Commit Graph

58384 Commits

Author SHA1 Message Date
Sathya Gunasekaran
937cfabc6b Revert "[turbofan] Temporarily disable future=>concurrent_inlining"
This reverts commit ce42112243.

Reason for revert: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20debug/27535

Original change's description:
> [turbofan] Temporarily disable future=>concurrent_inlining
> 
> ... in order to reset the benchmarks now that we are actually running
> in the background.
> 
> Bug: v8:7790
> Change-Id: Ifa811fbcc51eccef790e6215d330f8b45c31a492
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1801836
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Auto-Submit: Maya Lekova <mslekova@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63741}

TBR=neis@chromium.org,mslekova@chromium.org

Change-Id: Ia36bc6a600c78b370a29964fabd215f853e048f9
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7790
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1803234
Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
Commit-Queue: Sathya Gunasekaran  <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63742}
2019-09-13 10:31:21 +00:00
Maya Lekova
ce42112243 [turbofan] Temporarily disable future=>concurrent_inlining
... in order to reset the benchmarks now that we are actually running
in the background.

Bug: v8:7790
Change-Id: Ifa811fbcc51eccef790e6215d330f8b45c31a492
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1801836
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63741}
2019-09-13 09:10:24 +00:00
Igor Sheludko
29817ae091 [csa] Remove ParameterMode from CSA::CodeStubArguments
Bug: v8:9708
Change-Id: I91e429e478ad70dc2212f9f78830d10941fa47e6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1800581
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63740}
2019-09-13 09:03:13 +00:00
Georg Neis
0a3e812a23 [turbofan] Remove leftover heap/isolate access
Bug: chromium:1003664, v8:7790
Change-Id: Ib80ae624e7a5e92cc5032b9098df141a9bf2ce25
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1801835
Commit-Queue: Georg Neis <neis@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63739}
2019-09-13 08:55:23 +00:00
v8-ci-autoroll-builder
c703553f41 Update V8 DEPS.
Rolling v8/buildtools: 74cfb57..cf454b2

Rolling v8/buildtools/linux64: git_revision:152c5144ceed9592c20f0c8fd55769646077569b..git_revision:ad9e442d92dcd9ee73a557428cfc336b55cbd533

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/884c81e..3732ed1

Rolling v8/third_party/depot_tools: e5641be..2d75cf6

Rolling v8/third_party/googletest/src: 3a45039..c7a03da

Rolling v8/third_party/icu: 53f6b23..faee8bc

Rolling v8/tools/clang: 51c4acf..6706ebf

TBR=machenbach@chromium.org,tmrts@chromium.org

Change-Id: Ieb13189e6868e15233489bd045e9995ee06e59af
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1802148
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#63738}
2019-09-13 03:53:52 +00:00
Dmitry Gozman
fe3d51e1b2 [inspector] Simplify async stepping
Currently, debugger pauses on async call schedule and then waits for Debugger.pauseOnAsyncCall
with parentStackTraceId to actually schedule the pause.

This CL combines these two steps:
- For local async tasks, it just stores m_taskWithScheduledBreak at the time of schedule,
  to be able to pause once this task is run.
- For external async tasks, it plumbs "should_pause" boolean in V8StackTraceId from
  the point of schedule to the point of execution, and schedules a pause once
  externalAsyncTaskStarted is called with "should_pause" set to true.

This approach greatly simplifies the implementation, and reduced frontend to a single
"breakOnAsyncCall: true" parameter in Debugger.stepInto.

Drive-by: introduce hasScheduledBreakOnNextFunctionCall() to make
SetBreakOnNextFunctionCall management more robust.

Note: artificial pauses at async call schedule time are gone from test expectations -
we now only pause when user actually wants to pause, which makes protocol much simpler.

See also design doc linked in the bug.

BUG=chromium:1000475

Change-Id: I2d16f79c599fe196b2aaeca8223c63437a2954a9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1783724
Commit-Queue: Dmitry Gozman <dgozman@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63737}
2019-09-13 02:33:22 +00:00
Frank Tang
25c11657fc [Intl] Clean up by removing the following flags
harmony_intl_bigint shipped in m76
  harmony_intl_date_format_range shipped in m76
  harmony_intl_datetime_style shipped in m76
  harmony_intl_numberformat_unified shipped in m77

Bug: v8:9272, v8:9273, v8:9274
Change-Id: Icc640e011021e691373bc61725013578b7185e50
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1799263
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63736}
2019-09-12 22:25:41 +00:00
Igor Sheludko
8a1a28675e [csa] Remove ParameterMode from CSA::BuildFastLoop
Bug: v8:9708
Change-Id: I305cc007a4e7302c8587b999cbb11f23ced4cfd3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1800579
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63735}
2019-09-12 19:48:41 +00:00
Frank Tang
6cf125a90c [Intl] Fix error message to report the right method.
Bug: v8:9464
Change-Id: I3252de850bbaa5fdb15f5fc2103f1ebb7be3e1ea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1799396
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63734}
2019-09-12 19:32:31 +00:00
Z Nguyen-Huu
ee0581c332 [builtins] Port RegExp Split to Torque
Bug: v8:8976
Change-Id: I1ffc6637e26ee217750d099d758fd67ed2130131
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1796316
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63733}
2019-09-12 19:23:10 +00:00
Zhi An Ng
7b4f4b2e9f Revert "[Heap] Create a fast path for young allocations."
This reverts commit cbf028e8b8.

Reason for revert: Broke Mac64 GC Stress https://ci.chromium.org/p/v8/builders/ci/V8%20Mac64%20GC%20Stress/9148

Original change's description:
> [Heap] Create a fast path for young allocations.
> 
> Bug: v8:9714
> Change-Id: I3be6ea615142c8282bb67370626c7596cedf826c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1800304
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Victor Gomes <victorgomes@google.com>
> Auto-Submit: Victor Gomes <victorgomes@google.com>
> Cr-Commit-Position: refs/heads/master@{#63729}

TBR=ulan@chromium.org,verwaest@chromium.org,victorgomes@google.com

Change-Id: I687de68a0413c62df304030deafd04661028f156
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9714
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1801681
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63732}
2019-09-12 18:28:12 +00:00
Irina Yatsenko
286d339469 Three basic cctests for tracking of old to new pointers
Change-Id: I162b3cac024fba180ff191c8497da9a958c38167
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1797657
Commit-Queue: Irina Yatsenko <irinayat@microsoft.com>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63731}
2019-09-12 18:16:00 +00:00
Santiago Aboy Solanes
9a2bc76123 [CSA][cleanup] Variable to TVARIABLE in src/interpreter
I was using a regex to find VARIABLE (with upper case) so I missed cases where
the macro was not used, but still was an untyped variable.

Bug: v8:6949, v8:9396
Change-Id: I39e3090410b3ac49a4eaaf6fafa32b33ba0f1543
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1800569
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63730}
2019-09-12 17:51:20 +00:00
Victor Gomes
cbf028e8b8 [Heap] Create a fast path for young allocations.
Bug: v8:9714
Change-Id: I3be6ea615142c8282bb67370626c7596cedf826c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1800304
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@google.com>
Auto-Submit: Victor Gomes <victorgomes@google.com>
Cr-Commit-Position: refs/heads/master@{#63729}
2019-09-12 17:47:51 +00:00
Santiago Aboy Solanes
1efe89b2ed [CSA][cleanup] Finish TNodifying builtins-constructor-gen
Bug: v8:6949, v8:9396
Change-Id: I2d8c252d97aae95f8368eb8e6566e52ffce9e957
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1796063
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63728}
2019-09-12 17:44:31 +00:00
Ng Zhi An
167ca2e252 [wasm-simd] Fix shifts value to be modulo lane width
Drive by fix of type of expected value in a test

Bug: v8:9626
Change-Id: I1bb44082b873383ea75e7089828bc68c9d4e0df0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1757503
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63727}
2019-09-12 17:37:10 +00:00
Ng Zhi An
c255e5fbc3 Remove redundant buffer read/write checks
The point of this test is to check for OOB access traps, the read/write
of the entire backing buffer is not useful to this test, and causes the
test to be really slow, especially on arm simulator. This change cuts
the runtime of the test from ~7.5min to ~1.5min.

Bug: v8:7783
Bug: v8:9396
Change-Id: Id57648e920b7631d8c481d2a43ded1c16cd2d1d3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1793905
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63726}
2019-09-12 17:29:20 +00:00
Santiago Aboy Solanes
a31d04d7cb [CSA][cleanup] Finish TNodifying EmitXXX methods in builtins constructor gen
TNodified:
 * EmitCreateShallowArrayLiteral
 * EmitCreateShallowObjectLiteral

Also propagated the TNodification of AllocationSite. Previously it was
used a lot with nullptr, and that changed to {}.

Bug: v8:6949, v8:9396
Change-Id: I8ed04d2d346f5960bba23a233c3dd244ad7f122a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1795346
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63725}
2019-09-12 16:55:43 +00:00
Francis McCabe
03b60e8a33 Mark reference parameter as const.
Bug: v8:9429
Change-Id: I2b1bc81f72e7cc7657330bd778586f608d62809b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1797659
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Francis McCabe <fgm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63724}
2019-09-12 16:33:03 +00:00
Milad Farazmand
1ecbdc2ebb PPC/s390: [compiler] Replace remaining mutable reference arguments
Port 2304c194f0

R=neis@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: Iadb240b15a081c3f0df4a5b513e54d0c7a4a2634
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1801494
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#63723}
2019-09-12 16:28:23 +00:00
Thibaud Michaud
969a077506 [regalloc] Optimize FindFreeRegistersForRange
Sort inactive live ranges by their assigned register and by their next
start. This allows {FindFreeRegistersForRange} to stop the search earlier
and significantly reduces compile time for some test cases.

R=sigurds@chromium.org
CC=neis@chromium.org

Bug: chromium:974804, v8:9529
Change-Id: I85e2ff8acf2c02ea0539c89daae5a427da775c2c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1795350
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63722}
2019-09-12 15:24:33 +00:00
Tobias Tebbi
afd83c074f [csa] move TNode to separate header
This enables using TNode types without including code-assembler.h,
which is useful when generating CallInterfaceDescriptors.

As a drive-by, this moves TNode from v8::internal::compiler to
v8::internal. It's only used outside of the compiler anyway.

Change-Id: I3d938c22366a3570315041683094f77b0d1096a2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1798425
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63721}
2019-09-12 14:48:03 +00:00
Maya Lekova
475f194b07 [turbofan] Move inlining to the background if --concurrent-inlining is enabled
Bug: v8:7790
Change-Id: Ifb0de3ca0a300734f2dcc8c104c8186367ca520b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1800573
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63720}
2019-09-12 14:12:53 +00:00
Sigurd Schneider
deac757bc7 [debugger] Fix code coverage for break/return inside switch-case
Case statements have a list of statements associated with them, but are
not blocks, and were hence not fixed-up correctly for code coverage.
This CL also applies the fix-up to the "body" of case statements,
in this way removing ranges reported as uncovered between the final
break/return in a case and the next case (or end of function).

Drive-by: Add optional pretty printing to code coverage test results.

Change-Id: I5f4002d4e17b7253ed516d99f7c389ab2264be10
Bug: v8:9705
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1798426
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63719}
2019-09-12 13:53:13 +00:00
Igor Sheludko
8e26b122ed [csa] Remove ParameterMode from CSA::Increment/Decrement
Bug: v8:9708
Change-Id: I73cbe14437f596b805084ba61bc669556ac34289
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1798642
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63718}
2019-09-12 13:35:16 +00:00
Victor Gomes
a080916190 [heap/factory] remove unnecessary allocation flags
Bug: v8:9714
Change-Id: I70c28c3bc2aae6234e55e8a3b176da2035520a67
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1800567
Commit-Queue: Victor Gomes <victorgomes@google.com>
Auto-Submit: Victor Gomes <victorgomes@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63717}
2019-09-12 13:13:36 +00:00
Mu Tao
d9abfa1529 [mips][compiler] Replace remaining mutable reference arguments
Port 2304c194f0

Change-Id: I0e46424ddb647355d21b1e54cf96b1e5503627ce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1800572
Auto-Submit: Mu Tao <pamilty@gmail.com>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63716}
2019-09-12 13:05:23 +00:00
Peter Marshall
6ad781ccd5 [cleanup] Change error message for neutered -> detached
Bug: chromium:913887
Change-Id: If533bb85675456b674f79486b06a44e447f40aee
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1739371
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63715}
2019-09-12 12:53:43 +00:00
Maya Lekova
27df753f45 [turbofan] Brokerize JSContextSpecialization
Bug: v8:7790
Change-Id: Ief620bc24b59c2a4e0c823a7f7cebf5df114b9a6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1787430
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63714}
2019-09-12 12:32:44 +00:00
Santiago Aboy Solanes
23d7e79829 [CSA][cleanup] TNodify builtins constructor gen
TNodify:
 * EmitFastNewFunctionContext
 * EmitCreateRegExpLiteral
 * EmitCreateEmptyArrayLiteral
 * EmitCreateEmptyObjectLiteral

Bug: v8:6949, v8:9396
Change-Id: I2a06e0a43feca42cf89d154b8fa9e84573676b4a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1793142
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63713}
2019-09-12 10:55:18 +00:00
Santiago Aboy Solanes
b0e70c571a [cleanup] wasm/asm-wasm-u32 not SLOW anymore
Since https://chromium-review.googlesource.com/c/v8/v8/+/1791632 sped it
up, there is no need to mark it as SLOW.

Bug: v8:7783
Change-Id: I24d1b2f1e56dff4c820d397288ab3ad7662ae06b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1800564
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63712}
2019-09-12 10:22:47 +00:00
Peter Marshall
716875d74c [build] Add message-template.h to build file
This was missed during a file move and can cause build bugs.

Bug: chromium:991547
Change-Id: I157e7bb656956c08293c205c0d00884aecc7adee
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1798430
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Auto-Submit: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63711}
2019-09-12 10:19:06 +00:00
Maya Lekova
d1cbd26caa [turbofan] Add missing objects to the broker
Bug: v8:7790
Change-Id: I1abffc574b1d9964940625b1f15fc4d98f170b7b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1798682
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63710}
2019-09-12 10:07:56 +00:00
Michael Starzinger
7da8f2c959 [wasm] Fix WebAssembly.Table#get for constructed functions.
This fixes the case where a table entry contains a function constructed
via {WebAssembly.Function} and is then read out via a runtime function
from the table.

R=ahaas@chromium.org
TEST=mjsunit/regress/wasm/regress-crbug-1002388
BUG=chromium:1002388

Change-Id: Ic0a9a544baaf37e68cd22eb91f2ef0bdf5fa5842
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1795352
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63709}
2019-09-12 09:40:55 +00:00
Patrick Thier
67a70d7e03 [regexp] Secure interpreter dispatch.
Currently the dispatch table could be accessed out of bounds if something
is wrong with the generated bytecode.
OOB access of the dispatch table can lead to jumps to arbitrary addresses
in the code space.

This CL prevents this issue by changing the following:
BYTECODE_MASK now filters out all bits not currently used for bytecodes.
All unused slots between the last actually defined bytecode and
BYTECODE_MASK are now filled with BREAK Bytecodes (invalid operation).
This way we can not access out of bounds of the dispatch table if
something is broken/tampered with, preventing jumps to arbitrary code.

Bug: v8:9699
Change-Id: Ibce591ae94b52472ba74a9fd0666e55185af7b2c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1795349
Commit-Queue: Patrick Thier <pthier@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63708}
2019-09-12 09:29:25 +00:00
Thibaud Michaud
73c6f3c809 Revert "[regalloc] Enable control-flow aware allocation"
This reverts commit d0c980e1f1.

Reason for revert: Regressions: https://chromeperf.appspot.com/group_report?rev=63641

Original change's description:
> [regalloc] Enable control-flow aware allocation
> 
> This is meant to check the performance impact of:
> https://chromium-review.googlesource.com/c/v8/v8/+/1776085/3
> 
> R=​neis@chromium.org
> 
> Bug: v8:9088
> Change-Id: I8aad5272c1427b8bcaca02bdd0e51bf2779f7451
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781054
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63641}

TBR=neis@chromium.org,thibaudm@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:9088
Change-Id: I8228de030b8ea1066e4a26516d66517dc1dc6ca4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1798684
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63707}
2019-09-12 09:24:54 +00:00
Jakob Gruber
ba72dc0803 Revert "[compiler] Optionally apply an offset to stack checks"
This reverts commit 4a16305b65.

Reason for revert: Need to revalidate assumptions behind the CHECK.

Original change's description:
> [compiler] Optionally apply an offset to stack checks
> 
> The motivation behind this change is that the frame size of an optimized
> function and its unoptimized version may differ, and deoptimization
> may thus trigger a stack overflow. The solution implemented in this CL
> is to optionally apply an offset to the stack check s.t. the check
> becomes 'sp - offset > limit'. The offset is applied to stack checks at
> function-entry, and is set to the difference between the optimized and
> unoptimized frame size.
> 
> A caveat: OSR may not be fully handled by this fix since we've already
> passed the function-entry stack check. A possible solution would be to
> *not* skip creation of function-entry stack checks for inlinees.
> 
> This CL: 1. annotates stack check nodes with the stack check kind, where
> kind is one of {function-entry,iteration-body,unknown}. 2. potentially
> allocates a temporary register to store the result of the 'sp - offset'
> in instruction selection (and switches input registers to 'unique'
> mode). 3. Applies the offset in code generation.
> 
> Drive-by: Add src/compiler/globals.h for compiler-specific globals.
> 
> Bug: v8:9534,chromium:1000887
> Change-Id: I257191c4a4978ccb60cfa5805ef421f30f0e9826
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1762521
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63701}

TBR=neis@chromium.org,sigurds@chromium.org,jgruber@chromium.org

Change-Id: Iebf46d5256b6dee13451741781ef85a5fe9b1628
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9534, chromium:1000887
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1800565
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63706}
2019-09-12 09:23:47 +00:00
Georg Neis
2304c194f0 [compiler] Replace remaining mutable reference arguments
Bug: v8:9429
Change-Id: Id775a765d9700e1d2c46b4598f5e4c8350e28f14
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1796340
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63705}
2019-09-12 08:56:15 +00:00
Swapnil Gaikwad
91e3243d60 Extend GetIterator bytecode to perform JSReceiver check on object[Symbol.iterator]()
Current GetIterator bytecode loads and calls @@iterator property on a
given object. This change extends the bytecode functionality to check
whether the value returned after calling @@iterator property is a valid
JSReceiver. The bytecode throws SymbolIteratorInvalid exception if the
returned value is not a valid JSReceiver. This change absorbs the
functionality of additional two bytecodes - JumpIfJSReceiver and
CallRuntime, that are part of the iterator protocol in the GetIterator
bytecode.

Bug: v8:9489
Change-Id: I9e84cfe85eeb9a1b8a97ca0595375ac26ba1bbfd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1792905
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Swapnil Gaikwad <swapnilgaikwad@google.com>
Cr-Commit-Position: refs/heads/master@{#63704}
2019-09-12 08:51:35 +00:00
Clemens Hammacher
98c86c6b1f [base] Implement {Reversed} using {rbegin} and {rend}
This removes the {base::ReversedAdapter} class and uses
{base::iterator_range} instead. The types are inferred from what
{std::rbegin} and {std::rend} return.

Since src/base/adapters.h would only contain this one method after
this refactoring, it was merged into src/base/iterator.h.
Some includes of src/base/adapters.h were unused and hence dropped.

R=mlippautz@chromium.org

Bug: v8:9396
Change-Id: I597172ec790193b73af196d1afcd64bbed0a597d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1798432
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63703}
2019-09-12 08:38:59 +00:00
Shu-yu Guo
b378a2e9c3 Roll test262
59a1a01..ef7fd2bc

Bug: v8:7834, v8:9712
Change-Id: Iebc11aa3be2fa692bfae7069f45e89d795132cfa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1799398
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63702}
2019-09-12 06:55:05 +00:00
Jakob Gruber
4a16305b65 [compiler] Optionally apply an offset to stack checks
The motivation behind this change is that the frame size of an optimized
function and its unoptimized version may differ, and deoptimization
may thus trigger a stack overflow. The solution implemented in this CL
is to optionally apply an offset to the stack check s.t. the check
becomes 'sp - offset > limit'. The offset is applied to stack checks at
function-entry, and is set to the difference between the optimized and
unoptimized frame size.

A caveat: OSR may not be fully handled by this fix since we've already
passed the function-entry stack check. A possible solution would be to
*not* skip creation of function-entry stack checks for inlinees.

This CL: 1. annotates stack check nodes with the stack check kind, where
kind is one of {function-entry,iteration-body,unknown}. 2. potentially
allocates a temporary register to store the result of the 'sp - offset'
in instruction selection (and switches input registers to 'unique'
mode). 3. Applies the offset in code generation.

Drive-by: Add src/compiler/globals.h for compiler-specific globals.

Bug: v8:9534,chromium:1000887
Change-Id: I257191c4a4978ccb60cfa5805ef421f30f0e9826
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1762521
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63701}
2019-09-12 06:48:25 +00:00
Clemens Hammacher
3d2159462c [wasm] Allocate one far jump table per code space
This moves the code to allocate the far jump table from
{SetRuntimeStubs} to {AddCodeSpace} to allocate one such table per code
space.
Also, the {runtime_stub_table_} and {runtime_stub_entries_} fields do
not make sense any more now and are replaced by calls to
{GetNearRuntimeStubEntry} and {GetRuntimeStubId}.

R=mstarzinger@chromium.org

Bug: v8:9477
Change-Id: Ie1f5c9d4eb282270337a684c34f097d8077fdfbb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1795348
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63700}
2019-09-12 06:27:26 +00:00
Jakob Gruber
5b5a360857 [compiler] Assign dedicated names to zones used by the pipeline
To make --trace-zone-stats output more meaningful.

Bug: v8:9574
Change-Id: I06cb725b11e3815c23294310270774b7148c64eb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1795355
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63699}
2019-09-12 06:03:15 +00:00
Clemens Hammacher
9f5141968f Revert "Update V8 DEPS."
This reverts commit 5e0e5829e9.

Reason for revert: Still breaks android builders: https://ci.chromium.org/p/v8/builders/ci/V8%20Android%20Arm64%20-%20builder/28054 and https://ci.chromium.org/p/v8/builders/ci/V8%20Android%20Arm%20-%20builder/28026

Original change's description:
> Update V8 DEPS.
> 
> Rolling v8/build: 2d9fa32..716ef3d
> 
> Rolling v8/buildtools: 74cfb57..cd73d21
> 
> Rolling v8/buildtools/linux64: git_revision:152c5144ceed9592c20f0c8fd55769646077569b..git_revision:ad9e442d92dcd9ee73a557428cfc336b55cbd533
> 
> Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/884c81e..c979465
> 
> Rolling v8/third_party/depot_tools: e5641be..0910f78
> 
> Rolling v8/third_party/googletest/src: 3a45039..33a0d4f
> 
> Rolling v8/third_party/icu: 53f6b23..faee8bc
> 
> Rolling v8/tools/clang: 51c4acf..e7d79d1
> 
> TBR=machenbach@chromium.org,tmrts@chromium.org
> 
> Change-Id: Ib53bf18762e6e8828a6e6cf5cd57ee361bfc5ee4
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1799962
> Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
> Cr-Commit-Position: refs/heads/master@{#63697}

TBR=machenbach@chromium.org,v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com,tmrts@chromium.org

Change-Id: Ib1a643744ff6b664a6b9164e4005b263d676171f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1798611
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63698}
2019-09-12 05:54:57 +00:00
v8-ci-autoroll-builder
5e0e5829e9 Update V8 DEPS.
Rolling v8/build: 2d9fa32..716ef3d

Rolling v8/buildtools: 74cfb57..cd73d21

Rolling v8/buildtools/linux64: git_revision:152c5144ceed9592c20f0c8fd55769646077569b..git_revision:ad9e442d92dcd9ee73a557428cfc336b55cbd533

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/884c81e..c979465

Rolling v8/third_party/depot_tools: e5641be..0910f78

Rolling v8/third_party/googletest/src: 3a45039..33a0d4f

Rolling v8/third_party/icu: 53f6b23..faee8bc

Rolling v8/tools/clang: 51c4acf..e7d79d1

TBR=machenbach@chromium.org,tmrts@chromium.org

Change-Id: Ib53bf18762e6e8828a6e6cf5cd57ee361bfc5ee4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1799962
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#63697}
2019-09-12 03:50:44 +00:00
Dmitry Gozman
aaf4714310 [inspector] Prepare to simpler async stepping
Add should_pause to V8StackTraceId in preparation for
async stepping simplification [1].

[1] https://chromium-review.googlesource.com/c/v8/v8/+/1783724

BUG=chromium:1000475
TBR=yangguo@chromium.org

Change-Id: I3a90d33322c83f624a3d28c18ebdfff80b2cd904
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1799453
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Commit-Queue: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63696}
2019-09-12 00:16:20 +00:00
Ng Zhi An
8d4fbc33f4 Reduce the number of ints tested
This reduces the runtime from ~20m to ~2m (very unscientific measure
based on running the entire asm-wasm-i32 test with and without this
change).

I removed most of the constants that looked uninteresting, e.g. testing
for 10, 20, 30, isn't that interesting. The edge cases are left
untouched, min/max signed positive/negative ints and +/- 1 from both.

Bug: v8:7783
Bug: v8:9396
Change-Id: Ice363fc3f786dd55ff118ffa42f9ecea07880338
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1791632
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63695}
2019-09-11 20:27:24 +00:00
Ulan Degenbaev
e9730043cf [api, heap] Add v8::Isolate::MeasureMemory API
This adds a new API function and provides a simple implementation
of performance.measureMemory() in d8. The implementation currently
immediately resolves the result promise with the current heap size.

Bug: chromium:973627

Change-Id: Ia8e1963a49b7df628b5487a2c0d601473f0cb039
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1796502
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63694}
2019-09-11 18:18:10 +00:00
Ng Zhi An
134e110211 [wasm-simd] Implement f32x4.sqrt f64x2.sqrt for x64
Implementations for other architectures will follow in subsequent
changes.

Bug: v8:8460
Change-Id: I279388ab76b1d88d65cbe179088be5573c17fc58
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1796317
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63693}
2019-09-11 17:26:32 +00:00