Commit Graph

16341 Commits

Author SHA1 Message Date
Karl Schimpf
9c43150541 Decode the exception section.
Modifies V8 to be able to parse the exception section (defining
exception types), when the experimental_wasm_eh flag is true.

Bug: v8:6577
Change-Id: I5d8b3fddaf5b0dec6b14ddd0992f9fb883e8dc90
Reviewed-on: https://chromium-review.googlesource.com/561757
Commit-Queue: Karl Schimpf <kschimpf@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46539}
2017-07-10 19:49:58 +00:00
Benedikt Meurer
1edb46cc04 [turbofan] Widen the fast-path for JSCreateArray.
This improves the general Array constructor call performance (w/o
usable AllocationSite feedback) in TurboFan by ~2x, i.e. for example
invoking the Array constructor like this

  var a = Array.call(undefined, n);

instead of

  var a = Array(n);

such that the CallIC doesn't know that it's eventually calling the
Array constructor.

It also thus changes the single argument Array constructor to always
return holey arrays. Previously the single argument case for the Array
constructor was somehow trying to dynamically detect 0 and in that case
returned a packed array instead of a holey one. That adds quite a lot
of churn, and doesn't seem to be very useful, especially since this
might lead to unnecessary feedback pollution later.

R=mvstanton@chromium.org

Bug: v8:2229, v8:5269, v8:6399
Change-Id: I3d7cb9bd975ec0e491e3cdbcf1230185cfd1e3de
Reviewed-on: https://chromium-review.googlesource.com/565721
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46538}
2017-07-10 19:16:38 +00:00
Adam Klein
be8983da7b [mjsunit] Skip regress-430201 on tsan builds due to timeouts
It's already skipped (for slowness) in debug, asan, and msan builds.

TBR=machenbach@chromium.org

Change-Id: I1d7cb38d88e621f6d14344426bc5f931b1d6ffcd
Reviewed-on: https://chromium-review.googlesource.com/565741
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46537}
2017-07-10 18:45:38 +00:00
Caitlin Potter
10b9c019ce [parser] avoid for-loop desugaring unless loop var may be captured
In https://chromium-review.googlesource.com/c/472247/, I avoided
running DesugarLexicalBindingsInForStatement() if there were no lexical
loop variables, the function was not resumable, and the variables are
not captured by eval or a function declaration.

I think it's now possible to limit this further, and only do the more
extensive desugaring if there's a function declaration / eval() call
in the loop body. `yield` and `await` are not an issue as those loop
variables are written to the register file and not lost.

This change just removes the `is_resumable()` condition. If it passes
tests, I think it's safe.

BUG=v8:4762, v8:5460, v8:6579

Change-Id: I92d0308ad9401c1338411bc9ae9021f978803d3a
Reviewed-on: https://chromium-review.googlesource.com/563587
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46536}
2017-07-10 18:06:18 +00:00
Benedikt Meurer
b707c602f0 Revert "[base] Make USE a variadic template"
This reverts commit 39e335c7cc.

Reason for revert: Breaks debug builds on Linux, especially mksnapshot fails now, i.e.:

FAILED: mksnapshot
python "../../build/toolchain/gcc_link_wrapper.py" --output="./mksnapshot" -- ../../third_party/llvm-build/Release+Asserts/bin/clang++ -pie -Wl,--fatal-warnings -fPIC -Wl,-z,noexecstack -Wl,-z,now -Wl,-z,relro -Wl,-z,defs -Wl,--no-as-needed -lpthread -Wl,--as-needed -fuse
-ld=gold -B../../third_party/binutils/Linux_x64/Release/bin -Wl,--threads -Wl,--thread-count=4 -Wl,--icf=all -m64 -Werror -Wl,--gdb-index --sysroot=../../build/linux/debian_jessie_amd64-sysroot -L../../build/linux/debian_jessie_amd64-sysroot/lib/x86_64-linux-gnu -Wl,-rpat
h-link=../../build/linux/debian_jessie_amd64-sysroot/lib/x86_64-linux-gnu -L../../build/linux/debian_jessie_amd64-sysroot/usr/lib/x86_64-linux-gnu -Wl,-rpath-link=../../build/linux/debian_jessie_amd64-sysroot/usr/lib/x86_64-linux-gnu -Wl,-rpath-link=. -Wl,--disable-new-dt
ags -rdynamic -nodefaultlibs -o "./mksnapshot" -Wl,--start-group @"./mksnapshot.rsp"  -Wl,--end-group   -ldl -lpthread -lrt -lc -lm -lgcc_s
../../src/elements.cc:3362: error: undefined reference to 'v8::internal::(anonymous namespace)::ElementsKindTraits<(v8::internal::ElementsKind)7>::Kind'
../../src/elements.cc:3362: error: undefined reference to 'v8::internal::(anonymous namespace)::ElementsKindTraits<(v8::internal::ElementsKind)8>::Kind'
../../src/elements.cc:3953: error: undefined reference to 'v8::internal::(anonymous namespace)::ElementsKindTraits<(v8::internal::ElementsKind)9>::Kind'
../../src/profiler/heap-snapshot-generator.cc:187: error: undefined reference to 'v8::internal::(anonymous namespace)::SnapshotSizeConstants<4ul>::kExpectedHeapGraphEdgeSize'
../../src/elements.cc:3953: error: undefined reference to 'v8::internal::(anonymous namespace)::ElementsKindTraits<(v8::internal::ElementsKind)10>::Kind'
../../src/profiler/heap-snapshot-generator.cc:198: error: undefined reference to 'v8::internal::(anonymous namespace)::SnapshotSizeConstants<4ul>::kExpectedHeapEntrySize'
../../src/profiler/heap-snapshot-generator.cc:199: error: undefined reference to 'v8::internal::(anonymous namespace)::SnapshotSizeConstants<8ul>::kExpectedHeapGraphEdgeSize'
../../src/profiler/heap-snapshot-generator.cc:200: error: undefined reference to 'v8::internal::(anonymous namespace)::SnapshotSizeConstants<8ul>::kExpectedHeapEntrySize'
clang: error: linker command failed with exit code 1 (use -v to see invocation)
ninja: build stopped: subcommand failed.

Original change's description:
> [base] Make USE a variadic template
> 
> This will allow for passing more than one variable. This is
> particularly interesting for calling a method on each type in a
> parameter pack, as in:
> 
> template<typename... T>
> void foo(T&&... ts) {
>   USE(do_something(ts)...);
> }
> 
> Drive-by fix: Allow to pass arbitrary types to USE, including
> references. This might prevent a copy for pass-by-value.
> 
> R=​ishell@chromium.org
> 
> Change-Id: I8f894d730bbcd195ed83705f98771994b4bc906f
> Reviewed-on: https://chromium-review.googlesource.com/565561
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#46527}

TBR=clemensh@chromium.org,ishell@chromium.org

Change-Id: Ibd3f0529e7a3136c4bcac15443da3d9f8dde8510
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/565141
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46534}
2017-07-10 17:19:30 +00:00
Clemens Hammacher
39e335c7cc [base] Make USE a variadic template
This will allow for passing more than one variable. This is
particularly interesting for calling a method on each type in a
parameter pack, as in:

template<typename... T>
void foo(T&&... ts) {
  USE(do_something(ts)...);
}

Drive-by fix: Allow to pass arbitrary types to USE, including
references. This might prevent a copy for pass-by-value.

R=ishell@chromium.org

Change-Id: I8f894d730bbcd195ed83705f98771994b4bc906f
Reviewed-on: https://chromium-review.googlesource.com/565561
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46527}
2017-07-10 15:47:46 +00:00
titzer
11484e7e9b [wasm] Improve precision of slow DCHECK for WebAssembly-constructed internal objects.
BUG=chromium:740325
R=ahaas@chromium.org,mlippautz@chromium.org

Review-Url: https://codereview.chromium.org/2972353002
Cr-Commit-Position: refs/heads/master@{#46518}
2017-07-10 13:49:34 +00:00
jgruber
14e80e5c91 Add Smi::ToInt helper method
This adds a convenience method for the common Smi to int conversion
pattern.

Bug: 
Change-Id: I7d7b171c36cfec5f6d10c60f1d9c3e06e3aed0fa
Reviewed-on: https://chromium-review.googlesource.com/563205
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Andreas Rossberg <rossberg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46516}
2017-07-10 13:33:03 +00:00
Daniel Clifford
f6d1dc40c8 Support holey elements kind (not double) in TF-inlined forEach
BUG=v8:1956
LOG=N
R=bmeurer@chromium.org

Change-Id: I190002227d3321df0f68e77f3b7b0a468446c493
Reviewed-on: https://chromium-review.googlesource.com/561011
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46513}
2017-07-10 13:09:53 +00:00
Maya Lekova
f2af839b19 [builtins] Port Proxy constructor to CSA.
Rename builtins-proxy.cc to builtins-proxy-gen.cc.

Bug: v8:6557, v8:6567
Change-Id: I0e52a0c0c6c9b307c33bb18ec36079bdfd4a89ef
Reviewed-on: https://chromium-review.googlesource.com/565278
Commit-Queue: Maya Lekova <mslekova@google.com>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46511}
2017-07-10 12:15:53 +00:00
titzer
0c22df6555 [wasm] Allow full u32 range for table maximum in WebAssembly.Table constructor.
R=clemensh@chromium.org
BUG=chromium:740199

Review-Url: https://codereview.chromium.org/2977543002
Cr-Commit-Position: refs/heads/master@{#46508}
2017-07-10 11:18:45 +00:00
Ulan Degenbaev
5359d8680a [heap] Add support for multiple concurrent marking tasks.
BUG=chromium:694255

Change-Id: Ib0403a2d406428d2cd7896521abb6e95c3841c1c
Reviewed-on: https://chromium-review.googlesource.com/563364
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46505}
2017-07-10 10:16:52 +00:00
Andreas Haas
b2133cd615 [wasm] Handle invalid function index in the elements section correctly
An invalid I32V value as index could be used to get a valid
WasmFunction.

R=clemensh@chromium.org

Bug: chromium:735887
Change-Id: I5fbfa01fc3300d86a4a2ba9bcbb86fc02f231ef9
Reviewed-on: https://chromium-review.googlesource.com/561536
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46504}
2017-07-10 10:08:42 +00:00
Clemens Hammacher
5b11996a97 [wasm] Fix error output for duplicate exports
There are other things to export beside functions. Thus, also print the
export kind when printing an error for duplicate export names.

R=titzer@chromium.org

Change-Id: I7477040dda274a16cfd776d7ac8db6e50a197b97
Reviewed-on: https://chromium-review.googlesource.com/564940
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46503}
2017-07-10 09:53:32 +00:00
Igor Sheludko
fa41e3b218 [runtime] Create only one instance of %ThrowTypeError%.
... according to the spec ES#sec-%throwtypeerror%

Bug: v8:4034
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: Ia4f2d228397edf55447fe3e71402c8fc4589369a
Reviewed-on: https://chromium-review.googlesource.com/563214
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46498}
2017-07-10 08:26:02 +00:00
Benedikt Meurer
3b84cbfeb0 [builtins] Port Map and Set iterators to CodeStubAssembler.
This is the next step towards faster Map and Set iteration. It
introduces the appropriate instance types for Map and Set
iterators (following the pattern for Array iterators) and migrates
the following builtins to the CodeStubAssembler:

  - Set.prototype.entries
  - Set.prototype.values
  - Map.prototype.entries
  - Map.prototype.keys
  - Map.prototype.values
  - %SetIteratorPrototype%.next
  - %MapIteratorPrototype%.next

This already provides a significant performance boost for regular
for-of iteration of Sets and Maps, by a factor of 5-10 depending
on the input. The final step will be to inline some fast-paths
into TurboFan.

Drive-by-fix: Remove obsolete %IsJSSetIterator and %IsJSMapIterator
intrinsics and runtime functions.

TBR=jgruber@chromium.org

Bug: v8:6344, v8:6571, chromium:740122
Change-Id: I3ab0ee49e2afe8d4295707a5ecbd51adda621918
Reviewed-on: https://chromium-review.googlesource.com/563626
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46497}
2017-07-10 07:57:02 +00:00
Michael Achenbach
ed8df4dd4c Revert "(Reland) [parser] moved load property position after dot"
This reverts commit 5b44ba0e34.

Reason for revert: Layout tests:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/16841

Original change's description:
> (Reland) [parser] moved load property position after dot
> 
> Currently LdaNamedProperty bytecode for expressions like a.b has position before dot. This CL moves this location after dot.
> It's important for later removing of Nop bytecodes in expressions like a.b() where a is local variable, property call and property load should have the same position.
> 
> R=​jgruber@chromium.org
> TBR=marja@chromium.org
> 
> Bug: v8:6425
> Change-Id: I05c21ca5e018da9c432c6bc963c7a96799336d1c
> Reviewed-on: https://chromium-review.googlesource.com/562879
> Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#46484}

TBR=kozyatinskiy@chromium.org,jgruber@chromium.org

Change-Id: If9d5fa5f46ed10a407559e9cf10d2a6a54dbe163
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6425
Reviewed-on: https://chromium-review.googlesource.com/564418
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46491}
2017-07-08 11:37:12 +00:00
Ben Smith
d433911c5d Make test262 agent more strict in broadcast/report
BUG=v8:6231

Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I326ace8ee27e5347d26bae11b8061f4fe524db53
Reviewed-on: https://chromium-review.googlesource.com/562744
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46488}
2017-07-07 21:38:31 +00:00
Igor Sheludko
47dc8702fd [runtime] Don't swap function maps during bootstrapping.
... but use proper map for functions with readonly prototype from the start.

Bug: v8:6459
Change-Id: I432d4969822e7cc4c2ba83e103f550d1c4f2e234
Reviewed-on: https://chromium-review.googlesource.com/563199
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46487}
2017-07-07 18:29:01 +00:00
Alexey Kozyatinskiy
5b44ba0e34 (Reland) [parser] moved load property position after dot
Currently LdaNamedProperty bytecode for expressions like a.b has position before dot. This CL moves this location after dot.
It's important for later removing of Nop bytecodes in expressions like a.b() where a is local variable, property call and property load should have the same position.

R=jgruber@chromium.org
TBR=marja@chromium.org

Bug: v8:6425
Change-Id: I05c21ca5e018da9c432c6bc963c7a96799336d1c
Reviewed-on: https://chromium-review.googlesource.com/562879
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46484}
2017-07-07 14:57:10 +00:00
Alexey Kozyatinskiy
49ad05f68f [inspector] improved exception details for Runtime.evaluate with awaitPromise
Fetch message and stack trace from error object if Promise is rejected with native JS error.

Bug: v8:6249
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Icf84205eb9d16e860600b7cc916ddcb1922be040
Reviewed-on: https://chromium-review.googlesource.com/563096
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46483}
2017-07-07 14:23:32 +00:00
titzer
0a61361e47 [wasm] Use WeakFixedArray for list of instances sharing a WasmMemoryObject.
This CL refactors the WasmMemoryObject and WasmInstanceObject classes to
use WeakFixedArray instead of using a doubly-linked list of instances. This
simplifies the lifetime management of instances by not requiring them to
be unlinked from this list upon GC. It also simplifies the iteration over
the instances using a given WasmMemoryObject.

Note that, contrary to my naive assumption at the outset, it is still necessary for the InstanceFinalizer (called upon a WasmInstanceObject death) to unlink itself from a WasmMemoryObject's instances list, due to finalizer ordering.

R=deepti@chromium.org, mlippautz@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2972803002
Cr-Commit-Position: refs/heads/master@{#46482}
2017-07-07 13:52:21 +00:00
jgruber
b82f34e17d [coverage] Support throw/try/catch/finally
This adds support for exception control flow by adding a counter behind throw
statements (never incremented), as well as a counter for catch and finally
blocks.

Bug: v8:6000
Change-Id: I3959772c889b543ab5e186ad7cd710e55a8aec23
Reviewed-on: https://chromium-review.googlesource.com/558993
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46476}
2017-07-07 12:38:01 +00:00
titzer
17001a05c8 [wasm] Introduce instance types for WebAssembly.* objects.
This CL refactors the internal representation of JavaScript-exposed
WebAssembly objects to be more like other such objects in V8. By introducing
a new instance type for each of the JS-exposed types, we get more robust
typechecking without using embedder fields (which were previously used
when these objects where instance type JS_API_OBJECT).

In addition to the new instance types, the subclasses X of JSObject
(WasmInstanceObject, WasmMemoryObject, WasmModuleObject, WasmTableObject)
now have appropriate Is##X() methods on Object and are now robust.

BUG=v8:6547
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_rel_ng

Review-Url: https://codereview.chromium.org/2964943002
Cr-Commit-Position: refs/heads/master@{#46475}
2017-07-07 12:27:56 +00:00
Dusan Simicic
c16a39f23e MIPS[64]: Implement vector MSA instructions in simulator
Add support for and.v, or.v, nor.v, xor.v, bmnz.v, bmz.v, bsel.v MSA
instructions in mips32 and mips64 simulator.

Bug: 
Change-Id: Idf092a1c211959a096694485268fff379b612b77
Reviewed-on: https://chromium-review.googlesource.com/533075
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@imgtec.com>
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@imgtec.com>
Cr-Commit-Position: refs/heads/master@{#46474}
2017-07-07 12:10:51 +00:00
Andreas Haas
08688b3953 [arm] Pass float immediates to vmov as uint32_t
This CL changes for floats what https://chromium-review.googlesource.com/c/558964/
changed for doubles.

Original message:
On x86, signalling NaNs get converted to quiet NaNs when they get push
on the stack and popped again. This happens in the code generation for
arm, specifically for the vmov instruction with the immediate parameter.
This CL replaces the vmov function in assembler-arm to take the
immediate as a uint64_t instead of a double, to guarantee that the bit
pattern does not change even if the parameter is a signalling NaN.

New in this CL:
Although src/double.h existed already, src/float.h did not exist yet.
I created the file in this CL, and moved the classes Float32 and
Float64 there, which already existed in src/deoptimizer.h.

R=titzer@chromium.org, martyn.capewell@arm.com, v8-arm-ports@googlegroups.com

BUG=v8:6564

Change-Id: I6a3f1f154af9c8cd4bb8e7e856235d3eee5e9edd
Reviewed-on: https://chromium-review.googlesource.com/561009
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Martyn Capewell <martyn.capewell@arm.com>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46473}
2017-07-07 11:58:10 +00:00
Ross McIlroy
d425306d53 Reland: Enable StringConcat bytecode.
BUG=v8:6243
TBR=jgruber@chromium.org,leszeks@chromium.org

Change-Id: Ib830681073f4d3de4e500bf6144c0df2f9f4873f
Reviewed-on: https://chromium-review.googlesource.com/562775
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46469}
2017-07-07 10:19:39 +00:00
Ilija Pavlovic
fe37d91345 MIPS[64]: Add tests for INS and EXT instructions.
This CL contains new created tests for instructions INS and EXT.

TEST=cctest/test-assembler-mips[64]/Ins,
     cctest/test-assembler-mips[64]/Ext
BUG=

Change-Id: Ie62037ee425a5cba3700c5025608fdada144add5
Reviewed-on: https://chromium-review.googlesource.com/561319
Commit-Queue: Miran Karić <Miran.Karic@imgtec.com>
Reviewed-by: Miran Karić <Miran.Karic@imgtec.com>
Cr-Commit-Position: refs/heads/master@{#46468}
2017-07-07 08:37:57 +00:00
Georg Neis
4693278467 [mjsunit] SKIP a test that takes too long in arm64.debug simulator.
R=danno@chromium.org

Bug: 
Change-Id: Ic7017f4bbcdd23c157f8fdece7b960549d20e313
Reviewed-on: https://chromium-review.googlesource.com/561145
Reviewed-by: Daniel Clifford <danno@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46467}
2017-07-07 08:21:56 +00:00
Raphael Kubo da Costa
b9b8cc9bad Expose %ErrorPrototype% as an intrinsic in the public API.
Blink needs %ErrorPrototype% in order to properly set up the inheritance
chain from DOMException, as specified in WebIDL:
https://heycam.github.io/webidl/#es-DOMException-specialness

This patch is similar to commit 5ec1cddcd ("Expose %IteratorPrototype% as an
intrinsic in the public API"), with the difference that there was no entry
for %ErrorPrototype% in any of the mappings in contexts.h.

Bug: chromium:556950, chromium:737497
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Iadc5b2b844f29f6c9640b6a89769d233931366e9
Reviewed-on: https://chromium-review.googlesource.com/559058
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Raphael Kubo da Costa (rakuco) <raphael.kubo.da.costa@intel.com>
Cr-Commit-Position: refs/heads/master@{#46464}
2017-07-07 06:42:59 +00:00
jgruber
bfc0bc8f83 [coverage] Add binary block coverage
This adds a new binary block coverage mode (in addition to the existing count
block coverage), as well as a few transformation passes to reduce the number of
uselessly reported ranges.

Bug: v8:6000
Change-Id: I4fb234ca015990d00aa2f1dccb87f76ba4748994
Reviewed-on: https://chromium-review.googlesource.com/552642
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46463}
2017-07-07 06:27:28 +00:00
Ross McIlroy
d8d8f8b316 [TurboFan] Add constant folding for StringConcat to NativeContextSpecialization.
Adds constant folding for the StringConcat bytecode to
NativeContextSpecialization. Can reduce operator to either a fully folded
constant string, or a JSAdd or a StringConcat with a reduced number of
operators.

BUG=v8:6243, chromium:738312

Change-Id: I6b2be6a3d95230a23f3c7390a4f7be5181c49a2a
Reviewed-on: https://chromium-review.googlesource.com/559146
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46461}
2017-07-06 22:37:32 +00:00
Ross McIlroy
a8dc60b429 [Interpreter] Fix issue with StringConcat dereferencing external thin strings.
If a thin string can be dereferenced for StringConcat we still need to check
whether the dereferenced string is a sequential string itself (it could be
an external string).

BUG=v8:6243

Change-Id: I146541512525726f092580512c0b5f02d33685a7
Reviewed-on: https://chromium-review.googlesource.com/558994
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46459}
2017-07-06 20:52:14 +00:00
Sathya Gunasekaran
d8e1c4840c [parser] Improve error message for destructuring non iterable
Print the object that is being destructured and update the error 
message.

Previously,
  d8> var [a] = {}
  (d8):1: TypeError: [Symbol.iterator] is not a function

Now,
  d8> var [a] = {}
  (d8):1: TypeError: {} is not iterable

Bug: v8:6513, v8:5532
Change-Id: I5cbfe7c7e20632bce1a48bd38a1b0c98d0ff0660
Reviewed-on: https://chromium-review.googlesource.com/557370
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Caitlin Potter <caitp@igalia.com>
Cr-Commit-Position: refs/heads/master@{#46457}
2017-07-06 19:57:44 +00:00
Josh Wolfe
aeb8f33204 [api] remove --harmony-function-tostring behavior from CompileFunctionInContext
The ')'-in-parameter checking is not necessary for
CompileFunctionInContext. The arguments array is expected to be an
array of identifiers, not an array of arbitrary strings that get
concatenated.

Furthermore, there's no reason to have the .toString() representation
look like it came from CreateDynamicFunction(), and in fact inserting
line breaks makes it more complicated to map line and column numbers
correctly.

Overall, the --harmony-function-tostring behavior only makes
CompileFunctionInContext worse, so this CL removes it.

R=littledan@chromium.org, adamk@chromium.org, caitp@igalia.com
CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_trusty_blink_rel

Bug: v8:4958
Change-Id: Ifbc8a83216ca6a6979da1199972aa65f4bee36c3
Reviewed-on: https://chromium-review.googlesource.com/558220
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Commit-Queue: Josh Wolfe <jwolfe@igalia.com>
Cr-Commit-Position: refs/heads/master@{#46456}
2017-07-06 18:55:04 +00:00
Andreas Haas
28cc5dc672 Reland [wasm] Allow the initialization of a single compilation unit
Tsan figured out that I called compilation_units_.empty() outside a
lock.

Original message:
This CL adds a new function {InitializeCompilationUnit} to initialize
a single compilation unit and not just all compilation units at once.
This is necessary for streaming compilation eventually. This also
required some refactoring on how the working queue for compilation units
works. Previously the synchronization was done with an atomic counter,
now it is done with a lock. Note that the code to finish compilation
of a module still only works if the working queue gets only empty when
all work is done. I plan to change this in a different CL.

Since the code would not be tested without streaming compilation, I added
an experimental flag and a test to test the new code.

R=clemensh@chromium.org, mtrofin@chromium.org

Change-Id: Ia83560d1c70f0802271a88c514e0d1cb0458f6c4
Reviewed-on: https://chromium-review.googlesource.com/561458
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46454}
2017-07-06 17:39:47 +00:00
Andreas Haas
641705e0c0 Reland [wasm] Check the size of a function body before storing it
In the original CL I moved an error check backwards, unfortunately
behind a vector lookup which should not happen when there is an error.
Now I also move the vector lookup backwards.

Original message:
We stored the size of a function body before we check that
these values are valid. This caused a failing DCHECK in the constructor
of WireBytesRef which checked for integer overflows. With this CL we
check the size of the function body before we create the WireBytesRef.

R=clemensh@chromium.org

Bug: chromium:738097
Change-Id: Ie65b3cfcbcd6bdb3f04b0760673d9c7b7a0d1057
Reviewed-on: https://chromium-review.googlesource.com/561519
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46453}
2017-07-06 17:37:57 +00:00
jgruber
8e17c151d3 [coverage] Reduce the number of reported ranges
This CL adds a few transformations that clean up the set of reported
source ranges. Duplicates, empty, and uncovered ranges are removed, and
nested/consecutive ranges are merged if possible.

BUG=v8:6000

Change-Id: I421ee35ce8292cfe84c1eea4f653762cea5d909d
Reviewed-on: https://chromium-review.googlesource.com/558411
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46450}
2017-07-06 15:42:05 +00:00
Michael Lippautz
94b1b48b38 [heap] Introduce PromtionWorklist
Replaces the old PromotionQueue that was kept at the end of to space.

This change allows a future implementation to use 
(a) a thread-local promotion list and 
(b) enables work stealing for concurrent scenarios.

Bug: chromium:738865
Change-Id: I4c983a36e69ad4a9462eb9a59f586a85e51acbde
Reviewed-on: https://chromium-review.googlesource.com/561141
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46446}
2017-07-06 13:39:38 +00:00
Michael Achenbach
2f8bb6cdf4 Revert "[wasm] Check the size of a function body before storing it"
This reverts commit 6c8aed76ff.

Reason for revert: Breaks some debug bots:
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20-%20debug/builds/16754
https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20debug/builds/17654

Original change's description:
> [wasm] Check the size of a function body before storing it
> 
> We stored the size of a function body before we check that
> these values are valid. This caused a failing DCHECK in the constructor
> of WireBytesRef which checked for integer overflows. With this CL we
> check the size of the function body before we create the WireBytesRef.
> 
> R=​clemensh@chromium.org
> 
> Bug: chromium:738097
> Change-Id: I18f8b628c1499aae9c8e9340ea73c87f19e6f1d7
> Reviewed-on: https://chromium-review.googlesource.com/561000
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#46442}

TBR=ahaas@chromium.org,clemensh@chromium.org

Change-Id: Ifd533c0dee369c746bc97fea13275ebc09ed5eff
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:738097
Reviewed-on: https://chromium-review.googlesource.com/561517
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46445}
2017-07-06 12:52:00 +00:00
Andreas Haas
6c8aed76ff [wasm] Check the size of a function body before storing it
We stored the size of a function body before we check that
these values are valid. This caused a failing DCHECK in the constructor
of WireBytesRef which checked for integer overflows. With this CL we
check the size of the function body before we create the WireBytesRef.

R=clemensh@chromium.org

Bug: chromium:738097
Change-Id: I18f8b628c1499aae9c8e9340ea73c87f19e6f1d7
Reviewed-on: https://chromium-review.googlesource.com/561000
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46442}
2017-07-06 12:03:09 +00:00
Andreas Haas
124ff5322d [arm64] Clear the upper 32 bits after a TruncateDoubleToI
TruncateDoubleToI generated a 32-bit result but did not clear the upper
32 bits. This violated the invariant that the upper 32 bits should be
cleared when the result is 32 bits. This change fixes the bug mentioned
below. Clearing the upper 32 bits is also done on x64.

R=v8-arm-ports@googlegroups.com, titzer@chromium.org, martyn.capewell@arm.com

Bug: chromium:738952
Change-Id: I7e23e03fbed380ff08803db41fbae6382957ba08
Reviewed-on: https://chromium-review.googlesource.com/559671
Reviewed-by: Martyn Capewell <martyn.capewell@arm.com>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46440}
2017-07-06 11:29:18 +00:00
Camillo Bruni
78c74e68f7 [runtime] Fix Array.prototype.sort for large entries
Bug: chromium:737645
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: Ib02b3082cec82dfbbc48b21609dde7499e87042e
Reviewed-on: https://chromium-review.googlesource.com/558868
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46438}
2017-07-06 10:45:52 +00:00
Georg Neis
9b3174b295 Don't dereference handles in (macro-)assembler functions used by TF.
Remove all IsHeapObject/IsSmi checks from assembler and also from
the macro-assembler functions that Turbofan code generation uses.

Note for porters: In case it's unclear which macro-assembler
functions need to be modified, it may be best to wait until I
split MacroAssembler in a followup-CL, which will make that clear.

Bug: v8:6048
Change-Id: Ife0735cc6f48713c9ec493faf2dac5e553d1c06b
Reviewed-on: https://chromium-review.googlesource.com/561015
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46436}
2017-07-06 10:33:18 +00:00
Juliana Franco
6cbeead055 Remove broken/unsafe FLAG_deopt_every_n_garbage_collections flag.
Also nuke the disabled test that still uses --deopt-every-n-garbage-collections.

Bug: v8:3389
Change-Id: I254f544b73271e768e7619e578535aaf7cef0530
Reviewed-on: https://chromium-review.googlesource.com/561005
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Juliana Patricia Vicente Franco <jupvfranco@google.com>
Cr-Commit-Position: refs/heads/master@{#46431}
2017-07-06 08:48:31 +00:00
Igor Sheludko
6cb999b97b [ic] Properly handle loads from global interceptor via prototype chain.
... when receiver is in dictionary mode.

Bug: v8:6490
Change-Id: Ic5a8d214adcc4efd4cb163cbc6b351c4e6b596af
Reviewed-on: https://chromium-review.googlesource.com/559548
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46428}
2017-07-06 08:09:12 +00:00
Pierre Langlois
8e84b715b2 [arm] Introduce UseScratchRegisterScope
Introduce a stripped down version of UseScratchRegisterScope for ARM and use it
inside the assembler and macro-assembler. At the exception of the Call
instructions, we now use this scope instead of using the ip register
directly. This is inspired from how the ARM64 backend works.

In general, the benefit of doing this is we can catch cases where ip is being
used both by the caller and by the assembler. But more specifically, TurboFan
reserves r9 as an extra scratch register because ip can already be used by the
assembler. With this utility, we can isolate the cases in the code generator
which need an extra register and potentially fix them, allowing us to give r9
back to the register allocator.

This patch uncovered places in the assembler where we were using ip
unconditionally when we could have re-used the destination register instead.

Bug: v8:6553
Change-Id: Ib7134e3ed64dd1f90baf209ae831ed8f644cac78
Reviewed-on: https://chromium-review.googlesource.com/544956
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46425}
2017-07-06 07:55:12 +00:00
Andreas Haas
00f4b33a65 [arm][turbofan] Pass double immediate to vmov as uint64_t
On x86, signalling NaNs get converted to quiet NaNs when they get push
on the stack and popped again. This happens in the code generation for
arm, specifically for the vmov instruction with the immediate parameter.
This CL replaces the vmov function in assembler-arm to take the
immediate as a uint64_t instead of a double, to guarantee that the bit
pattern does not change even if the parameter is a signalling NaN.

BUG=v8:6564

Change-Id: I062559f9a7ba8b0f560628e5c39621ca578c3e7d
Reviewed-on: https://chromium-review.googlesource.com/558964
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/master@{#46418}
2017-07-05 14:17:38 +00:00
Mike Stanton
c633282daf [builtins] Array.map should transition output arrays.
If the input array is small, then the cost of a trip to the
runtime to transition the ElementsKind is too expensive.

Bug: 
Change-Id: Ib04f8567674a6f1f66f4c7263eba5fb4c58987aa
Reviewed-on: https://chromium-review.googlesource.com/544866
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46417}
2017-07-05 14:08:08 +00:00
Maya Lekova
02ce935ad3 Implement micro-benchmark for Proxies constructor
Bug: 
Change-Id: I95285260b0848c4c876498bfef0b13ffbe6855ad
Reviewed-on: https://chromium-review.googlesource.com/558297
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Maya Lekova <mslekova@google.com>
Cr-Commit-Position: refs/heads/master@{#46415}
2017-07-05 13:36:10 +00:00