reviewed-on: https://chromium-review.googlesource.com/921228
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51313}
2018-02-15 17:01:15 +00:00
Andreas Haas
9bd1e7d392 [wasm] Clear owned_memory list of native modules after freeing
The call to isolate_->AdjustAmountOfExternalAllocatedMemory in
WasmCodeManager::FreeNativeModuleMemories can cause a GC, which can
indirectly call WasmCodeManager::FreeNativeModuleMemories again. It
seems that this recursive call can cause memory to be deallocated
twice. With this CL we clear the list of owned_memory after all entries
were deallocated so that we cannot deallocate them again.

I think this CL fixes a crash we saw on ChromeCrash. I don't know how
to reproduce the issue though, or how to write a test for it.

R=mstarzinger@chromium.org

Bug: chromium:812532
Change-Id: I3b66274f9b72919952a4211e984192c0867a6c22
Reviewed-on: https://chromium-review.googlesource.com/921226
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51312}
2018-02-15 15:07:05 +00:00
Georg Neis
a50bc8ac8d Reland "[ic] EmitElementStore: don't miss when hitting new space limit."
This is a reland of af677f29b1, fixing
an issue with negative indices.

Original change's description:
> [ic] EmitElementStore: don't miss when hitting new space limit.
>
> CSA::EmitElementStore used to bail out (IC miss) via
> CSA::CheckForCapacityGrow when the capacity hits the new space
> limit, causing the store IC to go megamorphic in my example (see
> referenced bug). With this CL, we do what TF'ed code does already:
> call into Runtime::kGrowArrayElements (in this situation), thus
> staying monomorphic.
>
> Here's a contrived test case:
>
> ////////////////////////
> let x = [];
>
> function bar() {
>   for (let i = 0; i < 50000; ++i) x[i] = i;
> }
>
> function foo() {
>   for (let i = x.length; i < 100e6; ++i) x[i] = i;
> }
>
> bar();
> foo();
> ////////////////////////
>
> This took about 4s on my machine, now it takes 3s.
>
> Bug: v8:7447
> Change-Id: I7f268fc55835f363d250613ce0357444a663051c
> Reviewed-on: https://chromium-review.googlesource.com/918723
> Commit-Queue: Georg Neis <neis@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51297}

Bug: v8:7447, chromium:812451
Change-Id: I345b5e5b2437c4f50e42bbd87947630f24cd95eb
Reviewed-on: https://chromium-review.googlesource.com/921201
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51311}
2018-02-15 12:27:18 +00:00
Toon Verwaest
2a5791ce2d [json] Always internalize json string values to avoid memory overhead
Bug: 
Change-Id: Ie8b269467c8b1c5e97d1da9879f41319a49d5407
Reviewed-on: https://chromium-review.googlesource.com/911793
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51310}
2018-02-15 12:18:38 +00:00
Toon Verwaest
313e33a709 Remove %_ClassOf and SharedFunctionInfo::instance_class_name
instance_class_name takes up space unnecessarily, and %_ClassOf and
class_name implement [[Class]] which isn't part of ES2015+ anymore.

Bug: 
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I3a73f732ad83a616817fde9992f4e4d584638fa8
Reviewed-on: https://chromium-review.googlesource.com/776683
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51309}
2018-02-15 11:52:08 +00:00
Joakim Bengtsson
1c8031b8ee Make sure that Unmapper tasks can start to prevent memory bloat.
In some workloads the Unmapper could reach kMaxUnmapperTasks at which
point it wouldn't start any new tasks and not free any more memory
until the next major GC. It could lead to a large buildup of memory in
the Unmapper.

Bug: v8:7440
Change-Id: I23fda67b2e27824c04ac886d7e111bb01188be74
Reviewed-on: https://chromium-review.googlesource.com/913490
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51308}
2018-02-15 10:02:48 +00:00
Michael Starzinger
8f23475126 [turbofan] Hoist out {ComputeCodeStartAddress} helper.
R=rmcilroy@chromium.org

Change-Id: I0f6d628e49c1a3e3123c8e6f59f584fd5bb3a0ca
Reviewed-on: https://chromium-review.googlesource.com/919064
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51307}
2018-02-15 09:57:29 +00:00
Georg Neis
8076b28012 Revert "[ic] EmitElementStore: don't miss when hitting new space limit."
This reverts commit af677f29b1.

Reason for revert: Clusterfuzz found an issue.

Original change's description:
> [ic] EmitElementStore: don't miss when hitting new space limit.
> 
> CSA::EmitElementStore used to bail out (IC miss) via
> CSA::CheckForCapacityGrow when the capacity hits the new space
> limit, causing the store IC to go megamorphic in my example (see
> referenced bug). With this CL, we do what TF'ed code does already:
> call into Runtime::kGrowArrayElements (in this situation), thus
> staying monomorphic.
> 
> Here's a contrived test case:
> 
> ////////////////////////
> let x = [];
> 
> function bar() {
>   for (let i = 0; i < 50000; ++i) x[i] = i;
> }
> 
> function foo() {
>   for (let i = x.length; i < 100e6; ++i) x[i] = i;
> }
> 
> bar();
> foo();
> ////////////////////////
> 
> This took about 4s on my machine, now it takes 3s.
> 
> Bug: v8:7447
> Change-Id: I7f268fc55835f363d250613ce0357444a663051c
> Reviewed-on: https://chromium-review.googlesource.com/918723
> Commit-Queue: Georg Neis <neis@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51297}

TBR=neis@chromium.org,bmeurer@chromium.org

Change-Id: I34eef5919cbdef1b35512aa98ac2de0ae5fcc7cc
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7447
Reviewed-on: https://chromium-review.googlesource.com/921121
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51306}
2018-02-15 09:30:39 +00:00
Andreas Haas
0ee594ddfc [wasm][api] Remove the WasmModuleObjectBuilder
The WasmModuleObjectBuilder was the first interface for streaming
compilation of WebAssembly. Over time we realized that the interface
is insufficient, and we introduced the WasmModuleObjectBuilderStreaming
class, which is used now for streaming compilation. Since the
WasmModuleObjectBuilder was never fully functional, I think it is okay
to remove it without a deprecation period.

R=clemensh@chromium.org, adamk@chromium.org

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ia3ac5f150fdad7bc1ad04ba89aee53538d43ce01
Reviewed-on: https://chromium-review.googlesource.com/913614
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51305}
2018-02-15 09:24:28 +00:00
Marja Hölttä
841763bea0 [parser] Skipping inner funcs: Fix variable name debug mode check.
Apparently it can happen that the variable to which we're restoring to has a
two-byte name corresponding to the one-byte name we expect. Modify the debug-mode
name check to allow this.

BUG=v8:7428

Change-Id: I94c56a4b2de3c58b50246fecaead332b0f9679b4
Reviewed-on: https://chromium-review.googlesource.com/911801
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51304}
2018-02-15 08:16:38 +00:00
v8-autoroll
7402841e2a Update V8 DEPS.
Rolling v8/build: 39738e7..89fa02a

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: I1e1b8d8fa430e7ecc4ce6fe57de64ff7442245c2
Reviewed-on: https://chromium-review.googlesource.com/920706
Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51303}
2018-02-15 05:01:28 +00:00
Michael Achenbach
76e8ff2c25 Whitespace change to trigger bots
Change-Id: Idb8fd2593f65a74f4f8fd71129f9780bfb08219a
Reviewed-on: https://chromium-review.googlesource.com/920650
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51302}
2018-02-15 02:46:20 +00:00
Michael Achenbach
09c27dae61 Whitespace change to trigger bots
TBR=easterbunny

Change-Id: Iac8be5eb68c99ad953960b4776181c4ba305d3b8
Reviewed-on: https://chromium-review.googlesource.com/920767
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51301}
2018-02-15 01:30:31 +00:00
Sergiy Byelozyorov
78835fdc53 Trigger v8_linux64_perf_try on swarming
R=machenbach@chromium.org
NOTRY=true

Bug: chromium:616879
Change-Id: Ie732c5432cc0b69a28b4e356d9cead5855d00a7c
Reviewed-on: https://chromium-review.googlesource.com/915361
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51300}
2018-02-15 01:09:34 +00:00
Michael Achenbach
d9c1dee446 [test] Skip test for endurance fuzzer
TBR=cbruni@chromium.org
NOTRY=true

Bug: v8:7438
Change-Id: Ibfd56a095a302782876b57e01325fadd2657d574
Reviewed-on: https://chromium-review.googlesource.com/919007
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51299}
2018-02-15 00:30:34 +00:00
Michael Achenbach
73991f944e Whitespace change to trigger bots
TBR=easterbunny

Change-Id: I9b2ada2fe81319c0344a8b5d416a82d5fa64af17
Reviewed-on: https://chromium-review.googlesource.com/919684
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51298}
2018-02-15 00:27:44 +00:00
Georg Neis
af677f29b1 [ic] EmitElementStore: don't miss when hitting new space limit.
CSA::EmitElementStore used to bail out (IC miss) via
CSA::CheckForCapacityGrow when the capacity hits the new space
limit, causing the store IC to go megamorphic in my example (see
referenced bug). With this CL, we do what TF'ed code does already:
call into Runtime::kGrowArrayElements (in this situation), thus
staying monomorphic.

Here's a contrived test case:

////////////////////////
let x = [];

function bar() {
  for (let i = 0; i < 50000; ++i) x[i] = i;
}

function foo() {
  for (let i = x.length; i < 100e6; ++i) x[i] = i;
}

bar();
foo();
////////////////////////

This took about 4s on my machine, now it takes 3s.

Bug: v8:7447
Change-Id: I7f268fc55835f363d250613ce0357444a663051c
Reviewed-on: https://chromium-review.googlesource.com/918723
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51297}
2018-02-14 19:47:33 +00:00
Jakob Kummerow
bedff08691 [bigint] Implement BigInt.prototype.toLocaleString
It does the same as .toString, which is "permissible but not encouraged"
per the spec and matches our behavior for Number.prototype.toString.

Bug: v8:6791
Change-Id: I25a565391abe0d055b8ef814214ecdad254f75e2
Reviewed-on: https://chromium-review.googlesource.com/917025
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51296}
2018-02-14 19:12:33 +00:00
Camillo Bruni
1827b521fb [errors] Encapsulate error message in stack allocated objects
This CL introduces the FailureMessage and StackTraceFailureMessage objects.
They are force to be stack allocated and their first and last member contain
marker values. With the help of these markers we can easily extract the stored
information in external tools such as grokdump and crash.

Change-Id: Iec4f5195eec5a2bf08e1f674c9ced13d2345f030
Reviewed-on: https://chromium-review.googlesource.com/915067
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51295}
2018-02-14 19:11:03 +00:00
Predrag Rudic
4b1451480d [Liftoff]MIPS[64]: Fix RunWasmLiftoff_Int32Clz test failing
Change-Id: I2590121275b83cc564c5e9041e25eb94f4cd5839
Reviewed-on: https://chromium-review.googlesource.com/918722
Reviewed-by: Sreten Kovacevic <sreten.kovacevic@mips.com>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Sreten Kovacevic <sreten.kovacevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#51294}
2018-02-14 16:19:45 +00:00
Tobias Tebbi
3df2b3ade0 [test] make test runner less passive-aggressive
Change-Id: I31d5dddd74aa8b1bcd386a13fe34449dd6933547
Reviewed-on: https://chromium-review.googlesource.com/919163
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51293}
2018-02-14 15:49:25 +00:00
Junliang Yan
50151a1ef2 [disassembler] Set proper constant pool to relocinfo
set constant_pool_ to proper value before trying to print it

Change-Id: Iee0da126dd3641f40c1d1847e7f1ef5d6e3e58fd
Reviewed-on: https://chromium-review.googlesource.com/916890
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#51292}
2018-02-14 14:53:46 +00:00
Michael Starzinger
a56d6169f7 [compiler] Remove obsolete {CompilationInfo::mode}.
This makes compilation mode predicates delegate to the underlying code
kind that is already stored in each {CompilationInfo}, thereby removing
potential ambiguity between these two values.

R=mvstanton@chromium.org

Change-Id: I9f4d1bb723074488cc47bdc275984b1abc960069
Reviewed-on: https://chromium-review.googlesource.com/916195
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51291}
2018-02-14 14:36:04 +00:00