Commit Graph

45466 Commits

Author SHA1 Message Date
Georg Neis
9c4c717b5d Fix bug in async generators.
Async generators didn't correctly handle the situation where one calls
.return on a suspended-at-start async generator and passes a
promise-like object whose awaiting causes a new request to the
generator.

Bug: chromium:805729
Change-Id: I4da13ab5bd97f8c2a2c5373242a2d5e2ab0f7f10
Reviewed-on: https://chromium-review.googlesource.com/891231
Reviewed-by: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50974}
2018-01-31 07:43:28 +00:00
Yang Guo
85a13975ab [api] advance deprecation for ScriptCompiler::CompileFunctionInContext.
R=adamk@chromium.org

Bug: v8:7275
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Iada634ab275a1a348d14400b3138ac9e5cc08de7
Reviewed-on: https://chromium-review.googlesource.com/892441
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50973}
2018-01-31 06:53:58 +00:00
Malcolm White
1f2442abab Fixes UAF for SAB with failed d8 serialization
Bug=chromium:806582

Change-Id: I0d541903dfd1622ae6d4a2628c41dc28704680e6
Reviewed-on: https://chromium-review.googlesource.com/891626
Reviewed-by: Ben Smith <binji@chromium.org>
Commit-Queue: Malcolm White <malcolmwhite@google.com>
Cr-Commit-Position: refs/heads/master@{#50972}
2018-01-30 23:12:20 +00:00
Junliang Yan
2de48de771 PPC/s390: [ignition] Fix wide suspends to also return
Port 830e39abae

Original Commit Message:

    Wide suspends have a "wide" (or "extra-wide") bytecode at their offset,
    rather than the suspend itself, so they were failing the return check.

R=leszeks@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: I0c95b9fd34df7232ae07fd1e508f40cd139e9734
Reviewed-on: https://chromium-review.googlesource.com/894303
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#50971}
2018-01-30 22:10:30 +00:00
Michael Achenbach
ba30988cbc Revert "[test] Random seed processor"
This reverts commit 0db74d4974.

Reason for revert: https://chromium-swarm.appspot.com/task?id=3b609f9976bac610&refresh=10&show_raw=1

Original change's description:
> [test] Random seed processor
> 
> 1. --total-timeout-sec now available for ./run-tests.py. It can be
> useful with infinite seed stressing
> 2. random seed dropped from the context. Now JSON progress indicator
> gets it from the list of command args.
> 
> Bug: v8:6917
> Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
> Change-Id: I73e535bc8face9b913c696b8d5e3a246fa231004
> Reviewed-on: https://chromium-review.googlesource.com/888524
> Commit-Queue: Michał Majewski <majeski@google.com>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50964}

TBR=machenbach@chromium.org,sergiyb@chromium.org,majeski@google.com

Change-Id: I2d96ea328cda2d09b01ff455e47c77d567fafe00
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6917
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/894522
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50970}
2018-01-30 22:05:03 +00:00
Junliang Yan
be31782314 PPC/s390: [wasm] Implement wasm sign extension opcodes
Port 1abeb5a3b1

Original Commit Message:

     - Shift opcode numbers for asmjs-compat opcodes
     - Add --experimental-wasm-se flag to gate sign extension opccodes
     - Fix codegen for ia32 movsx instructions

R=gdeepti@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: I3af97112b40d159f9ffc4f465768fc7832485f20
Reviewed-on: https://chromium-review.googlesource.com/893703
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#50969}
2018-01-30 21:03:11 +00:00
Camillo Bruni
718883a9c6 [api] Clean up FunctionCallbackArguments::Call
- Match PropertyCallbackArguments methods

Change-Id: I063a368b186bcca499c8a4a217114227516127e5
Reviewed-on: https://chromium-review.googlesource.com/836891
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50968}
2018-01-30 20:37:06 +00:00
Gabriel Charette
de49b57404 Reland "Smoother distribution of worker assignment in parallel task array."
This is a reland of 76195d9e08.

It was reverted because the new parallel tasks (with higher number
of workers) hang on client.v8.ports bots. Since each test task steals
the worker thread it's assigned but only processes one item before
waiting for completion by others: I think the problem is that there
aren't enough workers in client.v8.ports' config. There aren't any
try bots for this config... reduce the tests to use 4 tasks and
hope for the best (i.e. a 4 core machine that uses "num cores")...

Original change's description:
> Smoother distribution of worker assignment in parallel task array.
>
> This is a merge of https://chromium-review.googlesource.com/c/v8/v8/+/888704
> and https://chromium-review.googlesource.com/c/v8/v8/+/887084
>
> Which implements the fix in CL 887084 correctly in a world where
> there can be more tasks_ than items_ (crbug.com/806237).
>
> Bug: chromium:805932
> Change-Id: I05401be4fdce442644a8973281a9d88bd959b271
> Reviewed-on: https://chromium-review.googlesource.com/892883
> Commit-Queue: Gabriel Charette <gab@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50956}

Reverted-on: https://chromium-review.googlesource.com/893462

Bug: chromium:805932
Change-Id: I4d0bda3b9f52e9160e613a8f34a95e48b814bb9e
Reviewed-on: https://chromium-review.googlesource.com/893362
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Gabriel Charette <gab@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50967}
2018-01-30 20:03:53 +00:00
Pierre Langlois
16f2bcdb09 [turbofan] Refactor AssembleMove and AssembleSwap
The way the code generator's AssembleMove and AssembleSwap methods are written
makes it easy to forget which sort of move is being implemented when looking at
a sequence of instructions. This patch is an attempt to address this by
rewriting those methods using switch/case instead of a string of if/else.

To do this, introduce new utility functions to detect what type of move to
perform given a pair of InstructionOperands.

Bug: 
Change-Id: I32b146c86409e595b7b59a66bf43220899024fdd
Reviewed-on: https://chromium-review.googlesource.com/749201
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50966}
2018-01-30 18:46:14 +00:00
Gabriel Charette
396e7bc801 Revert "Smoother distribution of worker assignment in parallel task array."
This reverts commit 76195d9e08.

Reason for revert: New parallel tests timeout on the waterfall (I think because it's configured to use less worker threads and TaskProcessingOneItem is currently designed to steal a worker but only process one item...).

Original change's description:
> Smoother distribution of worker assignment in parallel task array.
> 
> This is a merge of https://chromium-review.googlesource.com/c/v8/v8/+/888704
> and https://chromium-review.googlesource.com/c/v8/v8/+/887084
> 
> Which implements the fix in CL 887084 correctly in a world where
> there can be more tasks_ than items_ (crbug.com/806237).
> 
> Bug: chromium:805932
> Change-Id: I05401be4fdce442644a8973281a9d88bd959b271
> Reviewed-on: https://chromium-review.googlesource.com/892883
> Commit-Queue: Gabriel Charette <gab@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50956}

TBR=gab@chromium.org,hpayer@chromium.org,mlippautz@chromium.org

Change-Id: Icf52eb3afeb9467557c1e0db6922d590466943f0
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:805932
Reviewed-on: https://chromium-review.googlesource.com/893462
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Gabriel Charette <gab@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50965}
2018-01-30 16:33:36 +00:00
Michal Majewski
0db74d4974 [test] Random seed processor
1. --total-timeout-sec now available for ./run-tests.py. It can be
useful with infinite seed stressing
2. random seed dropped from the context. Now JSON progress indicator
gets it from the list of command args.

Bug: v8:6917
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I73e535bc8face9b913c696b8d5e3a246fa231004
Reviewed-on: https://chromium-review.googlesource.com/888524
Commit-Queue: Michał Majewski <majeski@google.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50964}
2018-01-30 15:50:49 +00:00
Clemens Hammacher
1f1fa410df [wasm] [fuzzer] Add globals
This adds support for set_global and get_global.

R=ahaas@chromium.org

Change-Id: I08bfa3c23080f473616970e9894cfb6e55a4f76d
Reviewed-on: https://chromium-review.googlesource.com/890744
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50963}
2018-01-30 15:14:59 +00:00
Michael Starzinger
5113f10d4d Rename {SupportsCrankshaft} to {SupportsOptimizer}.
R=jarin@chromium.org
BUG=v8:6408

Change-Id: I28ac6fa2d47ec14b06e6867b3c605c307549c474
Reviewed-on: https://chromium-review.googlesource.com/890266
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50962}
2018-01-30 13:31:06 +00:00
Clemens Hammacher
ad3033ea85 [wasm] [fuzzer] Generate if blocks
Turns out we never generated if blocks or if-else blocks so far.

R=ahaas@chromium.org

Change-Id: I942dbc614b5b489094f5b029a70c40b336d09fa4
Reviewed-on: https://chromium-review.googlesource.com/890451
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50961}
2018-01-30 13:22:19 +00:00
Yang Guo
ccfc795904 Remove outdated tools/gcov.sh.
R=machenbach@chromium.org

Bug: v8:7335
Change-Id: I4115012e152ff8f40e946d59378d388fc8939143
Reviewed-on: https://chromium-review.googlesource.com/893179
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50960}
2018-01-30 13:07:49 +00:00
jgruber
d6f0905fef [snapshot] Add helper to deserialize all builtins
Some tests need to ensure all builtins are deserialized. This adds a
helper to make that easier.

Drive-by-refactoring: Centralize lazy-deserialization tracing.

TBR=rmcilroy@chromium.org

Bug: v8:6624
Change-Id: I1f7caa6c539b12aabcba5b7b28c50ad40355848b
Reviewed-on: https://chromium-review.googlesource.com/891822
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50959}
2018-01-30 13:04:39 +00:00
Camillo Bruni
36d3ec46d8 [runtime] Harden some Map setters
Convert certain DCHECKS into CHECKS for some Map setters. This should have
minimal performance impact at the same time getting us better coverage out
there in the wild.

Change-Id: I9a12f43e1baca15d9bf8b1aed86bb6b0dc13921d
Reviewed-on: https://chromium-review.googlesource.com/866931
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50958}
2018-01-30 12:54:17 +00:00
Michael Starzinger
a5bbea19dc [wasm] Remove dead declarations from {WasmJs} API.
R=clemensh@chromium.org

Change-Id: Ifcd5d58bd27754d5ba7d05b302dc6089af5e3a53
Reviewed-on: https://chromium-review.googlesource.com/892074
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50957}
2018-01-30 12:01:47 +00:00
Gabriel Charette
76195d9e08 Smoother distribution of worker assignment in parallel task array.
This is a merge of https://chromium-review.googlesource.com/c/v8/v8/+/888704
and https://chromium-review.googlesource.com/c/v8/v8/+/887084

Which implements the fix in CL 887084 correctly in a world where
there can be more tasks_ than items_ (crbug.com/806237).

Bug: chromium:805932
Change-Id: I05401be4fdce442644a8973281a9d88bd959b271
Reviewed-on: https://chromium-review.googlesource.com/892883
Commit-Queue: Gabriel Charette <gab@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50956}
2018-01-30 11:58:24 +00:00
Michael Achenbach
f6ed964d18 [test] Reduce timeout with interrupt-budget fuzzer
TBR=sergiyb@chromium.org
NOTRY=true

Bug: v8:6917
Change-Id: I4903ffc49b5ed475706c0dc604a92b90f6b5d2a0
Reviewed-on: https://chromium-review.googlesource.com/892866
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50955}
2018-01-30 11:52:29 +00:00
sreten.kovacevic
79e52f8e4c [GN][MIPS] Add ldso_path and gcc_target_rpath config on MIPS
Use config with these options when target is MIPS

Change-Id: Ia93504f90aa42daef37f1cf1025cef9e9a584034
Reviewed-on: https://chromium-review.googlesource.com/890741
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Miran Karić <miran.karic@mips.com>
Cr-Commit-Position: refs/heads/master@{#50954}
2018-01-30 11:51:24 +00:00
Clemens Hammacher
6c497ee02b [wasm] Fix --dump-wasm-module
The generated file only contained the last section of the module, since
the decoder's range is reset in DecodeSection.
This CL fixes this by remembering the original module bytes and dumping
them instead.

R=ahaas@chromium.org

Change-Id: I5e0f97279886817d58caac6114994bb9c1a147fc
Reviewed-on: https://chromium-review.googlesource.com/892980
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50953}
2018-01-30 11:43:14 +00:00
Choongwoo Han
03da2d8ce9 [typedarray] Reimplement TA.p.slice in CSA
- Port TypedArray.prototype.slice to CSA
- Implement TypedArraySpeciesCreateByLength as a CSA
- Fix spec bugs: Throw if a source typed array is neutered
 after creating a result typed array

Bug: v8:5929
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Ia7ce2239d37db6db172c00aa120ef51c31a14bac
Reviewed-on: https://chromium-review.googlesource.com/830991
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50952}
2018-01-30 11:26:22 +00:00
Michael Starzinger
5cc8a2c50b [wasm] Move ScheduledErrorThrower into wasm-js.cc file.
R=clemensh@chromium.org

Change-Id: I9f4fcddca2e478d5074d68870d0293aacdeb4aa1
Reviewed-on: https://chromium-review.googlesource.com/813920
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50951}
2018-01-30 10:57:36 +00:00
Clemens Hammacher
3e43bbb544 [wasm] [fuzzer] Also generate br_if
The wasm compile fuzzer generated {br} instructions, but no {br_if} so
far. This CL adds that.

R=ahaas@chromium.org

Change-Id: Ib5e47a26d96e88498104e0d57b9a49b74b7356eb
Reviewed-on: https://chromium-review.googlesource.com/890450
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50950}
2018-01-30 10:32:46 +00:00
jgruber
0c1d27805a [builtins] Add isolate-independence cctest
The test inspects each builtin's RelocInfo. It's isolate-independent, iff there
are no entries for embedded objects, runtime calls, external references (which
could point to addresses on the isolate), or code targets.

Bug: v8:6666
Change-Id: Ie32353db445a9e81e1c9a0a8f1b5ffe1566a0404
Reviewed-on: https://chromium-review.googlesource.com/888639
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50949}
2018-01-30 09:22:35 +00:00
Yang Guo
4f67f022fb Move msvs_dependencies.isolate out of gypfiles.
R=machenbach@chromium.org

Bug: v8:7335
Change-Id: Ib80df7aa269a8e9de7ad739f29883f61f0f0882c
Reviewed-on: https://chromium-review.googlesource.com/892978
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50948}
2018-01-30 09:12:14 +00:00
Michael Achenbach
2fe30bb753 [test] Allow timeouts for benchmarks with gc fuzzer
TBR=sergiyb@chromium.org

Bug: v8:6917
Change-Id: I592f745385fe0aedf2d9fb6f88e51b85663c6865
Reviewed-on: https://chromium-review.googlesource.com/891821
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50947}
2018-01-30 09:04:51 +00:00
Yang Guo
ac0fb70f3a [gyp] remove test targets.
R=machenbach@chromium.org

Bug: v8:7335
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I70d639324f6de4dd11871f67953943e80c238a12
Reviewed-on: https://chromium-review.googlesource.com/890181
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50946}
2018-01-30 08:54:11 +00:00
Yang Guo
3ab1b799e4 Use Chromium's landmine script.
R=machenbach@chromium.org

Bug: v8:7335
Change-Id: I8a97d67be6888014d015ec3f0ec486a3c3d9861a
Reviewed-on: https://chromium-review.googlesource.com/889756
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50945}
2018-01-30 06:56:10 +00:00
Yang Guo
b1d09bf6c5 [gyp] move build targets for tests to gypfiles.
Bug: v8:7335
Change-Id: I6610bba00ff558de5826934c326fc2873c91a1a3
Reviewed-on: https://chromium-review.googlesource.com/890742
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50944}
2018-01-30 06:31:00 +00:00
Philip Jägenstedt
ff05633408 [api] Don't mark as constructible if instance_call_handler is used
This only affects document.all, which is the only user of
|ObjectTemplate::SetCallAsFunctionHandler|, and will mean that
new document.all() will throw TypeError. There are tests for this:
//src/third_party/WebKit/LayoutTests/external/wpt/html/infrastructure/common-dom-interfaces/collections/htmlallcollection.html

(cherry picked from commit 7233447e4ac4587c81e91077857f8a30c4a6d2df)

Change-Id: Ibb39b3c61b688591c781158cf4abc0c2d74c908e
Reviewed-on: https://chromium-review.googlesource.com/882642
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Philip Jägenstedt <foolip@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/890496
Cr-Commit-Position: refs/heads/master@{#50943}
2018-01-30 05:22:33 +00:00
Sigurd Schneider
6d36bae42c [js-perf-tests] Improve string benchmarks
Add inbounds benchmark for String.p.charCodeAt
and add in and out of bounds benchmarks for
String.p.codePointAt.

Bug: v8:7092, v8:7326, chromium:806758
Change-Id: I48065627bd79d8fb24e55b2f6dce590e7adbbd6e
Reviewed-on: https://chromium-review.googlesource.com/891858
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50942}
2018-01-30 05:10:53 +00:00
v8-autoroll
fb08052cad Update V8 DEPS.
Rolling v8/build: 8bf670e..f8323d8

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/82f653f..69f2184

Rolling v8/tools/clang: 1243a6d..a312f49

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: Ic07d910e6fee31c8bff82b47662edd2bd0907a58
Reviewed-on: https://chromium-review.googlesource.com/892618
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50941}
2018-01-30 04:57:32 +00:00
Kanghua Yu
a56d9349a1 [ia32][wasm] Add I8x16 ShiftOp and MulOp.
I8x16Shl/I8x16ShrS/I8x16ShrU,I8x16Mul

R=bbudge@chromium.org, bmeurer@chromium.org

Bug: 
Change-Id: I97d7f077c26fe6f8be6464582f20d4e3c8fd4667
Reviewed-on: https://chromium-review.googlesource.com/853772
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50940}
2018-01-30 04:06:35 +00:00
Jungshik Shin
f5933218d7 Block ICU data override with loading from file
This is a v8-port of
https://chromium-review.googlesource.com/c/chromium/src/+/890176 .

By default, ICU tries to load data items (e.g. brkitr/char.brk)
from individual files before trying the common data. Because
all the ICU data Chrome needs is included in the common ICU data file
that is memory mapped in InitializeICU(), trying to load from the
disk just wastes cycles because there's no file with separate ICU data
items.

Bug: chromium:805694
Test: Intl tests
Change-Id: Ia7e77d658b56d98027336acd2c91fd5f7b2cea3e
Reviewed-on: https://chromium-review.googlesource.com/890343
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Jungshik Shin <jshin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50939}
2018-01-29 21:58:39 +00:00
Adam Klein
480aed5595 [api] Advance deprecation of v8::Script APIs
This is a reland of 7dbfec50e3, now that
pdfium has been updated to avoid libfuzzer build failures. I've tested
this change locally in pdfium xfa and non-xfa builds.

The calls in chromium were removed in https://crrev.com/c/865160,
while pdfium was updated in https://pdfium-review.googlesource.com/c/pdfium/+/23270.

Bug: v8:7269, v8:7273, v8:7274
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I2d49033fcb305eeba87cca1e27840f278220d15e
Reviewed-on: https://chromium-review.googlesource.com/890051
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50938}
2018-01-29 21:36:08 +00:00
Michael Achenbach
3f63438bc3 [test] Treat timeout as pass with interrupt budget fuzzer
TBR=sergiyb@chromium.org

Bug: v8:6917
Change-Id: I6d526410520fe7b2cfeff536ed260b37dbb2b8b6
Reviewed-on: https://chromium-review.googlesource.com/891819
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50937}
2018-01-29 21:26:29 +00:00
Junliang Yan
7dccb7988f Fix GCC 5.4 error on ubuntu 16.04
The stock GCC on Ubuntu 16.04 complains these constants
are unused (possibly gcc issue). This CL changes these
to constexpr to workaround gcc errors.

R=clemensh@chromium.org, joransiu@ca.ibm.com

Change-Id: I8c1772e91744bc46ace6bee576b90d40c0cdf41f
Reviewed-on: https://chromium-review.googlesource.com/881554
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#50936}
2018-01-29 20:33:41 +00:00
Sathya Gunasekaran
2c5de06c56 [class] Implement private fields runtime semantics
Things that don't work yet:
(a) pre parsed scope data is broken
(b) private fields can be accessed outside classes
(c) no early or runtime error for accessing unknown fields

Things that do work:
everything else

Change-Id: I3d58be44e2be73ec50defb42403112a8a5e68c54
Bug: v8:5368
Reviewed-on: https://chromium-review.googlesource.com/865497
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50935}
2018-01-29 19:34:02 +00:00
Benedikt Meurer
c8da060b37 [builtins] Refactor the Microtask pumping to CSA-only.
This adjusts the RunMicrotask logic to invoke CallHandlerInfo microtasks
from CSA land directly (via a runtime function call), instead of bailing
out to C++ for the rest of the microtask queue entries. Even in simple
micro-benchmarks there doesn't seem to be a huge performance difference.
In fact performance get's better when CallHandlerInfo and promises are
mixed, which makes sense, since calling from C++ to JS land is more
expensive than the other way around.

But just in case the runtime function call overhead ever becomes the
bottleneck we can introduce a direct C++ call and setup a handle scope
around it, much like a very simple version of CallApiFunctionStub.

This greatly simplifies the microtask handling and paves the way for
refactoring the queue to significant reduce the GC overhead associated
with promises currently.

Bug: v8:7253
Change-Id: I33adb62a6bada138674d324f36d4be894e27f3c9
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/890441
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50934}
2018-01-29 19:04:11 +00:00
Benedikt Meurer
9a6c54fc38 [builtins] Use @@species protector for the PromiseResolve fast-path.
The @@species protector guards the following (in case of Promises):

  - The initial Promise.prototype has the initial "constructor"
    pointing to the Promise constructor.
  - No JSPromise instance has a "constructor" property.

So this is sufficient to guard the fast-path in PromiseResolve, given
that we check whether the value is actually a JSPromise and that the
[[Prototype]] of value is the (initial) Promise.prototype.

Also refactor the code a bit and avoid the BranchIfSameValue, which
blows up the builtin quite a lot, since we already know that constructor
must be a valid JSReceiver and thus we can simply use WordEqual to
compare value's "constructor" to the constructor.

Bug: v8:7253
Change-Id: I6413882241c9648c95bb2299100a6c3a7c803110
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/890438
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50933}
2018-01-29 18:22:12 +00:00
Ali Ijaz Sheikh
70c0237578 [heap] do not perform a step while a space is partially mutated
We were starting an allocation step during NewSpace::AddFreshPage. At
this point, we had advanced the page, but not updated allocation_info_.
This ultimately led to assertions as Space::Size was not expecting
to be called when to_space_.page_{high,low} are inconsistent with
allocation_info_.top().

The solution here is to avoid starting the step in the middle of the
space state mutation. We account for memory allocated so far before the
mutation is started, and then start a new step after the mutation has
been completed.

Bug: chromium:806179
Change-Id: I17ee896d80c4ec752baa2b17c3fd2bef7ea2ca33
Reviewed-on: https://chromium-review.googlesource.com/889981
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
Cr-Commit-Position: refs/heads/master@{#50932}
2018-01-29 17:42:46 +00:00
Clemens Hammacher
74915b7306 [simulator] Make SimulatorBase::VariadicCall protected
Even though most compilers accept the method to be private, gcc 4.8
complains about this (which seems to be correct). Thus we make this
method protected.

R=franzih@chromium.org

Change-Id: Ia49b2ddebe1ced7529d4943107a76a909c355b73
Reviewed-on: https://chromium-review.googlesource.com/890449
Reviewed-by: Franziska Hinkelmann <franzih@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50931}
2018-01-29 17:41:41 +00:00
Michael Achenbach
9c3d7d63b3 [build] Add configs for new nosnap bots
TBR=sergiyb@chromium.org
NOTRY=true

Bug: v8:7012
Change-Id: I9d2a8b4b01f7f682490e9f784c05df4c9eeb8557
Reviewed-on: https://chromium-review.googlesource.com/891324
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50930}
2018-01-29 16:34:40 +00:00
Michael Achenbach
dc210a95d3 [test] Add interrupt-budget fuzzer
This adds back an option for interrupt budget available in no-snap
builds. This also adds a fuzzer configuration for numfuzz that enables
fuzzing the interrupt budget option. A new flag --disable-analysis
allows to generally skip the fuzzer's analysis phase, which can be
chosen for interrupt budget, which doesn't support an analysis phase.

Bug: v8:6917
Change-Id: I546dd9ee41c3e0fb027108ef4606a34514f230d4
Reviewed-on: https://chromium-review.googlesource.com/885805
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50929}
2018-01-29 16:31:40 +00:00
Gabriel Charette
2407b2bd1b Revert "v8::ItemParallelJob : Do not launch more Tasks than there are Items to process."
This reverts commit 8a27c7d396.

Reason for revert: 

Having more tasks then work items is intentional in some use cases, i.e. Scavenging where RunInParallel() does parallel processing on a dynamic workload *after* the initial set of work items:

    {
      barrier_->Start();
      TimedScope scope(&scavenging_time);
      PageScavengingItem* item = nullptr;
      while ((item = GetItem<PageScavengingItem>()) != nullptr) {
        item->Process(scavenger_);
        item->MarkFinished();
      }
      do {
        scavenger_->Process(barrier_);
      } while (!barrier_->Wait());
      scavenger_->Process();
    }

Original change's description:
> v8::ItemParallelJob : Do not launch more Tasks than there are Items to process.
> 
> Except when there are 0 items. For some reason I don't quite understand yet, not
> calling Run() on tasks_[0] when there are 0 items results in DCHECKs...
> 
> Bug: chromium:806237
> Change-Id: I38c8fffde64a42f93f4efda492832651137eebd7
> Reviewed-on: https://chromium-review.googlesource.com/888704
> Commit-Queue: Gabriel Charette <gab@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50924}

TBR=gab@chromium.org,mlippautz@chromium.org

Change-Id: Iad2ab16bb41f339de8e3fbca1c08c5d26b8a0111
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:806237
Reviewed-on: https://chromium-review.googlesource.com/891186
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Gabriel Charette <gab@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50928}
2018-01-29 16:03:46 +00:00
Michael Achenbach
dfd224c4ea [CQ] Stop blocking on gyp bot running tests
This is the first step for retiring swarming tests with gyp.

TBR=sergiyb@chromium.org
NOTRY=true

Bug: v8:7335
Change-Id: I98145843b91d47a77e06173c2a421fcc0d4e5586
Reviewed-on: https://chromium-review.googlesource.com/891230
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50927}
2018-01-29 14:26:45 +00:00
Michael Starzinger
b47427740d [arm][arm64] Implement {kSpeculationFence} operator.
R=tebbi@chromium.org

Change-Id: Iae9a3774eb7913388350ce3cd0a96d6a6cca25e8
Reviewed-on: https://chromium-review.googlesource.com/885845
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50926}
2018-01-29 13:43:53 +00:00
Ross McIlroy
c9941af275 [Intepreter] Add poisoning to bytecode operand reads.
BUG=chromium:798964

Change-Id: I63c373ef3f27a3295fc79f5c82d78b5fd89a83da
Reviewed-on: https://chromium-review.googlesource.com/888752
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50925}
2018-01-29 12:56:43 +00:00